From e09383ecf43e5ff68069ec3aca18f718253ce99c Mon Sep 17 00:00:00 2001 From: fit2bot <68588906+fit2bot@users.noreply.github.com> Date: Mon, 18 Jul 2022 13:24:31 +0800 Subject: [PATCH 1/6] fix: django 3.1.14 (#8613) Co-authored-by: feng626 <1304903146@qq.com> --- requirements/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements/requirements.txt b/requirements/requirements.txt index afe9b7179..1dac6922d 100644 --- a/requirements/requirements.txt +++ b/requirements/requirements.txt @@ -62,7 +62,7 @@ jsonfield2==4.0.0.post0 geoip2==4.5.0 ipip-ipdb==1.6.1 # Django environment -Django==3.2.13 +Django==3.1.14 django-bootstrap3==14.2.0 django-filter==2.4.0 django-formtools==2.2 From bb9d32dc189cc7c9b481568f68bd6607022ae93b Mon Sep 17 00:00:00 2001 From: ibuler Date: Mon, 18 Jul 2022 13:44:20 +0800 Subject: [PATCH 2/6] =?UTF-8?q?perf:=20=E4=BF=AE=E6=94=B9=E6=89=80?= =?UTF-8?q?=E6=9C=89=E7=BB=84=E7=BB=87=E5=90=8D=E7=A7=B0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/locale/ja/LC_MESSAGES/django.mo | 4 +- apps/locale/ja/LC_MESSAGES/django.po | 74 ++++++++++--------- apps/locale/zh/LC_MESSAGES/django.mo | 4 +- apps/locale/zh/LC_MESSAGES/django.po | 74 ++++++++++--------- .../0013_alter_organization_options.py | 17 +++++ apps/orgs/models.py | 1 + apps/rbac/builtin.py | 5 +- apps/rbac/models/rolebinding.py | 11 ++- 8 files changed, 117 insertions(+), 73 deletions(-) create mode 100644 apps/orgs/migrations/0013_alter_organization_options.py diff --git a/apps/locale/ja/LC_MESSAGES/django.mo b/apps/locale/ja/LC_MESSAGES/django.mo index 789260264..e6d644bf9 100644 --- a/apps/locale/ja/LC_MESSAGES/django.mo +++ b/apps/locale/ja/LC_MESSAGES/django.mo @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:4d5cc27fc996896f8cba5773c99de59ff854f7ef1ae8c470d5c74bb6b371e6ed -size 128472 +oid sha256:94dbd28454eaced93affd6baeb1f7c2cb1b2c28a7144ccdcef6963a2fad92616 +size 128666 diff --git a/apps/locale/ja/LC_MESSAGES/django.po b/apps/locale/ja/LC_MESSAGES/django.po index 54c5c70f0..e832dc06d 100644 --- a/apps/locale/ja/LC_MESSAGES/django.po +++ b/apps/locale/ja/LC_MESSAGES/django.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2022-07-15 17:15+0800\n" +"POT-Creation-Date: 2022-07-18 14:01+0800\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" @@ -88,8 +88,8 @@ msgstr "ログイン確認" #: acls/models/login_acl.py:24 acls/models/login_asset_acl.py:20 #: assets/models/cmd_filter.py:30 assets/models/label.py:15 audits/models.py:37 #: audits/models.py:62 audits/models.py:87 audits/serializers.py:100 -#: authentication/models.py:54 authentication/models.py:78 orgs/models.py:214 -#: perms/models/base.py:84 rbac/builtin.py:117 rbac/models/rolebinding.py:41 +#: authentication/models.py:54 authentication/models.py:78 orgs/models.py:215 +#: perms/models/base.py:84 rbac/builtin.py:120 rbac/models/rolebinding.py:41 #: terminal/backends/command/models.py:20 #: terminal/backends/command/serializers.py:13 terminal/models/session.py:44 #: terminal/models/sharing.py:33 terminal/notifications.py:91 @@ -363,7 +363,7 @@ msgstr "タイプ表示" #: assets/serializers/account.py:18 assets/serializers/cmd_filter.py:28 #: assets/serializers/cmd_filter.py:48 common/db/models.py:114 #: common/mixins/models.py:50 ops/models/adhoc.py:39 ops/models/command.py:30 -#: orgs/models.py:67 orgs/models.py:217 perms/models/base.py:92 +#: orgs/models.py:67 orgs/models.py:218 perms/models/base.py:92 #: users/models/group.py:18 users/models/user.py:922 #: xpack/plugins/cloud/models.py:125 msgid "Date created" @@ -373,7 +373,7 @@ msgstr "作成された日付" #: assets/models/gathered_user.py:20 assets/serializers/account.py:21 #: assets/serializers/cmd_filter.py:29 assets/serializers/cmd_filter.py:49 #: common/db/models.py:115 common/mixins/models.py:51 ops/models/adhoc.py:40 -#: orgs/models.py:218 +#: orgs/models.py:219 msgid "Date updated" msgstr "更新日" @@ -624,7 +624,7 @@ msgstr "ラベル" #: assets/models/cluster.py:28 assets/models/cmd_filter.py:52 #: assets/models/cmd_filter.py:99 assets/models/group.py:21 #: common/db/models.py:112 common/mixins/models.py:49 orgs/models.py:66 -#: orgs/models.py:219 perms/models/base.py:91 users/models/user.py:706 +#: orgs/models.py:220 perms/models/base.py:91 users/models/user.py:706 #: users/serializers/group.py:33 #: xpack/plugins/change_auth_plan/models/base.py:48 #: xpack/plugins/cloud/models.py:122 xpack/plugins/gathered_user/models.py:30 @@ -735,7 +735,7 @@ msgid "Trigger mode" msgstr "トリガーモード" #: assets/models/backup.py:119 audits/models.py:127 -#: terminal/models/sharing.py:106 +#: terminal/models/sharing.py:108 #: xpack/plugins/change_auth_plan/models/base.py:201 #: xpack/plugins/change_auth_plan/serializers/app.py:66 #: xpack/plugins/change_auth_plan/serializers/asset.py:180 @@ -1435,7 +1435,7 @@ msgid "Symlink" msgstr "Symlink" #: audits/models.py:38 audits/models.py:66 audits/models.py:89 -#: terminal/models/session.py:51 terminal/models/sharing.py:94 +#: terminal/models/session.py:51 terminal/models/sharing.py:96 msgid "Remote addr" msgstr "リモートaddr" @@ -1447,7 +1447,7 @@ msgstr "操作" msgid "Filename" msgstr "ファイル名" -#: audits/models.py:43 audits/models.py:117 terminal/models/sharing.py:102 +#: audits/models.py:43 audits/models.py:117 terminal/models/sharing.py:104 #: tickets/views/approve.py:115 #: xpack/plugins/change_auth_plan/serializers/app.py:87 #: xpack/plugins/change_auth_plan/serializers/asset.py:198 @@ -3025,7 +3025,7 @@ msgid "App organizations" msgstr "アプリ組織" #: orgs/mixins/models.py:57 orgs/mixins/serializers.py:25 orgs/models.py:80 -#: orgs/models.py:211 rbac/const.py:7 rbac/models/rolebinding.py:48 +#: orgs/models.py:212 rbac/const.py:7 rbac/models/rolebinding.py:48 #: rbac/serializers/rolebinding.py:40 settings/serializers/auth/ldap.py:62 #: tickets/models/ticket/general.py:300 tickets/serializers/ticket/ticket.py:71 msgid "Organization" @@ -3039,7 +3039,11 @@ msgstr "グローバル組織" msgid "Can view root org" msgstr "グローバル組織を表示できます" -#: orgs/models.py:216 rbac/models/role.py:46 rbac/models/rolebinding.py:44 +#: orgs/models.py:83 +msgid "Can view all joined org" +msgstr "参加しているすべての組織を表示できます" + +#: orgs/models.py:217 rbac/models/role.py:46 rbac/models/rolebinding.py:44 #: users/models/user.py:671 msgid "Role" msgstr "ロール" @@ -3260,27 +3264,27 @@ msgstr "{} 少なくとも1つのシステムロール" msgid "RBAC" msgstr "RBAC" -#: rbac/builtin.py:108 +#: rbac/builtin.py:111 msgid "SystemAdmin" msgstr "システム管理者" -#: rbac/builtin.py:111 +#: rbac/builtin.py:114 msgid "SystemAuditor" msgstr "システム監査人" -#: rbac/builtin.py:114 +#: rbac/builtin.py:117 msgid "SystemComponent" msgstr "システムコンポーネント" -#: rbac/builtin.py:120 +#: rbac/builtin.py:123 msgid "OrgAdmin" msgstr "組織管理者" -#: rbac/builtin.py:123 +#: rbac/builtin.py:126 msgid "OrgAuditor" msgstr "監査員を組織する" -#: rbac/builtin.py:126 +#: rbac/builtin.py:129 msgid "OrgUser" msgstr "組織ユーザー" @@ -3336,18 +3340,22 @@ msgstr "組織の役割" msgid "Role binding" msgstr "ロールバインディング" -#: rbac/models/rolebinding.py:159 +#: rbac/models/rolebinding.py:137 +msgid "All organizations" +msgstr "全ての組織" + +#: rbac/models/rolebinding.py:166 msgid "" "User last role in org, can not be delete, you can remove user from org " "instead" msgstr "" "ユーザーの最後のロールは削除できません。ユーザーを組織から削除できます。" -#: rbac/models/rolebinding.py:166 +#: rbac/models/rolebinding.py:173 msgid "Organization role binding" msgstr "組織の役割バインディング" -#: rbac/models/rolebinding.py:181 +#: rbac/models/rolebinding.py:188 msgid "System role binding" msgstr "システムロールバインディング" @@ -4775,7 +4783,7 @@ msgid "Output" msgstr "出力" #: terminal/backends/command/models.py:25 terminal/models/replay.py:9 -#: terminal/models/sharing.py:19 terminal/models/sharing.py:76 +#: terminal/models/sharing.py:19 terminal/models/sharing.py:78 #: terminal/templates/terminal/_msg_command_alert.html:10 #: tickets/models/ticket/command_confirm.py:20 msgid "Session" @@ -4897,7 +4905,7 @@ msgstr "セッションのリプレイをアップロードできます" msgid "Can download session replay" msgstr "セッション再生をダウンロードできます" -#: terminal/models/session.py:50 terminal/models/sharing.py:99 +#: terminal/models/session.py:50 terminal/models/sharing.py:101 msgid "Login from" msgstr "ログイン元" @@ -4933,7 +4941,7 @@ msgstr "セッションアクションのパーマを検証できます" msgid "Creator" msgstr "作成者" -#: terminal/models/sharing.py:26 terminal/models/sharing.py:78 +#: terminal/models/sharing.py:26 terminal/models/sharing.py:80 msgid "Verify code" msgstr "コードの確認" @@ -4941,7 +4949,7 @@ msgstr "コードの確認" msgid "Expired time (min)" msgstr "期限切れ時間 (分)" -#: terminal/models/sharing.py:37 terminal/models/sharing.py:81 +#: terminal/models/sharing.py:37 