jumpserver/apps/settings/api/settings.py

210 lines
8.3 KiB
Python
Raw Normal View History

# -*- coding: utf-8 -*-
#
import re
from django.conf import settings
from django.core.cache import cache
from django.http import HttpResponse
from django.views.static import serve
2023-02-16 10:32:04 +00:00
from rest_framework import generics
from rest_framework import status
from rest_framework.permissions import AllowAny
from rest_framework.views import APIView
2023-02-16 10:32:04 +00:00
from common.utils import get_logger
from jumpserver.conf import Config
fix: fix rbac to dev (#7636) * feat: 添加 RBAC 应用模块 * feat: 添加 RBAC Model、API * feat: 添加 RBAC Model、API 2 * feat: 添加 RBAC Model、API 3 * feat: 添加 RBAC Model、API 4 * feat: RBAC * feat: RBAC * feat: RBAC * feat: RBAC * feat: RBAC * feat: RBAC 整理权限位 * feat: RBAC 整理权限位2 * feat: RBAC 整理权限位2 * feat: RBAC 整理权限位 * feat: RBAC 添加默认角色 * feat: RBAC 添加迁移文件;迁移用户角色->用户角色绑定 * feat: RBAC 添加迁移文件;迁移用户角色->用户角色绑定 * feat: RBAC 修改用户模块API * feat: RBAC 添加组织模块迁移文件 & 修改组织模块API * feat: RBAC 添加组织模块迁移文件 & 修改组织模块API * feat: RBAC 修改用户角色属性的使用 * feat: RBAC No.1 * xxx * perf: 暂存 * perf: ... * perf(rbac): 添加 perms 到 profile serializer 中 * stash * perf: 使用init * perf: 修改migrations * perf: rbac * stash * stash * pref: 修改rbac * stash it * stash: 先去修复其他bug * perf: 修改 role 添加 users * pref: 修改 RBAC Model * feat: 添加权限的 tree api * stash: 暂存一下 * stash: 暂存一下 * perf: 修改 model verbose name * feat: 添加model各种 verbose name * perf: 生成 migrations * perf: 优化权限位 * perf: 添加迁移脚本 * feat: 添加组织角色迁移 * perf: 添加迁移脚本 * stash * perf: 添加migrateion * perf: 暂存一下 * perf: 修改rbac * perf: stash it * fix: 迁移冲突 * fix: 迁移冲突 * perf: 暂存一下 * perf: 修改 rbac 逻辑 * stash: 暂存一下 * perf: 修改内置角色 * perf: 解决 root 组织的问题 * perf: stash it * perf: 优化 rbac * perf: 优化 rolebinding 处理 * perf: 完成用户离开组织的问题 * perf: 暂存一下 * perf: 修改翻译 * perf: 去掉了 IsSuperUser * perf: IsAppUser 去掉完成 * perf: 修改 connection token 的权限 * perf: 去掉导入的问题 * perf: perms define 格式,修改 app 用户 的全新啊 * perf: 修改 permission * perf: 去掉一些 org admin * perf: 去掉部分 org admin * perf: 再去掉点 org admin role * perf: 再去掉部分 org admin * perf: user 角色搜索 * perf: 去掉很多 js * perf: 添加权限位 * perf: 修改权限 * perf: 去掉一个 todo * merge: with dev * fix: 修复冲突 Co-authored-by: Bai <bugatti_it@163.com> Co-authored-by: Michael Bai <baijiangjie@gmail.com> Co-authored-by: ibuler <ibuler@qq.com>
2022-02-17 12:13:31 +00:00
from rbac.permissions import RBACPermission
from .. import serializers
from ..models import Setting
2023-02-16 10:32:04 +00:00
from ..signals import category_setting_updated
from ..utils import get_interface_setting_or_default
logger = get_logger(__file__)
class SettingsApi(generics.RetrieveUpdateAPIView):
fix: fix rbac to dev (#7636) * feat: 添加 RBAC 应用模块 * feat: 添加 RBAC Model、API * feat: 添加 RBAC Model、API 2 * feat: 添加 RBAC Model、API 3 * feat: 添加 RBAC Model、API 4 * feat: RBAC * feat: RBAC * feat: RBAC * feat: RBAC * feat: RBAC * feat: RBAC 整理权限位 * feat: RBAC 整理权限位2 * feat: RBAC 整理权限位2 * feat: RBAC 整理权限位 * feat: RBAC 添加默认角色 * feat: RBAC 添加迁移文件;迁移用户角色->用户角色绑定 * feat: RBAC 添加迁移文件;迁移用户角色->用户角色绑定 * feat: RBAC 修改用户模块API * feat: RBAC 添加组织模块迁移文件 & 修改组织模块API * feat: RBAC 添加组织模块迁移文件 & 修改组织模块API * feat: RBAC 修改用户角色属性的使用 * feat: RBAC No.1 * xxx * perf: 暂存 * perf: ... * perf(rbac): 添加 perms 到 profile serializer 中 * stash * perf: 使用init * perf: 修改migrations * perf: rbac * stash * stash * pref: 修改rbac * stash it * stash: 先去修复其他bug * perf: 修改 role 添加 users * pref: 修改 RBAC Model * feat: 添加权限的 tree api * stash: 暂存一下 * stash: 暂存一下 * perf: 修改 model verbose name * feat: 添加model各种 verbose name * perf: 生成 migrations * perf: 优化权限位 * perf: 添加迁移脚本 * feat: 添加组织角色迁移 * perf: 添加迁移脚本 * stash * perf: 添加migrateion * perf: 暂存一下 * perf: 修改rbac * perf: stash it * fix: 迁移冲突 * fix: 迁移冲突 * perf: 暂存一下 * perf: 修改 rbac 逻辑 * stash: 暂存一下 * perf: 修改内置角色 * perf: 解决 root 组织的问题 * perf: stash it * perf: 优化 rbac * perf: 优化 rolebinding 处理 * perf: 完成用户离开组织的问题 * perf: 暂存一下 * perf: 修改翻译 * perf: 去掉了 IsSuperUser * perf: IsAppUser 去掉完成 * perf: 修改 connection token 的权限 * perf: 去掉导入的问题 * perf: perms define 格式,修改 app 用户 的全新啊 * perf: 修改 permission * perf: 去掉一些 org admin * perf: 去掉部分 org admin * perf: 再去掉点 org admin role * perf: 再去掉部分 org admin * perf: user 角色搜索 * perf: 去掉很多 js * perf: 添加权限位 * perf: 修改权限 * perf: 去掉一个 todo * merge: with dev * fix: 修复冲突 Co-authored-by: Bai <bugatti_it@163.com> Co-authored-by: Michael Bai <baijiangjie@gmail.com> Co-authored-by: ibuler <ibuler@qq.com>
2022-02-17 12:13:31 +00:00
permission_classes = (RBACPermission,)
serializer_class_mapper = {
'all': serializers.SettingsSerializer,
'basic': serializers.BasicSettingSerializer,
'terminal': serializers.TerminalSettingSerializer,
'security': serializers.SecuritySettingSerializer,
2023-08-15 05:45:44 +00:00
'security_auth': serializers.SecurityAuthSerializer,
'security_basic': serializers.SecurityBasicSerializer,
'security_session': serializers.SecuritySessionSerializer,
'security_password': serializers.SecurityPasswordRuleSerializer,
'security_login_limit': serializers.SecurityLoginLimitSerializer,
'ldap': serializers.LDAPSettingSerializer,
'email': serializers.EmailSettingSerializer,
'email_content': serializers.EmailContentSettingSerializer,
'wecom': serializers.WeComSettingSerializer,
'dingtalk': serializers.DingTalkSettingSerializer,
'feishu': serializers.FeiShuSettingSerializer,
2024-03-22 10:05:43 +00:00
'lark': serializers.LarkSettingSerializer,
'slack': serializers.SlackSettingSerializer,
'auth': serializers.AuthSettingSerializer,
'oidc': serializers.OIDCSettingSerializer,
'keycloak': serializers.KeycloakSettingSerializer,
'radius': serializers.RadiusSettingSerializer,
'cas': serializers.CASSettingSerializer,
'saml2': serializers.SAML2SettingSerializer,
'oauth2': serializers.OAuth2SettingSerializer,
'passkey': serializers.PasskeySettingSerializer,
'clean': serializers.CleaningSerializer,
'other': serializers.OtherSettingSerializer,
2021-09-09 12:59:26 +00:00
'sms': serializers.SMSSettingSerializer,
'alibaba': serializers.AlibabaSMSSettingSerializer,
'tencent': serializers.TencentSMSSettingSerializer,
'huawei': serializers.HuaweiSMSSettingSerializer,
'cmpp2': serializers.CMPP2SMSSettingSerializer,
2023-05-24 09:32:57 +00:00
'custom': serializers.CustomSMSSettingSerializer,
'vault': serializers.VaultSettingSerializer,
'chat': serializers.ChatAISettingSerializer,
2023-08-15 05:45:44 +00:00
'announcement': serializers.AnnouncementSettingSerializer,
'ticket': serializers.TicketSettingSerializer,
2023-08-15 08:58:41 +00:00
'ops': serializers.OpsSettingSerializer,
'virtualapp': serializers.VirtualAppSerializer,
2024-05-27 03:13:13 +00:00
