diff --git a/apps/perms/api/__init__.py b/apps/perms/api/__init__.py
index cc6ce8229..61cbd7d58 100644
--- a/apps/perms/api/__init__.py
+++ b/apps/perms/api/__init__.py
@@ -7,3 +7,6 @@ from .asset_permission_relation import *
from .user_group_permission import *
from .remote_app_permission import *
from .user_remote_app_permission import *
+from .database_app_permission import *
+from .database_app_permission_relation import *
+from .user_database_app_permission import *
diff --git a/apps/perms/api/database_app_permission.py b/apps/perms/api/database_app_permission.py
new file mode 100644
index 000000000..c7ef54fb3
--- /dev/null
+++ b/apps/perms/api/database_app_permission.py
@@ -0,0 +1,18 @@
+# coding: utf-8
+#
+
+from orgs.mixins.api import OrgBulkModelViewSet
+
+from .. import models, serializers
+from common.permissions import IsOrgAdmin
+
+
+__all__ = ['DatabaseAppPermissionViewSet']
+
+
+class DatabaseAppPermissionViewSet(OrgBulkModelViewSet):
+ model = models.DatabaseAppPermission
+ serializer_class = serializers.DatabaseAppPermissionSerializer
+ filter_fields = ('name',)
+ search_fields = filter_fields
+ permission_classes = (IsOrgAdmin,)
diff --git a/apps/perms/api/database_app_permission_relation.py b/apps/perms/api/database_app_permission_relation.py
new file mode 100644
index 000000000..32ab34355
--- /dev/null
+++ b/apps/perms/api/database_app_permission_relation.py
@@ -0,0 +1,132 @@
+# coding: utf-8
+#
+
+from rest_framework import generics
+from django.db.models import F, Value
+from django.db.models.functions import Concat
+from django.shortcuts import get_object_or_404
+
+from orgs.mixins.api import OrgBulkModelViewSet
+from orgs.utils import current_org
+from common.permissions import IsOrgAdmin
+from .. import models, serializers
+
+__all__ = [
+ 'DatabaseAppPermissionUserRelationViewSet',
+ 'DatabaseAppPermissionUserGroupRelationViewSet',
+ 'DatabaseAppPermissionAllUserListApi',
+ 'DatabaseAppPermissionDatabaseAppRelationViewSet',
+ 'DatabaseAppPermissionAllDatabaseAppListApi',
+ 'DatabaseAppPermissionSystemUserRelationViewSet',
+]
+
+
+class RelationMixin(OrgBulkModelViewSet):
+ def get_queryset(self):
+ queryset = self.model.objects.all()
+ org_id = current_org.org_id()
+ if org_id is not None:
+ queryset = queryset.filter(databaseapppermission__org_id=org_id)
+ queryset = queryset.annotate(databaseapppermission_display=F('databaseapppermission__name'))
+ return queryset
+
+
+class DatabaseAppPermissionUserRelationViewSet(RelationMixin):
+ serializer_class = serializers.DatabaseAppPermissionUserRelationSerializer
+ model = models.DatabaseAppPermission.users.through
+ permission_classes = (IsOrgAdmin,)
+ filterset_fields = [
+ 'id', 'user', 'databaseapppermission'
+ ]
+ search_fields = ('user__name', 'user__username', 'databaseapppermission__name')
+
+ def get_queryset(self):
+ queryset = super().get_queryset()
+ queryset = queryset.annotate(user_display=F('user__name'))
+ return queryset
+
+
+class DatabaseAppPermissionUserGroupRelationViewSet(RelationMixin):
+ serializer_class = serializers.DatabaseAppPermissionUserGroupRelationSerializer
+ model = models.DatabaseAppPermission.user_groups.through
+ permission_classes = (IsOrgAdmin,)
+ filterset_fields = [
+ 'id', "usergroup", "databaseapppermission"
+ ]
+ search_fields = ["usergroup__name", "databaseapppermission__name"]
