feat: Implement secret readability control based on system settings

feat: Add permission check for reading account secrets based on system settings
2025-12-04 22:56:30 +00:00 · 2025-11-27 16:39:28 +08:00 · 2025-11-26 15:52:05 +08:00
9 changed files with 102 additions and 184 deletions
--- a/2
+++ b/2
@@ -1,4 +1,4 @@
-FROM jumpserver/lina-base:20251201_095403 AS stage-build
+FROM jumpserver/lina-base:20251105_092554 AS stage-build

 ARG VERSION
 ENV VERSION=$VERSION
--- a/package.json
+++ b/package.json
@@ -140,6 +140,5 @@
    "src/**/*.{js,vue}": [
      "eslint --fix"
    ]
-  },
-  "packageManager": "yarn@1.22.22+sha512.a6b2f7906b721bba3d67d4aff083df04dad64c399707841b7acf00f6b133b7ac24255f2652fa22ae3534329dc6180534e98d17432037ff6fd140556e2bb3137e"
+  }
 }
--- a/src/components/Apps/AccountListTable/ViewSecret.vue
+++ b/src/components/Apps/AccountListTable/ViewSecret.vue
@@ -62,6 +62,7 @@ import Dialog from '@/components/Dialog/index.vue'
 import PasswordHistoryDialog from './PasswordHistoryDialog.vue'
 import { SecretViewerFormatter } from '@/components/Table/TableFormatters'
 import { encryptPassword } from '@/utils/secure'
+import { mapGetters } from 'vuex'

 export default {
  name: 'ShowSecretInfo',
@@ -111,6 +112,9 @@ export default {
    }
  },
  computed: {
+    ...mapGetters({
+      publicSettings: 'publicSettings'
+    }),
    secretTypeLabel() {
      return this.account['secret_type'].label || 'Password'
    },
@@ -146,7 +150,11 @@ export default {
      })
    },
    showSecretDialog() {
-      return this.$axios.get(this.url, { disableFlashErrorMsg: true }).then((res) => {
+      if (!this.publicSettings.SECURITY_ACCOUNT_SECRET_READ) {
+        this.$message.warning(this.$tc('AccountSecretReadDisabled'))
+        return
+      }
+      return this.$axios.get(this.url).then((res) => {
        this.secretInfo = res
        this.sshKeyFingerprint = res?.spec_info?.ssh_key_fingerprint || '-'
        this.showSecret = true
@@ -167,54 +175,54 @@ export default {
 </script>

 <style lang="scss" scoped>
-  .item-textarea ::v-deep .el-textarea__inner {
-    height: 110px;
+.item-textarea ::v-deep .el-textarea__inner {
+  height: 110px;
+}
+
+.el-form-item {
+  border-bottom: 1px solid #EBEEF5;
+  padding: 5px 0;
+  margin-bottom: 0;
+
+  &:last-child {
+    border-bottom: none;
  }

-  .el-form-item {
-    border-bottom: 1px solid #EBEEF5;
-    padding: 5px 0;
-    margin-bottom: 0;
-
-    &:last-child {
-      border-bottom: none;
-    }
-
-    ::v-deep .el-form-item__label {
-      display: flex;
-      align-items: center;
-      justify-content: flex-start;
-      padding-right: 20px;
-      line-height: 30px;
-      word-break: keep-all;
-      overflow-wrap: break-word;
-      white-space: normal;
-    }
-
-    ::v-deep .el-form-item__content {
-      line-height: 30px;
-
-      pre {
-        margin: 0;
-      }
-    }
+  ::v-deep .el-form-item__label {
+    display: flex;
+    align-items: center;
+    justify-content: flex-start;
+    padding-right: 20px;
+    line-height: 30px;
+    word-break: keep-all;
+    overflow-wrap: break-word;
+    white-space: normal;
  }

-  ul {
-    margin: 0;
-  }
+  ::v-deep .el-form-item__content {
+    line-height: 30px;

-  li {
-    display: block;
-    font-size: 13px;
-    margin-bottom: 8px;
-    white-space: nowrap;
-    overflow: hidden;
-    text-overflow: ellipsis;
-
-    .title {
-      color: #303133;
-      font-weight: 500;
+    pre {
+      margin: 0;
    }
  }
+}
+
+ul {
+  margin: 0;
+}
+
+li {
+  display: block;
+  font-size: 13px;
+  margin-bottom: 8px;
+  white-space: nowrap;
+  overflow: hidden;
+  text-overflow: ellipsis;
+
+  .title {
+    color: #303133;
+    font-weight: 500;
+  }
+}
 </style>
--- a/src/components/Table/TableFormatters/SecretViewerFormatter.vue
+++ b/src/components/Table/TableFormatters/SecretViewerFormatter.vue
@@ -38,6 +38,7 @@
 <script>
 import { copy, downloadText } from '@/utils/common/index'
 import BaseFormatter from '@/components/Table/TableFormatters/base.vue'
+import { mapGetters } from 'vuex'

