Skip to content
Projects
Groups
Snippets
Help
Loading...
Sign in
Toggle navigation
J
jumpserver
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
ops
jumpserver
Commits
c71f417e
Unverified
Commit
c71f417e
authored
6 years ago
by
BaiJiangJie
Committed by
GitHub
6 years ago
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
[Update] 用户授权相关API,如果需要切换到root org (#2803)
* [Update] 用户授权相关API,如果需要切换到root org * [Update] 优化小问题
parent
795807dd
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
26 additions
and
14 deletions
+26
-14
asset_create.html
apps/assets/templates/assets/asset_create.html
+1
-1
user_group_permission.py
apps/perms/api/user_group_permission.py
+0
-7
user_permission.py
apps/perms/api/user_permission.py
+7
-5
mixins.py
apps/perms/mixins.py
+18
-1
No files found.
apps/assets/templates/assets/asset_create.html
View file @
c71f417e
...
...
@@ -190,7 +190,7 @@ $(document).ready(function () {
port
=
3389
;
break
;
case
"telnet"
:
port
=
2
1
;
port
=
2
3
;
break
;
case
"vnc"
:
port
=
5901
;
...
...
This diff is collapsed.
Click to expand it.
apps/perms/api/user_group_permission.py
View file @
c71f417e
...
...
@@ -93,19 +93,12 @@ class UserGroupGrantedNodesWithAssetsAsTreeApi(ListAPIView):
show_assets
=
True
system_user_id
=
None
def
change_org_if_need
(
self
):
if
self
.
request
.
user
.
is_superuser
or
\
self
.
request
.
user
.
is_app
or
\
self
.
kwargs
.
get
(
'pk'
)
is
None
:
set_to_root_org
()
def
get
(
self
,
request
,
*
args
,
**
kwargs
):
self
.
show_assets
=
request
.
query_params
.
get
(
'show_assets'
,
'1'
)
==
'1'
self
.
system_user_id
=
request
.
query_params
.
get
(
'system_user'
)
return
super
()
.
get
(
request
,
*
args
,
**
kwargs
)
def
get_queryset
(
self
):
self
.
change_org_if_need
()
user_group_id
=
self
.
kwargs
.
get
(
'pk'
,
''
)
queryset
=
[]
group
=
get_object_or_404
(
UserGroup
,
id
=
user_group_id
)
...
...
This diff is collapsed.
Click to expand it.
apps/perms/api/user_permission.py
View file @
c71f417e
...
...
@@ -25,7 +25,9 @@ from ..hands import (
NodeSerializer
,
RemoteAppSerializer
,
)
from
..
import
serializers
,
const
from
..mixins
import
AssetsFilterMixin
,
RemoteAppFilterMixin
from
..mixins
import
(
AssetsFilterMixin
,
RemoteAppFilterMixin
,
ChangeOrgIfNeedMixin
)
from
..models
import
Action
logger
=
get_logger
(
__name__
)
...
...
@@ -459,7 +461,7 @@ class GetUserAssetPermissionActionsApi(UserPermissionCacheMixin, APIView):
# RemoteApp permission
class
UserGrantedRemoteAppsApi
(
RemoteAppFilterMixin
,
ListAPIView
):
class
UserGrantedRemoteAppsApi
(
ChangeOrgIfNeedMixin
,
RemoteAppFilterMixin
,
ListAPIView
):
permission_classes
=
(
IsOrgAdminOrAppUser
,)
serializer_class
=
RemoteAppSerializer
pagination_class
=
LimitOffsetPagination
...
...
@@ -484,7 +486,7 @@ class UserGrantedRemoteAppsApi(RemoteAppFilterMixin, ListAPIView):
return
super
()
.
get_permissions
()
class
UserGrantedRemoteAppsAsTreeApi
(
ListAPIView
):
class
UserGrantedRemoteAppsAsTreeApi
(
ChangeOrgIfNeedMixin
,
ListAPIView
):
serializer_class
=
TreeNodeSerializer
permission_classes
=
(
IsOrgAdminOrAppUser
,)
...
...
@@ -516,10 +518,11 @@ class UserGrantedRemoteAppsAsTreeApi(ListAPIView):
return
super
()
.
get_permissions
()
class
ValidateUserRemoteAppPermissionApi
(
APIView
):
class
ValidateUserRemoteAppPermissionApi
(
ChangeOrgIfNeedMixin
,
APIView
):
permission_classes
=
(
IsOrgAdminOrAppUser
,)
def
get
(
self
,
request
,
*
args
,
**
kwargs
):
self
.
change_org_if_need
(
request
,
kwargs
)
user_id
=
request
.
query_params
.
get
(
'user_id'
,
''
)
remote_app_id
=
request
.
query_params
.
get
(
'remote_app_id'
,
''
)
user
=
get_object_or_404
(
User
,
id
=
user_id
)
...
...
@@ -529,5 +532,4 @@ class ValidateUserRemoteAppPermissionApi(APIView):
remote_apps
=
util
.
get_remote_apps
()
if
remote_app
not
in
remote_apps
:
return
Response
({
'msg'
:
False
},
status
=
403
)
return
Response
({
'msg'
:
True
},
status
=
200
)
This diff is collapsed.
Click to expand it.
apps/perms/mixins.py
View file @
c71f417e
...
...
@@ -2,8 +2,10 @@
#
from
orgs.utils
import
set_to_root_org
__all__
=
[
'AssetsFilterMixin'
,
'RemoteAppFilterMixin'
,
'AssetsFilterMixin'
,
'RemoteAppFilterMixin'
,
'ChangeOrgIfNeedMixin'
,
]
...
...
@@ -100,3 +102,18 @@ class RemoteAppFilterMixin(object):
queryset
,
key
=
lambda
x
:
getattr
(
x
,
order_by
),
reverse
=
reverse
)
return
queryset
class
ChangeOrgIfNeedMixin
(
object
):
@staticmethod
def
change_org_if_need
(
request
,
kwargs
):
if
request
.
user
.
is_authenticated
and
request
.
user
.
is_superuser
\
or
request
.
user
.
is_app
\
or
kwargs
.
get
(
'pk'
)
is
None
:
set_to_root_org
()
def
get
(
self
,
request
,
*
args
,
**
kwargs
):
self
.
change_org_if_need
(
request
,
kwargs
)
return
super
()
.
get
(
request
,
*
args
,
**
kwargs
)
This diff is collapsed.
Click to expand it.
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment