From 246e602e8883bb18e99b43c9dbe136372ec40f74 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E9=9F=A9=E5=AE=B6=E6=97=AD?= <hanjiaxu@66y.com>
Date: Thu, 17 Aug 2023 19:49:41 +0800
Subject: [PATCH] =?UTF-8?q?fix:=20=E4=BF=AE=E5=A4=8D=E7=94=A8=E6=88=B7?=
 =?UTF-8?q?=E6=8F=90=E4=BA=A4=E5=BA=94=E7=94=A8=E5=8F=91=E5=B8=83=E7=94=B3?=
 =?UTF-8?q?=E8=AF=B7=E6=97=B6=E5=8F=AF=E4=BB=A5=E5=8F=91=E5=B8=83=E5=88=B0?=
 =?UTF-8?q?=E8=AF=A5=E7=94=A8=E6=88=B7=E6=97=A0=E6=9D=83=E8=AE=BF=E9=97=AE?=
 =?UTF-8?q?=E7=9A=84=E4=B8=BB=E6=9C=BA=E4=B8=AD=E7=9A=84=E9=97=AE=E9=A2=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

原来的逻辑会将该应用发布配置所关联的所有的主机返回给前端，但是会导致将用户无权访问的主机也返回回去，用户无法在页面上看到具体的ip，只能看到空白的选项条，但是用户其实可以选中并发布，造成应用更新发布到用户无权访问的主机中的问题。
---
 spug_api/apps/app/views.py | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/spug_api/apps/app/views.py b/spug_api/apps/app/views.py
index 94b640d..6b74c58 100644
--- a/spug_api/apps/app/views.py
+++ b/spug_api/apps/app/views.py
@@ -5,9 +5,11 @@ from django.views.generic import View
 from django.db.models import F
 from libs import JsonParser, Argument, json_response, auth
 from apps.app.models import App, Deploy, DeployExtend1, DeployExtend2
+from apps.host.models import Host
 from apps.config.models import Config, ConfigHistory, Service
 from apps.app.utils import fetch_versions, remove_repo
 from apps.setting.utils import AppSetting
+from apps.account.utils import get_host_perms
 import json
 import re
 
@@ -117,6 +119,20 @@ class DeployView(View):
         deploys = Deploy.objects.filter(**form) \
             .annotate(app_name=F('app__name'), app_key=F('app__key')) \
             .order_by('-app__sort_id')
+        # 获取用户有权访问的主机列表
+        hosts = Host.objects.select_related('hostextend')
+        if not request.user.is_supper:
+            hosts = hosts.filter(id__in=get_host_perms(request.user))
+        # 提取出所有的 host id 到列表中
+        allowed_host_ids = list(map(lambda x: x.id, hosts))
+        # 遍历每一个发布配置，并修改其中的 host_ids 字段
+        for deploy_item in deploys:
+            # 解析 host_ids 字符串
+            all_host_ids = json.loads(deploy_item.host_ids)
+            # 获取所有用户有权访问的主机
+            available_host_ids = list(filter(lambda x: x in allowed_host_ids, all_host_ids))
+            # 将该列表重新赋值给发布配置的 host_ids 字段
+            deploy_item.host_ids = json.dumps(available_host_ids)
         return json_response(deploys)
 
     @auth('deploy.app.edit')