github/jumpserver
1
0
Fork 0
mirror of https://github.com/jumpserver/jumpserver.git synced 2025-09-10 11:49:10 +00:00
Code Issues Projects Releases Wiki Activity

perf: rbac tree (#9237)

Browse Source 
Co-authored-by: feng <1304903146@qq.com>
This commit is contained in:
fit2bot
2022-12-22 20:09:20 +08:00
committed by GitHub
parent 3443b06a28
commit c5edb9981e
9 changed files with 94 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
apps/rbac/const.py
View File

@@ -27,10 +27,6 @@ exclude_permissions = (
('authentication', 'superconnectiontoken', 'change,delete', 'superconnectiontoken'),
('authentication', 'temptoken', 'delete', 'temptoken'),
('users', 'userpasswordhistory', '*', '*'),
('applications', 'applicationuser', '*', '*'),
('applications', 'historicalaccount', '*', '*'),
('applications', 'account', 'add,change,delete', 'account'),
('applications', 'account', 'change', 'appplicationaccountsecret'),
('assets', 'adminuser', '*', '*'),
('assets', 'assetgroup', '*', '*'),
('assets', 'cluster', '*', '*'),
@@ -39,6 +35,23 @@ exclude_permissions = (
('assets', 'assetuser', '*', '*'),
('assets', 'gathereduser', 'add,delete,change', 'gathereduser'),
('assets', 'accountbackupplanexecution', 'delete,change', 'accountbackupplanexecution'),
('assets', 'gathereduser', 'add,delete,change', 'gathereduser'),
('assets', 'web', '*', '*'),
('assets', 'host', '*', '*'),
('assets', 'cloud', '*', '*'),
('assets', 'device', '*', '*'),
('assets', 'database', '*', '*'),
('assets', 'protocol', '*', '*'),
('assets', 'systemuser', '*', '*'),
('assets', 'baseautomation', '*', '*'),
('assets', 'pingautomation', '*', '*'),
('assets', 'platformprotocol', '*', '*'),
('assets', 'platformautomation', '*', '*'),
('assets', 'gatherfactsautomation', '*', '*'),
('assets', 'pushaccountautomation', '*', '*'),
('assets', 'verifyaccountautomation', '*', '*'),
('assets', 'changesecretrecord', 'add,delete,change', 'changesecretrecord'),
('assets', 'automationexecution', '*', 'automationexecution'),
# TODO 暂时去掉历史账号的权限
('assets', 'account', '*', 'assethistoryaccount'),
('assets', 'account', '*', 'assethistoryaccountsecret'),
@@ -58,6 +71,10 @@ exclude_permissions = (
('ops', 'adhoc', 'delete,change', '*'),
('ops', 'adhocexecution', 'add,delete,change', '*'),
('ops', 'task', 'add,change', 'task'),
('ops', 'jobexecution', 'change,delete', 'jobexecution'),
('ops', 'historicaljob', '*', '*'),
('ops', 'celerytask', 'add,change,delete', 'celerytask'),
('ops', 'celerytaskexecution', 'add,change,delete', 'celerytaskexecution'),
('ops', 'commandexecution', 'delete,change', 'commandexecution'),
('orgs', 'organizationmember', '*', '*'),
('settings', 'setting', 'add,change,delete', 'setting'),
@@ -82,9 +99,9 @@ exclude_permissions = (
('xpack', 'license', '*', '*'),
('xpack', 'syncinstancedetail', 'add,delete,change', 'syncinstancedetail'),
('xpack', 'syncinstancetaskexecution', 'delete,change', 'syncinstancetaskexecution'),
('xpack', 'changeauthplanexecution', 'delete,change', 'changeauthplanexecution'),
('xpack', 'changeauthplantask', 'add,delete', 'changeauthplantask'),
('xpack', 'gatherusertaskexecution', 'change,delete', 'gatherusertaskexecution'),
('xpack', 'changeauthplanexecution', '*', '*'),
('xpack', 'changeauthplantask', '*', '*'),
('xpack', 'gatherusertaskexecution', '*', '*'),
('common', 'permission', 'add,delete,view,change', 'permission'),
('terminal', 'command', 'delete,change', 'command'),
('terminal', 'status', 'delete,change', 'status'),
@@ -94,6 +111,8 @@ exclude_permissions = (
('terminal', 'sessionsharing', 'view,add,change,delete', 'sessionsharing'),
('terminal', 'session', 'delete,share', 'session'),
('terminal', 'session', 'delete,change', 'command'),
('terminal', 'appletpublication', '*', '*'),
('terminal', 'applethostdeployment', '*', '*'),
('applications', '*', '*', '*'),
)