jumpserver/apps/assets/api.py

191 lines
7.0 KiB
Python
Raw Normal View History

2016-08-09 09:27:37 +00:00
# ~*~ coding: utf-8 ~*~
2016-09-11 01:50:42 +00:00
2016-11-06 13:29:04 +00:00
from rest_framework import viewsets, generics, mixins
2016-12-29 11:17:00 +00:00
2017-04-04 11:16:34 +00:00
2016-11-01 11:31:35 +00:00
from rest_framework.response import Response
2016-11-01 09:21:16 +00:00
from rest_framework.views import APIView
2017-01-06 12:34:24 +00:00
from rest_framework_bulk import BulkModelViewSet, BulkDestroyAPIView
from django_filters.rest_framework import DjangoFilterBackend
2016-11-01 09:21:16 +00:00
from rest_framework_bulk import BulkListSerializer, BulkSerializerMixin, ListBulkCreateUpdateDestroyAPIView
2016-11-06 13:29:04 +00:00
from django.shortcuts import get_object_or_404
2016-11-01 09:21:16 +00:00
2016-11-25 03:00:51 +00:00
from common.mixins import IDInFilterMixin
2016-11-01 11:31:35 +00:00
from common.utils import get_object_or_none, signer
from .hands import IsSuperUser, IsAppUser, IsValidUser, \
get_user_granted_assets, push_users
2017-03-24 06:48:18 +00:00
from .models import AssetGroup, Asset, IDC, SystemUser, AdminUser
2016-11-06 13:29:04 +00:00
from . import serializers
2017-04-04 11:16:34 +00:00
from .tasks import update_assets_hardware_info
from .utils import test_admin_user_connective_manual
2016-09-04 09:43:03 +00:00
2017-01-06 12:34:24 +00:00
class AssetViewSet(IDInFilterMixin, BulkModelViewSet):
2016-10-28 13:19:37 +00:00
"""API endpoint that allows Asset to be viewed or edited."""
2016-09-03 11:05:50 +00:00
queryset = Asset.objects.all()
2016-11-06 13:29:04 +00:00
serializer_class = serializers.AssetSerializer
permission_classes = (IsValidUser,)
2016-09-03 11:05:50 +00:00
2016-11-06 14:45:26 +00:00
def get_queryset(self):
if self.request.user.is_superuser:
queryset = super(AssetViewSet, self).get_queryset()
else:
queryset = get_user_granted_assets(self.request.user)
2016-11-17 11:28:45 +00:00
idc_id = self.request.query_params.get('idc_id', '')
2017-01-07 14:34:12 +00:00
system_users_id = self.request.query_params.get('system_user_id', '')
2016-11-17 11:28:45 +00:00
asset_group_id = self.request.query_params.get('asset_group_id', '')
2017-01-07 14:34:12 +00:00
admin_user_id = self.request.query_params.get('admin_user_id', '')
2016-11-17 11:28:45 +00:00
if idc_id:
queryset = queryset.filter(idc__id=idc_id)
2017-01-07 14:34:12 +00:00
if system_users_id:
queryset = queryset.filter(system_users__id=system_users_id)
if admin_user_id:
queryset = queryset.filter(admin_user__id=admin_user_id)
2016-11-17 11:28:45 +00:00
if asset_group_id:
queryset = queryset.filter(groups__id=asset_group_id)
2016-11-06 14:45:26 +00:00
return queryset
2016-09-04 09:43:03 +00:00
2017-01-06 12:34:24 +00:00
class AssetGroupViewSet(IDInFilterMixin, BulkModelViewSet):
2016-11-09 16:18:57 +00:00
queryset = AssetGroup.objects.all()
serializer_class = serializers.AssetGroupSerializer
2017-01-07 14:34:12 +00:00
permission_classes = (IsSuperUser,)
2016-11-09 16:18:57 +00:00
2016-12-19 15:10:16 +00:00
2016-12-15 11:55:15 +00:00
class AssetUpdateGroupApi(generics.RetrieveUpdateAPIView):
queryset = Asset.objects.all()
serializer_class = serializers.AssetUpdateGroupSerializer
permission_classes = (IsSuperUser,)
2016-11-09 16:18:57 +00:00
2016-12-19 15:10:16 +00:00
2017-01-06 12:34:24 +00:00
class AssetGroupUpdateApi(generics.RetrieveUpdateAPIView):
2017-01-07 14:34:12 +00:00
queryset = AssetGroup.objects.all()
serializer_class = serializers.AssetGroupUpdateSerializer
permission_classes = (IsSuperUser,)
2017-01-06 12:34:24 +00:00
class AssetGroupUpdateSystemUserApi(generics.RetrieveUpdateAPIView):
2017-01-07 14:34:12 +00:00
queryset = AssetGroup.objects.all()
serializer_class = serializers.AssetGroupUpdateSystemUserSerializer
permission_classes = (IsSuperUser,)
2017-01-06 12:34:24 +00:00
2017-04-04 11:16:34 +00:00
class IDCUpdateAssetsApi(generics.RetrieveUpdateAPIView):
2017-01-07 14:34:12 +00:00
queryset = IDC.objects.all()
serializer_class = serializers.IDCUpdateAssetsSerializer
permission_classes = (IsSuperUser,)
2017-01-06 12:34:24 +00:00
class IDCViewSet(IDInFilterMixin, BulkModelViewSet):
2016-09-03 11:05:50 +00:00
queryset = IDC.objects.all()
2016-11-06 13:29:04 +00:00
serializer_class = serializers.IDCSerializer
