From 452fd53310d0e20dd237d2855adbcdfab458e053 Mon Sep 17 00:00:00 2001 From: zhangzhanwei Date: Thu, 21 Aug 2025 14:09:45 +0800 Subject: [PATCH] fix: Resource authorization --- apps/system_manage/api/user_resource_permission.py | 2 +- .../serializers/user_resource_permission.py | 14 ++++++++++---- .../views/user_resource_permission.py | 2 +- 3 files changed, 12 insertions(+), 6 deletions(-) diff --git a/apps/system_manage/api/user_resource_permission.py b/apps/system_manage/api/user_resource_permission.py index 52a1784bd..c14841934 100644 --- a/apps/system_manage/api/user_resource_permission.py +++ b/apps/system_manage/api/user_resource_permission.py @@ -297,7 +297,7 @@ class ResourceUserPermissionPageAPI(APIMixin): required=False ), OpenApiParameter( - name="permission", + name="permission[]", description="权限", type=OpenApiTypes.STR, location='query', diff --git a/apps/system_manage/serializers/user_resource_permission.py b/apps/system_manage/serializers/user_resource_permission.py index 9bedc433a..05f3444f8 100644 --- a/apps/system_manage/serializers/user_resource_permission.py +++ b/apps/system_manage/serializers/user_resource_permission.py @@ -96,8 +96,8 @@ sql_map = { class UserResourcePermissionUserListRequest(serializers.Serializer): name = serializers.CharField(required=False, allow_null=True, allow_blank=True, label=_('resource name')) permission = serializers.MultipleChoiceField(required=False, allow_null=True, allow_blank=True, - choices=['NOT_AUTH', 'MANAGE', 'VIEW', 'ROLE'], - label=_('permission')) + choices=['NOT_AUTH', 'MANAGE', 'VIEW', 'ROLE'], + label=_('permission')) class UserResourcePermissionSerializer(serializers.Serializer): @@ -304,7 +304,7 @@ class ResourceUserPermissionUserListRequest(serializers.Serializer): class ResourceUserPermissionEditRequest(serializers.Serializer): user_id = serializers.CharField(required=True, label=_('workspace id')) permission = serializers.ChoiceField(required=True, choices=['NOT_AUTH', 'MANAGE', 'VIEW', 'ROLE'], - label=_('permission')) + label=_('permission')) permission_map = { @@ -326,7 +326,8 @@ class ResourceUserPermissionSerializer(serializers.Serializer): user_query_set = QuerySet(model=get_dynamics_model({ 'nick_name': models.CharField(), 'username': models.CharField(), - "permission": models.CharField() + "permission": models.CharField(), + "id": models.UUIDField(), })) nick_name = instance.get('nick_name') username = instance.get('username') @@ -352,6 +353,11 @@ class ResourceUserPermissionSerializer(serializers.Serializer): else: user_query_set = user_query_set.filter( permission__in=query_p_list) + workspace_user_role_mapping_model = DatabaseModelManage.get_model("workspace_user_role_mapping") + if workspace_user_role_mapping_model: + user_query_set=user_query_set.filter( + id__in=QuerySet(workspace_user_role_mapping_model).filter( + workspace_id=self.data.get('workspace_id')).values("user_id")) return { 'workspace_user_resource_permission_query_set': workspace_user_resource_permission_query_set, diff --git a/apps/system_manage/views/user_resource_permission.py b/apps/system_manage/views/user_resource_permission.py index 2109f1dbb..e917f05d0 100644 --- a/apps/system_manage/views/user_resource_permission.py +++ b/apps/system_manage/views/user_resource_permission.py @@ -197,5 +197,5 @@ class WorkspaceResourceUserPermissionView(APIView): data={'workspace_id': workspace_id, "target": target, 'auth_target_type': resource, } ).page({'username': request.query_params.get("username"), 'nick_name': request.query_params.get("nick_name"), - 'permission': request.query_params.getlist("permission")}, current_page, page_size, + 'permission': request.query_params.getlist("permission[]")}, current_page, page_size, ))