fix: Update v3.0.4

fix: 修复su-from-accounts API 500问题，Unsubscribe msg error 转成debug

GITSHA

@@ -0,0 +1 @@
+c908b47ccfd7eb906835431371d811118ce6a212

apps/accounts/api/account/account.py

@@ -43,7 +43,7 @@ class AccountViewSet(OrgBulkModelViewSet):
             asset = get_object_or_404(Asset, pk=asset_id)
             accounts = asset.accounts.all()
         else:
-            accounts = []
+            accounts = Account.objects.none()
         accounts = self.filter_queryset(accounts)
         serializer = serializers.AccountSerializer(accounts, many=True)
         return Response(data=serializer.data)

apps/accounts/models/automations/push_account.py

@@ -2,6 +2,7 @@ from django.db import models
 from django.utils.translation import ugettext_lazy as _
 
 from accounts.const import AutomationTypes
+from jumpserver.utils import has_valid_xpack_license
 from .base import AccountBaseAutomation
 from .change_secret import ChangeSecretMixin
 
@@ -27,6 +28,8 @@ class PushAccountAutomation(ChangeSecretMixin, AccountBaseAutomation):
 
     def save(self, *args, **kwargs):
         self.type = AutomationTypes.push_account
+        if not has_valid_xpack_license():
+            self.is_periodic = False
         super().save(*args, **kwargs)
 
     def to_attr_json(self):

apps/assets/const/types.py

@@ -214,10 +214,13 @@ class AllTypes(ChoicesMixin):
                 tp_node = cls.choice_to_node(tp, category_node['id'], opened=False, meta=meta)
                 tp_count = category_type_mapper.get(category + '_' + tp, 0)
                 tp_node['name'] += f'({tp_count})'
+                platforms = tp_platforms.get(category + '_' + tp, [])
+                if not platforms:
+                    tp_node['isParent'] = False
                 nodes.append(tp_node)
 
                 # Platform 格式化
-                for p in tp_platforms.get(category + '_' + tp, []):
+                for p in platforms:
                     platform_node = cls.platform_to_node(p, tp_node['id'], include_asset)
                     platform_node['name'] += f'({platform_count.get(p.id, 0)})'
                     nodes.append(platform_node)
@@ -306,10 +309,11 @@ class AllTypes(ChoicesMixin):
                     protocols_data = deepcopy(default_protocols)
                     if _protocols:
                         protocols_data = [p for p in protocols_data if p['name'] in _protocols]
+
                     for p in protocols_data:
                         setting = _protocols_setting.get(p['name'], {})
-                        p['required'] = p.pop('required', False)
-                        p['default'] = p.pop('default', False)
+                        p['required'] = setting.pop('required', False)
+                        p['default'] = setting.pop('default', False)
                         p['setting'] = {**p.get('setting', {}), **setting}
 
                     platform_data = {

apps/audits/api.py

@@ -10,6 +10,7 @@ from rest_framework.permissions import IsAuthenticated
 from common.drf.filters import DatetimeRangeFilter
 from common.plugins.es import QuerySet as ESQuerySet
 from common.utils import is_uuid
+from common.utils import lazyproperty
 from orgs.mixins.api import OrgReadonlyModelViewSet, OrgModelViewSet
 from orgs.utils import current_org, tmp_to_root_org
 from orgs.models import Organization
@@ -143,13 +144,19 @@ class OperateLogViewSet(OrgReadonlyModelViewSet):
     search_fields = ['resource', 'user']
     ordering = ['-datetime']
 
+    @lazyproperty
+    def is_action_detail(self):
+        return self.detail and self.request.query_params.get('type') == 'action_detail'
+
     def get_serializer_class(self):
-        if self.request.query_params.get('type') == 'action_detail':
+        if self.is_action_detail:
             return OperateLogActionDetailSerializer
         return super().get_serializer_class()
 
     def get_queryset(self):
-        org_q = Q(org_id=Organization.SYSTEM_ID) | Q(org_id=current_org.id)
+        org_q = Q(org_id=current_org.id)
+        if self.is_action_detail:
+            org_q |= Q(org_id=Organization.SYSTEM_ID)
         with tmp_to_root_org():
             qs = OperateLog.objects.filter(org_q)
         es_config = settings.OPERATE_LOG_ELASTICSEARCH_CONFIG

apps/audits/handler.py

@@ -4,7 +4,6 @@ from django.db import transaction
 from django.core.cache import cache
 from django.utils.translation import ugettext_lazy as _
 
-from users.models import User
 from common.utils import get_request_ip, get_logger
 from common.utils.timezone import as_current_tz
 from common.utils.encode import Singleton

apps/audits/serializers.py

@@ -2,7 +2,7 @@
 #
 from django.utils.translation import ugettext_lazy as _
 from rest_framework import serializers
-
+from orgs.mixins.serializers import BulkOrgResourceModelSerializer
 from audits.backends.db import OperateLogStore
 from common.serializers.fields import LabeledChoiceField
 from common.utils import reverse, i18n_trans
@@ -78,7 +78,7 @@ class OperateLogActionDetailSerializer(serializers.ModelSerializer):
         return data
 
