From 06f81e586709d03308e9892a30ed4cbf59442078 Mon Sep 17 00:00:00 2001 From: benero Date: Wed, 25 Sep 2024 22:41:56 +0800 Subject: [PATCH] =?UTF-8?q?fix:=20=E4=BF=AE=E5=A4=8D=E7=9B=AE=E5=BD=95?= =?UTF-8?q?=E7=AE=A1=E7=90=86=E6=9D=83=E9=99=90=E5=BC=82=E5=B8=B8=E7=9A=84?= =?UTF-8?q?=E9=97=AE=E9=A2=98=20--story=3D119807844?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- itsm/component/drf/permissions.py | 8 ++++++-- itsm/project/models/project.py | 3 +-- itsm/service/models.py | 2 +- itsm/service/views.py | 6 +++++- 4 files changed, 13 insertions(+), 6 deletions(-) diff --git a/itsm/component/drf/permissions.py b/itsm/component/drf/permissions.py index 8b109a42..98dd8ff1 100644 --- a/itsm/component/drf/permissions.py +++ b/itsm/component/drf/permissions.py @@ -297,11 +297,15 @@ def has_object_permission(self, request, view, obj): class IamAuthProjectViewPermit(IamAuthPermit): def has_object_permission(self, request, view, obj): + apply_actions = self.get_view_iam_actions(view) + if hasattr(obj, "project_key"): project_key = obj.project_key - apply_actions = ["project_view"] - if view.action in ["create", "update", "destroy"]: + if not apply_actions and view.action in ["create", "update", "destroy"]: apply_actions = ["system_settings_manage"] + + # 项目管理必须有查看权限 + apply_actions.append("project_view") return self.has_project_view_permission(request, project_key, apply_actions) return True diff --git a/itsm/project/models/project.py b/itsm/project/models/project.py index 28a3927f..98465f73 100644 --- a/itsm/project/models/project.py +++ b/itsm/project/models/project.py @@ -64,11 +64,10 @@ class Project(Model): "field_create", "user_group_create", "triggers_create", - "settings_view", - "settings_manage", "catalog_create", "catalog_edit", "catalog_delete", + "system_settings_manage" ] auth_resource = {"resource_type": "project", "resource_type_name": "项目"} diff --git a/itsm/service/models.py b/itsm/service/models.py index 15bf0c5c..fafe3e3f 100644 --- a/itsm/service/models.py +++ b/itsm/service/models.py @@ -524,7 +524,7 @@ class ServiceCatalog(BaseMpttModel): objects = managers.ServiceCatalogManager() auth_resource = {"resource_type": "project", "resource_name": _("项目")} - resource_operations = ["system_settings_manage"] + resource_operations = ["catalog_create", "catalog_edit", "catalog_delete"] class Meta: app_label = "service" diff --git a/itsm/service/views.py b/itsm/service/views.py index 0f8e695d..526c7917 100644 --- a/itsm/service/views.py +++ b/itsm/service/views.py @@ -150,7 +150,11 @@ class ServiceCatalogViewSet(component_viewsets.ModelViewSet): "-create_at", "level" ) permission_classes = (perm.IamAuthProjectViewPermit,) - permission_action_default = "system_settings_manage" + permission_action_mapping = { + "create": "catalog_create", + "update": "catalog_edit", + "destroy": "catalog_delete", + } filter_fields = { "id": ["exact", "in"],