github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

perf: 优化 rbac

pull/9649/head
ibuler 2023-02-21 13:39:28 +08:00
parent f4cc03434f
commit 0001ffba1b
14 changed files with 86 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
apps/accounts/migrations/0001_initial.py
View File

@ -50,7 +50,6 @@ class Migration(migrations.Migration):
options={
'verbose_name': 'Account',
'permissions': [('view_accountsecret', 'Can view asset account secret'),
('change_accountsecret', 'Can change asset account secret'),
('view_historyaccount', 'Can view asset history account'),
('view_historyaccountsecret', 'Can view asset history account secret')],
'unique_together': {('username', 'asset', 'secret_type'), ('name', 'asset')},

2
apps/accounts/migrations/0007_alter_account_options.py
View File

@ -12,6 +12,6 @@ class Migration(migrations.Migration):
operations = [
migrations.AlterModelOptions(
name='account',
options={'permissions': [('view_accountsecret', 'Can view asset account secret'), ('view_historyaccount', 'Can view asset history account'), ('view_historyaccountsecret', 'Can view asset history account secret')], 'verbose_name': 'Account'},
options={'permissions': [('view_accountsecret', 'Can view asset account secret'), ('view_historyaccount', 'Can view asset history account'), ('view_historyaccountsecret', 'Can view asset history account secret'), ('verify_account', 'Can verify account'), ('push_account', 'Can push account')], 'verbose_name': 'Account'},
),
]

17
apps/accounts/migrations/0008_alter_account_options.py Normal file
View File

@ -0,0 +1,17 @@
# Generated by Django 3.2.14 on 2023-02-21 05:13
from django.db import migrations
class Migration(migrations.Migration):
dependencies = [
('accounts', '0007_alter_account_options'),
]
operations = [
migrations.AlterModelOptions(
name='account',
options={'permissions': [('view_accountsecret', 'Can view asset account secret'), ('view_historyaccount', 'Can view asset history account'), ('view_historyaccountsecret', 'Can view asset history account secret'), ('verify_account', 'Can verify account'), ('push_account', 'Can push account')], 'verbose_name': 'Account'},
),
]

2
apps/accounts/models/account.py
View File

@ -64,6 +64,8 @@ class Account(AbsConnectivity, BaseAccount):
('view_accountsecret', _('Can view asset account secret')),
('view_historyaccount', _('Can view asset history account')),
('view_historyaccountsecret', _('Can view asset history account secret')),
('verify_account', _('Can verify account')),
('push_account', _('Can push account')),
]
@lazyproperty

4
apps/assets/api/asset/asset.py
View File

@ -180,9 +180,9 @@ class AssetTaskCreateApi(AssetsTaskMixin, generics.CreateAPIView):
def check_permissions(self, request):
action_perm_require = {
"refresh": "assets.refresh_assethardwareinfo",
"push_account": "accounts.add_pushaccountexecution",
"push_account": "accounts.push_account",
"test": "assets.test_assetconnectivity",
"test_account": "assets.test_account",
"test_account": "accounts.verify_account",
}
_action = request.data.get("action")
perm_required = action_perm_require.get(_action)

17
apps/assets/migrations/0110_alter_asset_options.py Normal file
View File

@ -0,0 +1,17 @@
# Generated by Django 3.2.14 on 2023-02-21 05:11
from django.db import migrations
class Migration(migrations.Migration):
dependencies = [
('assets', '0109_alter_asset_options'),
]
operations = [
migrations.AlterModelOptions(
name='asset',
options={'ordering': ['name'], 'permissions': [('refresh_assethardwareinfo', 'Can refresh asset hardware info'), ('test_assetconnectivity', 'Can test asset connectivity'), ('push_assetaccount', 'Can push account to asset'), ('test_account', 'Can verify account'), ('match_asset', 'Can match asset'), ('change_assetnodes', 'Can change asset nodes')], 'verbose_name': 'Asset'},
),
]

17
apps/assets/migrations/0111_alter_asset_options.py Normal file
View File

@ -0,0 +1,17 @@
# Generated by Django 3.2.14 on 2023-02-21 05:22
from django.db import migrations
class Migration(migrations.Migration):
dependencies = [
('assets', '0110_alter_asset_options'),
]
operations = [
migrations.AlterModelOptions(
name='asset',
options={'ordering': ['name'], 'permissions': [('refresh_assethardwareinfo', 'Can refresh asset hardware info'), ('test_assetconnectivity', 'Can test asset connectivity'), ('match_asset', 'Can match asset'), ('change_assetnodes', 'Can change asset nodes')], 'verbose_name': 'Asset'},
),
]

