diff --git a/apps/applications/migrations/0017_auto_20220217_2135.py b/apps/applications/migrations/0017_auto_20220217_2135.py index 4807b570d..fd6bbeaa8 100644 --- a/apps/applications/migrations/0017_auto_20220217_2135.py +++ b/apps/applications/migrations/0017_auto_20220217_2135.py @@ -12,7 +12,7 @@ class Migration(migrations.Migration): operations = [ migrations.AlterModelOptions( name='account', - options={'permissions': [('view_applicationaccountsecret', 'Can view application account secret'), ('change_appplicationaccountsecret', 'Can view application account secret')], 'verbose_name': 'Application account'}, + options={'permissions': [('view_applicationaccountsecret', 'Can view application account secret'), ('change_appplicationaccountsecret', 'Can change application account secret')], 'verbose_name': 'Application account'}, ), migrations.AlterModelOptions( name='applicationuser', diff --git a/apps/applications/models/account.py b/apps/applications/models/account.py index eac7b99ef..627dec91a 100644 --- a/apps/applications/models/account.py +++ b/apps/applications/models/account.py @@ -24,7 +24,7 @@ class Account(BaseUser): unique_together = [('username', 'app', 'systemuser')] permissions = [ ('view_applicationaccountsecret', _('Can view application account secret')), - ('change_appplicationaccountsecret', _('Can view application account secret')), + ('change_appplicationaccountsecret', _('Can change application account secret')), ] def __init__(self, *args, **kwargs): diff --git a/apps/rbac/const.py b/apps/rbac/const.py index 1d4fe7d41..6679490c9 100644 --- a/apps/rbac/const.py +++ b/apps/rbac/const.py @@ -30,6 +30,7 @@ exclude_permissions = ( ('users', 'userpasswordhistory', '*', '*'), ('applications', 'applicationuser', '*', '*'), ('applications', 'historicalaccount', '*', '*'), + ('applications', 'account', 'add,change', 'account'), ('assets', 'adminuser', '*', '*'), ('assets', 'assetgroup', '*', '*'), ('assets', 'cluster', '*', '*'), @@ -38,6 +39,7 @@ exclude_permissions = ( ('assets', 'assetuser', '*', '*'), ('assets', 'gathereduser', 'add,delete,change', 'gathereduser'), ('assets', 'accountbackupplanexecution', 'delete,change', 'accountbackupplanexecution'), + ('assets', 'authbook', 'add', 'authbook'), ('perms', 'databaseapppermission', '*', '*'), ('perms', 'k8sapppermission', '*', '*'), ('perms', 'remoteapppermission', '*', '*'), diff --git a/apps/rbac/models/permission.py b/apps/rbac/models/permission.py index a93c7535c..a4ea91b15 100644 --- a/apps/rbac/models/permission.py +++ b/apps/rbac/models/permission.py @@ -14,6 +14,10 @@ class ContentType(DjangoContentType): class Meta: proxy = True + @property + def app_model(self): + return '%s.%s' % (self.app_label, self.model) + class Permission(DjangoPermission): """ 权限类 """ diff --git a/apps/rbac/tree.py b/apps/rbac/tree.py index 68fb3fddc..1e6c69f66 100644 --- a/apps/rbac/tree.py +++ b/apps/rbac/tree.py @@ -263,6 +263,7 @@ class PermissionTreeUtil: @staticmethod def _get_permission_name(p, content_types_name_mapper): + p: Permission code_name = p.codename action_mapper = { 'add': ugettext('Create'), @@ -285,8 +286,9 @@ class PermissionTreeUtil: name = action_mapper['delete'] ct = code_name.replace('delete_', '') - if ct in content_types_name_mapper: - name += content_types_name_mapper[ct] + app_model = '%s.%s' % (p.content_type.app_label, ct) + if app_model in content_types_name_mapper: + name += content_types_name_mapper[app_model] else: name = gettext(p.name) name = name.replace('Can ', '').replace('可以', '') @@ -296,7 +298,7 @@ class PermissionTreeUtil: permissions_id = self.permissions.values_list('id', flat=True) nodes = [] content_types = ContentType.objects.all() - content_types_name_mapper = {ct.model: ct.name for ct in content_types} + content_types_name_mapper = {ct.app_model: ct.name for ct in content_types} for p in self.all_permissions: model_id = f'{p.app}.{p.model}'