jumpserver/apps/audits/api.py

# -*- coding: utf-8 -*-
#
from rest_framework.viewsets import GenericViewSet
from rest_framework.mixins import ListModelMixin

from common.mixins.api import CommonApiMixin
from common.permissions import IsOrgAdminOrAppUser, IsOrgAuditor, IsOrgAdmin
from common.drf.filters import DatetimeRangeFilter, current_user_filter
from common.api import CommonGenericViewSet
from orgs.mixins.api import OrgGenericViewSet
from orgs.utils import current_org
from ops.models import CommandExecution
from .models import FTPLog, UserLoginLog, OperateLog, PasswordChangeLog
from .serializers import FTPLogSerializer, UserLoginLogSerializer, CommandExecutionSerializer
from .serializers import OperateLogSerializer, PasswordChangeLogSerializer
from .filters import CurrentOrgMembersFilter


class FTPLogViewSet(ListModelMixin, OrgGenericViewSet):
    model = FTPLog
    serializer_class = FTPLogSerializer
    permission_classes = (IsOrgAdminOrAppUser | IsOrgAuditor,)
    extra_filter_backends = [DatetimeRangeFilter]
    date_range_filter_fields = [
        ('date_start', ('date_from', 'date_to'))
    ]
    filterset_fields = ['user', 'asset', 'system_user']
    search_fields = ['filename']


class UserLoginLogViewSet(ListModelMixin,
                          CommonGenericViewSet):
    queryset = UserLoginLog.objects.all()
    permission_classes = [IsOrgAdmin | IsOrgAuditor]
    serializer_class = UserLoginLogSerializer
    extra_filter_backends = [DatetimeRangeFilter]
    date_range_filter_fields = [
        ('datetime', ('date_from', 'date_to'))
    ]
    filter_fields = ['username', 'ip', 'city', 'type', 'status', 'mfa']
    search_fields =['username', 'ip', 'city']

    @staticmethod
    def get_org_members():
        users = current_org.get_org_members().values_list('username', flat=True)
        return users

    def get_queryset(self):
        queryset = super().get_queryset()
        if not current_org.is_default():
            users = self.get_org_members()
            queryset = queryset.filter(username__in=users)
        return queryset


class OperateLogViewSet(ListModelMixin, OrgGenericViewSet):
    model = OperateLog
    serializer_class = OperateLogSerializer
    permission_classes = [IsOrgAdmin | IsOrgAuditor]
    extra_filter_backends = [DatetimeRangeFilter]
    date_range_filter_fields = [
        ('datetime', ('date_from', 'date_to'))
    ]
    filter_fields = ['user', 'action', 'resource_type', 'resource']
    search_fields = ['resource']
    ordering_fields = ['-datetime']


class PasswordChangeLogViewSet(ListModelMixin, CommonGenericViewSet):
    queryset = PasswordChangeLog.objects.all()
    permission_classes = [IsOrgAdmin | IsOrgAuditor]
    serializer_class = PasswordChangeLogSerializer
    extra_filter_backends = [DatetimeRangeFilter]
    date_range_filter_fields = [
        ('datetime', ('date_from', 'date_to'))
    ]
    filterset_fields = ['user']
    ordering_fields = ['-datetime']

    def get_queryset(self):
        users = current_org.get_org_members()
        queryset = super().get_queryset().filter(
            user__in=[user.__str__() for user in users]
        )
        return queryset


class CommandExecutionViewSet(ListModelMixin, OrgGenericViewSet):
    model = CommandExecution
    serializer_class = CommandExecutionSerializer
    permission_classes = [IsOrgAdmin | IsOrgAuditor]
    extra_filter_backends = [DatetimeRangeFilter, current_user_filter(), CurrentOrgMembersFilter]
    date_range_filter_fields = [
        ('date_start', ('date_from', 'date_to'))
    ]
    search_fields = ['command']
    ordering_fields = ['-date_created']
[Update] 添加审计模块 7 years ago			`# -- coding: utf-8 --`
			`#`
[feature] 添加 login-logs API 5 years ago			`from rest_framework.viewsets import GenericViewSet`
			`from rest_framework.mixins import ListModelMixin`
[Update] 添加审计模块 7 years ago
[feature] 添加 login-logs API 5 years ago			`from common.mixins.api import CommonApiMixin`
			`from common.permissions import IsOrgAdminOrAppUser, IsOrgAuditor, IsOrgAdmin`
[Add] audits apis 5 years ago			`from common.drf.filters import DatetimeRangeFilter, current_user_filter`
			`from common.api import CommonGenericViewSet`
[Add] ftp-logs api 5 years ago			`from orgs.mixins.api import OrgGenericViewSet`
[feature] 添加 login-logs API 5 years ago			`from orgs.utils import current_org`
[Add] audits apis 5 years ago			`from ops.models import CommandExecution`
			`from .models import FTPLog, UserLoginLog, OperateLog, PasswordChangeLog`
			`from .serializers import FTPLogSerializer, UserLoginLogSerializer, CommandExecutionSerializer`
			`from .serializers import OperateLogSerializer, PasswordChangeLogSerializer`
			`from .filters import CurrentOrgMembersFilter`
[Update] 添加审计模块 7 years ago

