diff --git a/apps/assets/api/mixin.py b/apps/assets/api/mixin.py index 54eb91b41..386a1f507 100644 --- a/apps/assets/api/mixin.py +++ b/apps/assets/api/mixin.py @@ -2,13 +2,11 @@ from typing import List from assets.models import Node, Asset from assets.pagination import AssetLimitOffsetPagination -from common.utils import lazyproperty, dict_get_any, is_uuid, get_object_or_none +from common.utils import lazyproperty from assets.utils import get_node, is_query_node_all_assets class SerializeToTreeNodeMixin: - permission_classes = () - def serialize_nodes(self, nodes: List[Node], with_asset_amount=False): if with_asset_amount: def _name(node: Node): diff --git a/apps/authentication/api/__init__.py b/apps/authentication/api/__init__.py index af5d8d1b4..12b83421f 100644 --- a/apps/authentication/api/__init__.py +++ b/apps/authentication/api/__init__.py @@ -1,7 +1,7 @@ # -*- coding: utf-8 -*- # -from .auth import * +from .connection_token import * from .token import * from .mfa import * from .access_key import * diff --git a/apps/authentication/api/auth.py b/apps/authentication/api/connection_token.py similarity index 100% rename from apps/authentication/api/auth.py rename to apps/authentication/api/connection_token.py diff --git a/apps/authentication/api/login_confirm.py b/apps/authentication/api/login_confirm.py index 6561962a9..527e473d8 100644 --- a/apps/authentication/api/login_confirm.py +++ b/apps/authentication/api/login_confirm.py @@ -3,10 +3,10 @@ from rest_framework.generics import UpdateAPIView from rest_framework.response import Response from rest_framework.views import APIView +from rest_framework.permissions import AllowAny from django.shortcuts import get_object_or_404 -from django.utils.translation import ugettext as _ -from common.utils import get_logger, get_object_or_none +from common.utils import get_logger from common.permissions import IsOrgAdmin from ..models import LoginConfirmSetting from ..serializers import LoginConfirmSettingSerializer @@ -32,7 +32,7 @@ class LoginConfirmSettingUpdateApi(UpdateAPIView): class TicketStatusApi(mixins.AuthMixin, APIView): - permission_classes = () + permission_classes = (AllowAny,) def get(self, request, *args, **kwargs): try: diff --git a/apps/authentication/api/sso.py b/apps/authentication/api/sso.py index a2d87e6db..04149e9a5 100644 --- a/apps/authentication/api/sso.py +++ b/apps/authentication/api/sso.py @@ -7,6 +7,7 @@ from django.http.response import HttpResponseRedirect from rest_framework.decorators import action from rest_framework.response import Response from rest_framework.request import Request +from rest_framework.permissions import AllowAny from common.utils.timezone import utcnow from common.const.http import POST, GET @@ -31,6 +32,7 @@ class SSOViewSet(AuthMixin, JmsGenericViewSet): 'login_url': SSOTokenSerializer, 'login': EmptySerializer } + permission_classes = (IsSuperUser,) @action(methods=[POST], detail=False, permission_classes=[IsSuperUser], url_path='login-url') def login_url(self, request, *args, **kwargs): @@ -54,7 +56,7 @@ class SSOViewSet(AuthMixin, JmsGenericViewSet): login_url = '%s?%s' % (reverse('api-auth:sso-login', external=True), urlencode(query)) return Response(data={'login_url': login_url}) - @action(methods=[GET], detail=False, filter_backends=[AuthKeyQueryDeclaration], permission_classes=[]) + @action(methods=[GET], detail=False, filter_backends=[AuthKeyQueryDeclaration], permission_classes=[AllowAny]) def login(self, request: Request, *args, **kwargs): """ 此接口违反了 `Restful` 的规范 diff --git a/apps/common/permissions.py b/apps/common/permissions.py index 40f665af1..43779204c 100644 --- a/apps/common/permissions.py +++ b/apps/common/permissions.py @@ -97,7 +97,7 @@ class WithBootstrapToken(permissions.BasePermission): class PermissionsMixin(UserPassesTestMixin): - permission_classes = [] + permission_classes = [permissions.IsAuthenticated] def get_permissions(self): return self.permission_classes diff --git a/apps/jumpserver/api.py b/apps/jumpserver/api.py index b74099fa3..e31a1d843 100644 --- a/apps/jumpserver/api.py +++ b/apps/jumpserver/api.py @@ -4,6 +4,7 @@ from django.utils.timesince import timesince from django.db.models import Count, Max from django.http.response import JsonResponse, HttpResponse from rest_framework.views import APIView +from rest_framework.permissions import AllowAny from collections import Counter from users.models import User @@ -307,7 +308,7 @@ class IndexApi(TotalCountMixin, DatesLoginMetricMixin, APIView): class PrometheusMetricsApi(APIView): - permission_classes = () + permission_classes = (AllowAny,) def get(self, request, *args, **kwargs): util = ComponentsPrometheusMetricsUtil() diff --git a/apps/jumpserver/settings/libs.py b/apps/jumpserver/settings/libs.py index 49b3d3b2d..639d542e7 100644 --- a/apps/jumpserver/settings/libs.py +++ b/apps/jumpserver/settings/libs.py @@ -7,7 +7,7 @@ REST_FRAMEWORK = { # Use Django's standard `django.contrib.auth` permissions, # or allow read-only access for unauthenticated users. 'DEFAULT_PERMISSION_CLASSES': ( - 'common.permissions.IsOrgAdmin', + 'common.permissions.IsSuperUser', ), 'DEFAULT_RENDERER_CLASSES': ( 'rest_framework.renderers.JSONRenderer', diff --git a/apps/jumpserver/views/other.py b/apps/jumpserver/views/other.py index 134d599a6..da8046bfc 100644 --- a/apps/jumpserver/views/other.py +++ b/apps/jumpserver/views/other.py @@ -9,6 +9,7 @@ from django.views.generic import View from django.shortcuts import redirect from django.utils.translation import ugettext_lazy as _ from rest_framework.views import APIView +from rest_framework.permissions import AllowAny from django.views.decorators.csrf import csrf_exempt from django.http import HttpResponse @@ -64,7 +65,7 @@ def redirect_old_apps_view(request, *args, **kwargs): class HealthCheckView(APIView): - permission_classes = () + permission_classes = (AllowAny,) def get(self, request): return JsonResponse({"status": 1, "time": int(time.time())})