jumpserver/apps/audits/api.py

# -*- coding: utf-8 -*-
#
from rest_framework.mixins import ListModelMixin, CreateModelMixin
from django.db.models import F, Value
from django.db.models.functions import Concat

from common.permissions import IsOrgAdminOrAppUser, IsOrgAuditor, IsOrgAdmin
from common.drf.filters import DatetimeRangeFilter
from common.api import CommonGenericViewSet
from orgs.mixins.api import OrgGenericViewSet, OrgBulkModelViewSet, OrgRelationMixin
from orgs.utils import current_org
from ops.models import CommandExecution
from .models import FTPLog, UserLoginLog, OperateLog, PasswordChangeLog
from .serializers import FTPLogSerializer, UserLoginLogSerializer, CommandExecutionSerializer
from .serializers import OperateLogSerializer, PasswordChangeLogSerializer, CommandExecutionHostsRelationSerializer


class FTPLogViewSet(CreateModelMixin,
                    ListModelMixin,
                    OrgGenericViewSet):
    model = FTPLog
    serializer_class = FTPLogSerializer
    permission_classes = (IsOrgAdminOrAppUser | IsOrgAuditor,)
    extra_filter_backends = [DatetimeRangeFilter]
    date_range_filter_fields = [
        ('date_start', ('date_from', 'date_to'))
    ]
    filterset_fields = ['user', 'asset', 'system_user', 'filename']
    search_fields = filterset_fields
    ordering = ['-date_start']


class UserLoginLogViewSet(ListModelMixin, CommonGenericViewSet):
    queryset = UserLoginLog.objects.all()
    permission_classes = [IsOrgAdmin | IsOrgAuditor]
    serializer_class = UserLoginLogSerializer
    extra_filter_backends = [DatetimeRangeFilter]
    date_range_filter_fields = [
        ('datetime', ('date_from', 'date_to'))
    ]
    filterset_fields = ['username', 'ip', 'city', 'type', 'status', 'mfa']
    search_fields =['username', 'ip', 'city']

    @staticmethod
    def get_org_members():
        users = current_org.get_members().values_list('username', flat=True)
        return users

    def get_queryset(self):
        queryset = super().get_queryset()
        if not current_org.is_default():
            users = self.get_org_members()
            queryset = queryset.filter(username__in=users)
        return queryset


class OperateLogViewSet(ListModelMixin, OrgGenericViewSet):
    model = OperateLog
    serializer_class = OperateLogSerializer
    permission_classes = [IsOrgAdmin | IsOrgAuditor]
    extra_filter_backends = [DatetimeRangeFilter]
    date_range_filter_fields = [
        ('datetime', ('date_from', 'date_to'))
    ]
    filterset_fields = ['user', 'action', 'resource_type', 'resource', 'remote_addr']
    search_fields = ['resource']
    ordering = ['-datetime']


class PasswordChangeLogViewSet(ListModelMixin, CommonGenericViewSet):
    queryset = PasswordChangeLog.objects.all()
    permission_classes = [IsOrgAdmin | IsOrgAuditor]
    serializer_class = PasswordChangeLogSerializer
    extra_filter_backends = [DatetimeRangeFilter]
    date_range_filter_fields = [
        ('datetime', ('date_from', 'date_to'))
    ]
    filterset_fields = ['user', 'change_by', 'remote_addr']
    ordering = ['-datetime']

    def get_queryset(self):
        users = current_org.get_members()
        queryset = super().get_queryset().filter(
            user__in=[user.__str__() for user in users]
        )
        return queryset


class CommandExecutionViewSet(ListModelMixin, OrgGenericViewSet):
    model = CommandExecution
    serializer_class = CommandExecutionSerializer
    permission_classes = [IsOrgAdmin | IsOrgAuditor]
    extra_filter_backends = [DatetimeRangeFilter]
    date_range_filter_fields = [
        ('date_start', ('date_from', 'date_to'))
    ]
    filterset_fields = ['user__name', 'command', 'run_as__name', 'is_finished']
    search_fields = ['command', 'user__name', 'run_as__name']
    ordering = ['-date_created']

    def get_queryset(self):
        queryset = super().get_queryset()
        queryset = queryset.filter(run_as__org_id=current_org.org_id())
        return queryset


