jumpserver/apps/assets/api/accounts.py

from django.db.models import F, Q
from django.conf import settings
from rest_framework.decorators import action
from django_filters import rest_framework as filters
from rest_framework.response import Response

from orgs.mixins.api import OrgBulkModelViewSet
from common.permissions import IsOrgAdmin, IsOrgAdminOrAppUser, NeedMFAVerify
from common.drf.filters import BaseFilterSet
from ..tasks.account_connectivity import test_accounts_connectivity_manual
from ..models import AuthBook
from .. import serializers

__all__ = ['AccountViewSet', 'AccountSecretsViewSet']


class AccountFilterSet(BaseFilterSet):
    username = filters.CharFilter(method='do_nothing')
    ip = filters.CharFilter(field_name='ip', lookup_expr='exact')
    hostname = filters.CharFilter(field_name='hostname', lookup_expr='exact')

    @property
    def qs(self):
        qs = super().qs
        qs = self.filter_username(qs)
        return qs

    def filter_username(self, qs):
        username = self.get_query_param('username')
        if not username:
            return qs
        qs = qs.filter(Q(username=username) | Q(systemuser__username=username)).distinct()
        return qs

    class Meta:
        model = AuthBook
        fields = [
            'asset', 'systemuser', 'id',
        ]

from rest_framework.filters import  SearchFilter


class AccountViewSet(OrgBulkModelViewSet):
    model = AuthBook
    filterset_fields = ("username", "asset", "systemuser", 'ip', 'hostname')
    search_fields = ('username', 'ip', 'hostname', 'systemuser__username')
    filterset_class = AccountFilterSet
    serializer_classes = {
        'default': serializers.AccountSerializer,
        'verify_account': serializers.AssetTaskSerializer
    }
    permission_classes = (IsOrgAdmin,)

    def get_queryset(self):
        queryset = super().get_queryset()\
            .annotate(ip=F('asset__ip'))\
            .annotate(hostname=F('asset__hostname'))
        return queryset

    @action(methods=['post'], detail=True, url_path='verify')
    def verify_account(self, request, *args, **kwargs):
        account = super().get_object()
        task = test_accounts_connectivity_manual.delay([account])
        return Response(data={'task': task.id})


class AccountSecretsViewSet(AccountViewSet):
    """
    因为可能要导出所有账号，所以单独建立了一个 viewset
    """
    serializer_classes = {
        'default': serializers.AccountSecretSerializer
    }
    permission_classes = (IsOrgAdmin, NeedMFAVerify)
    http_method_names = ['get']

    def get_permissions(self):
        if not settings.SECURITY_VIEW_AUTH_NEED_MFA:
            self.permission_classes = [IsOrgAdminOrAppUser]
        return super().get_permissions()
-												fix: 修复账号搜索问题

											
										
										
											3 years ago
+								from django.db.models import F, Q
-												refactor: 整合系统用户和管理用户 (#6236)

* perf: 整合系统用户和管理用户

* stash

stash

perf: 优化系统用户和资产的表结构

* perf: 添加信号

* perf: 添加算法

* perf: 去掉 asset user backends

* perf: 整理系统用户api

* perfF: 暂存一下

* stash

* perf: 暂存一下

* perf: 暂存

* xxx

* perf: ...

* stash it

* xxx

* xxx

* xxx

* xxx

* xxx

* stash it

* 修改Protocols

* perf: 修改创建authbook信号

* perf: 添加auth info

* .stash

* perf: 基本完成

* perf: 修复完成

* perf: 修复更改的id

* perf: 修复迁移过去数量不对的问题

* perf: 修改systemuser

* fix: 修复批量编辑近期的问题

* fix: 修复authbook加载的问题

* xxx

Co-authored-by: ibuler <ibuler@qq.com>
											
										
										
											3 years ago
+								from django.conf import settings
 								from rest_framework.decorators import action
-												fix: 修复账号搜索问题

											
										
										
											3 years ago
+								from django_filters import rest_framework as filters
-												refactor: 整合系统用户和管理用户 (#6236)

* perf: 整合系统用户和管理用户

* stash

stash

perf: 优化系统用户和资产的表结构

* perf: 添加信号

* perf: 添加算法

* perf: 去掉 asset user backends

* perf: 整理系统用户api

* perfF: 暂存一下

* stash

* perf: 暂存一下

* perf: 暂存

* xxx

* perf: ...

* stash it

* xxx

* xxx

* xxx

* xxx

* xxx

* stash it

* 修改Protocols

* perf: 修改创建authbook信号

* perf: 添加auth info

* .stash

* perf: 基本完成

* perf: 修复完成

* perf: 修复更改的id

* perf: 修复迁移过去数量不对的问题

* perf: 修改systemuser

* fix: 修复批量编辑近期的问题

* fix: 修复authbook加载的问题

* xxx

Co-authored-by: ibuler <ibuler@qq.com>
											
										
										
											3 years ago
+								from rest_framework.response import Response
 								from orgs.mixins.api import OrgBulkModelViewSet
 								from common.permissions import IsOrgAdmin, IsOrgAdminOrAppUser, NeedMFAVerify
-												fix: 修复账号搜索问题

											
										
										
											3 years ago
+								from common.drf.filters import BaseFilterSet
-												refactor: 整合系统用户和管理用户 (#6236)

* perf: 整合系统用户和管理用户

* stash

stash

perf: 优化系统用户和资产的表结构

* perf: 添加信号

* perf: 添加算法

* perf: 去掉 asset user backends

* perf: 整理系统用户api

* perfF: 暂存一下

* stash

* perf: 暂存一下

* perf: 暂存

* xxx

* perf: ...

