mirror of
https://github.com/jumpserver/jumpserver.git
synced 2025-09-05 01:11:57 +00:00
1fd2e782f8
* [Update] 暂存,优化解决不了问题 * [Update] 待续(小白) * [Update] 修改asset user * [Update] 计划再次更改 * [Update] 修改asset user * [Update] 暂存与喜爱 * [Update] Add id in * [Update] 阶段性完成ops task该做 * [Update] 修改asset user api * [Update] 修改asset user 任务,查看认证等 * [Update] 基本完成asset user改造 * [Update] dynamic user only allow 1 * [Update] 修改asset user task * [Update] 修改node admin user task api * [Update] remove file header license * [Update] 添加sftp root * [Update] 暂存 * [Update] 暂存 * [Update] 修改翻译 * [Update] 修改系统用户改为同名后,用户名改为空 * [Update] 基本完成CAS调研 * [Update] 支持cas server * [Update] 支持cas server * [Update] 添加requirements * [Update] 为方便调试添加mysql ipython到包中 * [Update] 添加huaweiyun翻译 * [Update] 增加下载session 录像 * [Update] 只有第一次通知replay离线的使用方法 * [Update] 暂存一下 * [Bugfix] 获取系统用户信息报错 * [Bugfix] 修改system user info * [Update] 改成清理10天git status * [Update] 修改celery日志保留时间 * [Update]修复部分pip包依赖的版本不兼容问题 (#3672) * [Update] 修复用户更新页面会清空用户public_key的问题 * Fix broken dependencies Co-authored-by: BaiJiangJie <32935519+BaiJiangJie@users.noreply.github.com> * [Update] 修改获取系统用户auth info * [Update] Remove log * [Bugfix] 修复sftp home设置的bug * [Update] 授权的系统用户添加sftp root * [Update] 修改系统用户关联的用户 * [Update] 修改placeholder * [Update] 优化获取授权的系统用户 * [Update] 修改tasks * [Update] tree service update * [Update] 暂存 * [Update] 基本完成用户授权树和资产树改造 * [Update] Dashbaord perf * [update] Add huawei cloud sdk requirements * [Updte] 优化dashboard页面 * [Update] system user auth info 添加id * [Update] 修改系统用户serializer * [Update] 优化api * [Update] LDAP Test Util (#3720) * [Update] LDAPTestUtil 1 * [Update] LDAPTestUtil 2 * [Update] LDAPTestUtil 3 * [Update] LDAPTestUtil 4 * [Update] LDAPTestUtil 5 * [Update] LDAPTestUtil 6 * [Update] LDAPTestUtil 7 * [Update] session 已添加is success,并且添加display serializer * [Bugfix] 修复无法删除空节点的bug * [Update] 命令记录分组织显示 * [Update] Session is_success 添加迁移文件 * [Update] 批量命令添加org_id * [Update] 修复一些文案,修改不绑定MFA,不能ssh登录 * [Update] 修改replay api, 返回session信息 * [Update] 解决无效es导致访问命令记录页面失败的问题 * [Update] 拆分profile view * [Update] 修改一个翻译 * [Update] 修改aysnc api框架 * [Update] 命令列表添加risk level * [Update] 完成录像打包下载 * [Update] 更改登陆otp页面 * [Update] 修改command 存储redis_level * [Update] 修改翻译 * [Update] 修改系统用户的用户列表字段 * [Update] 使用新logo和统一Jumpserver为JumpServer * [Update] 优化cloud task * [Update] 统一period task * [Update] 统一period form serializer字段 * [Update] 修改period task * [Update] 修改资产网关信息 * [Update] 用户授权资产树资产信息添加domain * [Update] 修改翻译 * [Update] 测试可连接性 * 1.5.7 bai (#3764) * [Update] 修复index页面Bug;修复测试资产用户可连接性问题; * [Update] 修改测试资产用户可连接 * [Bugfix] 修复backends问题 * [Update] 修改marksafe依赖版本 * [Update] 修改测试资产用户可连接性 * [Update] 修改检测服务器性能时获取percent值 * [Update] 更新依赖boto3=1.12.14 Co-authored-by: Yanzhe Lee <lee.yanzhe@yanzhe.org> Co-authored-by: BaiJiangJie <32935519+BaiJiangJie@users.noreply.github.com> Co-authored-by: Bai <bugatti_it@163.com>
120 lines
4.1 KiB
Python
120 lines
4.1 KiB
Python
# -*- coding: utf-8 -*-
|
|
#
|
|
import uuid
|
|
|
|
from django.shortcuts import get_object_or_404
|
|
from rest_framework.views import APIView, Response
|
|
from rest_framework.generics import (
|
|
ListAPIView, get_object_or_404, RetrieveAPIView
|
|
)
|
|
|
|
from common.permissions import IsOrgAdminOrAppUser, IsOrgAdmin
|
|
from common.utils import get_logger
|
|
from ...utils import (
|
|
AssetPermissionUtil
|
|
)
|
|
from ...hands import User, Asset, SystemUser
|
|
from ... import serializers
|
|
from ...models import Action
|
|
from .mixin import UserAssetPermissionMixin