 
-class OperateLogSerializer(serializers.ModelSerializer):
+class OperateLogSerializer(BulkOrgResourceModelSerializer):
     action = LabeledChoiceField(choices=ActionChoices.choices, label=_("Action"))
     resource = serializers.SerializerMethodField(label=_("Resource"))
     resource_type = serializers.SerializerMethodField(label=_('Resource Type'))

apps/audits/utils.py

@@ -1,13 +1,15 @@
 import codecs
 import copy
 import csv
+
 from itertools import chain
+from datetime import datetime
 
 from django.db import models
 from django.http import HttpResponse
 
+from common.utils.timezone import as_current_tz
 from common.utils import validate_ip, get_ip_city, get_logger
-from settings.serializers import SettingsSerializer
 from .const import DEFAULT_CITY
 
 logger = get_logger(__name__)
@@ -70,6 +72,8 @@ def _get_instance_field_value(
                 f.verbose_name = 'id'
             elif isinstance(value, (list, dict)):
                 value = copy.deepcopy(value)
+            elif isinstance(value, datetime):
+                value = as_current_tz(value).strftime('%Y-%m-%d %H:%M:%S')
             elif isinstance(f, models.OneToOneField) and isinstance(value, models.Model):
                 nested_data = _get_instance_field_value(
                     value, include_model_fields, model_need_continue_fields, ('id',)

apps/authentication/views/login.py

@@ -6,6 +6,7 @@ import os
 import datetime
 from typing import Callable
 
+from django.db import IntegrityError
 from django.templatetags.static import static
 from django.contrib.auth import login as auth_login, logout as auth_logout
 from django.http import HttpResponse, HttpRequest
@@ -229,6 +230,23 @@ class UserLoginView(mixins.AuthMixin, UserLoginContextMixin, FormView):
         ) as e:
             form.add_error('code', e.msg)
             return super().form_invalid(form)
+        except (IntegrityError,) as e:
+            # (1062, "Duplicate entry 'youtester001@example.com' for key 'users_user.email'")
+            error = str(e)
+            if len(e.args) < 2:
+                form.add_error(None, error)
+                return super().form_invalid(form)
+
+            msg_list = e.args[1].split("'")
+            if len(msg_list) < 4:
+                form.add_error(None, error)
+                return super().form_invalid(form)
+
+            email, field = msg_list[1], msg_list[3]
+            if field == 'users_user.email':
+                error = _('User email already exists ({})').format(email)
+            form.add_error(None, error)
+            return super().form_invalid(form)
         self.clear_rsa_key()
         return self.redirect_to_guard_view()
 

apps/common/__init__.py

@@ -2,4 +2,3 @@ from __future__ import absolute_import
 
 # This will make sure the app is always imported when
 # Django starts so that shared_task will use this app.
-

apps/common/local.py

@@ -1,7 +1,7 @@
 from werkzeug.local import Local
 
 thread_local = Local()
-encrypted_field_set = set()
+encrypted_field_set = {'password'}
 
 
 def _find(attr):

apps/common/utils/connection.py

@@ -108,7 +108,7 @@ class Subscription:
         try:
             self.sub.close()
         except Exception as e:
-            logger.error('Unsubscribe msg error: {}'.format(e))
+            logger.debug('Unsubscribe msg error: {}'.format(e))
 
     def retry(self, _next, error, complete):
         logger.info('Retry subscribe channel: {}'.format(self.ch))

apps/common/utils/translate.py

@@ -35,7 +35,10 @@ def i18n_trans(s):
     tpl, args = s.split(' % ', 1)
     args = args.split(', ')
     args = [gettext(arg) for arg in args]
-    return gettext(tpl) % tuple(args)
+    try:
+        return gettext(tpl) % tuple(args)
+    except TypeError:
+        return gettext(tpl)
 
 
 def hello():

apps/locale/ja/LC_MESSAGES/django.po

@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2023-02-23 19:11+0800\n"
+"POT-Creation-Date: 2023-03-02 16:00+0800\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -394,7 +394,7 @@ msgid "Date last login"
 msgstr "最終ログイン日"
 
 #: accounts/models/automations/gather_account.py:15
-#: accounts/models/automations/push_account.py:13 accounts/models/base.py:34
+#: accounts/models/automations/push_account.py:14 accounts/models/base.py:34
 #: acls/serializers/base.py:18 acls/serializers/base.py:49
 #: assets/models/_user.py:23 audits/models.py:157 authentication/forms.py:25
 #: authentication/forms.py:27 authentication/models/temp_token.py:9
@@ -419,11 +419,11 @@ msgstr "自動収集アカウント"
 msgid "Gather asset accounts"
 msgstr "アカウントのコレクション"
 
-#: accounts/models/automations/push_account.py:12
+#: accounts/models/automations/push_account.py:13
 msgid "Triggers"
 msgstr "トリガー方式"
 
-#: accounts/models/automations/push_account.py:14 acls/models/base.py:81
+#: accounts/models/automations/push_account.py:15 acls/models/base.py:81
 #: acls/serializers/base.py:81 acls/serializers/login_acl.py:25
 #: assets/models/cmd_filter.py:81 audits/models.py:65 audits/serializers.py:82
 #: authentication/serializers/connect_token_secret.py:109
@@ -431,7 +431,7 @@ msgstr "トリガー方式"
 msgid "Action"
 msgstr "アクション"
 
-#: accounts/models/automations/push_account.py:40
+#: accounts/models/automations/push_account.py:43
 msgid "Push asset account"
 msgstr "アカウントプッシュ"
 
