github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity
jumpserver/apps/perms/api.py

218 lines
6.8 KiB
Python
Raw Normal View History

添加 utils和api样例文件
2016-08-09 09:27:37 +00:00
# ~*~ coding: utf-8 ~*~
#
[Change] 拆分user view为多个view
2017-01-17 08:34:47 +00:00
from django.shortcuts import get_object_or_404
Update api
2016-10-19 11:30:55 +00:00
from rest_framework.views import APIView, Response
[Feature] 更改perms api
2018-02-07 15:25:15 +00:00
from rest_framework.generics import ListAPIView, get_object_or_404
Update perm api
2016-11-09 16:18:57 +00:00
from rest_framework import viewsets
[Update] 修改settings和配置文件
2017-12-21 10:54:29 +00:00
[Feature] 更改perms api
2018-02-07 15:25:15 +00:00
from users.permissions import IsValidUser, IsSuperUser, IsSuperUserOrAppUser
from .utils import NodePermissionUtil
from .models import NodePermission
from .hands import AssetGrantedSerializer, User, UserGroup, Asset, \
[Update] 使用资产树,去掉集群和资产组
2018-02-08 03:34:21 +00:00
NodeGrantedSerializer, SystemUser, NodeSerializer
stash it
2016-11-04 10:33:16 +00:00
from . import serializers
Update perm api
2016-11-09 16:18:57 +00:00
class AssetPermissionViewSet(viewsets.ModelViewSet):
[Update] 修改用户获取自己授权资产的api,和查询用户授权资产组等api的Url和结构
2017-11-23 03:26:17 +00:00
"""
资产授权列表的增删改查api
"""
[Abandon] ...
2018-02-01 09:14:15 +00:00
queryset = NodePermission.objects.all()
serializer_class = serializers.AssetPermissionCreateUpdateSerializer
stash it
2016-11-04 10:33:16 +00:00
permission_classes = (IsSuperUser,)
Update api
2016-10-19 11:30:55 +00:00
[Abandon] ...
2018-02-01 09:14:15 +00:00
def get_serializer_class(self):
if self.action in ("list", 'retrieve'):
return serializers.AssetPermissionListSerializer
return self.serializer_class
Update usergroup detail
2016-11-15 11:33:04 +00:00
[Feature] 完成资产授权和资产添加
2018-02-02 09:06:08 +00:00
def get_queryset(self):
queryset = super().get_queryset()
node_id = self.request.query_params.get('node_id')
[Update] 使用资产树,去掉集群和资产组
2018-02-08 03:34:21 +00:00
[Feature] 完成资产授权和资产添加
2018-02-02 09:06:08 +00:00
if node_id:
queryset = queryset.filter(node__id=node_id)
[Update] 使用资产树,去掉集群和资产组
2018-02-08 03:34:21 +00:00
[Feature] 完成资产授权和资产添加
2018-02-02 09:06:08 +00:00
return queryset
Finish user permission revoke
2016-11-10 08:59:50 +00:00
[Fixture] 添加command log backends, 未来支持es
2017-02-06 15:13:27 +00:00
Update usergroup detail
2016-11-15 11:33:04 +00:00
class UserGrantedAssetsApi(ListAPIView):
[Update] 修改用户获取自己授权资产的api,和查询用户授权资产组等api的Url和结构
2017-11-23 03:26:17 +00:00
"""
用户授权的所有资产
"""
App user get user perms
2017-10-22 09:53:46 +00:00
permission_classes = (IsSuperUserOrAppUser,)
Update usergroup detail
2016-11-15 11:33:04 +00:00
serializer_class = AssetGrantedSerializer
def get_queryset(self):
user_id = self.kwargs.get('pk', '')
[Change] 拆分user view为多个view
2017-01-17 08:34:47 +00:00
queryset = []
[Feature] 更改perms api
2018-02-07 15:25:15 +00:00
Update usergroup detail
2016-11-15 11:33:04 +00:00
if user_id:
user = get_object_or_404(User, id=user_id)
[Feature] 更改perms api
2018-02-07 15:25:15 +00:00
else:
user = self.request.user
Update usergroup detail
2016-11-15 11:33:04 +00:00
[Feature] 更改perms api
2018-02-07 15:25:15 +00:00
for k, v in NodePermissionUtil.get_user_assets(user).items():