class CommandExecutionHostRelationViewSet(OrgRelationMixin, OrgBulkModelViewSet):
    serializer_class = CommandExecutionHostsRelationSerializer
    m2m_field = CommandExecution.hosts.field
    permission_classes = [IsOrgAdmin | IsOrgAuditor]
    filterset_fields = [
        'id', 'asset', 'commandexecution'
    ]
    search_fields = ('asset__hostname', )
    http_method_names = ['options', 'get']

    def get_queryset(self):
        queryset = super().get_queryset()
        queryset = queryset.annotate(
            asset_display=Concat(
                F('asset__hostname'), Value('('),
                F('asset__ip'), Value(')')
            )
        )
        return queryset
[Update] 添加审计模块 2018-04-06 03:27:52 +00:00			`# -- coding: utf-8 --`
			`#`
[Fix] 日志审计/FTP日志 (#4109) 2020-06-16 08:33:53 +00:00			`from rest_framework.mixins import ListModelMixin, CreateModelMixin`
feat: 添加批量命令的relation 2020-06-04 12:00:39 +00:00			`from django.db.models import F, Value`
			`from django.db.models.functions import Concat`
[Update] 添加审计模块 2018-04-06 03:27:52 +00:00
[feature] 添加 login-logs API 2020-04-29 11:05:56 +00:00			`from common.permissions import IsOrgAdminOrAppUser, IsOrgAuditor, IsOrgAdmin`
修改批量命令的api 2020-06-05 06:20:34 +00:00			`from common.drf.filters import DatetimeRangeFilter`
[Add] audits apis 2020-05-08 08:48:26 +00:00			`from common.api import CommonGenericViewSet`
feat: 添加批量命令的relation 2020-06-04 12:00:39 +00:00			`from orgs.mixins.api import OrgGenericViewSet, OrgBulkModelViewSet, OrgRelationMixin`
[feature] 添加 login-logs API 2020-04-29 11:05:56 +00:00			`from orgs.utils import current_org`
[Add] audits apis 2020-05-08 08:48:26 +00:00			`from ops.models import CommandExecution`
			`from .models import FTPLog, UserLoginLog, OperateLog, PasswordChangeLog`
			`from .serializers import FTPLogSerializer, UserLoginLogSerializer, CommandExecutionSerializer`
feat: 添加批量命令的relation 2020-06-04 12:00:39 +00:00			`from .serializers import OperateLogSerializer, PasswordChangeLogSerializer, CommandExecutionHostsRelationSerializer`
[Update] 添加审计模块 2018-04-06 03:27:52 +00:00