 export default {
  name: 'SecretViewerFormatter',
@@ -69,6 +70,9 @@ export default {
    }
  },
  computed: {
+    ...mapGetters({
+      publicSettings: 'publicSettings'
+    }),
    hasShow: function() {
      return this.formatterArgs.hasShow
    },
@@ -140,6 +144,10 @@ export default {
  },
  methods: {
    async getAccountSecret() {
+      if (!this.publicSettings.SECURITY_ACCOUNT_SECRET_READ) {
+        this.$message.warning(this.$tc('AccountSecretReadDisabled'))
+        return
+      }
      if (this.formatterArgs.secretFrom === 'cellValue' || this.getIt) {
        return
      }
@@ -178,48 +186,48 @@ export default {
 }
 </script>
 <style lang="scss" scoped>
-  .content {
-    display: inline-block;
-    width: 100%;
+.content {
+  display: inline-block;
+  width: 100%;
+  overflow: hidden;
+  //white-space: nowrap;
+  text-overflow: ellipsis;
+  font-size: 13px;
+
+  .text {
+    flex: 1;
+    display: inline;
+    margin: 0;
+    padding: 0;
    overflow: hidden;
-    //white-space: nowrap;
+    white-space: nowrap;
    text-overflow: ellipsis;
+  }
+
+  .action {
    font-size: 13px;
+    cursor: pointer;
+    margin-left: 1px;
+    display: inline;

-    .text {
-      flex: 1;
-      display: inline;
-      margin: 0;
-      padding: 0;
-      overflow: hidden;
-      white-space: nowrap;
-      text-overflow: ellipsis;
+    &.right {
+      float: right;
    }

-    .action {
-      font-size: 13px;
-      cursor: pointer;
-      margin-left: 1px;
-      display: inline;
+    .fa {
+      margin-right: 5px;

-      &.right {
-        float: right;
-      }
-
-      .fa {
-        margin-right: 5px;
-
-        &:hover {
-          color: var(--color-primary);
-        }
+      &:hover {
+        color: var(--color-primary);
      }
    }
  }
+}

-  .edit-input ::v-deep input {
-    border-left: none;
-    border-right: none;
-    border-top: none;
-    height: 30px;
-  }
+.edit-input ::v-deep input {
+  border-left: none;
+  border-right: none;
+  border-top: none;
+  height: 30px;
+}
 </style>
--- a/src/icons/svg/access-token.svg
+++ b/src/icons/svg/access-token.svg
@@ -1 +0,0 @@
-<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><!--!Font Awesome Free v5.15.4 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free Copyright 2025 Fonticons, Inc.--><path d="M512 176.001C512 273.203 433.202 352 336 352c-11.22 0-22.19-1.062-32.827-3.069l-24.012 27.014A23.999 23.999 0 0 1 261.223 384H224v40c0 13.255-10.745 24-24 24h-40v40c0 13.255-10.745 24-24 24H24c-13.255 0-24-10.745-24-24v-78.059c0-6.365 2.529-12.47 7.029-16.971l161.802-161.802C163.108 213.814 160 195.271 160 176 160 78.798 238.797.001 335.999 0 433.488-.001 512 78.511 512 176.001zM336 128c0 26.51 21.49 48 48 48s48-21.49 48-48-21.49-48-48-48-48 21.49-48 48z"/></svg>
--- a/src/router/profile/index.js
+++ b/src/router/profile/index.js
@@ -123,16 +123,6 @@ export default {
        permissions: ['authentication.view_connectiontoken']
      }
    },
-    {
-      path: '/profile/access-token',
-      component: () => import('@/views/profile/AccessToken'),
-      name: 'AccessToken',
-      meta: {
-        title: i18n.t('AccessToken'),
-        icon: 'access-token',
-        permissions: ['oauth2_provider.view_accesstoken']
-      }
-    },
    {
      path: '/profile/preferences',
      name: 'Preferences',
--- a/src/views/assets/Cloud/Account/components/AssetPanel.vue
+++ b/src/views/assets/Cloud/Account/components/AssetPanel.vue
@@ -77,7 +77,7 @@ export default {
            [this.$tc('Platform'), 'platform'],
            [this.$tc('Node'), 'node'],
            [this.$tc('Protocol'), 'protocols'],
-            [this.$tc('Region'), 'region_name']
+            [this.$tc('Region'), 'region_id']
          ],
          data: []
        },
@@ -124,7 +124,7 @@ export default {
      this.ws.onmessage = e => {
        const data = JSON.parse(e.data)
        if (data.action === 'sync_region') {
-          this.addRegion(data.id, data.name)
+          this.addRegion(data.region_id)
        } else if (data.action === 'import') {
          data['@status'] = 'pending'
          this.$refs.importTable.addTableItem(data)
@@ -140,10 +140,10 @@ export default {
        }
      }
    },
-    addRegion(regionId, regionName) {
-      if (!this.alreadySync.includes(regionId)) {
-        this.alreadySync.push(regionId)
-        this.tip = `${this.$t('SyncRegion')}: ${regionName}`
+    addRegion(region) {
+      if (!this.alreadySync.includes(region)) {
+        this.alreadySync.push(region)
+        this.tip = `${this.$t('SyncRegion')}: ${this.alreadySync.at(-1)}`
      }
    },
    showResult() {
--- a/src/views/assets/Cloud/const.js
+++ b/src/views/assets/Cloud/const.js
@@ -17,8 +17,6 @@ export const ucloud = 'ucloud'

 export const volcengine = 'volcengine'

