jumpserver/apps/users/api.py

# ~*~ coding: utf-8 ~*~
#

from django.shortcuts import get_object_or_404

from rest_framework import generics, status
from rest_framework.response import Response
from rest_framework_bulk import ListBulkCreateUpdateDestroyAPIView

from common.mixins import BulkDeleteApiMixin
from common.utils import get_logger
from .models import User, UserGroup
from .serializers import UserDetailSerializer, UserAndGroupSerializer, \
    GroupDetailSerializer, UserPKUpdateSerializer, UserBulkUpdateSerializer, GroupBulkUpdateSerializer
from .backends import IsSuperUser, IsTerminalUser, IsValidUser, IsSuperUserOrTerminalUser


logger = get_logger(__name__)


class UserDetailApi(generics.RetrieveUpdateDestroyAPIView):
    queryset = User.objects.all()
    serializer_class = UserDetailSerializer
    permission_classes = (IsSuperUser,)


class UserAndGroupEditApi(generics.RetrieveUpdateAPIView):
    queryset = User.objects.all()
    serializer_class = UserAndGroupSerializer
    permission_classes = (IsSuperUser,)


class UserResetPasswordApi(generics.UpdateAPIView):
    queryset = User.objects.all()
    serializer_class = UserDetailSerializer

    def perform_update(self, serializer):
        # Note: we are not updating the user object here.
        # We just do the reset-password staff.
        user = self.get_object()
        import uuid
        user.password_raw = str(uuid.uuid4())
        user.save()
        from .utils import send_reset_password_mail
        send_reset_password_mail(user)


class UserResetPKApi(generics.UpdateAPIView):
    queryset = User.objects.all()
    serializer_class = UserDetailSerializer

    def perform_update(self, serializer):
        user = self.get_object()
        user.is_public_key_valid = False
        user.save()
        from .utils import send_reset_ssh_key_mail
        send_reset_ssh_key_mail(user)


class UserUpdatePKApi(generics.UpdateAPIView):
    queryset = User.objects.all()
    serializer_class = UserPKUpdateSerializer

    def perform_update(self, serializer):
        user = self.get_object()
        user.private_key = serializer.validated_data['_public_key']
        user.save()


class GroupDetailApi(generics.RetrieveUpdateDestroyAPIView):
    queryset = UserGroup.objects.all()
    serializer_class = GroupDetailSerializer

    def perform_update(self, serializer):
        users = serializer.validated_data.get('users')
        if users:
            group = self.get_object()
            # Note: use `list` method to force hitting the db.
            group_users = list(group.users.all())
            serializer.save()
            group.users.set(users + group_users)
            group.save()
            return
        serializer.save()


class UserListUpdateApi(BulkDeleteApiMixin, ListBulkCreateUpdateDestroyAPIView):
    queryset = User.objects.all()
    serializer_class = UserBulkUpdateSerializer
    permission_classes = (IsSuperUserOrTerminalUser,)

    # def get(self, request, *args, **kwargs):
    #     return super(UserListUpdateApi, self).get(request, *args, **kwargs)


class GroupListUpdateApi(BulkDeleteApiMixin, ListBulkCreateUpdateDestroyAPIView):
    queryset = UserGroup.objects.all()
    serializer_class = GroupBulkUpdateSerializer


class DeleteUserFromGroupApi(generics.DestroyAPIView):
    queryset = UserGroup.objects.all()
    serializer_class = GroupDetailSerializer

    def destroy(self, request, *args, **kwargs):
        group = self.get_object()
        self.perform_destroy(group, **kwargs)
        return Response(status=status.HTTP_204_NO_CONTENT)

    def perform_destroy(self, instance, **kwargs):
        user_id = kwargs.get('uid')
        user = get_object_or_404(User, id=user_id)
        instance.users.remove(user)


class AppUserRegisterApi(generics.CreateAPIView):
    """App send a post request to register a app user

    request params contains `username_signed`, You can unsign it,
    username = unsign(username_signed), if you get the username,
    It's present it's a valid request, or return (401, Invalid request),
    then your should check if the user exist or not. If exist,
    return (200, register success), If not, you should be save it, and
    notice admin user, The user default is not active before admin user
    unblock it.

