diff --git a/apps/jumpserver/conf.py b/apps/jumpserver/conf.py index 741a0e5db..d2f99e85f 100644 --- a/apps/jumpserver/conf.py +++ b/apps/jumpserver/conf.py @@ -606,7 +606,9 @@ class Config(dict): 'GPT_MODEL': 'gpt-3.5-turbo', 'VIRTUAL_APP_ENABLED': False, - 'FILE_UPLOAD_SIZE_LIMIT_MB': 200 + 'FILE_UPLOAD_SIZE_LIMIT_MB': 200, + + 'TICKET_APPLY_ASSET_SCOPE': 'all' } old_config_map = { diff --git a/apps/jumpserver/settings/custom.py b/apps/jumpserver/settings/custom.py index 2457b28b1..ed5cc61a9 100644 --- a/apps/jumpserver/settings/custom.py +++ b/apps/jumpserver/settings/custom.py @@ -227,3 +227,5 @@ GPT_MODEL = CONFIG.GPT_MODEL VIRTUAL_APP_ENABLED = CONFIG.VIRTUAL_APP_ENABLED FILE_UPLOAD_SIZE_LIMIT_MB = CONFIG.FILE_UPLOAD_SIZE_LIMIT_MB + +TICKET_APPLY_ASSET_SCOPE = CONFIG.TICKET_APPLY_ASSET_SCOPE diff --git a/apps/locale/ja/LC_MESSAGES/django.mo b/apps/locale/ja/LC_MESSAGES/django.mo index 155ab1500..fcb22bbe4 100644 --- a/apps/locale/ja/LC_MESSAGES/django.mo +++ b/apps/locale/ja/LC_MESSAGES/django.mo @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:84c1ff8fcd2a035e5c0919aa1337ac85d22f0e4676eca33dddfdcf7896717f99 -size 171105 +oid sha256:6a7f3882356366531dca8e6459bc4bc50dcbd1e0cf0c379ac93ee3bd1b679d3c +size 171329 diff --git a/apps/locale/ja/LC_MESSAGES/django.po b/apps/locale/ja/LC_MESSAGES/django.po index 968eab5bb..534a78731 100644 --- a/apps/locale/ja/LC_MESSAGES/django.po +++ b/apps/locale/ja/LC_MESSAGES/django.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2024-01-24 19:44+0800\n" +"POT-Creation-Date: 2024-01-25 15:38+0800\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" @@ -365,7 +365,7 @@ msgstr "アカウントバックアップ計画" #: accounts/models/automations/backup_account.py:119 #: assets/models/automations/base.py:115 audits/models.py:65 -#: ops/models/base.py:55 ops/models/celery.py:86 ops/models/job.py:235 +#: ops/models/base.py:55 ops/models/celery.py:86 ops/models/job.py:237 #: ops/templates/ops/celery_task_log.html:75 #: perms/models/asset_permission.py:78 #: settings/templates/ldap/_msg_import_ldap_user.html:5 @@ -476,14 +476,14 @@ msgstr "開始日" #: accounts/models/automations/change_secret.py:42 #: assets/models/automations/base.py:116 ops/models/base.py:56 -#: ops/models/celery.py:87 ops/models/job.py:236 +#: ops/models/celery.py:87 ops/models/job.py:238 #: terminal/models/applet/host.py:142 msgid "Date finished" msgstr "終了日" #: accounts/models/automations/change_secret.py:43 #: assets/models/automations/base.py:113 audits/models.py:208 -#: audits/serializers.py:54 ops/models/base.py:49 ops/models/job.py:227 +#: audits/serializers.py:54 ops/models/base.py:49 ops/models/job.py:229 #: terminal/models/applet/applet.py:320 terminal/models/applet/host.py:140 #: terminal/models/component/status.py:30 #: terminal/models/virtualapp/virtualapp.py:99 @@ -609,7 +609,7 @@ msgstr "パスワードルール" #: authentication/serializers/connect_token_secret.py:113 #: authentication/serializers/connect_token_secret.py:168 labels/models.py:11 #: ops/mixin.py:21 ops/models/adhoc.py:20 ops/models/celery.py:15 -#: ops/models/celery.py:80 ops/models/job.py:136 ops/models/playbook.py:28 +#: ops/models/celery.py:80 ops/models/job.py:138 ops/models/playbook.py:28 #: ops/serializers/job.py:18 orgs/models.py:82 #: perms/models/asset_permission.py:61 rbac/models/role.py:29 #: settings/models.py:33 settings/models.py:181 settings/serializers/msg.py:89 @@ -763,7 +763,7 @@ msgstr "カテゴリ" #: assets/serializers/asset/common.py:126 assets/serializers/platform.py:120 #: assets/serializers/platform.py:139 audits/serializers.py:53 #: audits/serializers.py:170 -#: authentication/serializers/connect_token_secret.py:126 ops/models/job.py:144 +#: authentication/serializers/connect_token_secret.py:126 ops/models/job.py:146 #: perms/serializers/user_permission.py:27 terminal/models/applet/applet.py:39 #: terminal/models/component/storage.py:57 #: terminal/models/component/storage.py:146 terminal/serializers/applet.py:29 @@ -800,7 +800,7 @@ msgstr "編集済み" #: assets/models/automations/base.py:19 #: assets/serializers/automations/base.py:20 #: authentication/api/connection_token.py:404 ops/models/base.py:17 -#: ops/models/job.py:146 ops/serializers/job.py:19 +#: ops/models/job.py:148 ops/serializers/job.py:19 #: terminal/templates/terminal/_msg_command_execute_alert.html:16 msgid "Assets" msgstr "資産" @@ -931,7 +931,7 @@ msgstr "关联平台,可以配置推送参数,如果不关联,则使用默 #: accounts/serializers/account/virtual.py:19 assets/models/_user.py:27 #: assets/models/cmd_filter.py:40 assets/models/cmd_filter.py:88 #: assets/models/group.py:20 common/db/models.py:36 ops/models/adhoc.py:26 -#: ops/models/job.py:152 ops/models/playbook.py:31 rbac/models/role.py:37 +#: ops/models/job.py:154 ops/models/playbook.py:31 rbac/models/role.py:37 #: settings/models.py:38 terminal/models/applet/applet.py:45 #: terminal/models/applet/applet.py:321 terminal/models/applet/host.py:143 #: terminal/models/component/endpoint.py:25 @@ -1330,7 +1330,7 @@ msgstr "アプリケーション" msgid "Can match application" msgstr "アプリケーションを一致させることができます" -#: assets/api/asset/asset.py:179 +#: assets/api/asset/asset.py:180 msgid "Cannot create asset directly, you should create a host or other" msgstr "" "資産を直接作成することはできません。ホストまたはその他を作成する必要がありま" @@ -1635,7 +1635,7 @@ msgstr "SSHパブリックキー" #: assets/models/_user.py:28 assets/models/automations/base.py:114 #: assets/models/cmd_filter.py:41 assets/models/group.py:19 #: audits/models.py:267 common/db/models.py:34 ops/models/base.py:54 -#: ops/models/job.py:234 users/models/user.py:1042 +#: ops/models/job.py:236 users/models/user.py:1042 msgid "Date created" msgstr "作成された日付" @@ -1804,7 +1804,7 @@ msgstr "証明書チェックを無視" msgid "Proxy" msgstr "プロキシー" -#: assets/models/automations/base.py:22 ops/models/job.py:230 +#: assets/models/automations/base.py:22 ops/models/job.py:232 #: settings/serializers/auth/sms.py:103 msgid "Parameters" msgstr "パラメータ" @@ -2566,7 +2566,7 @@ msgid "Offline user session" msgstr "オフラインユーザセッション" #: audits/serializers.py:33 ops/models/adhoc.py:25 ops/models/base.py:16 -#: ops/models/base.py:53 ops/models/job.py:145 ops/models/job.py:233 +#: ops/models/base.py:53 ops/models/job.py:147 ops/models/job.py:235 #: ops/models/playbook.py:30 terminal/models/session/sharing.py:25 msgid "Creator" msgstr "作成者" @@ -2735,7 +2735,7 @@ msgid "Authentication" msgstr "認証" #: authentication/backends/custom.py:59 -#: authentication/backends/oauth2/backends.py:170 +#: authentication/backends/oauth2/backends.py:173 msgid "User invalid, disabled or expired" msgstr "ユーザーが無効、無効、または期限切れです" @@ -4157,7 +4157,7 @@ msgstr "VCS" msgid "Adhoc" msgstr "コマンド#コマンド#" -#: ops/const.py:39 ops/models/job.py:143 +#: ops/const.py:39 ops/models/job.py:145 msgid "Playbook" msgstr "Playbook" @@ -4242,11 +4242,11 @@ msgstr "定期的または定期的に設定を行う必要があります" msgid "Pattern" msgstr "パターン" -#: ops/models/adhoc.py:23 ops/models/job.py:140 +#: ops/models/adhoc.py:23 ops/models/job.py:142 msgid "Module" msgstr "モジュール" -#: ops/models/adhoc.py:24 ops/models/celery.py:81 ops/models/job.py:138 +#: ops/models/adhoc.py:24 ops/models/celery.py:81 ops/models/job.py:140 #: terminal/models/component/task.py:14 msgid "Args" msgstr "アルグ" @@ -4265,12 +4265,12 @@ msgstr "最後の実行" msgid "Date last run" msgstr "最終実行日" -#: ops/models/base.py:51 ops/models/job.py:231 +#: ops/models/base.py:51 ops/models/job.py:233 #: xpack/plugins/cloud/models.py:202 msgid "Result" msgstr "結果" -#: ops/models/base.py:52 ops/models/job.py:232 +#: ops/models/base.py:52 ops/models/job.py:234 msgid "Summary" msgstr "概要" @@ -4303,43 +4303,43 @@ msgstr "発売日" msgid "Celery Task Execution" msgstr "Celery タスク実行" -#: ops/models/job.py:141 +#: ops/models/job.py:143 msgid "Chdir" msgstr "実行ディレクトリ" -#: ops/models/job.py:142 +#: ops/models/job.py:144 msgid "Timeout (Seconds)" msgstr "タイムアウト(秒)" -#: ops/models/job.py:147 +#: ops/models/job.py:149 msgid "Use Parameter Define" msgstr "パラメータ定義を使用する" -#: ops/models/job.py:148 +#: ops/models/job.py:150 msgid "Parameters define" msgstr "パラメータ定義" -#: ops/models/job.py:149 +#: ops/models/job.py:151 msgid "Runas" msgstr "ユーザーとして実行" -#: ops/models/job.py:151 +#: ops/models/job.py:153 msgid "Runas policy" msgstr "ユーザー ポリシー" -#: ops/models/job.py:215 +#: ops/models/job.py:217 msgid "Job" msgstr "ジョブ#ジョブ#" -#: ops/models/job.py:238 +#: ops/models/job.py:240 msgid "Material" msgstr "Material" -#: ops/models/job.py:240 +#: ops/models/job.py:242 msgid "Material Type" msgstr "Material を選択してオプションを設定します。" -#: ops/models/job.py:557 +#: ops/models/job.py:559 msgid "Job Execution" msgstr "ジョブ実行" @@ -7391,6 +7391,18 @@ msgstr "スーパー管理者" msgid "Super admin and org admin" msgstr "スーパーadminとorg admin" +#: tickets/const.py:62 +msgid "All assets" +msgstr "すべての資産" + +#: tickets/const.py:63 +msgid "Permed assets" +msgstr "許可された資産" + +#: tickets/const.py:64 +msgid "Permed valid assets" +msgstr "有効な許可を受けた資産" + #: tickets/errors.py:9 msgid "Ticket already closed" msgstr "チケットはすでに閉じています" @@ -8520,7 +8532,7 @@ msgstr "そして" msgid "Or" msgstr "または" -#: xpack/plugins/cloud/manager.py:56 +#: xpack/plugins/cloud/manager.py:57 msgid "Account unavailable" msgstr "利用できないアカウント" diff --git a/apps/locale/zh/LC_MESSAGES/django.mo b/apps/locale/zh/LC_MESSAGES/django.mo index b1ddceb46..d860b75f5 100644 --- a/apps/locale/zh/LC_MESSAGES/django.mo +++ b/apps/locale/zh/LC_MESSAGES/django.mo @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:2d6388bc60eeeb67f9bc5deaf8aec65a6027bfebad2fb994104841775cdb912d -size 140312 +oid sha256:82a37a09d6142219f93f871746f9bc036bff1df07d10f273f8ea8b26c5dbd63b +size 140456 diff --git a/apps/locale/zh/LC_MESSAGES/django.po b/apps/locale/zh/LC_MESSAGES/django.po index 15809ca09..93e984fb7 100644 --- a/apps/locale/zh/LC_MESSAGES/django.po +++ b/apps/locale/zh/LC_MESSAGES/django.