1.5.7 Merge to dev (#3766)

* [Update] 暂存，优化解决不了问题

* [Update] 待续（小白）

* [Update] 修改asset user

* [Update] 计划再次更改

* [Update] 修改asset user

* [Update] 暂存与喜爱

* [Update] Add id in

* [Update] 阶段性完成ops task该做

* [Update] 修改asset user api

* [Update] 修改asset user 任务，查看认证等

* [Update] 基本完成asset user改造

* [Update] dynamic user only allow 1

* [Update] 修改asset user task

* [Update] 修改node admin user task api

* [Update] remove file header license

* [Update] 添加sftp root

* [Update] 暂存

* [Update] 暂存

* [Update] 修改翻译

* [Update] 修改系统用户改为同名后，用户名改为空

* [Update] 基本完成CAS调研

* [Update] 支持cas server

* [Update] 支持cas server

* [Update] 添加requirements

* [Update] 为方便调试添加mysql ipython到包中

* [Update] 添加huaweiyun翻译

* [Update] 增加下载session 录像

* [Update] 只有第一次通知replay离线的使用方法

* [Update] 暂存一下

* [Bugfix] 获取系统用户信息报错

* [Bugfix] 修改system user info

* [Update] 改成清理10天git status

* [Update] 修改celery日志保留时间

* [Update]修复部分pip包依赖的版本不兼容问题 (#3672)

* [Update] 修复用户更新页面会清空用户public_key的问题

* Fix broken dependencies

Co-authored-by: BaiJiangJie <32935519+BaiJiangJie@users.noreply.github.com>

* [Update] 修改获取系统用户auth info

* [Update] Remove log

* [Bugfix] 修复sftp home设置的bug

* [Update] 授权的系统用户添加sftp root

* [Update] 修改系统用户关联的用户

* [Update] 修改placeholder

* [Update] 优化获取授权的系统用户

* [Update] 修改tasks

* [Update] tree service update

* [Update] 暂存

* [Update] 基本完成用户授权树和资产树改造

* [Update] Dashbaord perf

* [update] Add huawei cloud sdk requirements

* [Updte] 优化dashboard页面

* [Update] system user auth info 添加id

* [Update] 修改系统用户serializer

* [Update] 优化api

* [Update] LDAP Test Util (#3720)

* [Update] LDAPTestUtil 1

* [Update] LDAPTestUtil 2

* [Update] LDAPTestUtil 3

* [Update] LDAPTestUtil 4

* [Update] LDAPTestUtil 5

* [Update] LDAPTestUtil 6

* [Update] LDAPTestUtil 7

* [Update] session 已添加is success，并且添加display serializer

* [Bugfix] 修复无法删除空节点的bug

* [Update] 命令记录分组织显示

* [Update] Session is_success 添加迁移文件

* [Update] 批量命令添加org_id

* [Update] 修复一些文案，修改不绑定MFA，不能ssh登录

* [Update] 修改replay api, 返回session信息

* [Update] 解决无效es导致访问命令记录页面失败的问题

* [Update] 拆分profile view

* [Update] 修改一个翻译

* [Update] 修改aysnc api框架

* [Update] 命令列表添加risk level

* [Update] 完成录像打包下载

* [Update] 更改登陆otp页面

* [Update] 修改command 存储redis_level

* [Update] 修改翻译

* [Update] 修改系统用户的用户列表字段

* [Update] 使用新logo和统一Jumpserver为JumpServer

* [Update] 优化cloud task

* [Update] 统一period task

* [Update] 统一period form serializer字段

* [Update] 修改period task

* [Update] 修改资产网关信息

* [Update] 用户授权资产树资产信息添加domain

* [Update] 修改翻译

* [Update] 测试可连接性

* 1.5.7 bai (#3764)

* [Update] 修复index页面Bug；修复测试资产用户可连接性问题；

* [Update] 修改测试资产用户可连接

* [Bugfix] 修复backends问题

* [Update] 修改marksafe依赖版本

* [Update] 修改测试资产用户可连接性

* [Update] 修改检测服务器性能时获取percent值

* [Update] 更新依赖boto3=1.12.14

Co-authored-by: Yanzhe Lee <lee.yanzhe@yanzhe.org>
Co-authored-by: BaiJiangJie <32935519+BaiJiangJie@users.noreply.github.com>
Co-authored-by: Bai <bugatti_it@163.com>

apps/perms/signals_handler.py

@@ -5,8 +5,8 @@ from django.dispatch import receiver
 
 from common.utils import get_logger
 from common.decorator import on_transaction_commit
-from .models import AssetPermission
-from .utils.asset_permission import AssetPermissionUtilV2
+from .models import AssetPermission, RemoteAppPermission
+from .utils.asset_permission import AssetPermissionUtil
 
 
 logger = get_logger(__file__)
@@ -16,45 +16,64 @@ logger = get_logger(__file__)
 @on_transaction_commit
 def on_permission_change(sender, action='', **kwargs):
     logger.debug('Asset permission changed, refresh user tree cache')
-    AssetPermissionUtilV2.expire_all_user_tree_cache()
+    AssetPermissionUtil.expire_all_user_tree_cache()
 
