jumpserver/apps/audits/api.py

136 lines
4.8 KiB
Python
Raw Normal View History

2018-04-06 03:27:52 +00:00
# -*- coding: utf-8 -*-
#
2020-06-16 08:33:53 +00:00
from rest_framework.mixins import ListModelMixin, CreateModelMixin
2020-06-04 12:00:39 +00:00
from django.db.models import F, Value
from django.db.models.functions import Concat
2018-04-06 03:27:52 +00:00
2020-04-29 11:05:56 +00:00
from common.permissions import IsOrgAdminOrAppUser, IsOrgAuditor, IsOrgAdmin
2020-06-05 06:20:34 +00:00
from common.drf.filters import DatetimeRangeFilter
2020-05-08 08:48:26 +00:00
from common.api import CommonGenericViewSet
2020-06-04 12:00:39 +00:00
from orgs.mixins.api import OrgGenericViewSet, OrgBulkModelViewSet, OrgRelationMixin
2020-04-29 11:05:56 +00:00
from orgs.utils import current_org
2020-05-08 08:48:26 +00:00
from ops.models import CommandExecution
from .models import FTPLog, UserLoginLog, OperateLog, PasswordChangeLog
from .serializers import FTPLogSerializer, UserLoginLogSerializer, CommandExecutionSerializer
2020-06-04 12:00:39 +00:00
from .serializers import OperateLogSerializer, PasswordChangeLogSerializer, CommandExecutionHostsRelationSerializer
2018-04-06 03:27:52 +00:00
2020-06-16 08:33:53 +00:00
class FTPLogViewSet(CreateModelMixin,
ListModelMixin,
OrgGenericViewSet):
model = FTPLog
2018-04-06 03:27:52 +00:00
serializer_class = FTPLogSerializer
超级管理员可创建超级审计员并可设置审计员为组织审计员 (#3141) * [Update] 超级管理员可创建超级审计员并可设置审计员为组织审计员 * [Update] 修改小问题 * [Update] 修改普通用户角色可以是组织审计员 * [Update] 更改组织审计员切换组织问题 * [Update] 修改小问题 * [Update] 普通用户是组织审计员的页面左侧栏显示 * [Update] 修改删除权限问题和组织显示问题 * [Update] 优化逻辑 * [Update] 优化类名 * [Update] 修改小问题 * [Update] 优化逻辑 * [Update] 优化切换到某一个组织逻辑 * [Update] 修改用户详情页的 删除/更新 按钮是否可点击 * [Update] 优化代码 * [Update] 组织管理列表增加审计员显示 * [Update] 优化代码细节 * [Update] 优化权限类逻辑 * [Update] 优化导航菜单控制 * [Update] 优化页面控制逻辑 * [Update] 修改变量名错误问题 * [Update] 修改页面上的小问题 * [Update] 审计员或组织审计员能够更新个人部分信息 * [Update] 用户名为admin的用户不能被删除 * [Update] 不同用户在不同组织下扮演不同角色的权限不同,为了避免切换组织时出现403,重定向到index * [Update] 一个用户在同一个组织既是管理员又是审计员,隐藏个人信息模块,仅当是审计员,在当前组织显示个人信息模块 * [Update] 修改方法命名 * [Update] 优化代码细节 * [Update] 修改命令执行列表方法 * [Update] 优化用户之间操作的权限逻辑;添加 UserModel 的 property 属性;修改 Organization 的 related name 名称; * [Update] 修改OrgProcessor Anonymous问题 * [Update] 修改用户序列类校验组织和转换raw密码的逻辑
2019-09-12 10:56:26 +00:00
permission_classes = (IsOrgAdminOrAppUser | IsOrgAuditor,)
2020-05-08 04:46:18 +00:00
extra_filter_backends = [DatetimeRangeFilter]
date_range_filter_fields = [
('date_start', ('date_from', 'date_to'))
]
filterset_fields = ['user', 'asset', 'system_user', 'filename']
search_fields = filterset_fields
ordering = ['-date_start']
2020-04-29 11:05:56 +00:00
class UserLoginLogViewSet(ListModelMixin, CommonGenericViewSet):
2020-04-29 11:05:56 +00:00
queryset = UserLoginLog.objects.all()
permission_classes = [IsOrgAdmin | IsOrgAuditor]
serializer_class = UserLoginLogSerializer
extra_filter_backends = [DatetimeRangeFilter]
date_range_filter_fields = [
('datetime', ('date_from', 'date_to'))
]
filterset_fields = ['username', 'ip', 'city', 'type', 'status', 'mfa']
search_fields = ['username', 'ip', 'city']
