2021-09-09 06:00:50 +00:00
|
|
|
# -*- coding: utf-8 -*-
|
|
|
|
#
|
|
|
|
|
|
|
|
from django.conf import settings
|
2023-07-14 15:01:48 +00:00
|
|
|
from django.http import HttpResponse
|
|
|
|
from django.views.static import serve
|
2023-02-16 10:32:04 +00:00
|
|
|
from rest_framework import generics
|
2023-07-14 15:01:48 +00:00
|
|
|
from rest_framework import status
|
2023-07-14 08:54:42 +00:00
|
|
|
from rest_framework.permissions import AllowAny
|
|
|
|
from rest_framework.views import APIView
|
2021-09-09 06:00:50 +00:00
|
|
|
|
2023-02-16 10:32:04 +00:00
|
|
|
from common.utils import get_logger
|
2021-09-09 06:00:50 +00:00
|
|
|
from jumpserver.conf import Config
|
2022-02-17 12:13:31 +00:00
|
|
|
from rbac.permissions import RBACPermission
|
2021-09-09 06:00:50 +00:00
|
|
|
from .. import serializers
|
|
|
|
from ..models import Setting
|
2023-02-16 10:32:04 +00:00
|
|
|
from ..signals import category_setting_updated
|
2023-07-14 08:54:42 +00:00
|
|
|
from ..utils import get_interface_setting_or_default
|
2021-09-09 06:00:50 +00:00
|
|
|
|
|
|
|
logger = get_logger(__file__)
|
|
|
|
|
|
|
|
|
|
|
|
class SettingsApi(generics.RetrieveUpdateAPIView):
|
2022-02-17 12:13:31 +00:00
|
|
|
permission_classes = (RBACPermission,)
|
|
|
|
|
2021-09-09 06:00:50 +00:00
|
|
|
serializer_class_mapper = {
|
|
|
|
'all': serializers.SettingsSerializer,
|
|
|
|
'basic': serializers.BasicSettingSerializer,
|
|
|
|
'terminal': serializers.TerminalSettingSerializer,
|
|
|
|
'security': serializers.SecuritySettingSerializer,
|
2023-08-15 05:45:44 +00:00
|
|
|
'security_auth': serializers.SecurityAuthSerializer,
|
|
|
|
'security_basic': serializers.SecurityBasicSerializer,
|
|
|
|
'security_session': serializers.SecuritySessionSerializer,
|
|
|
|
'security_password': serializers.SecurityPasswordRuleSerializer,
|
|
|
|
'security_login_limit': serializers.SecurityLoginLimitSerializer,
|
2021-09-09 06:00:50 +00:00
|
|
|
'ldap': serializers.LDAPSettingSerializer,
|
|
|
|
'email': serializers.EmailSettingSerializer,
|
|
|
|
'email_content': serializers.EmailContentSettingSerializer,
|
|
|
|
'wecom': serializers.WeComSettingSerializer,
|
|
|
|
'dingtalk': serializers.DingTalkSettingSerializer,
|
|
|
|
'feishu': serializers.FeiShuSettingSerializer,
|
2023-11-29 09:45:44 +00:00
|
|
|
'slack': serializers.SlackSettingSerializer,
|
2021-09-09 06:00:50 +00:00
|
|
|
'auth': serializers.AuthSettingSerializer,
|
|
|
|
'oidc': serializers.OIDCSettingSerializer,
|
|
|
|
'keycloak': serializers.KeycloakSettingSerializer,
|
|
|
|
'radius': serializers.RadiusSettingSerializer,
|
|
|
|
'cas': serializers.CASSettingSerializer,
|
2021-12-09 07:47:21 +00:00
|
|
|
'saml2': serializers.SAML2SettingSerializer,
|
2022-08-04 06:40:33 +00:00
|
|
|
'oauth2': serializers.OAuth2SettingSerializer,
|
2023-09-11 10:15:03 +00:00
|
|
|
'passkey': serializers.PasskeySettingSerializer,
|
2021-09-09 06:00:50 +00:00
|
|
|
'clean': serializers.CleaningSerializer,
|
|
|
|
'other': serializers.OtherSettingSerializer,
|
2021-09-09 12:59:26 +00:00
|
|
|
'sms': serializers.SMSSettingSerializer,
|
2021-08-24 06:20:54 +00:00
|
|
|
'alibaba': serializers.AlibabaSMSSettingSerializer,
|
|
|
|
'tencent': serializers.TencentSMSSettingSerializer,
