jumpserver/apps/users/api.py

# ~*~ coding: utf-8 ~*~
#

from django.shortcuts import get_object_or_404

from rest_framework import generics, status
from rest_framework.response import Response
from rest_framework_bulk import ListBulkCreateUpdateDestroyAPIView

from common.mixins import BulkDeleteApiMixin
from common.utils import get_logger
from .models import User, UserGroup
from .serializers import UserDetailSerializer, UserAndGroupSerializer, \
    GroupDetailSerializer, UserPKUpdateSerializer, UserBulkUpdateSerializer, GroupBulkUpdateSerializer
from .backends import IsSuperUser, IsAppUser, IsValidUser, IsSuperUserOrAppUser


logger = get_logger(__name__)


class UserDetailApi(generics.RetrieveUpdateDestroyAPIView):
    queryset = User.objects.all()
    serializer_class = UserDetailSerializer
    permission_classes = (IsSuperUser,)


class UserAndGroupEditApi(generics.RetrieveUpdateAPIView):
    queryset = User.objects.all()
    serializer_class = UserAndGroupSerializer
    permission_classes = (IsSuperUser,)


class UserResetPasswordApi(generics.UpdateAPIView):
    queryset = User.objects.all()
    serializer_class = UserDetailSerializer

    def perform_update(self, serializer):
        # Note: we are not updating the user object here.
        # We just do the reset-password staff.
        user = self.get_object()
        import uuid
        user.password_raw = str(uuid.uuid4())
        user.save()
        from .utils import send_reset_password_mail
        send_reset_password_mail(user)


class UserResetPKApi(generics.UpdateAPIView):
    queryset = User.objects.all()
    serializer_class = UserDetailSerializer

    def perform_update(self, serializer):
        user = self.get_object()
        user.is_public_key_valid = False
        user.save()
        from .utils import send_reset_ssh_key_mail
        send_reset_ssh_key_mail(user)


class UserUpdatePKApi(generics.UpdateAPIView):
    queryset = User.objects.all()
    serializer_class = UserPKUpdateSerializer

    def perform_update(self, serializer):
        user = self.get_object()
        user.private_key = serializer.validated_data['_public_key']
        user.save()


class GroupDetailApi(generics.RetrieveUpdateDestroyAPIView):
    queryset = UserGroup.objects.all()
    serializer_class = GroupDetailSerializer

    def perform_update(self, serializer):
        users = serializer.validated_data.get('users')
        if users:
            group = self.get_object()
            # Note: use `list` method to force hitting the db.
            group_users = list(group.users.all())
            serializer.save()
            group.users.set(users + group_users)
            group.save()
            return
        serializer.save()


class UserListUpdateApi(BulkDeleteApiMixin, ListBulkCreateUpdateDestroyAPIView):
    queryset = User.objects.all()
    serializer_class = UserBulkUpdateSerializer
    permission_classes = (IsSuperUserOrAppUser,)

    # def get(self, request, *args, **kwargs):
    #     return super(UserListUpdateApi, self).get(request, *args, **kwargs)


class GroupListUpdateApi(BulkDeleteApiMixin, ListBulkCreateUpdateDestroyAPIView):
    queryset = UserGroup.objects.all()
    serializer_class = GroupBulkUpdateSerializer


class DeleteUserFromGroupApi(generics.DestroyAPIView):
    queryset = UserGroup.objects.all()
    serializer_class = GroupDetailSerializer

    def destroy(self, request, *args, **kwargs):
        group = self.get_object()
        self.perform_destroy(group, **kwargs)
        return Response(status=status.HTTP_204_NO_CONTENT)

    def perform_destroy(self, instance, **kwargs):
        user_id = kwargs.get('uid')
        user = get_object_or_404(User, id=user_id)
        instance.users.remove(user)


class AppUserRegisterApi(generics.CreateAPIView):
    """App send a post request to register a app user

    request params contains `username_signed`, You can unsign it,
    username = unsign(username_signed), if you get the username,
    It's present it's a valid request, or return (401, Invalid request),
    then your should check if the user exist or not. If exist,
    return (200, register success), If not, you should be save it, and
    notice admin user, The user default is not active before admin user
    unblock it.

    Save fields:
        username:
        name: name + request.ip
        email: username + '@app.org'
        role: App
    """
    pass
添加 utils和api样例文件 8 years ago			`# ~~ coding: utf-8 ~~`
Add api file 8 years ago			`#`
添加 utils和api样例文件 8 years ago
add user-list-delete support for user-group detail page 8 years ago			`from django.shortcuts import get_object_or_404`

			`from rest_framework import generics, status`
			`from rest_framework.response import Response`
temp 8 years ago			`from rest_framework_bulk import ListBulkCreateUpdateDestroyAPIView`
Add api file 8 years ago
Add auth and permission backends 8 years ago			`from common.mixins import BulkDeleteApiMixin`
			`from common.utils import get_logger`
Delete Model: Role 8 years ago			`from .models import User, UserGroup`
integrate the user-group list page with its api; 8 years ago			`from .serializers import UserDetailSerializer, UserAndGroupSerializer, \`
			`GroupDetailSerializer, UserPKUpdateSerializer, UserBulkUpdateSerializer, GroupBulkUpdateSerializer`
Add auth and permission backends 8 years ago			`from .backends import IsSuperUser, IsAppUser, IsValidUser, IsSuperUserOrAppUser`
Add api file 8 years ago

