github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

[Update] 用户授权相关API,如果需要切换到root org (#2803) 

* [Update] 用户授权相关API,如果需要切换到root org

* [Update] 优化小问题
pull/2806/head
BaiJiangJie 2019-06-17 19:27:02 +08:00 committed by GitHub
parent 795807ddbe
commit c71f417ebf
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 26 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apps/assets/templates/assets/asset_create.html
View File

@ -190,7 +190,7 @@ $(document).ready(function () {
port = 3389;
break;
case "telnet":
port = 21;
port = 23;
break;
case "vnc":
port = 5901;

7
apps/perms/api/user_group_permission.py
View File

@ -93,19 +93,12 @@ class UserGroupGrantedNodesWithAssetsAsTreeApi(ListAPIView):
show_assets = True
system_user_id = None
def change_org_if_need(self):
if self.request.user.is_superuser or \
self.request.user.is_app or \
self.kwargs.get('pk') is None:
set_to_root_org()
def get(self, request, *args, **kwargs):
self.show_assets = request.query_params.get('show_assets', '1') == '1'
self.system_user_id = request.query_params.get('system_user')
return super().get(request, *args, **kwargs)
def get_queryset(self):
self.change_org_if_need()
user_group_id = self.kwargs.get('pk', '')
queryset = []
group = get_object_or_404(UserGroup, id=user_group_id)

12
apps/perms/api/user_permission.py
View File

@ -25,7 +25,9 @@ from ..hands import (
NodeSerializer, RemoteAppSerializer,
)
from .. import serializers, const
from ..mixins import AssetsFilterMixin, RemoteAppFilterMixin
from ..mixins import (
AssetsFilterMixin, RemoteAppFilterMixin, ChangeOrgIfNeedMixin
)
from ..models import Action
logger = get_logger(__name__)
@ -459,7 +461,7 @@ class GetUserAssetPermissionActionsApi(UserPermissionCacheMixin, APIView):
# RemoteApp permission
class UserGrantedRemoteAppsApi(RemoteAppFilterMixin, ListAPIView):
class UserGrantedRemoteAppsApi(ChangeOrgIfNeedMixin, RemoteAppFilterMixin, ListAPIView):
permission_classes = (IsOrgAdminOrAppUser,)
serializer_class = RemoteAppSerializer
pagination_class = LimitOffsetPagination
@ -484,7 +486,7 @@ class UserGrantedRemoteAppsApi(RemoteAppFilterMixin, ListAPIView):
return super().get_permissions()
class UserGrantedRemoteAppsAsTreeApi(ListAPIView):
class UserGrantedRemoteAppsAsTreeApi(ChangeOrgIfNeedMixin, ListAPIView):
serializer_class = TreeNodeSerializer
permission_classes = (IsOrgAdminOrAppUser,)
@ -516,10 +518,11 @@ class UserGrantedRemoteAppsAsTreeApi(ListAPIView):
return super().get_permissions()
class ValidateUserRemoteAppPermissionApi(APIView):
class ValidateUserRemoteAppPermissionApi(ChangeOrgIfNeedMixin, APIView):
permission_classes = (IsOrgAdminOrAppUser,)
def get(self, request, *args, **kwargs):
self.change_org_if_need(request, kwargs)
user_id = request.query_params.get('user_id', '')
remote_app_id = request.query_params.get('remote_app_id', '')
user = get_object_or_404(User, id=user_id)
@ -529,5 +532,4 @@ class ValidateUserRemoteAppPermissionApi(APIView):
remote_apps = util.get_remote_apps()
if remote_app not in remote_apps:
return Response({'msg': False}, status=403)
return Response({'msg': True}, status=200)

19
apps/perms/mixins.py
View File

@ -2,8 +2,10 @@
#
from orgs.utils import set_to_root_org
__all__ = [
'AssetsFilterMixin', 'RemoteAppFilterMixin',
'AssetsFilterMixin', 'RemoteAppFilterMixin', 'ChangeOrgIfNeedMixin',
]
@ -100,3 +102,18 @@ class RemoteAppFilterMixin(object):
queryset, key=lambda x: getattr(x, order_by), reverse=reverse
)
return queryset
class ChangeOrgIfNeedMixin(object):
@staticmethod
def change_org_if_need(request, kwargs):
if request.user.is_authenticated and request.user.is_superuser \
or request.user.is_app \
or kwargs.get('pk') is None:
set_to_root_org()
def get(self, request, *args, **kwargs):
self.change_org_if_need(request, kwargs)
return super().get(request, *args, **kwargs)