Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

bugfix: 覆盖IamPermission实现,修复远程插件包更新无权限的问题 #7147

Merged
merged 1 commit into from
Oct 31, 2023
Merged

bugfix: 覆盖IamPermission实现,修复远程插件包更新无权限的问题 #7147

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
34 changes: 21 additions & 13 deletions gcloud/core/apis/drf/viewsets/package_source.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,26 +11,23 @@
specific language governing permissions and limitations under the License.
"""
import logging
from itertools import chain

import jsonschema
import ujson as json
from itertools import chain
from django.db import transaction

from rest_framework import status

from rest_framework import permissions
from rest_framework.response import Response
from rest_framework import permissions, status
from rest_framework.exceptions import NotAcceptable
from rest_framework.generics import UpdateAPIView, ListCreateAPIView, DestroyAPIView
from rest_framework.generics import DestroyAPIView, ListCreateAPIView, UpdateAPIView
from rest_framework.response import Response

from gcloud.iam_auth import IAMMeta
from gcloud.core.apis.drf.permission import IamPermission, IamPermissionInfo
from gcloud.core.apis.drf.serilaziers import PackageSourceSerializer
from gcloud.core.apis.drf.viewsets.base import GcloudCommonMixin
from gcloud.external_plugins import exceptions
from gcloud.external_plugins.models import source_cls_factory, CachePackageSource
from gcloud.external_plugins.models import CachePackageSource, source_cls_factory
from gcloud.external_plugins.schemas import ADD_SOURCE_SCHEMA, UPDATE_SOURCE_SCHEMA

from gcloud.core.apis.drf.viewsets.base import GcloudCommonMixin
from gcloud.core.apis.drf.permission import IamPermissionInfo, IamPermission
from gcloud.core.apis.drf.serilaziers import PackageSourceSerializer
from gcloud.iam_auth import IAMMeta

logger = logging.getLogger("root")

Expand All @@ -43,6 +40,17 @@ class PackageSourcePermission(IamPermission):
"destroy": IamPermissionInfo(IAMMeta.ADMIN_EDIT_ACTION),
}

def check_permission(self, request, view, resource_param=None, check_hook=None):

permission_info = self.actions.get(view.action, IamPermissionInfo(IAMMeta.ADMIN_EDIT_ACTION))

# 不匹配权限不做校验
if permission_info.check_hook != check_hook:
return True

self.iam_auth_check(request, action=permission_info.iam_action, resources=[])
return True


def get_source_models():
origin_models = list(source_cls_factory.values())
Expand Down
Loading