diff --git a/apps/applications/api/application.py b/apps/applications/api/application.py index 1d79e67d1..f6bc7aabf 100644 --- a/apps/applications/api/application.py +++ b/apps/applications/api/application.py @@ -6,7 +6,7 @@ from rest_framework.decorators import action from rest_framework.response import Response from common.tree import TreeNodeSerializer -from common.mixins.views import SuggestionMixin +from common.mixins.api import SuggestionMixin from .. import serializers from ..models import Application diff --git a/apps/applications/migrations/0018_auto_20220223_1642.py b/apps/applications/migrations/0018_auto_20220223_1642.py deleted file mode 100644 index 5f3af1455..000000000 --- a/apps/applications/migrations/0018_auto_20220223_1642.py +++ /dev/null @@ -1,18 +0,0 @@ -# Generated by Django 3.1.14 on 2022-02-23 08:42 - -from django.db import migrations, models - - -class Migration(migrations.Migration): - - dependencies = [ - ('applications', '0017_auto_20220217_2135'), - ] - - operations = [ - migrations.AlterField( - model_name='application', - name='type', - field=models.CharField(choices=[('mysql', 'MySQL'), ('oracle', 'Oracle'), ('postgresql', 'PostgreSQL'), ('mariadb', 'MariaDB'), ('sqlserver', 'SQLServer'), ('redis', 'Redis'), ('mongodb', 'MongoDB'), ('chrome', 'Chrome'), ('mysql_workbench', 'MySQL Workbench'), ('vmware_client', 'vSphere Client'), ('custom', 'Custom'), ('k8s', 'Kubernetes')], max_length=16, verbose_name='Type'), - ), - ] diff --git a/apps/assets/migrations/0087_auto_20220223_1642.py b/apps/assets/migrations/0087_auto_20220223_1642.py deleted file mode 100644 index c2a1b020f..000000000 --- a/apps/assets/migrations/0087_auto_20220223_1642.py +++ /dev/null @@ -1,18 +0,0 @@ -# Generated by Django 3.1.14 on 2022-02-23 08:42 - -from django.db import migrations, models - - -class Migration(migrations.Migration): - - dependencies = [ - ('assets', '0086_auto_20220217_2135'), - ] - - operations = [ - migrations.AlterField( - model_name='systemuser', - name='protocol', - field=models.CharField(choices=[('ssh', 'SSH'), ('rdp', 'RDP'), ('telnet', 'Telnet'), ('vnc', 'VNC'), ('mysql', 'MySQL'), ('oracle', 'Oracle'), ('mariadb', 'MariaDB'), ('postgresql', 'PostgreSQL'), ('sqlserver', 'SQLServer'), ('redis', 'Redis'), ('mongodb', 'MongoDB'), ('k8s', 'K8S')], default='ssh', max_length=16, verbose_name='Protocol'), - ), - ] diff --git a/apps/common/mixins/api/action.py b/apps/common/mixins/api/action.py index 994ade06b..96b01eb08 100644 --- a/apps/common/mixins/api/action.py +++ b/apps/common/mixins/api/action.py @@ -8,7 +8,6 @@ from rest_framework.decorators import action from rest_framework.request import Request from common.const.http import POST -from common.permissions import IsValidUser __all__ = ['SuggestionMixin', 'RenderToJsonMixin'] @@ -23,8 +22,8 @@ class SuggestionMixin: get_serializer: Callable get_paginated_response: Callable - @action(methods=['get'], detail=False, permission_classes=(IsValidUser,)) - def suggestions(self, request, *args, **kwargs): + @action(methods=['get'], detail=False, url_path='suggestions') + def match(self, request, *args, **kwargs): queryset = self.filter_queryset(self.get_queryset()) queryset = queryset[:self.suggestion_limit] page = self.paginate_queryset(queryset) diff --git a/apps/common/mixins/views.py b/apps/common/mixins/views.py index 3d553b3d0..4fc1dbf3c 100644 --- a/apps/common/mixins/views.py +++ b/apps/common/mixins/views.py @@ -8,7 +8,7 @@ from rest_framework.response import Response from common.permissions import IsValidUser -__all__ = ["PermissionsMixin", "SuggestionMixin"] +__all__ = ["PermissionsMixin"] class PermissionsMixin(UserPassesTestMixin): @@ -24,19 +24,3 @@ class PermissionsMixin(UserPassesTestMixin): if not permission_class().has_permission(self.request, self): return False return True - - -class SuggestionMixin: - suggestion_mini_count = 10 - - @action(methods=['get'], detail=False, permission_classes=(IsValidUser,)) - def suggestions(self, request, *args, **kwargs): - queryset = self.filter_queryset(self.get_queryset()) - queryset = queryset[:self.suggestion_mini_count] - page = self.paginate_queryset(queryset) - if page is not None: - serializer = self.get_serializer(page, many=True) - return self.get_paginated_response(serializer.data) - - serializer = self.get_serializer(queryset, many=True) - return Response(serializer.data) \ No newline at end of file diff --git a/apps/perms/migrations/0025_auto_20220223_1642.py b/apps/perms/migrations/0025_auto_20220223_1642.py deleted file mode 100644 index 120039e40..000000000 --- a/apps/perms/migrations/0025_auto_20220223_1642.py +++ /dev/null @@ -1,18 +0,0 @@ -# Generated by Django 3.1.14 on 2022-02-23 08:42 - -from django.db import migrations, models - - -class Migration(migrations.Migration): - - dependencies = [ - ('perms', '0024_auto_20220217_2135'), - ] - - operations = [ - migrations.AlterField( - model_name='applicationpermission', - name='type', - field=models.CharField(choices=[('mysql', 'MySQL'), ('oracle', 'Oracle'), ('postgresql', 'PostgreSQL'), ('mariadb', 'MariaDB'), ('sqlserver', 'SQLServer'), ('redis', 'Redis'), ('mongodb', 'MongoDB'), ('chrome', 'Chrome'), ('mysql_workbench', 'MySQL Workbench'), ('vmware_client', 'vSphere Client'), ('custom', 'Custom'), ('k8s', 'Kubernetes')], max_length=16, verbose_name='Type'), - ), - ] diff --git a/apps/rbac/builtin.py b/apps/rbac/builtin.py index 6d8d2490f..41a621391 100644 --- a/apps/rbac/builtin.py +++ b/apps/rbac/builtin.py @@ -7,6 +7,7 @@ auditor_perms = ( ('common', 'permission', 'view', 'resourcestatistics'), ('audits', '*', '*', '*'), ('rbac', 'menupermission', 'view', 'auditview'), + ('terminal', 'commandstorage', 'view', 'commandstorage'), ('terminal', 'session', '*', '*'), ('terminal', 'command', '*', '*'), ) diff --git a/apps/terminal/api/command.py b/apps/terminal/api/command.py index 5fbb63220..9fa401421 100644 --- a/apps/terminal/api/command.py +++ b/apps/terminal/api/command.py @@ -29,8 +29,8 @@ __all__ = ['CommandViewSet', 'CommandExportApi', 'InsecureCommandAlertAPI'] class CommandQueryMixin: command_store = get_command_storage() filterset_fields = [ - "asset", "system_user", "user", "session", "risk_level", - "input" + "asset", "system_user", "user", "session", + "risk_level", "input" ] default_days_ago = 5 diff --git a/apps/terminal/migrations/0044_auto_20220223_1642.py b/apps/terminal/migrations/0044_auto_20220223_1642.py deleted file mode 100644 index 463312f8e..000000000 --- a/apps/terminal/migrations/0044_auto_20220223_1642.py +++ /dev/null @@ -1,18 +0,0 @@ -# Generated by Django 3.1.14 on 2022-02-23 08:42 - -from django.db import migrations, models - - -class Migration(migrations.Migration): - - dependencies = [ - ('terminal', '0043_auto_20220217_2135'), - ] - - operations = [ - migrations.AlterField( - model_name='session', - name='protocol', - field=models.CharField(choices=[('ssh', 'ssh'), ('rdp', 'rdp'), ('vnc', 'vnc'), ('telnet', 'telnet'), ('mysql', 'mysql'), ('oracle', 'oracle'), ('mariadb', 'mariadb'), ('sqlserver', 'sqlserver'), ('postgresql', 'postgresql'), ('redis', 'redis'), ('mongodb', 'MongoDB'), ('k8s', 'kubernetes')], db_index=True, default='ssh', max_length=16), - ), - ] diff --git a/apps/users/api/user.py b/apps/users/api/user.py index dc818a5cb..092aef223 100644 --- a/apps/users/api/user.py +++ b/apps/users/api/user.py @@ -9,6 +9,7 @@ from rest_framework_bulk