github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

fix: 拆分角色权限树router

pull/7745/head
feng626 2022-03-04 17:43:57 +08:00 committed by 老广
parent 8a8ed90eef
commit eb6bddc599
2 changed files with 35 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
apps/rbac/api/role.py
View File

@ -9,8 +9,8 @@ from ..models import Role, SystemRole, OrgRole
from .permission import PermissionViewSet from .permission import PermissionViewSet
__all__ = [ __all__ = [
'RoleViewSet', 'RolePermissionsViewSet', 'RoleViewSet', 'SystemRoleViewSet', 'OrgRoleViewSet',
'SystemRoleViewSet', 'OrgRoleViewSet' 'SystemRolePermissionsViewSet', 'OrgRolePermissionsViewSet',
] ]
@ -40,7 +40,7 @@ class RoleViewSet(JMSModelViewSet):
return super().perform_update(serializer) return super().perform_update(serializer)
def get_queryset(self): def get_queryset(self):
queryset = super().get_queryset()\ queryset = super().get_queryset() \
.annotate(permissions_amount=Count('permissions')) .annotate(permissions_amount=Count('permissions'))
return queryset return queryset
@ -59,23 +59,40 @@ class OrgRoleViewSet(RoleViewSet):
queryset = OrgRole.objects.all() queryset = OrgRole.objects.all()
# Sub view set class BaseRolePermissionsViewSet(PermissionViewSet):
class RolePermissionsViewSet(PermissionViewSet): model = None
role_pk = None
filterset_fields = [] filterset_fields = []
rbac_perms = (
('get_tree', 'role.view_role'),
)
http_method_names = ['get', 'option'] http_method_names = ['get', 'option']
check_disabled = False check_disabled = False
def get_queryset(self): def get_queryset(self):
role_id = self.kwargs.get('role_pk') role_id = self.kwargs.get(self.role_pk)
if not role_id: if not role_id:
return Role.objects.none() return self.model.objects.none()
role = Role.objects.get(id=role_id) role = self.model.objects.get(id=role_id)
self.scope = role.scope self.scope = role.scope
self.check_disabled = role.builtin self.check_disabled = role.builtin
queryset = role.get_permissions()\ queryset = role.get_permissions() \
.prefetch_related('content_type') .prefetch_related('content_type')
return queryset return queryset
# Sub view set
class SystemRolePermissionsViewSet(BaseRolePermissionsViewSet):
role_pk = 'system_role_pk'
model = SystemRole
rbac_perms = (
('get_tree', 'rbac.view_systemrole'),
)
# Sub view set
class OrgRolePermissionsViewSet(BaseRolePermissionsViewSet):
role_pk = 'org_role_pk'
model = OrgRole
rbac_perms = (
('get_tree', 'rbac.view_orgrole'),
)

9
apps/rbac/urls/api_urls.py
View File

@ -16,9 +16,12 @@ router.register(r'system-role-bindings', api.SystemRoleBindingViewSet, 'system-r
router.register(r'org-role-bindings', api.OrgRoleBindingViewSet, 'org-role-binding') router.register(r'org-role-bindings', api.OrgRoleBindingViewSet, 'org-role-binding')
router.register(r'permissions', api.PermissionViewSet, 'permission') router.register(r'permissions', api.PermissionViewSet, 'permission')
role_router = routers.NestedDefaultRouter(router, r'roles', lookup='role') system_role_router = routers.NestedDefaultRouter(router, r'system-roles', lookup='system_role')
role_router.register(r'permissions', api.RolePermissionsViewSet, 'role-permission') system_role_router.register(r'permissions', api.SystemRolePermissionsViewSet, 'system-role-permission')
org_role_router = routers.NestedDefaultRouter(router, r'org-roles', lookup='org_role')
org_role_router.register(r'permissions', api.OrgRolePermissionsViewSet, 'org-role-permission')
urlpatterns = [] urlpatterns = []
urlpatterns += router.urls + role_router.urls urlpatterns += router.urls + system_role_router.urls + org_role_router.urls