[Update] 修改当仅是当前组织审计员时，隐藏终断会话按钮 (#3275)

* [Update] 修改会话列表中终断按钮，批量终断，SessionViewSet 的权限控制

[Update] 修改当仅是当前组织审计员时，隐藏终断会话按钮 (#3275)
* [Update] 修改会话列表中终断按钮，批量终断，SessionViewSet 的权限控制
3c12c339 · 八千流 · BaiJiangJie · 118fc8c4 · 3c12c339 · 3c12c339
Commit 3c12c339 authored Sep 25, 2019 by 八千流 Committed by BaiJiangJie Sep 25, 2019
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 3 deletions

session.py apps/terminal/api/session.py +6 -1

session_list.html apps/terminal/templates/terminal/session_list.html +2 -2

No files found.
--- a/apps/terminal/api/session.py
+++ b/apps/terminal/api/session.py
@@ -26,7 +26,7 @@ logger = get_logger(__name__)
 class SessionViewSet(OrgBulkModelViewSet):
    queryset = Session.objects.all()
    serializer_class = serializers.SessionSerializer
-    permission_classes = (IsOrgAdminOrAppUser | IsOrgAuditor, )
+    permission_classes = (IsOrgAdminOrAppUser, )
    filter_fields = [
        "user", "asset", "system_user", "remote_addr",
        "protocol", "terminal", "is_finished",
@@ -53,6 +53,11 @@ class SessionViewSet(OrgBulkModelViewSet):
            serializer.validated_data["system_user"] = _system_user.name
        return super().perform_create(serializer)

+    def get_permissions(self):
+        if self.request.method.lower() in ['get']:
+            self.permission_classes = (IsOrgAdminOrAppUser | IsOrgAuditor, )
+        return super().get_permissions()
+

 class SessionReplayViewSet(viewsets.ViewSet):
    serializer_class = serializers.ReplaySerializer

--- a/apps/terminal/templates/terminal/session_list.html
+++ b/apps/terminal/templates/terminal/session_list.html
@@ -41,7 +41,7 @@
    </table>

    <div id="actions" class="hide">
-        {% if type == "online" %}
+        {% if type == "online" and request.user.can_admin_current_org %}
        <div class="input-group">
            <select class="form-control m-b" style="width: auto" id="slct_bulk_update">
                <option value="terminate">{% trans 'Terminate selected' %}</option>
@@ -140,7 +140,7 @@ function initTable() {
                    replayBtn = replayBtn.replace("disabled", "")
                }
                var termBtn = '<a class="btn btn-xs btn-danger btn-term" disabled value="sessionID" terminal="terminalID" >{% trans "Terminate" %}</a>';
-                if ("{{ request.user.is_org_admin }}" === "True") {
+                if ("{{ request.user.can_admin_current_org }}" === "True") {
                    termBtn = termBtn.replace("disabled", "")
                        .replace("sessionID", cellData)
                        .replace("terminalID", rowData.terminal)