|
2022-09-06 02:02:51 +00:00
|
|
|
'huawei': serializers.HuaweiSMSSettingSerializer,
|
2022-08-09 08:09:20 +00:00
|
|
|
'cmpp2': serializers.CMPP2SMSSettingSerializer,
|
2023-05-24 09:32:57 +00:00
|
|
|
'custom': serializers.CustomSMSSettingSerializer,
|
2023-07-31 09:39:30 +00:00
|
|
|
'vault': serializers.VaultSettingSerializer,
|
2023-12-05 02:58:19 +00:00
|
|
|
'chat': serializers.ChatAISettingSerializer,
|
2023-08-15 05:45:44 +00:00
|
|
|
'announcement': serializers.AnnouncementSettingSerializer,
|
|
|
|
'ticket': serializers.TicketSettingSerializer,
|
2023-08-15 08:58:41 +00:00
|
|
|
'ops': serializers.OpsSettingSerializer,
|
2023-12-20 07:53:48 +00:00
|
|
|
'virtualapp': serializers.VirtualAppSerializer,
|
2021-09-09 06:00:50 +00:00
|
|
|
}
|
|
|
|
|
2022-03-11 09:33:12 +00:00
|
|
|
rbac_category_permissions = {
|
2022-03-14 07:45:51 +00:00
|
|
|
'basic': 'settings.view_setting',
|
|
|
|
'terminal': 'settings.change_terminal',
|
2023-10-19 07:15:02 +00:00
|
|
|
'ops': 'settings.change_ops',
|
|
|
|
'ticket': 'settings.change_ticket',
|
2023-12-20 07:53:48 +00:00
|
|
|
'virtualapp': 'settings.change_virtualapp',
|
2023-10-19 07:15:02 +00:00
|
|
|
'announcement': 'settings.change_announcement',
|
2022-03-14 07:45:51 +00:00
|
|
|
'security': 'settings.change_security',
|
2023-10-16 11:33:13 +00:00
|
|
|
'security_basic': 'settings.change_security',
|
|
|
|
'security_auth': 'settings.change_security',
|
|
|
|
'security_session': 'settings.change_security',
|
|
|
|
'security_password': 'settings.change_security',
|
|
|
|
'security_login_limit': 'settings.change_security',
|
2022-03-14 07:45:51 +00:00
|
|
|
'ldap': 'settings.change_auth',
|
|
|
|
'email': 'settings.change_email',
|
|
|
|
'email_content': 'settings.change_email',
|
|
|
|
'wecom': 'settings.change_auth',
|
|
|
|
'dingtalk': 'settings.change_auth',
|
|
|
|
'feishu': 'settings.change_auth',
|
|
|
|
'auth': 'settings.change_auth',
|
|
|
|
'oidc': 'settings.change_auth',
|
|
|
|
'keycloak': 'settings.change_auth',
|
|
|
|
'radius': 'settings.change_auth',
|
|
|
|
'cas': 'settings.change_auth',
|
|
|
|
'sso': 'settings.change_auth',
|
|
|
|
'saml2': 'settings.change_auth',
|
2023-02-18 09:55:11 +00:00
|
|
|
'oauth2': 'settings.change_auth',
|
2022-03-14 07:45:51 +00:00
|
|
|
'clean': 'settings.change_clean',
|
|
|
|
'other': 'settings.change_other',
|
|
|
|
'sms': 'settings.change_sms',
|
|
|
|
'alibaba': 'settings.change_sms',
|
|
|
|
'tencent': 'settings.change_sms',
|
2023-07-31 09:39:30 +00:00
|
|
|
'vault': 'settings.change_vault',
|
2022-03-11 09:33:12 +00:00
|
|
|
}
|
|
|
|
|
2022-02-17 12:13:31 +00:00
|
|
|
def get_queryset(self):
|
|
|
|
return Setting.objects.all()
|
|
|
|
|
2022-03-11 09:33:12 +00:00
|
|
|
def check_permissions(self, request):
|
|
|
|
category = request.query_params.get('category', 'basic')
|
2022-03-14 07:45:51 +00:00
|
|
|
perm_required = self.rbac_category_permissions.get(category)
|
|
|
|
has = self.request.user.has_perm(perm_required)
|
|
|
|
|
|
|
|
if not has:
|
2022-03-11 09:33:12 +00:00
|
|
|
self.permission_denied(request)
|
|
|
|
|
2021-09-09 06:00:50 +00:00
|
|
|
def get_serializer_class(self):
|
|
|
|
category = self.request.query_params.get('category', 'basic')
|
|
|
|
