paulmataruso/tacticalrmm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

implement list scripts permissions

Browse Source
This commit is contained in:
sadnub
2021-11-04 21:17:55 -04:00
parent 794666e7cc
commit 99c3fcf42a
2 changed files with 11 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
api/tacticalrmm/scripts/permissions.py
View File

@@ -3,9 +3,9 @@ from rest_framework import permissions
from tacticalrmm.permissions import _has_perm from tacticalrmm.permissions import _has_perm
class ManageScriptsPerms(permissions.BasePermission): class ScriptsPerms(permissions.BasePermission):
def has_permission(self, r, view): def has_permission(self, r, view):
if r.method == "GET": if r.method == "GET":
return True return _has_perm(r, "can_list_scripts")
else:
return _has_perm(r, "can_manage_scripts") return _has_perm(r, "can_manage_scripts")

14
api/tacticalrmm/scripts/views.py
View File

@@ -9,7 +9,7 @@ from rest_framework.views import APIView
from tacticalrmm.utils import notify_error from tacticalrmm.utils import notify_error
from .models import Script, ScriptSnippet from .models import Script, ScriptSnippet
from .permissions import ManageScriptsPerms from .permissions import ScriptsPerms
from agents.permissions import RunScriptPerms from agents.permissions import RunScriptPerms
from .serializers import ( from .serializers import (
ScriptSerializer, ScriptSerializer,
@@ -19,7 +19,7 @@ from .serializers import (
class GetAddScripts(APIView): class GetAddScripts(APIView):
permission_classes = [IsAuthenticated, ManageScriptsPerms] permission_classes = [IsAuthenticated, ScriptsPerms]
def get(self, request): def get(self, request):
@@ -41,7 +41,7 @@ class GetAddScripts(APIView):
class GetUpdateDeleteScript(APIView): class GetUpdateDeleteScript(APIView):
permission_classes = [IsAuthenticated, ManageScriptsPerms] permission_classes = [IsAuthenticated, ScriptsPerms]
def get(self, request, pk): def get(self, request, pk):
script = get_object_or_404(Script, pk=pk) script = get_object_or_404(Script, pk=pk)
@@ -78,7 +78,7 @@ class GetUpdateDeleteScript(APIView):
class GetAddScriptSnippets(APIView): class GetAddScriptSnippets(APIView):
permission_classes = [IsAuthenticated, ManageScriptsPerms] permission_classes = [IsAuthenticated, ScriptsPerms]
def get(self, request): def get(self, request):
snippets = ScriptSnippet.objects.all() snippets = ScriptSnippet.objects.all()
@@ -94,7 +94,7 @@ class GetAddScriptSnippets(APIView):
class GetUpdateDeleteScriptSnippet(APIView): class GetUpdateDeleteScriptSnippet(APIView):
permission_classes = [IsAuthenticated, ManageScriptsPerms] permission_classes = [IsAuthenticated, ScriptsPerms]
def get(self, request, pk): def get(self, request, pk):
snippet = get_object_or_404(ScriptSnippet, pk=pk) snippet = get_object_or_404(ScriptSnippet, pk=pk)
@@ -148,8 +148,8 @@ class TestScript(APIView):
return Response(r) return Response(r)
@api_view() @api_view(["GET"])
@permission_classes([IsAuthenticated, ManageScriptsPerms]) @permission_classes([IsAuthenticated, ScriptsPerms])
def download(request, pk): def download(request, pk):
script = get_object_or_404(Script, pk=pk) script = get_object_or_404(Script, pk=pk)