@@ -447,7 +447,7 @@ msgstr "アカウントの確認"
 #: assets/models/group.py:20 assets/models/label.py:18
 #: assets/models/platform.py:21 assets/models/platform.py:76
 #: assets/serializers/asset/common.py:67 assets/serializers/asset/common.py:143
-#: assets/serializers/platform.py:91 assets/serializers/platform.py:136
+#: assets/serializers/platform.py:133
 #: authentication/serializers/connect_token_secret.py:103 ops/mixin.py:21
 #: ops/models/adhoc.py:21 ops/models/celery.py:15 ops/models/celery.py:57
 #: ops/models/job.py:91 ops/models/playbook.py:23 ops/serializers/job.py:19
@@ -533,7 +533,7 @@ msgstr "エスクローされたパスワード"
 #: accounts/serializers/account/account.py:75 applications/models.py:11
 #: assets/models/label.py:21 assets/models/platform.py:77
 #: assets/serializers/asset/common.py:120 assets/serializers/cagegory.py:8
-#: assets/serializers/platform.py:97 assets/serializers/platform.py:137
+#: assets/serializers/platform.py:94 assets/serializers/platform.py:134
 #: perms/serializers/user_permission.py:26 settings/models.py:35
 #: tickets/models/ticket/apply_application.py:13
 msgid "Category"
@@ -544,7 +544,7 @@ msgstr "カテゴリ"
 #: acls/serializers/command_acl.py:18 applications/models.py:14
 #: assets/models/_user.py:50 assets/models/automations/base.py:20
 #: assets/models/cmd_filter.py:74 assets/models/platform.py:78
-#: assets/serializers/asset/common.py:121 assets/serializers/platform.py:96
+#: assets/serializers/asset/common.py:121 assets/serializers/platform.py:93
 #: audits/serializers.py:48
 #: authentication/serializers/connect_token_secret.py:116 ops/models/job.py:102
 #: perms/serializers/user_permission.py:27 terminal/models/applet/applet.py:31
@@ -741,7 +741,7 @@ msgstr "アクティブ"
 #: authentication/models/sso_token.py:16
 #: notifications/models/notification.py:12
 #: perms/api/user_permission/mixin.py:55 perms/models/asset_permission.py:58
-#: perms/serializers/permission.py:23 rbac/builtin.py:118
+#: perms/serializers/permission.py:23 rbac/builtin.py:122
 #: rbac/models/rolebinding.py:49 terminal/backends/command/models.py:19
 #: terminal/models/session/session.py:30 terminal/models/session/sharing.py:32
 #: terminal/notifications.py:96 terminal/notifications.py:144
@@ -908,7 +908,7 @@ msgstr "アプリケーション"
 msgid "Can match application"
 msgstr "アプリケーションを一致させることができます"
 
-#: assets/api/asset/asset.py:142
+#: assets/api/asset/asset.py:143
 msgid "Cannot create asset directly, you should create a host or other"
 msgstr ""
 "資産を直接作成することはできません。ホストまたはその他を作成する必要がありま"
@@ -944,10 +944,8 @@ msgid "No account"
 msgstr "アカウントなし"
 
 #: assets/automations/ping_gateway/manager.py:36
-#, fuzzy
-#| msgid "Assets amount"
 msgid "Asset, {}, using account {}"
-msgstr "資産額"
+msgstr "資産, {}, アカウントを使用 {}"
 
 #: assets/automations/ping_gateway/manager.py:55
 #, python-brace-format
@@ -1459,23 +1457,23 @@ msgstr "メタ"
 msgid "Internal"
 msgstr "ビルトイン"
 
-#: assets/models/platform.py:83 assets/serializers/platform.py:94
+#: assets/models/platform.py:83 assets/serializers/platform.py:91
 msgid "Charset"
 msgstr "シャーセット"
 
-#: assets/models/platform.py:85 assets/serializers/platform.py:122
+#: assets/models/platform.py:85 assets/serializers/platform.py:119
 msgid "Domain enabled"
 msgstr "ドメインを有効にする"
 
-#: assets/models/platform.py:87 assets/serializers/platform.py:121
+#: assets/models/platform.py:87 assets/serializers/platform.py:118
 msgid "Su enabled"
 msgstr "アカウントの切り替えを有効にする"
 
-#: assets/models/platform.py:88 assets/serializers/platform.py:104
+#: assets/models/platform.py:88 assets/serializers/platform.py:101
 msgid "Su method"
 msgstr "アカウントの切り替え方法"
 
-#: assets/models/platform.py:90 assets/serializers/platform.py:101
+#: assets/models/platform.py:90 assets/serializers/platform.py:98
 msgid "Automation"
 msgstr "オートメーション"
 
@@ -1488,7 +1486,7 @@ msgstr "%(value)s は偶数ではありません"
 msgid "Auto fill"
 msgstr "自動充填"
 
-#: assets/serializers/asset/common.py:123 assets/serializers/platform.py:99
+#: assets/serializers/asset/common.py:123 assets/serializers/platform.py:96
 #: authentication/serializers/connect_token_secret.py:28
 #: authentication/serializers/connect_token_secret.py:66
 #: perms/serializers/user_permission.py:25 xpack/plugins/cloud/models.py:99
@@ -1629,7 +1627,7 @@ msgstr "アカウントの収集方法"
 msgid "Primary"
 msgstr "主要"
 
