From 49bc5d94a9fd9ec64e1a665402e8a65b4191448a Mon Sep 17 00:00:00 2001 From: pycook Date: Wed, 29 May 2024 11:34:02 +0800 Subject: [PATCH] fix(api): topology view read permission --- cmdb-api/api/views/cmdb/topology.py | 8 ++++++-- cmdb-api/requirements.txt | 4 ++-- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/cmdb-api/api/views/cmdb/topology.py b/cmdb-api/api/views/cmdb/topology.py index 988e005..74c38a4 100644 --- a/cmdb-api/api/views/cmdb/topology.py +++ b/cmdb-api/api/views/cmdb/topology.py @@ -127,10 +127,14 @@ class TopologyOrderView(APIView): class TopologyViewPreview(APIView): url_prefix = ('/topology_views/preview', '/topology_views//view') - @perms_role_required(app_cli.app_name, app_cli.resource_type_name, app_cli.op.TopologyView, - app_cli.op.read, app_cli.admin_name) def get(self, _id=None): if _id is not None: + acl = ACLManager('cmdb') + resource_name = TopologyViewManager.get_name_by_id(_id) + if (not acl.has_permission(resource_name, ResourceTypeEnum.TOPOLOGY_VIEW, PermEnum.READ) and + not is_app_admin('cmdb')): + return abort(403, ErrFormat.no_permission.format(resource_name, PermEnum.READ)) + return self.jsonify(TopologyViewManager().topology_view(view_id=_id)) else: return self.jsonify(TopologyViewManager().topology_view(preview=request.values)) diff --git a/cmdb-api/requirements.txt b/cmdb-api/requirements.txt index c624b59..3af9a3f 100644 --- a/cmdb-api/requirements.txt +++ b/cmdb-api/requirements.txt @@ -1,7 +1,7 @@ -i https://mirrors.aliyun.com/pypi/simple alembic==1.7.7 bs4==0.0.1 -celery>=5.3.1 +celery==5.3.1 celery-once==3.0.1 click==8.1.3 elasticsearch==7.17.9 @@ -53,4 +53,4 @@ shamir~=17.12.0 pycryptodomex>=3.19.0 colorama>=0.4.6 lz4>=4.3.2 -python-magic==0.4.27 \ No newline at end of file +python-magic==0.4.27