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: JumpServer 0.3.3\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2024-01-24 19:44+0800\n" +"POT-Creation-Date: 2024-01-25 15:38+0800\n" "PO-Revision-Date: 2021-05-20 10:54+0800\n" "Last-Translator: ibuler \n" "Language-Team: JumpServer team\n" @@ -364,7 +364,7 @@ msgstr "账号备份计划" #: accounts/models/automations/backup_account.py:119 #: assets/models/automations/base.py:115 audits/models.py:65 -#: ops/models/base.py:55 ops/models/celery.py:86 ops/models/job.py:235 +#: ops/models/base.py:55 ops/models/celery.py:86 ops/models/job.py:237 #: ops/templates/ops/celery_task_log.html:75 #: perms/models/asset_permission.py:78 #: settings/templates/ldap/_msg_import_ldap_user.html:5 @@ -475,14 +475,14 @@ msgstr "开始日期" #: accounts/models/automations/change_secret.py:42 #: assets/models/automations/base.py:116 ops/models/base.py:56 -#: ops/models/celery.py:87 ops/models/job.py:236 +#: ops/models/celery.py:87 ops/models/job.py:238 #: terminal/models/applet/host.py:142 msgid "Date finished" msgstr "结束日期" #: accounts/models/automations/change_secret.py:43 #: assets/models/automations/base.py:113 audits/models.py:208 -#: audits/serializers.py:54 ops/models/base.py:49 ops/models/job.py:227 +#: audits/serializers.py:54 ops/models/base.py:49 ops/models/job.py:229 #: terminal/models/applet/applet.py:320 terminal/models/applet/host.py:140 #: terminal/models/component/status.py:30 #: terminal/models/virtualapp/virtualapp.py:99 @@ -608,7 +608,7 @@ msgstr "密码规则" #: authentication/serializers/connect_token_secret.py:113 #: authentication/serializers/connect_token_secret.py:168 labels/models.py:11 #: ops/mixin.py:21 ops/models/adhoc.py:20 ops/models/celery.py:15 -#: ops/models/celery.py:80 ops/models/job.py:136 ops/models/playbook.py:28 +#: ops/models/celery.py:80 ops/models/job.py:138 ops/models/playbook.py:28 #: ops/serializers/job.py:18 orgs/models.py:82 #: perms/models/asset_permission.py:61 rbac/models/role.py:29 #: settings/models.py:33 settings/models.py:181 settings/serializers/msg.py:89 @@ -761,7 +761,7 @@ msgstr "类别" #: assets/serializers/asset/common.py:126 assets/serializers/platform.py:120 #: assets/serializers/platform.py:139 audits/serializers.py:53 #: audits/serializers.py:170 -#: authentication/serializers/connect_token_secret.py:126 ops/models/job.py:144 +#: authentication/serializers/connect_token_secret.py:126 ops/models/job.py:146 #: perms/serializers/user_permission.py:27 terminal/models/applet/applet.py:39 #: terminal/models/component/storage.py:57 #: terminal/models/component/storage.py:146 terminal/serializers/applet.py:29 @@ -798,7 +798,7 @@ msgstr "已修改" #: assets/models/automations/base.py:19 #: assets/serializers/automations/base.py:20 #: authentication/api/connection_token.py:404 ops/models/base.py:17 -#: ops/models/job.py:146 ops/serializers/job.py:19 +#: ops/models/job.py:148 ops/serializers/job.py:19 #: terminal/templates/terminal/_msg_command_execute_alert.html:16 msgid "Assets" msgstr "资产" @@ -929,7 +929,7 @@ msgstr "关联平台,可配置推送参数,如果不关联,将使用默认 #: accounts/serializers/account/virtual.py:19 assets/models/_user.py:27 #: assets/models/cmd_filter.py:40 assets/models/cmd_filter.py:88 #: assets/models/group.py:20 common/db/models.py:36 ops/models/adhoc.py:26 -#: ops/models/job.py:152 ops/models/playbook.py:31 rbac/models/role.py:37 +#: ops/models/job.py:154 ops/models/playbook.py:31 rbac/models/role.py:37 #: settings/models.py:38 terminal/models/applet/applet.py:45 #: terminal/models/applet/applet.py:321 terminal/models/applet/host.py:143 #: terminal/models/component/endpoint.py:25 @@ -1324,7 +1324,7 @@ msgstr "应用程序" msgid "Can match application" msgstr "匹配应用" -#: assets/api/asset/asset.py:179 +#: assets/api/asset/asset.py:180 msgid "Cannot create asset directly, you should create a host or