+
+ def get_queryset(self):
+ queryset = super().get_queryset()
+ queryset = queryset \
+ .annotate(usergroup_display=F('usergroup__name'))
+ return queryset
+
+
+class DatabaseAppPermissionAllUserListApi(generics.ListAPIView):
+ permission_classes = (IsOrgAdmin,)
+ serializer_class = serializers.DatabaseAppPermissionAllUserSerializer
+ filter_fields = ("username", "name")
+ search_fields = filter_fields
+
+ def get_queryset(self):
+ pk = self.kwargs.get("pk")
+ perm = get_object_or_404(models.DatabaseAppPermission, pk=pk)
+ users = perm.get_all_users().only(
+ *self.serializer_class.Meta.only_fields
+ )
+ return users
+
+
+class DatabaseAppPermissionDatabaseAppRelationViewSet(RelationMixin):
+ serializer_class = serializers.DatabaseAppPermissionDatabaseAppRelationSerializer
+ model = models.DatabaseAppPermission.database_apps.through
+ permission_classes = (IsOrgAdmin,)
+ filterset_fields = [
+ 'id', 'databaseapp', 'databaseapppermission',
+ ]
+ search_fields = [
+ "id", "databaseapp__name", "databaseapppermission__name"
+ ]
+
+ def get_queryset(self):
+ queryset = super().get_queryset()
+ queryset = queryset \
+ .annotate(databaseapp_display=F('databaseapp__name'))
+ return queryset
+
+
+class DatabaseAppPermissionAllDatabaseAppListApi(generics.ListAPIView):
+ permission_classes = (IsOrgAdmin,)
+ serializer_class = serializers.DatabaseAppPermissionAllDatabaseAppSerializer
+ filter_fields = ("name",)
+ search_fields = filter_fields
+
+ def get_queryset(self):
+ pk = self.kwargs.get("pk")
+ perm = get_object_or_404(models.DatabaseAppPermission, pk=pk)
+ database_apps = perm.get_all_database_apps().only(
+ *self.serializer_class.Meta.only_fields
+ )
+ return database_apps
+
+
+class DatabaseAppPermissionSystemUserRelationViewSet(RelationMixin):
+ serializer_class = serializers.DatabaseAppPermissionSystemUserRelationSerializer
+ model = models.DatabaseAppPermission.system_users.through
+ permission_classes = (IsOrgAdmin,)
+ filterset_fields = [
+ 'id', 'systemuser', 'databaseapppermission'
+ ]
+ search_fields = [
+ 'databaseapppermission__name', 'systemuser__name', 'systemuser__username'
+ ]
+
+ def get_queryset(self):
+ queryset = super().get_queryset()
+ queryset = queryset.annotate(
+ systemuser_display=Concat(
+ F('systemuser__name'), Value('('), F('systemuser__username'),
+ Value(')')
+ )
+ )
+ return queryset
diff --git a/apps/perms/api/user_database_app_permission.py b/apps/perms/api/user_database_app_permission.py
new file mode 100644
index 000000000..3a973b8c1
--- /dev/null
+++ b/apps/perms/api/user_database_app_permission.py
@@ -0,0 +1,127 @@
+# coding: utf-8
+#
+
+import uuid
+from django.shortcuts import get_object_or_404
+from rest_framework.views import APIView, Response
+from common.permissions import IsOrgAdminOrAppUser, IsValidUser
+from common.tree import TreeNodeSerializer
+from orgs.mixins import generics
+from users.models import User, UserGroup
+from applications.serializers import DatabaseAppSerializer
+from applications.models import DatabaseApp
+from assets.models import SystemUser
+from .. import utils, serializers
+from .mixin import UserPermissionMixin
+
+__all__ = [
+ 'UserGrantedDatabaseAppsApi',
+ 'UserGrantedDatabaseAppsAsTreeApi',
+ 'UserGroupGrantedDatabaseAppsApi',
+ 'ValidateUserDatabaseAppPermissionApi',
