From 9c75147179e25259ea0ff91ca765de6cee2c41c9 Mon Sep 17 00:00:00 2001
From: "Jiangjie.Bai" <bugatti_it@163.com>
Date: Thu, 10 Mar 2022 17:59:05 +0800
Subject: [PATCH] =?UTF-8?q?fix:=20=E4=BF=AE=E6=94=B9LDAP=E9=85=8D=E7=BD=AE?=
 =?UTF-8?q?API=E6=9D=83=E9=99=90?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 apps/settings/api/ldap.py   | 20 +++++++++++++++++---
 apps/settings/utils/ldap.py |  2 +-
 2 files changed, 18 insertions(+), 4 deletions(-)

diff --git a/apps/settings/api/ldap.py b/apps/settings/api/ldap.py
index c6adee04d..a66f0977e 100644
--- a/apps/settings/api/ldap.py
+++ b/apps/settings/api/ldap.py
@@ -8,6 +8,7 @@ from orgs.models import Organization
 from django.utils.translation import ugettext_lazy as _
 from django.conf import settings
 
+from ..models import Setting
 from ..utils import (
     LDAPServerUtil, LDAPCacheUtil, LDAPImportUtil, LDAPSyncUtil,
     LDAP_USE_CACHE_FLAGS, LDAPTestUtil
@@ -26,8 +27,9 @@ logger = get_logger(__file__)
 
 class LDAPTestingConfigAPI(APIView):
     serializer_class = LDAPTestConfigSerializer
+    perm_model = Setting
     rbac_perms = {
-        'POST': 'settings.change_setting'
+        'POST': 'settings.change_auth'
     }
 
     def post(self, request):
@@ -68,8 +70,9 @@ class LDAPTestingConfigAPI(APIView):
 
 class LDAPTestingLoginAPI(APIView):
     serializer_class = LDAPTestLoginSerializer
+    perm_model = Setting
     rbac_perms = {
-        'POST': 'settings.change_setting'
+        'POST': 'settings.change_auth'
     }
 
     def post(self, request):
@@ -85,8 +88,9 @@ class LDAPTestingLoginAPI(APIView):
 
 class LDAPUserListApi(generics.ListAPIView):
     serializer_class = LDAPUserSerializer
+    perm_model = Setting
     rbac_perms = {
-        'POST': 'settings.change_setting'
+        'list': 'settings.change_auth'
     }
 
     def get_queryset_from_cache(self):
@@ -175,6 +179,11 @@ class LDAPUserListApi(generics.ListAPIView):
 
 
 class LDAPUserImportAPI(APIView):
+    perm_model = Setting
+    rbac_perms = {
+        'POST': 'settings.change_auth'
+    }
+
     def get_org(self):
         org_id = self.request.data.get('org_id')
         if is_uuid(org_id):
@@ -213,6 +222,11 @@ class LDAPUserImportAPI(APIView):
 
 
 class LDAPCacheRefreshAPI(generics.RetrieveAPIView):
+    perm_model = Setting
+    rbac_perms = {
+        'retrieve': 'settings.change_auth'
+    }
+
     def retrieve(self, request, *args, **kwargs):
         try:
             LDAPSyncUtil().clear_cache()
diff --git a/apps/settings/utils/ldap.py b/apps/settings/utils/ldap.py
index 70f5a6323..22f4c2b19 100644
--- a/apps/settings/utils/ldap.py
+++ b/apps/settings/utils/ldap.py
@@ -379,7 +379,7 @@ class LDAPImportUtil(object):
         if org and org.is_root():
             return
         for obj in objs:
-            org.add_member.add(obj)
+            org.add_member(obj)
         logger.info('End perform import ldap users')
         return errors