diff --git a/apps/perms/api/user_group_permission.py b/apps/perms/api/user_group_permission.py index 159f76a399f88970172138a00847a2b28cccf4aa..841a8209624536521b204d3ede727ca4a588eb2e 100644 --- a/apps/perms/api/user_group_permission.py +++ b/apps/perms/api/user_group_permission.py @@ -93,19 +93,12 @@ class UserGroupGrantedNodesWithAssetsAsTreeApi(ListAPIView): show_assets = True system_user_id = None - def change_org_if_need(self): - if self.request.user.is_superuser or \ - self.request.user.is_app or \ - self.kwargs.get('pk') is None: - set_to_root_org() - def get(self, request, *args, **kwargs): self.show_assets = request.query_params.get('show_assets', '1') == '1' self.system_user_id = request.query_params.get('system_user') return super().get(request, *args, **kwargs) def get_queryset(self): - self.change_org_if_need() user_group_id = self.kwargs.get('pk', '') queryset = [] group = get_object_or_404(UserGroup, id=user_group_id) diff --git a/apps/perms/api/user_permission.py b/apps/perms/api/user_permission.py index b4f8fc07ec25e2da4b48ec8dc46a8b3c4eaadb28..c4e86f4bd34d09482a1fb68c9339bdb9b6e9940f 100644 --- a/apps/perms/api/user_permission.py +++ b/apps/perms/api/user_permission.py @@ -25,7 +25,9 @@ from ..hands import ( NodeSerializer, RemoteAppSerializer, ) from .. import serializers, const -from ..mixins import AssetsFilterMixin, RemoteAppFilterMixin +from ..mixins import ( + AssetsFilterMixin, RemoteAppFilterMixin, ChangeOrgIfNeedMixin +) from ..models import Action logger = get_logger(__name__) @@ -460,7 +462,7 @@ class GetUserAssetPermissionActionsApi(UserPermissionCacheMixin, APIView): # RemoteApp permission -class UserGrantedRemoteAppsApi(RemoteAppFilterMixin, ListAPIView): +class UserGrantedRemoteAppsApi(ChangeOrgIfNeedMixin, RemoteAppFilterMixin, ListAPIView): permission_classes = (IsOrgAdminOrAppUser,) serializer_class = RemoteAppSerializer pagination_class = LimitOffsetPagination @@ -485,7 +487,7 @@ class UserGrantedRemoteAppsApi(RemoteAppFilterMixin, ListAPIView): return super().get_permissions() -class UserGrantedRemoteAppsAsTreeApi(ListAPIView): +class UserGrantedRemoteAppsAsTreeApi(ChangeOrgIfNeedMixin, ListAPIView): serializer_class = TreeNodeSerializer permission_classes = (IsOrgAdminOrAppUser,) @@ -517,10 +519,11 @@ class UserGrantedRemoteAppsAsTreeApi(ListAPIView): return super().get_permissions() -class ValidateUserRemoteAppPermissionApi(APIView): +class ValidateUserRemoteAppPermissionApi(ChangeOrgIfNeedMixin, APIView): permission_classes = (IsOrgAdminOrAppUser,) def get(self, request, *args, **kwargs): + self.change_org_if_need(request, kwargs) user_id = request.query_params.get('user_id', '') remote_app_id = request.query_params.get('remote_app_id', '') user = get_object_or_404(User, id=user_id) diff --git a/apps/perms/mixins.py b/apps/perms/mixins.py index f302285a651a1feaacb6d992825f4479e999ea73..f1d7fac1ed0e050c69c575130f721b4d8b961c63 100644 --- a/apps/perms/mixins.py +++ b/apps/perms/mixins.py @@ -1,9 +1,10 @@ # ~*~ coding: utf-8 ~*~ # +from orgs.utils import set_to_root_org __all__ = [ - 'AssetsFilterMixin', 'RemoteAppFilterMixin', + 'AssetsFilterMixin', 'RemoteAppFilterMixin', 'ChangeOrgIfNeedMixin', ] @@ -100,3 +101,17 @@ class RemoteAppFilterMixin(object): queryset, key=lambda x: getattr(x, order_by), reverse=reverse ) return queryset + + +class ChangeOrgIfNeedMixin(object): + + @staticmethod + def change_org_if_need(request, kwargs): + if request.user.is_authenticated and request.user.is_superuser \ + or request.user.is_app \ + or kwargs.get('pk') is None: + set_to_root_org() + + def get(self, request, *args, **kwargs): + self.change_org_if_need(request, kwargs) + return super().get(request, *args, **kwargs)