2
apps/assets/models/asset/common.py
View File

@ -281,8 +281,6 @@ class Asset(NodesRelationMixin, AbsConnectivity, JMSOrgBaseModel):
permissions = [
('refresh_assethardwareinfo', _('Can refresh asset hardware info')),
('test_assetconnectivity', _('Can test asset connectivity')),
('push_assetaccount', _('Can push account to asset')),
('test_account', _('Can verify account')),
('match_asset', _('Can match asset')),
('change_assetnodes', _('Can change asset nodes')),
]

2
apps/assets/serializers/asset/common.py
View File

@ -83,7 +83,7 @@ class AssetAccountSerializer(
def validate_push_now(self, value):
request = self.context['request']
if not request.user.has_perms('assets.push_assetaccount'):
if not request.user.has_perms('accounts.push_account'):
return False
return value

4
apps/locale/ja/LC_MESSAGES/django.mo
View File

@ -1,3 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:694d0090ced3dd431fd632329c8d081d696baae99b4e7561ccc5abc5343f82ca
size 135571
oid sha256:ad88d17921655f6102ae29c8f1e34c65eac8eb5217a8ba14d189035db156789a
size 135647

20
apps/locale/ja/LC_MESSAGES/django.po
View File

@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2023-02-21 13:00+0800\n"
"POT-Creation-Date: 2023-02-21 13:14+0800\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@ -215,15 +215,23 @@ msgstr "資産履歴アカウントを表示できます"
msgid "Can view asset history account secret"
msgstr "資産履歴アカウントパスワードを表示できます"
#: accounts/models/account.py:111
#: accounts/models/account.py:67 assets/models/asset/common.py:285
msgid "Can verify account"
msgstr "アカウントを確認できます"
#: accounts/models/account.py:68
msgid "Can push account"
msgstr "アカウントをプッシュできます"
#: accounts/models/account.py:113
msgid "Account template"
msgstr "アカウント テンプレート"
#: accounts/models/account.py:116
#: accounts/models/account.py:118
msgid "Can view asset account template secret"
msgstr "アセット アカウント テンプレートのパスワードを表示できます"
#: accounts/models/account.py:117
#: accounts/models/account.py:119
msgid "Can change asset account template secret"
msgstr "アセット アカウント テンプレートのパスワードを変更できます"
@ -1193,10 +1201,6 @@ msgstr "資産接続をテストできます"
msgid "Can push account to asset"
msgstr "アカウントをアセットにプッシュできます"
#: assets/models/asset/common.py:285
msgid "Can verify account"
msgstr "アカウントを確認できます"
#: assets/models/asset/common.py:286
msgid "Can match asset"
msgstr "アセットを一致させることができます"

4
apps/locale/zh/LC_MESSAGES/django.mo
View File

@ -1,3 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:c18587f19a5d5723a65592162020f8e43b1f69572ec437a83ba914d636f0f32b
size 111452
oid sha256:e044950aeb211a81af9d2530f0468b5aa0ffc3acfffd899fbacb78a769b5de59
size 111504

20
apps/locale/zh/LC_MESSAGES/django.po
View File

@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: JumpServer 0.3.3\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2023-02-21 13:00+0800\n"
"POT-Creation-Date: 2023-02-21 13:14+0800\n"
"PO-Revision-Date: 2021-05-20 10:54+0800\n"
"Last-Translator: ibuler <ibuler@qq.com>\n"
"Language-Team: JumpServer team<ibuler@qq.com>\n"
@ -214,15 +214,23 @@ msgstr "可以查看资产历史账号"
msgid "Can view asset history account secret"
msgstr "可以查看资产历史账号密码"
#: accounts/models/account.py:111
#: accounts/models/account.py:67 assets/models/asset/common.py:285
msgid "Can verify account"
msgstr "可以验证账号"
#: accounts/models/account.py:68
msgid "Can push account"
msgstr "可以推送账号"
#: accounts/models/account.py:113
msgid "Account template"
msgstr "账号模版"
#: accounts/models/account.py:116
#: accounts/models/account.py:118
msgid "Can view asset account template secret"
msgstr "可以查看资产账号模版密码"
#: accounts/models/account.py:117
#: accounts/models/account.py:119
msgid "Can change asset account template secret"
msgstr "可以更改资产账号模版密码"
@ -1185,10 +1193,6 @@ msgstr "可以测试资产连接性"
msgid "Can push account to asset"
msgstr "可以推送账号到资产"
#: assets/models/asset/common.py:285
msgid "Can verify account"
msgstr "可以验证账号"
#: assets/models/asset/common.py:286
msgid "Can match asset"
msgstr "可以匹配资产"

2
apps/rbac/migrations/0011_remove_redundant_permission.py
View File

@ -27,7 +27,7 @@ def migrate_remove_redundant_permission(apps, *args):
perm_model = apps.get_model('auth', 'Permission')
perm_model.objects.filter(codename__in=[
'view_permusergroupasset', 'view_permuserasset', 'push_assetsystemuser', 'change_accountsecret'
'view_permusergroupasset', 'view_permuserasset', 'push_assetsystemuser',
]).delete()