* stash it

* xxx

* xxx

* xxx

* xxx

* xxx

* stash it

* 修改Protocols

* perf: 修改创建authbook信号

* perf: 添加auth info

* .stash

* perf: 基本完成

* perf: 修复完成

* perf: 修复更改的id

* perf: 修复迁移过去数量不对的问题

* perf: 修改systemuser

* fix: 修复批量编辑近期的问题

* fix: 修复authbook加载的问题

* xxx

Co-authored-by: ibuler <ibuler@qq.com>
											
										
										
											3 years ago
+								from ..tasks.account_connectivity import test_accounts_connectivity_manual
 								from ..models import AuthBook
 								from .. import serializers
 								__all__ = ['AccountViewSet', 'AccountSecretsViewSet']
-												fix: 修复账号搜索问题

											
										
										
											3 years ago
+								class AccountFilterSet(BaseFilterSet):
 								    username = filters.CharFilter(method='do_nothing')
 								    ip = filters.CharFilter(field_name='ip', lookup_expr='exact')
 								    hostname = filters.CharFilter(field_name='hostname', lookup_expr='exact')
 								    @property
 								    def qs(self):
 								        qs = super().qs
 								        qs = self.filter_username(qs)
 								        return qs
 								    def filter_username(self, qs):
 								        username = self.get_query_param('username')
 								        if not username:
 								            return qs
 								        qs = qs.filter(Q(username=username) | Q(systemuser__username=username)).distinct()
 								        return qs
 								    class Meta:
 								        model = AuthBook
 								        fields = [
 								            'asset', 'systemuser', 'id',
 								        ]
 								from rest_framework.filters import  SearchFilter
-												refactor: 整合系统用户和管理用户 (#6236)

* perf: 整合系统用户和管理用户

* stash

stash

perf: 优化系统用户和资产的表结构

* perf: 添加信号

* perf: 添加算法

* perf: 去掉 asset user backends

* perf: 整理系统用户api

* perfF: 暂存一下

* stash

* perf: 暂存一下

* perf: 暂存

* xxx

* perf: ...

* stash it

* xxx

* xxx

* xxx

* xxx

* xxx

* stash it

* 修改Protocols

* perf: 修改创建authbook信号

* perf: 添加auth info

* .stash

* perf: 基本完成

* perf: 修复完成

* perf: 修复更改的id

* perf: 修复迁移过去数量不对的问题

* perf: 修改systemuser

* fix: 修复批量编辑近期的问题

* fix: 修复authbook加载的问题

* xxx

Co-authored-by: ibuler <ibuler@qq.com>
											
										
										
											3 years ago
+								class AccountViewSet(OrgBulkModelViewSet):
 								    model = AuthBook
-												fix: 修复账号搜索问题

											
										
										
											3 years ago
+								    filterset_fields = ("username", "asset", "systemuser", 'ip', 'hostname')
 								    search_fields = ('username', 'ip', 'hostname', 'systemuser__username')
 								    filterset_class = AccountFilterSet
-												refactor: 整合系统用户和管理用户 (#6236)

* perf: 整合系统用户和管理用户

* stash

stash

perf: 优化系统用户和资产的表结构

* perf: 添加信号

* perf: 添加算法

* perf: 去掉 asset user backends

* perf: 整理系统用户api

* perfF: 暂存一下

* stash

* perf: 暂存一下

* perf: 暂存

* xxx

* perf: ...

* stash it

* xxx

* xxx

* xxx

* xxx

* xxx

* stash it

* 修改Protocols

* perf: 修改创建authbook信号

* perf: 添加auth info

* .stash

* perf: 基本完成

* perf: 修复完成

* perf: 修复更改的id

* perf: 修复迁移过去数量不对的问题

* perf: 修改systemuser

* fix: 修复批量编辑近期的问题

* fix: 修复authbook加载的问题

* xxx

Co-authored-by: ibuler <ibuler@qq.com>
											
										
										
											3 years ago
+								    serializer_classes = {
 								        'default': serializers.AccountSerializer,
 								        'verify_account': serializers.AssetTaskSerializer
 								    }
 								    permission_classes = (IsOrgAdmin,)
 								    def get_queryset(self):
 								        queryset = super().get_queryset()\
 								            .annotate(ip=F('asset__ip'))\
 								            .annotate(hostname=F('asset__hostname'))
 								        return queryset
 								    @action(methods=['post'], detail=True, url_path='verify')
 								    def verify_account(self, request, *args, **kwargs):
 								        account = super().get_object()
 								        task = test_accounts_connectivity_manual.delay([account])
 								        return Response(data={'task': task.id})
 								class AccountSecretsViewSet(AccountViewSet):
 								    """
 								    因为可能要导出所有账号，所以单独建立了一个 viewset
 								    """
 								    serializer_classes = {
 								        'default': serializers.AccountSecretSerializer
 								    }
 								    permission_classes = (IsOrgAdmin, NeedMFAVerify)
 								    http_method_names = ['get']
 								    def get_permissions(self):
 								        if not settings.SECURITY_VIEW_AUTH_NEED_MFA:
 								            self.permission_classes = [IsOrgAdminOrAppUser]
 								        return super().get_permissions()