terminal/models/sharing.py:83 msgid "Session sharing" msgstr "セッション共有" @@ -4949,40 +4957,40 @@ msgstr "セッション共有" msgid "Can add super session sharing" msgstr "スーパーセッション共有を追加できます" -#: terminal/models/sharing.py:64 +#: terminal/models/sharing.py:66 msgid "Link not active" msgstr "リンクがアクティブでない" -#: terminal/models/sharing.py:66 +#: terminal/models/sharing.py:68 msgid "Link expired" msgstr "リンク期限切れ" -#: terminal/models/sharing.py:68 +#: terminal/models/sharing.py:70 msgid "User not allowed to join" msgstr "ユーザーはセッションに参加できません" -#: terminal/models/sharing.py:85 terminal/serializers/sharing.py:59 +#: terminal/models/sharing.py:87 terminal/serializers/sharing.py:59 msgid "Joiner" msgstr "ジョイナー" -#: terminal/models/sharing.py:88 +#: terminal/models/sharing.py:90 msgid "Date joined" msgstr "参加日" -#: terminal/models/sharing.py:91 +#: terminal/models/sharing.py:93 msgid "Date left" msgstr "日付が残っています" -#: terminal/models/sharing.py:109 tickets/const.py:26 +#: terminal/models/sharing.py:111 tickets/const.py:26 #: xpack/plugins/change_auth_plan/models/base.py:192 msgid "Finished" msgstr "終了" -#: terminal/models/sharing.py:114 +#: terminal/models/sharing.py:116 msgid "Session join record" msgstr "セッション参加記録" -#: terminal/models/sharing.py:130 +#: terminal/models/sharing.py:132 msgid "Invalid verification code" msgstr "検証コードが無効" diff --git a/apps/locale/zh/LC_MESSAGES/django.mo b/apps/locale/zh/LC_MESSAGES/django.mo index acdae1731..3f244b4f6 100644 --- a/apps/locale/zh/LC_MESSAGES/django.mo +++ b/apps/locale/zh/LC_MESSAGES/django.mo @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:7ee69ce22224f6cae615752c034e495c29d93ed9dbe86767f044d5c0f663b8cc -size 105904 +oid sha256:3803a3c5301b92b11e1478dc674d8a95525203ff9636e8ab99914b660005aa37 +size 106048 diff --git a/apps/locale/zh/LC_MESSAGES/django.po b/apps/locale/zh/LC_MESSAGES/django.po index 15cb33b57..42deeb5ba 100644 --- a/apps/locale/zh/LC_MESSAGES/django.po +++ b/apps/locale/zh/LC_MESSAGES/django.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: JumpServer 0.3.3\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2022-07-15 17:15+0800\n" +"POT-Creation-Date: 2022-07-18 14:01+0800\n" "PO-Revision-Date: 2021-05-20 10:54+0800\n" "Last-Translator: ibuler \n" "Language-Team: JumpServer team\n" @@ -87,8 +87,8 @@ msgstr "登录复核" #: acls/models/login_acl.py:24 acls/models/login_asset_acl.py:20 #: assets/models/cmd_filter.py:30 assets/models/label.py:15 audits/models.py:37 #: audits/models.py:62 audits/models.py:87 audits/serializers.py:100 -#: authentication/models.py:54 authentication/models.py:78 orgs/models.py:214 -#: perms/models/base.py:84 rbac/builtin.py:117 rbac/models/rolebinding.py:41 +#: authentication/models.py:54 authentication/models.py:78 orgs/models.py:215 +#: perms/models/base.py:84 rbac/builtin.py:120 rbac/models/rolebinding.py:41 #: terminal/backends/command/models.py:20 #: terminal/backends/command/serializers.py:13 terminal/models/session.py:44 #: terminal/models/sharing.py:33 terminal/notifications.py:91 @@ -358,7 +358,7 @@ msgstr "类型名称" #: assets/serializers/account.py:18 assets/serializers/cmd_filter.py:28 #: assets/serializers/cmd_filter.py:48 common/db/models.py:114 #: common/mixins/models.py:50 ops/models/adhoc.py:39 ops/models/command.py:30 -#: orgs/models.py:67 orgs/models.py:217 perms/models/base.py:92 +#: orgs/models.py:67 orgs/models.py:218 perms/models/base.py:92 #: users/models/group.py:18 users/models/user.py:922 #: xpack/plugins/cloud/models.py:125 msgid "Date created" @@ -368,7 +368,7 @@ msgstr "创建日期" #: assets/models/gathered_user.py:20 assets/serializers/account.py:21 #: assets/serializers/cmd_filter.py:29 assets/serializers/cmd_filter.py:49 #: common/db/models.py:115 common/mixins/models.py:51 ops/models/adhoc.py:40 -#: orgs/models.py:218 +#: orgs/models.py:219 msgid "Date updated" msgstr "更新日期" @@ -619,7 +619,7 @@ msgstr "标签管理" #: assets/models/cluster.py:28 assets/models/cmd_filter.py:52 #: assets/models/cmd_filter.py:99 assets/models/group.py:21 #: common/db/models.py:112 common/mixins/models.py:49 orgs/models.py:66 -#: orgs/models.py:219 perms/models/base.py:91 users/models/user.py:706 +#: orgs/models.py:220 perms/models/base.py:91 users/models/user.py:706 #: users/serializers/group.py:33 #: xpack/plugins/change_auth_plan/models/base.py:48 #: xpack/plugins/cloud/models.py:122 xpack/plugins/gathered_user/models.py:30 @@ -730,7 +730,7 @@ msgid "Trigger mode" msgstr "触发模式" #: assets/models/backup.py:119 audits/models.py:127 -#: terminal/models/sharing.py:106 +#: terminal/models/sharing.py:108 #: xpack/plugins/change_auth_plan/models/base.py:201 #: xpack/plugins/change_auth_plan/serializers/app.py:66 #: xpack/plugins/change_auth_plan/serializers/asset.py:180 @@ -1423,7 +1423,7 @@ msgid "Symlink" msgstr "建立软链接" #: audits/models.py:38 audits/models.py:66 audits/models.py:89 -#: terminal/models/session.py:51 terminal/models/sharing.py:94 +#: terminal/models/session.py:51 terminal/models/sharing.py:96 msgid "Remote addr" msgstr "远端地址" @@ -1435,7 +1435,7 @@ msgstr "操作" msgid "Filename" msgstr "文件名" -#: audits/models.py:43 audits/models.py:117 terminal/models/sharing.py:102 +#: audits/models.py:43 audits/models.py:117 terminal/models/sharing.py:104 #: tickets/views/approve.py:115 #: xpack/plugins/change_auth_plan/serializers/app.py:87 #: xpack/plugins/change_auth_plan/serializers/asset.py:198 @@ -2985,7 +2985,7 @@ msgid "App organizations" msgstr "组织管理" #: orgs/mixins/models.py:57 orgs/mixins/serializers.py:25 orgs/models.py:80 -#: orgs/models.py:211 rbac/const.py:7 rbac/models/rolebinding.py:48 +#: orgs/models.py:212 rbac/const.py:7 rbac/models/rolebinding.py:48 #: rbac/serializers/rolebinding.py:40 settings/serializers/auth/ldap.py:62 #: tickets/models/ticket/general.py:300 tickets/serializers/ticket/ticket.py:71 msgid "Organization" @@ -2999,7 +2999,11 @@ msgstr "全局组织" msgid "Can view root org" msgstr "可以查看全局组织" -#: orgs/models.py:216 rbac/models/role.py:46 rbac/models/rolebinding.py:44 +#: orgs/models.py:83 +msgid "Can view all joined org" +msgstr "可以查看所有加入的组织" + +#: orgs/models.py:217 rbac/models/role.py:46 rbac/models/rolebinding.py:44 #: users/models/user.py:671 msgid "Role" msgstr "角色" @@ -3218,27 +3222,27 @@ msgstr "{} 至少有一个系统角色" msgid "RBAC" msgstr "RBAC" -#: rbac/builtin.py:108 +#: rbac/builtin.py:111 msgid "SystemAdmin" msgstr "系统管理员" -#: rbac/builtin.py:111 +#: rbac/builtin.py:114 msgid "SystemAuditor" msgstr "系统审计员" -#: rbac/builtin.py:114 +#: rbac/builtin.py:117 msgid "SystemComponent" msgstr "系统组件" -#: rbac/builtin.py:120 +#: rbac/builtin.py:123 msgid "OrgAdmin" msgstr "组织管理员" -#: rbac/builtin.py:123 +#: rbac/builtin.py:126 msgid "OrgAuditor" msgstr "组织审计员" -#: rbac/builtin.py:126 +#: rbac/builtin.py:129 msgid "OrgUser" msgstr "组织用户" @@ -3294,17 +3298,21 @@ msgstr "组织角色" msgid "Role binding" msgstr "角色绑定" -#: rbac/models/rolebinding.py:159 +#: rbac/models/rolebinding.py:137 +msgid "All organizations" +msgstr "所有组织" + +#: rbac/models/rolebinding.py:166 msgid "" "User last role in org, can not be delete, you can remove user from org " "instead" msgstr "用户最后一个角色,不能删除,你可以将用户从组织移除" -#: rbac/models/rolebinding.py:166 +#: rbac/models/rolebinding.py:173 msgid "Organization role binding" msgstr "组织角色绑定" -#: rbac/models/rolebinding.py:181 +#: rbac/models/rolebinding.py:188 msgid "System role binding" msgstr "系统角色绑定" @@ -4699,7 +4707,7 @@ msgid "Output" msgstr "输出" #: terminal/backends/command/models.py:25 terminal/models/replay.py:9 -#: terminal/models/sharing.py:19 terminal/models/sharing.py:76 +#: terminal/models/sharing.py:19 terminal/models/sharing.py:78 #: terminal/templates/terminal/_msg_command_alert.html:10 #: tickets/models/ticket/command_confirm.py:20 msgid "Session" @@ -4821,7 +4829,7 @@ msgstr "可以上传会话录像" msgid "Can download session replay" msgstr "可以下载会话录像" -#: terminal/models/session.py:50 terminal/models/sharing.py:99 +#: terminal/models/session.py:50 terminal/models/sharing.py:101 msgid "Login from" msgstr "登录来源" @@ -4857,7 +4865,7 @@ msgstr "可以验证会话动作权限" msgid "Creator" msgstr "创建者" -#: terminal/models/sharing.py:26 terminal/models/sharing.py:78 +#: terminal/models/sharing.py:26 terminal/models/sharing.py:80 msgid "Verify code" msgstr "验证码" @@ -4865,7 +4873,7 @@ msgstr "验证码" msgid "Expired time (min)" msgstr "过期时间 (分)" -#: terminal/models/sharing.py:37 terminal/models/sharing.py:81 +#: terminal/models/sharing.py:37 terminal/models/sharing.py:83 msgid "Session sharing" msgstr "会话分享" @@ -4873,40 +4881,40 @@ msgstr "会话分享" msgid "Can add super session sharing" msgstr "可以创建超级会话分享" -#: terminal/models/sharing.py:64 +#: terminal/models/sharing.py:66 msgid "Link not active" msgstr "链接失效" -#: terminal/models/sharing.py:66 +#: terminal/models/sharing.py:68 msgid "Link expired" msgstr "链接过期" -#: terminal/models/sharing.py:68 +#: terminal/models/sharing.py:70 msgid "User not allowed to join" msgstr "该用户无权加入会话" -#: terminal/models/sharing.py:85 terminal/serializers/sharing.py:59 +#: terminal/models/sharing.py:87 terminal/serializers/sharing.py:59 msgid "Joiner" msgstr "加入者" -#: terminal/models/sharing.py:88 +#: terminal/models/sharing.py:90 msgid "Date joined" msgstr "加入日期" -#: terminal/models/sharing.py:91 +#: terminal/models/sharing.py:93 msgid "Date left" msgstr "结束日期" -#: terminal/models/sharing.py:109 tickets/const.py:26 +#: terminal/models/sharing.py:111 tickets/const.py:26 #: xpack/plugins/change_auth_plan/models/base.py:192 msgid "Finished" msgstr "结束" -#: terminal/models/sharing.py:114 +#: terminal/models/sharing.py:116 msgid "Session join record" msgstr "会话加入记录" -#: terminal/models/sharing.py:130 +#: terminal/models/sharing.py:132 msgid "Invalid verification code" msgstr "验证码不正确" diff --git a/apps/orgs/migrations/0013_alter_organization_options.py b/apps/orgs/migrations/0013_alter_organization_options.py new file mode 100644 index 000000000..e868a87a3 --- /dev/null +++ b/apps/orgs/migrations/0013_alter_organization_options.py @@ -0,0 +1,17 @@ +# Generated by Django 3.2.12 on 2022-07-18 05:57 + +from django.db import migrations + + +class Migration(migrations.Migration): + + dependencies = [ + ('orgs', '0012_auto_20220118_1054'), + ] + + operations = [ + migrations.AlterModelOptions( + name='organization', + options={'permissions': (('view_rootorg', 'Can view root org'), ('view_alljoinedorg', 'Can view all joined org')), 'verbose_name': 'Organization'}, + ), + ] diff --git a/apps/orgs/models.py b/apps/orgs/models.py index def83f509..c4208d7d0 100644 --- a/apps/orgs/models.py +++ b/apps/orgs/models.py @@ -80,6 +80,7 @@ class Organization(OrgRoleMixin, models.Model): verbose_name = _("Organization") permissions = ( ('view_rootorg', _('Can view root org')), + ('view_alljoinedorg', _('Can view all joined org')), ) def __str__(self): diff --git a/apps/rbac/builtin.py b/apps/rbac/builtin.py index f5b030d2b..93b058504 100644 --- a/apps/rbac/builtin.py +++ b/apps/rbac/builtin.py @@ -5,6 +5,9 @@ from .const import Scope, system_exclude_permissions, org_exclude_permissions _view_root_perms = ( ('orgs', 'organization', 'view', 'rootorg'), ) +_view_all_joined_org_perms = ( + ('orgs', 'organization', 'view', 'alljoinedorg'), +) user_perms = ( ('rbac', 'menupermission', 'view', 'workbench'), @@ -24,7 +27,7 @@ system_user_perms = ( ('authentication', 'temptoken', 'add,change,view', 'temptoken'), ('authentication', 'accesskey', '*', '*'), ('tickets', 'ticket', 'view', 'ticket'), -) + user_perms + _view_root_perms +) + user_perms + _view_all_joined_org_perms _auditor_perms = ( ('rbac', 'menupermission', 'view', 'audit'), diff --git a/apps/rbac/models/rolebinding.py b/apps/rbac/models/rolebinding.py index 3caa83622..9b2256332 100644 --- a/apps/rbac/models/rolebinding.py +++ b/apps/rbac/models/rolebinding.py @@ -126,9 +126,16 @@ class RoleBinding(JMSModel): org_ids = [b.org.id for b in bindings if b.org] orgs = all_orgs.filter(id__in=org_ids) + workbench_perm = 'rbac.view_workbench' # 全局组织 - if orgs and user.has_perm('orgs.view_rootorg'): - orgs = [Organization.root(), *list(orgs)] + if orgs and perm != workbench_perm and user.has_perm('orgs.view_rootorg'): + root_org = Organization.root() + orgs = [root_org, *list(orgs)] + elif orgs and perm == workbench_perm and user.has_perm('orgs.view_alljoinedorg'): + # Todo: 先复用组织 + root_org = Organization.root() + root_org.name = _("All organizations") + orgs = [root_org, *list(orgs)] return orgs From 62d403bf216ec1611eba41307d050155f2f957b5 Mon Sep 17 00:00:00 2001 From: fit2bot <68588906+fit2bot@users.noreply.github.com> Date: Mon, 18 Jul 2022 19:24:17 +0800 Subject: [PATCH 3/6] fix: reverse console (#8615) Co-authored-by: feng626 <1304903146@qq.com> --- apps/common/utils/django.py | 20 +++++++++++++++----- apps/terminal/notifications.py | 2 +- 2 files changed, 16 