+ 'UserGrantedDatabaseAppSystemUsersApi',
+]
+
+
+class UserGrantedDatabaseAppsApi(generics.ListAPIView):
+ permission_classes = (IsOrgAdminOrAppUser,)
+ serializer_class = DatabaseAppSerializer
+ filter_fields = ['id', 'name']
+ search_fields = ['name']
+
+ def get_object(self):
+ user_id = self.kwargs.get('pk', '')
+ if user_id:
+ user = get_object_or_404(User, id=user_id)
+ else:
+ user = self.request.user
+ return user
+
+ def get_queryset(self):
+ util = utils.DatabaseAppPermissionUtil(self.get_object())
+ queryset = util.get_database_apps()
+ return queryset
+
+ def get_permissions(self):
+ if self.kwargs.get('pk') is None:
+ self.permission_classes = (IsValidUser,)
+ return super().get_permissions()
+
+
+class UserGrantedDatabaseAppsAsTreeApi(UserGrantedDatabaseAppsApi):
+ serializer_class = TreeNodeSerializer
+ permission_classes = (IsOrgAdminOrAppUser,)
+
+ def get_serializer(self, database_apps, *args, **kwargs):
+ if database_apps is None:
+ database_apps = []
+ only_database_app = self.request.query_params.get('only', '0') == '1'
+ tree_root = None
+ data = []
+ if not only_database_app:
+ tree_root = utils.construct_database_apps_tree_root()
+ data.append(tree_root)
+ for database_app in database_apps:
+ node = utils.parse_database_app_to_tree_node(tree_root, database_app)
+ data.append(node)
+ data.sort()
+ return super().get_serializer(data, many=True)
+
+
+class UserGrantedDatabaseAppSystemUsersApi(UserPermissionMixin, generics.ListAPIView):
+ permission_classes = (IsOrgAdminOrAppUser,)
+ serializer_class = serializers.DatabaseAppSystemUserSerializer
+ only_fields = serializers.DatabaseAppSystemUserSerializer.Meta.only_fields
+
+ def get_queryset(self):
+ util = utils.DatabaseAppPermissionUtil(self.obj)
+ database_app_id = self.kwargs.get('database_app_id')
+ database_app = get_object_or_404(DatabaseApp, id=database_app_id)
+ system_users = util.get_database_app_system_users(database_app)
+ return system_users
+
+
+# Validate
+
+class ValidateUserDatabaseAppPermissionApi(APIView):
+ permission_classes = (IsOrgAdminOrAppUser,)
+
+ def get(self, request, *args, **kwargs):
+ user_id = request.query_params.get('user_id', '')
+ database_app_id = request.query_params.get('database_app_id', '')
+ system_user_id = request.query_params.get('system_user_id', '')
+
+ try:
+ user_id = uuid.UUID(user_id)
+ database_app_id = uuid.UUID(database_app_id)
+ system_user_id = uuid.UUID(system_user_id)
+ except ValueError:
+ return Response({'msg': False}, status=403)
+
+ user = get_object_or_404(User, id=user_id)
+ database_app = get_object_or_404(DatabaseApp, id=database_app_id)
+ system_user = get_object_or_404(SystemUser, id=system_user_id)
+
+ util = utils.DatabaseAppPermissionUtil(user)
+ system_users = util.get_database_app_system_users(database_app)
+ if system_user in system_users:
+ return Response({'msg': True}, status=200)
+
+ return Response({'msg': False}, status=403)
+
+
+# UserGroup
+
+class UserGroupGrantedDatabaseAppsApi(generics.ListAPIView):
+ permission_classes = (IsOrgAdminOrAppUser,)
+ serializer_class = DatabaseAppSerializer
+
+ def get_queryset(self):
+ queryset = []
+ user_group_id = self.kwargs.get('pk')
+ if not user_group_id:
+ return queryset
+ user_group = get_object_or_404(UserGroup, id=user_group_id)
+ util = utils.DatabaseAppPermissionUtil(user_group)