other" msgstr "不能直接创建资产, 你应该创建主机或其他资产" @@ -1627,7 +1627,7 @@ msgstr "SSH公钥" #: assets/models/_user.py:28 assets/models/automations/base.py:114 #: assets/models/cmd_filter.py:41 assets/models/group.py:19 #: audits/models.py:267 common/db/models.py:34 ops/models/base.py:54 -#: ops/models/job.py:234 users/models/user.py:1042 +#: ops/models/job.py:236 users/models/user.py:1042 msgid "Date created" msgstr "创建日期" @@ -1796,7 +1796,7 @@ msgstr "忽略证书校验" msgid "Proxy" msgstr "代理" -#: assets/models/automations/base.py:22 ops/models/job.py:230 +#: assets/models/automations/base.py:22 ops/models/job.py:232 #: settings/serializers/auth/sms.py:103 msgid "Parameters" msgstr "参数" @@ -2549,7 +2549,7 @@ msgid "Offline user session" msgstr "下线用户会话" #: audits/serializers.py:33 ops/models/adhoc.py:25 ops/models/base.py:16 -#: ops/models/base.py:53 ops/models/job.py:145 ops/models/job.py:233 +#: ops/models/base.py:53 ops/models/job.py:147 ops/models/job.py:235 #: ops/models/playbook.py:30 terminal/models/session/sharing.py:25 msgid "Creator" msgstr "创建者" @@ -2714,7 +2714,7 @@ msgid "Authentication" msgstr "认证" #: authentication/backends/custom.py:59 -#: authentication/backends/oauth2/backends.py:170 +#: authentication/backends/oauth2/backends.py:173 msgid "User invalid, disabled or expired" msgstr "用户无效,已禁用或已过期" @@ -4106,7 +4106,7 @@ msgstr "VCS" msgid "Adhoc" msgstr "命令" -#: ops/const.py:39 ops/models/job.py:143 +#: ops/const.py:39 ops/models/job.py:145 msgid "Playbook" msgstr "Playbook" @@ -4191,11 +4191,11 @@ msgstr "需要周期或定期设置" msgid "Pattern" msgstr "模式" -#: ops/models/adhoc.py:23 ops/models/job.py:140 +#: ops/models/adhoc.py:23 ops/models/job.py:142 msgid "Module" msgstr "模块" -#: ops/models/adhoc.py:24 ops/models/celery.py:81 ops/models/job.py:138 +#: ops/models/adhoc.py:24 ops/models/celery.py:81 ops/models/job.py:140 #: terminal/models/component/task.py:14 msgid "Args" msgstr "参数" @@ -4214,12 +4214,12 @@ msgstr "最后执行" msgid "Date last run" msgstr "最后运行日期" -#: ops/models/base.py:51 ops/models/job.py:231 +#: ops/models/base.py:51 ops/models/job.py:233 #: xpack/plugins/cloud/models.py:202 msgid "Result" msgstr "结果" -#: ops/models/base.py:52 ops/models/job.py:232 +#: ops/models/base.py:52 ops/models/job.py:234 msgid "Summary" msgstr "汇总" @@ -4252,43 +4252,43 @@ msgstr "发布日期" msgid "Celery Task Execution" msgstr "Celery 任务执行" -#: ops/models/job.py:141 +#: ops/models/job.py:143 msgid "Chdir" msgstr "运行目录" -#: ops/models/job.py:142 +#: ops/models/job.py:144 msgid "Timeout (Seconds)" msgstr "超时时间 (秒)" -#: ops/models/job.py:147 +#: ops/models/job.py:149 msgid "Use Parameter Define" msgstr "使用参数定义" -#: ops/models/job.py:148 +#: ops/models/job.py:150 msgid "Parameters define" msgstr "参数定义" -#: ops/models/job.py:149 +#: ops/models/job.py:151 msgid "Runas" msgstr "运行用户" -#: ops/models/job.py:151 +#: ops/models/job.py:153 msgid "Runas policy" msgstr "用户策略" -#: ops/models/job.py:215 +#: ops/models/job.py:217 msgid "Job" msgstr "作业" -#: ops/models/job.py:238 +#: ops/models/job.py:240 msgid "Material" msgstr "Material" -#: ops/models/job.py:240 +#: ops/models/job.py:242 msgid "Material Type" msgstr "Material 类型" -#: ops/models/job.py:557 +#: ops/models/job.py:559 msgid "Job Execution" msgstr "作业执行" @@ -7287,6 +7287,18 @@ msgstr "超级管理员" msgid "Super admin and org admin" msgstr "组织管理员或超级管理员" +#: tickets/const.py:62 +msgid "All assets" +msgstr "所有资产" + +#: tickets/const.py:63 +msgid "Permed assets" +msgstr "授权的资产" + +#: tickets/const.py:64 +msgid "Permed valid assets" +msgstr "有效授权的资产" + #: tickets/errors.py:9 msgid "Ticket already closed" msgstr "工单已经关闭" @@ -8396,7 +8408,7 @@ msgstr "与" msgid "Or" msgstr "或" -#: xpack/plugins/cloud/manager.py:56 +#: xpack/plugins/cloud/manager.py:57 msgid "Account unavailable" msgstr "账号无效" diff --git a/apps/perms/utils/permission.py b/apps/perms/utils/permission.py index 036dabef2..859f579be 100644 --- a/apps/perms/utils/permission.py +++ b/apps/perms/utils/permission.py @@ -13,7 +13,7 @@ class AssetPermissionUtil(object): """ 资产授权相关的方法工具 """ @timeit - def get_permissions_for_user(self, user, with_group=True, flat=False): + def get_permissions_for_user(self, user, with_group=True, flat=False, with_expired=False): """ 获取用户的授权规则 """ perm_ids = set() # user @@ -25,7 +25,7 @@ class AssetPermissionUtil(object): groups = user.groups.all() group_perm_ids = self.get_permissions_for_user_groups(groups, flat=True) perm_ids.update(group_perm_ids) - perms = self.get_permissions(ids=perm_ids) + perms = self.get_permissions(ids=perm_ids, with_expired=with_expired) if flat: return perms.values_list('id', flat=True) return perms @@ -102,6 +102,8 @@ class AssetPermissionUtil(object): return model.objects.filter(id__in=ids) @staticmethod - def get_permissions(ids): - perms = AssetPermission.objects.filter(id__in=ids).valid().order_by('-date_expired') - return perms + def get_permissions(ids, with_expired=False): + perms = AssetPermission.objects.filter(id__in=ids) + if not with_expired: + perms = perms.valid() + return perms.order_by('-date_expired') diff --git a/apps/perms/utils/user_perm.py b/apps/perms/utils/user_perm.py index cbcecc99d..1fc4e86bf 100644 --- a/apps/perms/utils/user_perm.py +++ b/apps/perms/utils/user_perm.py @@ -29,14 +29,19 @@ class AssetPermissionPermAssetUtil: # 比原来的查到所有 asset id 再搜索块很多,因为当资产量大的时候,搜索会很慢 return (node_assets | direct_assets).order_by().distinct() - @timeit - def get_perm_nodes_assets(self): - """ 获取所有授权节点下的资产 """ + def get_perm_nodes(self): + """ 获取所有授权节点 """ nodes_ids = AssetPermission.objects \ .filter(id__in=self.perm_ids) \ .values_list('nodes', flat=True) nodes_ids = set(nodes_ids) nodes = Node.objects.filter(id__in=nodes_ids).only('id', 'key') + return nodes + + @timeit + def get_perm_nodes_assets(self): + """ 获取所有授权节点下的资产 """ + nodes = self.get_perm_nodes() assets = PermNode.get_nodes_all_assets(*nodes, distinct=False) return assets diff --git a/apps/tickets/api/__init__.py b/apps/tickets/api/__init__.py index 645133d8e..1c66b843b 100644 --- a/apps/tickets/api/__init__.py +++ b/apps/tickets/api/__init__.py @@ -5,3 +5,4 @@ from .ticket import * from .comment import * from .relation import * from .super_ticket import * +from .perms import * diff --git a/apps/tickets/api/perms.py b/apps/tickets/api/perms.py new file mode 100644 index 000000000..fb7d7a138 --- /dev/null +++ b/apps/tickets/api/perms.py @@ -0,0 +1,66 @@ +from django.conf import settings + +from assets.models import Asset, Node +from assets.serializers.asset.common import MiniAssetSerializer +from assets.serializers.node import NodeSerializer +from common.api import SuggestionMixin +from orgs.mixins.api import OrgReadonlyModelViewSet +from perms.utils import AssetPermissionPermAssetUtil +from perms.utils.permission import AssetPermissionUtil +from tickets.const