diff --git a/apps/assets/api/asset.py b/apps/assets/api/asset.py index dee95ed06..7877c5b90 100644 --- a/apps/assets/api/asset.py +++ b/apps/assets/api/asset.py @@ -14,7 +14,7 @@ from .. import serializers from ..tasks import ( update_asset_hardware_info_manual, test_asset_connectivity_manual ) -from ..filters import AssetByNodeFilterBackend, LabelFilterBackend +from ..filters import AssetByNodeFilterBackend, LabelFilterBackend, IpInFilterBackend logger = get_logger(__file__) @@ -32,7 +32,7 @@ class AssetViewSet(OrgBulkModelViewSet): model = Asset filter_fields = ( "hostname", "ip", "systemuser__id", "admin_user__id", "platform__base", - "is_active" + "is_active", 'ip' ) search_fields = ("hostname", "ip") ordering_fields = ("hostname", "ip", "port", "cpu_cores") @@ -41,7 +41,7 @@ class AssetViewSet(OrgBulkModelViewSet): 'display': serializers.AssetDisplaySerializer, } permission_classes = (IsOrgAdminOrAppUser,) - extra_filter_backends = [AssetByNodeFilterBackend, LabelFilterBackend] + extra_filter_backends = [AssetByNodeFilterBackend, LabelFilterBackend, IpInFilterBackend] def set_assets_node(self, assets): if not isinstance(assets, list): diff --git a/apps/assets/filters.py b/apps/assets/filters.py index 13d8f9e60..149ed12a8 100644 --- a/apps/assets/filters.py +++ b/apps/assets/filters.py @@ -1,7 +1,7 @@ # -*- coding: utf-8 -*- # -import coreapi +from rest_framework.compat import coreapi, coreschema from rest_framework import filters from django.db.models import Q @@ -117,3 +117,23 @@ class AssetRelatedByNodeFilterBackend(AssetByNodeFilterBackend): def perform_query(pattern, queryset): return queryset.filter(asset__nodes__key__regex=pattern).distinct() + +class IpInFilterBackend(filters.BaseFilterBackend): + def filter_queryset(self, request, queryset, view): + ips = request.query_params.get('ips') + if not ips: + return queryset + ip_list = [i.strip() for i in ips.split(',')] + queryset = queryset.filter(ip__in=ip_list) + return queryset + + def get_schema_fields(self, view): + return [ + coreapi.Field( + name='ips', location='query', required=False, type='string', + schema=coreschema.String( + title='ips', + description='ip in filter' + ) + ) + ] diff --git a/apps/assets/migrations/0050_auto_20200702_1602.py b/apps/assets/migrations/0050_auto_20200702_1602.py new file mode 100644 index 000000000..5471003ae --- /dev/null +++ b/apps/assets/migrations/0050_auto_20200702_1602.py @@ -0,0 +1,22 @@ +# Generated by Django 2.2.10 on 2020-07-02 08:02 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('assets', '0049_systemuser_sftp_root'), + ] + + operations = [ + migrations.AlterField( + model_name='domain', + name='name', + field=models.CharField(max_length=128, verbose_name='Name'), + ), + migrations.AlterUniqueTogether( + name='domain', + unique_together={('org_id', 'name')}, + ), + ] diff --git a/apps/assets/models/asset.py b/apps/assets/models/asset.py index 20c040f74..6b5e716e0 100644 --- a/apps/assets/models/asset.py +++ b/apps/assets/models/asset.py @@ -244,10 +244,6 @@ class Asset(ProtocolsMixin, NodesRelationMixin, OrgModelMixin): def platform_base(self): return self.platform.base - @lazyproperty - def admin_user_display(self): - return self.admin_user.name - @lazyproperty def admin_user_username(self): """求可连接性时,直接用用户名去取,避免再查一次admin user diff --git a/apps/assets/models/domain.py b/apps/assets/models/domain.py index 2f4cc82b3..296e4cd18 100644 --- a/apps/assets/models/domain.py +++ b/apps/assets/models/domain.py @@ -17,13 +17,14 @@ __all__ = ['Domain', 'Gateway'] class Domain(OrgModelMixin): id = models.UUIDField(default=uuid.uuid4, primary_key=True) - name = models.CharField(max_length=128, unique=True, verbose_name=_('Name')) + name = models.CharField(max_length=128, verbose_name=_('Name')) comment = models.TextField(blank=True, verbose_name=_('Comment')) date_created = models.DateTimeField(auto_now_add=True, null=True, verbose_name=_('Date created')) class Meta: verbose_name = _("Domain") + unique_together = [('org_id', 'name')] def __str__(self): return self.name diff --git a/apps/assets/models/node.py b/apps/assets/models/node.py index 1bef55dd9..461e61e08 100644 --- a/apps/assets/models/node.py +++ b/apps/assets/models/node.py @@ -199,6 +199,20 @@ class FamilyMixin: ) return child + def get_or_create_child(self, value, _id=None): + """ + :return: Node, bool (created) + """ + children = self.get_children() + exist = children.filter(value=value).exists() + if exist: + child = children.filter(value=value).first() + created = False + else: + child = self.create_child(value, _id) + created = True + return child, created + def get_next_child_key(self): mark = self.child_mark self.child_mark += 1 diff --git a/apps/assets/serializers/asset.py b/apps/assets/serializers/asset.py index e36f41946..4100c439b 100644 --- a/apps/assets/serializers/asset.py +++ b/apps/assets/serializers/asset.py @@ -67,6 +67,9 @@ class AssetSerializer(BulkOrgResourceModelSerializer): slug_field='name', queryset=Platform.objects.all(), label=_("Platform") ) protocols = ProtocolsField(label=_('Protocols'), required=False) + domain_display = serializers.ReadOnlyField(source='domain.name') + admin_user_display = serializers.ReadOnlyField(source='admin_user.name') + """ 资产的数据结构 """ @@ -82,7 +85,7 @@ class AssetSerializer(BulkOrgResourceModelSerializer): 'created_by', 'date_created', 'hardware_info', ] fields_fk = [ - 'admin_user', 'admin_user_display', 'domain', 'platform' + 'admin_user', 'admin_user_display', 'domain', 'domain_display', 'platform' ] fk_only_fields = { 'platform': ['name'] diff --git a/apps/assets/tasks/asset_user_connectivity.py b/apps/assets/tasks/asset_user_connectivity.py index 6d979d6b1..ab1c417cc 100644 --- a/apps/assets/tasks/asset_user_connectivity.py +++ b/apps/assets/tasks/asset_user_connectivity.py @@ -85,7 +85,7 @@ def test_asset_user_connectivity_util(asset_user, task_name): raw, summary = test_user_connectivity( task_name=task_name, asset=asset_user.asset, username=asset_user.username, password=asset_user.password, - private_key=asset_user.private_key + private_key=asset_user.private_key_file ) except Exception as e: logger.warn("Failed run adhoc {}, {}".format(task_name, e)) diff --git a/apps/assets/tasks/system_user_connectivity.py b/apps/assets/tasks/system_user_connectivity.py index 96ba2ec4d..42b6f2331 100644 --- a/apps/assets/tasks/system_user_connectivity.py +++ b/apps/assets/tasks/system_user_connectivity.py @@ -31,7 +31,10 @@ def test_system_user_connectivity_util(system_user, assets, task_name): """ from ops.utils import update_or_create_ansible_task - hosts = clean_ansible_task_hosts(assets, system_user=system_user) + # hosts = clean_ansible_task_hosts(assets, system_user=system_user) + # TODO: 这里不传递系统用户,因为clean_ansible_task_hosts会通过system_user来判断是否可以推送, + # 不符合测试可连接性逻辑, 后面需要优化此逻辑 + hosts = clean_ansible_task_hosts(assets) if not hosts: return {} platform_hosts_map = {} diff --git a/apps/audits/migrations/0009_auto_20200624_1654.py b/apps/audits/migrations/0009_auto_20200624_1654.py new file mode 100644 index 000000000..6630558cf --- /dev/null +++ b/apps/audits/migrations/0009_auto_20200624_1654.py @@ -0,0 +1,18 @@ +# Generated by Django 2.2.10 on 2020-06-24 08:54 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('audits', '0008_auto_20200508_2105'), + ] + + operations = [ + migrations.AlterField( + model_name='ftplog', + name='operate', + field=models.CharField(choices=[('Delete', 'Delete'), ('Upload', 'Upload'), ('Download', 'Download'), ('Rmdir', 'Rmdir'), ('Rename', 'Rename'), ('Mkdir', 'Mkdir'), ('Symlink', 'Symlink')], max_length=16, verbose_name='Operate'), + ), + ] diff --git a/apps/audits/models.py b/apps/audits/models.py index 406d0aa44..38a41554f 100644 --- a/apps/audits/models.py +++ b/apps/audits/models.py @@ -14,12 +14,30 @@ __all__ = [ class FTPLog(OrgModelMixin): + OPERATE_DELETE = 'Delete' + OPERATE_UPLOAD = 'Upload' + OPERATE_DOWNLOAD = 'Download' + OPERATE_RMDIR = 'Rmdir' + OPERATE_RENAME = 'Rename' + OPERATE_MKDIR = 'Mkdir' + OPERATE_SYMLINK = 'Symlink' + + OPERATE_CHOICES = ( + (OPERATE_DELETE, _('Delete')), + (OPERATE_UPLOAD, _('Upload')), + (OPERATE_DOWNLOAD, _('Download')), + (OPERATE_RMDIR, _('Rmdir')), + (OPERATE_RENAME, _('Rename')), + (OPERATE_MKDIR, _('Mkdir')), + (OPERATE_SYMLINK, _('Symlink')) + ) + id = models.UUIDField(default=uuid.uuid4, primary_key=True) user = models.CharField(max_length=128, verbose_name=_('User')) remote_addr = models.CharField(max_length=128, verbose_name=_("Remote addr"), blank=True, null=True) asset = models.CharField(max_length=1024, verbose_name=_("Asset")) system_user = models.CharField(max_length=128, verbose_name=_("System user")) - operate = models.CharField(max_length=16, verbose_name=_("Operate")) + operate = models.CharField(max_length=16, verbose_name=_("Operate"), choices=OPERATE_CHOICES) filename = models.CharField(max_length=1024, verbose_name=_("Filename")) is_success = models.BooleanField(default=True, verbose_name=_("Success")) date_start = models.DateTimeField(auto_now_add=True, verbose_name=_('Date start')) diff --git a/apps/audits/serializers.py b/apps/audits/serializers.py index d4213f243..23d562c8d 100644 --- a/apps/audits/serializers.py +++ b/apps/audits/serializers.py @@ -12,12 +12,13 @@ from . import models class FTPLogSerializer(serializers.ModelSerializer): + operate_display = serializers.ReadOnlyField(source='get_operate_display') class Meta: model = models.FTPLog fields = ( 'id', 'user', 'remote_addr', 'asset', 'system_user', - 'operate', 'filename', 'is_success', 'date_start' + 'operate', 'filename', 'is_success', 'date_start', 'operate_display' ) diff --git a/apps/authentication/errors.py b/apps/authentication/errors.py index d782a05fc..20ec0aedf 100644 --- a/apps/authentication/errors.py +++ b/apps/authentication/errors.py @@ -10,6 +10,7 @@ from users.utils import ( ) reason_password_failed = 'password_failed' +reason_password_decrypt_failed = 'password_decrypt_failed' reason_mfa_failed = 'mfa_failed' reason_mfa_unset = 'mfa_unset' reason_user_not_exist = 'user_not_exist' @@ -19,6 +20,7 @@ reason_user_inactive = 'user_inactive' reason_choices = { reason_password_failed: _('Username/password check failed'), + reason_password_decrypt_failed: _('Password decrypt failed'), reason_mfa_failed: _('MFA failed'), reason_mfa_unset: _('MFA unset'), reason_user_not_exist: _("Username does not exist"), diff --git a/apps/authentication/forms.py b/apps/authentication/forms.py index d14cde515..84e923a8e 100644 --- a/apps/authentication/forms.py +++ b/apps/authentication/forms.py @@ -10,7 +10,7 @@ class UserLoginForm(forms.Form): username = forms.CharField(label=_('Username'), max_length=100) password = forms.CharField( label=_('Password'), widget=forms.PasswordInput, - max_length=128, strip=False + max_length=1024, strip=False ) def confirm_login_allowed(self, user): diff --git a/apps/authentication/templates/authentication/login.html b/apps/authentication/templates/authentication/login.html index 8812f582b..14978e426 100644 --- a/apps/authentication/templates/authentication/login.html +++ b/apps/authentication/templates/authentication/login.html @@ -7,7 +7,7 @@ {% endblock %} {% block content %} -
+ {% csrf_token %} {% if form.non_field_errors %}
@@ -26,7 +26,7 @@ {% endif %}
- + {% if form.errors.password %}

{{ form.errors.password.as_text }}

@@ -36,7 +36,7 @@
{{ form.captcha }}
- + {% if demo_mode %}

@@ -64,4 +64,20 @@ {% endif %}

+ + {% endblock %} diff --git a/apps/authentication/templates/authentication/xpack_login.html b/apps/authentication/templates/authentication/xpack_login.html index 8c1cb24f8..5929650df 100644 --- a/apps/authentication/templates/authentication/xpack_login.html +++ b/apps/authentication/templates/authentication/xpack_login.html @@ -98,7 +98,7 @@ {% endif %}
- + {% if form.errors.password %}

{{ form.errors.password.as_text }}

@@ -109,7 +109,7 @@ {{ form.captcha }}
- +
@@ -127,4 +127,21 @@
+ + + diff --git a/apps/authentication/tests.py b/apps/authentication/tests.py index 8b1378917..890a1fb4f 100644 --- a/apps/authentication/tests.py +++ b/apps/authentication/tests.py @@ -1 +1,15 @@ +from .utils import gen_key_pair, rsa_decrypt, rsa_encrypt + + +def test_rsa_encrypt_decrypt(message='test-password-$%^&*'): + """ 测试加密/解密 """ + print('Need to encrypt message: {}'.format(message)) + rsa_private_key, rsa_public_key = gen_key_pair() + print('RSA public key: \n{}'.format(rsa_public_key)) + print('RSA private key: \n{}'.format(rsa_private_key)) + message_encrypted = rsa_encrypt(message, rsa_public_key) + print('Encrypted message: {}'.format(message_encrypted)) + message_decrypted = rsa_decrypt(message_encrypted, rsa_private_key) + print('Decrypted message: {}'.format(message_decrypted)) + diff --git a/apps/authentication/utils.py b/apps/authentication/utils.py index 197aa113a..359778cb6 100644 --- a/apps/authentication/utils.py +++ b/apps/authentication/utils.py @@ -1,9 +1,47 @@ # -*- coding: utf-8 -*- # +import base64 +from Crypto.PublicKey import RSA +from Crypto.Cipher import PKCS1_v1_5 +from Crypto import Random from django.contrib.auth import authenticate +from common.utils import get_logger + from . import errors +logger = get_logger(__file__) + + +def gen_key_pair(): + """ 生成加密key + 用于登录页面提交用户名/密码时,对密码进行加密(前端)/解密(后端) + """ + random_generator = Random.new().read + rsa = RSA.generate(1024, random_generator) + rsa_private_key = rsa.exportKey().decode() + rsa_public_key = rsa.publickey().exportKey().decode() + return rsa_private_key, rsa_public_key + + +def rsa_encrypt(message, rsa_public_key): + """ 加密登录密码 """ + key = RSA.importKey(rsa_public_key) + cipher = PKCS1_v1_5.new(key) + cipher_text = base64.b64encode(cipher.encrypt(message.encode())).decode() + return cipher_text + + +def rsa_decrypt(cipher_text, rsa_private_key=None): + """ 解密登录密码 """ + if rsa_private_key is None: + # rsa_private_key 为 None,可以能是API请求认证,不需要解密 + return cipher_text + key = RSA.importKey(rsa_private_key) + cipher = PKCS1_v1_5.new(key) + message = cipher.decrypt(base64.b64decode(cipher_text.encode()), 'error').decode() + return message + def check_user_valid(**kwargs): password = kwargs.pop('password', None) @@ -11,6 +49,16 @@ def check_user_valid(**kwargs): username = kwargs.pop('username', None) request = kwargs.get('request') + # 获取解密密钥,对密码进行解密 + rsa_private_key = request.session.get('rsa_private_key') + if rsa_private_key is not None: + try: + password = rsa_decrypt(password, rsa_private_key) + except Exception as e: + logger.error(e, exc_info=True) + logger.error('Need decrypt password => {}'.format(password)) + return None, errors.reason_password_decrypt_failed + user = authenticate(request, username=username, password=password, public_key=public_key) if not user: diff --git a/apps/authentication/views/login.py b/apps/authentication/views/login.py index c67cf2090..7ef72235b 100644 --- a/apps/authentication/views/login.py +++ b/apps/authentication/views/login.py @@ -22,7 +22,7 @@ from common.utils import get_request_ip, get_object_or_none from users.utils import ( redirect_user_first_login_or_index ) -from .. import forms, mixins, errors +from .. import forms, mixins, errors, utils __all__ = [ @@ -108,9 +108,13 @@ class UserLoginView(mixins.AuthMixin, FormView): return self.form_class def get_context_data(self, **kwargs): + # 生成加解密密钥对,public_key传递给前端,private_key存入session中供解密使用 + rsa_private_key, rsa_public_key = utils.gen_key_pair() + self.request.session['rsa_private_key'] = rsa_private_key context = { 'demo_mode': os.environ.get("DEMO_MODE"), 'AUTH_OPENID': settings.AUTH_OPENID, + 'rsa_public_key': rsa_public_key.replace('\n', '\\n') } kwargs.update(context) return super().get_context_data(**kwargs) diff --git a/apps/common/db/__init__.py b/apps/common/db/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/apps/common/db/aggregates.py b/apps/common/db/aggregates.py new file mode 100644 index 000000000..081c1fea8 --- /dev/null +++ b/apps/common/db/aggregates.py @@ -0,0 +1,28 @@ +from django.db.models import Aggregate + + +class GroupConcat(Aggregate): + function = 'GROUP_CONCAT' + template = '%(function)s(%(distinct)s %(expressions)s %(order_by)s %(separator))' + allow_distinct = False + + def __init__(self, expression, distinct=False, order_by=None, separator=',', **extra): + order_by_clause = '' + if order_by is not None: + order = 'ASC' + prefix, body = order_by[1], order_by[1:] + if prefix == '-': + order = 'DESC' + elif prefix == '+': + pass + else: + body = order_by + order_by_clause = f'ORDER BY {body} {order}' + + super().