+ queryset = util.get_database_apps()
+ return queryset
diff --git a/apps/perms/forms/__init__.py b/apps/perms/forms/__init__.py
index 129901afc..c6581b858 100644
--- a/apps/perms/forms/__init__.py
+++ b/apps/perms/forms/__init__.py
@@ -3,3 +3,4 @@
from .asset_permission import *
from .remote_app_permission import *
+from .database_app_permission import *
diff --git a/apps/perms/forms/asset_permission.py b/apps/perms/forms/asset_permission.py
index 8282f0880..92ca8030f 100644
--- a/apps/perms/forms/asset_permission.py
+++ b/apps/perms/forms/asset_permission.py
@@ -5,8 +5,7 @@ from django import forms
from django.utils.translation import ugettext_lazy as _
from orgs.mixins.forms import OrgModelForm
-from orgs.utils import current_org
-from assets.models import Asset, Node
+from assets.models import Asset, Node, SystemUser
from ..models import AssetPermission, Action
__all__ = [
@@ -58,6 +57,12 @@ class AssetPermissionForm(OrgModelForm):
nodes_field.queryset = Node.objects.none()
users_field.queryset = []
+ # 过滤系统用户
+ system_users_field = self.fields.get('system_users')
+ system_users_field.queryset = SystemUser.objects.exclude(
+ protocol=SystemUser.PROTOCOL_MYSQL
+ )
+
def set_nodes_initial(self, nodes):
field = self.fields['nodes']
field.choices = [(n.id, n.full_value) for n in nodes]
diff --git a/apps/perms/forms/database_app_permission.py b/apps/perms/forms/database_app_permission.py
new file mode 100644
index 000000000..57ce4d0e3
--- /dev/null
+++ b/apps/perms/forms/database_app_permission.py
@@ -0,0 +1,49 @@
+# coding: utf-8
+#
+
+from django.utils.translation import ugettext as _
+from django import forms
+from orgs.mixins.forms import OrgModelForm
+from assets.models import SystemUser
+
+from ..models import DatabaseAppPermission
+
+
+__all__ = ['DatabaseAppPermissionCreateUpdateForm']
+
+
+class DatabaseAppPermissionCreateUpdateForm(OrgModelForm):
+ def __init__(self, *args, **kwargs):
+ super().__init__(*args, **kwargs)
+
+ users_field = self.fields.get('users')
+ if self.instance:
+ users_field.queryset = self.instance.users.all()
+ else:
+ users_field.queryset = []
+
+ # 过滤系统用户
+ system_users_field = self.fields.get('system_users')
+ system_users_field.queryset = SystemUser.objects.filter(
+ protocol=SystemUser.PROTOCOL_MYSQL
+ )
+
+ class Meta:
+ model = DatabaseAppPermission
+ exclude = (
+ 'id', 'date_created', 'created_by', 'org_id'
+ )
+ widgets = {
+ 'users': forms.SelectMultiple(
+ attrs={'class': 'users-select2', 'data-placeholder': _('User')}
+ ),
+ 'user_groups': forms.SelectMultiple(
+ attrs={'class': 'select2', 'data-placeholder': _('User group')}
+ ),
+ 'database_apps': forms.SelectMultiple(
+ attrs={'class': 'select2', 'data-placeholder': _('DatabaseApp')}
+ ),
+ 'system_users': forms.SelectMultiple(
+ attrs={'class': 'select2', 'data-placeholder': _('System users')}
+ ),
+ }
diff --git a/apps/perms/forms/remote_app_permission.py b/apps/perms/forms/remote_app_permission.py
index abac92e05..c4179297f 100644
--- a/apps/perms/forms/remote_app_permission.py
+++ b/apps/perms/forms/remote_app_permission.py
@@ -4,7 +4,7 @@
from django.utils.translation import ugettext as _
from django import forms
from orgs.mixins.forms import OrgModelForm
-from orgs.utils import current_org
+from assets.models import SystemUser
from ..models import RemoteAppPermission
