mirror of https://github.com/jumpserver/jumpserver
fix: 保护必要文件不被删除
parent
238dc2e559
commit
921d8f6a28
|
@ -59,6 +59,8 @@ class PlaybookFileBrowserAPIView(APIView):
|
|||
rbac_perms = ()
|
||||
permission_classes = ()
|
||||
|
||||
protected_files = ['root', 'main.yml']
|
||||
|
||||
def get(self, request, **kwargs):
|
||||
playbook_id = kwargs.get('pk')
|
||||
playbook = get_object_or_404(Playbook, id=playbook_id)
|
||||
|
@ -132,6 +134,10 @@ class PlaybookFileBrowserAPIView(APIView):
|
|||
work_path = playbook.work_dir
|
||||
|
||||
file_key = request.data.get('key', '')
|
||||
|
||||
if file_key in self.protected_files:
|
||||
return Response({'msg': '{} can not be modified'.format(file_key)}, status=400)
|
||||
|
||||
if os.path.dirname(file_key) == 'root':
|
||||
file_key = os.path.basename(file_key)
|
||||
|
||||
|
@ -154,15 +160,14 @@ class PlaybookFileBrowserAPIView(APIView):
|
|||
return Response({'msg': 'ok'})
|
||||
|
||||
def delete(self, request, **kwargs):
|
||||
not_delete_allowed = ['root', 'main.yml']
|
||||
playbook_id = kwargs.get('pk')
|
||||
playbook = get_object_or_404(Playbook, id=playbook_id)
|
||||
work_path = playbook.work_dir
|
||||
file_key = request.query_params.get('key', '')
|
||||
if not file_key:
|
||||
return Response(status=400)
|
||||
if file_key in not_delete_allowed:
|
||||
return Response(status=400)
|
||||
return Response({'msg': 'key is required'}, status=400)
|
||||
if file_key in self.protected_files:
|
||||
return Response({'msg': ' {} can not be delete'.format(file_key)}, status=400)
|
||||
file_path = os.path.join(work_path, file_key)
|
||||
if os.path.isdir(file_path):
|
||||
shutil.rmtree(file_path)
|
||||
|
|
Loading…
Reference in New Issue