Skip to content

J
jumpserver
Commit dcd1c119 authored by BaiJiangJie's avatar BaiJiangJie
Browse files
Options

[Feature] 应用授权: DatabasePermission 添加校验用户对数据库的权限API

parent 2268fc5b
Hide whitespace changes
Inline Side-by-side
Showing with 23 additions and 3 deletions
apps/perms/api/user_database_permission.py
View file @ dcd1c119
...@@ -4,12 +4,12 @@ ...@@ -4,12 +4,12 @@
from django.shortcuts import get_object_or_404 from django.shortcuts import get_object_or_404
from rest_framework.generics import ListAPIView from rest_framework.generics import ListAPIView
from rest_framework.views import APIView, Response
from rest_framework.pagination import LimitOffsetPagination from rest_framework.pagination import LimitOffsetPagination
from common.tree import TreeNodeSerializer from common.tree import TreeNodeSerializer
from common.permissions import IsOrgAdminOrAppUser, IsValidUser from common.permissions import IsOrgAdminOrAppUser, IsValidUser
from ..hands import User, DatabaseSerializer from ..hands import User, Database, DatabaseSerializer
from ..utils import ( from ..utils import (
DatabasePermissionUtil, construct_databases_tree_root, DatabasePermissionUtil, construct_databases_tree_root,
parse_database_to_tree_node, parse_database_to_tree_node,
...@@ -17,7 +17,8 @@ from ..utils import ( ...@@ -17,7 +17,8 @@ from ..utils import (
from ..mixins import DatabasesFilterMixin from ..mixins import DatabasesFilterMixin
__all__ = [ __all__ = [
'UserGrantedDatabasesApi', 'UserGrantedDatabasesAsTreeApi' 'UserGrantedDatabasesApi', 'UserGrantedDatabasesAsTreeApi',
'ValidateUserDatabasePermissionApi',
] ]
...@@ -75,3 +76,19 @@ class UserGrantedDatabasesAsTreeApi(ListAPIView): ...@@ -75,3 +76,19 @@ class UserGrantedDatabasesAsTreeApi(ListAPIView):
if self.kwargs.get('pk') is None: if self.kwargs.get('pk') is None:
self.permission_classes = (IsValidUser,) self.permission_classes = (IsValidUser,)
return super().get_permissions() return super().get_permissions()
class ValidateUserDatabasePermissionApi(APIView):
permission_classes = (IsOrgAdminOrAppUser,)
def get(self, request, *args, **kwargs):
user_id = request.query_params.get('user_id', '')
database_id = request.query_params.get('database_id', '')
user = get_object_or_404(User, id=user_id)
database = get_object_or_404(Database, id=database_id)
util = DatabasePermissionUtil(user)
databases = util.get_databases()
if database not in databases:
return Response({'msg': False}, status=403)
return Response({'msg': True}, status=200)
apps/perms/urls/api_urls.py
View file @ dcd1c119
...@@ -95,6 +95,9 @@ database_permission_urlpatterns = [ ...@@ -95,6 +95,9 @@ database_permission_urlpatterns = [
path('users/<uuid:pk>/databases/tree/', api.UserGrantedDatabasesAsTreeApi.as_view(), name='user-databases-as-tree'), path('users/<uuid:pk>/databases/tree/', api.UserGrantedDatabasesAsTreeApi.as_view(), name='user-databases-as-tree'),
path('users/databases/tree/', api.UserGrantedDatabasesAsTreeApi.as_view(), name='my-databases-as-tree'), path('users/databases/tree/', api.UserGrantedDatabasesAsTreeApi.as_view(), name='my-databases-as-tree'),
# 校验用户对Database的权限
path('database-permissions/user/validate/', api.ValidateUserDatabasePermissionApi.as_view(), name='validate-user-database-permission'),
# 查询用户组授权的Database # 查询用户组授权的Database
path('user-groups/<uuid:pk>/databases/', api.UserGroupGrantedDatabasesApi.as_view(), name='user-group=databases'), path('user-groups/<uuid:pk>/databases/', api.UserGroupGrantedDatabasesApi.as_view(), name='user-group=databases'),
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment