Browse Source

perf: 修改 系统级别用户角色的 perms

pull/8111/head
ibuler 3 years ago committed by Jiangjie.Bai
parent
commit
f1bd4ea91f
  1. 17
      apps/rbac/builtin.py
  2. 5
      apps/rbac/models/rolebinding.py

17
apps/rbac/builtin.py

@ -2,15 +2,6 @@ from django.utils.translation import ugettext_noop
from .const import Scope, system_exclude_permissions, org_exclude_permissions from .const import Scope, system_exclude_permissions, org_exclude_permissions
system_user_perms = (
('authentication', 'connectiontoken', 'add', 'connectiontoken'),
('authentication', 'temptoken', 'add,change,view', 'temptoken'),
('authentication', 'accesskey', '*', '*'),
('tickets', 'ticket', 'view', 'ticket'),
('orgs', 'organization', 'view', 'rootorg'),
)
# Todo: 获取应该区分 系统用户,和组织用户的权限
# 工作台也区分组织后再考虑 # 工作台也区分组织后再考虑
user_perms = ( user_perms = (
('rbac', 'menupermission', 'view', 'workbench'), ('rbac', 'menupermission', 'view', 'workbench'),
@ -25,6 +16,14 @@ user_perms = (
('ops', 'commandexecution', 'add', 'commandexecution'), ('ops', 'commandexecution', 'add', 'commandexecution'),
) )
system_user_perms = (
('authentication', 'connectiontoken', 'add', 'connectiontoken'),
('authentication', 'temptoken', 'add,change,view', 'temptoken'),
('authentication', 'accesskey', '*', '*'),
('tickets', 'ticket', 'view', 'ticket'),
('orgs', 'organization', 'view', 'rootorg'),
) + user_perms
auditor_perms = user_perms + ( auditor_perms = user_perms + (
('rbac', 'menupermission', 'view', 'audit'), ('rbac', 'menupermission', 'view', 'audit'),
('audits', '*', '*', '*'), ('audits', '*', '*', '*'),

5
apps/rbac/models/rolebinding.py

@ -6,7 +6,7 @@ from rest_framework.serializers import ValidationError
from common.db.models import JMSModel from common.db.models import JMSModel
from common.utils import lazyproperty from common.utils import lazyproperty
from orgs.utils import current_org from orgs.utils import current_org, tmp_to_root_org
from .role import Role from .role import Role
from ..const import Scope from ..const import Scope
@ -105,7 +105,8 @@ class RoleBinding(JMSModel):
from orgs.models import Organization from orgs.models import Organization
roles = Role.get_roles_by_perm(perm) roles = Role.get_roles_by_perm(perm)
bindings = list(cls.objects.root_all().filter(role__in=roles, user=user)) with tmp_to_root_org():
bindings = list(cls.objects.root_all().filter(role__in=roles, user=user))
system_bindings = [b for b in bindings if b.scope == Role.Scope.system.value] system_bindings = [b for b in bindings if b.scope == Role.Scope.system.value]
if perm == 'rbac.view_workbench': if perm == 'rbac.view_workbench':

Loading…
Cancel
Save