mirror of
https://github.com/jumpserver/jumpserver.git
synced 2026-01-17 07:58:52 +00:00
4944ac8e75
* [Update] 修改config * [Update] 移动存储设置到到terminal中 * [Update] 修改permission 查看 * [Update] pre merge * [Update] 录像存储 * [Update] 命令存储 * [Update] 添加存储测试可连接性 * [Update] 修改 meta 值的 key 为大写 * [Update] 修改 Terminal 相关 Storage 配置 * [Update] 删除之前获取录像/命令存储的代码 * [Update] 修改导入失败 * [Update] 迁移文件添加default存储 * [Update] 删除之前代码,添加help_text信息 * [Update] 删除之前代码 * [Update] 删除之前代码 * [Update] 抽象命令/录像存储 APIView * [Update] 抽象命令/录像存储 APIView 1 * [Update] 抽象命令/录像存储 DictField * [Update] 抽象命令/录像存储列表页面 * [Update] 修复CustomDictField的bug * [Update] RemoteApp 页面添加 hidden * [Update] 用户页面添加用户关联授权 * [Update] 修改存储测试可连接性 target * [Update] 修改配置 * [Update] 修改存储前端 Form 渲染逻辑 * [Update] 修改存储细节 * [Update] 统一存储类型到 const 文件 * [Update] 修改迁移文件及Model,创建默认存储 * [Update] 修改迁移文件及Model初始化默认数据 * [Update] 修改迁移文件 * [Update] 修改迁移文件 * [Update] 修改迁移文件 * [Update] 修改迁移文件 * [Update] 修改迁移文件 * [Update] 修改迁移文件 * [Update] 修改迁移文件 * [Update] 限制删除默认存储配置,只允许创建扩展的存储类型 * [Update] 修改ip字段长度 * [Update] 修改ip字段长度 * [Update] 修改一些css * [Update] 修改关联 * [Update] 添加操作日志定时清理 * [Update] 修改记录syslog的instance encoder * [Update] 忽略登录产生的操作日志 * [Update] 限制更新存储时不覆盖原有AK SK 等字段 * [Update] 修改迁移文件添加comment字段 * [Update] 修改迁移文件 * [Update] 添加 comment 字段 * [Update] 修改默认存储no -> null * [Update] 修改细节 * [Update] 更新翻译(存储配置 * [Update] 修改定时任务注册,修改系统用户资产、节点关系api * [Update] 添加监控磁盘任务 * [Update] 修改session * [Update] 拆分serializer * [Update] 还原setting原来的manager
212 lines
6.5 KiB
Python
212 lines
6.5 KiB
Python
import uuid
|
|
from django.conf import settings
|
|
|
|
from django.db import models
|
|
from django.utils.translation import ugettext_lazy as _
|
|
|
|
from common.utils import is_uuid, lazyproperty
|
|
|
|
|
|
class Organization(models.Model):
|
|
id = models.UUIDField(default=uuid.uuid4, primary_key=True)
|
|
name = models.CharField(max_length=128, unique=True, verbose_name=_("Name"))
|
|
users = models.ManyToManyField('users.User', related_name='related_user_orgs', blank=True)
|
|
admins = models.ManyToManyField('users.User', related_name='related_admin_orgs', blank=True)
|
|
auditors = models.ManyToManyField('users.User', related_name='related_audit_orgs', blank=True)
|
|
created_by = models.CharField(max_length=32, null=True, blank=True, verbose_name=_('Created by'))
|
|
date_created = models.DateTimeField(auto_now_add=True, null=True, blank=True, verbose_name=_('Date created'))
|
|
comment = models.TextField(max_length=128, default='', blank=True, verbose_name=_('Comment'))
|
|
|
|
orgs = None
|
|
CACHE_PREFIX = 'JMS_ORG_{}'
|
|
ROOT_ID = '00000000-0000-0000-0000-000000000000'
|
|
ROOT_NAME = 'ROOT'
|
|
DEFAULT_ID = 'DEFAULT'
|
|
DEFAULT_NAME = 'DEFAULT'
|
|
SYSTEM_ID = '00000000-0000-0000-0000-000000000002'
|
|
SYSTEM_NAME = 'SYSTEM'
|
|
_user_admin_orgs = None
|
|
|
|
class Meta:
|
|
verbose_name = _("Organization")
|
|
|
|
def __str__(self):
|
|
return self.name
|
|
|
|
def set_to_cache(self):
|
|
if self.__class__.orgs is None:
|
|
self.__class__.orgs = {}
|
|
self.__class__.orgs[str(self.id)] = self
|
|
|
|
def expire_cache(self):
|
|
self.__class__.orgs.pop(str(self.id), None)
|
|
|
|
@classmethod
|
|
def get_instance_from_cache(cls, oid):
|
|
if not cls.orgs or not isinstance(cls.orgs, dict):
|
|
return None
|
|
return cls.orgs.get(str(oid))
|
|
|
|
@classmethod
|
|
def get_instance(cls, id_or_name, default=False):
|
|
cached = cls.get_instance_from_cache(id_or_name)
|
|
if cached:
|
|
return cached
|
|
|
|
if id_or_name is None:
|
|
return cls.default() if default else None
|
|
elif id_or_name in [cls.DEFAULT_ID, cls.DEFAULT_NAME, '']:
|
|
return cls.default()
|
|
elif id_or_name in [cls.ROOT_ID, cls.ROOT_NAME]:
|
|
return cls.root()
|
|
elif id_or_name in [cls.SYSTEM_ID, cls.SYSTEM_NAME]:
|
|
return cls.system()
|
|
|
|
try:
|
|
if is_uuid(id_or_name):
|