[Add] ftp-logs api 5 years ago			`class FTPLogViewSet(ListModelMixin, OrgGenericViewSet):`
Asset favor (#3352) * [Update] 拆分filter org * [Update] 修改session支持protocol搜索 * [Bugfix] 修复判断问题 * [Update] 支持收藏资产 * [update] 修改org resource queryset * [Update] 修改form serializer 对应的多对多字段 * [Bugfix] 修复其他组织取消收藏的bug * [Update] 去掉debug信息 * [Update] 修改remote app get queryset * [Update] 修改remote app get queryset * [Update] 修改没有授权时显示情况 * [Bugfix] 修复组织管理员查看用户权限失败问题 * [Update] 优化forms assets queryset设置 5 years ago			`model = FTPLog`
[Update] 添加审计模块 7 years ago			`serializer_class = FTPLogSerializer`
超级管理员可创建超级审计员并可设置审计员为组织审计员 (#3141) * [Update] 超级管理员可创建超级审计员并可设置审计员为组织审计员 * [Update] 修改小问题 * [Update] 修改普通用户角色可以是组织审计员 * [Update] 更改组织审计员切换组织问题 * [Update] 修改小问题 * [Update] 普通用户是组织审计员的页面左侧栏显示 * [Update] 修改删除权限问题和组织显示问题 * [Update] 优化逻辑 * [Update] 优化类名 * [Update] 修改小问题 * [Update] 优化逻辑 * [Update] 优化切换到某一个组织逻辑 * [Update] 修改用户详情页的删除/更新按钮是否可点击 * [Update] 优化代码 * [Update] 组织管理列表增加审计员显示 * [Update] 优化代码细节 * [Update] 优化权限类逻辑 * [Update] 优化导航菜单控制 * [Update] 优化页面控制逻辑 * [Update] 修改变量名错误问题 * [Update] 修改页面上的小问题 * [Update] 审计员或组织审计员能够更新个人部分信息 * [Update] 用户名为admin的用户不能被删除 * [Update] 不同用户在不同组织下扮演不同角色的权限不同，为了避免切换组织时出现403,重定向到index * [Update] 一个用户在同一个组织既是管理员又是审计员，隐藏个人信息模块，仅当是审计员，在当前组织显示个人信息模块 * [Update] 修改方法命名 * [Update] 优化代码细节 * [Update] 修改命令执行列表方法 * [Update] 优化用户之间操作的权限逻辑；添加 UserModel 的 property 属性；修改 Organization 的 related name 名称； * [Update] 修改OrgProcessor Anonymous问题 * [Update] 修改用户序列类校验组织和转换raw密码的逻辑 5 years ago			`permission_classes = (IsOrgAdminOrAppUser \| IsOrgAuditor,)`
[Add] ftp-logs api 5 years ago			`extra_filter_backends = [DatetimeRangeFilter]`
			`date_range_filter_fields = [`
			`('date_start', ('date_from', 'date_to'))`
			`]`
			`filterset_fields = ['user', 'asset', 'system_user']`
			`search_fields = ['filename']`
[feature] 添加 login-logs API 5 years ago

[Add] audits apis 5 years ago			`class UserLoginLogViewSet(ListModelMixin,`
			`CommonGenericViewSet):`
[feature] 添加 login-logs API 5 years ago			`queryset = UserLoginLog.objects.all()`
			`permission_classes = [IsOrgAdmin \| IsOrgAuditor]`
			`serializer_class = UserLoginLogSerializer`
			`extra_filter_backends = [DatetimeRangeFilter]`
			`date_range_filter_fields = [`
			`('datetime', ('date_from', 'date_to'))`
			`]`
feat: audits中添加id字段 5 years ago			`filter_fields = ['username', 'ip', 'city', 'type', 'status', 'mfa']`
			`search_fields =['username', 'ip', 'city']`
[feature] 添加 login-logs API 5 years ago
			`@staticmethod`
			`def get_org_members():`
			`users = current_org.get_org_members().values_list('username', flat=True)`
			`return users`

			`def get_queryset(self):`
			`queryset = super().get_queryset()`
			`if not current_org.is_default():`
			`users = self.get_org_members()`
			`queryset = queryset.filter(username__in=users)`
			`return queryset`
[Add] audits apis 5 years ago

			`class OperateLogViewSet(ListModelMixin, OrgGenericViewSet):`
			`model = OperateLog`
			`serializer_class = OperateLogSerializer`
			`permission_classes = [IsOrgAdmin \| IsOrgAuditor]`
			`extra_filter_backends = [DatetimeRangeFilter]`
			`date_range_filter_fields = [`
			`('datetime', ('date_from', 'date_to'))`
			`]`
feat: audits中添加id字段 5 years ago			`filter_fields = ['user', 'action', 'resource_type', 'resource']`
			`search_fields = ['resource']`
[Add] audits apis 5 years ago			`ordering_fields = ['-datetime']`


			`class PasswordChangeLogViewSet(ListModelMixin, CommonGenericViewSet):`
			`queryset = PasswordChangeLog.objects.all()`
			`permission_classes = [IsOrgAdmin \| IsOrgAuditor]`
			`serializer_class = PasswordChangeLogSerializer`
			`extra_filter_backends = [DatetimeRangeFilter]`
			`date_range_filter_fields = [`
			`('datetime', ('date_from', 'date_to'))`
			`]`
			`filterset_fields = ['user']`
			`ordering_fields = ['-datetime']`

			`def get_queryset(self):`
			`users = current_org.get_org_members()`
			`queryset = super().get_queryset().filter(`
			`user__in=[user.__str__() for user in users]`
			`)`
			`return queryset`


			`class CommandExecutionViewSet(ListModelMixin, OrgGenericViewSet):`
			`model = CommandExecution`
			`serializer_class = CommandExecutionSerializer`
			`permission_classes = [IsOrgAdmin \| IsOrgAuditor]`
			`extra_filter_backends = [DatetimeRangeFilter, current_user_filter(), CurrentOrgMembersFilter]`
			`date_range_filter_fields = [`
			`('date_start', ('date_from', 'date_to'))`
			`]`
			`search_fields = ['command']`
			`ordering_fields = ['-date_created']`