import BulkModelViewSet from common.mixins import CommonApiMixin from common.utils import get_logger +from common.mixins.api import SuggestionMixin from orgs.utils import current_org from rbac.models import Role, RoleBinding from users.utils import LoginBlockUtil, MFABlockUtils @@ -30,7 +31,7 @@ __all__ = [ ] -class UserViewSet(CommonApiMixin, UserQuerysetMixin, BulkModelViewSet): +class UserViewSet(CommonApiMixin, UserQuerysetMixin, SuggestionMixin, BulkModelViewSet): filterset_class = UserFilter search_fields = ('username', 'email', 'name', 'id', 'source', 'role') serializer_classes = { @@ -41,7 +42,7 @@ class UserViewSet(CommonApiMixin, UserQuerysetMixin, BulkModelViewSet): ordering_fields = ('name',) ordering = ('name',) rbac_perms = { - 'suggestion': 'users.match_user', + 'match': 'users.match_user', 'invite': 'users.invite_user', 'remove': 'users.remove_user', 'bulk_remove': 'users.remove_user', @@ -51,18 +52,14 @@ class UserViewSet(CommonApiMixin, UserQuerysetMixin, BulkModelViewSet): queryset = super().get_queryset().prefetch_related('groups') return queryset - def list(self, request, *args, **kwargs): - queryset = self.filter_queryset(self.get_queryset()) + def paginate_queryset(self, queryset): + page = super().paginate_queryset(queryset) - page = self.paginate_queryset(queryset) - if page is not None: + if page: page = self.set_users_roles_for_cache(page) - serializer = self.get_serializer(page, many=True) - return self.get_paginated_response(serializer.data) - - queryset = self.set_users_roles_for_cache(queryset) - serializer = self.get_serializer(queryset, many=True) - return Response(serializer.data) + else: + self.set_users_roles_for_cache(queryset) + return page @staticmethod def set_users_roles_for_cache(queryset): @@ -87,7 +84,6 @@ class UserViewSet(CommonApiMixin, UserQuerysetMixin, BulkModelViewSet): for u in queryset_list: system_roles = user_system_role_mapper[u.id] org_roles = user_org_role_mapper[u.id] - u.roles.cache_set(system_roles | org_roles) u.org_roles.cache_set(org_roles) u.system_roles.cache_set(system_roles) return queryset_list @@ -112,13 +108,6 @@ class UserViewSet(CommonApiMixin, UserQuerysetMixin, BulkModelViewSet): self.check_object_permissions(self.request, obj) self.perform_destroy(obj) - @action(methods=['get'], detail=False) - def suggestion(self, *args, **kwargs): - queryset = User.get_nature_users() - queryset = self.filter_queryset(queryset)[:6] - serializer = self.get_serializer(queryset, many=True) - return Response(serializer.data) - @action(methods=['post'], detail=False) def invite(self, request): if not current_org or current_org.is_root(): diff --git a/apps/users/serializers/user.py b/apps/users/serializers/user.py index dcf06b636..293e3c89a 100644 --- a/apps/users/serializers/user.py +++ b/apps/users/serializers/user.py @@ -11,7 +11,6 @@ from rbac.models import OrgRoleBinding, SystemRoleBinding from ..models import User from ..const import PasswordStrategy from rbac.models import Role -from rbac.builtin import BuiltinRole __all__ = [ 'UserSerializer', 'MiniUserSerializer', @@ -180,16 +179,6 @@ class UserSerializer(RolesSerializerMixin, CommonBulkSerializerMixin, serializer attrs = self.clean_auth_fields(attrs) attrs.pop('password_strategy', None) return attrs - # Todo: 不知道怎么优化呢 - # def get_can_update(self, obj): - # return CanUpdateDeleteUser.has_update_object_permission( - # self.context['request'], self.context['view'], obj - # ) - # - # def get_can_delete(self, obj): - # return CanUpdateDeleteUser.has_delete_object_permission( - # self.context['request'], self.context['view'], obj - # ) def save_and_set_custom_m2m_fields(self, validated_data, save_handler): m2m_values = {