-#: assets/serializers/platform.py:123
+#: assets/serializers/platform.py:120
 msgid "Default Domain"
 msgstr "デフォルト ドメイン"
 
@@ -1940,20 +1938,20 @@ msgid "Auth Token"
 msgstr "認証トークン"
 
 #: audits/signal_handlers/login_log.py:31 authentication/notifications.py:73
-#: authentication/views/login.py:73 authentication/views/wecom.py:177
+#: authentication/views/login.py:74 authentication/views/wecom.py:177
 #: notifications/backends/__init__.py:11 settings/serializers/auth/wecom.py:10
 #: users/models/user.py:778
 msgid "WeCom"
 msgstr "企業微信"
 
 #: audits/signal_handlers/login_log.py:32 authentication/views/feishu.py:144
-#: authentication/views/login.py:85 notifications/backends/__init__.py:14
+#: authentication/views/login.py:86 notifications/backends/__init__.py:14
 #: settings/serializers/auth/feishu.py:10 users/models/user.py:780
 msgid "FeiShu"
 msgstr "本を飛ばす"
 
 #: audits/signal_handlers/login_log.py:33 authentication/views/dingtalk.py:179
-#: authentication/views/login.py:79 notifications/backends/__init__.py:12
+#: authentication/views/login.py:80 notifications/backends/__init__.py:12
 #: settings/serializers/auth/dingtalk.py:10 users/models/user.py:779
 msgid "DingTalk"
 msgstr "DingTalk"
@@ -2237,15 +2235,15 @@ msgstr "本を飛ばすは拘束されていません"
 msgid "Your password is invalid"
 msgstr "パスワードが無効です"
 
-#: authentication/errors/redirect.py:85 authentication/mixins.py:306
+#: authentication/errors/redirect.py:85 authentication/mixins.py:307
 msgid "Your password is too simple, please change it for security"
 msgstr "パスワードがシンプルすぎるので、セキュリティのために変更してください"
 
-#: authentication/errors/redirect.py:93 authentication/mixins.py:313
+#: authentication/errors/redirect.py:93 authentication/mixins.py:314
 msgid "You should to change your password before login"
 msgstr "ログインする前にパスワードを変更する必要があります"
 
-#: authentication/errors/redirect.py:101 authentication/mixins.py:320
+#: authentication/errors/redirect.py:101 authentication/mixins.py:321
 msgid "Your password has expired, please reset before logging in"
 msgstr ""
 "パスワードの有効期限が切れました。ログインする前にリセットしてください。"
@@ -2348,11 +2346,11 @@ msgstr "無効にする電話番号をクリアする"
 msgid "Authentication failed (before login check failed): {}"
 msgstr "認証に失敗しました (ログインチェックが失敗する前): {}"
 
-#: authentication/mixins.py:256
+#: authentication/mixins.py:257
 msgid "The MFA type ({}) is not enabled"
 msgstr "MFAタイプ ({}) が有効になっていない"
 
-#: authentication/mixins.py:296
+#: authentication/mixins.py:297
 msgid "Please change your password"
 msgstr "パスワードを変更してください"
 
@@ -2812,19 +2810,23 @@ msgstr "本を飛ばすからユーザーを取得できませんでした"
 msgid "Please login with a password and then bind the FeiShu"
 msgstr "パスワードでログインしてから本を飛ばすをバインドしてください"
 
-#: authentication/views/login.py:181
+#: authentication/views/login.py:182
 msgid "Redirecting"
 msgstr "リダイレクト"
 
-#: authentication/views/login.py:182
+#: authentication/views/login.py:183
 msgid "Redirecting to {} authentication"
 msgstr "{} 認証へのリダイレクト"
 
-#: authentication/views/login.py:205
+#: authentication/views/login.py:206
 msgid "Please enable cookies and try again."
 msgstr "クッキーを有効にして、もう一度お試しください。"
 
-#: authentication/views/login.py:307
+#: authentication/views/login.py:238
+msgid "User email already exists ({})"
+msgstr "ユーザー メールボックスは既に存在します ({})"
+
+#: authentication/views/login.py:318
 msgid ""
 "Wait for <b>{}</b> confirm, You also can copy link to her/him <br/>\n"
 "                  Don't close this page"
@@ -2832,15 +2834,15 @@ msgstr ""
 "<b>{}</b> 確認を待ちます。彼女/彼へのリンクをコピーすることもできます <br/>\n"
 "                  このページを閉じないでください"
 
-#: authentication/views/login.py:312
+#: authentication/views/login.py:323
 msgid "No ticket found"
 msgstr "チケットが見つかりません"
 
-#: authentication/views/login.py:348
+#: authentication/views/login.py:359
 msgid "Logout success"
 msgstr "ログアウト成功"
 
-#: authentication/views/login.py:349
+#: authentication/views/login.py:360
 msgid "Logout success, return login page"
 msgstr "ログアウト成功、ログインページを返す"
 
@@ -3509,15 +3511,15 @@ msgstr "終了しました"
 msgid "Time cost"
 msgstr "時を過ごす"
 
-#: ops/tasks.py:32
+#: ops/tasks.py:34
 msgid "Run ansible task"
 msgstr "Ansible タスクを実行する"
 
