mirror of
https://github.com/jumpserver/jumpserver.git
synced 2026-01-17 07:58:52 +00:00
4944ac8e75
* [Update] 修改config * [Update] 移动存储设置到到terminal中 * [Update] 修改permission 查看 * [Update] pre merge * [Update] 录像存储 * [Update] 命令存储 * [Update] 添加存储测试可连接性 * [Update] 修改 meta 值的 key 为大写 * [Update] 修改 Terminal 相关 Storage 配置 * [Update] 删除之前获取录像/命令存储的代码 * [Update] 修改导入失败 * [Update] 迁移文件添加default存储 * [Update] 删除之前代码,添加help_text信息 * [Update] 删除之前代码 * [Update] 删除之前代码 * [Update] 抽象命令/录像存储 APIView * [Update] 抽象命令/录像存储 APIView 1 * [Update] 抽象命令/录像存储 DictField * [Update] 抽象命令/录像存储列表页面 * [Update] 修复CustomDictField的bug * [Update] RemoteApp 页面添加 hidden * [Update] 用户页面添加用户关联授权 * [Update] 修改存储测试可连接性 target * [Update] 修改配置 * [Update] 修改存储前端 Form 渲染逻辑 * [Update] 修改存储细节 * [Update] 统一存储类型到 const 文件 * [Update] 修改迁移文件及Model,创建默认存储 * [Update] 修改迁移文件及Model初始化默认数据 * [Update] 修改迁移文件 * [Update] 修改迁移文件 * [Update] 修改迁移文件 * [Update] 修改迁移文件 * [Update] 修改迁移文件 * [Update] 修改迁移文件 * [Update] 修改迁移文件 * [Update] 限制删除默认存储配置,只允许创建扩展的存储类型 * [Update] 修改ip字段长度 * [Update] 修改ip字段长度 * [Update] 修改一些css * [Update] 修改关联 * [Update] 添加操作日志定时清理 * [Update] 修改记录syslog的instance encoder * [Update] 忽略登录产生的操作日志 * [Update] 限制更新存储时不覆盖原有AK SK 等字段 * [Update] 修改迁移文件添加comment字段 * [Update] 修改迁移文件 * [Update] 添加 comment 字段 * [Update] 修改默认存储no -> null * [Update] 修改细节 * [Update] 更新翻译(存储配置 * [Update] 修改定时任务注册,修改系统用户资产、节点关系api * [Update] 添加监控磁盘任务 * [Update] 修改session * [Update] 拆分serializer * [Update] 还原setting原来的manager
185 lines
6.1 KiB
Python
185 lines
6.1 KiB
Python
# -*- coding: utf-8 -*-
|
|
#
|
|
|
|
from rest_framework.response import Response
|
|
from rest_framework import generics
|
|
from rest_framework import filters
|
|
from rest_framework_bulk import BulkModelViewSet
|
|
from django.shortcuts import get_object_or_404
|
|
from django.http import Http404
|
|
from django.conf import settings
|
|
|
|
from common.permissions import IsOrgAdminOrAppUser, NeedMFAVerify
|
|
from common.utils import get_object_or_none, get_logger
|
|
from common.mixins import CommonApiMixin
|
|
from ..backends import AssetUserManager
|
|
from ..models import Asset, Node, SystemUser, AdminUser
|
|
from .. import serializers
|
|
from ..tasks import test_asset_users_connectivity_manual
|
|
|
|
|
|
__all__ = [
|
|
'AssetUserViewSet', 'AssetUserAuthInfoApi', 'AssetUserTestConnectiveApi',
|
|
'AssetUserExportViewSet',
|
|
]
|
|
|
|
|
|
logger = get_logger(__name__)
|
|
|
|
|
|
class AssetUserFilterBackend(filters.BaseFilterBackend):
|
|
def filter_queryset(self, request, queryset, view):
|
|
kwargs = {}
|
|
for field in view.filter_fields:
|
|
value = request.GET.get(field)
|
|
if not value:
|
|
continue
|
|
if field in ("node_id", "system_user_id", "admin_user_id"):
|
|
continue
|
|
kwargs[field] = value
|
|
return queryset.filter(**kwargs)
|
|
|
|
|
|
class AssetUserSearchBackend(filters.BaseFilterBackend):
|
|
def filter_queryset(self, request, queryset, view):
|
|
value = request.GET.get('search')
|
|
if not value:
|
|
return queryset
|
|
_queryset = AssetUserManager.none()
|
|
for field in view.search_fields:
|
|
if field in ("node_id", "system_user_id", "admin_user_id"):
|
|
continue
|
|
_queryset |= queryset.filter(**{field: value})
|
|
return _queryset.distinct()
|
|
|
|
|
|
class AssetUserViewSet(CommonApiMixin, BulkModelViewSet):
|
|
serializer_class = serializers.AssetUserSerializer
|
|
permission_classes = [IsOrgAdminOrAppUser]
|
|
http_method_names = ['get', 'post']
|
|
filter_fields = [
|
|
"id", "ip", "hostname", "username", "asset_id", "node_id",
|
|
"system_user_id", "admin_user_id"
|
|
]
|
|
search_fields = filter_fields
|
|
filter_backends = (
|
|
filters.OrderingFilter,
|
|
AssetUserFilterBackend, AssetUserSearchBackend,
|
|
)
|
|
|
|
