From aaeabeb6154fc54d80092ad28b987277983d4527 Mon Sep 17 00:00:00 2001
From: piglei <piglei2007@gmail.com>
Date: Tue, 23 Jul 2024 19:17:38 +0800
Subject: [PATCH 1/2] fix: perm_insure checking missing late extend django apps

---
 apiserver/paasng/paasng/settings/__init__.py | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/apiserver/paasng/paasng/settings/__init__.py b/apiserver/paasng/paasng/settings/__init__.py
index aeeb3b51e0..bb0aa82088 100644
--- a/apiserver/paasng/paasng/settings/__init__.py
+++ b/apiserver/paasng/paasng/settings/__init__.py
@@ -176,14 +176,17 @@
     "paas_wl.infras.resources.generation",
     # 蓝鲸通知中心
     "bk_notice_sdk",
-    # This app helps us to make sure the permission was configured correctly
-    "paasng.infras.perm_insure",
 ]
 
 # Allow extending installed apps
 EXTRA_INSTALLED_APPS = settings.get("EXTRA_INSTALLED_APPS", [])
 INSTALLED_APPS += EXTRA_INSTALLED_APPS
 
+# The "perm_insure" module helps us to make sure that the permission is configured
+# correctly, put it at the end of the list to make sure that all URL confs have been
+# added to the root url before the perm checking starts.
+INSTALLED_APPS.append("paasng.infras.perm_insure")
+
 MIDDLEWARE = [
     "django_prometheus.middleware.PrometheusBeforeMiddleware",
     "paasng.infras.accounts.middlewares.RequestIDProvider",  # 注入 RequestID

From 4e9e4b7a23bf8d57ff665c540c8623cd1a045035 Mon Sep 17 00:00:00 2001
From: piglei <piglei2007@gmail.com>
Date: Wed, 24 Jul 2024 11:41:07 +0800
Subject: [PATCH 2/2] refactor: raise error when application perm checking
 performed on wrong type

---
 .../paasng/infras/accounts/permissions/application.py       | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/apiserver/paasng/paasng/infras/accounts/permissions/application.py b/apiserver/paasng/paasng/infras/accounts/permissions/application.py
index 4129d2fe95..0dd7475a6e 100644
--- a/apiserver/paasng/paasng/infras/accounts/permissions/application.py
+++ b/apiserver/paasng/paasng/infras/accounts/permissions/application.py
@@ -69,8 +69,7 @@ def has_object_permission(self, request, view, obj: Union[Application, Module]):
             elif isinstance(obj, Module):
                 return user_has_app_action_perm(request.user, obj.application, action)
             else:
-                logger.error("Application permission checked on incorrect object, type: %s", type(obj))
-                return False
+                raise TypeError(f"Permission check on incorrect type: {type(obj)}")
 
     return AppModulePermission
 
@@ -101,8 +100,7 @@ def has_object_permission(self, request, view, obj: Union[Application, Module]):
             elif isinstance(obj, Module):
                 return user_has_app_action_perm(request.user, obj.application, action)
             else:
-                logger.error("Application permission checked on incorrect object, type: %s", type(obj))
-                return False
+                raise TypeError(f"Permission check on incorrect type: {type(obj)}")
 
     return AppViewActionsPermission