__init__( + expression, + distinct='DISTINCT' if distinct else '', + order_by=order_by_clause, + separator=f'SEPARATOR {separator}', + **extra + ) diff --git a/apps/common/drf/api.py b/apps/common/drf/api.py new file mode 100644 index 000000000..523689e72 --- /dev/null +++ b/apps/common/drf/api.py @@ -0,0 +1,11 @@ +from rest_framework.viewsets import GenericViewSet, ModelViewSet + +from ..mixins.api import SerializerMixin2, QuerySetMixin, ExtraFilterFieldsMixin + + +class JmsGenericViewSet(SerializerMixin2, QuerySetMixin, ExtraFilterFieldsMixin, GenericViewSet): + pass + + +class JMSModelViewSet(SerializerMixin2, QuerySetMixin, ExtraFilterFieldsMixin, ModelViewSet): + pass diff --git a/apps/common/drf/parsers/csv.py b/apps/common/drf/parsers/csv.py index 95a9ec732..58b3f7bc2 100644 --- a/apps/common/drf/parsers/csv.py +++ b/apps/common/drf/parsers/csv.py @@ -6,18 +6,27 @@ import chardet import codecs import unicodecsv +from django.utils.translation import ugettext as _ from rest_framework.parsers import BaseParser -from rest_framework.exceptions import ParseError +from rest_framework.exceptions import ParseError, APIException +from rest_framework import status from common.utils import get_logger logger = get_logger(__file__) +class CsvDataTooBig(APIException): + status_code = status.HTTP_400_BAD_REQUEST + default_code = 'csv_data_too_big' + default_detail = _('The max size of CSV is %d bytes') + + class JMSCSVParser(BaseParser): """ Parses CSV file to serializer data """ + CSV_UPLOAD_MAX_SIZE = 1024 * 1024 * 10 media_type = 'text/csv' @@ -46,23 +55,31 @@ class JMSCSVParser(BaseParser): return fields_map @staticmethod - def _process_row(row): + def _replace_chinese_quot(str_): + trans_table = str.maketrans({ + '“': '"', + '”': '"', + '‘': '"', + '’': '"', + '\'': '"' + }) + return str_.translate(trans_table) + + @classmethod + def _process_row(cls, row): """ 构建json数据前的行处理 """ _row = [] + for col in row: # 列表转换 - if isinstance(col, str) and col.find("[") != -1 and col.find("]") != -1: - # 替换中文格式引号 - col = col.replace("“", '"').replace("”", '"').\ - replace("‘", '"').replace('’', '"').replace("'", '"') + if isinstance(col, str) and col.startswith('[') and col.endswith(']'): + col = cls._replace_chinese_quot(col) col = json.loads(col) # 字典转换 - if isinstance(col, str) and col.find("{") != -1 and col.find("}") != -1: - # 替换中文格式引号 - col = col.replace("“", '"').replace("”", '"'). \ - replace("‘", '"').replace('’', '"').replace("'", '"') + if isinstance(col, str) and col.startswith("{") and col.endswith("}"): + col = cls._replace_chinese_quot(col) col = json.loads(col) _row.append(col) return _row @@ -82,11 +99,19 @@ class JMSCSVParser(BaseParser): def parse(self, stream, media_type=None, parser_context=None): parser_context = parser_context or {} try: - serializer = parser_context["view"].get_serializer() + view = parser_context['view'] + meta = view.request.META + serializer = view.get_serializer() except Exception as e: logger.debug(e, exc_info=True) raise ParseError('The resource does not support imports!') + content_length = int(meta.get('CONTENT_LENGTH', meta.get('HTTP_CONTENT_LENGTH', 0))) + if content_length > self.CSV_UPLOAD_MAX_SIZE: + msg = CsvDataTooBig.default_detail % self.CSV_UPLOAD_MAX_SIZE + logger.error(msg) + raise CsvDataTooBig(msg) + try: stream_data = stream.read() stream_data = stream_data.strip(codecs.BOM_UTF8) diff --git a/apps/common/drf/serializers.py b/apps/common/drf/serializers.py new file mode 100644 index 000000000..bd92415a1 --- /dev/null +++ b/apps/common/drf/serializers.py @@ -0,0 +1,5 @@ +from rest_framework.serializers import Serializer + + +class EmptySerializer(Serializer): + pass diff --git a/apps/common/exceptions.py b/apps/common/exceptions.py index 3d98261b1..e95cc2801 100644 --- a/apps/common/exceptions.py +++ b/apps/common/exceptions.py @@ -1,3 +1,7 @@ # -*- coding: utf-8 -*- # +from rest_framework.exceptions import APIException + +class JMSException(APIException): + pass diff --git a/apps/common/mixins/api.py b/apps/common/mixins/api.py index 0b7b5aed6..a58e8b079 100644 --- a/apps/common/mixins/api.py +++ b/apps/common/mixins/api.py @@ -4,6 +4,7 @@ import time from hashlib import md5 from threading import Thread from collections import defaultdict +from itertools import chain from django.db.models.signals import m2m_changed from django.core.cache import cache @@ -15,8 +16,8 @@ from common.drf.filters import IDSpmFilter, CustomFilter, IDInFilter from ..utils import lazyproperty __all__ = [ - "JSONResponseMixin", "CommonApiMixin", - 'AsyncApiMixin', 'RelationMixin' + 'JSONResponseMixin', 'CommonApiMixin', 'AsyncApiMixin', 'RelationMixin', + 'SerializerMixin2', 'QuerySetMixin', 'ExtraFilterFieldsMixin' ] @@ -54,9 +55,10 @@ class ExtraFilterFieldsMixin: def get_filter_backends(self): if self.filter_backends != self.__class__.filter_backends: return self.filter_backends - backends = list(self.filter_backends) + \ - list(self.default_added_filters) + \ - list(self.extra_filter_backends) + backends = list(chain( + self.filter_backends, + self.default_added_filters, + self.extra_filter_backends)) return backends def filter_queryset(self, queryset): @@ -233,3 +235,32 @@ class RelationMixin: def perform_create(self, serializer): instance = serializer.save() self.send_post_add_signal(instance) + + +class SerializerMixin2: + serializer_classes = {} + + def get_serializer_class(self): + if self.serializer_classes: + serializer_class = self.serializer_classes.get( + self.action, self.serializer_classes.get('default') + ) + + if isinstance(serializer_class, dict): + serializer_class = serializer_class.get( + self.request.method.lower, serializer_class.get('default') + ) + + assert serializer_class, '`serializer_classes` config error' + return serializer_class + return super().get_serializer_class() + + +class QuerySetMixin: + def get_queryset(self): + queryset = super().get_queryset() + serializer_class = self.get_serializer_class() + if serializer_class and hasattr(serializer_class, 'setup_eager_loading'): + queryset = serializer_class.setup_eager_loading(queryset) + + return queryset diff --git a/apps/jumpserver/conf.py b/apps/jumpserver/conf.py index 2b4a5b65f..173d134b2 100644 --- a/apps/jumpserver/conf.py +++ b/apps/jumpserver/conf.py @@ -226,6 +226,7 @@ class Config(dict): 'TERMINAL_COMMAND_STORAGE': {}, 'SECURITY_MFA_AUTH': False, + 'SECURITY_COMMAND_EXECUTION': True, 'SECURITY_SERVICE_ACCOUNT_REGISTRATION': True, 'SECURITY_VIEW_AUTH_NEED_MFA': True, 'SECURITY_LOGIN_LIMIT_COUNT': 7, diff --git a/apps/locale/zh/LC_MESSAGES/django.mo b/apps/locale/zh/LC_MESSAGES/django.mo index 1c50f6958..9663de119 100644 Binary files a/apps/locale/zh/LC_MESSAGES/django.mo and b/apps/locale/zh/LC_MESSAGES/django.mo differ diff --git a/apps/locale/zh/LC_MESSAGES/django.po b/apps/locale/zh/LC_MESSAGES/django.po index 3274e04b7..1d1005ab4 100644 --- a/apps/locale/zh/LC_MESSAGES/django.po +++ b/apps/locale/zh/LC_MESSAGES/django.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: JumpServer 0.3.3\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2020-06-16 11:02+0800\n" +"POT-Creation-Date: 2020-07-09 10:05+0800\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: ibuler \n" "Language-Team: JumpServer team\n" @@ -28,7 +28,7 @@ msgstr "自定义" #: assets/models/label.py:18 ops/mixin.py:24 orgs/models.py:12 #: perms/models/base.py:48 settings/models.py:27 terminal/models.py:26 #: terminal/models.py:342 terminal/models.py:374 terminal/models.py:411 -#: users/forms/profile.py:20 users/models/group.py:15 users/models/user.py:466 +#: users/forms/profile.py:20 users/models/group.py:15 users/models/user.py:467 #: users/templates/users/_select_user_modal.html:13 #: users/templates/users/user_asset_permission.html:37 #: users/templates/users/user_asset_permission.html:154 @@ -47,7 +47,7 @@ msgid "Name" msgstr "名称" #: applications/models/database_app.py:22 assets/models/cmd_filter.py:51 -#: terminal/models.py:376 terminal/models.py:413 tickets/models/ticket.py:43 +#: terminal/models.py:376 terminal/models.py:413 tickets/models/ticket.py:45 #: users/templates/users/user_granted_database_app.html:35 msgid "Type" msgstr "类型" @@ -58,7 +58,7 @@ msgid "Host" msgstr "主机" #: applications/models/database_app.py:27 assets/models/asset.py:191 -#: assets/models/domain.py:50 +#: assets/models/domain.py:51 msgid "Port" msgstr "端口" @@ -73,18 +73,18 @@ msgstr "数据库" #: assets/models/asset.py:150 assets/models/asset.py:226 #: assets/models/base.py:237 assets/models/cluster.py:29 #: assets/models/cmd_filter.py:23 assets/models/cmd_filter.py:56 -#: assets/models/domain.py:21 assets/models/domain.py:53 +#: assets/models/domain.py:21 assets/models/domain.py:54 #: assets/models/group.py:23 assets/models/label.py:23 ops/models/adhoc.py:37 #: orgs/models.py:18 perms/models/base.py:56 settings/models.py:32 #: terminal/models.py:36 terminal/models.py:381 terminal/models.py:418 -#: users/models/group.py:16 users/models/user.py:499 +#: users/models/group.py:16 users/models/user.py:500 #: users/templates/users/user_detail.html:115 #: users/templates/users/user_granted_database_app.html:38 #: users/templates/users/user_granted_remote_app.html:37 #: users/templates/users/user_group_detail.html:62 #: users/templates/users/user_group_list.html:16 #: users/templates/users/user_profile.html:138 -#: xpack/plugins/change_auth_plan/models.py:76 xpack/plugins/cloud/models.py:53 +#: xpack/plugins/change_auth_plan/models.py:77 xpack/plugins/cloud/models.py:53 #: xpack/plugins/cloud/models.py:139 xpack/plugins/gathered_user/models.py:26 msgid "Comment" msgstr "备注" @@ -99,17 +99,18 @@ msgstr "备注" msgid "DatabaseApp" msgstr "数据库应用" -#: applications/models/remote_app.py:23 assets/models/asset.py:356 +#: applications/models/remote_app.py:23 assets/models/asset.py:352 #: assets/models/authbook.py:27 assets/models/gathered_user.py:14 #: assets/serializers/admin_user.py:32 assets/serializers/asset_user.py:47 #: assets/serializers/asset_user.py:84 assets/serializers/system_user.py:44 -#: assets/serializers/system_user.py:176 audits/models.py:20 +#: assets/serializers/system_user.py:176 audits/models.py:38 #: perms/forms/asset_permission.py:89 perms/models/asset_permission.py:80 #: templates/index.html:82 terminal/backends/command/models.py:19 -#: terminal/models.py:187 users/templates/users/user_asset_permission.html:40 +#: terminal/backends/command/serializers.py:13 terminal/models.py:187 +#: users/templates/users/user_asset_permission.html:40 #: users/templates/users/user_asset_permission.html:70 #: users/templates/users/user_granted_remote_app.html:36 -#: xpack/plugins/change_auth_plan/models.py:282 +#: xpack/plugins/change_auth_plan/models.py:283 #: xpack/plugins/cloud/models.py:269 msgid "Asset" msgstr "资产" @@ -131,9 +132,9 @@ msgstr "参数" #: assets/models/base.py:240 assets/models/cluster.py:28 #: assets/models/cmd_filter.py:26 assets/models/cmd_filter.py:59 #: assets/models/group.py:21 common/mixins/models.py:49 orgs/models.py:16 -#: perms/models/base.py:54 users/models/user.py:507 +#: perms/models/base.py:54 users/models/user.py:508 #: users/serializers/group.py:35 users/templates/users/user_detail.html:97 -#: xpack/plugins/change_auth_plan/models.py:80 xpack/plugins/cloud/models.py:56 +#: xpack/plugins/change_auth_plan/models.py:81 xpack/plugins/cloud/models.py:56 #: xpack/plugins/cloud/models.py:145 xpack/plugins/gathered_user/models.py:30 msgid "Created by" msgstr "创建者" @@ -188,7 +189,7 @@ msgstr "基础" msgid "Charset" msgstr "编码" -#: assets/models/asset.py:148 tickets/models/ticket.py:38 +#: assets/models/asset.py:148 tickets/models/ticket.py:40 msgid "Meta" msgstr "元数据" @@ -201,7 +202,7 @@ msgstr "内部的" msgid "Platform" msgstr "系统平台" -#: assets/models/asset.py:186 assets/models/domain.py:49 +#: assets/models/asset.py:186 assets/models/domain.py:50 #: assets/serializers/asset_user.py:46 settings/serializers/settings.py:52 #: users/templates/users/_granted_assets.html:26 #: users/templates/users/user_asset_permission.html:156 @@ -210,12 +211,13 @@ msgstr "IP" #: assets/models/asset.py:187 assets/serializers/asset_user.py:45 #: assets/serializers/gathered_user.py:20 settings/serializers/settings.py:51 +#: tickets/serializers/request_asset_perm.py:14 #: users/templates/users/_granted_assets.html:25 #: users/templates/users/user_asset_permission.html:157 msgid "Hostname" msgstr "主机名" -#: assets/models/asset.py:190 assets/models/domain.py:51 +#: assets/models/asset.py:190 assets/models/domain.py:52 #: assets/models/user.py:114 terminal/serializers/session.py:29 msgid "Protocol" msgstr "协议" @@ -226,19 +228,19 @@ msgid "Protocols" msgstr "协议组" #: assets/models/asset.py:194 assets/models/domain.py:26 -#: assets/models/domain.py:52 +#: assets/models/domain.py:53 msgid "Domain" msgstr "网域" #: assets/models/asset.py:195 assets/models/user.py:109 #: perms/models/asset_permission.py:81 -#: xpack/plugins/change_auth_plan/models.py:55 +#: xpack/plugins/change_auth_plan/models.py:56 #: xpack/plugins/gathered_user/models.py:24 msgid "Nodes" msgstr "节点" #: assets/models/asset.py:196 assets/models/cmd_filter.py:22 -#: assets/models/domain.py:54 assets/models/label.py:22 +#: assets/models/domain.py:55 assets/models/label.py:22 #: authentication/models.py:45 msgid "Is active" msgstr "激活" @@ -334,16 +336,16 @@ msgid "AuthBook" msgstr "" #: assets/models/base.py:233 assets/models/gathered_user.py:15 -#: audits/models.py:81 authentication/forms.py:10 +#: audits/models.py:99 authentication/forms.py:10 #: authentication/templates/authentication/login.html:21 #: authentication/templates/authentication/xpack_login.html:93 -#: ops/models/adhoc.py:148 users/forms/profile.py:19 users/models/user.py:464 +#: ops/models/adhoc.py:148 users/forms/profile.py:19 users/models/user.py:465 #: users/templates/users/_select_user_modal.html:14 #: users/templates/users/user_detail.html:53 #: users/templates/users/user_list.html:15 #: users/templates/users/user_profile.html:47 -#: xpack/plugins/change_auth_plan/models.py:46 -#: xpack/plugins/change_auth_plan/models.py:278 +#: xpack/plugins/change_auth_plan/models.py:47 +#: xpack/plugins/change_auth_plan/models.py:279 msgid "Username" msgstr "用户名" @@ -358,21 +360,21 @@ msgstr "用户名" #: users/templates/users/user_profile_update.html:41 #: users/templates/users/user_pubkey_update.html:41 #: users/templates/users/user_update.html:20 -#: xpack/plugins/change_auth_plan/models.py:67 -#: xpack/plugins/change_auth_plan/models.py:190 -#: xpack/plugins/change_auth_plan/models.py:285 +#: xpack/plugins/change_auth_plan/models.py:68 +#: xpack/plugins/change_auth_plan/models.py:191 +#: xpack/plugins/change_auth_plan/models.py:286 msgid "Password" msgstr "密码" -#: assets/models/base.py:235 xpack/plugins/change_auth_plan/models.py:71 -#: xpack/plugins/change_auth_plan/models.py:197 -#: xpack/plugins/change_auth_plan/models.py:292 +#: assets/models/base.py:235 xpack/plugins/change_auth_plan/models.py:72 +#: xpack/plugins/change_auth_plan/models.py:198 +#: xpack/plugins/change_auth_plan/models.py:293 msgid "SSH private key" msgstr "SSH密钥" -#: assets/models/base.py:236 xpack/plugins/change_auth_plan/models.py:74 -#: xpack/plugins/change_auth_plan/models.py:193 -#: xpack/plugins/change_auth_plan/models.py:288 +#: assets/models/base.py:236 xpack/plugins/change_auth_plan/models.py:75 +#: xpack/plugins/change_auth_plan/models.py:194 +#: xpack/plugins/change_auth_plan/models.py:289 msgid "SSH public key" msgstr "SSH公钥" @@ -389,7 +391,7 @@ msgstr "带宽" msgid "Contact" msgstr "联系人" -#: assets/models/cluster.py:22 users/models/user.py:485 +#: assets/models/cluster.py:22 users/models/user.py:486 #: users/templates/users/user_detail.html:62 msgid "Phone" msgstr "手机" @@ -415,7 +417,7 @@ msgid "Default" msgstr "默认" #: assets/models/cluster.py:36 assets/models/label.py:14 -#: users/models/user.py:626 +#: users/models/user.py:627 msgid "System" msgstr "系统" @@ -448,7 +450,7 @@ msgid "Regex" msgstr "正则表达式" #: assets/models/cmd_filter.py:40 ops/models/command.py:23 -#: terminal/models.py:196 +#: terminal/backends/command/serializers.py:15 terminal/models.py:196 msgid "Command" msgstr "命令" @@ -480,9 +482,11 @@ msgstr "内容" msgid "One line one command" msgstr "每行一个命令" -#: assets/models/cmd_filter.py:55 audits/models.py:39 +#: assets/models/cmd_filter.py:55 audits/models.py:57 #: authentication/templates/authentication/_access_key_modal.html:34 -#: perms/forms/asset_permission.py:20 tickets/serializers/ticket.py:26 +#: perms/forms/asset_permission.py:20 +#: tickets/serializers/request_asset_perm.py:54 +#: tickets/serializers/ticket.py:26 #: users/templates/users/_granted_assets.html:29 #: users/templates/users/user_asset_permission.html:44 #: users/templates/users/user_asset_permission.html:79 @@ -497,11 +501,11 @@ msgstr "动作" msgid "Command filter rule" msgstr "命令过滤规则" -#: assets/models/domain.py:61 +#: assets/models/domain.py:62 msgid "Gateway" msgstr "网关" -#: assets/models/domain.py:67 +#: assets/models/domain.py:68 msgid "Password should not contain special characters" msgstr "不能包含特殊字符" @@ -529,14 +533,16 @@ msgstr "资产组" msgid "Default asset group" msgstr "默认资产组" -#: assets/models/label.py:15 audits/models.py:18 audits/models.py:38 -#: audits/models.py:51 audits/serializers.py:76 authentication/models.py:43 +#: assets/models/label.py:15 audits/models.py:36 audits/models.py:56 +#: audits/models.py:69 audits/serializers.py:77 authentication/models.py:43 #: perms/forms/asset_permission.py:83 perms/forms/database_app_permission.py:38 #: perms/forms/remote_app_permission.py:40 perms/models/base.py:49 #: templates/index.html:78 terminal/backends/command/models.py:18 -#: terminal/models.py:185 tickets/models/ticket.py:33 -#: tickets/models/ticket.py:128 users/forms/group.py:15 -#: users/models/user.py:159 users/models/user.py:175 users/models/user.py:614 +#: terminal/backends/command/serializers.py:12 terminal/models.py:185 +#: tickets/models/ticket.py:35 tickets/models/ticket.py:130 +#: tickets/serializers/request_asset_perm.py:55 +#: tickets/serializers/ticket.py:27 users/forms/group.py:15 +#: users/models/user.py:160 users/models/user.py:176 users/models/user.py:615 #: users/serializers/group.py:20 #: users/templates/users/user_asset_permission.html:38 #: users/templates/users/user_asset_permission.html:64 @@ -550,7 +556,7 @@ msgstr "默认资产组" msgid "User" msgstr "用户" -#: assets/models/label.py:19 assets/models/node.py:488 settings/models.py:28 +#: assets/models/label.py:19 assets/models/node.py:502 settings/models.py:28 msgid "Value" msgstr "值" @@ -558,27 +564,27 @@ msgstr "值" msgid "Category" msgstr "分类" -#: assets/models/node.py:209 +#: assets/models/node.py:223 msgid "New node" msgstr "新节点" -#: assets/models/node.py:370 +#: assets/models/node.py:384 msgid "ungrouped" msgstr "未分组" -#: assets/models/node.py:372 users/templates/users/_granted_assets.html:130 +#: assets/models/node.py:386 users/templates/users/_granted_assets.html:130 msgid "empty" msgstr "空" -#: assets/models/node.py:374 +#: assets/models/node.py:388 msgid "favorite" msgstr "收藏夹" -#: assets/models/node.py:487 +#: assets/models/node.py:501 msgid "Key" msgstr "键" -#: assets/models/node.py:497 assets/serializers/system_user.py:43 +#: assets/models/node.py:511 assets/serializers/system_user.py:43 #: assets/serializers/system_user.py:175 perms/forms/asset_permission.py:92 #: perms/forms/asset_permission.py:99 #: users/templates/users/user_asset_permission.html:41 @@ -601,7 +607,7 @@ msgid "Username same with user" msgstr "用户名与用户相同" #: assets/models/user.py:110 templates/_nav.html:39 -#: xpack/plugins/change_auth_plan/models.py:51 +#: xpack/plugins/change_auth_plan/models.py:52 msgid "Assets" msgstr "资产管理" @@ -635,12 +641,14 @@ msgstr "登录模式" msgid "SFTP Root" msgstr "SFTP根路径" -#: assets/models/user.py:195 audits/models.py:21 +#: assets/models/user.py:195 audits/models.py:39 #: perms/forms/asset_permission.py:95 perms/forms/remote_app_permission.py:49 #: perms/models/asset_permission.py:82 #: perms/models/database_app_permission.py:22 #: perms/models/remote_app_permission.py:16 templates/_nav.html:45 -#: terminal/backends/command/models.py:20 terminal/models.py:189 +#: terminal/backends/command/models.py:20 +#: terminal/backends/command/serializers.py:14 terminal/models.py:189 +#: tickets/serializers/request_asset_perm.py:16 #: users/templates/users/_granted_assets.html:27 #: users/templates/users/user_asset_permission.html:42 #: users/templates/users/user_asset_permission.html:76 @@ -677,15 +685,15 @@ msgstr "协议格式 {}/{}" msgid "Protocol duplicate: {}" msgstr "协议重复: {}" -#: assets/serializers/asset.py:108 +#: assets/serializers/asset.py:111 msgid "Hardware info" msgstr "硬件信息" -#: assets/serializers/asset.py:109 orgs/mixins/serializers.py:27 +#: assets/serializers/asset.py:112 orgs/mixins/serializers.py:27 msgid "Org name" msgstr "组织名称" -#: assets/serializers/asset.py:144 assets/serializers/asset.py:181 +#: assets/serializers/asset.py:147 assets/serializers/asset.py:178 msgid "Connectivity" msgstr "连接" @@ -699,14 +707,14 @@ msgid "Backend" msgstr "后端" #: assets/serializers/asset_user.py:75 users/forms/profile.py:148 -#: users/models/user.py:496 users/templates/users/user_password_update.html:48 +#: users/models/user.py:497 users/templates/users/user_password_update.html:48 #: users/templates/users/user_profile.html:69 #: users/templates/users/user_profile_update.html:46 #: users/templates/users/user_pubkey_update.html:46 msgid "Public key" msgstr "SSH公钥" -#: assets/serializers/asset_user.py:79 users/models/user.py:493 +#: assets/serializers/asset_user.py:79 users/models/user.py:494 msgid "Private key" msgstr "ssh私钥" @@ -753,7 +761,7 @@ msgstr "定期测试管理账号可连接性: {}" #: assets/tasks/admin_user_connectivity.py:67 msgid "Test admin user connectivity: {}" -msgstr "测试管理行号可连接性: {}" +msgstr "测试管理帐号可连接性: {}" #: assets/tasks/asset_connectivity.py:27 msgid "Test assets connectivity" @@ -796,7 +804,7 @@ msgid "Gather assets users" msgstr "收集资产上的用户" #: assets/tasks/push_system_user.py:148 -#: assets/tasks/system_user_connectivity.py:86 +#: assets/tasks/system_user_connectivity.py:89 msgid "System user is dynamic: {}" msgstr "系统用户是动态的: {}" @@ -805,7 +813,7 @@ msgid "Start push system user for platform: [{}]" msgstr "推送系统用户到平台: [{}]" #: assets/tasks/push_system_user.py:180 -#: assets/tasks/system_user_connectivity.py:78 +#: assets/tasks/system_user_connectivity.py:81 msgid "Hosts count: {}" msgstr "主机数量: {}" @@ -817,19 +825,19 @@ msgstr "推送系统用户到入资产: {}" msgid "Push system users to asset: {}({}) => {}" msgstr "推送系统用户到入资产: {}({}) => {}" -#: assets/tasks/system_user_connectivity.py:77 +#: assets/tasks/system_user_connectivity.py:80 msgid "Start test system user connectivity for platform: [{}]" msgstr "开始测试系统用户在该系统平台的可连接性: [{}]" -#: assets/tasks/system_user_connectivity.py:97 +#: assets/tasks/system_user_connectivity.py:100 msgid "Test system user connectivity: {}" msgstr "测试系统用户可连接性: {}" -#: assets/tasks/system_user_connectivity.py:105 +#: assets/tasks/system_user_connectivity.py:108 msgid "Test system user connectivity: {} => {}" msgstr "测试系统用户可连接性: {} => {}" -#: assets/tasks/system_user_connectivity.py:118 +#: assets/tasks/system_user_connectivity.py:121 msgid "Test system user connectivity period: {}" msgstr "定期测试系统用户可连接性: {}" @@ -855,37 +863,75 @@ msgstr "为了安全,禁止推送用户 {}" msgid "No assets matched, stop task" msgstr "没有匹配到资产,结束任务" -#: audits/models.py:19 audits/models.py:42 audits/models.py:53 +#: audits/models.py:26 audits/models.py:53 +#: authentication/templates/authentication/_access_key_modal.html:65 +#: users/templates/users/user_asset_permission.html:128 +#: users/templates/users/user_database_app_permission.html:111 +#: users/templates/users/user_detail.html:16 +#: users/templates/users/user_group_detail.html:27 +#: users/templates/users/user_group_list.html:53 +#: users/templates/users/user_list.html:94 +#: users/templates/users/user_list.html:98 +#: users/templates/users/user_remote_app_permission.html:111 +msgid "Delete" +msgstr "删除文件" + +#: audits/models.py:27 +msgid "Upload" +msgstr "上传文件" + +#: audits/models.py:28 +msgid "Download" +msgstr "下载文件" + +#: audits/models.py:29 +msgid "Rmdir" +msgstr "删除目录" + +#: audits/models.py:30 +msgid "Rename" +msgstr "重命名" + +#: audits/models.py:31 +msgid "Mkdir" +msgstr "创建目录" + +#: audits/models.py:32 +msgid "Symlink" +msgstr "建立软链接" + +#: audits/models.py:37 audits/models.py:60 audits/models.py:71 #: terminal/models.py:192 msgid "Remote addr" msgstr "远端地址" -#: audits/models.py:22 +#: audits/models.py:40 msgid "Operate" msgstr "操作" -#: audits/models.py:23 +#: audits/models.py:41 msgid "Filename" msgstr "文件名" -#: audits/models.py:24 audits/models.py:77 +#: audits/models.py:42 audits/models.py:95 #: users/templates/users/user_detail.html:487 msgid "Success" msgstr "成功" -#: audits/models.py:25 ops/models/command.py:28 perms/models/base.py:52 -#: terminal/models.py:199 xpack/plugins/change_auth_plan/models.py:176 -#: xpack/plugins/change_auth_plan/models.py:307 +#: audits/models.py:43 ops/models/command.py:28 perms/models/base.py:52 +#: terminal/models.py:199 tickets/serializers/request_asset_perm.py:18 +#: xpack/plugins/change_auth_plan/models.py:177 +#: xpack/plugins/change_auth_plan/models.py:308 #: xpack/plugins/gathered_user/models.py:76 msgid "Date start" msgstr "开始日期" -#: audits/models.py:33 +#: audits/models.py:51 #: authentication/templates/authentication/_access_key_modal.html:22 msgid "Create" msgstr "创建" -#: audits/models.py:34 templates/_csv_import_export.html:18 +#: audits/models.py:52 templates/_csv_import_export.html:18 #: templates/_csv_update_modal.html:6 #: users/templates/users/user_asset_permission.html:127 #: users/templates/users/user_database_app_permission.html:110 @@ -901,105 +947,93 @@ msgstr "创建" msgid "Update" msgstr "更新" -#: audits/models.py:35 -#: authentication/templates/authentication/_access_key_modal.html:65 -#: users/templates/users/user_asset_permission.html:128 -#: users/templates/users/user_database_app_permission.html:111 -#: users/templates/users/user_detail.html:16 -#: users/templates/users/user_group_detail.html:27 -#: users/templates/users/user_group_list.html:53 -#: users/templates/users/user_list.html:94 -#: users/templates/users/user_list.html:98 -#: users/templates/users/user_remote_app_permission.html:111 -msgid "Delete" -msgstr "删除" - -#: audits/models.py:40 +#: audits/models.py:58 msgid "Resource Type" msgstr "资源类型" -#: audits/models.py:41 +#: audits/models.py:59 msgid "Resource" msgstr "资源" -#: audits/models.py:43 audits/models.py:54 +#: audits/models.py:61 audits/models.py:72 msgid "Datetime" msgstr "日期" -#: audits/models.py:52 +#: audits/models.py:70 msgid "Change by" msgstr "修改者" -#: audits/models.py:71 users/templates/users/user_detail.html:84 +#: audits/models.py:89 users/templates/users/user_detail.html:84 msgid "Disabled" msgstr "禁用" -#: audits/models.py:72 settings/models.py:31 +#: audits/models.py:90 settings/models.py:31 #: users/templates/users/user_detail.html:82 msgid "Enabled" msgstr "启用" -#: audits/models.py:73 +#: audits/models.py:91 msgid "-" msgstr "" -#: audits/models.py:78 xpack/plugins/cloud/models.py:204 +#: audits/models.py:96 xpack/plugins/cloud/models.py:204 msgid "Failed" msgstr "失败" -#: audits/models.py:82 +#: audits/models.py:100 msgid "Login type" msgstr "登录方式" -#: audits/models.py:83 +#: audits/models.py:101 msgid "Login ip" msgstr "登录IP" -#: audits/models.py:84 +#: audits/models.py:102 msgid "Login city" msgstr "登录城市" -#: audits/models.py:85 +#: audits/models.py:103 msgid "User agent" msgstr "Agent" -#: audits/models.py:86 +#: audits/models.py:104 #: authentication/templates/authentication/_mfa_confirm_modal.html:14 #: authentication/templates/authentication/login_otp.html:6 -#: users/forms/profile.py:52 users/models/user.py:488 +#: users/forms/profile.py:52 users/models/user.py:489 #: users/serializers/user.py:216 users/templates/users/user_detail.html:77 #: users/templates/users/user_profile.html:87 msgid "MFA" msgstr "多因子认证" -#: audits/models.py:87 xpack/plugins/change_auth_plan/models.py:303 +#: audits/models.py:105 xpack/plugins/change_auth_plan/models.py:304 #: xpack/plugins/cloud/models.py:217 msgid "Reason" msgstr "原因" -#: audits/models.py:88 tickets/serializers/ticket.py:25 -#: xpack/plugins/cloud/models.py:214 xpack/plugins/cloud/models.py:272 +#: audits/models.py:106 tickets/serializers/request_asset_perm.py:53 +#: tickets/serializers/ticket.py:25 xpack/plugins/cloud/models.py:214 +#: xpack/plugins/cloud/models.py:272 msgid "Status" msgstr "状态" -#: audits/models.py:89 +#: audits/models.py:107 msgid "Date login" msgstr "登录日期" -#: audits/serializers.py:61 audits/serializers.py:73 ops/models/adhoc.py:244 +#: audits/serializers.py:62 audits/serializers.py:74 ops/models/adhoc.py:244 msgid "Is success" msgstr "是否成功" -#: audits/serializers.py:72 ops/models/command.py:24 +#: audits/serializers.py:73 ops/models/command.py:24 #: xpack/plugins/cloud/models.py:212 msgid "Result" msgstr "结果" -#: audits/serializers.py:74 +#: audits/serializers.py:75 msgid "Hosts" msgstr "主机" -#: audits/serializers.py:75 +#: audits/serializers.py:76 msgid "Run as" msgstr "运行用户" @@ -1058,39 +1092,43 @@ msgstr "" msgid "Invalid token or cache refreshed." msgstr "" -#: authentication/errors.py:21 +#: authentication/errors.py:22 msgid "Username/password check failed" msgstr "用户名/密码 校验失败" -#: authentication/errors.py:22 +#: authentication/errors.py:23 +msgid "Password decrypt failed" +msgstr "密码解密失败" + +#: authentication/errors.py:24 msgid "MFA failed" msgstr "多因子认证失败" -#: authentication/errors.py:23 +#: authentication/errors.py:25 msgid "MFA unset" msgstr "多因子认证没有设定" -#: authentication/errors.py:24 +#: authentication/errors.py:26 msgid "Username does not exist" msgstr "用户名不存在" -#: authentication/errors.py:25 +#: authentication/errors.py:27 msgid "Password expired" msgstr "密码已过期" -#: authentication/errors.py:26 +#: authentication/errors.py:28 msgid "Disabled or expired" msgstr "禁用或失效" -#: authentication/errors.py:27 +#: authentication/errors.py:29 msgid "This account is inactive." msgstr "此账户已禁用" -#: authentication/errors.py:37 +#: authentication/errors.py:39 msgid "No session found, check your cookie" msgstr "会话已变更,刷新页面" -#: authentication/errors.py:39 +#: authentication/errors.py:41 #, python-brace-format msgid "" "The username or password you entered is incorrect, please enter it again. " @@ -1100,34 +1138,34 @@ msgstr "" "您输入的用户名或密码不正确,请重新输入。 