[Fix] 日志审计/FTP日志 (#4109) 2020-06-16 08:33:53 +00:00			`class FTPLogViewSet(CreateModelMixin,`
			`ListModelMixin,`
			`OrgGenericViewSet):`
Asset favor (#3352) * [Update] 拆分filter org * [Update] 修改session支持protocol搜索 * [Bugfix] 修复判断问题 * [Update] 支持收藏资产 * [update] 修改org resource queryset * [Update] 修改form serializer 对应的多对多字段 * [Bugfix] 修复其他组织取消收藏的bug * [Update] 去掉debug信息 * [Update] 修改remote app get queryset * [Update] 修改remote app get queryset * [Update] 修改没有授权时显示情况 * [Bugfix] 修复组织管理员查看用户权限失败问题 * [Update] 优化forms assets queryset设置 2019-10-18 07:05:45 +00:00			`model = FTPLog`
[Update] 添加审计模块 2018-04-06 03:27:52 +00:00			`serializer_class = FTPLogSerializer`
超级管理员可创建超级审计员并可设置审计员为组织审计员 (#3141) * [Update] 超级管理员可创建超级审计员并可设置审计员为组织审计员 * [Update] 修改小问题 * [Update] 修改普通用户角色可以是组织审计员 * [Update] 更改组织审计员切换组织问题 * [Update] 修改小问题 * [Update] 普通用户是组织审计员的页面左侧栏显示 * [Update] 修改删除权限问题和组织显示问题 * [Update] 优化逻辑 * [Update] 优化类名 * [Update] 修改小问题 * [Update] 优化逻辑 * [Update] 优化切换到某一个组织逻辑 * [Update] 修改用户详情页的删除/更新按钮是否可点击 * [Update] 优化代码 * [Update] 组织管理列表增加审计员显示 * [Update] 优化代码细节 * [Update] 优化权限类逻辑 * [Update] 优化导航菜单控制 * [Update] 优化页面控制逻辑 * [Update] 修改变量名错误问题 * [Update] 修改页面上的小问题 * [Update] 审计员或组织审计员能够更新个人部分信息 * [Update] 用户名为admin的用户不能被删除 * [Update] 不同用户在不同组织下扮演不同角色的权限不同，为了避免切换组织时出现403,重定向到index * [Update] 一个用户在同一个组织既是管理员又是审计员，隐藏个人信息模块，仅当是审计员，在当前组织显示个人信息模块 * [Update] 修改方法命名 * [Update] 优化代码细节 * [Update] 修改命令执行列表方法 * [Update] 优化用户之间操作的权限逻辑；添加 UserModel 的 property 属性；修改 Organization 的 related name 名称； * [Update] 修改OrgProcessor Anonymous问题 * [Update] 修改用户序列类校验组织和转换raw密码的逻辑 2019-09-12 10:56:26 +00:00			`permission_classes = (IsOrgAdminOrAppUser \| IsOrgAuditor,)`
[Add] ftp-logs api 2020-05-08 04:46:18 +00:00			`extra_filter_backends = [DatetimeRangeFilter]`
			`date_range_filter_fields = [`
			`('date_start', ('date_from', 'date_to'))`
			`]`
perf(api): filter_fields被filterset_fields取代 https://django-filter.readthedocs.io/en/stable/guide/migration.html 2021-01-07 02:53:10 +00:00			`filterset_fields = ['user', 'asset', 'system_user', 'filename']`
			`search_fields = filterset_fields`
fix:修改 ftp 日志按开始日期排序 2020-06-23 10:24:45 +00:00			`ordering = ['-date_start']`
[feature] 添加 login-logs API 2020-04-29 11:05:56 +00:00

feat: 修改filterset_fields => filter_fields，option方法不支持filterset 2020-06-02 12:02:22 +00:00			`class UserLoginLogViewSet(ListModelMixin, CommonGenericViewSet):`
[feature] 添加 login-logs API 2020-04-29 11:05:56 +00:00			`queryset = UserLoginLog.objects.all()`
			`permission_classes = [IsOrgAdmin \| IsOrgAuditor]`
			`serializer_class = UserLoginLogSerializer`
			`extra_filter_backends = [DatetimeRangeFilter]`
			`date_range_filter_fields = [`
			`('datetime', ('date_from', 'date_to'))`
			`]`
perf(api): filter_fields被filterset_fields取代 https://django-filter.readthedocs.io/en/stable/guide/migration.html 2021-01-07 02:53:10 +00:00			`filterset_fields = ['username', 'ip', 'city', 'type', 'status', 'mfa']`
feat: audits中添加id字段 2020-06-02 07:41:27 +00:00			`search_fields =['username', 'ip', 'city']`
[feature] 添加 login-logs API 2020-04-29 11:05:56 +00:00
			`@staticmethod`
			`def get_org_members():`
refactor(orgs): 重构组织表结构 2020-07-20 02:42:22 +00:00			`users = current_org.get_members().values_list('username', flat=True)`
[feature] 添加 login-logs API 2020-04-29 11:05:56 +00:00			`return users`

			`def get_queryset(self):`
			`queryset = super().get_queryset()`
			`if not current_org.is_default():`
			`users = self.get_org_members()`
			`queryset = queryset.filter(username__in=users)`
			`return queryset`
[Add] audits apis 2020-05-08 08:48:26 +00:00

			`class OperateLogViewSet(ListModelMixin, OrgGenericViewSet):`
			`model = OperateLog`
			`serializer_class = OperateLogSerializer`
			`permission_classes = [IsOrgAdmin \| IsOrgAuditor]`
			`extra_filter_backends = [DatetimeRangeFilter]`
			`date_range_filter_fields = [`
			`('datetime', ('date_from', 'date_to'))`
			`]`
perf(api): filter_fields被filterset_fields取代 https://django-filter.readthedocs.io/en/stable/guide/migration.html 2021-01-07 02:53:10 +00:00			`filterset_fields = ['user', 'action', 'resource_type', 'resource', 'remote_addr']`
feat: audits中添加id字段 2020-06-02 07:41:27 +00:00			`search_fields = ['resource']`
[Fix] 日志审计日期过滤与排序bug (#4063) 2020-06-02 07:40:07 +00:00			`ordering = ['-datetime']`
[Add] audits apis 2020-05-08 08:48:26 +00:00

