fix: 保护必要文件不被删除

pull/9485/head
Aaron3S 2023-02-09 15:48:42 +08:00 committed by Jiangjie.Bai
parent 238dc2e559
commit 921d8f6a28
1 changed files with 9 additions and 4 deletions

View File

@ -59,6 +59,8 @@ class PlaybookFileBrowserAPIView(APIView):
rbac_perms = ()
permission_classes = ()
protected_files = ['root', 'main.yml']
def get(self, request, **kwargs):
playbook_id = kwargs.get('pk')
playbook = get_object_or_404(Playbook, id=playbook_id)
@ -132,6 +134,10 @@ class PlaybookFileBrowserAPIView(APIView):
work_path = playbook.work_dir
file_key = request.data.get('key', '')
if file_key in self.protected_files:
return Response({'msg': '{} can not be modified'.format(file_key)}, status=400)
if os.path.dirname(file_key) == 'root':
file_key = os.path.basename(file_key)
@ -154,15 +160,14 @@ class PlaybookFileBrowserAPIView(APIView):
return Response({'msg': 'ok'})
def delete(self, request, **kwargs):
not_delete_allowed = ['root', 'main.yml']
playbook_id = kwargs.get('pk')
playbook = get_object_or_404(Playbook, id=playbook_id)
work_path = playbook.work_dir
file_key = request.query_params.get('key', '')
if not file_key:
return Response(status=400)
if file_key in not_delete_allowed:
return Response(status=400)
return Response({'msg': 'key is required'}, status=400)
if file_key in self.protected_files:
return Response({'msg': ' {} can not be delete'.format(file_key)}, status=400)
file_path = os.path.join(work_path, file_key)
if os.path.isdir(file_path):
shutil.rmtree(file_path)