def allow_bulk_destroy(self, qs, filtered):
|
|
return False
|
|
|
|
def get_queryset(self):
|
|
# 尽可能先返回更少的数据
|
|
username = self.request.GET.get('username')
|
|
asset_id = self.request.GET.get('asset_id')
|
|
node_id = self.request.GET.get('node_id')
|
|
admin_user_id = self.request.GET.get("admin_user_id")
|
|
system_user_id = self.request.GET.get("system_user_id")
|
|
|
|
kwargs = {}
|
|
assets = None
|
|
|
|
manager = AssetUserManager()
|
|
if system_user_id:
|
|
system_user = get_object_or_404(SystemUser, id=system_user_id)
|
|
assets = system_user.get_all_assets()
|
|
username = system_user.username
|
|
elif admin_user_id:
|
|
admin_user = get_object_or_404(AdminUser, id=admin_user_id)
|
|
assets = admin_user.assets.all()
|
|
username = admin_user.username
|
|
manager.prefer('admin_user')
|
|
|
|
if asset_id:
|
|
asset = get_object_or_404(Asset, id=asset_id)
|
|
assets = [asset]
|
|
elif node_id:
|
|
node = get_object_or_404(Node, id=node_id)
|
|
assets = node.get_all_assets()
|
|
|
|
if username:
|
|
kwargs['username'] = username
|
|
if assets is not None:
|
|
kwargs['assets'] = assets
|
|
|
|
queryset = manager.filter(**kwargs)
|
|
return queryset
|
|
|
|
|
|
class AssetUserExportViewSet(AssetUserViewSet):
|
|
serializer_class = serializers.AssetUserExportSerializer
|
|
http_method_names = ['get']
|
|
permission_classes = [IsOrgAdminOrAppUser]
|
|
|
|
def get_permissions(self):
|
|
if settings.SECURITY_VIEW_AUTH_NEED_MFA:
|
|
self.permission_classes = [IsOrgAdminOrAppUser, NeedMFAVerify]
|
|
return super().get_permissions()
|
|
|
|
|
|
class AssetUserAuthInfoApi(generics.RetrieveAPIView):
|
|
serializer_class = serializers.AssetUserAuthInfoSerializer
|
|
permission_classes = [IsOrgAdminOrAppUser]
|
|
|
|
def get_permissions(self):
|
|
if settings.SECURITY_VIEW_AUTH_NEED_MFA:
|
|
self.permission_classes = [IsOrgAdminOrAppUser, NeedMFAVerify]
|
|
return super().get_permissions()
|
|
|
|
def get_object(self):
|
|
query_params = self.request.query_params
|
|
username = query_params.get('username')
|
|
asset_id = query_params.get('asset_id')
|
|
prefer = query_params.get("prefer")
|
|
asset = get_object_or_none(Asset, pk=asset_id)
|
|
try:
|
|
manger = AssetUserManager()
|
|
instance = manger.get(username, asset, prefer=prefer)
|
|
except Exception as e:
|
|
raise Http404("Not found")
|
|
else:
|
|
return instance
|
|
|
|
|
|
class AssetUserTestConnectiveApi(generics.RetrieveAPIView):
|
|
"""
|
|
Test asset users connective
|
|
"""
|
|
permission_classes = (IsOrgAdminOrAppUser,)
|
|
serializer_class = serializers.TaskIDSerializer
|
|
|
|
def get_asset_users(self):
|
|
username = self.request.GET.get('username')
|
|
asset_id = self.request.GET.get('asset_id')
|
|
prefer = self.request.GET.get("prefer")
|
|
asset = get_object_or_none(Asset, pk=asset_id)
|
|
manager = AssetUserManager()
|
|
asset_users = manager.filter(username=username, assets=[asset], prefer=prefer)
|
|
return asset_users
|
|
|
|
def retrieve(self, request, *args, **kwargs):
|
|
asset_users = self.get_asset_users()
|
|
prefer = self.request.GET.get("prefer")
|
|
kwargs = {}
|
|
if prefer == "admin_user":
|
|
kwargs["run_as_admin"] = True
|
|
task = test_asset_users_connectivity_manual.delay(asset_users, **kwargs)
|
|
return Response({"task": task.id})
|
|
|
|
|
|
class AssetUserPushApi(generics.CreateAPIView):
|
|
"""
|
|
Test asset users connective
|
|
"""
|
|
serializer_class = serializers.AssetUserPushSerializer
|
|
permission_classes = (IsOrgAdminOrAppUser,)
|
|
|
|
def create(self, request, *args, **kwargs):
|
|
serializer = self.get_serializer(data=request.data)
|
|
serializer.is_valid(raise_exception=True)
|
|
asset = serializer.validated_data["asset"]
|
|
username = serializer.validated_data["username"]
|
|
pass
|