insertions(+), 6 deletions(-) diff --git a/apps/common/utils/django.py b/apps/common/utils/django.py index 3e8066cef..1f3f83282 100644 --- a/apps/common/utils/django.py +++ b/apps/common/utils/django.py @@ -8,12 +8,14 @@ from django.utils import timezone from django.db import models from django.db.models.signals import post_save, pre_save - UUID_PATTERN = re.compile(r'[0-9a-zA-Z\-]{36}') -def reverse(view_name, urlconf=None, args=None, kwargs=None, - current_app=None, external=False, api_to_ui=False): +def reverse( + view_name, urlconf=None, args=None, kwargs=None, + current_app=None, external=False, api_to_ui=False, + is_console=False, is_audit=False, is_workbench=False +): url = dj_reverse(view_name, urlconf=urlconf, args=args, kwargs=kwargs, current_app=current_app) @@ -21,7 +23,15 @@ def reverse(view_name, urlconf=None, args=None, kwargs=None, site_url = settings.SITE_URL url = site_url.strip('/') + url if api_to_ui: - url = url.replace('api/v1', 'ui/#').rstrip('/') + replace_str = 'ui/#' + if is_console: + replace_str += '/console' + elif is_audit: + replace_str += '/audit' + elif is_workbench: + replace_str += '/workbench' + + url = url.replace('api/v1', replace_str).rstrip('/') return url @@ -38,7 +48,7 @@ def date_expired_default(): years = int(settings.DEFAULT_EXPIRED_YEARS) except TypeError: years = 70 - return timezone.now() + timezone.timedelta(days=365*years) + return timezone.now() + timezone.timedelta(days=365 * years) def union_queryset(*args, base_queryset=None): diff --git a/apps/terminal/notifications.py b/apps/terminal/notifications.py index 62bc50592..91509a901 100644 --- a/apps/terminal/notifications.py +++ b/apps/terminal/notifications.py @@ -130,7 +130,7 @@ class CommandExecutionAlert(CommandAlertMixin, SystemMessage): for asset in command['assets']: url = reverse( 'assets:asset-detail', kwargs={'pk': asset.id}, - api_to_ui=True, external=True + api_to_ui=True, external=True, is_console=True ) + '?oid={}'.format(asset.org_id) assets_with_url.append([asset, url]) From 0eab83f73b758024e3241251dac9081e5c4c6181 Mon Sep 17 00:00:00 2001 From: fit2bot <68588906+fit2bot@users.noreply.github.com> Date: Tue, 19 Jul 2022 10:49:15 +0800 Subject: [PATCH 4/6] =?UTF-8?q?fix:=20=E4=BF=AE=E6=94=B9=E7=BF=BB=E8=AF=91?= =?UTF-8?q?=20(#8616)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: feng626 <1304903146@qq.com> --- .../serializers/attrs/application_category/remote_app.py | 2 +- apps/locale/ja/LC_MESSAGES/django.mo | 4 ++-- apps/locale/ja/LC_MESSAGES/django.po | 6 +++++- apps/locale/zh/LC_MESSAGES/django.mo | 4 ++-- apps/locale/zh/LC_MESSAGES/django.po | 6 +++++- 5 files changed, 15 insertions(+), 7 deletions(-) diff --git a/apps/applications/serializers/attrs/application_category/remote_app.py b/apps/applications/serializers/attrs/application_category/remote_app.py index ad2610791..063af6daa 100644 --- a/apps/applications/serializers/attrs/application_category/remote_app.py +++ b/apps/applications/serializers/attrs/application_category/remote_app.py @@ -31,7 +31,7 @@ class ExistAssetPrimaryKeyRelatedField(serializers.PrimaryKeyRelatedField): class RemoteAppSerializer(serializers.Serializer): - asset_info = serializers.SerializerMethodField() + asset_info = serializers.SerializerMethodField(label=_('Asset Info')) asset = ExistAssetPrimaryKeyRelatedField( queryset=Asset.objects, required=True, label=_("Asset"), allow_null=True ) diff --git a/apps/locale/ja/LC_MESSAGES/django.mo b/apps/locale/ja/LC_MESSAGES/django.mo index e6d644bf9..7dbdfa16d 100644 --- a/apps/locale/ja/LC_MESSAGES/django.mo +++ b/apps/locale/ja/LC_MESSAGES/django.mo @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:94dbd28454eaced93affd6baeb1f7c2cb1b2c28a7144ccdcef6963a2fad92616 -size 128666 +oid sha256:0f2fdd3a7bd34a26d068fc6ce521d0ea9983c477b13536ba3f51700a554d4ae3 +size 128706 diff --git a/apps/locale/ja/LC_MESSAGES/django.po b/apps/locale/ja/LC_MESSAGES/django.po index e832dc06d..99652c84b 100644 --- a/apps/locale/ja/LC_MESSAGES/django.po +++ b/apps/locale/ja/LC_MESSAGES/django.