Update table desgin doc and audit log 8 years ago			`logger = get_logger(__name__)`
Add Logger setting . 8 years ago

integrate the user-group list page with its api; 8 years ago			`class UserDetailApi(generics.RetrieveUpdateDestroyAPIView):`
Delete Model: Role 8 years ago			`queryset = User.objects.all()`
integrate the user-group list page with its api; 8 years ago			`serializer_class = UserDetailSerializer`
Plan create a new app: terminal 8 years ago			`permission_classes = (IsSuperUser,)`
Delete Model: Role 8 years ago

integrate the user-group list page with its api; 8 years ago			`class UserAndGroupEditApi(generics.RetrieveUpdateAPIView):`
Add api file 8 years ago			`queryset = User.objects.all()`
integrate the user-group list page with its api; 8 years ago			`serializer_class = UserAndGroupSerializer`
Plan create a new app: terminal 8 years ago			`permission_classes = (IsSuperUser,)`
reset user password and ssh pk implement 8 years ago

			`class UserResetPasswordApi(generics.UpdateAPIView):`
			`queryset = User.objects.all()`
integrate the user-group list page with its api; 8 years ago			`serializer_class = UserDetailSerializer`
reset user password and ssh pk implement 8 years ago
			`def perform_update(self, serializer):`
			`# Note: we are not updating the user object here.`
			`# We just do the reset-password staff.`
			`user = self.get_object()`
change user ssh reset type from private key to public key 8 years ago			`import uuid`
			`user.password_raw = str(uuid.uuid4())`
			`user.save()`
reset user password and ssh pk implement 8 years ago			`from .utils import send_reset_password_mail`
			`send_reset_password_mail(user)`


			`class UserResetPKApi(generics.UpdateAPIView):`
			`queryset = User.objects.all()`
integrate the user-group list page with its api; 8 years ago			`serializer_class = UserDetailSerializer`
reset user password and ssh pk implement 8 years ago
			`def perform_update(self, serializer):`
			`user = self.get_object()`
fix #14 8 years ago			`user.is_public_key_valid = False`
reset user password and ssh pk implement 8 years ago			`user.save()`
change user ssh reset type from private key to public key 8 years ago			`from .utils import send_reset_ssh_key_mail`
			`send_reset_ssh_key_mail(user)`
fix #14 8 years ago

			`class UserUpdatePKApi(generics.UpdateAPIView):`
			`queryset = User.objects.all()`
			`serializer_class = UserPKUpdateSerializer`

			`def perform_update(self, serializer):`
			`user = self.get_object()`
			`user.private_key = serializer.validated_data['_public_key']`
			`user.save()`
user-group delete implement 8 years ago

integrate the user-group list page with its api; 8 years ago			`class GroupDetailApi(generics.RetrieveUpdateDestroyAPIView):`
user-group delete implement 8 years ago			`queryset = UserGroup.objects.all()`
integrate the user-group list page with its api; 8 years ago			`serializer_class = GroupDetailSerializer`
temp 8 years ago
user-group-detail: add users support 8 years ago			`def perform_update(self, serializer):`
			`users = serializer.validated_data.get('users')`
user-group-detail: user-adding frontend integration 8 years ago			`if users:`
user-group-detail: add users support 8 years ago			`group = self.get_object()`
user-group-detail: user-adding frontend integration 8 years ago			# Note: use `list` method to force hitting the db.
			`group_users = list(group.users.all())`
			`serializer.save()`
			`group.users.set(users + group_users)`
user-group-detail: add users support 8 years ago			`group.save()`
			`return`
user-group-detail: user-adding frontend integration 8 years ago			`serializer.save()`
user-group-detail: add users support 8 years ago
temp 8 years ago
integrate the user-group list page with its api; 8 years ago			`class UserListUpdateApi(BulkDeleteApiMixin, ListBulkCreateUpdateDestroyAPIView):`
temp 8 years ago			`queryset = User.objects.all()`
			`serializer_class = UserBulkUpdateSerializer`
Add auth and permission backends 8 years ago			`permission_classes = (IsSuperUserOrAppUser,)`

may be some wrong 8 years ago			`# def get(self, request, args, *kwargs):`
			`# return super(UserListUpdateApi, self).get(request, args, *kwargs)`
user bulk delete view 8 years ago
integrate the user-group list page with its api; 8 years ago
			`class GroupListUpdateApi(BulkDeleteApiMixin, ListBulkCreateUpdateDestroyAPIView):`
			`queryset = UserGroup.objects.all()`
			`serializer_class = GroupBulkUpdateSerializer`
add user-list-delete support for user-group detail page 8 years ago

			`class DeleteUserFromGroupApi(generics.DestroyAPIView):`
			`queryset = UserGroup.objects.all()`
integrate the user-group list page with its api; 8 years ago			`serializer_class = GroupDetailSerializer`
add user-list-delete support for user-group detail page 8 years ago
			`def destroy(self, request, args, *kwargs):`
			`group = self.get_object()`
			`self.perform_destroy(group, **kwargs)`
			`return Response(status=status.HTTP_204_NO_CONTENT)`

			`def perform_destroy(self, instance, **kwargs):`
			`user_id = kwargs.get('uid')`
			`user = get_object_or_404(User, id=user_id)`
			`instance.users.remove(user)`
Plan create a new app: terminal 8 years ago

			`class AppUserRegisterApi(generics.CreateAPIView):`
			`"""App send a post request to register a app user`

			request params contains `username_signed`, You can unsign it,
			`username = unsign(username_signed), if you get the username,`
			`It's present it's a valid request, or return (401, Invalid request),`
			`then your should check if the user exist or not. If exist,`
			`return (200, register success), If not, you should be save it, and`
			`notice admin user, The user default is not active before admin user`
			`unblock it.`

			`Save fields:`
			`username:`
			`name: name + request.ip`
			`email: username + '@app.org'`
			`role: App`
			`"""`
			`pass`