 # Todo: 检查授权规则到期，从而修改授权规则
 
 
 @receiver(m2m_changed, sender=AssetPermission.nodes.through)
-def on_permission_nodes_changed(sender, instance=None, action='', **kwargs):
-    if action != 'post_add':
+def on_permission_nodes_changed(sender, instance=None, action='', reverse=None, **kwargs):
+    if action != 'post_add' and reverse:
         return
-    if isinstance(instance, AssetPermission):
-        logger.debug("Asset permission nodes change signal received")
-        nodes = kwargs['model'].objects.filter(pk__in=kwargs['pk_set'])
-        system_users = instance.system_users.all()
-        for system_user in system_users:
-            system_user.nodes.add(*tuple(nodes))
+    logger.debug("Asset permission nodes change signal received")
+    nodes = kwargs['model'].objects.filter(pk__in=kwargs['pk_set'])
+    system_users = instance.system_users.all()
+    for system_user in system_users:
+        system_user.nodes.add(*tuple(nodes))
 
 
 @receiver(m2m_changed, sender=AssetPermission.assets.through)
-def on_permission_assets_changed(sender, instance=None, action='', **kwargs):
-    if action != 'post_add':
+def on_permission_assets_changed(sender, instance=None, action='', reverse=None, **kwargs):
+    if action != 'post_add' and reverse:
         return
-    if isinstance(instance, AssetPermission):
-        logger.debug("Asset permission assets change signal received")
-        assets = kwargs['model'].objects.filter(pk__in=kwargs['pk_set'])
-        system_users = instance.system_users.all()
-        for system_user in system_users:
-            system_user.assets.add(*tuple(assets))
+    logger.debug("Asset permission assets change signal received")
+    assets = kwargs['model'].objects.filter(pk__in=kwargs['pk_set'])
+    system_users = instance.system_users.all()
+    for system_user in system_users:
+        system_user.assets.add(*tuple(assets))
 
 
 @receiver(m2m_changed, sender=AssetPermission.system_users.through)
-def on_permission_system_users_changed(sender, instance=None, action='', **kwargs):
-    if action != 'post_add':
+def on_asset_permission_system_users_changed(sender, instance=None, action='',
+                                             reverse=False, **kwargs):
+    if action != 'post_add' and reverse:
         return
-    if isinstance(instance, AssetPermission):
-        system_users = kwargs['model'].objects.filter(pk__in=kwargs['pk_set'])
-        logger.debug("Asset permission system_users change signal received")
-        assets = instance.assets.all().values_list('id', flat=True)
-        nodes = instance.nodes.all().values_list('id', flat=True)
-        for system_user in system_users:
-            system_user.nodes.add(*tuple(nodes))
-            system_user.assets.add(*tuple(assets))
+    logger.debug("Asset permission system_users change signal received")
+    system_users = kwargs['model'].objects.filter(pk__in=kwargs['pk_set'])
+    assets = instance.assets.all().values_list('id', flat=True)
+    nodes = instance.nodes.all().values_list('id', flat=True)
+    users = instance.users.all().values_list('id', flat=True)
+    groups = instance.user_groups.all().values_list('id', flat=True)
+    for system_user in system_users:
+        system_user.nodes.add(*tuple(nodes))
+        system_user.assets.add(*tuple(assets))
+        if system_user.username_same_with_user:
+            system_user.groups.add(*tuple(groups))
+            system_user.users.add(*tuple(users))
 
+
+@receiver(m2m_changed, sender=RemoteAppPermission.system_users.through)
+def on_remote_app_permission_system_users_changed(sender, instance=None,
+                                                  action='', reverse=False, **kwargs):
+    if action != 'post_add' or reverse:
+        return
+    system_users = kwargs['model'].objects.filter(pk__in=kwargs['pk_set'])
+    logger.debug("Remote app permission system_users change signal received")
+    assets = instance.remote_apps.all().values_list('asset__id', flat=True)
+    users = instance.users.all().values_list('id', flat=True)
+    groups = instance.user_groups.all().values_list('id', flat=True)
+    for system_user in system_users:
+        system_user.assets.add(*tuple(assets))
+        if system_user.username_same_with_user:
+            system_user.groups.add(*tuple(groups))
+            system_user.users.add(*tuple(users))