Merge pull request #875 from longguikeji/feature-fix-arkid-login-saas

fix: 🐛 fix arkid_saas login
longguikeji · May 26, 2022 · b3fefab · b3fefab
2 parents be97b49 + e11ce13
commit b3fefab
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 17 deletions.
diff --git a/arkid/common/arkstore.py b/arkid/common/arkstore.py
@@ -23,7 +23,7 @@ def get_saas_token(tenant, token):
         return arkid_saas_token_cache[key]
     app = Application.objects.filter(name='arkid_saas').first()
     host = get_app_config().get_host()
-    url = f"{host}/api/v1/tenant/{tenant.id.hex}/oauth/authorize/"
+    url = f"{host}/api/v1/tenant/{tenant.id.hex}/app/{tenant.id.hex}/oauth/authorize/"
     nonce = uuid.uuid4().hex
     params = {
         "client_id": app.client_id,

diff --git a/arkid/core/perm/permission_data.py b/arkid/core/perm/permission_data.py
@@ -1138,28 +1138,19 @@ def check_app_entry_permission(self, request, type, kwargs):
             user = self.token_check(tenant_id, token, request)
             return True
 
-        apps = App.valid_objects.filter(
+        app = App.valid_objects.filter(
             id=app_id,
             type__in=type
-        )
-        app = None
-        if client_id:
-            # oauth有这个参数
-            for app_temp in apps:
-                config_data = app_temp.config.config
-                data_client = config_data.get('client_id', '')
-                if data_client == client_id:
-                    app = app_temp
-                    break
-        if app is None:
-            apps = apps.order_by('-created')  
-            app = apps.first()
+        ).first()
         if not app:
             return False
 
+        user = self.token_check(tenant_id, token, request)
+        if not user:
+            return False
+
         # 特殊处理 OIDC-Platform
         if app.type == 'OIDC-Platform':
-            user = self.token_check(tenant_id, token, request)
             return True
 
         permission = Permission.valid_objects.filter(
@@ -1170,7 +1161,6 @@ def check_app_entry_permission(self, request, type, kwargs):
         if not permission:
             return False
 
-        user = self.token_check(tenant_id, token, request)
         result = self.permission_check_by_sortid(permission, user, app, tenant_id)
         if not result:
             return False