Skip to content

Commit

Permalink
fix: 修复目录管理权限异常的问题 --story=119807844
Browse files Browse the repository at this point in the history
  • Loading branch information
benero committed Sep 25, 2024
1 parent 5de1d42 commit 06f81e5
Show file tree
Hide file tree
Showing 4 changed files with 13 additions and 6 deletions.
8 changes: 6 additions & 2 deletions itsm/component/drf/permissions.py
Original file line number Diff line number Diff line change
Expand Up @@ -297,11 +297,15 @@ def has_object_permission(self, request, view, obj):

class IamAuthProjectViewPermit(IamAuthPermit):
def has_object_permission(self, request, view, obj):
apply_actions = self.get_view_iam_actions(view)

if hasattr(obj, "project_key"):
project_key = obj.project_key
apply_actions = ["project_view"]
if view.action in ["create", "update", "destroy"]:
if not apply_actions and view.action in ["create", "update", "destroy"]:
apply_actions = ["system_settings_manage"]

# 项目管理必须有查看权限
apply_actions.append("project_view")
return self.has_project_view_permission(request, project_key, apply_actions)

return True
Expand Down
3 changes: 1 addition & 2 deletions itsm/project/models/project.py
Original file line number Diff line number Diff line change
Expand Up @@ -64,11 +64,10 @@ class Project(Model):
"field_create",
"user_group_create",
"triggers_create",
"settings_view",
"settings_manage",
"catalog_create",
"catalog_edit",
"catalog_delete",
"system_settings_manage"
]

auth_resource = {"resource_type": "project", "resource_type_name": "项目"}
Expand Down
2 changes: 1 addition & 1 deletion itsm/service/models.py
Original file line number Diff line number Diff line change
Expand Up @@ -524,7 +524,7 @@ class ServiceCatalog(BaseMpttModel):
objects = managers.ServiceCatalogManager()

auth_resource = {"resource_type": "project", "resource_name": _("项目")}
resource_operations = ["system_settings_manage"]
resource_operations = ["catalog_create", "catalog_edit", "catalog_delete"]

class Meta:
app_label = "service"
Expand Down
6 changes: 5 additions & 1 deletion itsm/service/views.py
Original file line number Diff line number Diff line change
Expand Up @@ -150,7 +150,11 @@ class ServiceCatalogViewSet(component_viewsets.ModelViewSet):
"-create_at", "level"
)
permission_classes = (perm.IamAuthProjectViewPermit,)
permission_action_default = "system_settings_manage"
permission_action_mapping = {
"create": "catalog_create",
"update": "catalog_edit",
"destroy": "catalog_delete",
}

filter_fields = {
"id": ["exact", "in"],
Expand Down

0 comments on commit 06f81e5

Please sign in to comment.