2016-11-01 11:31:35 +00:00
permission_classes = (IsSuperUser,)
2016-09-22 10:31:04 +00:00
2016-12-19 15:10:16 +00:00
2017-01-06 12:34:24 +00:00
class AdminUserViewSet(IDInFilterMixin, BulkModelViewSet):
2016-11-06 13:29:04 +00:00
queryset = AdminUser.objects.all()
serializer_class = serializers.AdminUserSerializer
permission_classes = (IsSuperUser,)
2016-12-19 15:10:16 +00:00
2017-01-06 12:34:24 +00:00
class SystemUserViewSet(IDInFilterMixin, BulkModelViewSet):
2016-11-06 13:29:04 +00:00
queryset = SystemUser.objects.all()
serializer_class = serializers.SystemUserSerializer
permission_classes = (IsSuperUser,)
2016-12-19 15:10:16 +00:00
2016-12-15 11:55:15 +00:00
class SystemUserUpdateApi(generics.RetrieveUpdateAPIView):
queryset = Asset.objects.all()
serializer_class = serializers.AssetUpdateSystemUserSerializer
permission_classes = (IsSuperUser,)
def patch(self, request, *args, **kwargs):
asset = self.get_object()
old_system_users = set(asset.system_users.all())
response = super(SystemUserUpdateApi, self).patch(request, *args, **kwargs)
system_users_new = set(asset.system_users.all())
system_users = system_users_new - old_system_users
system_users = [system_user._to_secret_json() for system_user in system_users]
push_users.delay([asset], system_users)
return response
2016-11-06 13:29:04 +00:00
2017-01-06 12:34:24 +00:00
class SystemUserUpdateAssetsApi(generics.RetrieveUpdateAPIView):
2017-01-07 14:34:12 +00:00
queryset = SystemUser.objects.all()
serializer_class = serializers.SystemUserUpdateAssetsSerializer
permission_classes = (IsSuperUser,)
2016-11-06 13:29:04 +00:00
2017-01-06 12:34:24 +00:00
class SystemUserUpdateAssetGroupApi(generics.RetrieveUpdateAPIView):
2017-01-07 14:34:12 +00:00
queryset = SystemUser.objects.all()
serializer_class = serializers.SystemUserUpdateAssetGroupSerializer
permission_classes = (IsSuperUser,)
2016-12-15 11:55:15 +00:00
2016-11-06 13:29:04 +00:00
2016-11-25 03:00:51 +00:00
class AssetListUpdateApi(IDInFilterMixin, ListBulkCreateUpdateDestroyAPIView):
2016-10-21 13:14:49 +00:00
queryset = Asset.objects.all()
2016-11-09 16:18:57 +00:00
serializer_class = serializers.AssetSerializer
2016-11-01 11:31:35 +00:00
permission_classes = (IsSuperUser,)
2016-11-01 09:21:16 +00:00
2016-12-29 11:17:00 +00:00
class SystemUserAuthInfoApi(generics.RetrieveAPIView):
queryset = SystemUser.objects.all()
2017-01-07 14:34:12 +00:00
permission_classes = (IsAppUser,)
2016-11-01 11:31:35 +00:00
2016-12-29 11:17:00 +00:00
def retrieve(self, request, *args, **kwargs):
system_user = self.get_object()
data = {
'id': system_user.id,
'name': system_user.name,
'username': system_user.username,
'password': system_user.password,
'private_key': system_user.private_key,
'auth_method': system_user.auth_method,
}
return Response(data)
2016-10-28 13:19:37 +00:00
2017-04-04 11:16:34 +00:00
class AssetRefreshHardwareView(generics.RetrieveAPIView):
queryset = Asset.objects.all()
serializer_class = serializers.AssetSerializer
permission_classes = (IsSuperUser,)
def retrieve(self, request, *args, **kwargs):
asset_id = kwargs.get('pk')
asset = get_object_or_404(Asset, pk=asset_id)
summary = update_assets_hardware_info([asset])
if len(summary['failed']) == 0:
return super(AssetRefreshHardwareView, self).retrieve(request, *args, **kwargs)
else:
return Response('', status=502)
class AssetAdminUserTestView(AssetRefreshHardwareView):
queryset = Asset.objects.all()
permission_classes = (IsSuperUser,)
def retrieve(self, request, *args, **kwargs):
asset_id = kwargs.get('pk')
asset = get_object_or_404(Asset, pk=asset_id)
result = test_admin_user_connective_manual([asset])
if result:
return Response('1')
else:
return Response('0', status=502)
2017-04-12 10:06:32 +00:00
class AssetGroupPushSystemUserView(generics.UpdateAPIView):
queryset = AssetGroup.objects.all()
permission_classes = (IsSuperUser,)
def patch(self, request, *args, **kwargs):
asset_group = self.get_object()
assets = asset_group.assets.all()
system_user_id = self.request.data['system_user']
system_user = get_object_or_none(SystemUser, id=system_user_id)
if not assets or not system_user:
return Response('Invalid system user id or asset group id', status=404)
task = push_users.delay([asset._to_secret_json() for asset in assets],
system_user._to_secret_json())
return Response(task.id)