-#: ops/tasks.py:61
+#: ops/tasks.py:63
 msgid "Run ansible task execution"
 msgstr "Ansible タスクの実行を開始する"
 
-#: ops/tasks.py:77
+#: ops/tasks.py:79
 msgid "Clear celery periodic tasks"
 msgstr "タスクログを定期的にクリアする"
 
@@ -3735,7 +3737,7 @@ msgstr "内部の役割は、破壊することはできません"
 msgid "The role has been bound to users, can't be destroy"
 msgstr "ロールはユーザーにバインドされており、破壊することはできません"
 
-#: rbac/api/role.py:83
+#: rbac/api/role.py:87
 msgid "Internal role, can't be update"
 msgstr "内部ロール、更新できません"
 
@@ -3747,27 +3749,27 @@ msgstr "{} 少なくとも1つのシステムロール"
 msgid "RBAC"
 msgstr "RBAC"
 
-#: rbac/builtin.py:109
+#: rbac/builtin.py:113
 msgid "SystemAdmin"
 msgstr "システム管理者"
 
-#: rbac/builtin.py:112
+#: rbac/builtin.py:116
 msgid "SystemAuditor"
 msgstr "システム監査人"
 
-#: rbac/builtin.py:115
+#: rbac/builtin.py:119
 msgid "SystemComponent"
 msgstr "システムコンポーネント"
 
-#: rbac/builtin.py:121
+#: rbac/builtin.py:125
 msgid "OrgAdmin"
 msgstr "組織管理者"
 
-#: rbac/builtin.py:124
+#: rbac/builtin.py:128
 msgid "OrgAuditor"
 msgstr "監査員を組織する"
 
-#: rbac/builtin.py:127
+#: rbac/builtin.py:131
 msgid "OrgUser"
 msgstr "組織ユーザー"
 
@@ -5408,9 +5410,9 @@ msgstr "セッション"
 msgid "Risk level"
 msgstr "リスクレベル"
 
-#: terminal/connect_methods.py:47 terminal/connect_methods.py:48
-#: terminal/connect_methods.py:49 terminal/connect_methods.py:50
-#: terminal/connect_methods.py:51
+#: terminal/connect_methods.py:54 terminal/connect_methods.py:55
+#: terminal/connect_methods.py:56 terminal/connect_methods.py:57
+#: terminal/connect_methods.py:58
 msgid "DB Client"
 msgstr "データベース クライアント"
 
@@ -5899,11 +5901,11 @@ msgstr "孤立したセッションをクリアする"
 msgid "Upload session replay to external storage"
 msgstr "セッションの記録を外部ストレージにアップロードする"
 
-#: terminal/tasks.py:83
+#: terminal/tasks.py:84
 msgid "Run applet host deployment"
 msgstr "アプリケーション マシンの展開を実行する"
 
-#: terminal/tasks.py:90
+#: terminal/tasks.py:94
 msgid "Install applet"
 msgstr "アプリをインストールする"
 
@@ -7388,30 +7390,3 @@ msgstr "究極のエディション"
 #: xpack/plugins/license/models.py:85
 msgid "Community edition"
 msgstr "コミュニティ版"
-
-#, fuzzy
-#~| msgid "Only admin users"
-#~ msgid "Unix admin user"
-#~ msgstr "管理者のみ"
-
-#, fuzzy
-#~| msgid "Only admin users"
-#~ msgid "Windows admin user"
-#~ msgstr "管理者のみ"
-
-#, fuzzy
-#~| msgid "Only admin users"
-#~ msgid "Linux admin user"
-#~ msgstr "管理者のみ"
-
-#~ msgid "Can push account to asset"
-#~ msgstr "アカウントをアセットにプッシュできます"
-
-#~ msgid "Add asset to node"
-#~ msgstr "ノードにアセットを追加する"
-
-#~ msgid "Move asset to node"
-#~ msgstr "アセットをノードに移動する"
-
-#~ msgid "Remove asset from node"
-#~ msgstr "ノードからアセットを削除"

apps/locale/zh/LC_MESSAGES/django.po

@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: JumpServer 0.3.3\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2023-02-23 19:11+0800\n"
+"POT-Creation-Date: 2023-03-02 16:00+0800\n"
 "PO-Revision-Date: 2021-05-20 10:54+0800\n"
 "Last-Translator: ibuler <ibuler@qq.com>\n"
 "Language-Team: JumpServer team<ibuler@qq.com>\n"
@@ -393,7 +393,7 @@ msgid "Date last login"
 msgstr "最后登录日期"
 
 #: accounts/models/automations/gather_account.py:15
-#: accounts/models/automations/push_account.py:13 accounts/models/base.py:34
+#: accounts/models/automations/push_account.py:14 accounts/models/base.py:34
 #: acls/serializers/base.py:18 acls/serializers/base.py:49
 #: assets/models/_user.py:23 audits/models.py:157 authentication/forms.py:25
 #: authentication/forms.py:27 authentication/models/temp_token.py:9
@@ -418,11 +418,11 @@ msgstr "自动化收集账号"
 msgid "Gather asset accounts"
 msgstr "收集账号"
 
-#: accounts/models/automations/push_account.py:12
+#: accounts/models/automations/push_account.py:13
 msgid "Triggers"
 msgstr "触发方式"
 