您还可以尝试 {times_try} 次(账号将" "被临时 锁定 {block_time} 分钟)" -#: authentication/errors.py:45 +#: authentication/errors.py:47 msgid "" "The account has been locked (please contact admin to unlock it or try again " "after {} minutes)" msgstr "账号已被锁定(请联系管理员解锁 或 {}分钟后重试)" -#: authentication/errors.py:48 users/views/profile/otp.py:63 +#: authentication/errors.py:50 users/views/profile/otp.py:63 #: users/views/profile/otp.py:102 users/views/profile/otp.py:121 msgid "MFA code invalid, or ntp sync server time" msgstr "MFA验证码不正确,或者服务器端时间不对" -#: authentication/errors.py:50 +#: authentication/errors.py:52 msgid "MFA required" msgstr "需要多因子认证" -#: authentication/errors.py:51 +#: authentication/errors.py:53 msgid "MFA not set, please set it first" msgstr "多因子认证没有设置,请先完成设置" -#: authentication/errors.py:52 +#: authentication/errors.py:54 msgid "Login confirm required" msgstr "需要登录复核" -#: authentication/errors.py:53 +#: authentication/errors.py:55 msgid "Wait login confirm ticket for accept" msgstr "等待登录复核处理" -#: authentication/errors.py:54 +#: authentication/errors.py:56 msgid "Login confirm ticket was {}" msgstr "登录复核 {}" @@ -1151,7 +1189,7 @@ msgstr "SSH密钥" msgid "Reviewers" msgstr "审批人" -#: authentication/models.py:53 tickets/models/ticket.py:25 +#: authentication/models.py:53 tickets/models/ticket.py:26 #: users/templates/users/user_detail.html:250 msgid "Login confirm" msgstr "登录复核" @@ -1186,7 +1224,7 @@ msgid "Show" msgstr "显示" #: authentication/templates/authentication/_access_key_modal.html:66 -#: users/models/user.py:386 users/serializers/user.py:213 +#: users/models/user.py:387 users/serializers/user.py:213 #: users/templates/users/user_profile.html:94 #: users/templates/users/user_profile.html:163 #: users/templates/users/user_profile.html:166 @@ -1195,7 +1233,7 @@ msgid "Disable" msgstr "禁用" #: authentication/templates/authentication/_access_key_modal.html:67 -#: users/models/user.py:387 users/serializers/user.py:214 +#: users/models/user.py:388 users/serializers/user.py:214 #: users/templates/users/user_profile.html:92 #: users/templates/users/user_profile.html:170 msgid "Enable" @@ -1207,7 +1245,7 @@ msgstr "删除成功" #: authentication/templates/authentication/_access_key_modal.html:155 #: authentication/templates/authentication/_mfa_confirm_modal.html:53 -#: templates/_modal.html:22 tickets/models/ticket.py:68 +#: templates/_modal.html:22 tickets/models/ticket.py:70 msgid "Close" msgstr "关闭" @@ -1307,7 +1345,7 @@ msgstr "欢迎回来,请输入用户名和密码登录" msgid "Please enable cookies and try again." msgstr "设置你的浏览器支持cookie" -#: authentication/views/login.py:168 +#: authentication/views/login.py:172 msgid "" "Wait for {} confirm, You also can copy link to her/him
\n" " Don't close this page" @@ -1315,15 +1353,15 @@ msgstr "" "等待 {} 确认, 你也可以复制链接发给他/她
\n" " 不要关闭本页面" -#: authentication/views/login.py:173 +#: authentication/views/login.py:177 msgid "No ticket found" msgstr "没有发现工单" -#: authentication/views/login.py:205 +#: authentication/views/login.py:209 msgid "Logout success" msgstr "退出登录成功" -#: authentication/views/login.py:206 +#: authentication/views/login.py:210 msgid "Logout success, return login page" msgstr "退出登录成功,返回到登录页面" @@ -1337,6 +1375,11 @@ msgstr "%(name)s 创建成功" msgid "%(name)s was updated successfully" msgstr "%(name)s 更新成功" +#: common/drf/parsers/csv.py:22 +#, python-format +msgid "The max size of CSV is %d bytes" +msgstr "CSV 文件最大为 %d 字节" + #: common/fields/form.py:33 msgid "Not a valid json" msgstr "不是合法json" @@ -1520,8 +1563,8 @@ msgstr "开始时间" msgid "End time" msgstr "完成时间" -#: ops/models/adhoc.py:242 xpack/plugins/change_auth_plan/models.py:179 -#: xpack/plugins/change_auth_plan/models.py:310 +#: ops/models/adhoc.py:242 xpack/plugins/change_auth_plan/models.py:180 +#: xpack/plugins/change_auth_plan/models.py:311 #: xpack/plugins/gathered_user/models.py:79 msgid "Time" msgstr "时间" @@ -1604,7 +1647,7 @@ msgstr "提示:RDP 协议不支持单独控制上传或下载文件" #: perms/forms/asset_permission.py:86 perms/forms/database_app_permission.py:41 #: perms/forms/remote_app_permission.py:43 perms/models/base.py:50 #: templates/_nav.html:21 users/forms/user.py:168 users/models/group.py:31 -#: users/models/user.py:472 users/templates/users/_select_user_modal.html:16 +#: users/models/user.py:473 users/templates/users/_select_user_modal.html:16 #: users/templates/users/user_asset_permission.html:39 #: users/templates/users/user_asset_permission.html:67 #: users/templates/users/user_database_app_permission.html:38 @@ -1657,8 +1700,8 @@ msgstr "动作" msgid "Asset permission" msgstr "资产授权" -#: perms/models/base.py:53 users/models/user.py:504 -#: users/templates/users/user_detail.html:93 +#: perms/models/base.py:53 tickets/serializers/request_asset_perm.py:20 +#: users/models/user.py:505 users/templates/users/user_detail.html:93 #: users/templates/users/user_profile.html:120 msgid "Date expired" msgstr "失效日期" @@ -2320,14 +2363,17 @@ msgid "Input" msgstr "输入" #: terminal/backends/command/models.py:22 +#: terminal/backends/command/serializers.py:16 msgid "Output" msgstr "输出" #: terminal/backends/command/models.py:23 +#: terminal/backends/command/serializers.py:17 msgid "Session" msgstr "会话" #: terminal/backends/command/models.py:24 +#: terminal/backends/command/serializers.py:18 msgid "Risk level" msgstr "风险等级" @@ -2387,7 +2433,44 @@ msgstr "结束日期" msgid "Args" msgstr "参数" -#: tickets/models/ticket.py:18 tickets/models/ticket.py:70 +#: tickets/api/request_asset_perm.py:40 +msgid "Ticket closed" +msgstr "工单已关闭" + +#: tickets/api/request_asset_perm.py:43 +#, python-format +msgid "Ticket has %s" +msgstr "工单已%s" + +#: tickets/api/request_asset_perm.py:69 +msgid "Superuser" +msgstr "超级管理员" + +#: tickets/api/request_asset_perm.py:102 +msgid "Confirm assets first" +msgstr "请先确认资产" + +#: tickets/api/request_asset_perm.py:105 +msgid "Confirmed assets changed" +msgstr "确认的资产变更了" + +#: tickets/api/request_asset_perm.py:109 +msgid "Confirm system-user first" +msgstr "请先确认系统用户" + +#: tickets/api/request_asset_perm.py:113 +msgid "Confirmed system-user changed" +msgstr "确认的系统用户变更了" + +#: tickets/api/request_asset_perm.py:116 xpack/plugins/cloud/models.py:205 +msgid "Succeed" +msgstr "成功" + +#: tickets/api/request_asset_perm.py:124 +msgid "{} request assets, approved by {}" +msgstr "{} 申请资产,通过人 {}" + +#: tickets/models/ticket.py:18 tickets/models/ticket.py:72 msgid "Open" msgstr "开启" @@ -2395,54 +2478,74 @@ msgstr "开启" msgid "Closed" msgstr "关闭" -#: tickets/models/ticket.py:24 +#: tickets/models/ticket.py:25 msgid "General" msgstr "一般" -#: tickets/models/ticket.py:30 +#: tickets/models/ticket.py:27 +msgid "Request asset permission" +msgstr "申请资产权限" + +#: tickets/models/ticket.py:32 msgid "Approve" msgstr "同意" -#: tickets/models/ticket.py:31 +#: tickets/models/ticket.py:33 msgid "Reject" msgstr "拒绝" -#: tickets/models/ticket.py:34 tickets/models/ticket.py:129 +#: tickets/models/ticket.py:36 tickets/models/ticket.py:131 msgid "User display name" msgstr "用户显示名称" -#: tickets/models/ticket.py:36 +#: tickets/models/ticket.py:38 msgid "Title" msgstr "标题" -#: tickets/models/ticket.py:37 tickets/models/ticket.py:130 +#: tickets/models/ticket.py:39 tickets/models/ticket.py:132 msgid "Body" msgstr "内容" -#: tickets/models/ticket.py:39 +#: tickets/models/ticket.py:41 msgid "Assignee" msgstr "处理人" -#: tickets/models/ticket.py:40 +#: tickets/models/ticket.py:42 msgid "Assignee display name" msgstr "处理人名称" -#: tickets/models/ticket.py:41 +#: tickets/models/ticket.py:43 msgid "Assignees" msgstr "待处理人" -#: tickets/models/ticket.py:42 +#: tickets/models/ticket.py:44 msgid "Assignees display name" msgstr "待处理人名称" -#: tickets/models/ticket.py:71 +#: tickets/models/ticket.py:73 msgid "{} {} this ticket" msgstr "{} {} 这个工单" -#: tickets/models/ticket.py:82 +#: tickets/models/ticket.py:84 msgid "this ticket" msgstr "这个工单" +#: tickets/serializers/request_asset_perm.py:12 +msgid "IP group" +msgstr "IP组" + +#: tickets/serializers/request_asset_perm.py:24 +msgid "Confirmed assets" +msgstr "确认的资产" + +#: tickets/serializers/request_asset_perm.py:28 +msgid "Confirmed system user" +msgstr "确认的系统用户" + +#: tickets/serializers/request_asset_perm.py:65 +msgid "Must be organization admin or superuser" +msgstr "必须是组织管理员或者超级管理员" + #: tickets/utils.py:18 msgid "New ticket" msgstr "新工单" @@ -2507,7 +2610,7 @@ msgstr "" "
\n" " " -#: users/api/user.py:117 +#: users/api/user.py:119 msgid "Could not reset self otp, use profile reset instead" msgstr "不能在该页面重置多因子认证, 请去个人信息页面重置" @@ -2553,7 +2656,7 @@ msgstr "确认密码" msgid "Password does not match" msgstr "密码不一致" -#: users/forms/profile.py:89 users/models/user.py:468 +#: users/forms/profile.py:89 users/models/user.py:469 #: users/templates/users/user_detail.html:57 #: users/templates/users/user_profile.html:59 msgid "Email" @@ -2594,7 +2697,7 @@ msgstr "不能和原来的密钥相同" msgid "Not a valid ssh public key" msgstr "SSH密钥不合法" -#: users/forms/user.py:27 users/models/user.py:476 +#: users/forms/user.py:27 users/models/user.py:477 #: users/templates/users/_select_user_modal.html:15 #: users/templates/users/user_detail.html:73 #: users/templates/users/user_list.html:16 @@ -2602,7 +2705,7 @@ msgstr "SSH密钥不合法" msgid "Role" msgstr "角色" -#: users/forms/user.py:31 users/models/user.py:511 +#: users/forms/user.py:31 users/models/user.py:512 #: users/templates/users/user_detail.html:89 #: users/templates/users/user_list.html:18 #: users/templates/users/user_profile.html:102 @@ -2631,59 +2734,55 @@ msgid "Set password" msgstr "设置密码" #: users/forms/user.py:132 users/serializers/user.py:38 -#: xpack/plugins/change_auth_plan/models.py:60 +#: xpack/plugins/change_auth_plan/models.py:61 #: xpack/plugins/change_auth_plan/serializers.py:30 msgid "Password strategy" msgstr "密码策略" -#: users/models/user.py:158 users/models/user.py:622 +#: users/models/user.py:159 users/models/user.py:623 msgid "Administrator" msgstr "管理员" -#: users/models/user.py:160 +#: users/models/user.py:161 msgid "Application" msgstr "应用程序" -#: users/models/user.py:161 +#: users/models/user.py:162 msgid "Auditor" msgstr "审计员" -#: users/models/user.py:171 +#: users/models/user.py:172 msgid "Org admin" msgstr "组织管理员" -#: users/models/user.py:173 +#: users/models/user.py:174 msgid "Org auditor" msgstr "组织审计员" -#: users/models/user.py:388 users/templates/users/user_profile.html:90 +#: users/models/user.py:389 users/templates/users/user_profile.html:90 msgid "Force enable" msgstr "强制启用" -#: users/models/user.py:455 +#: users/models/user.py:456 msgid "Local" msgstr "数据库" -#: users/models/user.py:479 +#: users/models/user.py:480 msgid "Avatar" msgstr "头像" -#: users/models/user.py:482 users/templates/users/user_detail.html:68 +#: users/models/user.py:483 users/templates/users/user_detail.html:68 msgid "Wechat" msgstr "微信" -#: users/models/user.py:515 +#: users/models/user.py:516 msgid "Date password last updated" msgstr "最后更新密码日期" -#: users/models/user.py:625 +#: users/models/user.py:626 msgid "Administrator is the super user of system" msgstr "Administrator是初始的超级管理员" -#: users/serializers/group.py:50 -msgid "Auditors cannot be join in the user group" -msgstr "审计员不能被加入到用户组" - #: users/serializers/user.py:69 users/serializers/user.py:229 msgid "Is first login" msgstr "首次登录" @@ -2902,7 +3001,7 @@ msgstr "很强" #: users/templates/users/user_database_app_permission.html:41 #: users/templates/users/user_list.html:19 #: users/templates/users/user_remote_app_permission.html:41 -#: xpack/plugins/cloud/models.py:50 xpack/plugins/cloud/serializers.py:32 +#: xpack/plugins/cloud/models.py:50 msgid "Validity" msgstr "有效" @@ -3507,65 +3606,65 @@ msgid "Token invalid or expired" msgstr "Token错误或失效" #: xpack/plugins/change_auth_plan/meta.py:9 -#: xpack/plugins/change_auth_plan/models.py:88 -#: xpack/plugins/change_auth_plan/models.py:183 +#: xpack/plugins/change_auth_plan/models.py:89 +#: xpack/plugins/change_auth_plan/models.py:184 msgid "Change auth plan" msgstr "改密计划" -#: xpack/plugins/change_auth_plan/models.py:40 +#: xpack/plugins/change_auth_plan/models.py:41 msgid "Custom password" msgstr "自定义密码" -#: xpack/plugins/change_auth_plan/models.py:41 +#: xpack/plugins/change_auth_plan/models.py:42 msgid "All assets use the same random password" msgstr "所有资产使用相同的随机密码" -#: xpack/plugins/change_auth_plan/models.py:42 +#: xpack/plugins/change_auth_plan/models.py:43 msgid "All assets use different random password" msgstr "所有资产使用不同的随机密码" -#: xpack/plugins/change_auth_plan/models.py:64 +#: xpack/plugins/change_auth_plan/models.py:65 msgid "Password rules" msgstr "密码规则" -#: xpack/plugins/change_auth_plan/models.py:187 +#: xpack/plugins/change_auth_plan/models.py:188 msgid "Change auth plan snapshot" msgstr "改密计划快照" -#: xpack/plugins/change_auth_plan/models.py:202 -#: xpack/plugins/change_auth_plan/models.py:296 +#: xpack/plugins/change_auth_plan/models.py:203 +#: xpack/plugins/change_auth_plan/models.py:297 msgid "Change auth plan execution" msgstr "改密计划执行" -#: xpack/plugins/change_auth_plan/models.py:269 +#: xpack/plugins/change_auth_plan/models.py:270 msgid "Ready" msgstr "" -#: xpack/plugins/change_auth_plan/models.py:270 +#: xpack/plugins/change_auth_plan/models.py:271 msgid "Preflight check" msgstr "" -#: xpack/plugins/change_auth_plan/models.py:271 +#: xpack/plugins/change_auth_plan/models.py:272 msgid "Change auth" msgstr "" -#: xpack/plugins/change_auth_plan/models.py:272 +#: xpack/plugins/change_auth_plan/models.py:273 msgid "Verify auth" msgstr "" -#: xpack/plugins/change_auth_plan/models.py:273 +#: xpack/plugins/change_auth_plan/models.py:274 msgid "Keep auth" msgstr "" -#: xpack/plugins/change_auth_plan/models.py:274 +#: xpack/plugins/change_auth_plan/models.py:275 msgid "Finished" msgstr "结束" -#: xpack/plugins/change_auth_plan/models.py:300 +#: xpack/plugins/change_auth_plan/models.py:301 msgid "Step" msgstr "步骤" -#: xpack/plugins/change_auth_plan/models.py:317 +#: xpack/plugins/change_auth_plan/models.py:318 msgid "Change auth plan task" msgstr "改密计划任务" @@ -3609,7 +3708,7 @@ msgstr "有效" msgid "Unavailable" msgstr "无效" -#: xpack/plugins/cloud/models.py:39 xpack/plugins/cloud/serializers.py:31 +#: xpack/plugins/cloud/models.py:39 msgid "Provider" msgstr "云服务商" @@ -3625,7 +3724,7 @@ msgstr "" msgid "Cloud account" msgstr "云账号" -#: xpack/plugins/cloud/models.py:122 xpack/plugins/cloud/serializers.py:55 +#: xpack/plugins/cloud/models.py:122 xpack/plugins/cloud/serializers.py:58 msgid "Regions" msgstr "地域" @@ -3633,7 +3732,7 @@ msgstr "地域" msgid "Instances" msgstr "实例" -#: xpack/plugins/cloud/models.py:136 xpack/plugins/cloud/serializers.py:77 +#: xpack/plugins/cloud/models.py:136 xpack/plugins/cloud/serializers.py:80 msgid "Covered always" msgstr "总是被覆盖" @@ -3645,10 +3744,6 @@ msgstr "最后同步日期" msgid "Sync instance task" msgstr "同步实例任务" -#: xpack/plugins/cloud/models.py:205 -msgid "Succeed" -msgstr "成功" - #: xpack/plugins/cloud/models.py:220 xpack/plugins/cloud/models.py:275 