2020-04-29 11:05:56 +00:00
@staticmethod
def get_org_members():
2020-07-20 02:42:22 +00:00
users = current_org.get_members().values_list('username', flat=True)
2020-04-29 11:05:56 +00:00
return users
def get_queryset(self):
queryset = super().get_queryset()
if current_org.is_root():
return queryset
users = self.get_org_members()
queryset = queryset.filter(username__in=users)
2020-04-29 11:05:56 +00:00
return queryset
2020-05-08 08:48:26 +00:00
class OperateLogViewSet(ListModelMixin, OrgGenericViewSet):
model = OperateLog
serializer_class = OperateLogSerializer
permission_classes = [IsOrgAdmin | IsOrgAuditor]
extra_filter_backends = [DatetimeRangeFilter]
date_range_filter_fields = [
('datetime', ('date_from', 'date_to'))
]
filterset_fields = ['user', 'action', 'resource_type', 'resource', 'remote_addr']
2020-06-02 07:41:27 +00:00
search_fields = ['resource']
ordering = ['-datetime']
2020-05-08 08:48:26 +00:00
class PasswordChangeLogViewSet(ListModelMixin, CommonGenericViewSet):
queryset = PasswordChangeLog.objects.all()
permission_classes = [IsOrgAdmin | IsOrgAuditor]
serializer_class = PasswordChangeLogSerializer
extra_filter_backends = [DatetimeRangeFilter]
date_range_filter_fields = [
('datetime', ('date_from', 'date_to'))
]
filterset_fields = ['user', 'change_by', 'remote_addr']
search_fields = filterset_fields
ordering = ['-datetime']
2020-05-08 08:48:26 +00:00
def get_queryset(self):
2020-07-20 02:42:22 +00:00
users = current_org.get_members()
2020-05-08 08:48:26 +00:00
queryset = super().get_queryset().filter(
user__in=[user.__str__() for user in users]
)
return queryset
class CommandExecutionViewSet(ListModelMixin, OrgGenericViewSet):
model = CommandExecution
serializer_class = CommandExecutionSerializer
permission_classes = [IsOrgAdmin | IsOrgAuditor]
2020-06-05 06:20:34 +00:00
extra_filter_backends = [DatetimeRangeFilter]
2020-05-08 08:48:26 +00:00
date_range_filter_fields = [
('date_start', ('date_from', 'date_to'))
]
filterset_fields = [
'user__name', 'user__username', 'command',
'run_as__name', 'run_as__username', 'is_finished'
]
search_fields = [
'command', 'user__name', 'user__username',
'run_as__name', 'run_as__username',
]
ordering = ['-date_created']
2020-06-04 12:00:39 +00:00
2020-06-05 06:20:34 +00:00
def get_queryset(self):
queryset = super().get_queryset()
if current_org.is_root():
return queryset
2020-06-05 06:20:34 +00:00
queryset = queryset.filter(run_as__org_id=current_org.org_id())
return queryset
2020-06-04 12:00:39 +00:00
class CommandExecutionHostRelationViewSet(OrgRelationMixin, OrgBulkModelViewSet):
serializer_class = CommandExecutionHostsRelationSerializer
m2m_field = CommandExecution.hosts.field
permission_classes = [IsOrgAdmin | IsOrgAuditor]
filterset_fields = [
2020-06-04 12:00:39 +00:00
'id', 'asset', 'commandexecution'
]
search_fields = ('asset__hostname', )
http_method_names = ['options', 'get']
def get_queryset(self):
queryset = super().get_queryset()
queryset = queryset.annotate(
asset_display=Concat(
F('asset__hostname'), Value('('),
F('asset__ip'), Value(')')
)
)
return queryset