|
|
|
|
logger = get_logger(__name__)
|
|
|
|
__all__ = [
|
|
'RefreshAssetPermissionCacheApi',
|
|
'UserGrantedAssetSystemUsersApi',
|
|
'ValidateUserAssetPermissionApi',
|
|
'GetUserAssetPermissionActionsApi',
|
|
]
|
|
|
|
|
|
class GetUserAssetPermissionActionsApi(UserAssetPermissionMixin,
|
|
RetrieveAPIView):
|
|
permission_classes = (IsOrgAdminOrAppUser,)
|
|
serializer_class = serializers.ActionsSerializer
|
|
|
|
def get_obj(self):
|
|
user_id = self.request.query_params.get('user_id', '')
|
|
user = get_object_or_404(User, id=user_id)
|
|
return user
|
|
|
|
def get_object(self):
|
|
asset_id = self.request.query_params.get('asset_id', '')
|
|
system_id = self.request.query_params.get('system_user_id', '')
|
|
|
|
try:
|
|
asset_id = uuid.UUID(asset_id)
|
|
system_id = uuid.UUID(system_id)
|
|
except ValueError:
|
|
return Response({'msg': False}, status=403)
|
|
|
|
asset = get_object_or_404(Asset, id=asset_id)
|
|
system_user = get_object_or_404(SystemUser, id=system_id)
|
|
|
|
system_users_actions = self.util.get_asset_system_users_id_with_actions(asset)
|
|
actions = system_users_actions.get(system_user.id)
|
|
return {"actions": actions}
|
|
|
|
|
|
class ValidateUserAssetPermissionApi(UserAssetPermissionMixin, APIView):
|
|
permission_classes = (IsOrgAdminOrAppUser,)
|
|
|
|
def get_cache_policy(self):
|
|
return 0
|
|
|
|
def get_obj(self):
|
|
user_id = self.request.query_params.get('user_id', '')
|
|
user = get_object_or_404(User, id=user_id)
|
|
return user
|
|
|
|
def get(self, request, *args, **kwargs):
|
|
asset_id = request.query_params.get('asset_id', '')
|
|
system_id = request.query_params.get('system_user_id', '')
|
|
action_name = request.query_params.get('action_name', '')
|
|
|
|
try:
|
|
asset_id = uuid.UUID(asset_id)
|
|
system_id = uuid.UUID(system_id)
|
|
except ValueError:
|
|
return Response({'msg': False}, status=403)
|
|
|
|
asset = get_object_or_404(Asset, id=asset_id)
|
|
system_user = get_object_or_404(SystemUser, id=system_id)
|
|
|
|
system_users_actions = self.util.get_asset_system_users_id_with_actions(asset)
|
|
actions = system_users_actions.get(system_user.id)
|
|
if actions is None:
|
|
return Response({'msg': False}, status=403)
|
|
if action_name in Action.value_to_choices(actions):
|
|
return Response({'msg': True}, status=200)
|
|
return Response({'msg': False}, status=403)
|
|
|
|
|
|
class RefreshAssetPermissionCacheApi(RetrieveAPIView):
|
|
permission_classes = (IsOrgAdmin,)
|
|
|
|
def retrieve(self, request, *args, **kwargs):
|
|
AssetPermissionUtil.expire_all_user_tree_cache()
|
|
return Response({'msg': True}, status=200)
|
|
|
|
|
|
class UserGrantedAssetSystemUsersApi(UserAssetPermissionMixin, ListAPIView):
|
|
permission_classes = (IsOrgAdminOrAppUser,)
|
|
serializer_class = serializers.AssetSystemUserSerializer
|
|
only_fields = serializers.AssetSystemUserSerializer.Meta.only_fields
|
|
|
|
def get_queryset(self):
|
|
asset_id = self.kwargs.get('asset_id')
|
|
asset = get_object_or_404(Asset, id=asset_id)
|
|
system_users_with_actions = self.util.get_asset_system_users_id_with_actions(asset)
|
|
system_users_id = system_users_with_actions.keys()
|
|
system_users = SystemUser.objects.filter(id__in=system_users_id)\
|
|
.only(*self.serializer_class.Meta.only_fields) \
|
|
.order_by('priority')
|
|
system_users = list(system_users)
|
|
for system_user in system_users:
|
|
actions = system_users_with_actions.get(system_user.id, 0)
|
|
system_user.actions = actions
|
|
return system_users
|
|
|