msgid "Date sync" msgstr "同步日期" @@ -3753,19 +3848,19 @@ msgstr "拉美-圣地亚哥" msgid "Tencent Cloud" msgstr "腾讯云" -#: xpack/plugins/cloud/serializers.py:53 +#: xpack/plugins/cloud/serializers.py:56 msgid "History count" msgstr "执行次数" -#: xpack/plugins/cloud/serializers.py:54 +#: xpack/plugins/cloud/serializers.py:57 msgid "Instance count" msgstr "实例个数" -#: xpack/plugins/cloud/serializers.py:75 +#: xpack/plugins/cloud/serializers.py:78 msgid "Account name" msgstr "账户名称" -#: xpack/plugins/cloud/serializers.py:76 +#: xpack/plugins/cloud/serializers.py:79 #: xpack/plugins/gathered_user/serializers.py:20 msgid "Periodic display" msgstr "定时执行" @@ -3854,6 +3949,12 @@ msgstr "企业版" msgid "Ultimate edition" msgstr "旗舰版" +#~ msgid "Auditors cannot be join in the user group" +#~ msgstr "审计员不能被加入到用户组" + +#~ msgid "Always update" +#~ msgstr "总是更新" + #~ msgid "Target URL" #~ msgstr "目标URL" @@ -4287,9 +4388,6 @@ msgstr "旗舰版" #~ "系统用户创建时,如果选择了自动推送,JumpServer 会使用 Ansible 自动推送系统" #~ "用户到资产中,如果资产(交换机)不支持 Ansible,请手动填写账号密码。" -#~ msgid "Create system user" -#~ msgstr "创建系统用户" - #~ msgid "Remove success" #~ msgstr "移除成功" @@ -4356,9 +4454,6 @@ msgstr "旗舰版" #~ msgid "Platform detail" #~ msgstr "平台详情" -#~ msgid "System user list" -#~ msgstr "系统用户列表" - #~ msgid "Update system user" #~ msgstr "更新系统用户" @@ -4428,9 +4523,6 @@ msgstr "旗舰版" #~ msgid "Task name" #~ msgstr "任务名称" -#~ msgid "Failed assets" -#~ msgstr "失败资产" - #~ msgid "No assets" #~ msgstr "没有资产" @@ -4592,9 +4684,6 @@ msgstr "旗舰版" #~ msgid "Asset permission list" #~ msgstr "资产授权列表" -#~ msgid "Create asset permission" -#~ msgstr "创建权限规则" - #~ msgid "Update asset permission" #~ msgstr "更新资产授权" @@ -4673,9 +4762,6 @@ msgstr "旗舰版" #~ msgid "Tips: Some provider use token except password" #~ msgstr "提示:一些邮件提供商需要输入的是Token" -#~ msgid "Send user" -#~ msgstr "发送账号" - #~ msgid "Tips: Send mail account, default SMTP account as the send account" #~ msgstr "提示:发送邮件账号,默认使用SMTP账号作为发送账号" @@ -5020,9 +5106,6 @@ msgstr "旗舰版" #~ msgid "Download replay" #~ msgstr "下载录像" -#~ msgid "Download" -#~ msgstr "下载" - #~ msgid "Monitor session" #~ msgstr "监控" @@ -5126,9 +5209,6 @@ msgstr "旗舰版" #~ msgid "Create ticket" #~ msgstr "提交工单" -#~ msgid "Ticket list" -#~ msgstr "工单列表" - #~ msgid "Ticket detail" #~ msgstr "工单详情" @@ -5498,9 +5578,6 @@ msgstr "旗舰版" #~ msgid "Have child node, cancel" #~ msgstr "存在子节点,不能删除" -#~ msgid "Have assets, cancel" -#~ msgstr "存在资产,不能删除" - #~ msgid "Add to node" #~ msgstr "添加到节点" @@ -5809,9 +5886,6 @@ msgstr "旗舰版" #~ msgid "Gather user plan" #~ msgstr "收集用户计划" -#~ msgid "Task update" -#~ msgstr "更新" - #~ msgid "Task create" #~ msgstr "创建" diff --git a/apps/orgs/api.py b/apps/orgs/api.py index 466ac7254..448c1dab0 100644 --- a/apps/orgs/api.py +++ b/apps/orgs/api.py @@ -22,6 +22,8 @@ logger = get_logger(__file__) class OrgViewSet(BulkModelViewSet): + filter_fields = ('name',) + search_fields = ('name', 'comment') queryset = Organization.objects.all() serializer_class = OrgSerializer permission_classes = (IsSuperUserOrAppUser,) diff --git a/apps/static/js/plugins/jsencrypt/jsencrypt.min.js b/apps/static/js/plugins/jsencrypt/jsencrypt.min.js new file mode 100644 index 000000000..1bacc3963 --- /dev/null +++ b/apps/static/js/plugins/jsencrypt/jsencrypt.min.js @@ -0,0 +1,73 @@ +/*! JSEncrypt v2.3.1 | https://npmcdn.com/jsencrypt@2.3.1/LICENSE.txt */ +!function(t,e){"function"==typeof define&&define.amd?define(["exports"],e):e("object"==typeof exports&&"string"!=typeof exports.nodeName?module.exports:t)}(this,function(t){function e(t,e,i){null!=t&&("number"==typeof t?this.fromNumber(t,e,i):null==e&&"string"!=typeof t?this.fromString(t,256):this.fromString(t,e))}function i(){return new e(null)}function r(t,e,i,r,s,n){for(;--n>=0;){var o=e*this[t++]+i[r]+s;s=Math.floor(o/67108864),i[r++]=67108863&o}return s}function s(t,e,i,r,s,n){for(var o=32767&e,h=e>>15;--n>=0;){var a=32767&this[t],u=this[t++]>>15,c=h*a+u*o;a=o*a+((32767&c)<<15)+i[r]+(1073741823&s),s=(a>>>30)+(c>>>15)+h*u+(s>>>30),i[r++]=1073741823&a}return s}function n(t,e,i,r,s,n){for(var o=16383&e,h=e>>14;--n>=0;){var a=16383&this[t],u=this[t++]>>14,c=h*a+u*o;a=o*a+((16383&c)<<14)+i[r]+s,s=(a>>28)+(c>>14)+h*u,i[r++]=268435455&a}return s}function o(t){return Be.charAt(t)}function h(t,e){var i=Ke[t.charCodeAt(e)];return null==i?-1:i}function a(t){for(var e=this.t-1;e>=0;--e)t[e]=this[e];t.t=this.t,t.s=this.s}function u(t){this.t=1,this.s=0>t?-1:0,t>0?this[0]=t:-1>t?this[0]=t+this.DV:this.t=0}function c(t){var e=i();return e.fromInt(t),e}function f(t,i){var r;if(16==i)r=4;else if(8==i)r=3;else if(256==i)r=8;else if(2==i)r=1;else if(32==i)r=5;else{if(4!=i)return void this.fromRadix(t,i);r=2}this.t=0,this.s=0;for(var s=t.length,n=!1,o=0;--s>=0;){var a=8==r?255&t[s]:h(t,s);0>a?"-"==t.charAt(s)&&(n=!0):(n=!1,0==o?this[this.t++]=a:o+r>this.DB?(this[this.t-1]|=(a&(1<>this.DB-o):this[this.t-1]|=a<=this.DB&&(o-=this.DB))}8==r&&0!=(128&t[0])&&(this.s=-1,o>0&&(this[this.t-1]|=(1<0&&this[this.t-1]==t;)--this.t}function l(t){if(this.s<0)return"-"+this.negate().toString(t);var e;if(16==t)e=4;else if(8==t)e=3;else if(2==t)e=1;else if(32==t)e=5;else{if(4!=t)return this.toRadix(t);e=2}var i,r=(1<0)for(a>a)>0&&(s=!0,n=o(i));h>=0;)e>a?(i=(this[h]&(1<>(a+=this.DB-e)):(i=this[h]>>(a-=e)&r,0>=a&&(a+=this.DB,--h)),i>0&&(s=!0),s&&(n+=o(i));return s?n:"0"}function d(){var t=i();return e.ZERO.subTo(this,t),t}function g(){return this.s<0?this.negate():this}function m(t){var e=this.s-t.s;if(0!=e)return e;var i=this.t;if(e=i-t.t,0!=e)return this.s<0?-e:e;for(;--i>=0;)if(0!=(e=this[i]-t[i]))return e;return 0}function y(t){var e,i=1;return 0!=(e=t>>>16)&&(t=e,i+=16),0!=(e=t>>8)&&(t=e,i+=8),0!=(e=t>>4)&&(t=e,i+=4),0!=(e=t>>2)&&(t=e,i+=2),0!=(e=t>>1)&&(t=e,i+=1),i}function b(){return this.t<=0?0:this.DB*(this.t-1)+y(this[this.t-1]^this.s&this.DM)}function T(t,e){var i;for(i=this.t-1;i>=0;--i)e[i+t]=this[i];for(i=t-1;i>=0;--i)e[i]=0;e.t=this.t+t,e.s=this.s}function S(t,e){for(var i=t;i=0;--i)e[i+o+1]=this[i]>>s|h,h=(this[i]&n)<=0;--i)e[i]=0;e[o]=h,e.t=this.t+o+1,e.s=this.s,e.clamp()}function E(t,e){e.s=this.s;var i=Math.floor(t/this.DB);if(i>=this.t)return void(e.t=0);var r=t%this.DB,s=this.DB-r,n=(1<>r;for(var o=i+1;o>r;r>0&&(e[this.t-i-1]|=(this.s&n)<i;)r+=this[i]-t[i],e[i++]=r&this.DM,r>>=this.DB;if(t.t>=this.DB;r+=this.s}else{for(r+=this.s;i>=this.DB;r-=t.s}e.s=0>r?-1:0,-1>r?e[i++]=this.DV+r:r>0&&(e[i++]=r),e.t=i,e.clamp()}function w(t,i){var r=this.abs(),s=t.abs(),n=r.t;for(i.t=n+s.t;--n>=0;)i[n]=0;for(n=0;n=0;)t[i]=0;for(i=0;i=e.DV&&(t[i+e.t]-=e.DV,t[i+e.t+1]=1)}t.t>0&&(t[t.t-1]+=e.am(i,e[i],t,2*i,0,1)),t.s=0,t.clamp()}function B(t,r,s){var n=t.abs();if(!(n.t<=0)){var o=this.abs();if(o.t0?(n.lShiftTo(c,h),o.lShiftTo(c,s)):(n.copyTo(h),o.copyTo(s));var f=h.t,p=h[f-1];if(0!=p){var l=p*(1<1?h[f-2]>>this.F2:0),d=this.FV/l,g=(1<=0&&(s[s.t++]=1,s.subTo(T,s)),e.ONE.dlShiftTo(f,T),T.subTo(h,h);h.t=0;){var S=s[--v]==p?this.DM:Math.floor(s[v]*d+(s[v-1]+m)*g);if((s[v]+=h.am(0,S,s,b,0,f))0&&s.rShiftTo(c,s),0>a&&e.ZERO.subTo(s,s)}}}function K(t){var r=i();return this.abs().divRemTo(t,null,r),this.s<0&&r.compareTo(e.ZERO)>0&&t.subTo(r,r),r}function A(t){this.m=t}function U(t){return t.s<0||t.compareTo(this.m)>=0?t.mod(this.m):t}function O(t){return t}function V(t){t.divRemTo(this.m,null,t)}function N(t,e,i){t.multiplyTo(e,i),this.reduce(i)}function J(t,e){t.squareTo(e),this.reduce(e)}function I(){if(this.t<1)return 0;var t=this[0];if(0==(1&t))return 0;var e=3&t;return e=e*(2-(15&t)*e)&15,e=e*(2-(255&t)*e)&255,e=e*(2-((65535&t)*e&65535))&65535,e=e*(2-t*e%this.DV)%this.DV,e>0?this.DV-e:-e}function P(t){this.m=t,this.mp=t.invDigit(),this.mpl=32767&this.mp,this.mph=this.mp>>15,this.um=(1<0&&this.m.subTo(r,r),r}function L(t){var e=i();return t.copyTo(e),this.reduce(e),e}function q(t){for(;t.t<=this.mt2;)t[t.t++]=0;for(var e=0;e>15)*this.mpl&this.um)<<15)&t.DM;for(i=e+this.m.t,t[i]+=this.m.am(0,r,t,e,0,this.m.t);t[i]>=t.DV;)t[i]-=t.DV,t[++i]++}t.clamp(),t.drShiftTo(this.m.t,t),t.compareTo(this.m)>=0&&t.subTo(this.m,t)}function C(t,e){t.squareTo(e),this.reduce(e)}function H(t,e,i){t.multiplyTo(e,i),this.reduce(i)}function j(){return 0==(this.t>0?1&this[0]:this.s)}function k(t,r){if(t>4294967295||1>t)return e.ONE;var s=i(),n=i(),o=r.convert(this),h=y(t)-1;for(o.copyTo(s);--h>=0;)if(r.sqrTo(s,n),(t&1<0)r.mulTo(n,o,s);else{var a=s;s=n,n=a}return r.revert(s)}function F(t,e){var i;return i=256>t||e.isEven()?new A(e):new P(e),this.exp(t,i)} +// Copyright (c) 2005-2009 Tom Wu +// All Rights Reserved. +// See "LICENSE" for details. +function _(){var t=i();return this.copyTo(t),t}function z(){if(this.s<0){if(1==this.t)return this[0]-this.DV;if(0==this.t)return-1}else{if(1==this.t)return this[0];if(0==this.t)return 0}return(this[1]&(1<<32-this.DB)-1)<>24}function G(){return 0==this.t?this.s:this[0]<<16>>16}function $(t){return Math.floor(Math.LN2*this.DB/Math.log(t))}function Y(){return this.s<0?-1:this.t<=0||1==this.t&&this[0]<=0?0:1}function W(t){if(null==t&&(t=10),0==this.signum()||2>t||t>36)return"0";var e=this.chunkSize(t),r=Math.pow(t,e),s=c(r),n=i(),o=i(),h="";for(this.divRemTo(s,n,o);n.signum()>0;)h=(r+o.intValue()).toString(t).substr(1)+h,n.divRemTo(s,n,o);return o.intValue().toString(t)+h}function Q(t,i){this.fromInt(0),null==i&&(i=10);for(var r=this.chunkSize(i),s=Math.pow(i,r),n=!1,o=0,a=0,u=0;uc?"-"==t.charAt(u)&&0==this.signum()&&(n=!0):(a=i*a+c,++o>=r&&(this.dMultiply(s),this.dAddOffset(a,0),o=0,a=0))}o>0&&(this.dMultiply(Math.pow(i,o)),this.dAddOffset(a,0)),n&&e.ZERO.subTo(this,this)}function X(t,i,r){if("number"==typeof i)if(2>t)this.fromInt(1);else for(this.fromNumber(t,r),this.testBit(t-1)||this.bitwiseTo(e.ONE.shiftLeft(t-1),ht,this),this.isEven()&&this.dAddOffset(1,0);!this.isProbablePrime(i);)this.dAddOffset(2,0),this.bitLength()>t&&this.subTo(e.ONE.shiftLeft(t-1),this);else{var s=new Array,n=7&t;s.length=(t>>3)+1,i.nextBytes(s),n>0?s[0]&=(1<0)for(r>r)!=(this.s&this.DM)>>r&&(e[s++]=i|this.s<=0;)8>r?(i=(this[t]&(1<>(r+=this.DB-8)):(i=this[t]>>(r-=8)&255,0>=r&&(r+=this.DB,--t)),0!=(128&i)&&(i|=-256),0==s&&(128&this.s)!=(128&i)&&++s,(s>0||i!=this.s)&&(e[s++]=i);return e}function et(t){return 0==this.compareTo(t)}function it(t){return this.compareTo(t)<0?this:t}function rt(t){return this.compareTo(t)>0?this:t}function st(t,e,i){var r,s,n=Math.min(t.t,this.t);for(r=0;n>r;++r)i[r]=e(this[r],t[r]);if(t.tt?this.rShiftTo(-t,e):this.lShiftTo(t,e),e}function gt(t){var e=i();return 0>t?this.lShiftTo(-t,e):this.rShiftTo(t,e),e}function mt(t){if(0==t)return-1;var e=0;return 0==(65535&t)&&(t>>=16,e+=16),0==(255&t)&&(t>>=8,e+=8),0==(15&t)&&(t>>=4,e+=4),0==(3&t)&&(t>>=2,e+=2),0==(1&t)&&++e,e}function yt(){for(var t=0;t=this.t?0!=this.s:0!=(this[e]&1<i;)r+=this[i]+t[i],e[i++]=r&this.DM,r>>=this.DB;if(t.t>=this.DB;r+=this.s}else{for(r+=this.s;i>=this.DB;r+=t.s}e.s=0>r?-1:0,r>0?e[i++]=r:-1>r&&(e[i++]=this.DV+r),e.t=i,e.clamp()}function xt(t){var e=i();return this.addTo(t,e),e}function Bt(t){var e=i();return this.subTo(t,e),e}function Kt(t){var e=i();return this.multiplyTo(t,e),e}function At(){var t=i();return this.squareTo(t),t}function Ut(t){var e=i();return this.divRemTo(t,e,null),e}function Ot(t){var e=i();return this.divRemTo(t,null,e),e}function Vt(t){var e=i(),r=i();return this.divRemTo(t,e,r),new Array(e,r)}function Nt(t){this[this.t]=this.am(0,t-1,this,0,0,this.t),++this.t,this.clamp()}function Jt(t,e){if(0!=t){for(;this.t<=e;)this[this.t++]=0;for(this[e]+=t;this[e]>=this.DV;)this[e]-=this.DV,++e>=this.t&&(this[this.t++]=0),++this[e]}}function It(){}function Pt(t){return t}function Mt(t,e,i){t.multiplyTo(e,i)}function Lt(t,e){t.squareTo(e)}function qt(t){return this.exp(t,new It)}function Ct(t,e,i){var r=Math.min(this.t+t.t,e);for(i.s=0,i.t=r;r>0;)i[--r]=0;var s;for(s=i.t-this.t;s>r;++r)i[r+this.t]=this.am(0,t[r],i,r,0,this.t);for(s=Math.min(t.t,e);s>r;++r)this.am(0,t[r],i,r,0,e-r);i.clamp()}function Ht(t,e,i){--e;var r=i.t=this.t+t.t-e;for(i.s=0;--r>=0;)i[r]=0;for(r=Math.max(e-this.t,0);r2*this.m.t)return t.mod(this.m);if(t.compareTo(this.m)<0)return t;var e=i();return t.copyTo(e),this.reduce(e),e}function Ft(t){return t}function _t(t){for(t.drShiftTo(this.m.t-1,this.r2),t.t>this.m.t+1&&(t.t=this.m.t+1,t.clamp()),this.mu.multiplyUpperTo(this.r2,this.m.t+1,this.q3),this.m.multiplyLowerTo(this.q3,this.m.t+1,this.r2);t.compareTo(this.r2)<0;)t.dAddOffset(1,this.m.t+1);for(t.subTo(this.r2,t);t.compareTo(this.m)>=0;)t.subTo(this.m,t)}function zt(t,e){t.squareTo(e),this.reduce(e)}function Zt(t,e,i){t.multiplyTo(e,i),this.reduce(i)}function Gt(t,e){var r,s,n=t.bitLength(),o=c(1);if(0>=n)return o;r=18>n?1:48>n?3:144>n?4:768>n?5:6,s=8>n?new A(e):e.isEven()?new jt(e):new P(e);var h=new Array,a=3,u=r-1,f=(1<1){var p=i();for(s.sqrTo(h[1],p);f>=a;)h[a]=i(),s.mulTo(p,h[a-2],h[a]),a+=2}var l,d,g=t.t-1,m=!0,v=i();for(n=y(t[g])-1;g>=0;){for(n>=u?l=t[g]>>n-u&f:(l=(t[g]&(1<0&&(l|=t[g-1]>>this.DB+n-u)),a=r;0==(1&l);)l>>=1,--a;if((n-=a)<0&&(n+=this.DB,--g),m)h[l].copyTo(o),m=!1;else{for(;a>1;)s.sqrTo(o,v),s.sqrTo(v,o),a-=2;a>0?s.sqrTo(o,v):(d=o,o=v,v=d),s.mulTo(v,h[l],o)}for(;g>=0&&0==(t[g]&1<n)return e;for(n>s&&(n=s),n>0&&(e.rShiftTo(n,e),i.rShiftTo(n,i));e.signum()>0;)(s=e.getLowestSetBit())>0&&e.rShiftTo(s,e),(s=i.getLowestSetBit())>0&&i.rShiftTo(s,i),e.compareTo(i)>=0?(e.subTo(i,e),e.rShiftTo(1,e)):(i.subTo(e,i),i.rShiftTo(1,i));return n>0&&i.lShiftTo(n,i),i}function Yt(t){if(0>=t)return 0;var e=this.DV%t,i=this.s<0?t-1:0;if(this.t>0)if(0==e)i=this[0]%t;else for(var r=this.t-1;r>=0;--r)i=(e*i+this[r])%t;return i}function Wt(t){var i=t.isEven();if(this.isEven()&&i||0==t.signum())return e.ZERO;for(var r=t.clone(),s=this.clone(),n=c(1),o=c(0),h=c(0),a=c(1);0!=r.signum();){for(;r.isEven();)r.rShiftTo(1,r),i?(n.isEven()&&o.isEven()||(n.addTo(this,n),o.subTo(t,o)),n.rShiftTo(1,n)):o.isEven()||o.subTo(t,o),o.rShiftTo(1,o);for(;s.isEven();)s.rShiftTo(1,s),i?(h.isEven()&&a.isEven()||(h.addTo(this,h),a.subTo(t,a)),h.rShiftTo(1,h)):a.isEven()||a.subTo(t,a),a.rShiftTo(1,a);r.compareTo(s)>=0?(r.subTo(s,r),i&&n.subTo(h,n),o.subTo(a,o)):(s.subTo(r,s),i&&h.subTo(n,h),a.subTo(o,a))}return 0!=s.compareTo(e.ONE)?e.ZERO:a.compareTo(t)>=0?a.subtract(t):a.signum()<0?(a.addTo(t,a),a.signum()<0?a.add(t):a):a}function Qt(t){var e,i=this.abs();if(1==i.t&&i[0]<=Ae[Ae.length-1]){for(e=0;er;)r*=Ae[s++];for(r=i.modInt(r);s>e;)if(r%Ae[e++]==0)return!1}return i.millerRabin(t)}function Xt(t){var r=this.subtract(e.ONE),s=r.getLowestSetBit();if(0>=s)return!1;var n=r.shiftRight(s);t=t+1>>1,t>Ae.length&&(t=Ae.length);for(var o=i(),h=0;t>h;++h){o.fromInt(Ae[Math.floor(Math.random()*Ae.length)]);var a=o.modPow(n,this);if(0!=a.compareTo(e.ONE)&&0!=a.compareTo(r)){for(var u=1;u++e;++e)this.S[e]=e;for(i=0,e=0;256>e;++e)i=i+this.S[e]+t[e%t.length]&255,r=this.S[e],this.S[e]=this.S[i],this.S[i]=r;this.i=0,this.j=0}function ie(){var t;return this.i=this.i+1&255,this.j=this.j+this.S[this.i]&255,t=this.S[this.i],this.S[this.i]=this.S[this.j],this.S[this.j]=t,this.S[t+this.S[this.i]&255]}function re(){return new te}function se(){if(null==Oe){for(Oe=re();Je>Ne;){var t=Math.floor(65536*Math.random());Ve[Ne++]=255&t}for(Oe.init(Ve),Ne=0;Ne=0&&i>0;){var n=t.charCodeAt(s--);128>n?r[--i]=n:n>127&&2048>n?(r[--i]=63&n|128,r[--i]=n>>6|192):(r[--i]=63&n|128,r[--i]=n>>6&63|128,r[--i]=n>>12|224)}r[--i]=0;for(var o=new oe,h=new Array;i>2;){for(h[0]=0;0==h[0];)o.nextBytes(h);r[--i]=h[0]}return r[--i]=2,r[--i]=0,new e(r)}function ue(){this.n=null,this.e=0,this.d=null,this.p=null,this.q=null,this.dmp1=null,this.dmq1=null,this.coeff=null}function ce(t,e){null!