    Save fields:
        username:
        name: name + request.ip
        email: username + '@app.org'
        role: App
    """
    pass
添加 utils和api样例文件 2016-08-09 09:27:37 +00:00			`# ~~ coding: utf-8 ~~`
Add api file 2016-08-23 16:11:13 +00:00			`#`
添加 utils和api样例文件 2016-08-09 09:27:37 +00:00
add user-list-delete support for user-group detail page 2016-09-26 13:22:48 +00:00			`from django.shortcuts import get_object_or_404`

			`from rest_framework import generics, status`
			`from rest_framework.response import Response`
temp 2016-09-21 07:48:21 +00:00			`from rest_framework_bulk import ListBulkCreateUpdateDestroyAPIView`
Add api file 2016-08-23 16:11:13 +00:00
Add auth and permission backends 2016-10-15 08:04:54 +00:00			`from common.mixins import BulkDeleteApiMixin`
			`from common.utils import get_logger`
Delete Model: Role 2016-08-24 09:14:21 +00:00			`from .models import User, UserGroup`
integrate the user-group list page with its api; 2016-10-02 03:09:27 +00:00			`from .serializers import UserDetailSerializer, UserAndGroupSerializer, \`
			`GroupDetailSerializer, UserPKUpdateSerializer, UserBulkUpdateSerializer, GroupBulkUpdateSerializer`
Change app name apps => terrminal 2016-10-17 07:24:41 +00:00			`from .backends import IsSuperUser, IsTerminalUser, IsValidUser, IsSuperUserOrTerminalUser`
Add api file 2016-08-23 16:11:13 +00:00

Update table desgin doc and audit log 2016-10-07 15:54:29 +00:00			`logger = get_logger(__name__)`
Add Logger setting . 2016-08-26 08:56:50 +00:00

integrate the user-group list page with its api; 2016-10-02 03:09:27 +00:00			`class UserDetailApi(generics.RetrieveUpdateDestroyAPIView):`
Delete Model: Role 2016-08-24 09:14:21 +00:00			`queryset = User.objects.all()`
integrate the user-group list page with its api; 2016-10-02 03:09:27 +00:00			`serializer_class = UserDetailSerializer`
Plan create a new app: terminal 2016-10-15 09:14:56 +00:00			`permission_classes = (IsSuperUser,)`
Delete Model: Role 2016-08-24 09:14:21 +00:00

integrate the user-group list page with its api; 2016-10-02 03:09:27 +00:00			`class UserAndGroupEditApi(generics.RetrieveUpdateAPIView):`
Add api file 2016-08-23 16:11:13 +00:00			`queryset = User.objects.all()`
integrate the user-group list page with its api; 2016-10-02 03:09:27 +00:00			`serializer_class = UserAndGroupSerializer`
Plan create a new app: terminal 2016-10-15 09:14:56 +00:00			`permission_classes = (IsSuperUser,)`
reset user password and ssh pk implement 2016-09-13 13:45:10 +00:00

			`class UserResetPasswordApi(generics.UpdateAPIView):`
			`queryset = User.objects.all()`
integrate the user-group list page with its api; 2016-10-02 03:09:27 +00:00			`serializer_class = UserDetailSerializer`
reset user password and ssh pk implement 2016-09-13 13:45:10 +00:00
			`def perform_update(self, serializer):`
			`# Note: we are not updating the user object here.`
			`# We just do the reset-password staff.`
			`user = self.get_object()`
change user ssh reset type from private key to public key 2016-09-15 08:54:00 +00:00			`import uuid`
			`user.password_raw = str(uuid.uuid4())`
			`user.save()`
reset user password and ssh pk implement 2016-09-13 13:45:10 +00:00			`from .utils import send_reset_password_mail`
			`send_reset_password_mail(user)`


			`class UserResetPKApi(generics.UpdateAPIView):`
			`queryset = User.objects.all()`
integrate the user-group list page with its api; 2016-10-02 03:09:27 +00:00			`serializer_class = UserDetailSerializer`
reset user password and ssh pk implement 2016-09-13 13:45:10 +00:00
			`def perform_update(self, serializer):`
			`user = self.get_object()`
fix #14 2016-09-18 06:28:34 +00:00			`user.is_public_key_valid = False`
reset user password and ssh pk implement 2016-09-13 13:45:10 +00:00			`user.save()`
change user ssh reset type from private key to public key 2016-09-15 08:54:00 +00:00			`from .utils import send_reset_ssh_key_mail`
			`send_reset_ssh_key_mail(user)`
fix #14 2016-09-18 06:28:34 +00:00

