diff --git a/itsm/component/drf/permissions.py b/itsm/component/drf/permissions.py index 1ba82441..64b36137 100644 --- a/itsm/component/drf/permissions.py +++ b/itsm/component/drf/permissions.py @@ -116,6 +116,13 @@ def has_object_permission(self, request, view, obj, **kwargs): if hasattr(view, "permission_action_mapping"): apply_actions = view.permission_action_mapping.get(view.action) + # 默认动作 + if not apply_actions and hasattr(view, "permission_action_default"): + apply_actions = view.permission_action_default + + if isinstance(apply_actions, str): + apply_actions = [apply_actions] + return self.iam_auth(request, apply_actions, obj) def iam_auth(self, request, apply_actions, obj=None): diff --git a/itsm/project/views.py b/itsm/project/views.py index 460db2e9..dc77aec2 100644 --- a/itsm/project/views.py +++ b/itsm/project/views.py @@ -62,8 +62,10 @@ class ProjectViewSet(component_viewsets.AuthModelViewSet): "name": ["exact", "contains", "startswith", "icontains"], } + permission_action_default = ["project_edit"] permission_action_mapping = { - "retrieve": ["project_view"] + "retrieve": ["project_view"], + "update_project_record": ["project_view"] } def list(self, request, *args, **kwargs):