From 55096f9ad55694fb3aac32ccbc71a5bf3b49be5a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E8=80=81=E5=B9=BF?= Date: Fri, 27 Apr 2018 11:41:47 +0800 Subject: [PATCH] Bugfix perm asset not active (#1273) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * [Bugfix] 修复资产禁用了还可以登录的bug --- apps/assets/models/asset.py | 16 ++++- apps/assets/models/node.py | 8 +-- apps/i18n/zh/LC_MESSAGES/django.mo | Bin 33090 -> 33090 bytes apps/i18n/zh/LC_MESSAGES/django.po | 91 ++++++++++++++--------------- apps/perms/models.py | 21 +++++-- apps/perms/utils.py | 26 ++++----- 6 files changed, 92 insertions(+), 70 deletions(-) diff --git a/apps/assets/models/asset.py b/apps/assets/models/asset.py index 5b3009305..4a2942291 100644 --- a/apps/assets/models/asset.py +++ b/apps/assets/models/asset.py @@ -4,7 +4,6 @@ import uuid import logging -import random from django.db import models from django.utils.translation import ugettext_lazy as _ @@ -35,6 +34,19 @@ def default_node(): return None +class AssetQuerySet(models.QuerySet): + def active(self): + return self.filter(is_active=True) + + def valid(self): + return self.active() + + +class AssetManager(models.Manager): + def get_queryset(self): + return AssetQuerySet(self.model, using=self._db) + + class Asset(models.Model): # Important PLATFORM_CHOICES = ( @@ -83,6 +95,8 @@ class Asset(models.Model): date_created = models.DateTimeField(auto_now_add=True, null=True, blank=True, verbose_name=_('Date created')) comment = models.TextField(max_length=128, default='', blank=True, verbose_name=_('Comment')) + objects = AssetManager() + def __str__(self): return '{0.hostname}({0.ip})'.format(self) diff --git a/apps/assets/models/node.py b/apps/assets/models/node.py index 1b765aefb..7939ad1e9 100644 --- a/apps/assets/models/node.py +++ b/apps/assets/models/node.py @@ -63,8 +63,8 @@ class Node(models.Model): assets = Asset.objects.filter(nodes__id=self.id) return assets - def get_active_assets(self): - return self.get_assets().filter(is_active=True) + def get_valid_assets(self): + return self.get_assets().valid() def get_all_assets(self): from .asset import Asset @@ -78,8 +78,8 @@ class Node(models.Model): def has_assets(self): return self.get_all_assets() - def get_all_active_assets(self): - return self.get_all_assets().filter(is_active=True) + def get_all_valid_assets(self): + return self.get_all_assets().valid() def is_root(self): return self.key == '0' diff --git a/apps/i18n/zh/LC_MESSAGES/django.mo b/apps/i18n/zh/LC_MESSAGES/django.mo index c512eb54f39361c5e2009dbe27a91ff3997ea5a9..038e65f4355f956a2eb1f56ba8ab8fae46912d00 100644 GIT binary patch delta 17 YcmX@q#B`{MX+vi?ld?(prJ06}U7`v3p{ diff --git a/apps/i18n/zh/LC_MESSAGES/django.po b/apps/i18n/zh/LC_MESSAGES/django.po index 48986cee6..2dc77a3fd 100644 --- a/apps/i18n/zh/LC_MESSAGES/django.po +++ b/apps/i18n/zh/LC_MESSAGES/django.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: Jumpserver 0.3.3\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2018-04-27 11:16+0800\n" +"POT-Creation-Date: 2018-04-27 11:39+0800\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: ibuler \n" "Language-Team: Jumpserver team\n" @@ -29,15 +29,15 @@ msgstr "" msgid "测试节点下资产是否可连接: {}" msgstr "" -#: assets/forms/asset.py:24 assets/models/asset.py:54 assets/models/user.py:103 +#: assets/forms/asset.py:24 assets/models/asset.py:66 assets/models/user.py:103 #: assets/templates/assets/asset_detail.html:183 #: assets/templates/assets/asset_detail.html:191 -#: assets/templates/assets/system_user_detail.html:166 perms/models.py:23 +#: assets/templates/assets/system_user_detail.html:166 perms/models.py:33 msgid "Nodes" msgstr "节点管理" #: assets/forms/asset.py:27 assets/forms/asset.py:66 assets/forms/asset.py:109 -#: assets/forms/asset.py:113 assets/models/asset.py:58 +#: assets/forms/asset.py:113 assets/models/asset.py:70 #: assets/models/cluster.py:19 assets/models/user.py:72 #: assets/templates/assets/asset_detail.html:73 templates/_nav.html:25 msgid "Admin user" @@ -53,7 +53,7 @@ msgstr "管理用户" msgid "Label" msgstr "标签" -#: assets/forms/asset.py:34 assets/forms/asset.py:73 assets/models/asset.py:53 +#: assets/forms/asset.py:34 assets/forms/asset.py:73 assets/models/asset.py:65 #: assets/models/domain.py:46 msgid "Domain" msgstr "网域" @@ -61,7 +61,7 @@ msgstr "网域" #: assets/forms/asset.py:38 assets/forms/asset.py:63 assets/forms/asset.py:77 #: assets/forms/asset.py:128 assets/templates/assets/asset_create.html:29 #: assets/templates/assets/asset_update.html:34 perms/forms.py:40 -#: perms/forms.py:47 perms/models.py:67 +#: perms/forms.py:47 perms/models.py:76 #: perms/templates/perms/asset_permission_list.html:57 #: perms/templates/perms/asset_permission_list.html:142 msgid "Node" @@ -90,7 +90,7 @@ msgstr "如果有多个的互相隔离的网络,设置资产属于的网域, msgid "Select assets" msgstr "选择资产" -#: assets/forms/asset.py:105 assets/models/asset.py:51 +#: assets/forms/asset.py:105 assets/models/asset.py:63 #: assets/models/domain.py:44 assets/templates/assets/admin_user_assets.html:53 #: assets/templates/assets/asset_detail.html:69 #: assets/templates/assets/domain_gateway_list.html:58 @@ -99,14 +99,14 @@ msgid "Port" msgstr "端口" #: assets/forms/domain.py:14 assets/forms/label.py:13 -#: assets/models/asset.py:169 assets/templates/assets/admin_user_list.html:25 +#: assets/models/asset.py:183 assets/templates/assets/admin_user_list.html:25 #: assets/templates/assets/domain_detail.html:60 #: assets/templates/assets/domain_list.html:15 #: assets/templates/assets/label_list.html:16 #: assets/templates/assets/system_user_list.html:29 audits/models.py:11 #: audits/templates/audits/ftp_log_list.html:41 #: audits/templates/audits/ftp_log_list.html:72 perms/forms.py:37 -#: perms/models.py:22 +#: perms/models.py:32 #: perms/templates/perms/asset_permission_create_update.html:40 #: perms/templates/perms/asset_permission_list.html:56 #: perms/templates/perms/asset_permission_list.html:139 @@ -132,7 +132,7 @@ msgstr "资产" #: common/templates/common/terminal_setting.html:67 #: common/templates/common/terminal_setting.html:85 ops/models/adhoc.py:36 #: ops/templates/ops/task_detail.html:59 ops/templates/ops/task_list.html:35 -#: perms/models.py:19 perms/templates/perms/asset_permission_detail.html:62 +#: perms/models.py:29 perms/templates/perms/asset_permission_detail.html:62 #: perms/templates/perms/asset_permission_list.html:53 #: perms/templates/perms/asset_permission_user.html:54 terminal/models.py:16 #: terminal/models.py:154 terminal/templates/terminal/terminal_detail.html:43 @@ -202,7 +202,7 @@ msgid "" "than 2 system user" msgstr "高优先级的系统用户将会作为默认登录用户" -#: assets/models/asset.py:49 assets/models/domain.py:43 +#: assets/models/asset.py:61 assets/models/domain.py:43 #: assets/templates/assets/_asset_list_modal.html:46 #: assets/templates/assets/admin_user_assets.html:52 #: assets/templates/assets/asset_detail.html:61 @@ -217,7 +217,7 @@ msgstr "高优先级的系统用户将会作为默认登录用户" msgid "IP" msgstr "IP" -#: assets/models/asset.py:50 assets/templates/assets/_asset_list_modal.html:45 +#: assets/models/asset.py:62 assets/templates/assets/_asset_list_modal.html:45 #: assets/templates/assets/admin_user_assets.html:51 #: assets/templates/assets/asset_detail.html:57 #: assets/templates/assets/asset_list.html:86 @@ -229,107 +229,107 @@ msgstr "IP" msgid "Hostname" msgstr "主机名" -#: assets/models/asset.py:52 assets/templates/assets/asset_detail.html:97 +#: assets/models/asset.py:64 assets/templates/assets/asset_detail.html:97 msgid "Platform" msgstr "系统平台" -#: assets/models/asset.py:55 assets/models/domain.py:48 +#: assets/models/asset.py:67 assets/models/domain.py:48 #: assets/models/label.py:20 assets/templates/assets/asset_detail.html:105 msgid "Is active" msgstr "激活" -#: assets/models/asset.py:61 assets/templates/assets/asset_detail.html:65 +#: assets/models/asset.py:73 assets/templates/assets/asset_detail.html:65 msgid "Public IP" msgstr "公网IP" -#: assets/models/asset.py:62 assets/templates/assets/asset_detail.html:113 +#: assets/models/asset.py:74 assets/templates/assets/asset_detail.html:113 msgid "Asset number" msgstr "资产编号" -#: assets/models/asset.py:65 assets/templates/assets/asset_detail.html:77 +#: assets/models/asset.py:77 assets/templates/assets/asset_detail.html:77 msgid "Vendor" msgstr "制造商" -#: assets/models/asset.py:66 assets/templates/assets/asset_detail.html:81 +#: assets/models/asset.py:78 assets/templates/assets/asset_detail.html:81 msgid "Model" msgstr "型号" -#: assets/models/asset.py:67 assets/templates/assets/asset_detail.html:109 +#: assets/models/asset.py:79 assets/templates/assets/asset_detail.html:109 msgid "Serial number" msgstr "序列号" -#: assets/models/asset.py:69 +#: assets/models/asset.py:81 msgid "CPU model" msgstr "CPU型号" -#: assets/models/asset.py:70 +#: assets/models/asset.py:82 msgid "CPU count" msgstr "CPU数量" -#: assets/models/asset.py:71 +#: assets/models/asset.py:83 msgid "CPU cores" msgstr "CPU核数" -#: assets/models/asset.py:72 assets/templates/assets/asset_detail.html:89 +#: assets/models/asset.py:84 assets/templates/assets/asset_detail.html:89 msgid "Memory" msgstr "内存" -#: assets/models/asset.py:73 +#: assets/models/asset.py:85 msgid "Disk total" msgstr "硬盘大小" -#: assets/models/asset.py:74 +#: assets/models/asset.py:86 msgid "Disk info" msgstr "硬盘信息" -#: assets/models/asset.py:76 assets/templates/assets/asset_detail.html:101 +#: assets/models/asset.py:88 assets/templates/assets/asset_detail.html:101 msgid "OS" msgstr "操作系统" -#: assets/models/asset.py:77 +#: assets/models/asset.py:89 msgid "OS version" msgstr "系统版本" -#: assets/models/asset.py:78 +#: assets/models/asset.py:90 msgid "OS arch" msgstr "系统架构" -#: assets/models/asset.py:79 +#: assets/models/asset.py:91 msgid "Hostname raw" msgstr "主机名原始" -#: assets/models/asset.py:81 assets/templates/assets/asset_create.html:33 +#: assets/models/asset.py:93 assets/templates/assets/asset_create.html:33 #: assets/templates/assets/asset_detail.html:220 #: assets/templates/assets/asset_update.html:38 templates/_nav.html:27 msgid "Labels" msgstr "标签管理" -#: assets/models/asset.py:82 assets/models/base.py:29 +#: assets/models/asset.py:94 assets/models/base.py:29 #: assets/models/cluster.py:28 assets/models/group.py:21 #: assets/templates/assets/admin_user_detail.html:68 #: assets/templates/assets/asset_detail.html:117 #: assets/templates/assets/domain_detail.html:72 #: assets/templates/assets/system_user_detail.html:96 -#: ops/templates/ops/adhoc_detail.html:86 perms/models.py:28 perms/models.py:72 +#: ops/templates/ops/adhoc_detail.html:86 perms/models.py:38 perms/models.py:81 #: perms/templates/perms/asset_permission_detail.html:98 #: users/models/user.py:83 users/templates/users/user_detail.html:107 msgid "Created by" msgstr "创建者" -#: assets/models/asset.py:83 assets/models/cluster.py:26 +#: assets/models/asset.py:95 assets/models/cluster.py:26 #: assets/models/domain.py:20 assets/models/group.py:22 #: assets/models/label.py:23 assets/templates/assets/admin_user_detail.html:64 #: assets/templates/assets/domain_detail.html:68 #: assets/templates/assets/system_user_detail.html:92 #: ops/templates/ops/adhoc_detail.html:90 ops/templates/ops/task_detail.html:63 -#: perms/models.py:29 perms/models.py:73 +#: perms/models.py:39 perms/models.py:82 #: perms/templates/perms/asset_permission_detail.html:94 #: terminal/templates/terminal/terminal_detail.html:59 users/models/group.py:17 #: users/templates/users/user_group_detail.html:63 msgid "Date created" msgstr "创建日期" -#: assets/models/asset.py:84 assets/models/base.py:26 +#: assets/models/asset.py:96 assets/models/base.py:26 #: assets/models/cluster.py:29 assets/models/domain.py:18 #: assets/models/domain.py:47 assets/models/group.py:23 #: assets/models/label.py:21 assets/templates/assets/admin_user_detail.html:72 @@ -340,7 +340,7 @@ msgstr "创建日期" #: assets/templates/assets/domain_list.html:17 #: assets/templates/assets/system_user_detail.html:100 #: assets/templates/assets/system_user_list.html:33 common/models.py:30 -#: ops/models/adhoc.py:42 perms/models.py:30 perms/models.py:74 +#: ops/models/adhoc.py:42 perms/models.py:40 perms/models.py:83 #: perms/templates/perms/asset_permission_detail.html:102 terminal/models.py:26 #: terminal/templates/terminal/terminal_detail.html:63 users/models/group.py:15 #: users/models/user.py:75 users/templates/users/user_detail.html:119 @@ -423,7 +423,7 @@ msgstr "默认资产组" #: assets/models/label.py:14 audits/models.py:9 #: audits/templates/audits/ftp_log_list.html:33 #: audits/templates/audits/ftp_log_list.html:71 perms/forms.py:14 -#: perms/forms.py:31 perms/models.py:20 +#: perms/forms.py:31 perms/models.py:30 #: perms/templates/perms/asset_permission_create_update.html:36 #: perms/templates/perms/asset_permission_list.html:54 #: perms/templates/perms/asset_permission_list.html:133 @@ -490,7 +490,7 @@ msgstr "Shell" #: assets/models/user.py:149 audits/models.py:12 #: audits/templates/audits/ftp_log_list.html:49 #: audits/templates/audits/ftp_log_list.html:73 perms/forms.py:43 -#: perms/models.py:24 perms/models.py:69 +#: perms/models.py:34 perms/models.py:78 #: perms/templates/perms/asset_permission_detail.html:140 #: perms/templates/perms/asset_permission_list.html:58 #: perms/templates/perms/asset_permission_list.html:145 templates/_nav.html:26 @@ -857,8 +857,8 @@ msgstr "快速修改" #: assets/templates/assets/asset_detail.html:143 #: assets/templates/assets/asset_list.html:89 -#: assets/templates/assets/user_asset_list.html:47 perms/models.py:25 -#: perms/models.py:70 +#: assets/templates/assets/user_asset_list.html:47 perms/models.py:35 +#: perms/models.py:79 #: perms/templates/perms/asset_permission_create_update.html:47 #: perms/templates/perms/asset_permission_detail.html:120 #: perms/templates/perms/asset_permission_list.html:59 @@ -1198,7 +1198,7 @@ msgstr "成功" #: audits/templates/audits/ftp_log_list.html:78 #: ops/templates/ops/adhoc_history.html:52 #: ops/templates/ops/adhoc_history_detail.html:61 -#: ops/templates/ops/task_history.html:58 perms/models.py:26 +#: ops/templates/ops/task_history.html:58 perms/models.py:36 #: perms/templates/perms/asset_permission_detail.html:86 terminal/models.py:137 #: terminal/templates/terminal/session_list.html:77 msgid "Date start" @@ -1712,7 +1712,7 @@ msgstr "执行历史" msgid "Select users" msgstr "选择用户" -#: perms/forms.py:34 perms/models.py:21 perms/models.py:68 +#: perms/forms.py:34 perms/models.py:31 perms/models.py:77 #: perms/templates/perms/asset_permission_list.html:55 #: perms/templates/perms/asset_permission_list.html:136 templates/_nav.html:14 #: users/models/group.py:25 users/models/user.py:48 @@ -1730,14 +1730,14 @@ msgstr "" msgid "Asset or group at least one required" msgstr "" -#: perms/models.py:27 perms/models.py:71 +#: perms/models.py:37 perms/models.py:80 #: perms/templates/perms/asset_permission_detail.html:90 #: users/models/user.py:80 users/templates/users/user_detail.html:103 #: users/templates/users/user_profile.html:105 msgid "Date expired" msgstr "失效日期" -#: perms/models.py:81 templates/_nav.html:34 +#: perms/models.py:90 templates/_nav.html:34 msgid "Asset permission" msgstr "资产授权" @@ -2299,6 +2299,7 @@ msgstr "" "设置复杂密码,启用MFA认证)" #: users/forms.py:154 users/templates/users/first_login.html:48 +#: users/templates/users/first_login.html:107 #: users/templates/users/first_login.html:130 msgid "Finish" msgstr "完成" @@ -2954,5 +2955,3 @@ msgstr "MFA 解绑成功" #: users/views/user.py:519 msgid "MFA disable success, return login page" msgstr "MFA 解绑成功,返回登录页面" - - diff --git a/apps/perms/models.py b/apps/perms/models.py index 954cbe5f6..f7792ee6d 100644 --- a/apps/perms/models.py +++ b/apps/perms/models.py @@ -7,13 +7,23 @@ from django.utils import timezone from common.utils import date_expired_default, set_or_append_attr_bulk -class ValidManager(models.Manager): - def get_queryset(self): - return super().get_queryset().filter(is_active=True) \ - .filter(date_start__lt=timezone.now())\ +class AssetPermissionQuerySet(models.QuerySet): + def active(self): + return self.filter(is_active=True) + + def valid(self): + return self.active().filter(date_start__lt=timezone.now())\ .filter(date_expired__gt=timezone.now()) +class AssetPermissionManager(models.Manager): + def get_queryset(self): + return AssetPermissionQuerySet(self.model, using=self._db) + + def valid(self): + return self.get_queryset().valid() + + class AssetPermission(models.Model): id = models.UUIDField(default=uuid.uuid4, primary_key=True) name = models.CharField(max_length=128, unique=True, verbose_name=_('Name')) @@ -29,8 +39,7 @@ class AssetPermission(models.Model): date_created = models.DateTimeField(auto_now_add=True, verbose_name=_('Date created')) comment = models.TextField(verbose_name=_('Comment'), blank=True) - objects = models.Manager() - valid = ValidManager() + objects = AssetPermissionManager() def __str__(self): return self.name diff --git a/apps/perms/utils.py b/apps/perms/utils.py index 81ac4bf05..b23b1cb7c 100644 --- a/apps/perms/utils.py +++ b/apps/perms/utils.py @@ -16,23 +16,23 @@ class AssetPermissionUtil: @staticmethod def get_user_permissions(user): - return AssetPermission.valid.all().filter(users=user) + return AssetPermission.objects.all().valid().filter(users=user) @staticmethod def get_user_group_permissions(user_group): - return AssetPermission.valid.all().filter(user_groups=user_group) + return AssetPermission.objects.all().valid().filter(user_groups=user_group) @staticmethod def get_asset_permissions(asset): - return AssetPermission.valid.all().filter(assets=asset) + return AssetPermission.objects.all().valid().filter(assets=asset) @staticmethod def get_node_permissions(node): - return AssetPermission.valid.all().filter(nodes=node) + return AssetPermission.objects.all().valid().filter(nodes=node) @staticmethod def get_system_user_permissions(system_user): - return AssetPermission.objects.all().filter(system_users=system_user) + return AssetPermission.objects.valid().all().filter(system_users=system_user) @classmethod def get_user_group_nodes(cls, group): @@ -51,7 +51,7 @@ class AssetPermissionUtil: assets = defaultdict(set) permissions = cls.get_user_group_permissions(group) for perm in permissions: - _assets = perm.assets.all() + _assets = perm.assets.all().valid() _system_users = perm.system_users.all() set_or_append_attr_bulk(_assets, 'permission', perm.id) for asset in _assets: @@ -63,7 +63,7 @@ class AssetPermissionUtil: assets = defaultdict(set) nodes = cls.get_user_group_nodes(group) for node, _system_users in nodes.items(): - _assets = node.get_all_assets() + _assets = node.get_all_valid_assets() set_or_append_attr_bulk(_assets, 'inherit_node', node.id) set_or_append_attr_bulk(_assets, 'permission', getattr(node, 'permission', None)) for asset in _assets: @@ -103,7 +103,7 @@ class AssetPermissionUtil: assets = defaultdict(set) permissions = list(cls.get_user_permissions(user)) for perm in permissions: - _assets = perm.assets.all() + _assets = perm.assets.all().valid() _system_users = perm.system_users.all() set_or_append_attr_bulk(_assets, 'permission', perm.id) for asset in _assets: @@ -127,7 +127,7 @@ class AssetPermissionUtil: assets = defaultdict(set) nodes = cls.get_user_nodes_direct(user) for node, _system_users in nodes.items(): - _assets = node.get_all_assets() + _assets = node.get_all_valid_assets() set_or_append_attr_bulk(_assets, 'inherit_node', node.id) set_or_append_attr_bulk(_assets, 'permission', getattr(node, 'permission', None)) for asset in _assets: @@ -180,10 +180,10 @@ class AssetPermissionUtil: assets = set() permissions = cls.get_system_user_permissions(system_user) for perm in permissions: - assets.update(set(perm.assets.all())) + assets.update(set(perm.assets.all().valid())) nodes = perm.nodes.all() for node in nodes: - assets.update(set(node.get_all_assets())) + assets.update(set(node.get_all_valid_assets())) return assets @classmethod @@ -243,7 +243,7 @@ class NodePermissionUtil: nodes_with_assets = dict() for node, system_users in nodes.items(): nodes_with_assets[node] = { - 'assets': node.get_active_assets(), + 'assets': node.get_valid_assets(), 'system_users': system_users } return nodes_with_assets @@ -274,7 +274,7 @@ class NodePermissionUtil: nodes_with_assets = dict() for node, system_users in nodes.items(): nodes_with_assets[node] = { - 'assets': node.get_active_assets(), + 'assets': node.get_valid_assets(), 'system_users': system_users } return nodes_with_assets