github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

feat: 支持批量审批工单 (#11014)

pull/11119/head
jiangweidong 2023-07-28 14:32:31 +08:00 committed by GitHub
parent dbfb9db5c5
commit c86b28a305
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 29 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
apps/tickets/api/ticket.py
View File

@ -1,5 +1,6 @@
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
# #
from django.utils.translation import gettext_lazy as _
from rest_framework import viewsets from rest_framework import viewsets
from rest_framework.decorators import action from rest_framework.decorators import action
from rest_framework.exceptions import MethodNotAllowed from rest_framework.exceptions import MethodNotAllowed
@ -38,9 +39,9 @@ class TicketViewSet(CommonApiMixin, viewsets.ModelViewSet):
ordering = ('-date_created',) ordering = ('-date_created',)
rbac_perms = { rbac_perms = {
'open': 'tickets.view_ticket', 'open': 'tickets.view_ticket',
'bulk': 'tickets.change_ticket',
} }
def retrieve(self, request, *args, **kwargs): def retrieve(self, request, *args, **kwargs):
instance = self.get_object() instance = self.get_object()
with tmp_to_root_org(): with tmp_to_root_org():
@ -57,6 +58,10 @@ class TicketViewSet(CommonApiMixin, viewsets.ModelViewSet):
def destroy(self, request, *args, **kwargs): def destroy(self, request, *args, **kwargs):
raise MethodNotAllowed(self.action) raise MethodNotAllowed(self.action)
def ticket_not_allowed(self):
if self.model == Ticket:
raise MethodNotAllowed(self.action)
def get_queryset(self): def get_queryset(self):
with tmp_to_root_org(): with tmp_to_root_org():
queryset = self.model.get_user_related_tickets(self.request.user) queryset = self.model.get_user_related_tickets(self.request.user)
@ -74,6 +79,8 @@ class TicketViewSet(CommonApiMixin, viewsets.ModelViewSet):
@action(detail=True, methods=[PUT, PATCH], permission_classes=[IsAssignee, ]) @action(detail=True, methods=[PUT, PATCH], permission_classes=[IsAssignee, ])
def approve(self, request, *args, **kwargs): def approve(self, request, *args, **kwargs):
self.ticket_not_allowed()
partial = kwargs.pop('partial', False) partial = kwargs.pop('partial', False)
instance = self.get_object() instance = self.get_object()
serializer = self.get_serializer(instance, data=request.data, partial=partial) serializer = self.get_serializer(instance, data=request.data, partial=partial)
@ -95,6 +102,27 @@ class TicketViewSet(CommonApiMixin, viewsets.ModelViewSet):
instance.close() instance.close()
return Response('ok') return Response('ok')
@action(detail=False, methods=[PUT], permission_classes=[RBACPermission, ])
def bulk(self, request, *args, **kwargs):
self.ticket_not_allowed()
allow_action = ('approve', 'reject')
action_ = request.query_params.get('action')
if action_ not in allow_action:
msg = _("The parameter 'action' must be [{}]").format(','.join(allow_action))
return Response({'error': msg}, status=400)
ticket_ids = request.data.get('tickets', [])
queryset = self.get_queryset().filter(state='pending').filter(id__in=ticket_ids)
for obj in queryset:
if not obj.has_current_assignee(request.user):
return Response(
{'error': f"{_('User does not have permission')}: {obj}"}, status=400
)
handler = getattr(obj, action_)
handler(processor=request.user)
return Response('ok')
class ApplyAssetTicketViewSet(TicketViewSet): class ApplyAssetTicketViewSet(TicketViewSet):
model = ApplyAssetTicket model = ApplyAssetTicket