'tool': serializers.ToolSerializer,
}
rbac_category_permissions = {
2022-03-14 07:45:51 +00:00
'basic': 'settings.view_setting',
'tool': 'settings.view_setting',
2022-03-14 07:45:51 +00:00
'terminal': 'settings.change_terminal',
'ops': 'settings.change_ops',
'ticket': 'settings.change_ticket',
'virtualapp': 'settings.change_virtualapp',
'announcement': 'settings.change_announcement',
2022-03-14 07:45:51 +00:00
'security': 'settings.change_security',
'security_basic': 'settings.change_security',
'security_auth': 'settings.change_security',
'security_session': 'settings.change_security',
'security_password': 'settings.change_security',
'security_login_limit': 'settings.change_security',
2022-03-14 07:45:51 +00:00
'ldap': 'settings.change_auth',
'cas': 'settings.change_auth',
'oidc': 'settings.change_auth',
'saml2': 'settings.change_auth',
'oauth2': 'settings.change_auth',
2022-03-14 07:45:51 +00:00
'wecom': 'settings.change_auth',
'dingtalk': 'settings.change_auth',
'feishu': 'settings.change_auth',
'lark': 'settings.change_auth',
'slack': 'settings.change_auth',
2022-03-14 07:45:51 +00:00
'auth': 'settings.change_auth',
'passkey': 'settings.change_auth',
2022-03-14 07:45:51 +00:00
'keycloak': 'settings.change_auth',
'radius': 'settings.change_auth',
'sso': 'settings.change_auth',
'clean': 'settings.change_clean',
'other': 'settings.change_other',
'chat': 'settings.change_chatai',
'email': 'settings.change_email',
'email_content': 'settings.change_email',
2022-03-14 07:45:51 +00:00
'sms': 'settings.change_sms',
'alibaba': 'settings.change_sms',
'tencent': 'settings.change_sms',
'huawei': 'settings.change_sms',
'cmpp2': 'settings.change_sms',
'vault': 'settings.change_vault',
}
fix: fix rbac to dev (#7636) * feat: 添加 RBAC 应用模块 * feat: 添加 RBAC Model、API * feat: 添加 RBAC Model、API 2 * feat: 添加 RBAC Model、API 3 * feat: 添加 RBAC Model、API 4 * feat: RBAC * feat: RBAC * feat: RBAC * feat: RBAC * feat: RBAC * feat: RBAC 整理权限位 * feat: RBAC 整理权限位2 * feat: RBAC 整理权限位2 * feat: RBAC 整理权限位 * feat: RBAC 添加默认角色 * feat: RBAC 添加迁移文件;迁移用户角色->用户角色绑定 * feat: RBAC 添加迁移文件;迁移用户角色->用户角色绑定 * feat: RBAC 修改用户模块API * feat: RBAC 添加组织模块迁移文件 & 修改组织模块API * feat: RBAC 添加组织模块迁移文件 & 修改组织模块API * feat: RBAC 修改用户角色属性的使用 * feat: RBAC No.1 * xxx * perf: 暂存 * perf: ... * perf(rbac): 添加 perms 到 profile serializer 中 * stash * perf: 使用init * perf: 修改migrations * perf: rbac * stash * stash * pref: 修改rbac * stash it * stash: 先去修复其他bug * perf: 修改 role 添加 users * pref: 修改 RBAC Model * feat: 添加权限的 tree api * stash: 暂存一下 * stash: 暂存一下 * perf: 修改 model verbose name * feat: 添加model各种 verbose name * perf: 生成 migrations * perf: 优化权限位 * perf: 添加迁移脚本 * feat: 添加组织角色迁移 * perf: 添加迁移脚本 * stash * perf: 添加migrateion * perf: 暂存一下 * perf: 修改rbac * perf: stash it * fix: 迁移冲突 * fix: 迁移冲突 * perf: 暂存一下 * perf: 修改 rbac 逻辑 * stash: 暂存一下 * perf: 修改内置角色 * perf: 解决 root 组织的问题 * perf: stash it * perf: 优化 rbac * perf: 优化 rolebinding 处理 * perf: 完成用户离开组织的问题 * perf: 暂存一下 * perf: 修改翻译 * perf: 去掉了 IsSuperUser * perf: IsAppUser 去掉完成 * perf: 修改 connection token 的权限 * perf: 去掉导入的问题 * perf: perms define 格式,修改 app 用户 的全新啊 * perf: 修改 permission * perf: 去掉一些 org admin * perf: 去掉部分 org admin * perf: 再去掉点 org admin role * perf: 再去掉部分 org admin * perf: user 角色搜索 * perf: 去掉很多 js * perf: 添加权限位 * perf: 修改权限 * perf: 去掉一个 todo * merge: with dev * fix: 修复冲突 Co-authored-by: Bai <bugatti_it@163.com> Co-authored-by: Michael Bai <baijiangjie@gmail.com> Co-authored-by: ibuler <ibuler@qq.com>
