Skip to content

Commit

Permalink
Merge pull request #1443 from TencentBlueKing/fix_ticket_json
Browse files Browse the repository at this point in the history
minor: 兼容第三方应用传递 json 内容 --story=119593627
  • Loading branch information
benero authored Oct 16, 2024
2 parents 2a21f14 + ee1591d commit c81ab18
Show file tree
Hide file tree
Showing 3 changed files with 38 additions and 24 deletions.
1 change: 1 addition & 0 deletions docs/RELEASE.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
# Changelog
## [Version: 2.7.1] - 2024-10-15
【新增】pipeline管理工具集成
【修复】兼容第三方应用传递 json 内容

## [Version: 2.7.0] - 2024-10-10
【新增】通知人员黑名单过滤
Expand Down
2 changes: 2 additions & 0 deletions docs/RELEASE_EN.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
# Changelog
## [Version: 2.7.1] - 2024-10-15
【Feature】Integrated pipeline management tool.
【Fix】Ensure compatibility for third-party applications transmitting JSON content.


## [Version: 2.7.0] - 2024-10-10
【Feature】Notification recipient blacklist filtering.
Expand Down
59 changes: 35 additions & 24 deletions itsm/ticket/models/ticket.py
Original file line number Diff line number Diff line change
Expand Up @@ -654,8 +654,8 @@ def log_detail(self, processors_type, processors):
[
_(role.name)
for role in UserRole.objects.filter(
id__in=processors.split(",")
)
id__in=processors.split(",")
)
]
),
)
Expand Down Expand Up @@ -1405,7 +1405,7 @@ def get_meta(self, is_filter_sensitive_info=True):
if not is_filter_sensitive_info:
return self.meta
return filter_sensitive_info(self.meta)

@property
def task_schemas(self):
# todo 测试后删除
Expand Down Expand Up @@ -1915,8 +1915,8 @@ def is_running(self):
return (
self.current_status
in TicketStatus.objects.filter(
service_type=self.service_type, is_over=False
).values_list("key", flat=True)
service_type=self.service_type, is_over=False
).values_list("key", flat=True)
and self.current_status != SUSPEND
)

Expand Down Expand Up @@ -2256,8 +2256,8 @@ def has_perm(self, username):
[
status.can_operate(username)
for status in self.node_status.filter(
status__in=Status.CAN_OPERATE_STATUS
)
status__in=Status.CAN_OPERATE_STATUS
)
]
)

Expand All @@ -2273,8 +2273,8 @@ def can_view(self, username):
or username in self.task_operators
or self.can_operate(username)
or AttentionUsers.objects.filter(
ticket_id=self.id, follower=username
).exists()
ticket_id=self.id, follower=username
).exists()
):
# 与单据操作相关的人,都是可以查看的
return True
Expand Down Expand Up @@ -2336,10 +2336,10 @@ def can_close(self, username):
if (
self.is_over
or not StatusTransit.objects.filter(
service_type=self.service_type,
from_status__key=self.current_status,
to_status__is_over=True,
).exists()
service_type=self.service_type,
from_status__key=self.current_status,
to_status__is_over=True,
).exists()
):
# 当前状态无法到达关闭的时候,不可以进行关闭操作按钮
return False
Expand Down Expand Up @@ -3085,9 +3085,20 @@ def fill_state_fields(self, fields):
filter_field_query_set = self.fields.filter(key__in=fields_map.keys())
for ticket_field in filter_field_query_set:
ticket_field.value = fields_map[ticket_field.key]["value"]
# 针对非附件类型的组件进行 xss 过滤
if isinstance(ticket_field.value, str) and ticket_field.type != "FILE":
ticket_field.value = texteditor_escape(ticket_field.value)
if isinstance(ticket_field.value, str):
need_escape = True
# 附件不做xss处理
if ticket_field.type == "FILE":
need_escape = False
# 如果文本是 json 格式,则不额外处理
if ticket_field.type == "TEXT":
try:
json.loads(ticket_field.value)
need_escape = False
except Exception:
pass
if need_escape:
ticket_field.value = texteditor_escape(ticket_field.value)

ticket_field.choice = fields_map[ticket_field.key].get("choice", [])
language_config = (
Expand Down Expand Up @@ -3175,7 +3186,7 @@ def _formatted(pros_type, pros, ticket):

for user in f_value.split(","):
# 历史数据中多选人员选择字段存入了中文名: miya(miya),暂时兼容
username = user[0 : user.find("(")] if "(" in user else user
username = user[0: user.find("(")] if "(" in user else user
var_pros = "{},{}".format(var_pros, username)

# 取到第一个处理人则停止解析
Expand Down Expand Up @@ -3253,13 +3264,13 @@ def _formatted(pros_type, pros, ticket):
action_type = (
SYSTEM_OPERATE
if state.type
in [
TASK_STATE,
TASK_SOPS_STATE,
TASK_DEVOPS_STATE,
WEBHOOK_STATE,
BK_PLUGIN_STATE,
]
in [
TASK_STATE,
TASK_SOPS_STATE,
TASK_DEVOPS_STATE,
WEBHOOK_STATE,
BK_PLUGIN_STATE,
]
else TRANSITION_OPERATE
)

Expand Down

0 comments on commit c81ab18

Please sign in to comment.