default = serializers.BasicSettingSerializer
|
|
|
|
cls = self.serializer_class_mapper.get(category, default)
|
|
|
|
return cls
|
|
|
|
|
|
|
|
def get_fields(self):
|
|
|
|
serializer = self.get_serializer_class()()
|
|
|
|
fields = serializer.get_fields()
|
|
|
|
return fields
|
|
|
|
|
|
|
|
def get_object(self):
|
|
|
|
items = self.get_fields().keys()
|
|
|
|
obj = {}
|
|
|
|
for item in items:
|
|
|
|
if hasattr(settings, item):
|
|
|
|
obj[item] = getattr(settings, item)
|
|
|
|
else:
|
|
|
|
obj[item] = Config.defaults[item]
|
|
|
|
return obj
|
|
|
|
|
|
|
|
def parse_serializer_data(self, serializer):
|
|
|
|
data = []
|
|
|
|
fields = self.get_fields()
|
|
|
|
encrypted_items = [name for name, field in fields.items() if field.write_only]
|
|
|
|
category = self.request.query_params.get('category', '')
|
|
|
|
for name, value in serializer.validated_data.items():
|
|
|
|
encrypted = name in encrypted_items
|
|
|
|
if encrypted and value in ['', None]:
|
|
|
|
continue
|
|
|
|
data.append({
|
|
|
|
'name': name, 'value': value,
|
|
|
|
'encrypted': encrypted, 'category': category
|
|
|
|
})
|
|
|
|
return data
|
|
|
|
|
2023-02-16 10:32:04 +00:00
|
|
|
def send_signal(self, serializer):
|
|
|
|
category = self.request.query_params.get('category', '')
|
|
|
|
category_setting_updated.send(sender=self.__class__, category=category, serializer=serializer)
|
|
|
|
|
2021-09-09 06:00:50 +00:00
|
|
|
def perform_update(self, serializer):
|
2022-08-04 06:40:33 +00:00
|
|
|
post_data_names = list(self.request.data.keys())
|
2021-09-09 06:00:50 +00:00
|
|
|
settings_items = self.parse_serializer_data(serializer)
|
|
|
|
serializer_data = getattr(serializer, 'data', {})
|
2023-02-16 10:32:04 +00:00
|
|
|
|
2021-09-09 06:00:50 +00:00
|
|
|
for item in settings_items:
|
2022-08-04 06:40:33 +00:00
|
|
|
if item['name'] not in post_data_names:
|
|
|
|
continue
|
2021-09-09 06:00:50 +00:00
|
|
|
changed, setting = Setting.update_or_create(**item)
|
|
|
|
if not changed:
|
|
|
|
continue
|
|
|
|
serializer_data[setting.name] = setting.cleaned_value
|
2023-02-16 10:32:04 +00:00
|
|
|
|
2021-09-09 06:00:50 +00:00
|
|
|
setattr(serializer, '_data', serializer_data)
|
|
|
|
if hasattr(serializer, 'post_save'):
|
|
|
|
serializer.post_save()
|
2023-02-16 10:32:04 +00:00
|
|
|
self.send_signal(serializer)
|
2023-07-14 08:54:42 +00:00
|
|
|
|
|
|
|
|
|
|
|
class SettingsLogoApi(APIView):
|
|
|
|
permission_classes = (AllowAny,)
|
|
|
|
|
|
|
|
def get(self, request, *args, **kwargs):
|
|
|
|
size = request.GET.get('size', 'small')
|
|
|
|
interface_data = get_interface_setting_or_default()
|
|
|
|
if size == 'small':
|
|
|
|
logo_path = interface_data['logo_logout']
|
|
|
|
else:
|
|
|
|
logo_path = interface_data['logo_index']
|
|
|
|
|
2023-07-14 15:01:48 +00:00
|
|
|
if logo_path.startswith('/media/'):
|
|
|
|
logo_path = logo_path.replace('/media/', '')
|
|
|
|
document_root = settings.MEDIA_ROOT
|
|
|
|
elif logo_path.startswith('/static/'):
|
|
|
|
logo_path = logo_path.replace('/static/', '/')
|
|
|
|
document_root = settings.STATIC_ROOT
|
|
|
|
else:
|
|
|
|
return HttpResponse(status=status.HTTP_404_NOT_FOUND)
|
|
|
|
return serve(request, logo_path, document_root=document_root)
|