=t&&null!=e&&t.length>0&&e.length>0?(this.n=he(t,16),this.e=parseInt(e,16)):console.error("Invalid RSA public key")}function fe(t){return t.modPowInt(this.e,this.n)}function pe(t){var e=ae(t,this.n.bitLength()+7>>3);if(null==e)return null;var i=this.doPublic(e);if(null==i)return null;var r=i.toString(16);return 0==(1&r.length)?r:"0"+r}function le(t,e){for(var i=t.toByteArray(),r=0;r=i.length)return null;for(var s="";++rn?s+=String.fromCharCode(n):n>191&&224>n?(s+=String.fromCharCode((31&n)<<6|63&i[r+1]),++r):(s+=String.fromCharCode((15&n)<<12|(63&i[r+1])<<6|63&i[r+2]),r+=2)}return s}function de(t,e,i){null!=t&&null!=e&&t.length>0&&e.length>0?(this.n=he(t,16),this.e=parseInt(e,16),this.d=he(i,16)):console.error("Invalid RSA private key")}function ge(t,e,i,r,s,n,o,h){null!=t&&null!=e&&t.length>0&&e.length>0?(this.n=he(t,16),this.e=parseInt(e,16),this.d=he(i,16),this.p=he(r,16),this.q=he(s,16),this.dmp1=he(n,16),this.dmq1=he(o,16),this.coeff=he(h,16)):console.error("Invalid RSA private key")}function me(t,i){var r=new oe,s=t>>1;this.e=parseInt(i,16);for(var n=new e(i,16);;){for(;this.p=new e(t-s,1,r),0!=this.p.subtract(e.ONE).gcd(n).compareTo(e.ONE)||!this.p.isProbablePrime(10););for(;this.q=new e(s,1,r),0!=this.q.subtract(e.ONE).gcd(n).compareTo(e.ONE)||!this.q.isProbablePrime(10););if(this.p.compareTo(this.q)<=0){var o=this.p;this.p=this.q,this.q=o}var h=this.p.subtract(e.ONE),a=this.q.subtract(e.ONE),u=h.multiply(a);if(0==u.gcd(n).compareTo(e.ONE)){this.n=this.p.multiply(this.q),this.d=n.modInverse(u),this.dmp1=this.d.mod(h),this.dmq1=this.d.mod(a),this.coeff=this.q.modInverse(this.p);break}}}function ye(t){if(null==this.p||null==this.q)return t.modPow(this.d,this.n);for(var e=t.mod(this.p).modPow(this.dmp1,this.p),i=t.mod(this.q).modPow(this.dmq1,this.q);e.compareTo(i)<0;)e=e.add(this.p);return e.subtract(i).multiply(this.coeff).mod(this.p).multiply(this.q).add(i)}function ve(t){var e=he(t,16),i=this.doPrivate(e);return null==i?null:le(i,this.n.bitLength()+7>>3)}function be(t){var e,i,r="";for(e=0;e+3<=t.length;e+=3)i=parseInt(t.substring(e,e+3),16),r+=Le.charAt(i>>6)+Le.charAt(63&i);for(e+1==t.length?(i=parseInt(t.substring(e,e+1),16),r+=Le.charAt(i<<2)):e+2==t.length&&(i=parseInt(t.substring(e,e+2),16),r+=Le.charAt(i>>2)+Le.charAt((3&i)<<4));(3&r.length)>0;)r+=qe;return r}function Te(t){var e,i,r="",s=0;for(e=0;e>2),i=3&v,s=1):1==s?(r+=o(i<<2|v>>4),i=15&v,s=2):2==s?(r+=o(i),r+=o(v>>2),i=3&v,s=3):(r+=o(i<<2|v>>4),r+=o(15&v),s=0));return 1==s&&(r+=o(i<<2)),r} +// Copyright (c) 2005 Tom Wu +// All Rights Reserved. +// See "LICENSE" for details. +var Se,Re=0xdeadbeefcafe,Ee=15715070==(16777215&Re);Ee&&"Microsoft Internet Explorer"==navigator.appName?(e.prototype.am=s,Se=30):Ee&&"Netscape"!=navigator.appName?(e.prototype.am=r,Se=26):(e.prototype.am=n,Se=28),e.prototype.DB=Se,e.prototype.DM=(1<=xe;++xe)Ke[we++]=xe;for(we="a".charCodeAt(0),xe=10;36>xe;++xe)Ke[we++]=xe;for(we="A".charCodeAt(0),xe=10;36>xe;++xe)Ke[we++]=xe;A.prototype.convert=U,A.prototype.revert=O,A.prototype.reduce=V,A.prototype.mulTo=N,A.prototype.sqrTo=J,P.prototype.convert=M,P.prototype.revert=L,P.prototype.reduce=q,P.prototype.mulTo=H,P.prototype.sqrTo=C,e.prototype.copyTo=a,e.prototype.fromInt=u,e.prototype.fromString=f,e.prototype.clamp=p,e.prototype.dlShiftTo=T,e.prototype.drShiftTo=S,e.prototype.lShiftTo=R,e.prototype.rShiftTo=E,e.prototype.subTo=D,e.prototype.multiplyTo=w,e.prototype.squareTo=x,e.prototype.divRemTo=B,e.prototype.invDigit=I,e.prototype.isEven=j,e.prototype.exp=k,e.prototype.toString=l,e.prototype.negate=d,e.prototype.abs=g,e.prototype.compareTo=m,e.prototype.bitLength=b,e.prototype.mod=K,e.prototype.modPowInt=F,e.ZERO=c(0),e.ONE=c(1),It.prototype.convert=Pt,It.prototype.revert=Pt,It.prototype.mulTo=Mt,It.prototype.sqrTo=Lt,jt.prototype.convert=kt,jt.prototype.revert=Ft,jt.prototype.reduce=_t,jt.prototype.mulTo=Zt,jt.prototype.sqrTo=zt;var Ae=[2,3,5,7,11,13,17,19,23,29,31,37,41,43,47,53,59,61,67,71,73,79,83,89,97,101,103,107,109,113,127,131,137,139,149,151,157,163,167,173,179,181,191,193,197,199,211,223,227,229,233,239,241,251,257,263,269,271,277,281,283,293,307,311,313,317,331,337,347,349,353,359,367,373,379,383,389,397,401,409,419,421,431,433,439,443,449,457,461,463,467,479,487,491,499,503,509,521,523,541,547,557,563,569,571,577,587,593,599,601,607,613,617,619,631,641,643,647,653,659,661,673,677,683,691,701,709,719,727,733,739,743,751,757,761,769,773,787,797,809,811,821,823,827,829,839,853,857,859,863,877,881,883,887,907,911,919,929,937,941,947,953,967,971,977,983,991,997],Ue=(1<<26)/Ae[Ae.length-1];e.prototype.chunkSize=$,e.prototype.toRadix=W,e.prototype.fromRadix=Q,e.prototype.fromNumber=X,e.prototype.bitwiseTo=st,e.prototype.changeBit=St,e.prototype.addTo=wt,e.prototype.dMultiply=Nt,e.prototype.dAddOffset=Jt,e.prototype.multiplyLowerTo=Ct,e.prototype.multiplyUpperTo=Ht,e.prototype.modInt=Yt,e.prototype.millerRabin=Xt,e.prototype.clone=_,e.prototype.intValue=z,e.prototype.byteValue=Z,e.prototype.shortValue=G,e.prototype.signum=Y,e.prototype.toByteArray=tt,e.prototype.equals=et,e.prototype.min=it,e.prototype.max=rt,e.prototype.and=ot,e.prototype.or=at,e.prototype.xor=ct,e.prototype.andNot=pt,e.prototype.not=lt,e.prototype.shiftLeft=dt,e.prototype.shiftRight=gt,e.prototype.getLowestSetBit=yt,e.prototype.bitCount=bt,e.prototype.testBit=Tt,e.prototype.setBit=Rt,e.prototype.clearBit=Et,e.prototype.flipBit=Dt,e.prototype.add=xt,e.prototype.subtract=Bt,e.prototype.multiply=Kt,e.prototype.divide=Ut,e.prototype.remainder=Ot,e.prototype.divideAndRemainder=Vt,e.prototype.modPow=Gt,e.prototype.modInverse=Wt,e.prototype.pow=qt,e.prototype.gcd=$t,e.prototype.isProbablePrime=Qt,e.prototype.square=At,te.prototype.init=ee,te.prototype.next=ie;var Oe,Ve,Ne,Je=256;if(null==Ve){Ve=new Array,Ne=0;var Ie;if(window.crypto&&window.crypto.getRandomValues){var Pe=new Uint32Array(256);for(window.crypto.getRandomValues(Pe),Ie=0;Ie=256||Ne>=Je)return void(window.removeEventListener?window.removeEventListener("mousemove",Me,!1):window.detachEvent&&window.detachEvent("onmousemove",Me));try{var e=t.x+t.y;Ve[Ne++]=255&e,this.count+=1}catch(i){}};window.addEventListener?window.addEventListener("mousemove",Me,!1):window.attachEvent&&window.attachEvent("onmousemove",Me)}oe.prototype.nextBytes=ne,ue.prototype.doPublic=fe,ue.prototype.setPublic=ce,ue.prototype.encrypt=pe,ue.prototype.doPrivate=ye,ue.prototype.setPrivate=de,ue.prototype.setPrivateEx=ge,ue.prototype.generate=me,ue.prototype.decrypt=ve, +// Copyright (c) 2011 Kevin M Burns Jr. +// All Rights Reserved. +// See "LICENSE" for details. +// +// Extension to jsbn which adds facilities for asynchronous RSA key generation +// Primarily created to avoid execution timeout on mobile devices +// +// http://www-cs-students.stanford.edu/~tjw/jsbn/ +// +// --- +function(){var t=function(t,r,s){var n=new oe,o=t>>1;this.e=parseInt(r,16);var h=new e(r,16),a=this,u=function(){var r=function(){if(a.p.compareTo(a.q)<=0){var t=a.p;a.p=a.q,a.q=t}var i=a.p.subtract(e.ONE),r=a.q.subtract(e.ONE),n=i.multiply(r);0==n.gcd(h).compareTo(e.ONE)?(a.n=a.p.multiply(a.q),a.d=h.modInverse(n),a.dmp1=a.d.mod(i),a.dmq1=a.d.mod(r),a.coeff=a.q.modInverse(a.p),setTimeout(function(){s()},0)):setTimeout(u,0)},c=function(){a.q=i(),a.q.fromNumberAsync(o,1,n,function(){a.q.subtract(e.ONE).gcda(h,function(t){0==t.compareTo(e.ONE)&&a.q.isProbablePrime(10)?setTimeout(r,0):setTimeout(c,0)})})},f=function(){a.p=i(),a.p.fromNumberAsync(t-o,1,n,function(){a.p.subtract(e.ONE).gcda(h,function(t){0==t.compareTo(e.ONE)&&a.p.isProbablePrime(10)?setTimeout(c,0):setTimeout(f,0)})})};setTimeout(f,0)};setTimeout(u,0)};ue.prototype.generateAsync=t;var r=function(t,e){var i=this.s<0?this.negate():this.clone(),r=t.s<0?t.negate():t.clone();if(i.compareTo(r)<0){var s=i;i=r,r=s}var n=i.getLowestSetBit(),o=r.getLowestSetBit();if(0>o)return void e(i);o>n&&(o=n),o>0&&(i.rShiftTo(o,i),r.rShiftTo(o,r));var h=function(){(n=i.getLowestSetBit())>0&&i.rShiftTo(n,i),(n=r.getLowestSetBit())>0&&r.rShiftTo(n,r),i.compareTo(r)>=0?(i.subTo(r,i),i.rShiftTo(1,i)):(r.subTo(i,r),r.rShiftTo(1,r)),i.signum()>0?setTimeout(h,0):(o>0&&r.lShiftTo(o,r),setTimeout(function(){e(r)},0))};setTimeout(h,10)};e.prototype.gcda=r;var s=function(t,i,r,s){if("number"==typeof i)if(2>t)this.fromInt(1);else{this.fromNumber(t,r),this.testBit(t-1)||this.bitwiseTo(e.ONE.shiftLeft(t-1),ht,this),this.isEven()&&this.dAddOffset(1,0);var n=this,o=function(){n.dAddOffset(2,0),n.bitLength()>t&&n.subTo(e.ONE.shiftLeft(t-1),n),n.isProbablePrime(i)?setTimeout(function(){s()},0):setTimeout(o,0)};setTimeout(o,0)}else{var h=new Array,a=7&t;h.length=(t>>3)+1,i.nextBytes(h),a>0?h[0]&=(1<MIT License + */ +"undefined"!=typeof KJUR&&KJUR||(KJUR={}),"undefined"!=typeof KJUR.asn1&&KJUR.asn1||(KJUR.asn1={}),KJUR.asn1.ASN1Util=new function(){this.integerToByteHex=function(t){var e=t.toString(16);return e.length%2==1&&(e="0"+e),e},this.bigIntToMinTwosComplementsHex=function(t){var i=t.toString(16);if("-"!=i.substr(0,1))i.length%2==1?i="0"+i:i.match(/^[0-7]/)||(i="00"+i);else{var r=i.substr(1),s=r.length;s%2==1?s+=1:i.match(/^[0-7]/)||(s+=2);for(var n="",o=0;s>o;o++)n+="f";var h=new e(n,16),a=h.xor(t).add(e.ONE);i=a.toString(16).replace(/^-/,"")}return i},this.getPEMStringFromHex=function(t,e){var i=CryptoJS.enc.Hex.parse(t),r=CryptoJS.enc.Base64.stringify(i),s=r.replace(/(.{64})/g,"$1\r\n");return s=s.replace(/\r\n$/,""),"-----BEGIN "+e+"-----\r\n"+s+"\r\n-----END "+e+"-----\r\n"}},KJUR.asn1.ASN1Object=function(){var t="";this.getLengthHexFromValue=function(){if("undefined"==typeof this.hV||null==this.hV)throw"this.hV is null or undefined.";if(this.hV.length%2==1)throw"value hex must be even length: n="+t.length+",v="+this.hV;var e=this.hV.length/2,i=e.toString(16);if(i.length%2==1&&(i="0"+i),128>e)return i;var r=i.length/2;if(r>15)throw"ASN.1 length too long to represent by 8x: n = "+e.toString(16);var s=128+r;return s.toString(16)+i},this.getEncodedHex=function(){return(null==this.hTLV||this.isModified)&&(this.hV=this.getFreshValueHex(),this.hL=this.getLengthHexFromValue(),this.hTLV=this.hT+this.hL+this.hV,this.isModified=!1),this.hTLV},this.getValueHex=function(){return this.getEncodedHex(),this.hV},this.getFreshValueHex=function(){return""}},KJUR.asn1.DERAbstractString=function(t){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);this.getString=function(){return this.s},this.setString=function(t){this.hTLV=null,this.isModified=!0,this.s=t,this.hV=stohex(this.s)},this.setStringHex=function(t){this.hTLV=null,this.isModified=!0,this.s=null,this.hV=t},this.getFreshValueHex=function(){return this.hV},"undefined"!=typeof t&&("undefined"!=typeof t.str?this.setString(t.str):"undefined"!=typeof t.hex&&this.setStringHex(t.hex))},Ce.extend(KJUR.asn1.DERAbstractString,KJUR.asn1.ASN1Object),KJUR.asn1.DERAbstractTime=function(t){KJUR.asn1.DERAbstractTime.superclass.constructor.call(this);this.localDateToUTC=function(t){utc=t.getTime()+6e4*t.getTimezoneOffset();var e=new Date(utc);return e},this.formatDate=function(t,e){var i=this.zeroPadding,r=this.localDateToUTC(t),s=String(r.getFullYear());"utc"==e&&(s=s.substr(2,2));var n=i(String(r.getMonth()+1),2),o=i(String(r.getDate()),2),h=i(String(r.getHours()),2),a=i(String(r.getMinutes()),2),u=i(String(r.getSeconds()),2);return s+n+o+h+a+u+"Z"},this.zeroPadding=function(t,e){return t.length>=e?t:new Array(e-t.length+1).join("0")+t},this.getString=function(){return this.s},this.setString=function(t){this.hTLV=null,this.isModified=!0,this.s=t,this.hV=stohex(this.s)},this.setByDateValue=function(t,e,i,r,s,n){var o=new Date(Date.UTC(t,e-1,i,r,s,n,0));this.setByDate(o)},this.getFreshValueHex=function(){return this.hV}},Ce.extend(KJUR.asn1.DERAbstractTime,KJUR.asn1.ASN1Object),KJUR.asn1.DERAbstractStructured=function(t){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);this.setByASN1ObjectArray=function(t){this.hTLV=null,this.isModified=!0,this.asn1Array=t},this.appendASN1Object=function(t){this.hTLV=null,this.isModified=!0,this.asn1Array.push(t)},this.asn1Array=new Array,"undefined"!=typeof t&&"undefined"!=typeof t.array&&(this.asn1Array=t.array)},Ce.extend(KJUR.asn1.DERAbstractStructured,KJUR.asn1.ASN1Object),KJUR.asn1.DERBoolean=function(){KJUR.asn1.DERBoolean.superclass.constructor.call(this),this.hT="01",this.hTLV="0101ff"},Ce.extend(KJUR.asn1.DERBoolean,KJUR.asn1.ASN1Object),KJUR.asn1.DERInteger=function(t){KJUR.asn1.DERInteger.superclass.constructor.call(this),this.hT="02",this.setByBigInteger=function(t){this.hTLV=null,this.isModified=!0,this.hV=KJUR.asn1.ASN1Util.bigIntToMinTwosComplementsHex(t)},this.setByInteger=function(t){var i=new e(String(t),10);this.setByBigInteger(i)},this.setValueHex=function(t){this.hV=t},this.getFreshValueHex=function(){return this.hV},"undefined"!=typeof t&&("undefined"!=typeof t.bigint?this.setByBigInteger(t.bigint):"undefined"!=typeof t["int"]?this.setByInteger(t["int"]):"undefined"!=typeof t.hex&&this.setValueHex(t.hex))},Ce.extend(KJUR.asn1.DERInteger,KJUR.asn1.ASN1Object),KJUR.asn1.DERBitString=function(t){KJUR.asn1.DERBitString.superclass.constructor.call(this),this.hT="03",this.setHexValueIncludingUnusedBits=function(t){this.hTLV=null,this.isModified=!0,this.hV=t},this.setUnusedBitsAndHexValue=function(t,e){if(0>t||t>7)throw"unused bits shall be from 0 to 7: u = "+t;var i="0"+t;this.hTLV=null,this.isModified=!0,this.hV=i+e},this.setByBinaryString=function(t){t=t.replace(/0+$/,"");var e=8-t.length%8;8==e&&(e=0);for(var i=0;e>=i;i++)t+="0";for(var r="",i=0;ii;i++)e[i]=!1;return e},this.getFreshValueHex=function(){return this.hV},"undefined"!=typeof t&&("undefined"!=typeof t.hex?this.setHexValueIncludingUnusedBits(t.hex):"undefined"!=typeof t.bin?this.setByBinaryString(t.bin):"undefined"!=typeof t.array&&this.setByBooleanArray(t.array))},Ce.extend(KJUR.asn1.DERBitString,KJUR.asn1.ASN1Object),KJUR.asn1.DEROctetString=function(t){KJUR.asn1.DEROctetString.superclass.constructor.call(this,t),this.hT="04"},Ce.extend(KJUR.asn1.DEROctetString,KJUR.asn1.DERAbstractString),KJUR.asn1.DERNull=function(){KJUR.asn1.DERNull.superclass.constructor.call(this),this.hT="05",this.hTLV="0500"},Ce.extend(KJUR.asn1.DERNull,KJUR.asn1.ASN1Object),KJUR.asn1.DERObjectIdentifier=function(t){var i=function(t){var e=t.toString(16);return 1==e.length&&(e="0"+e),e},r=function(t){var r="",s=new e(t,10),n=s.toString(2),o=7-n.length%7;7==o&&(o=0);for(var h="",a=0;o>a;a++)h+="0";n=h+n;for(var a=0;a +// copyright notice and this permission notice appear in all copies. +// +// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +// ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +// ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +// OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +function(t){"use strict";var e,i={};i.decode=function(i){var r;if(e===t){var s="0123456789ABCDEF",n=" \f\n\r \u2028\u2029";for(e=[],r=0;16>r;++r)e[s.charAt(r)]=r;for(s=s.toLowerCase(),r=10;16>r;++r)e[s.charAt(r)]=r;for(r=0;r=2?(o[o.length]=h,h=0,a=0):h<<=4}}if(a)throw"Hex encoding incomplete: 4 bits missing";return o},window.Hex=i}(), +// Copyright (c) 2008-2013 Lapo Luchini +// copyright notice and this permission notice appear in all copies. +// +// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +// ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +// ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +// OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +function(t){"use strict";var e,i={};i.decode=function(i){var r;if(e===t){var s="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",n="= \f\n\r \u2028\u2029";for(e=[],r=0;64>r;++r)e[s.charAt(r)]=r;for(r=0;r=4?