From 4057064b7f4f06fee12eae33c74b799f24d5dc40 Mon Sep 17 00:00:00 2001 From: BaiJiangJie Date: Tue, 12 Nov 2019 19:00:53 +0800 Subject: [PATCH 1/3] =?UTF-8?q?[Update]=20=E4=BF=AE=E6=94=B9=E8=8E=B7?= =?UTF-8?q?=E5=8F=96=E7=B3=BB=E7=BB=9F=E7=94=A8=E6=88=B7-=E8=B5=84?= =?UTF-8?q?=E4=BA=A7-=E8=AE=A4=E8=AF=81=E4=BF=A1=E6=81=AFAPI=EF=BC=8C?= =?UTF-8?q?=E6=B7=BB=E5=8A=A0=20NeedMFAVerify=20=E6=9D=83=E9=99=90?= =?UTF-8?q?=E7=B1=BB?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/assets/api/system_user.py | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/apps/assets/api/system_user.py b/apps/assets/api/system_user.py index 5bf38853d..db0751343 100644 --- a/apps/assets/api/system_user.py +++ b/apps/assets/api/system_user.py @@ -14,11 +14,12 @@ # limitations under the License. from django.shortcuts import get_object_or_404 +from django.conf import settings from rest_framework.response import Response from common.serializers import CeleryTaskSerializer from common.utils import get_logger -from common.permissions import IsOrgAdmin, IsOrgAdminOrAppUser +from common.permissions import IsOrgAdmin, IsOrgAdminOrAppUser, NeedMFAVerify from orgs.mixins.api import OrgBulkModelViewSet from orgs.mixins import generics from ..models import SystemUser, Asset @@ -72,6 +73,11 @@ class SystemUserAssetAuthInfoApi(generics.RetrieveAPIView): permission_classes = (IsOrgAdminOrAppUser,) serializer_class = serializers.SystemUserAuthSerializer + def get_permissions(self): + if settings.CONFIG.SECURITY_VIEW_AUTH_NEED_MFA: + self.permission_classes = (IsOrgAdminOrAppUser, NeedMFAVerify) + return super().get_permissions() + def get_object(self): instance = super().get_object() aid = self.kwargs.get('aid') From e731c01cc403386b8fb7a7c750029d04ba6e0b88 Mon Sep 17 00:00:00 2001 From: BaiJiangJie Date: Wed, 13 Nov 2019 11:18:29 +0800 Subject: [PATCH 2/3] =?UTF-8?q?[Update]=20=E4=BF=AE=E6=94=B9=20sytem-user-?= =?UTF-8?q?asset-auth-info=20API=20=E7=9A=84=E6=9D=83=E9=99=90=EF=BC=88?= =?UTF-8?q?=E5=8F=AA=E5=85=81=E8=AE=B8=20App=EF=BC=89=E8=AE=BF=E9=97=AE?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/assets/api/system_user.py | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/apps/assets/api/system_user.py b/apps/assets/api/system_user.py index db0751343..f1213f0a3 100644 --- a/apps/assets/api/system_user.py +++ b/apps/assets/api/system_user.py @@ -19,7 +19,7 @@ from rest_framework.response import Response from common.serializers import CeleryTaskSerializer from common.utils import get_logger -from common.permissions import IsOrgAdmin, IsOrgAdminOrAppUser, NeedMFAVerify +from common.permissions import IsOrgAdmin, IsOrgAdminOrAppUser, IsAppUser from orgs.mixins.api import OrgBulkModelViewSet from orgs.mixins import generics from ..models import SystemUser, Asset @@ -70,14 +70,9 @@ class SystemUserAssetAuthInfoApi(generics.RetrieveAPIView): Get system user with asset auth info """ model = SystemUser - permission_classes = (IsOrgAdminOrAppUser,) + permission_classes = (IsAppUser,) serializer_class = serializers.SystemUserAuthSerializer - def get_permissions(self): - if settings.CONFIG.SECURITY_VIEW_AUTH_NEED_MFA: - self.permission_classes = (IsOrgAdminOrAppUser, NeedMFAVerify) - return super().get_permissions() - def get_object(self): instance = super().get_object() aid = self.kwargs.get('aid') From 46a2311e302bbb13eca29846c95838fbe2563013 Mon Sep 17 00:00:00 2001 From: ibuler Date: Wed, 13 Nov 2019 11:25:33 +0800 Subject: [PATCH 3/3] =?UTF-8?q?[Update]=20=E6=9A=82=E6=97=B6=E5=85=B3?= =?UTF-8?q?=E9=97=ADcelery=E5=A4=84=E7=90=86=E8=AF=B7=E6=B1=82=E6=95=B0?= =?UTF-8?q?=E9=87=8F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/jumpserver/settings.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/jumpserver/settings.py b/apps/jumpserver/settings.py index f6b81e877..fe4f2fc84 100644 --- a/apps/jumpserver/settings.py +++ b/apps/jumpserver/settings.py @@ -516,7 +516,7 @@ CELERY_TASK_EAGER_PROPAGATES = True CELERY_WORKER_REDIRECT_STDOUTS = True CELERY_WORKER_REDIRECT_STDOUTS_LEVEL = "INFO" # CELERY_WORKER_HIJACK_ROOT_LOGGER = True -CELERY_WORKER_MAX_TASKS_PER_CHILD = 40 +# CELERY_WORKER_MAX_TASKS_PER_CHILD = 40 CELERY_TASK_SOFT_TIME_LIMIT = 3600 # Cache use redis