[Update] 修改授权api, windows资产只有rdp协议,linux只有ssh协议
2018-02-27 11:39:27 +00:00
if k.is_unixlike():
system_users_granted = [s for s in v if s.protocol == 'ssh']
else:
system_users_granted = [s for s in v if s.protocol == 'rdp']
k.system_users_granted = system_users_granted
[Feature] 更改perms api
2018-02-07 15:25:15 +00:00
queryset.append(k)
return queryset
Update usergroup detail
2016-11-15 11:33:04 +00:00
[Feature] 更改perms api
2018-02-07 15:25:15 +00:00
def get_permissions(self):
if self.kwargs.get('pk') is None:
self.permission_classes = (IsValidUser,)
return super().get_permissions()
[Update] 修改用户获取自己授权资产的api,和查询用户授权资产组等api的Url和结构
2017-11-23 03:26:17 +00:00
[Update] 使用资产树,去掉集群和资产组
2018-02-08 03:34:21 +00:00
class UserGrantedNodesApi(ListAPIView):
permission_classes = (IsSuperUser,)
serializer_class = NodeSerializer
def get_queryset(self):
user_id = self.kwargs.get('pk', '')
if user_id:
user = get_object_or_404(User, id=user_id)
else:
user = self.request.user
nodes = NodePermissionUtil.get_user_nodes(user)
return nodes.keys()
[Feature] 更改perms api
2018-02-07 15:25:15 +00:00
class UserGrantedNodesWithAssetsApi(ListAPIView):
[Update] 修改用户获取自己授权资产的api,和查询用户授权资产组等api的Url和结构
2017-11-23 03:26:17 +00:00
"""
授权用户的资产组这里的资产组并非是授权列表中授权的
而是把所有资产取出来然后反查出所有资产组然后合并得到
结果里也包含资产组下授权的资产
数据结构如下
[
{
"id": 1,
[Feature] 更改perms api
2018-02-07 15:25:15 +00:00
"value": "node",
[Update] 修改用户获取自己授权资产的api,和查询用户授权资产组等api的Url和结构
2017-11-23 03:26:17 +00:00
... 其它属性
"assets_granted": [
{
"id": 1,
"hostname": "testserver",
"ip": "192.168.1.1",
"port": 22,
"system_users_granted": [
"id": 1,
"name": "web",
"username": "web",
"protocol": "ssh",
]
}
]
}
]
"""
App user get user perms
2017-10-22 09:53:46 +00:00
permission_classes = (IsSuperUserOrAppUser,)
[Feature] 更改perms api
2018-02-07 15:25:15 +00:00
serializer_class = NodeGrantedSerializer
Update usergroup detail
2016-11-15 11:33:04 +00:00
def get_queryset(self):
user_id = self.kwargs.get('pk', '')
修改 terminal上报接口和api
2017-11-14 01:44:16 +00:00
queryset = []
[Feature] 更改perms api
2018-02-07 15:25:15 +00:00
if not user_id:
user = self.request.user
else:
user = get_object_or_404(User, id=user_id)
[Change] 添加翻译,并添加用户登陆页面
2017-03-29 07:26:32 +00:00
[Feature] 更改perms api
2018-02-07 15:25:15 +00:00
nodes = NodePermissionUtil.get_user_nodes_with_assets(user)
[Update] 修改授权api, windows资产只有rdp协议,linux只有ssh协议
2018-02-27 11:39:27 +00:00
assets = {}
for k, v in NodePermissionUtil.get_user_assets(user).items():
if k.is_unixlike():
system_users_granted = [s for s in v if s.protocol == 'ssh']
else:
system_users_granted = [s for s in v if s.protocol == 'rdp']
assets[k] = system_users_granted
[Feature] 更改perms api
2018-02-07 15:25:15 +00:00
for node, v in nodes.items():
for asset in v['assets']:
[Update] 修改授权api, windows资产只有rdp协议,linux只有ssh协议
2018-02-27 11:39:27 +00:00
asset.system_users_granted = assets[asset]
[Feature] 更改perms api
2018-02-07 15:25:15 +00:00
node.assets_granted = v['assets']
queryset.append(node)
[Update] 修改用户获取自己授权资产的api,和查询用户授权资产组等api的Url和结构
2017-11-23 03:26:17 +00:00
return queryset
[Change] 添加翻译,并添加用户登陆页面
2017-03-29 07:26:32 +00:00
[Feature] 更改perms api
2018-02-07 15:25:15 +00:00
def get_permissions(self):