@@ -24,6 +24,12 @@ class RemoteAppPermissionCreateUpdateForm(OrgModelForm):
else:
users_field.queryset = []
+ # 过滤系统用户
+ system_users_field = self.fields.get('system_users')
+ system_users_field.queryset = SystemUser.objects.filter(
+ protocol=SystemUser.PROTOCOL_RDP
+ )
+
class Meta:
model = RemoteAppPermission
exclude = (
@@ -43,13 +49,3 @@ class RemoteAppPermissionCreateUpdateForm(OrgModelForm):
attrs={'class': 'select2', 'data-placeholder': _('System user')}
)
}
-
- def clean_user_groups(self):
- users = self.cleaned_data.get('users')
- user_groups = self.cleaned_data.get('user_groups')
-
- if not users and not user_groups:
- raise forms.ValidationError(
- _("User or group at least one required")
- )
- return self.cleaned_data['user_groups']
diff --git a/apps/perms/migrations/0010_auto_20191218_1705.py b/apps/perms/migrations/0010_auto_20191218_1705.py
new file mode 100644
index 000000000..c3144bc5d
--- /dev/null
+++ b/apps/perms/migrations/0010_auto_20191218_1705.py
@@ -0,0 +1,47 @@
+# Generated by Django 2.1.11 on 2019-12-18 09:05
+
+import common.utils.django
+from django.conf import settings
+from django.db import migrations, models
+import django.utils.timezone
+import uuid
+
+
+class Migration(migrations.Migration):
+
+ dependencies = [
+ ('users', '0024_auto_20191118_1612'),
+ ('assets', '0046_auto_20191218_1705'),
+ ('applications', '0004_auto_20191218_1705'),
+ migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+ ('perms', '0009_remoteapppermission_system_users'),
+ ]
+
+ operations = [
+ migrations.CreateModel(
+ name='DatabaseAppPermission',
+ fields=[
+ ('org_id', models.CharField(blank=True, db_index=True, default='', max_length=36, verbose_name='Organization')),
+ ('id', models.UUIDField(default=uuid.uuid4, primary_key=True, serialize=False)),
+ ('name', models.CharField(max_length=128, verbose_name='Name')),
+ ('is_active', models.BooleanField(default=True, verbose_name='Active')),
+ ('date_start', models.DateTimeField(db_index=True, default=django.utils.timezone.now, verbose_name='Date start')),
+ ('date_expired', models.DateTimeField(db_index=True, default=common.utils.django.date_expired_default, verbose_name='Date expired')),
+ ('created_by', models.CharField(blank=True, max_length=128, verbose_name='Created by')),
+ ('date_created', models.DateTimeField(auto_now_add=True, verbose_name='Date created')),
+ ('comment', models.TextField(blank=True, verbose_name='Comment')),
+ ('database_apps', models.ManyToManyField(blank=True, related_name='granted_by_permissions', to='applications.DatabaseApp', verbose_name='DatabaseApp')),
+ ('system_users', models.ManyToManyField(related_name='granted_by_database_app_permissions', to='assets.SystemUser', verbose_name='System user')),
+ ('user_groups', models.ManyToManyField(blank=True, to='users.UserGroup', verbose_name='User group')),
+ ('users', models.ManyToManyField(blank=True, to=settings.AUTH_USER_MODEL, verbose_name='User')),
+ ],
+ options={
+ 'verbose_name': 'DatabaseApp permission',
+ 'ordering': ('name',),
+ },
+ ),
+ migrations.AlterUniqueTogether(
+ name='databaseapppermission',
+ unique_together={('org_id', 'name')},
+ ),
+ ]
diff --git a/apps/perms/models/__init__.py b/apps/perms/models/__init__.py
index 129901afc..c6581b858 100644
--- a/apps/perms/models/__init__.py
+++ b/apps/perms/models/__init__.py