			`class UserUpdatePKApi(generics.UpdateAPIView):`
			`queryset = User.objects.all()`
			`serializer_class = UserPKUpdateSerializer`

			`def perform_update(self, serializer):`
			`user = self.get_object()`
			`user.private_key = serializer.validated_data['_public_key']`
			`user.save()`
user-group delete implement 2016-09-19 07:47:58 +00:00

integrate the user-group list page with its api; 2016-10-02 03:09:27 +00:00			`class GroupDetailApi(generics.RetrieveUpdateDestroyAPIView):`
user-group delete implement 2016-09-19 07:47:58 +00:00			`queryset = UserGroup.objects.all()`
integrate the user-group list page with its api; 2016-10-02 03:09:27 +00:00			`serializer_class = GroupDetailSerializer`
temp 2016-09-21 07:48:21 +00:00
user-group-detail: add users support 2016-09-29 08:41:55 +00:00			`def perform_update(self, serializer):`
			`users = serializer.validated_data.get('users')`
user-group-detail: user-adding frontend integration 2016-09-29 13:14:55 +00:00			`if users:`
user-group-detail: add users support 2016-09-29 08:41:55 +00:00			`group = self.get_object()`
user-group-detail: user-adding frontend integration 2016-09-29 13:14:55 +00:00			# Note: use `list` method to force hitting the db.
			`group_users = list(group.users.all())`
			`serializer.save()`
			`group.users.set(users + group_users)`
user-group-detail: add users support 2016-09-29 08:41:55 +00:00			`group.save()`
			`return`
user-group-detail: user-adding frontend integration 2016-09-29 13:14:55 +00:00			`serializer.save()`
user-group-detail: add users support 2016-09-29 08:41:55 +00:00
temp 2016-09-21 07:48:21 +00:00
integrate the user-group list page with its api; 2016-10-02 03:09:27 +00:00			`class UserListUpdateApi(BulkDeleteApiMixin, ListBulkCreateUpdateDestroyAPIView):`
temp 2016-09-21 07:48:21 +00:00			`queryset = User.objects.all()`
			`serializer_class = UserBulkUpdateSerializer`
Change app name apps => terrminal 2016-10-17 07:24:41 +00:00			`permission_classes = (IsSuperUserOrTerminalUser,)`
Add auth and permission backends 2016-10-15 08:04:54 +00:00
may be some wrong 2016-10-16 14:12:13 +00:00			`# def get(self, request, args, *kwargs):`
			`# return super(UserListUpdateApi, self).get(request, args, *kwargs)`
user bulk delete view 2016-09-23 08:30:59 +00:00
integrate the user-group list page with its api; 2016-10-02 03:09:27 +00:00
			`class GroupListUpdateApi(BulkDeleteApiMixin, ListBulkCreateUpdateDestroyAPIView):`
			`queryset = UserGroup.objects.all()`
			`serializer_class = GroupBulkUpdateSerializer`
add user-list-delete support for user-group detail page 2016-09-26 13:22:48 +00:00

			`class DeleteUserFromGroupApi(generics.DestroyAPIView):`
			`queryset = UserGroup.objects.all()`
integrate the user-group list page with its api; 2016-10-02 03:09:27 +00:00			`serializer_class = GroupDetailSerializer`
add user-list-delete support for user-group detail page 2016-09-26 13:22:48 +00:00
			`def destroy(self, request, args, *kwargs):`
			`group = self.get_object()`
			`self.perform_destroy(group, **kwargs)`
			`return Response(status=status.HTTP_204_NO_CONTENT)`

			`def perform_destroy(self, instance, **kwargs):`
			`user_id = kwargs.get('uid')`
			`user = get_object_or_404(User, id=user_id)`
			`instance.users.remove(user)`
Plan create a new app: terminal 2016-10-15 09:14:56 +00:00

			`class AppUserRegisterApi(generics.CreateAPIView):`
			`"""App send a post request to register a app user`

			request params contains `username_signed`, You can unsign it,
			`username = unsign(username_signed), if you get the username,`
			`It's present it's a valid request, or return (401, Invalid request),`
			`then your should check if the user exist or not. If exist,`
			`return (200, register success), If not, you should be save it, and`
			`notice admin user, The user default is not active before admin user`
			`unblock it.`

			`Save fields:`
			`username:`
			`name: name + request.ip`
			`email: username + '@app.org'`
			`role: App`
			`"""`
			`pass`