feat: update perm for access webconsole api (#1565)

* feat: update perm for access webconsole api * feat: update perm for access webconsole api
Tencent · Sep 28, 2021 · a3103ff · a3103ff
1 parent 4ae53fe
commit a3103ff
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 9 deletions.
diff --git a/bcs-app/backend/bcs_web/apis/permissions.py b/bcs-app/backend/bcs_web/apis/permissions.py
@@ -18,7 +18,7 @@
 from rest_framework import permissions
 
 from backend.components.paas_auth import get_access_token
-from backend.utils import FancyDict
+from backend.utils import FancyDict, whitelist
 
 from .constants import ACCESS_TOKEN_KEY_NAME
 
@@ -87,9 +87,5 @@ def has_permission(self, request, view):
             return False
 
         app_code = request.user.client.app.app_code
-        project_whitelist = settings.BK_APP_WHITELIST.get(app_code) or []
 
-        if project_id_or_code in project_whitelist:
-            return True
-
-        return False
+        return whitelist.check_app_access_webconsole_enable(app_code, project_id_or_code)
diff --git a/bcs-app/backend/settings/base.py b/bcs-app/backend/settings/base.py
@@ -390,9 +390,6 @@ def get_logging_config(log_level, rds_hander_settings=None, log_path="app.log"):
 # 灰度功能提示消息
 GRAYSCALE_FEATURE_MSG = "功能灰度测试中，请联系管理员添加白名单"
 
-# APIGW APP权限控制
-BK_APP_WHITELIST = {}
-
 # 平台组件部署到的命名空间
 BCS_SYSTEM_NAMESPACE = "bcs-system"
 

diff --git a/bcs-app/backend/utils/whitelist.py b/bcs-app/backend/utils/whitelist.py
@@ -0,0 +1,26 @@
+# -*- coding: utf-8 -*-
+"""
+Tencent is pleased to support the open source community by making 蓝鲸智云PaaS平台社区版 (BlueKing PaaS Community
+Edition) available.
+Copyright (C) 2017-2021 THL A29 Limited, a Tencent company. All rights reserved.
+Licensed under the MIT License (the "License"); you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://opensource.org/licenses/MIT
+
+Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
+an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
+specific language governing permissions and limitations under the License.
+"""
+from backend.utils.func_controller import get_func_controller
+
+
+def check_app_access_webconsole_enable(app_code: str, project_id_or_code: str) -> bool:
+    """APP是否可以访问webconsole接口
+    NOTE：存储内容包含app_code和project信息(包含project_code和project_id)，格式app_code:project_id_or_code
+    """
+    func_code = "APP_ACCESS_WEBCONSOLE"
+    enabled, wlist = get_func_controller(func_code)
+    if enabled or f"{app_code}:{project_id_or_code}" in wlist:
+        return True
+    return False