[Update] 用户授权相关API，如果需要切换到root org (#2803)

* [Update] 用户授权相关API，如果需要切换到root org

* [Update] 优化小问题

apps/assets/templates/assets/asset_create.html

@@ -190,7 +190,7 @@ $(document).ready(function () {
             port = 3389;
             break;
         case "telnet":
-            port = 21;
+            port = 23;
             break;
         case "vnc":
             port = 5901;

apps/perms/api/user_group_permission.py

@@ -93,19 +93,12 @@ class UserGroupGrantedNodesWithAssetsAsTreeApi(ListAPIView):
     show_assets = True
     system_user_id = None
 
-    def change_org_if_need(self):
-        if self.request.user.is_superuser or \
-                self.request.user.is_app or \
-                self.kwargs.get('pk') is None:
-            set_to_root_org()
-
     def get(self, request, *args, **kwargs):
         self.show_assets = request.query_params.get('show_assets', '1') == '1'
         self.system_user_id = request.query_params.get('system_user')
         return super().get(request, *args, **kwargs)
 
     def get_queryset(self):
-        self.change_org_if_need()
         user_group_id = self.kwargs.get('pk', '')
         queryset = []
         group = get_object_or_404(UserGroup, id=user_group_id)

apps/perms/api/user_permission.py

@@ -25,7 +25,9 @@ from ..hands import (
     NodeSerializer, RemoteAppSerializer,
 )
 from .. import serializers, const
-from ..mixins import AssetsFilterMixin, RemoteAppFilterMixin
+from ..mixins import (
+    AssetsFilterMixin, RemoteAppFilterMixin, ChangeOrgIfNeedMixin
+)
 from ..models import Action
 
 logger = get_logger(__name__)
@@ -459,7 +461,7 @@ class GetUserAssetPermissionActionsApi(UserPermissionCacheMixin, APIView):
 
 # RemoteApp permission
 
-class UserGrantedRemoteAppsApi(RemoteAppFilterMixin, ListAPIView):
+class UserGrantedRemoteAppsApi(ChangeOrgIfNeedMixin, RemoteAppFilterMixin, ListAPIView):
     permission_classes = (IsOrgAdminOrAppUser,)
     serializer_class = RemoteAppSerializer
     pagination_class = LimitOffsetPagination
@@ -484,7 +486,7 @@ class UserGrantedRemoteAppsApi(RemoteAppFilterMixin, ListAPIView):
         return super().get_permissions()
 
 
-class UserGrantedRemoteAppsAsTreeApi(ListAPIView):
+class UserGrantedRemoteAppsAsTreeApi(ChangeOrgIfNeedMixin, ListAPIView):
     serializer_class = TreeNodeSerializer
     permission_classes = (IsOrgAdminOrAppUser,)
 
@@ -516,10 +518,11 @@ class UserGrantedRemoteAppsAsTreeApi(ListAPIView):
         return super().get_permissions()
 
 
-class ValidateUserRemoteAppPermissionApi(APIView):
+class ValidateUserRemoteAppPermissionApi(ChangeOrgIfNeedMixin, APIView):
     permission_classes = (IsOrgAdminOrAppUser,)
 
     def get(self, request, *args, **kwargs):
+        self.change_org_if_need(request, kwargs)
         user_id = request.query_params.get('user_id', '')
         remote_app_id = request.query_params.get('remote_app_id', '')
         user = get_object_or_404(User, id=user_id)
@@ -529,5 +532,4 @@ class ValidateUserRemoteAppPermissionApi(APIView):
         remote_apps = util.get_remote_apps()
         if remote_app not in remote_apps:
             return Response({'msg': False}, status=403)
-
         return Response({'msg': True}, status=200)

apps/perms/mixins.py

@@ -2,8 +2,10 @@
 #
 
 
+from orgs.utils import set_to_root_org
+
 __all__ = [
-    'AssetsFilterMixin', 'RemoteAppFilterMixin',
+    'AssetsFilterMixin', 'RemoteAppFilterMixin', 'ChangeOrgIfNeedMixin',
 ]
 
 
@@ -100,3 +102,18 @@ class RemoteAppFilterMixin(object):
             queryset, key=lambda x: getattr(x, order_by), reverse=reverse
         )
         return queryset
+
+
+class ChangeOrgIfNeedMixin(object):
+
+    @staticmethod
+    def change_org_if_need(request, kwargs):
+        if request.user.is_authenticated and request.user.is_superuser \
+                or request.user.is_app \
+                or kwargs.get('pk') is None:
+            set_to_root_org()
+
+    def get(self, request, *args, **kwargs):
+        self.change_org_if_need(request, kwargs)
+        return super().get(request, *args, **kwargs)
+