-#: accounts/models/automations/push_account.py:14 acls/models/base.py:81
+#: accounts/models/automations/push_account.py:15 acls/models/base.py:81
 #: acls/serializers/base.py:81 acls/serializers/login_acl.py:25
 #: assets/models/cmd_filter.py:81 audits/models.py:65 audits/serializers.py:82
 #: authentication/serializers/connect_token_secret.py:109
@@ -430,7 +430,7 @@ msgstr "触发方式"
 msgid "Action"
 msgstr "动作"
 
-#: accounts/models/automations/push_account.py:40
+#: accounts/models/automations/push_account.py:43
 msgid "Push asset account"
 msgstr "账号推送"
 
@@ -446,7 +446,7 @@ msgstr "账号验证"
 #: assets/models/group.py:20 assets/models/label.py:18
 #: assets/models/platform.py:21 assets/models/platform.py:76
 #: assets/serializers/asset/common.py:67 assets/serializers/asset/common.py:143
-#: assets/serializers/platform.py:91 assets/serializers/platform.py:136
+#: assets/serializers/platform.py:133
 #: authentication/serializers/connect_token_secret.py:103 ops/mixin.py:21
 #: ops/models/adhoc.py:21 ops/models/celery.py:15 ops/models/celery.py:57
 #: ops/models/job.py:91 ops/models/playbook.py:23 ops/serializers/job.py:19
@@ -529,7 +529,7 @@ msgstr "已托管密码"
 #: accounts/serializers/account/account.py:75 applications/models.py:11
 #: assets/models/label.py:21 assets/models/platform.py:77
 #: assets/serializers/asset/common.py:120 assets/serializers/cagegory.py:8
-#: assets/serializers/platform.py:97 assets/serializers/platform.py:137
+#: assets/serializers/platform.py:94 assets/serializers/platform.py:134
 #: perms/serializers/user_permission.py:26 settings/models.py:35
 #: tickets/models/ticket/apply_application.py:13
 msgid "Category"
@@ -540,7 +540,7 @@ msgstr "类别"
 #: acls/serializers/command_acl.py:18 applications/models.py:14
 #: assets/models/_user.py:50 assets/models/automations/base.py:20
 #: assets/models/cmd_filter.py:74 assets/models/platform.py:78
-#: assets/serializers/asset/common.py:121 assets/serializers/platform.py:96
+#: assets/serializers/asset/common.py:121 assets/serializers/platform.py:93
 #: audits/serializers.py:48
 #: authentication/serializers/connect_token_secret.py:116 ops/models/job.py:102
 #: perms/serializers/user_permission.py:27 terminal/models/applet/applet.py:31
@@ -737,7 +737,7 @@ msgstr "激活中"
 #: authentication/models/sso_token.py:16
 #: notifications/models/notification.py:12
 #: perms/api/user_permission/mixin.py:55 perms/models/asset_permission.py:58
-#: perms/serializers/permission.py:23 rbac/builtin.py:118
+#: perms/serializers/permission.py:23 rbac/builtin.py:122
 #: rbac/models/rolebinding.py:49 terminal/backends/command/models.py:19
 #: terminal/models/session/session.py:30 terminal/models/session/sharing.py:32
 #: terminal/notifications.py:96 terminal/notifications.py:144
@@ -902,7 +902,7 @@ msgstr "应用程序"
 msgid "Can match application"
 msgstr "匹配应用"
 
-#: assets/api/asset/asset.py:142
+#: assets/api/asset/asset.py:143
 msgid "Cannot create asset directly, you should create a host or other"
 msgstr "不能直接创建资产, 你应该创建主机或其他资产"
 
@@ -936,10 +936,8 @@ msgid "No account"
 msgstr "没有账号"
 
 #: assets/automations/ping_gateway/manager.py:36
-#, fuzzy
-#| msgid "Assets amount"
 msgid "Asset, {}, using account {}"
-msgstr "资产数量"
+msgstr "资产, {}, 使用账号 {}"
 
 #: assets/automations/ping_gateway/manager.py:55
 #, python-brace-format
@@ -1451,23 +1449,23 @@ msgstr "元数据"
 msgid "Internal"
 msgstr "内置"
 
-#: assets/models/platform.py:83 assets/serializers/platform.py:94
+#: assets/models/platform.py:83 assets/serializers/platform.py:91
 msgid "Charset"
 msgstr "编码"
 
-#: assets/models/platform.py:85 assets/serializers/platform.py:122
+#: assets/models/platform.py:85 assets/serializers/platform.py:119
 msgid "Domain enabled"
 msgstr "启用网域"
 
-#: assets/models/platform.py:87 assets/serializers/platform.py:121
+#: assets/models/platform.py:87 assets/serializers/platform.py:118
 msgid "Su enabled"
 msgstr "启用账号切换"
 
-#: assets/models/platform.py:88 assets/serializers/platform.py:104
+#: assets/models/platform.py:88 assets/serializers/platform.py:101
 msgid "Su method"
 msgstr "账号切换方式"
 
-#: assets/models/platform.py:90 assets/serializers/platform.py:101
+#: assets/models/platform.py:90 assets/serializers/platform.py:98
 msgid "Automation"
 msgstr "自动化"
 
@@ -1480,7 +1478,7 @@ msgstr "%(value)s is not an even number"
 msgid "Auto fill"
 msgstr "自动代填"
 
