mirror of
https://github.com/jumpserver/jumpserver.git
synced 2026-04-06 04:13:02 +00:00
164f48e131
* [Update] 统一url地址 * [Update] 修改api * [Update] 使用规范的签名 * [Update] 修改url * [Update] 修改swagger * [Update] 添加serializer class避免报错 * [Update] 修改token * [Update] 支持api key * [Update] 支持生成api key * [Update] 修改api重定向 * [Update] 修改翻译 * [Update] 添加说明文档 * [Update] 修复浏览器关闭后session不失效的问题 * [Update] 修改一些内容 * [Update] 修改 jms脚本 * [Update] 修改重定向 * [Update] 修改搜索trim * [Update] 修改搜索trim * [Update] 添加sys log * [Bugfix] 修改登陆错误 * [Update] 优化User操作private_token的接口 (#3091) * [Update] 优化User操作private_token的接口 * [Update] 优化User操作private_token的接口 2 * [Bugfix] 解决授权了一个节点,当移动节点后,被移动的节点下的资产会放到未分组节点下的问题 * [Update] 升级jquery * [Update] 默认使用page * [Update] 修改使用Orgmodel view set * [Update] 支持 nv的硬盘 https://github.com/jumpserver/jumpserver/issues/1804 * [UPdate] 解决命令执行宽度问题 * [Update] 优化节点 * [Update] 修改nodes过多时创建比较麻烦 * [Update] 修改导入 * [Update] 节点获取更新 * [Update] 修改nodes * [Update] nodes显示full value * [Update] 统一使用nodes select2 函数 * [Update] 修改磁盘大小小数 * [Update] 修改 Node service * [Update] 优化授权节点 * [Update] 修改 node permission * [Update] 修改asset permission * [Stash] * [Update] 修改node assets api * [Update] 修改tree service,支持资产数量 * [Update] 修改暂时完成 * [Update] 修改一些bug
56 lines
2.1 KiB
Python
56 lines
2.1 KiB
Python
# -*- coding: utf-8 -*-
|
|
#
|
|
from rest_framework import viewsets
|
|
from rest_framework.exceptions import ValidationError
|
|
from django.db import transaction
|
|
from django.utils.translation import ugettext as _
|
|
from django.conf import settings
|
|
|
|
from orgs.mixins.api import RootOrgViewMixin
|
|
from common.permissions import IsValidUser
|
|
from perms.utils import AssetPermissionUtilV2
|
|
from ..models import CommandExecution
|
|
from ..serializers import CommandExecutionSerializer
|
|
from ..tasks import run_command_execution
|
|
|
|
|
|
class CommandExecutionViewSet(RootOrgViewMixin, viewsets.ModelViewSet):
|
|
serializer_class = CommandExecutionSerializer
|
|
permission_classes = (IsValidUser,)
|
|
|
|
def get_queryset(self):
|
|
return CommandExecution.objects.filter(
|
|
user_id=str(self.request.user.id)
|
|
)
|
|
|
|
def check_hosts(self, serializer):
|
|
data = serializer.validated_data
|
|
assets = data["hosts"]
|
|
system_user = data["run_as"]
|
|
util = AssetPermissionUtilV2(self.request.user)
|
|
util.filter_permissions(system_users=system_user.id)
|
|
permed_assets = util.get_assets().filter(id__in=[a.id for a in assets])
|
|
unpermed_assets = set(assets) - set(permed_assets)
|
|
if unpermed_assets:
|
|
msg = _("Not has host {} permission").format(
|
|
[str(a.id) for a in unpermed_assets]
|
|
)
|
|
raise ValidationError({"hosts": msg})
|
|
|
|
def check_permissions(self, request):
|
|
if not settings.SECURITY_COMMAND_EXECUTION and request.user.is_common_user:
|
|
return self.permission_denied(request, "Command execution disabled")
|
|
return super().check_permissions(request)
|
|
|
|
def perform_create(self, serializer):
|
|
self.check_hosts(serializer)
|
|
instance = serializer.save()
|
|
instance.user = self.request.user
|
|
instance.save()
|
|
cols = self.request.query_params.get("cols", '80')
|
|
rows = self.request.query_params.get("rows", '24')
|
|
transaction.on_commit(lambda: run_command_execution.apply_async(
|
|
args=(instance.id,), kwargs={"cols": cols, "rows": rows},
|
|
task_id=str(instance.id)
|
|
))
|