(o[o.length]=h>>16,o[o.length]=h>>8&255,o[o.length]=255&h,h=0,a=0):h<<=6}}switch(a){case 1:throw"Base64 encoding incomplete: at least 2 bits missing";case 2:o[o.length]=h>>10;break;case 3:o[o.length]=h>>16,o[o.length]=h>>8&255}return o},i.re=/-----BEGIN [^-]+-----([A-Za-z0-9+\/=\s]+)-----END [^-]+-----|begin-base64[^\n]+\n([A-Za-z0-9+\/=\s]+)====/,i.unarmor=function(t){var e=i.re.exec(t);if(e)if(e[1])t=e[1];else{if(!e[2])throw"RegExp out of sync";t=e[2]}return i.decode(t)},window.Base64=i}(), +// Copyright (c) 2008-2013 Lapo Luchini +// copyright notice and this permission notice appear in all copies. +// +// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +// ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +// ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +// OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +function(t){"use strict";function e(t,i){t instanceof e?(this.enc=t.enc,this.pos=t.pos):(this.enc=t,this.pos=i)}function i(t,e,i,r,s){this.stream=t,this.header=e,this.length=i,this.tag=r,this.sub=s}var r=100,s="…",n={tag:function(t,e){var i=document.createElement(t);return i.className=e,i},text:function(t){return document.createTextNode(t)}};e.prototype.get=function(e){if(e===t&&(e=this.pos++),e>=this.enc.length)throw"Requesting byte offset "+e+" on a stream of length "+this.enc.length;return this.enc[e]},e.prototype.hexDigits="0123456789ABCDEF",e.prototype.hexByte=function(t){return this.hexDigits.charAt(t>>4&15)+this.hexDigits.charAt(15&t)},e.prototype.hexDump=function(t,e,i){for(var r="",s=t;e>s;++s)if(r+=this.hexByte(this.get(s)),i!==!0)switch(15&s){case 7:r+=" ";break;case 15:r+="\n";break;default:r+=" "}return r},e.prototype.parseStringISO=function(t,e){for(var i="",r=t;e>r;++r)i+=String.fromCharCode(this.get(r));return i},e.prototype.parseStringUTF=function(t,e){for(var i="",r=t;e>r;){var s=this.get(r++);i+=128>s?String.fromCharCode(s):s>191&&224>s?String.fromCharCode((31&s)<<6|63&this.get(r++)):String.fromCharCode((15&s)<<12|(63&this.get(r++))<<6|63&this.get(r++))}return i},e.prototype.parseStringBMP=function(t,e){for(var i="",r=t;e>r;r+=2){var s=this.get(r),n=this.get(r+1);i+=String.fromCharCode((s<<8)+n)}return i},e.prototype.reTime=/^((?:1[89]|2\d)?\d\d)(0[1-9]|1[0-2])(0[1-9]|[12]\d|3[01])([01]\d|2[0-3])(?:([0-5]\d)(?:([0-5]\d)(?:[.,](\d{1,3}))?)?)?(Z|[-+](?:[0]\d|1[0-2])([0-5]\d)?)?$/,e.prototype.parseTime=function(t,e){var i=this.parseStringISO(t,e),r=this.reTime.exec(i);return r?(i=r[1]+"-"+r[2]+"-"+r[3]+" "+r[4],r[5]&&(i+=":"+r[5],r[6]&&(i+=":"+r[6],r[7]&&(i+="."+r[7]))),r[8]&&(i+=" UTC","Z"!=r[8]&&(i+=r[8],r[9]&&(i+=":"+r[9]))),i):"Unrecognized time: "+i},e.prototype.parseInteger=function(t,e){var i=e-t;if(i>4){i<<=3;var r=this.get(t);if(0===r)i-=8;else for(;128>r;)r<<=1,--i;return"("+i+" bit)"}for(var s=0,n=t;e>n;++n)s=s<<8|this.get(n);return s},e.prototype.parseBitString=function(t,e){var i=this.get(t),r=(e-t-1<<3)-i,s="("+r+" bit)";if(20>=r){var n=i;s+=" ";for(var o=e-1;o>t;--o){for(var h=this.get(o),a=n;8>a;++a)s+=h>>a&1?"1":"0";n=0}}return s},e.prototype.parseOctetString=function(t,e){var i=e-t,n="("+i+" byte) ";i>r&&(e=t+r);for(var o=t;e>o;++o)n+=this.hexByte(this.get(o));return i>r&&(n+=s),n},e.prototype.parseOID=function(t,e){for(var i="",r=0,s=0,n=t;e>n;++n){var o=this.get(n);if(r=r<<7|127&o,s+=7,!(128&o)){if(""===i){var h=80>r?40>r?0:1:2;i=h+"."+(r-40*h)}else i+="."+(s>=31?"bigint":r);r=s=0}}return i},i.prototype.typeName=function(){if(this.tag===t)return"unknown";var e=this.tag>>6,i=(this.tag>>5&1,31&this.tag);switch(e){case 0:switch(i){case 0:return"EOC";case 1:return"BOOLEAN";case 2:return"INTEGER";case 3:return"BIT_STRING";case 4:return"OCTET_STRING";case 5:return"NULL";case 6:return"OBJECT_IDENTIFIER";case 7:return"ObjectDescriptor";case 8:return"EXTERNAL";case 9:return"REAL";case 10:return"ENUMERATED";case 11:return"EMBEDDED_PDV";case 12:return"UTF8String";case 16:return"SEQUENCE";case 17:return"SET";case 18:return"NumericString";case 19:return"PrintableString";case 20:return"TeletexString";case 21:return"VideotexString";case 22:return"IA5String";case 23:return"UTCTime";case 24:return"GeneralizedTime";case 25:return"GraphicString";case 26:return"VisibleString";case 27:return"GeneralString";case 28:return"UniversalString";case 30:return"BMPString";default:return"Universal_"+i.toString(16)}case 1:return"Application_"+i.toString(16);case 2:return"["+i+"]";case 3:return"Private_"+i.toString(16)}},i.prototype.reSeemsASCII=/^[ -~]+$/,i.prototype.content=function(){if(this.tag===t)return null;var e=this.tag>>6,i=31&this.tag,n=this.posContent(),o=Math.abs(this.length);if(0!==e){if(null!==this.sub)return"("+this.sub.length+" elem)";var h=this.stream.parseStringISO(n,n+Math.min(o,r));return this.reSeemsASCII.test(h)?h.substring(0,2*r)+(h.length>2*r?s:""):this.stream.parseOctetString(n,n+o)}switch(i){case 1:return 0===this.stream.get(n)?"false":"true";case 2:return this.stream.parseInteger(n,n+o);case 3:return this.sub?"("+this.sub.length+" elem)":this.stream.parseBitString(n,n+o);case 4:return this.sub?"("+this.sub.length+" elem)":this.stream.parseOctetString(n,n+o);case 6:return this.stream.parseOID(n,n+o);case 16:case 17:return"("+this.sub.length+" elem)";case 12:return this.stream.parseStringUTF(n,n+o);case 18:case 19:case 20:case 21:case 22:case 26:return this.stream.parseStringISO(n,n+o);case 30:return this.stream.parseStringBMP(n,n+o);case 23:case 24:return this.stream.parseTime(n,n+o)}return null},i.prototype.toString=function(){return this.typeName()+"@"+this.stream.pos+"[header:"+this.header+",length:"+this.length+",sub:"+(null===this.sub?"null":this.sub.length)+"]"},i.prototype.print=function(e){if(e===t&&(e=""),document.writeln(e+this),null!==this.sub){e+=" ";for(var i=0,r=this.sub.length;r>i;++i)this.sub[i].print(e)}},i.prototype.toPrettyString=function(e){e===t&&(e="");var i=e+this.typeName()+" @"+this.stream.pos;if(this.length>=0&&(i+="+"),i+=this.length,32&this.tag?i+=" (constructed)":3!=this.tag&&4!=this.tag||null===this.sub||(i+=" (encapsulates)"),i+="\n",null!==this.sub){e+=" ";for(var r=0,s=this.sub.length;s>r;++r)i+=this.sub[r].toPrettyString(e)}return i},i.prototype.toDOM=function(){var t=n.tag("div","node");t.asn1=this;var e=n.tag("div","head"),i=this.typeName().replace(/_/g," ");e.innerHTML=i;var r=this.content();if(null!==r){r=String(r).replace(/",i+="Length: "+this.header+"+",i+=this.length>=0?this.length:-this.length+" (undefined)",32&this.tag?i+="
(constructed)":3!=this.tag&&4!=this.tag||null===this.sub||(i+="
(encapsulates)"),null!==r&&(i+="
Value:
"+r+"","object"==typeof oids&&6==this.tag)){var h=oids[r];h&&(h.d&&(i+="
"+h.d),h.c&&(i+="
"+h.c),h.w&&(i+="
(warning!)"))}o.innerHTML=i,t.appendChild(o);var a=n.tag("div","sub");if(null!==this.sub)for(var u=0,c=this.sub.length;c>u;++u)a.appendChild(this.sub[u].toDOM());return t.appendChild(a),e.onclick=function(){t.className="node collapsed"==t.className?"node":"node collapsed"},t},i.prototype.posStart=function(){return this.stream.pos},i.prototype.posContent=function(){return this.stream.pos+this.header},i.prototype.posEnd=function(){return this.stream.pos+this.header+Math.abs(this.length)},i.prototype.fakeHover=function(t){this.node.className+=" hover",t&&(this.head.className+=" hover")},i.prototype.fakeOut=function(t){var e=/ ?hover/;this.node.className=this.node.className.replace(e,""),t&&(this.head.className=this.head.className.replace(e,""))},i.prototype.toHexDOM_sub=function(t,e,i,r,s){if(!(r>=s)){var o=n.tag("span",e);o.appendChild(n.text(i.hexDump(r,s))),t.appendChild(o)}},i.prototype.toHexDOM=function(e){var i=n.tag("span","hex");if(e===t&&(e=i),this.head.hexNode=i,this.head.onmouseover=function(){this.hexNode.className="hexCurrent"},this.head.onmouseout=function(){this.hexNode.className="hex"},i.asn1=this,i.onmouseover=function(){var t=!e.selected;t&&(e.selected=this.asn1,this.className="hexCurrent"),this.asn1.fakeHover(t)},i.onmouseout=function(){var t=e.selected==this.asn1;this.asn1.fakeOut(t),t&&(e.selected=null,this.className="hex")},this.toHexDOM_sub(i,"tag",this.stream,this.posStart(),this.posStart()+1),this.toHexDOM_sub(i,this.length>=0?"dlen":"ulen",this.stream,this.posStart()+1,this.posContent()),null===this.sub)i.appendChild(n.text(this.stream.hexDump(this.posContent(),this.posEnd())));else if(this.sub.length>0){var r=this.sub[0],s=this.sub[this.sub.length-1];this.toHexDOM_sub(i,"intro",this.stream,this.posContent(),r.posStart());for(var o=0,h=this.sub.length;h>o;++o)i.appendChild(this.sub[o].toHexDOM(e));this.toHexDOM_sub(i,"outro",this.stream,s.posEnd(),this.posEnd())}return i},i.prototype.toHexString=function(t){return this.stream.hexDump(this.posStart(),this.posEnd(),!0)},i.decodeLength=function(t){var e=t.get(),i=127&e;if(i==e)return i;if(i>3)throw"Length over 24 bits not supported at position "+(t.pos-1);if(0===i)return-1;e=0;for(var r=0;i>r;++r)e=e<<8|t.get();return e},i.hasContent=function(t,r,s){if(32&t)return!0;if(3>t||t>4)return!1;var n=new e(s);3==t&&n.get();var o=n.get();if(o>>6&1)return!1;try{var h=i.decodeLength(n);return n.pos-s.pos+h==r}catch(a){return!1}},i.decode=function(t){t instanceof e||(t=new e(t,0));var r=new e(t),s=t.get(),n=i.decodeLength(t),o=t.pos-r.pos,h=null;if(i.hasContent(s,n,t)){var a=t.pos;if(3==s&&t.get(),h=[],n>=0){for(var u=a+n;t.posr;++r){var n=new e(t[r].value,0),o=i.decodeLength(n);o!=t[r].expected&&document.write("In test["+r+"] expected "+t[r].expected+" got "+o+"\n")}},window.ASN1=i}(),ASN1.prototype.getHexStringValue=function(){var t=this.toHexString(),e=2*this.header,i=2*this.length;return t.substr(e,i)},ue.prototype.parseKey=function(t){try{var e=0,i=0,r=/^\s*(?:[0-9A-Fa-f][0-9A-Fa-f]\s*)+$/,s=r.test(t)?Hex.decode(t):Base64.unarmor(t),n=ASN1.decode(s);if(3===n.sub.length&&(n=n.sub[2].sub[0]),9===n.sub.length){e=n.sub[1].getHexStringValue(),this.n=he(e,16),i=n.sub[2].getHexStringValue(),this.e=parseInt(i,16);var o=n.sub[3].getHexStringValue();this.d=he(o,16);var h=n.sub[4].getHexStringValue();this.p=he(h,16);var a=n.sub[5].getHexStringValue();this.q=he(a,16);var u=n.sub[6].getHexStringValue();this.dmp1=he(u,16);var c=n.sub[7].getHexStringValue();this.dmq1=he(c,16);var f=n.sub[8].getHexStringValue();this.coeff=he(f,16)}else{if(2!==n.sub.length)return!1;var p=n.sub[1],l=p.sub[0];e=l.sub[0].getHexStringValue(),this.n=he(e,16),i=l.sub[1].getHexStringValue(),this.e=parseInt(i,16)}return!0}catch(d){return!1}},ue.prototype.getPrivateBaseKey=function(){var t={array:[new KJUR.asn1.DERInteger({"int":0}),new KJUR.asn1.DERInteger({bigint:this.n}),new KJUR.asn1.DERInteger({"int":this.e}),new KJUR.asn1.DERInteger({bigint:this.d}),new KJUR.asn1.DERInteger({bigint:this.p}),new KJUR.asn1.DERInteger({bigint:this.q}),new KJUR.asn1.DERInteger({bigint:this.dmp1}),new KJUR.asn1.DERInteger({bigint:this.dmq1}),new KJUR.asn1.DERInteger({bigint:this.coeff})]},e=new KJUR.asn1.DERSequence(t);return e.getEncodedHex()},ue.prototype.getPrivateBaseKeyB64=function(){return be(this.getPrivateBaseKey())},ue.prototype.getPublicBaseKey=function(){var t={array:[new KJUR.asn1.DERObjectIdentifier({oid:"1.2.840.113549.1.1.1"}),new KJUR.asn1.DERNull]},e=new KJUR.asn1.DERSequence(t);t={array:[new KJUR.asn1.DERInteger({bigint:this.n}),new KJUR.asn1.DERInteger({"int":this.e})]};var i=new KJUR.asn1.DERSequence(t);t={hex:"00"+i.getEncodedHex()};var r=new KJUR.asn1.DERBitString(t);t={array:[e,r]};var s=new KJUR.asn1.DERSequence(t);return s.getEncodedHex()},ue.prototype.getPublicBaseKeyB64=function(){return be(this.getPublicBaseKey())},ue.prototype.wordwrap=function(t,e){if(e=e||64,!t)return t;var i="(.{1,"+e+"})( +|$\n?)|(.{1,"+e+"})";return t.match(RegExp(i,"g")).join("\n")},ue.prototype.getPrivateKey=function(){var t="-----BEGIN RSA PRIVATE KEY-----\n";return t+=this.wordwrap(this.getPrivateBaseKeyB64())+"\n",t+="-----END RSA PRIVATE KEY-----"},ue.prototype.getPublicKey=function(){var t="-----BEGIN PUBLIC KEY-----\n";return t+=this.wordwrap(this.getPublicBaseKeyB64())+"\n",t+="-----END PUBLIC KEY-----"},ue.prototype.hasPublicKeyProperty=function(t){return t=t||{},t.hasOwnProperty("n")&&t.hasOwnProperty("e")},ue.prototype.hasPrivateKeyProperty=function(t){return t=t||{},t.hasOwnProperty("n")&&t.hasOwnProperty("e")&&t.hasOwnProperty("d")&&t.hasOwnProperty("p")&&t.hasOwnProperty("q")&&t.hasOwnProperty("dmp1")&&t.hasOwnProperty("dmq1")&&t.hasOwnProperty("coeff")},ue.prototype.parsePropertiesFrom=function(t){this.n=t.n,this.e=t.e,t.hasOwnProperty("d")&&(this.d=t.d,this.p=t.p,this.q=t.q,this.dmp1=t.dmp1,this.dmq1=t.dmq1,this.coeff=t.coeff)};var _e=function(t){ue.call(this),t&&("string"==typeof t?this.parseKey(t):(this.hasPrivateKeyProperty(t)||this.hasPublicKeyProperty(t))&&this.parsePropertiesFrom(t))};_e.prototype=new ue,_e.prototype.constructor=_e;var ze=function(t){t=t||{},this.default_key_size=parseInt(t.default_key_size)||1024,this.default_public_exponent=t.default_public_exponent||"010001",this.log=t.log||!1,this.key=null};ze.prototype.setKey=function(t){this.log&&this.key&&console.warn("A key was already set, overriding existing."),this.key=new _e(t)},ze.prototype.setPrivateKey=function(t){this.setKey(t)},ze.prototype.setPublicKey=function(t){this.setKey(t)},ze.prototype.decrypt=function(t){try{return this.getKey().decrypt(Te(t))}catch(e){return!1}},ze.prototype.encrypt=function(t){try{return be(this.getKey().encrypt(t))}catch(e){return!1}},ze.prototype.getKey=function(t){if(!this.key){if(this.key=new _e,t&&"[object Function]"==={}.toString.call(t))return void this.key.generateAsync(this.default_key_size,this.default_public_exponent,t);this.key.generate(this.default_key_size,this.default_public_exponent)}return this.key},ze.prototype.getPrivateKey=function(){return this.getKey().getPrivateKey()},ze.prototype.getPrivateKeyB64=function(){return this.getKey().getPrivateBaseKeyB64()},ze.prototype.getPublicKey=function(){return this.getKey().getPublicKey()},ze.prototype.getPublicKeyB64=function(){return this.getKey().getPublicBaseKeyB64()},ze.version="2.3.1",t.JSEncrypt=ze}); \ No newline at end of file diff --git a/apps/tickets/api/__init__.py b/apps/tickets/api/__init__.py index 0b5dd0e7d..4eb820587 100644 --- a/apps/tickets/api/__init__.py +++ b/apps/tickets/api/__init__.py @@ -1,3 +1,4 @@ # -*- coding: utf-8 -*- # from .ticket import * +from .request_asset_perm import * diff --git a/apps/tickets/api/request_asset_perm.py b/apps/tickets/api/request_asset_perm.py new file mode 100644 index 000000000..40add8659 --- /dev/null +++ b/apps/tickets/api/request_asset_perm.py @@ -0,0 +1,137 @@ +from collections import namedtuple + +from django.db.transaction import atomic +from django.db.models import F +from django.utils.translation import ugettext_lazy as _ +from rest_framework.decorators import action +from rest_framework.response import Response + +from users.models.user import User +from common.const.http import POST, GET +from common.drf.api import JMSModelViewSet +from common.permissions import IsValidUser +from common.utils.django import get_object_or_none +from common.drf.serializers import EmptySerializer +from perms.models.asset_permission import AssetPermission, Asset +from assets.models.user import SystemUser +from ..exceptions import ( + ConfirmedAssetsChanged, ConfirmedSystemUserChanged, + TicketClosed, TicketActionYet, NotHaveConfirmedAssets, + NotHaveConfirmedSystemUser +) +from .. import serializers +from ..models import Ticket +from ..permissions import IsAssignee + + +class RequestAssetPermTicketViewSet(JMSModelViewSet): + queryset = Ticket.objects.filter(type=Ticket.TYPE_REQUEST_ASSET_PERM) + serializer_classes = { + 'default': serializers.RequestAssetPermTicketSerializer, + 'approve': EmptySerializer, + 'reject': EmptySerializer, + 'assignees': serializers.OrgAssigneeSerializer, + } + permission_classes = (IsValidUser,) + filter_fields = ['status', 'title', 'action', 'user_display'] + search_fields = ['user_display', 'title'] + + def _check_can_set_action(self, instance, action): + if instance.status == instance.STATUS_CLOSED: + raise TicketClosed(detail=_('Ticket closed')) + if instance.action == action: + action_display = dict(instance.ACTION_CHOICES).get(action) + raise TicketActionYet(detail=_('Ticket has %s') % action_display) + + @action(detail=False, methods=[GET], permission_classes=[IsValidUser]) + def assignees(self, request, *args, **kwargs): + org_mapper = {} + UserTuple = namedtuple('UserTuple', ('id', 'name', 'username')) + user = request.user + superusers = User.objects.filter(role=User.ROLE_ADMIN) + + admins_with_org = User.objects.filter(related_admin_orgs__users=user).annotate( + org_id=F('related_admin_orgs__id'), org_name=F('related_admin_orgs__name') + ) + + for user in admins_with_org: + org_id = user.org_id + + if org_id not in org_mapper: + org_mapper[org_id] = { + 'org_name': user.org_name, + 'org_admins': set() # 去重 + } + org_mapper[org_id]['org_admins'].add(UserTuple(user.id, user.name, user.username)) + + result = [ + { + 'org_name': _('Superuser'), + 'org_admins': set(UserTuple(user.id, user.name, user.username) + for user in superusers) + } + ] + + for org in org_mapper.values(): + result.append(org) + serializer_class = self.get_serializer_class() + serilizer = serializer_class(instance=result, many=True) + return Response(data=serilizer.data) + + @action(detail=True, methods=[POST], permission_classes=[IsAssignee, IsValidUser]) + def reject(self, request, *args, **kwargs): + instance = self.get_object() + action = instance.ACTION_REJECT + self._check_can_set_action(instance, action) + instance.perform_action(action, request.user) + return Response() + + @action(detail=True, methods=[POST], permission_classes=[IsAssignee, IsValidUser]) + def approve(self, request, *args, **kwargs): + instance = self.get_object() + action = instance.ACTION_APPROVE + self._check_can_set_action(instance, action) + + meta = instance.meta + confirmed_assets = meta.get('confirmed_assets', []) + assets = list(Asset.objects.filter(id__in=confirmed_assets)) + if not assets: + raise NotHaveConfirmedAssets(detail=_('Confirm assets first')) + + if len(assets) != len(confirmed_assets): + raise ConfirmedAssetsChanged(detail=_('Confirmed assets changed')) + + confirmed_system_user = meta.get('confirmed_system_user') + if not confirmed_system_user: + raise NotHaveConfirmedSystemUser(detail=_('Confirm system-user first')) + + system_user = get_object_or_none(SystemUser, id=confirmed_system_user) + if system_user is None: + raise ConfirmedSystemUserChanged(detail=_('Confirmed system-user changed')) + + self._create_asset_permission(instance, assets, system_user) + return Response({'detail': _('Succeed')}) + + def _create_asset_permission(self, instance: Ticket, assets, system_user): + meta = instance.meta + request = self.request + ap_kwargs = { + 'name': meta.get('name', ''), + 'created_by': self.request.user.username, + 'comment': _('{} request assets, approved by {}').format(instance.user_display, + instance.assignee_display) + } + date_start = meta.get('date_start') + date_expired = meta.get('date_expired') + if date_start: + ap_kwargs['date_start'] = date_start + if date_expired: + ap_kwargs['date_expired'] = date_expired + + with atomic(): + instance.perform_action(instance.ACTION_APPROVE, request.user) + ap = AssetPermission.objects.create(**ap_kwargs) + ap.system_users.add(system_user) + ap.assets.add(*assets) + + return ap diff --git a/apps/tickets/exceptions.py b/apps/tickets/exceptions.py new file mode 100644 index 000000000..b8cb7ba5e --- /dev/null +++ b/apps/tickets/exceptions.py @@ -0,0 +1,25 @@ +from common.exceptions import JMSException + + +class NotHaveConfirmedAssets(JMSException): + pass + + +class ConfirmedAssetsChanged(JMSException): + pass + + +class NotHaveConfirmedSystemUser(JMSException): + pass + + +class ConfirmedSystemUserChanged(JMSException): + pass + + +class TicketClosed(JMSException): + pass + + +class TicketActionYet(JMSException): + pass diff --git a/apps/tickets/models/ticket.py b/apps/tickets/models/ticket.py index 0fdd1c8bd..631761069 100644 --- a/apps/tickets/models/ticket.py +++ b/apps/tickets/models/ticket.py @@ -20,9 +20,11 @@ class Ticket(CommonModelMixin): ) TYPE_GENERAL = 'general' TYPE_LOGIN_CONFIRM = 'login_confirm' + TYPE_REQUEST_ASSET_PERM = 'request_asset' TYPE_CHOICES = ( (TYPE_GENERAL, _("General")), - (TYPE_LOGIN_CONFIRM, _("Login confirm")) + (TYPE_LOGIN_CONFIRM, _("Login confirm")), + (TYPE_REQUEST_ASSET_PERM, _('Request asset permission')) ) ACTION_APPROVE = 'approve' ACTION_REJECT = 'reject' diff --git a/apps/tickets/permissions.py b/apps/tickets/permissions.py index 5bc7be14d..80db4cb94 100644 --- a/apps/tickets/permissions.py +++ b/apps/tickets/permissions.py @@ -4,3 +4,6 @@ from rest_framework.permissions import BasePermission +class IsAssignee(BasePermission): + def has_object_permission(self, request, view, obj): + return obj.is_assignee(request.user) diff --git a/apps/tickets/serializers/__init__.py b/apps/tickets/serializers/__init__.py index 0b5dd0e7d..4eb820587 100644 --- a/apps/tickets/serializers/__init__.py +++ b/apps/tickets/serializers/__init__.py @@ -1,3 +1,4 @@ # -*- coding: utf-8 -*- # from .ticket import * +from .request_asset_perm import * diff --git a/apps/tickets/serializers/request_asset_perm.py b/apps/tickets/serializers/request_asset_perm.py new file mode 100644 index 000000000..54e5ed79c --- /dev/null +++ b/apps/tickets/serializers/request_asset_perm.py @@ -0,0 +1,141 @@ +from rest_framework import serializers +from django.utils.translation import ugettext_lazy as _ +from django.urls import reverse +from django.db.models import Q + +from users.models.user import User +from ..models import Ticket + + +class RequestAssetPermTicketSerializer(serializers.ModelSerializer): + ips = serializers.ListField(child=serializers.IPAddressField(), source='meta.ips', + default=list, label=_('IP group')) + hostname = serializers.CharField(max_length=256, source='meta.hostname', default=None, + allow_blank=True, label=_('Hostname')) + system_user = serializers.CharField(max_length=256, source='meta.system_user', default='', + allow_blank=True, label=_('System user')) + date_start = serializers.DateTimeField(source='meta.date_start', allow_null=True, + required=False, label=_('Date start')) + date_expired = serializers.DateTimeField(source='meta.date_expired', allow_null=True, + required=False, label=_('Date expired')) + confirmed_assets = serializers.ListField(child=serializers.UUIDField(), + source='meta.confirmed_assets', + default=list, required=False, + label=_('Confirmed assets')) + confirmed_system_user = serializers.ListField(child=serializers.UUIDField(), + source='meta.confirmed_system_user', + default=list, required=False, + label=_('Confirmed system user')) + assets_waitlist_url = serializers.SerializerMethodField() + system_user_waitlist_url = serializers.SerializerMethodField() + + class Meta: + model = Ticket + mini_fields = ['id', 'title'] + small_fields = [ + 'status', 'action', 'date_created', 'date_updated', 'system_user_waitlist_url', + 'type', 'type_display', 'action_display', 'ips', 'confirmed_assets', + 'date_start', 'date_expired', 'confirmed_system_user', 'hostname', + 'assets_waitlist_url', 'system_user' + ] + m2m_fields = [ + 'user', 'user_display', 'assignees', 'assignees_display', + 'assignee', 'assignee_display' + ] + + fields = mini_fields + small_fields + m2m_fields + read_only_fields = [ + 'user_display', 'assignees_display', 'type', 'user', 'status', + 'date_created', 'date_updated', 'action', 'id', 'assignee', + 'assignee_display', + ] + extra_kwargs = { + 'status': {'label': _('Status')}, + 'action': {'label': _('Action')}, + 'user_display': {'label': _('User')} + } + + def validate_assignees(self, assignees): + user = self.context['request'].user + + count = User.objects.filter(Q(related_admin_orgs__users=user) | Q(role=User.ROLE_ADMIN)).filter( + id__in=[assignee.id for assignee in assignees]).distinct().count() + + if count != len(assignees): + raise serializers.ValidationError(_('Must be organization admin or superuser')) + return assignees + + def get_system_user_waitlist_url(self, instance: Ticket): + if not self._is_assignee(instance): + return None + meta = instance.meta + url = reverse('api-assets:system-user-list') + query = meta.get('system_user', '') + return '{}?search={}'.format(url, query) + + def get_assets_waitlist_url(self, instance: Ticket): + if not self._is_assignee(instance): + return None + + asset_api = reverse('api-assets:asset-list') + query = '' + + meta = instance.meta + ips = meta.get('ips', []) + hostname = meta.get('hostname') + + if ips: + query = '?ips=%s' % ','.join(ips) + elif hostname: + query = '?search=%s' % hostname + + return asset_api + query + + def create(self, validated_data): + validated_data['type'] = self.Meta.model.TYPE_REQUEST_ASSET_PERM + validated_data['user'] = self.context['request'].user + self._pop_confirmed_fields() + return super().create(validated_data) + + def save(self, **kwargs): + meta = self.validated_data.get('meta', {}) + date_start = meta.get('date_start') + if date_start: + meta['date_start'] = date_start.strftime('%Y-%m-%d %H:%M:%S%z') + + date_expired = meta.get('date_expired') + if date_expired: + meta['date_expired'] = date_expired.strftime('%Y-%m-%d %H:%M:%S%z') + return super().save(**kwargs) + + def update(self, instance, validated_data): + new_meta = validated_data['meta'] + if not self._is_assignee(instance): + self._pop_confirmed_fields() + old_meta = instance.meta + meta = {} + meta.update(old_meta) + meta.update(new_meta) + validated_data['meta'] = meta + + return super().update(instance, validated_data) + + def _pop_confirmed_fields(self): + meta = self.validated_data['meta'] + meta.pop('confirmed_assets', None) + meta.pop('confirmed_system_user', None) + + def _is_assignee(self, obj: Ticket): + user = self.context['request'].user + return obj.is_assignee(user) + + +class AssigneeSerializer(serializers.Serializer): + id = serializers.UUIDField() + name = serializers.CharField() + username = serializers.CharField() + + +class OrgAssigneeSerializer(serializers.Serializer): + org_name = serializers.CharField() + org_admins = AssigneeSerializer(many=True) diff --git a/apps/tickets/urls/api_urls.py b/apps/tickets/urls/api_urls.py index 33cb5a216..a7bd3f6e5 100644 --- a/apps/tickets/urls/api_urls.py +++ b/apps/tickets/urls/api_urls.py @@ -7,6 +7,7 @@ from .. import api app_name = 'tickets' router = BulkRouter() +router.register('tickets/request-asset-perm', api.RequestAssetPermTicketViewSet, 'ticket-request-asset-perm') router.register('tickets', api.TicketViewSet, 'ticket') router.register('tickets/(?P[0-9a-zA-Z\-]{36})/comments', api.TicketCommentViewSet, 'ticket-comment') diff --git a/apps/users/api/profile.py b/apps/users/api/profile.py index e9631b5b7..b7ba0bbff 100644 --- a/apps/users/api/profile.py +++ b/apps/users/api/profile.py @@ -3,6 +3,7 @@ import uuid from rest_framework import generics from rest_framework.permissions import IsAuthenticated +from django.conf import settings from common.permissions import ( IsCurrentUserOrReadOnly @@ -64,8 +65,9 @@ class UserProfileApi(generics.RetrieveUpdateAPIView): return self.request.user def retrieve(self, request, *args, **kwargs): - age = request.session.get_expiry_age() - request.session.set_expiry(age) + if not settings.SESSION_EXPIRE_AT_BROWSER_CLOSE: + age = request.session.get_expiry_age() + request.session.set_expiry(age) return super().retrieve(request, *args, **kwargs) diff --git a/apps/users/api/user.py b/apps/users/api/user.py index 8fc184375..3ad748316 100644 --- a/apps/users/api/user.py +++ b/apps/users/api/user.py @@ -18,6 +18,7 @@ from ..serializers import UserSerializer, UserRetrieveSerializer from .mixins import UserQuerysetMixin from ..models import User from ..signals import post_user_create +from ..filters import OrgRoleUserFilterBackend logger = get_logger(__name__) @@ -35,6 +36,7 @@ class UserViewSet(CommonApiMixin, UserQuerysetMixin, BulkModelViewSet): 'default': UserSerializer, 'retrieve': UserRetrieveSerializer } + extra_filter_backends = [OrgRoleUserFilterBackend] def get_queryset(self): return super().get_queryset().prefetch_related('groups') diff --git a/apps/users/filters.py b/apps/users/filters.py new file mode 100644 index 000000000..d12d3234e --- /dev/null +++ b/apps/users/filters.py @@ -0,0 +1,32 @@ +from rest_framework.compat import coreapi, coreschema +from rest_framework import filters + +from users.models.user import User +from orgs.utils import current_org + + +class OrgRoleUserFilterBackend(filters.BaseFilterBackend): + def filter_queryset(self, request, queryset, view): + org_role = request.query_params.get('org_role') + if not org_role: + return queryset + + if org_role == 'admins': + return queryset & (current_org.get_org_admins() | User.objects.filter(role=User.ROLE_ADMIN)) + elif org_role == 'auditors': + return queryset & current_org.get_org_auditors() + elif org_role == 'users': + return queryset & current_org.get_org_users() + elif org_role == 'members': + return queryset & current_org.get_org_members() + + def get_schema_fields(self, view): + return [ + coreapi.Field( + name='org_role', location='query', required=False, type='string', + schema=coreschema.String( + title='Organization role users', + description='Organization role users can be {admins|auditors|users|members}' + ) + ) + ] diff --git a/apps/users/serializers/group.py b/apps/users/serializers/group.py index a6b9f67b9..24805d0f4 100644 --- a/apps/users/serializers/group.py +++ b/apps/users/serializers/group.py @@ -42,14 +42,7 @@ class UserGroupSerializer(BulkOrgResourceModelSerializer): def set_fields_queryset(self): users_field = self.fields.get('users') if users_field: - users_field.child_relation.queryset = utils.get_current_org_members(exclude=('Auditor',)) - - def validate_users(self, users): - for user in users: - if user.is_super_auditor: - msg = _('Auditors cannot be join in the user group') - raise serializers.ValidationError(msg) - return users + users_field.child_relation.queryset = utils.get_current_org_members() @classmethod def setup_eager_loading(cls, queryset): diff --git a/apps/users/serializers/user.py b/apps/users/serializers/user.py index b01bddf42..351f33337 100644 --- a/apps/users/serializers/user.py +++ b/apps/users/serializers/user.py @@ -320,3 +320,9 @@ class UserUpdatePublicKeySerializer(serializers.ModelSerializer): new_public_key = self.validated_data.get('public_key') instance.set_public_key(new_public_key) return instance + + +class MiniUserSerializer(serializers.ModelSerializer): + class Meta: + model = User + fields = ['id', 'name', 'username']