修复修改域名时提示数据不存在的问题 #141

dromara · Oct 27, 2024 · 0f8f7a9 · 0f8f7a9
1 parent a22d329
commit 0f8f7a9
Show file tree

Hide file tree

Showing 2 changed files with 102 additions and 13 deletions.
diff --git a/domain_admin/api/domain_api.py b/domain_admin/api/domain_api.py
@@ -22,7 +22,7 @@
 from domain_admin.service import file_service
 from domain_admin.utils import datetime_util, domain_util
 from domain_admin.utils.cert_util import cert_consts
-from domain_admin.utils.flask_ext.app_exception import AppException, DataNotFoundAppException
+from domain_admin.utils.flask_ext.app_exception import AppException, DataNotFoundAppException, ForbiddenAppException
 
 
 @auth_service.permission(role=RoleEnum.USER)
@@ -113,13 +113,21 @@ def update_domain_by_id():
 
     # data check
     before_domain_row = DomainModel.select().where(
-        DomainModel.id == domain_id,
-        DomainModel.user_id == current_user_id
+        DomainModel.id == domain_id
     ).first()
 
     if not before_domain_row:
         raise DataNotFoundAppException()
 
+    # edit permission check
+    has_permission = domain_service.has_edit_permission(
+        domain_row=before_domain_row,
+        user_id=current_user_id
+    )
+
+    if not has_permission:
+        raise ForbiddenAppException()
+
     DomainModel.update(data).where(
         DomainModel.id == domain_id
     ).execute()
@@ -148,13 +156,21 @@ def update_domain_expire_monitor_by_id():
 
     # data check
     domain_row = DomainModel.select().where(
-        DomainModel.id == domain_id,
-        DomainModel.user_id == current_user_id
+        DomainModel.id == domain_id
     ).first()
 
     if not domain_row:
         raise DataNotFoundAppException()
 
+    # edit permission check
+    has_permission = domain_service.has_edit_permission(
+        domain_row=domain_row,
+        user_id=current_user_id
+    )
+
+    if not has_permission:
+        raise ForbiddenAppException()
+
     data = {
         "is_monitor": request.json.get('is_monitor', True)
     }
@@ -193,13 +209,21 @@ def update_domain_field_by_id():
 
     # data check
     domain_row = DomainModel.select().where(
-        DomainModel.id == domain_id,
-        DomainModel.user_id == current_user_id
+        DomainModel.id == domain_id
     ).first()
 
     if not domain_row:
         raise DataNotFoundAppException()
 
+    # edit permission check
+    has_permission = domain_service.has_edit_permission(
+        domain_row=domain_row,
+        user_id=current_user_id
+    )
+
+    if not has_permission:
+        raise ForbiddenAppException()
+
     DomainModel.update(data).where(
         DomainModel.id == domain_row.id
     ).execute()
@@ -250,13 +274,21 @@ def delete_domain_by_id():
 
     # data check
     domain_row = DomainModel.select().where(
-        DomainModel.id == domain_id,
-        DomainModel.user_id == current_user_id
+        DomainModel.id == domain_id
     ).first()
 
     if not domain_row:
         raise DataNotFoundAppException()
 
+    # edit permission check
+    has_permission = domain_service.has_edit_permission(
+        domain_row=domain_row,
+        user_id=current_user_id
+    )
+
+    if not has_permission:
+        raise ForbiddenAppException()
+
     DomainModel.delete_by_id(domain_row.id)
 
     # 同时移除主机信息
@@ -307,13 +339,21 @@ def get_domain_by_id():
 
     # data check
     domain_row = DomainModel.select().where(
-        DomainModel.id == domain_id,
-        DomainModel.user_id == current_user_id
+        DomainModel.id == domain_id
     ).first()
 
     if not domain_row:
         raise DataNotFoundAppException()
 
+    # edit permission check
+    has_permission = domain_service.has_edit_permission(
+        domain_row=domain_row,
+        user_id=current_user_id
+    )
+
+    if not has_permission:
+        raise ForbiddenAppException()
+
     row = model_to_dict(
         model=domain_row,
         extra_attrs=[
@@ -390,13 +430,21 @@ def update_domain_row_info_by_id():
 
     # data check
     domain_row = DomainModel.select().where(
-        DomainModel.id == domain_id,
-        DomainModel.user_id == current_user_id
+        DomainModel.id == domain_id
     ).first()
 
     if not domain_row:
         raise DataNotFoundAppException()
 
+    # edit permission check
+    has_permission = domain_service.has_read_permission(
+        domain_row=domain_row,
+        user_id=current_user_id
+    )
+
+    if not has_permission:
+        raise ForbiddenAppException()
+
     domain_service.update_domain_row(domain_row=domain_row)
 
 

diff --git a/domain_admin/service/domain_service.py b/domain_admin/service/domain_service.py
@@ -679,3 +679,44 @@ def init_domain_cert_info_of_user(user_id):
 
     for row in rows:
         update_domain_row(row)
+
+
+def has_read_permission(domain_row, user_id):
+    """
+    读取权限
+    """
+    # 1、域名所有人
+    if domain_row.user_id == user_id:
+        return True
+
+    # 2、分组成员
+    group_user_row = GroupUserModel.select().where(
+        GroupUserModel.group_id == domain_row.group_id,
+        GroupUserModel.user_id == user_id
+    ).first()
+
+    if group_user_row:
+        return True
+
+    return False
+
+
+def has_edit_permission(domain_row, user_id):
+    """
+    编辑权限
+    """
+    # 1、域名所有人
+    if domain_row.user_id == user_id:
+        return True
+
+    # 2、分组成员 并且拥有编辑权限
+    group_user_row = GroupUserModel.select().where(
+        GroupUserModel.group_id == domain_row.group_id,
+        GroupUserModel.user_id == user_id,
+        GroupUserModel.has_edit_permission == True
+    ).first()
+
+    if group_user_row:
+        return True
+
+    return False