[Bugfix] 修复组织管理员无法查看用户授权的bug

b54afbe7 · ibuler · ab848afd · b54afbe7
Commit b54afbe7 authored Sep 13, 2018 by ibuler
Hide whitespace changes
Inline Side-by-side

Showing with 39 additions and 5 deletions

api.py apps/perms/api.py +39 -5

No files found.
--- a/apps/perms/api.py
+++ b/apps/perms/api.py
@@ -6,13 +6,14 @@ from rest_framework.views import APIView, Response
 from rest_framework.generics import ListAPIView, get_object_or_404, RetrieveUpdateAPIView
 from rest_framework import viewsets

-from common.utils import set_or_append_attr_bulk, get_object_or_none
+from common.utils import set_or_append_attr_bulk
 from common.permissions import IsValidUser, IsOrgAdmin, IsOrgAdminOrAppUser
 from orgs.mixins import RootOrgViewMixin
 from .utils import AssetPermissionUtil
 from .models import AssetPermission
 from .hands import AssetGrantedSerializer, User, UserGroup, Asset, Node, \
    NodeGrantedSerializer, SystemUser, NodeSerializer
+from orgs.utils import set_to_root_org
 from . import serializers


@@ -55,13 +56,19 @@ class AssetPermissionViewSet(viewsets.ModelViewSet):
        return permissions


-class UserGrantedAssetsApi(RootOrgViewMixin, ListAPIView):
+class UserGrantedAssetsApi(ListAPIView):
    """
    用户授权的所有资产
    """
    permission_classes = (IsOrgAdminOrAppUser,)
    serializer_class = AssetGrantedSerializer

+    def dispatch(self, request, *args, **kwargs):
+        if request.user.is_superuser or request.user.is_app or \
+                self.kwargs.get('pk') is None:
+            set_to_root_org()
+        return super().dispatch(request, *args, **kwargs)
+
    def get_queryset(self):
        user_id = self.kwargs.get('pk', '')
        queryset = []
@@ -84,10 +91,19 @@ class UserGrantedAssetsApi(RootOrgViewMixin, ListAPIView):
        return super().get_permissions()


-class UserGrantedNodesApi(RootOrgViewMixin, ListAPIView):
+class UserGrantedNodesApi(ListAPIView):
+    """
+    查询用户授权的所有节点的API, 如果是超级用户或者是 app，切换到root org
+    """
    permission_classes = (IsOrgAdmin,)
    serializer_class = NodeSerializer

+    def dispatch(self, request, *args, **kwargs):
+        if request.user.is_superuser or request.user.is_app or \
+                self.kwargs.get('pk') is None:
+            set_to_root_org()
+        return super().dispatch(request, *args, **kwargs)
+
    def get_queryset(self):
        user_id = self.kwargs.get('pk', '')
        if user_id:
@@ -104,10 +120,19 @@ class UserGrantedNodesApi(RootOrgViewMixin, ListAPIView):
        return super().get_permissions()


-class UserGrantedNodesWithAssetsApi(RootOrgViewMixin, ListAPIView):
+class UserGrantedNodesWithAssetsApi(ListAPIView):
+    """
+    用户授权的节点并带着节点下资产的api
+    """
    permission_classes = (IsOrgAdminOrAppUser,)
    serializer_class = NodeGrantedSerializer

+    def dispatch(self, request, *args, **kwargs):
+        if request.user.is_superuser or request.user.is_app or \
+                self.kwargs.get('pk') is None:
+            set_to_root_org()
+        return super().dispatch(request, *args, **kwargs)
+
    def get_queryset(self):
        user_id = self.kwargs.get('pk', '')
        queryset = []
@@ -133,10 +158,19 @@ class UserGrantedNodesWithAssetsApi(RootOrgViewMixin, ListAPIView):
        return super().get_permissions()


-class UserGrantedNodeAssetsApi(RootOrgViewMixin, ListAPIView):
+class UserGrantedNodeAssetsApi(ListAPIView):
+    """
+    查询用户授权的节点下的资产的api, 与上面api不同的是，只返回某个节点下的资产
+    """
    permission_classes = (IsOrgAdminOrAppUser,)
    serializer_class = AssetGrantedSerializer

+    def dispatch(self, request, *args, **kwargs):
+        if request.user.is_superuser or request.user.is_app or \
+                self.kwargs.get('pk') is None:
+            set_to_root_org()
+        return super().dispatch(request, *args, **kwargs)
+
    def get_queryset(self):
        user_id = self.kwargs.get('pk', '')
        node_id = self.kwargs.get('node_id')