[Bugfix] 修改校验系统用户资产动作权限的API逻辑

apps/perms/api/user_permission.py

@@ -17,14 +17,13 @@ from common.tree import TreeNodeSerializer
 from common.utils import get_logger
 from ..utils import (
     AssetPermissionUtil, parse_asset_to_tree_node, parse_node_to_tree_node,
-    check_system_user_action,
 )
 from ..hands import User, Asset, Node, SystemUser, NodeSerializer
 from .. import serializers, const
 from ..mixins import (
     AssetsFilterMixin,
 )
-from ..models import Action
+from ..models import ActionFlag
 
 logger = get_logger(__name__)
 
@@ -407,7 +406,7 @@ class UserGrantedNodeChildrenApi(UserPermissionCacheMixin, ListAPIView):
 
 class ValidateUserAssetPermissionApi(UserPermissionCacheMixin, APIView):
     permission_classes = (IsOrgAdminOrAppUser,)
-
+    
     def get(self, request, *args, **kwargs):
         user_id = request.query_params.get('user_id', '')
         asset_id = request.query_params.get('asset_id', '')
@@ -417,17 +416,17 @@ class ValidateUserAssetPermissionApi(UserPermissionCacheMixin, APIView):
         user = get_object_or_404(User, id=user_id)
         asset = get_object_or_404(Asset, id=asset_id)
         su = get_object_or_404(SystemUser, id=system_id)
-        action = get_object_or_404(Action, name=action_name)
 
         util = AssetPermissionUtil(user, cache_policy=self.cache_policy)
         granted_assets = util.get_assets()
-        granted_system_users = granted_assets.get(asset, [])
+        granted_system_users = granted_assets.get(asset, {})
 
         if su not in granted_system_users:
             return Response({'msg': False}, status=403)
 
-        _su = next((s for s in granted_system_users if s.id == su.id), None)
-        if not check_system_user_action(_su, action):
+        action = granted_system_users[su]
+        choices = ActionFlag.value_to_choices(action)
+        if action_name not in choices:
             return Response({'msg': False}, status=403)
 
         return Response({'msg': True}, status=200)
@@ -435,7 +434,7 @@ class ValidateUserAssetPermissionApi(UserPermissionCacheMixin, APIView):
 
 class GetUserAssetPermissionActionsApi(UserPermissionCacheMixin, RetrieveAPIView):
     permission_classes = (IsOrgAdminOrAppUser,)
-    serializers_class = serializers.ActionsSerializer
+    serializer_class = serializers.ActionsSerializer
 
     def get_object(self):
         user_id = self.request.query_params.get('user_id', '')
@@ -450,6 +449,9 @@ class GetUserAssetPermissionActionsApi(UserPermissionCacheMixin, RetrieveAPIView
         granted_assets = util.get_assets()
         granted_system_users = granted_assets.get(asset, {})
 
+        _object = {}
         if su not in granted_system_users:
-            return {"actions": 0}
-        return granted_system_users[su]
+            _object['actions'] = 0
+        else:
+            _object['actions'] = granted_system_users[su]
+        return _object

apps/perms/utils/asset_permission.py

@@ -27,7 +27,6 @@ logger = get_logger(__file__)
 __all__ = [
     'AssetPermissionUtil', 'is_obj_attr_has', 'sort_assets',
     'parse_asset_to_tree_node', 'parse_node_to_tree_node',
-    'check_system_user_action',
 ]
 
 
@@ -590,16 +589,3 @@ def parse_asset_to_tree_node(node, asset, system_users):
     }
     tree_node = TreeNode(**data)
     return tree_node
-
-
-def check_system_user_action(system_user, action):
-    """
-    :param system_user: SystemUser object (包含动态属性: actions)
-    :param action: Action object
-    :return: bool
-    """
-
-    check_actions = [Action.get_action_all(), action]
-    granted_actions = getattr(system_user, 'actions', [])
-    actions = list(set(granted_actions).intersection(set(check_actions)))
-    return bool(actions)