From b4cf540e513f171b2edeed1aebedf2e42127e291 Mon Sep 17 00:00:00 2001
From: BaiJiangJie <32935519+BaiJiangJie@users.noreply.github.com>
Date: Fri, 27 Dec 2019 16:00:32 +0800
Subject: [PATCH] =?UTF-8?q?[Update]=20=E6=93=8D=E4=BD=9C=E6=97=A5=E5=BF=97?=
 =?UTF-8?q?=E6=B7=BB=E5=8A=A0=E6=96=B0=E7=9A=84Record=20Model=EF=BC=9B?=
 =?UTF-8?q?=E7=94=A8=E6=88=B7=E7=99=BB=E5=BD=95=E6=97=A5=E5=BF=97=E9=87=87?=
 =?UTF-8?q?=E7=94=A8=E5=90=8C=E6=AD=A5=E6=9C=BA=E5=88=B6=EF=BC=9B=E4=BF=AE?=
 =?UTF-8?q?=E6=94=B9DatabaseAppAPI=E6=9D=83=E9=99=90=EF=BC=88=E5=8A=A0?=
 =?UTF-8?q?=E5=85=A5AppUser=EF=BC=89=EF=BC=9B=20(#3570)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* [Update] 操作日志 Model Need Record 添加RemoteApp、DatabaseApp、DatabaseAppPermission

* [Update] 用户登录日志，采用同步机制

* [Update] 修改DatabaseApp API权限OrgAdmin和AppUser
---
 apps/applications/api/database_app.py | 5 ++---
 apps/audits/signals_handler.py        | 9 +++++----
 apps/audits/tasks.py                  | 6 ------
 apps/users/hands.py                   | 1 -
 4 files changed, 7 insertions(+), 14 deletions(-)

diff --git a/apps/applications/api/database_app.py b/apps/applications/api/database_app.py
index 8f5f704ef..af5810e0f 100644
--- a/apps/applications/api/database_app.py
+++ b/apps/applications/api/database_app.py
@@ -2,11 +2,10 @@
 # 
 
 from orgs.mixins.api import OrgBulkModelViewSet
-from orgs.mixins import generics
 
 from .. import models
 from .. import serializers
-from ..hands import IsOrgAdmin, IsAppUser
+from ..hands import IsOrgAdminOrAppUser
 
 __all__ = [
     'DatabaseAppViewSet',
@@ -17,5 +16,5 @@ class DatabaseAppViewSet(OrgBulkModelViewSet):
     model = models.DatabaseApp
     filter_fields = ('name',)
     search_fields = filter_fields
-    permission_classes = (IsOrgAdmin,)
+    permission_classes = (IsOrgAdminOrAppUser,)
     serializer_class = serializers.DatabaseAppSerializer
diff --git a/apps/audits/signals_handler.py b/apps/audits/signals_handler.py
index e7c61313d..9579ca6e5 100644
--- a/apps/audits/signals_handler.py
+++ b/apps/audits/signals_handler.py
@@ -15,8 +15,8 @@ from users.signals import post_user_change_password
 from authentication.signals import post_auth_failed, post_auth_success
 from terminal.models import Session, Command
 from common.utils.encode import model_to_json
+from .utils import write_login_log
 from . import models
-from .tasks import write_login_log_async
 
 logger = get_logger(__name__)
 sys_logger = get_syslogger(__name__)
@@ -27,7 +27,8 @@ MODELS_NEED_RECORD = (
     'User', 'UserGroup', 'Asset', 'Node', 'AdminUser', 'SystemUser',
     'Domain', 'Gateway', 'Organization', 'AssetPermission', 'CommandFilter',
     'CommandFilterRule', 'License', 'Setting', 'Account', 'SyncInstanceTask',
-    'Platform', 'RemoteAppPermission', 'ChangeAuthPlan', 'GatherUserTask',
+    'Platform', 'ChangeAuthPlan', 'GatherUserTask',
+    'RemoteApp', 'RemoteAppPermission', 'DatabaseApp', 'DatabaseAppPermission',
 )
 
 
@@ -133,7 +134,7 @@ def on_user_auth_success(sender, user, request, **kwargs):
     logger.debug('User login success: {}'.format(user.username))
     data = generate_data(user.username, request)
     data.update({'mfa': int(user.mfa_enabled), 'status': True})
-    write_login_log_async.delay(**data)
+    write_login_log(**data)
 
 
 @receiver(post_auth_failed)
@@ -141,4 +142,4 @@ def on_user_auth_failed(sender, username, request, reason, **kwargs):
     logger.debug('User login failed: {}'.format(username))
     data = generate_data(username, request)
     data.update({'reason': reason, 'status': False})
-    write_login_log_async.delay(**data)
+    write_login_log(**data)
diff --git a/apps/audits/tasks.py b/apps/audits/tasks.py
index c69a24e08..2dfe4a2dd 100644
--- a/apps/audits/tasks.py
+++ b/apps/audits/tasks.py
@@ -7,7 +7,6 @@ from celery import shared_task
 
 from ops.celery.decorator import register_as_period_task
 from .models import UserLoginLog, OperateLog
-from .utils import write_login_log
 
 
 @register_as_period_task(interval=3600*24)
@@ -32,8 +31,3 @@ def clean_operation_log_period():
         days = 90
     expired_day = now - datetime.timedelta(days=days)
     OperateLog.objects.filter(datetime__lt=expired_day).delete()
-
-
-@shared_task
-def write_login_log_async(*args, **kwargs):
-    write_login_log(*args, **kwargs)
diff --git a/apps/users/hands.py b/apps/users/hands.py
index 0792fa099..5e2007c8a 100644
--- a/apps/users/hands.py
+++ b/apps/users/hands.py
@@ -11,7 +11,6 @@
 """
 
 # from terminal.models import Terminal
-# from audits.tasks import write_login_log_async
 # from users.models import User
 # from perms.models import AssetPermission
 # from perms.utils import get_user_granted_assets, get_user_granted_asset_groups