@@ -3,3 +3,4 @@
from .asset_permission import *
from .remote_app_permission import *
+from .database_app_permission import *
diff --git a/apps/perms/models/database_app_permission.py b/apps/perms/models/database_app_permission.py
new file mode 100644
index 000000000..de2693274
--- /dev/null
+++ b/apps/perms/models/database_app_permission.py
@@ -0,0 +1,30 @@
+# coding: utf-8
+#
+
+from django.db import models
+from django.utils.translation import ugettext_lazy as _
+
+from .base import BasePermission
+
+__all__ = [
+ 'DatabaseAppPermission',
+]
+
+
+class DatabaseAppPermission(BasePermission):
+ database_apps = models.ManyToManyField(
+ 'applications.DatabaseApp', related_name='granted_by_permissions',
+ blank=True, verbose_name=_("DatabaseApp")
+ )
+ system_users = models.ManyToManyField(
+ 'assets.SystemUser', related_name='granted_by_database_app_permissions',
+ verbose_name=_("System user")
+ )
+
+ class Meta:
+ unique_together = [('org_id', 'name')]
+ verbose_name = _('DatabaseApp permission')
+ ordering = ('name',)
+
+ def get_all_database_apps(self):
+ return self.database_apps.all()
diff --git a/apps/perms/serializers/__init__.py b/apps/perms/serializers/__init__.py
index e464b4cc6..7f83bae9b 100644
--- a/apps/perms/serializers/__init__.py
+++ b/apps/perms/serializers/__init__.py
@@ -5,3 +5,5 @@ from .asset_permission import *
from .user_permission import *
from .remote_app_permission import *
from .asset_permission_relation import *
+from .database_app_permission import *
+from .database_app_permission_relation import *
diff --git a/apps/perms/serializers/asset_permission_relation.py b/apps/perms/serializers/asset_permission_relation.py
index eaa38afe2..808f40468 100644
--- a/apps/perms/serializers/asset_permission_relation.py
+++ b/apps/perms/serializers/asset_permission_relation.py
@@ -6,6 +6,7 @@ from common.mixins import BulkSerializerMixin
from common.serializers import AdaptedBulkListSerializer
from assets.models import Asset, Node
from ..models import AssetPermission
+from users.models import User
__all__ = [
'AssetPermissionUserRelationSerializer',
@@ -50,14 +51,12 @@ class AssetPermissionUserRelationSerializer(RelationMixin, serializers.ModelSeri
]
-class AssetPermissionAllUserSerializer(serializers.ModelSerializer):
+class AssetPermissionAllUserSerializer(serializers.Serializer):
user = serializers.UUIDField(read_only=True, source='id')
user_display = serializers.SerializerMethodField()
class Meta:
- model = Asset
only_fields = ['id', 'username', 'name']
- fields = ['user', 'user_display']
@staticmethod
def get_user_display(obj):
@@ -84,14 +83,12 @@ class AssetPermissionAssetRelationSerializer(RelationMixin, serializers.ModelSer
]
-class AssetPermissionAllAssetSerializer(serializers.ModelSerializer):
+class AssetPermissionAllAssetSerializer(serializers.Serializer):
asset = serializers.UUIDField(read_only=True, source='id')
asset_display = serializers.SerializerMethodField()
class Meta:
- model = Asset
only_fields = ['id', 'hostname', 'ip']
- fields = ['asset', 'asset_display']
@staticmethod
def get_asset_display(obj):
diff --git a/apps/perms/serializers/database_app_permission.py b/apps/perms/serializers/database_app_permission.py
new file mode 100644
index 000000000..75cdea0c9
--- /dev/null
+++ b/apps/perms/serializers/database_app_permission.py
@@ -0,0 +1,21 @@