2022-02-17 12:13:31 +00:00
def get_queryset(self):
return Setting.objects.all()
def check_permissions(self, request):
category = request.query_params.get('category', 'basic')
2022-03-14 07:45:51 +00:00
perm_required = self.rbac_category_permissions.get(category)
has = self.request.user.has_perm(perm_required)
if not has:
self.permission_denied(request)
def get_serializer_class(self):
category = self.request.query_params.get('category', 'basic')
default = serializers.BasicSettingSerializer
cls = self.serializer_class_mapper.get(category, default)
return cls
def get_fields(self):
serializer = self.get_serializer_class()()
fields = serializer.get_fields()
return fields
def get_object(self):
items = self.get_fields().keys()
obj = {}
for item in items:
if hasattr(settings, item):
obj[item] = getattr(settings, item)
else:
obj[item] = Config.defaults[item]
return obj
def parse_serializer_data(self, serializer):
data = []
fields = self.get_fields()
encrypted_items = [name for name, field in fields.items() if field.write_only]
category = self.request.query_params.get('category', '')
for name, value in serializer.validated_data.items():
encrypted = name in encrypted_items
if encrypted and value in ['', None]:
continue
data.append({
'name': name, 'value': value,
'encrypted': encrypted, 'category': category
})
return data
2023-02-16 10:32:04 +00:00
def send_signal(self, serializer):
category = self.request.query_params.get('category', '')
category_setting_updated.send(sender=self.__class__, category=category, serializer=serializer)
def perform_update(self, serializer):
post_data_names = list(self.request.data.keys())
settings_items = self.parse_serializer_data(serializer)
serializer_data = getattr(serializer, 'data', {})
2023-02-16 10:32:04 +00:00
for item in settings_items:
if item['name'] not in post_data_names:
continue
changed, setting = Setting.update_or_create(**item)
if not changed:
continue
serializer_data[setting.name] = setting.cleaned_value
2023-02-16 10:32:04 +00:00
setattr(serializer, '_data', serializer_data)
if hasattr(serializer, 'post_save'):
serializer.post_save()
2023-02-16 10:32:04 +00:00
self.send_signal(serializer)
if self.request.query_params.get('category') == 'ldap':
self.clean_ldap_user_dn_cache()
@staticmethod
def clean_ldap_user_dn_cache():
del_count = cache.delete_pattern('django_auth_ldap.user_dn.*')
logger.debug(f'clear LDAP user_dn_cache count={del_count}')
class SettingsLogoApi(APIView):
permission_classes = (AllowAny,)
def get(self, request, *args, **kwargs):
size = request.GET.get('size', 'small')
interface_data = get_interface_setting_or_default()
if size == 'small':
logo_path = interface_data['logo_logout']
else:
logo_path = interface_data['logo_index']
if logo_path.startswith('/media/'):
logo_path = logo_path.replace('/media/', '')
document_root = settings.MEDIA_ROOT
elif logo_path.startswith('/static/'):
logo_path = logo_path.replace('/static/', '/')
document_root = settings.STATIC_ROOT
else:
return HttpResponse(status=status.HTTP_404_NOT_FOUND)
return serve(request, logo_path, document_root=document_root)