github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

fix: 修改LDAP配置API权限

pull/7797/head
Jiangjie.Bai 2022-03-10 17:59:05 +08:00 committed by Jiangjie.Bai
parent 147e4cce94
commit 9c75147179
2 changed files with 18 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
apps/settings/api/ldap.py
View File

@ -8,6 +8,7 @@ from orgs.models import Organization
from django.utils.translation import ugettext_lazy as _ from django.utils.translation import ugettext_lazy as _
from django.conf import settings from django.conf import settings
from ..models import Setting
from ..utils import ( from ..utils import (
LDAPServerUtil, LDAPCacheUtil, LDAPImportUtil, LDAPSyncUtil, LDAPServerUtil, LDAPCacheUtil, LDAPImportUtil, LDAPSyncUtil,
LDAP_USE_CACHE_FLAGS, LDAPTestUtil LDAP_USE_CACHE_FLAGS, LDAPTestUtil
@ -26,8 +27,9 @@ logger = get_logger(__file__)
class LDAPTestingConfigAPI(APIView): class LDAPTestingConfigAPI(APIView):
serializer_class = LDAPTestConfigSerializer serializer_class = LDAPTestConfigSerializer
perm_model = Setting
rbac_perms = { rbac_perms = {
'POST': 'settings.change_setting' 'POST': 'settings.change_auth'
} }
def post(self, request): def post(self, request):
@ -68,8 +70,9 @@ class LDAPTestingConfigAPI(APIView):
class LDAPTestingLoginAPI(APIView): class LDAPTestingLoginAPI(APIView):
serializer_class = LDAPTestLoginSerializer serializer_class = LDAPTestLoginSerializer
perm_model = Setting
rbac_perms = { rbac_perms = {
'POST': 'settings.change_setting' 'POST': 'settings.change_auth'
} }
def post(self, request): def post(self, request):
@ -85,8 +88,9 @@ class LDAPTestingLoginAPI(APIView):
class LDAPUserListApi(generics.ListAPIView): class LDAPUserListApi(generics.ListAPIView):
serializer_class = LDAPUserSerializer serializer_class = LDAPUserSerializer
perm_model = Setting
rbac_perms = { rbac_perms = {
'POST': 'settings.change_setting' 'list': 'settings.change_auth'
} }
def get_queryset_from_cache(self): def get_queryset_from_cache(self):
@ -175,6 +179,11 @@ class LDAPUserListApi(generics.ListAPIView):
class LDAPUserImportAPI(APIView): class LDAPUserImportAPI(APIView):
perm_model = Setting
rbac_perms = {
'POST': 'settings.change_auth'
}
def get_org(self): def get_org(self):
org_id = self.request.data.get('org_id') org_id = self.request.data.get('org_id')
if is_uuid(org_id): if is_uuid(org_id):
@ -213,6 +222,11 @@ class LDAPUserImportAPI(APIView):
class LDAPCacheRefreshAPI(generics.RetrieveAPIView): class LDAPCacheRefreshAPI(generics.RetrieveAPIView):
perm_model = Setting
rbac_perms = {
'retrieve': 'settings.change_auth'
}
def retrieve(self, request, *args, **kwargs): def retrieve(self, request, *args, **kwargs):
try: try:
LDAPSyncUtil().clear_cache() LDAPSyncUtil().clear_cache()

2
apps/settings/utils/ldap.py
View File

@ -379,7 +379,7 @@ class LDAPImportUtil(object):
if org and org.is_root(): if org and org.is_root():
return return
for obj in objs: for obj in objs:
org.add_member.add(obj) org.add_member(obj)
logger.info('End perform import ldap users') logger.info('End perform import ldap users')
return errors return errors