fix: 修复relation_systemuser_perm问题

apps/assets/api/asset.py

@@ -138,7 +138,9 @@ class AssetTaskCreateApi(AssetsTaskMixin, generics.CreateAPIView):
     def check_permissions(self, request):
         action = request.data.get('action')
         action_perm_require = {
+            'refresh': 'assets.refresh_assethardwareinfo',
             'push_system_user': 'assets.push_assetsystemuser',
+            'test': 'assets.test_assetconnectivity',
             'test_system_user': 'assets.test_assetconnectivity'
         }
         perm_required = action_perm_require.get(action)

apps/assets/api/system_user_relation.py

@@ -64,7 +64,7 @@ class RelationMixin:
 
 
 class BaseRelationViewSet(RelationMixin, OrgBulkModelViewSet):
-    pass
+    perm_model = models.SystemUser
 
 
 class SystemUserAssetRelationViewSet(BaseRelationViewSet):
@@ -136,4 +136,3 @@ class SystemUserUserRelationViewSet(BaseRelationViewSet):
             )
         )
         return queryset
-

apps/assets/migrations/0088_auto_20220303_1612.py

@@ -12,7 +12,7 @@ class Migration(migrations.Migration):
     operations = [
         migrations.AlterModelOptions(
             name='asset',
-            options={'ordering': ['hostname'], 'permissions': [('test_assetconnectivity', 'Can test asset connectivity'), ('push_assetsystemuser', 'Can push system user to asset'), ('match_asset', 'Can match asset')], 'verbose_name': 'Asset'},
+            options={'ordering': ['hostname'], 'permissions': [('refresh_assethardwareinfo', 'Can refresh asset hardware info'), ('test_assetconnectivity', 'Can test asset connectivity'), ('push_assetsystemuser', 'Can push system user to asset'), ('match_asset', 'Can match asset')], 'verbose_name': 'Asset'},
         ),
         migrations.AlterModelOptions(
             name='node',

apps/assets/models/asset.py

@@ -355,6 +355,7 @@ class Asset(AbsConnectivity, AbsHardwareInfo, ProtocolsMixin, NodesRelationMixin
         verbose_name = _("Asset")
         ordering = ["hostname", ]
         permissions = [
+            ('refresh_assethardwareinfo', _('Can refresh asset hardware info')),
             ('test_assetconnectivity', _('Can test asset connectivity')),
             ('push_assetsystemuser', _('Can push system user to asset')),
             ('match_asset', _('Can match asset')),

apps/rbac/permissions.py

@@ -26,6 +26,7 @@ class RBACPermission(permissions.DjangoModelPermissions):
         ('PATCH', '%(app_label)s.change_%(model_name)s'),
         ('DELETE', '%(app_label)s.delete_%(model_name)s'),
     )
+
     # rbac_perms = ((), ())
     # def get_rbac_perms():
     #     return {}
@@ -77,6 +78,17 @@ class RBACPermission(permissions.DjangoModelPermissions):
         perms = action_perms_map[action]
         return perms
 
+    def get_model_cls(self, view):
+        if hasattr(view, 'perm_model'):
+            return getattr(view, 'perm_model')
+
+        try:
+            queryset = self._queryset(view)
+            model_cls = queryset.model
+        except AssertionError:
+            model_cls = None
+        return model_cls
+
     def get_require_perms(self, request, view):
         """
         获取 request, view 需要的 perms
@@ -84,12 +96,8 @@ class RBACPermission(permissions.DjangoModelPermissions):
         :param view:
         :return:
         """
-        try:
-            queryset = self._queryset(view)
-            model_cls = queryset.model
-        except AssertionError:
-            model_cls = None
 
+        model_cls = self.get_model_cls(view)
         action = getattr(view, 'action', None)
         if not action:
             action = request.method
@@ -116,4 +124,3 @@ class RBACPermission(permissions.DjangoModelPermissions):
         has = request.user.has_perms(perms)
         logger.debug('View require perms: {}, result: {}'.format(perms, has))
         return has
-