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2022-07-18 14:01+0800\n" +"POT-Creation-Date: 2022-07-19 10:45+0800\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" @@ -412,6 +412,10 @@ msgstr "ホスト" msgid "Port" msgstr "ポート" +#: applications/serializers/attrs/application_category/remote_app.py:34 +msgid "Asset Info" +msgstr "資産情報" + #: applications/serializers/attrs/application_category/remote_app.py:39 #: applications/serializers/attrs/application_type/chrome.py:14 #: applications/serializers/attrs/application_type/mysql_workbench.py:14 diff --git a/apps/locale/zh/LC_MESSAGES/django.mo b/apps/locale/zh/LC_MESSAGES/django.mo index 3f244b4f6..33d7105d9 100644 --- a/apps/locale/zh/LC_MESSAGES/django.mo +++ b/apps/locale/zh/LC_MESSAGES/django.mo @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:3803a3c5301b92b11e1478dc674d8a95525203ff9636e8ab99914b660005aa37 -size 106048 +oid sha256:9c2b13f7242beec8786179e03de895bd3e9d8d6392b74c2398409c1bfa33d9f8 +size 106088 diff --git a/apps/locale/zh/LC_MESSAGES/django.po b/apps/locale/zh/LC_MESSAGES/django.po index 42deeb5ba..9a62aa8da 100644 --- a/apps/locale/zh/LC_MESSAGES/django.po +++ b/apps/locale/zh/LC_MESSAGES/django.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: JumpServer 0.3.3\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2022-07-18 14:01+0800\n" +"POT-Creation-Date: 2022-07-19 10:45+0800\n" "PO-Revision-Date: 2021-05-20 10:54+0800\n" "Last-Translator: ibuler \n" "Language-Team: JumpServer team\n" @@ -407,6 +407,10 @@ msgstr "主机" msgid "Port" msgstr "端口" +#: applications/serializers/attrs/application_category/remote_app.py:34 +msgid "Asset Info" +msgstr "资产信息" + #: applications/serializers/attrs/application_category/remote_app.py:39 #: applications/serializers/attrs/application_type/chrome.py:14 #: applications/serializers/attrs/application_type/mysql_workbench.py:14 From 585ddeb25ba790aa71c58984533f7bd57c2a879e Mon Sep 17 00:00:00 2001 From: fit2bot <68588906+fit2bot@users.noreply.github.com> Date: Tue, 19 Jul 2022 11:15:56 +0800 Subject: [PATCH 5/6] =?UTF-8?q?fix:=20=E6=8E=88=E6=9D=83=E8=BF=87=E6=9C=9F?= =?UTF-8?q?=E5=A4=A9=E6=95=B0=E4=BF=AE=E6=94=B9=20(#8618)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: feng626 <1304903146@qq.com> --- apps/perms/tasks.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/apps/perms/tasks.py b/apps/perms/tasks.py index da96beb68..786b7b285 100644 --- a/apps/perms/tasks.py +++ b/apps/perms/tasks.py @@ -73,7 +73,7 @@ def check_asset_permission_will_expired(): for asset_perm in asset_perms: date_expired = dt_parser(asset_perm.date_expired) - remain_days = (end - date_expired).days + remain_days = (date_expired - start).days org = asset_perm.org # 资产授权按照组织分类 @@ -121,7 +121,7 @@ def check_app_permission_will_expired(): for app_perm in app_perms: date_expired = dt_parser(app_perm.date_expired) - remain_days = (end - date_expired).days + remain_days = (date_expired - start).days org = app_perm.org if org in org_perm_remain_day_mapper[remain_days]: From cc2b858769dc407dd121a97b92d07d6cec62fbfa Mon Sep 17 00:00:00 2001 From: fit2bot <68588906+fit2bot@users.noreply.github.com> Date: Tue, 19 Jul 2022 15:57:02 +0800 Subject: [PATCH 6/6] =?UTF-8?q?fix:=20=E4=BF=AE=E5=A4=8D=E8=8E=B7=E5=8F=96?= =?UTF-8?q?=E4=BB=A4=E7=89=8C=E4=BF=A1=E6=81=AF=E7=9A=84remote=20app?= =?UTF-8?q?=E8=B5=84=E4=BA=A7=E4=BF=A1=E6=81=AF=20(#8619)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * fix: 修复连接令牌只获取自己的令牌信息;修复连接令牌系统用户角色权限问题(普通用户看不到); * fix: 修复获取令牌信息的remote app资产信息 * fix: 修复获取用户个人信息时使用连接令牌 * fix: 修复获取profile时的连接令牌问题 * fix: 修复连接令牌问题 * fix: 修复连接令牌问题 Co-authored-by: Jiangjie.Bai --- apps/authentication/api/connection_token.py | 4 +++- apps/authentication/models.py | 7 +++++++ .../serializers/connection_token.py | 2 +- apps/rbac/builtin.py | 2 +- apps/rbac/models/permission.py | 4 ++-- apps/users/api/profile.py | 20 ++++++++++++++++++- 6 files changed, 33 insertions(+), 6 deletions(-) diff --git a/apps/authentication/api/connection_token.py b/apps/authentication/api/connection_token.py index 60b91e4db..c0f85757d 100644 --- a/apps/authentication/api/connection_token.py +++ b/apps/authentication/api/connection_token.py @@ -231,7 +231,9 @@ class ConnectionTokenViewSet(ConnectionTokenMixin, RootOrgViewMixin, JMSModelVie 'get_rdp_file': 'authentication.add_connectiontoken', 'get_client_protocol_url': 'authentication.add_connectiontoken', } - queryset = ConnectionToken.objects.all() + + def