-#: assets/serializers/asset/common.py:123 assets/serializers/platform.py:99
+#: assets/serializers/asset/common.py:123 assets/serializers/platform.py:96
 #: authentication/serializers/connect_token_secret.py:28
 #: authentication/serializers/connect_token_secret.py:66
 #: perms/serializers/user_permission.py:25 xpack/plugins/cloud/models.py:99
@@ -1621,7 +1619,7 @@ msgstr "收集账号方式"
 msgid "Primary"
 msgstr "主要的"
 
-#: assets/serializers/platform.py:123
+#: assets/serializers/platform.py:120
 msgid "Default Domain"
 msgstr "默认网域"
 
@@ -1930,20 +1928,20 @@ msgid "Auth Token"
 msgstr "认证令牌"
 
 #: audits/signal_handlers/login_log.py:31 authentication/notifications.py:73
-#: authentication/views/login.py:73 authentication/views/wecom.py:177
+#: authentication/views/login.py:74 authentication/views/wecom.py:177
 #: notifications/backends/__init__.py:11 settings/serializers/auth/wecom.py:10
 #: users/models/user.py:778
 msgid "WeCom"
 msgstr "企业微信"
 
 #: audits/signal_handlers/login_log.py:32 authentication/views/feishu.py:144
-#: authentication/views/login.py:85 notifications/backends/__init__.py:14
+#: authentication/views/login.py:86 notifications/backends/__init__.py:14
 #: settings/serializers/auth/feishu.py:10 users/models/user.py:780
 msgid "FeiShu"
 msgstr "飞书"
 
 #: audits/signal_handlers/login_log.py:33 authentication/views/dingtalk.py:179
-#: authentication/views/login.py:79 notifications/backends/__init__.py:12
+#: authentication/views/login.py:80 notifications/backends/__init__.py:12
 #: settings/serializers/auth/dingtalk.py:10 users/models/user.py:779
 msgid "DingTalk"
 msgstr "钉钉"
@@ -2217,15 +2215,15 @@ msgstr "没有绑定飞书"
 msgid "Your password is invalid"
 msgstr "您的密码无效"
 
-#: authentication/errors/redirect.py:85 authentication/mixins.py:306
+#: authentication/errors/redirect.py:85 authentication/mixins.py:307
 msgid "Your password is too simple, please change it for security"
 msgstr "你的密码过于简单，为了安全，请修改"
 
-#: authentication/errors/redirect.py:93 authentication/mixins.py:313
+#: authentication/errors/redirect.py:93 authentication/mixins.py:314
 msgid "You should to change your password before login"
 msgstr "登录完成前，请先修改密码"
 
-#: authentication/errors/redirect.py:101 authentication/mixins.py:320
+#: authentication/errors/redirect.py:101 authentication/mixins.py:321
 msgid "Your password has expired, please reset before logging in"
 msgstr "您的密码已过期，先修改再登录"
 
@@ -2326,11 +2324,11 @@ msgstr "清空手机号码禁用"
 msgid "Authentication failed (before login check failed): {}"
 msgstr "认证失败（登录前检查失败）: {}"
 
-#: authentication/mixins.py:256
+#: authentication/mixins.py:257
 msgid "The MFA type ({}) is not enabled"
 msgstr "该 MFA ({}) 方式没有启用"
 
-#: authentication/mixins.py:296
+#: authentication/mixins.py:297
 msgid "Please change your password"
 msgstr "请修改密码"
 
@@ -2782,19 +2780,23 @@ msgstr "从飞书获取用户失败"
 msgid "Please login with a password and then bind the FeiShu"
 msgstr "请使用密码登录，然后绑定飞书"
 
-#: authentication/views/login.py:181
+#: authentication/views/login.py:182
 msgid "Redirecting"
 msgstr "跳转中"
 
-#: authentication/views/login.py:182
+#: authentication/views/login.py:183
 msgid "Redirecting to {} authentication"
 msgstr "正在跳转到 {} 认证"
 
-#: authentication/views/login.py:205
+#: authentication/views/login.py:206
 msgid "Please enable cookies and try again."
 msgstr "设置你的浏览器支持cookie"
 
-#: authentication/views/login.py:307
+#: authentication/views/login.py:238
+msgid "User email already exists ({})"
+msgstr "用户邮箱已存在 ({})"
+
+#: authentication/views/login.py:318
 msgid ""
 "Wait for <b>{}</b> confirm, You also can copy link to her/him <br/>\n"
 "                  Don't close this page"
@@ -2802,15 +2804,15 @@ msgstr ""
 "等待 <b>{}</b> 确认, 你也可以复制链接发给他/她 <br/>\n"
 "                  不要关闭本页面"
 
-#: authentication/views/login.py:312
+#: authentication/views/login.py:323
 msgid "No ticket found"
 msgstr "没有发现工单"
 
-#: authentication/views/login.py:348
+#: authentication/views/login.py:359
 msgid "Logout success"
 msgstr "退出登录成功"
 
-#: authentication/views/login.py:349
+#: authentication/views/login.py:360
 msgid "Logout success, return login page"
 msgstr "退出登录成功，返回到登录页面"
 
@@ -3474,15 +3476,15 @@ msgstr "是否完成"
 msgid "Time cost"
 msgstr "花费时间"
 