import TicketApplyAssetScope + +__all__ = ['ApplyAssetsViewSet', 'ApplyNodesViewSet'] + + +class ApplyAssetsViewSet(OrgReadonlyModelViewSet, SuggestionMixin): + model = Asset + serializer_class = MiniAssetSerializer + rbac_perms = ( + ("match", "assets.match_asset"), + ) + + search_fields = ("name", "address", "comment") + + def get_queryset(self): + if TicketApplyAssetScope.is_permed(): + queryset = self.get_assets(with_expired=True) + elif TicketApplyAssetScope.is_permed_valid(): + queryset = self.get_assets() + else: + queryset = super().get_queryset() + return queryset + + def get_assets(self, with_expired=False): + perms = AssetPermissionUtil().get_permissions_for_user( + self.request.user, flat=True, with_expired=with_expired + ) + util = AssetPermissionPermAssetUtil(perms) + assets = util.get_all_assets() + return assets + + +class ApplyNodesViewSet(OrgReadonlyModelViewSet, SuggestionMixin): + model = Node + serializer_class = NodeSerializer + rbac_perms = ( + ("match", "assets.match_node"), + ) + + search_fields = ('full_value',) + + def get_queryset(self): + if TicketApplyAssetScope.is_permed(): + queryset = self.get_nodes(with_expired=True) + elif TicketApplyAssetScope.is_permed_valid(): + queryset = self.get_nodes() + else: + queryset = super().get_queryset() + return queryset + + def get_nodes(self, with_expired=False): + perms = AssetPermissionUtil().get_permissions_for_user( + self.request.user, flat=True, with_expired=with_expired + ) + util = AssetPermissionPermAssetUtil(perms) + nodes = util.get_perm_nodes() + return nodes diff --git a/apps/tickets/const.py b/apps/tickets/const.py index a2a5ec981..09c1b39e4 100644 --- a/apps/tickets/const.py +++ b/apps/tickets/const.py @@ -1,3 +1,4 @@ +from django.conf import settings from django.db.models import TextChoices, IntegerChoices from django.utils.translation import gettext_lazy as _ @@ -56,3 +57,21 @@ class TicketApprovalStrategy(TextChoices): custom_user = 'custom_user', _("Custom user") super_admin = 'super_admin', _("Super admin") super_org_admin = 'super_org_admin', _("Super admin and org admin") + + +class TicketApplyAssetScope(TextChoices): + all = 'all', _("All assets") + permed = 'permed', _("Permed assets") + permed_valid = 'permed_valid', _('Permed valid assets') + + @classmethod + def get_scope(cls): + return settings.TICKET_APPLY_ASSET_SCOPE.lower() + + @classmethod + def is_permed(cls): + return cls.get_scope() == cls.permed + + @classmethod + def is_permed_valid(cls): + return cls.get_scope() == cls.permed_valid diff --git a/apps/tickets/urls/api_urls.py b/apps/tickets/urls/api_urls.py index 9cc72d815..88b203d84 100644 --- a/apps/tickets/urls/api_urls.py +++ b/apps/tickets/urls/api_urls.py @@ -16,6 +16,8 @@ router.register('apply-login-tickets', api.ApplyLoginTicketViewSet, 'apply-login router.register('apply-command-tickets', api.ApplyCommandTicketViewSet, 'apply-command-ticket') router.register('apply-login-asset-tickets', api.ApplyLoginAssetTicketViewSet, 'apply-login-asset-ticket') router.register('ticket-session-relation', api.TicketSessionRelationViewSet, 'ticket-session-relation') +router.register('apply-assets', api.ApplyAssetsViewSet, 'ticket-session-relation') +router.register('apply-nodes', api.ApplyNodesViewSet, 'ticket-session-relation') urlpatterns = [ path('tickets//session/', api.TicketSessionApi.as_view(), name='ticket-session'),