if self.kwargs.get('pk') is None:
self.permission_classes = (IsValidUser,)
return super().get_permissions()
Weiteng
2016-11-15 15:09:36 +00:00
class UserGroupGrantedAssetsApi(ListAPIView):
permission_classes = (IsSuperUser,)
serializer_class = AssetGrantedSerializer
def get_queryset(self):
user_group_id = self.kwargs.get('pk', '')
[Feature] 更改perms api
2018-02-07 15:25:15 +00:00
queryset = []
Weiteng
2016-11-15 15:09:36 +00:00
[Feature] 更改perms api
2018-02-07 15:25:15 +00:00
if not user_group_id:
return queryset
user_group = get_object_or_404(UserGroup, id=user_group_id)
assets = NodePermissionUtil.get_user_group_assets(user_group)
for k, v in assets.items():
k.system_users_granted = v
queryset.append(k)
Weiteng
2016-11-15 15:09:36 +00:00
return queryset
[Update] 使用资产树,去掉集群和资产组
2018-02-08 03:34:21 +00:00
class UserGroupGrantedNodesApi(ListAPIView):
permission_classes = (IsSuperUser,)
serializer_class = NodeSerializer
def get_queryset(self):
group_id = self.kwargs.get('pk', '')
queryset = []
if group_id:
group = get_object_or_404(UserGroup, id=group_id)
nodes = NodePermissionUtil.get_user_group_nodes(group)
queryset = nodes.keys()
return queryset
class UserGroupGrantedNodesWithAssetsApi(ListAPIView):
Weiteng
2016-11-15 15:09:36 +00:00
permission_classes = (IsSuperUser,)
[Feature] 更改perms api
2018-02-07 15:25:15 +00:00
serializer_class = NodeGrantedSerializer
Weiteng
2016-11-15 15:09:36 +00:00
def get_queryset(self):
user_group_id = self.kwargs.get('pk', '')
[Feature] 更改perms api
2018-02-07 15:25:15 +00:00
queryset = []
Weiteng
2016-11-15 15:09:36 +00:00
[Feature] 更改perms api
2018-02-07 15:25:15 +00:00
if not user_group_id:
return queryset
user_group = get_object_or_404(UserGroup, id=user_group_id)
nodes = NodePermissionUtil.get_user_group_nodes_with_assets(user_group)
for node, v in nodes.items():
for asset in v['assets']:
asset.system_users_granted = v['system_users']
node.assets_granted = v['assets']
queryset.append(node)
[Change] 拆分user view为多个view
2017-01-17 08:34:47 +00:00
return queryset
[Change] 修改perm的代码, 强制79个字符内
2017-01-17 09:11:01 +00:00
class ValidateUserAssetPermissionView(APIView):
[Bugfix] 修复title显示Jumpserver
2018-01-15 05:54:19 +00:00
permission_classes = (IsSuperUserOrAppUser,)
[Change] 拆分user view为多个view
2017-01-17 08:34:47 +00:00
[Change] 修改perm的代码, 强制79个字符内
2017-01-17 09:11:01 +00:00
@staticmethod
def get(request):
[Fix] 修改一些api bug
2017-01-20 05:59:53 +00:00
user_id = request.query_params.get('user_id', '')
asset_id = request.query_params.get('asset_id', '')
system_id = request.query_params.get('system_user_id', '')
[Change] 拆分user view为多个view
2017-01-17 08:34:47 +00:00
[Change] 修改perm的代码, 强制79个字符内
2017-01-17 09:11:01 +00:00
user = get_object_or_404(User, id=user_id)
asset = get_object_or_404(Asset, id=asset_id)
system_user = get_object_or_404(SystemUser, id=system_id)
[Change] 拆分user view为多个view
2017-01-17 08:34:47 +00:00
[Feature] 更改perms api
2018-02-07 15:25:15 +00:00
assets_granted = NodePermissionUtil.get_user_assets(user)
[Change] 修改perm的代码, 强制79个字符内
2017-01-17 09:11:01 +00:00
if system_user in assets_granted.get(asset, []):
return Response({'msg': True}, status=200)
else:
return Response({'msg': False}, status=403)