-#: ops/tasks.py:32
+#: ops/tasks.py:34
 msgid "Run ansible task"
 msgstr "运行 Ansible 任务"
 
-#: ops/tasks.py:61
+#: ops/tasks.py:63
 msgid "Run ansible task execution"
 msgstr "开始执行 Ansible 任务"
 
-#: ops/tasks.py:77
+#: ops/tasks.py:79
 msgid "Clear celery periodic tasks"
 msgstr "清理周期任务"
 
@@ -3699,7 +3701,7 @@ msgstr "内部角色，不能删除"
 msgid "The role has been bound to users, can't be destroy"
 msgstr "角色已绑定用户，不能删除"
 
-#: rbac/api/role.py:83
+#: rbac/api/role.py:87
 msgid "Internal role, can't be update"
 msgstr "内部角色，不能更新"
 
@@ -3711,27 +3713,27 @@ msgstr "{} 至少有一个系统角色"
 msgid "RBAC"
 msgstr "RBAC"
 
-#: rbac/builtin.py:109
+#: rbac/builtin.py:113
 msgid "SystemAdmin"
 msgstr "系统管理员"
 
-#: rbac/builtin.py:112
+#: rbac/builtin.py:116
 msgid "SystemAuditor"
 msgstr "系统审计员"
 
-#: rbac/builtin.py:115
+#: rbac/builtin.py:119
 msgid "SystemComponent"
 msgstr "系统组件"
 
-#: rbac/builtin.py:121
+#: rbac/builtin.py:125
 msgid "OrgAdmin"
 msgstr "组织管理员"
 
-#: rbac/builtin.py:124
+#: rbac/builtin.py:128
 msgid "OrgAuditor"
 msgstr "组织审计员"
 
-#: rbac/builtin.py:127
+#: rbac/builtin.py:131
 msgid "OrgUser"
 msgstr "组织用户"
 
@@ -5336,9 +5338,9 @@ msgstr "会话"
 msgid "Risk level"
 msgstr "风险等级"
 
-#: terminal/connect_methods.py:47 terminal/connect_methods.py:48
-#: terminal/connect_methods.py:49 terminal/connect_methods.py:50
-#: terminal/connect_methods.py:51
+#: terminal/connect_methods.py:54 terminal/connect_methods.py:55
+#: terminal/connect_methods.py:56 terminal/connect_methods.py:57
+#: terminal/connect_methods.py:58
 msgid "DB Client"
 msgstr "数据库客户端"
 
@@ -5825,11 +5827,11 @@ msgstr "清除孤儿会话"
 msgid "Upload session replay to external storage"
 msgstr "上传会话录像到外部存储"
 
-#: terminal/tasks.py:83
+#: terminal/tasks.py:84
 msgid "Run applet host deployment"
 msgstr "运行应用机部署"
 
-#: terminal/tasks.py:90
+#: terminal/tasks.py:94
 msgid "Install applet"
 msgstr "安装应用"
 

apps/ops/api/playbook.py

@@ -62,10 +62,10 @@ class PlaybookFileBrowserAPIView(APIView):
     rbac_perms = ()
     permission_classes = (RBACPermission,)
     rbac_perms = {
-        'GET': 'ops.change_playbooks',
-        'POST': 'ops.change_playbooks',
-        'DELETE': 'ops.change_playbooks',
-        'PATCH': 'ops.change_playbooks',
+        'GET': 'ops.change_playbook',
+        'POST': 'ops.change_playbook',
+        'DELETE': 'ops.change_playbook',
+        'PATCH': 'ops.change_playbook',
     }
     protected_files = ['root', 'main.yml']
 

apps/ops/views.py

@@ -13,7 +13,7 @@ class CeleryTaskLogView(PermissionsMixin, TemplateView):
     template_name = 'ops/celery_task_log.html'
     permission_classes = [RBACPermission]
     rbac_perms = {
-        'GET': 'ops.view_celerytask'
+        'GET': 'ops.view_celerytaskexecution'
     }
 
     def get_context_data(self, **kwargs):

apps/rbac/builtin.py

@@ -22,6 +22,7 @@ user_perms = (
     ("ops", "playbook", "*", "*"),
     ("ops", "job", "*", "*"),
     ("ops", "jobexecution", "*", "*"),
+    ("ops", "celerytaskexecution", "view", "*"),
 )
 
 system_user_perms = (

apps/rbac/const.py

@@ -135,7 +135,7 @@ only_system_permissions = (
     ('xpack', 'license', '*', '*'),
     ('settings', 'setting', '*', '*'),
     ('tickets', '*', '*', '*'),
-    ('ops', 'task', 'view', 'taskmonitor'),
+    ('ops', 'celerytask', 'view', 'taskmonitor'),
     ('terminal', 'terminal', '*', '*'),
     ('terminal', 'commandstorage', '*', '*'),
     ('terminal', 'replaystorage', '*', '*'),

apps/settings/api/email.py

@@ -42,7 +42,7 @@ class MailTestingAPI(APIView):
         #     if k.startswith('EMAIL'):
         #         setattr(settings, k, v)
         try:
-            subject = settings.EMAIL_SUBJECT_PREFIX + "Test"
+            subject = settings.EMAIL_SUBJECT_PREFIX or '' + "Test"
             message = "Test smtp setting"
             email_from = email_from or email_host_user
             email_recipient = email_recipient or email_from