get_queryset(self): + return ConnectionToken.objects.filter(user=self.request.user) def create_connection_token(self): data = self.request.query_params if self.request.method == 'GET' else self.request.data diff --git a/apps/authentication/models.py b/apps/authentication/models.py index d04a3fa4e..518db566c 100644 --- a/apps/authentication/models.py +++ b/apps/authentication/models.py @@ -228,6 +228,13 @@ class ConnectionToken(OrgModelMixin, models.JMSModel): return {} return self.application.get_rdp_remote_app_setting() + @lazyproperty + def asset_or_remote_app_asset(self): + if self.asset: + return self.asset + if self.application and self.application.category_remote_app: + return self.application.get_remote_app_asset() + @lazyproperty def cmd_filter_rules(self): from assets.models import CommandFilterRule diff --git a/apps/authentication/serializers/connection_token.py b/apps/authentication/serializers/connection_token.py index 0e811cbaa..5c3bef5a2 100644 --- a/apps/authentication/serializers/connection_token.py +++ b/apps/authentication/serializers/connection_token.py @@ -177,7 +177,7 @@ class ConnectionTokenCmdFilterRuleSerializer(serializers.ModelSerializer): class ConnectionTokenSecretSerializer(OrgResourceModelSerializerMixin): user = ConnectionTokenUserSerializer(read_only=True) - asset = ConnectionTokenAssetSerializer(read_only=True) + asset = ConnectionTokenAssetSerializer(read_only=True, source='asset_or_remote_app_asset') application = ConnectionTokenApplicationSerializer(read_only=True) remote_app = ConnectionTokenRemoteAppSerializer(read_only=True) system_user = ConnectionTokenSystemUserSerializer(read_only=True) diff --git a/apps/rbac/builtin.py b/apps/rbac/builtin.py index 93b058504..c56326601 100644 --- a/apps/rbac/builtin.py +++ b/apps/rbac/builtin.py @@ -23,7 +23,7 @@ user_perms = ( ) system_user_perms = ( - ('authentication', 'connectiontoken', 'add', 'connectiontoken'), + ('authentication', 'connectiontoken', 'add,view', 'connectiontoken'), ('authentication', 'temptoken', 'add,change,view', 'temptoken'), ('authentication', 'accesskey', '*', '*'), ('tickets', 'ticket', 'view', 'ticket'), diff --git a/apps/rbac/models/permission.py b/apps/rbac/models/permission.py index bc8fa6231..5b98b6045 100644 --- a/apps/rbac/models/permission.py +++ b/apps/rbac/models/permission.py @@ -60,11 +60,11 @@ class Permission(DjangoPermission): if actions == '*' and resource == '*': pass elif actions == '*' and resource != '*': - kwargs['codename__iregex'] = r'[a-z]+_{}'.format(resource) + kwargs['codename__iregex'] = r'[a-z]+_{}$'.format(resource) elif actions != '*' and resource == '*': kwargs['codename__iregex'] = r'({})_[a-z]+'.format(actions_regex) else: - kwargs['codename__iregex'] = r'({})_{}'.format(actions_regex, resource) + kwargs['codename__iregex'] = r'({})_{}$'.format(actions_regex, resource) q |= Q(**kwargs) return q diff --git a/apps/users/api/profile.py b/apps/users/api/profile.py index 3f5605144..b916c47a9 100644 --- a/apps/users/api/profile.py +++ b/apps/users/api/profile.py @@ -3,6 +3,10 @@ import uuid from rest_framework import generics from rest_framework.permissions import IsAuthenticated +from common.permissions import IsValidUserOrConnectionToken +from common.utils import get_object_or_none +from orgs.utils import tmp_to_root_org +from authentication.models import ConnectionToken from users.notifications import ( ResetPasswordMsg, ResetPasswordSuccessMsg, ResetSSHKeyMsg, @@ -44,12 +48,26 @@ class UserResetPKApi(UserQuerysetMixin, generics.UpdateAPIView): class UserProfileApi(generics.RetrieveUpdateAPIView): - permission_classes = (IsAuthenticated,) + permission_classes = (IsValidUserOrConnectionToken,) serializer_class = serializers.UserProfileSerializer def get_object(self): + if self.request.user.is_anonymous: + user = self.get_connection_token_user() + if user: + return user return self.request.user + def get_connection_token_user(self): + token_id = self.request.query_params.get('token') + if not token_id: + return + with tmp_to_root_org(): + token = get_object_or_none(ConnectionToken, id=token_id) + if not token: + return + return token.user + class UserPasswordApi(generics.RetrieveUpdateAPIView): permission_classes = (IsAuthenticated,)