perf: 资产授权支持 delete 控制

2023-05-25 18:42:54 +08:00 · 2023-05-25 18:42:54 +08:00 · 9932e7eadd
parent 73102fceb0
commit 9932e7eadd
5 changed files with 49 additions and 5 deletions
--- a/apps/acls/models/base.py
+++ b/apps/acls/models/base.py
@ -61,3 +61,28 @@ class UserAssetAccountBaseACL(BaseACL, OrgModelMixin):
    class Meta(BaseACL.Meta):
        unique_together = ('name', 'org_id')
        abstract = True
    @classmethod
    def filter_queryset(cls, user=None, asset=None, account=None, account_username=None, **kwargs):
        queryset = cls.objects.all()
        org_id = None
        if user:
            q = cls.users.get_filter_q(user)
            queryset = queryset.filter(q)
        if asset:
            org_id = asset.org_id
            q = cls.assets.get_filter_q(asset)
            queryset = queryset.filter(q)
        if account and not account_username:
            account_username = account.username
        if account_username:
            q = models.Q(accounts__contains=account_username) | \
                models.Q(accounts__contains='*') | \
                models.Q(accounts__contains='@ALL')
            queryset = queryset.filter(q)
        if org_id:
            kwargs['org_id'] = org_id
        if kwargs:
            queryset = queryset.filter(**kwargs)
        return queryset.distinct()
--- a/apps/authentication/api/connection_token.py
+++ b/apps/authentication/api/connection_token.py
@ -317,7 +317,7 @@ class ConnectionTokenViewSet(ExtraActionApiMixin, RootOrgViewMixin, JMSModelView
        if acl.is_action(acl.ActionChoices.accept):
            return
        if acl.is_action(acl.ActionChoices.reject):
-            msg = _('ACL action is reject')
+            msg = _('ACL action is reject: {}({})'.format(acl.name, acl.id))
            raise JMSException(code='acl_reject', detail=msg)
        if acl.is_action(acl.ActionChoices.review):
            if not self.request.query_params.get('create_ticket'):
--- a/apps/locale/zh/LC_MESSAGES/django.po
+++ b/apps/locale/zh/LC_MESSAGES/django.po
@ -1856,7 +1856,7 @@ msgstr "删除"
 #: audits/const.py:15 perms/const.py:13
 msgid "Upload"
-msgstr "上传文件"
+msgstr "上传"
 #: audits/const.py:16
 msgid "Rename"
@ -1868,7 +1868,7 @@ msgstr "建立软链接"
 #: audits/const.py:18 perms/const.py:14
 msgid "Download"
-msgstr "下载文件"
+msgstr "下载"
 #: audits/const.py:22 rbac/tree.py:228
 msgid "View"
--- a/apps/perms/const.py
+++ b/apps/perms/const.py
@ -14,6 +14,7 @@ class ActionChoices(BitChoices):
    download = bit(3), _("Download")
    copy = bit(4), _("Copy")
    paste = bit(5), _("Paste")
    delete = bit(6), _("Delete")
    @classmethod
    def is_tree(cls):
@ -23,13 +24,13 @@ class ActionChoices(BitChoices):
    def branches(cls):
        return (
            cls.connect,
-            (_("Transfer"), [cls.upload, cls.download]),
+            (_("Transfer"), [cls.upload, cls.download, cls.delete]),
            (_("Clipboard"), [cls.copy, cls.paste]),
        )
    @classmethod
    def transfer(cls):
-        return cls.upload | cls.download
+        return cls.upload | cls.download | cls.delete
    @classmethod
    def clipboard(cls):
--- a/apps/perms/migrations/0034_auto_20230525_1734.py
+++ b/apps/perms/migrations/0034_auto_20230525_1734.py
@ -0,0 +1,18 @@
 # Generated by Django 3.2.17 on 2023-05-25 09:34
 from django.db import migrations
 def migrate_asset_permission_delete_perm(apps, *args):
    asset_permission_cls = apps.get_model('perms', 'AssetPermission')
    asset_permission_cls.objects.filter(actions__gte=31).update(actions=63)
 class Migration(migrations.Migration):
    dependencies = [
        ('perms', '0033_auto_20221220_1956'),
    ]
    operations = [
        migrations.RunPython(migrate_asset_permission_delete_perm)
    ]