|
org = cls.objects.get(id=id_or_name)
|
|
else:
|
|
org = cls.objects.get(name=id_or_name)
|
|
org.set_to_cache()
|
|
except cls.DoesNotExist:
|
|
org = cls.default() if default else None
|
|
return org
|
|
|
|
@lazyproperty
|
|
def org_users(self):
|
|
from users.models import User
|
|
if self.is_real():
|
|
return self.users.all()
|
|
users = User.objects.filter(role=User.ROLE_USER)
|
|
if self.is_default() and not settings.DEFAULT_ORG_SHOW_ALL_USERS:
|
|
users = users.filter(related_user_orgs__isnull=True)
|
|
return users
|
|
|
|
def get_org_users(self):
|
|
return self.org_users
|
|
|
|
@lazyproperty
|
|
def org_admins(self):
|
|
from users.models import User
|
|
if self.is_real():
|
|
return self.admins.all()
|
|
return User.objects.filter(role=User.ROLE_ADMIN)
|
|
|
|
def get_org_admins(self):
|
|
return self.org_admins
|
|
|
|
def org_id(self):
|
|
if self.is_real():
|
|
return self.id
|
|
elif self.is_root():
|
|
return None
|
|
else:
|
|
return ''
|
|
|
|
@lazyproperty
|
|
def org_auditors(self):
|
|
from users.models import User
|
|
if self.is_real():
|
|
return self.auditors.all()
|
|
return User.objects.filter(role=User.ROLE_AUDITOR)
|
|
|
|
def get_org_auditors(self):
|
|
return self.org_auditors
|
|
|
|
def get_org_members(self, exclude=()):
|
|
from users.models import User
|
|
members = User.objects.none()
|
|
if 'Admin' not in exclude:
|
|
members |= self.get_org_admins()
|
|
if 'User' not in exclude:
|
|
members |= self.get_org_users()
|
|
if 'Auditor' not in exclude:
|
|
members |= self.get_org_auditors()
|
|
return members.exclude(role=User.ROLE_APP).distinct()
|
|
|
|
def can_admin_by(self, user):
|
|
if user.is_superuser:
|
|
return True
|
|
if self.get_org_admins().filter(id=user.id):
|
|
return True
|
|
return False
|
|
|
|
def can_audit_by(self, user):
|
|
if user.is_super_auditor:
|
|
return True
|
|
if self.get_org_auditors().filter(id=user.id):
|
|
return True
|
|
return False
|
|
|
|
def can_user_by(self, user):
|
|
if self.get_org_users().filter(id=user.id):
|
|
return True
|
|
return False
|
|
|
|
def is_real(self):
|
|
return self.id not in (self.DEFAULT_NAME, self.ROOT_ID, self.SYSTEM_ID)
|
|
|
|
@classmethod
|
|
def get_user_admin_orgs(cls, user):
|
|
admin_orgs = []
|
|
if user.is_anonymous:
|
|
return admin_orgs
|
|
elif user.is_superuser:
|
|
admin_orgs = list(cls.objects.all())
|
|
admin_orgs.append(cls.default())
|
|
elif user.is_org_admin:
|
|
admin_orgs = user.related_admin_orgs.all()
|
|
return admin_orgs
|
|
|
|
@classmethod
|
|
def get_user_user_orgs(cls, user):
|
|
user_orgs = []
|
|
if user.is_anonymous:
|
|
return user_orgs
|
|
user_orgs = user.related_user_orgs.all()
|
|
return user_orgs
|
|
|
|
@classmethod
|
|
def get_user_audit_orgs(cls, user):
|
|
audit_orgs = []
|
|
if user.is_anonymous:
|
|
return audit_orgs
|
|
elif user.is_super_auditor:
|
|
audit_orgs = list(cls.objects.all())
|
|
audit_orgs.append(cls.default())
|
|
elif user.is_org_auditor:
|
|
audit_orgs = user.related_audit_orgs.all()
|
|
return audit_orgs
|
|
|
|
@classmethod
|
|
def get_user_admin_or_audit_orgs(self, user):
|
|
admin_orgs = self.get_user_admin_orgs(user)
|
|
audit_orgs = self.get_user_audit_orgs(user)
|
|
orgs = set(admin_orgs) | set(audit_orgs)
|
|
return orgs
|
|
|
|
@classmethod
|
|
def default(cls):
|
|
return cls(id=cls.DEFAULT_ID, name=cls.DEFAULT_NAME)
|
|
|
|
@classmethod
|
|
def root(cls):
|
|
return cls(id=cls.ROOT_ID, name=cls.ROOT_NAME)
|
|
|
|
@classmethod
|
|
def system(cls):
|
|
return cls(id=cls.SYSTEM_ID, name=cls.SYSTEM_NAME)
|
|
|
|
def is_root(self):
|
|
return self.id is self.ROOT_ID
|
|
|
|
def is_default(self):
|
|
return self.id is self.DEFAULT_ID
|
|
|
|
def is_system(self):
|
|
return self.id is self.SYSTEM_ID
|
|
|
|
def change_to(self):
|
|
from .utils import set_current_org
|
|
set_current_org(self)
|