-export const ctyun = 'ctyun'
-
 export const qingcloud_private = 'qingcloud_private'
 export const huaweicloud_private = 'huaweicloud_private'
 export const ctyun_private = 'ctyun_private'
@@ -48,8 +46,7 @@ export const publicHostProviders = [
  gcp,
  ucloud,
  volcengine,
-  smartx,
-  ctyun
+  smartx
 ]

 export const publicDBProviders = [aliyun]
@@ -144,12 +141,6 @@ export const ACCOUNT_PROVIDER_ATTRS_MAP = {
    attrs: ['access_key_id', 'access_key_secret'],
    image: require('@/assets/img/cloud/volcengine.svg')
  },
-  [ctyun]: {
-    name: ctyun,
-    title: i18n.t('CTYun'),
-    attrs: ['access_key_id', 'access_key_secret', 'project_id'],
-    image: require('@/assets/img/cloud/state.svg')
-  },
  [vmware]: {
    name: vmware,
    title: 'VMware',
--- a/src/views/profile/AccessToken.vue
+++ b/src/views/profile/AccessToken.vue
@@ -1,77 +0,0 @@
-<template>
-  <GenericListPage
-    ref="GenericListTable"
-    :header-actions="headerActions"
-    :help-tip="helpMessage"
-    :table-config="tableConfig"
-  />
-</template>
-
-<script>
-import { GenericListPage } from '@/layout/components'
-
-export default {
-  components: {
-    GenericListPage
-  },
-  data() {
-    const ajaxUrl = '/api/v1/authentication/access-tokens/'
-    return {
-      helpMessage: this.$t('AccessTokenTip'),
-      tableConfig: {
-        hasSelection: false,
-        url: ajaxUrl,
-        columns: [
-          'token_preview', 'scope', 'is_valid', 'expires', 'updated', 'created', 'actions'
-        ],
-        columnsMeta: {
-          actions: {
-            prop: '',
-            formatterArgs: {
-              hasUpdate: false,
-              hasClone: false,
-              hasDelete: false,
-              extraActions: [
-                {
-                  name: 'Revoke',
-                  title: this.$t('Revoke'),
-                  can: ({ row }) => this.$hasPerm('oauth2_provider.delete_accesstoken'),
-                  type: 'info',
-                  callback: function({ row }) {
-                    this.$axios.delete(`${ajaxUrl}${row.id}/revoke/`,
-                    ).then(res => {
-                      this.reloadTable()
-                      this.$message.success(this.$tc('UpdateSuccessMsg'))
-                    }).catch(error => {
-                      this.$message.error(this.$tc('UpdateErrorMsg' + ' ' + error))
-                    })
-                  }.bind(this)
-                }
-              ]
-            }
-          }
-        }
-      },
-      headerActions: {
-        hasLeftActions: false,
-        hasSearch: false,
-        hasRightActions: true,
-        hasRefresh: true,
-        hasExport: false,
-        hasImport: false,
-        hasBulkDelete: false,
-        hasCreate: false,
-        extraActions: []
-      }
-    }
-  },
-  methods: {
-    reloadTable() {
-      this.$refs.GenericListTable.reloadTable()
-    }
-  }
-}
-</script>
-
-<style scoped>
-</style>
Author	SHA1	Message	Date
w940853815	ee4f47a53a	feat: Implement secret readability control based on system settings	2025-11-27 16:39:28 +08:00
w940853815	b11f99345f	feat: Add permission check for reading account secrets based on system settings	2025-11-26 15:52:05 +08:00
				`@@ -1 +0,0 @@`
				<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><!--!Font Awesome Free v5.15.4 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free Copyright 2025 Fonticons, Inc.--><path d="M512 176.001C512 273.203 433.202 352 336 352c-11.22 0-22.19-1.062-32.827-3.069l-24.012 27.014A23.999 23.999 0 0 1 261.223 384H224v40c0 13.255-10.745 24-24 24h-40v40c0 13.255-10.745 24-24 24H24c-13.255 0-24-10.745-24-24v-78.059c0-6.365 2.529-12.47 7.029-16.971l161.802-161.802C163.108 213.814 160 195.271 160 176 160 78.798 238.797.001 335.999 0 433.488-.001 512 78.511 512 176.001zM336 128c0 26.51 21.49 48 48 48s48-21.49 48-48-21.49-48-48-48-48 21.49-48 48z"/></svg>