feat: 限制超级权限

1 year ago · 82f96d6ed2
3 changed files with 17 additions and 4 deletions
--- a/apps/jumpserver/conf.py
+++ b/apps/jumpserver/conf.py
@ -578,7 +578,9 @@ class Config(dict):
        'FTP_FILE_MAX_STORE': 100,
        # API 请求次数限制
-        'MAX_LIMIT_PER_PAGE': 100
+        'MAX_LIMIT_PER_PAGE': 100,
        'LIMIT_SUPER_PRIV': False,
    }
    old_config_map = {
--- a/apps/jumpserver/settings/custom.py
+++ b/apps/jumpserver/settings/custom.py
@ -203,3 +203,4 @@ MAX_LIMIT_PER_PAGE = CONFIG.MAX_LIMIT_PER_PAGE
 # Magnus DB Port
 MAGNUS_ORACLE_PORTS = CONFIG.MAGNUS_ORACLE_PORTS
 LIMIT_SUPER_PRIV = CONFIG.LIMIT_SUPER_PRIV
--- a/apps/users/models/user.py
+++ b/apps/users/models/user.py
@ -400,10 +400,17 @@ class RoleMixin:
        data = cache.get(key)
        if data:
            return data
        console_orgs = RoleBinding.get_user_has_the_perm_orgs('rbac.view_console', self)
        audit_orgs = RoleBinding.get_user_has_the_perm_orgs('rbac.view_audit', self)
        workbench_orgs = RoleBinding.get_user_has_the_perm_orgs('rbac.view_workbench', self)
        if settings.LIMIT_SUPER_PRIV:
            audit_orgs = list(set(audit_orgs) - set(console_orgs))
        data = {
-            'console_orgs': RoleBinding.get_user_has_the_perm_orgs('rbac.view_console', self),
+            'console_orgs': console_orgs,
-            'audit_orgs': RoleBinding.get_user_has_the_perm_orgs('rbac.view_audit', self),
+            'audit_orgs': audit_orgs,
-            'workbench_orgs': RoleBinding.get_user_has_the_perm_orgs('rbac.view_workbench', self),
+            'workbench_orgs': workbench_orgs,
        }
        cache.set(key, data, 60 * 60)
        return data
@ -541,6 +548,9 @@ class RoleMixin:
    def get_all_permissions(self):
        from rbac.models import RoleBinding
        perms = RoleBinding.get_user_perms(self)
        if settings.LIMIT_SUPER_PRIV and 'view_console' in perms:
            perms = [p for p in perms if p != "view_audit"]
        return perms