			`class PasswordChangeLogViewSet(ListModelMixin, CommonGenericViewSet):`
			`queryset = PasswordChangeLog.objects.all()`
			`permission_classes = [IsOrgAdmin \| IsOrgAuditor]`
			`serializer_class = PasswordChangeLogSerializer`
			`extra_filter_backends = [DatetimeRangeFilter]`
			`date_range_filter_fields = [`
			`('datetime', ('date_from', 'date_to'))`
			`]`
perf(api): filter_fields被filterset_fields取代 https://django-filter.readthedocs.io/en/stable/guide/migration.html 2021-01-07 02:53:10 +00:00			`filterset_fields = ['user', 'change_by', 'remote_addr']`
[Fix] 日志审计日期过滤与排序bug (#4063) 2020-06-02 07:40:07 +00:00			`ordering = ['-datetime']`
[Add] audits apis 2020-05-08 08:48:26 +00:00
			`def get_queryset(self):`
refactor(orgs): 重构组织表结构 2020-07-20 02:42:22 +00:00			`users = current_org.get_members()`
[Add] audits apis 2020-05-08 08:48:26 +00:00			`queryset = super().get_queryset().filter(`
			`user__in=[user.__str__() for user in users]`
			`)`
			`return queryset`


			`class CommandExecutionViewSet(ListModelMixin, OrgGenericViewSet):`
			`model = CommandExecution`
			`serializer_class = CommandExecutionSerializer`
			`permission_classes = [IsOrgAdmin \| IsOrgAuditor]`
修改批量命令的api 2020-06-05 06:20:34 +00:00			`extra_filter_backends = [DatetimeRangeFilter]`
[Add] audits apis 2020-05-08 08:48:26 +00:00			`date_range_filter_fields = [`
			`('date_start', ('date_from', 'date_to'))`
			`]`
perf(api): filter_fields被filterset_fields取代 https://django-filter.readthedocs.io/en/stable/guide/migration.html 2021-01-07 02:53:10 +00:00			`filterset_fields = ['user__name', 'command', 'run_as__name', 'is_finished']`
feat: command exexution audit log的搜索 2020-06-05 06:07:23 +00:00			`search_fields = ['command', 'user__name', 'run_as__name']`
[Fix] 日志审计日期过滤与排序bug (#4063) 2020-06-02 07:40:07 +00:00			`ordering = ['-date_created']`
feat: 添加批量命令的relation 2020-06-04 12:00:39 +00:00
修改批量命令的api 2020-06-05 06:20:34 +00:00			`def get_queryset(self):`
			`queryset = super().get_queryset()`
			`queryset = queryset.filter(run_as__org_id=current_org.org_id())`
			`return queryset`

feat: 添加批量命令的relation 2020-06-04 12:00:39 +00:00
			`class CommandExecutionHostRelationViewSet(OrgRelationMixin, OrgBulkModelViewSet):`
			`serializer_class = CommandExecutionHostsRelationSerializer`
			`m2m_field = CommandExecution.hosts.field`
fix(audits): 修复超级审计员登录-日志审计-批量命令-单击主机列链接报错误信息 403 2020-08-19 03:17:02 +00:00			`permission_classes = [IsOrgAdmin \| IsOrgAuditor]`
perf(api): filter_fields被filterset_fields取代 https://django-filter.readthedocs.io/en/stable/guide/migration.html 2021-01-07 02:53:10 +00:00			`filterset_fields = [`
feat: 添加批量命令的relation 2020-06-04 12:00:39 +00:00			`'id', 'asset', 'commandexecution'`
			`]`
			`search_fields = ('asset__hostname', )`
			`http_method_names = ['options', 'get']`

			`def get_queryset(self):`
			`queryset = super().get_queryset()`
			`queryset = queryset.annotate(`
			`asset_display=Concat(`
			`F('asset__hostname'), Value('('),`
			`F('asset__ip'), Value(')')`
			`)`
			`)`
			`return queryset`