+# coding: utf-8
+#
+
+from common.serializers import AdaptedBulkListSerializer
+from orgs.mixins.serializers import BulkOrgResourceModelSerializer
+from .. import models
+
+__all__ = ['DatabaseAppPermissionSerializer']
+
+
+class DatabaseAppPermissionSerializer(BulkOrgResourceModelSerializer):
+ class Meta:
+ model = models.DatabaseAppPermission
+ list_serializer_class = AdaptedBulkListSerializer
+ fields = [
+ 'id', 'name', 'users', 'user_groups',
+ 'database_apps', 'system_users', 'comment', 'is_active',
+ 'date_start', 'date_expired', 'is_valid',
+ 'created_by', 'date_created'
+ ]
+ read_only_fields = ['created_by', 'date_created']
diff --git a/apps/perms/serializers/database_app_permission_relation.py b/apps/perms/serializers/database_app_permission_relation.py
new file mode 100644
index 000000000..1a8263cda
--- /dev/null
+++ b/apps/perms/serializers/database_app_permission_relation.py
@@ -0,0 +1,94 @@
+# coding: utf-8
+#
+from rest_framework import serializers
+
+from applications.models import DatabaseApp
+from common.mixins import BulkSerializerMixin
+from common.serializers import AdaptedBulkListSerializer
+
+from .. import models
+
+__all__ = [
+ 'DatabaseAppPermissionUserRelationSerializer',
+ 'DatabaseAppPermissionUserGroupRelationSerializer',
+ 'DatabaseAppPermissionAllUserSerializer',
+ 'DatabaseAppPermissionDatabaseAppRelationSerializer',
+ 'DatabaseAppPermissionAllDatabaseAppSerializer',
+ 'DatabaseAppPermissionSystemUserRelationSerializer',
+]
+
+
+class RelationMixin(BulkSerializerMixin, serializers.Serializer):
+ databaseapppermission_display = serializers.ReadOnlyField()
+
+ def get_field_names(self, declared_fields, info):
+ fields = super().get_field_names(declared_fields, info)
+ fields.extend(['databaseapppermission', "databaseapppermission_display"])
+ return fields
+
+ class Meta:
+ list_serializer_class = AdaptedBulkListSerializer
+
+
+class DatabaseAppPermissionUserRelationSerializer(RelationMixin, serializers.ModelSerializer):
+ user_display = serializers.ReadOnlyField()
+
+ class Meta(RelationMixin.Meta):
+ model = models.DatabaseAppPermission.users.through
+ fields = [
+ 'id', 'user', 'user_display',
+ ]
+
+
+class DatabaseAppPermissionUserGroupRelationSerializer(RelationMixin, serializers.ModelSerializer):
+ usergroup_display = serializers.ReadOnlyField()
+
+ class Meta(RelationMixin.Meta):
+ model = models.DatabaseAppPermission.user_groups.through
+ fields = [
+ 'id', 'usergroup', "usergroup_display",
+ ]
+
+
+class DatabaseAppPermissionAllUserSerializer(serializers.Serializer):
+ user = serializers.UUIDField(read_only=True, source='id')
+ user_display = serializers.SerializerMethodField()
+
+ class Meta:
+ only_fields = ['id', 'username', 'name']
+
+ @staticmethod
+ def get_user_display(obj):
+ return str(obj)
+
+
+class DatabaseAppPermissionDatabaseAppRelationSerializer(RelationMixin, serializers.ModelSerializer):
+ databaseapp_display = serializers.ReadOnlyField()
+
+ class Meta(RelationMixin.Meta):
+ model = models.DatabaseAppPermission.database_apps.through
+ fields = [
+ 'id', "databaseapp", "databaseapp_display",
+ ]
+
+
+class DatabaseAppPermissionAllDatabaseAppSerializer(serializers.Serializer):
+ databaseapp = serializers.UUIDField(read_only=True, source='id')
+ databaseapp_display = serializers.SerializerMethodField()
+
+ class Meta:
+ only_fields = ['id', 'name']
+
+ @staticmethod
+ def get_databaseapp_display(obj):
+ return str(obj)
+
+
+class DatabaseAppPermissionSystemUserRelationSerializer(RelationMixin, serializers.ModelSerializer):
+ systemuser_display = serializers.ReadOnlyField()
+
+ class Meta(RelationMixin.Meta):
+ model = models.DatabaseAppPermission.system_users.through
+ fields = [
+ 'id', 'systemuser', 'systemuser_display'
+ ]
diff --git a/apps/perms/serializers/user_permission.py b/apps/perms/serializers/user_permission.py
index 7ab4cf66b..c194cf64a 100644
--- a/apps/perms/serializers/user_permission.py
+++ b/apps/perms/serializers/user_permission.py
@@ -13,6 +13,7 @@ __all__ = [
'AssetGrantedSerializer',
'ActionsSerializer', 'AssetSystemUserSerializer',
'RemoteAppSystemUserSerializer',
+ 'DatabaseAppSystemUserSerializer',
]
@@ -41,6 +42,16 @@ class RemoteAppSystemUserSerializer(serializers.ModelSerializer):
read_only_fields = fields
+class DatabaseAppSystemUserSerializer(serializers.ModelSerializer):
+ class Meta:
+ model = SystemUser
+ only_fields = (
+ 'id', 'name', 'username', 'priority', 'protocol', 'login_mode',
+ )
+ fields = list(only_fields)
+ read_only_fields = fields
+
+
class AssetGrantedSerializer(serializers.ModelSerializer):
"""
被授权资产的数据结构
diff --git a/apps/perms/templates/perms/database_app_permission_create_update.html b/apps/perms/templates/perms/database_app_permission_create_update.html
new file mode 100644
index 000000000..a779e5826
--- /dev/null
+++ b/apps/perms/templates/perms/database_app_permission_create_update.html
@@ -0,0 +1,143 @@
+{% extends 'base.html' %}
+{% load i18n %}
+{% load static %}
+{% load bootstrap3 %}
+{% block custom_head_css_js %}
+
+{% endblock %}
+
+{% block content %}
+
+{% endblock %}
+{% block custom_foot_js %}
+
+
+
+
+
+
+{% endblock %}
diff --git a/apps/perms/templates/perms/database_app_permission_database_app.html b/apps/perms/templates/perms/database_app_permission_database_app.html
new file mode 100644
index 000000000..0a23618d0
--- /dev/null
+++ b/apps/perms/templates/perms/database_app_permission_database_app.html
@@ -0,0 +1,237 @@
+{% extends 'base.html' %}
+{% load static %}
+{% load i18n %}
+
+{% block content %}
+
+
+
+
+
+
+
+
+
+
{% trans 'DatabaseApp list of ' %} {{ database_app_permission.name }}
+
+
+
+
+
+
+
+
+ {% trans 'Add DatabaseApp to this permission' %}
+
+
+
+
+
+
+ {% trans 'System user' %}
+
+
+
+
+
+
+ {% for system_user in object.system_users.all %}
+
+ | {{ system_user|truncatechars:21}} |
+
+
+ |
+
+ {% endfor %}
+
+
+
+
+
+
+
+
+
+
+
+{% endblock %}
+{% block custom_foot_js %}
+
+{% endblock %}
diff --git a/apps/perms/templates/perms/database_app_permission_detail.html b/apps/perms/templates/perms/database_app_permission_detail.html
new file mode 100644
index 000000000..feae4db24
--- /dev/null
+++ b/apps/perms/templates/perms/database_app_permission_detail.html
@@ -0,0 +1,157 @@
+{% extends 'base.html' %}
+{% load static %}
+{% load i18n %}
+
+{% block content %}
+
+
+
+
+
+
+
+
+
+
+
+
+
+ | {% trans 'Name' %}: |
+ {{ object.name }} |
+
+
+ | {% trans 'User count' %}: |
+ {{ object.users.count }} |
+
+
+ | {% trans 'User group count' %}: |
+ {{ object.user_groups.count }} |
+
+
+ | {% trans 'DatabaseApp count' %}: |
+ {{ object.database_apps.count }} |
+
+
+ | {% trans 'System user count' %}: |
+ {{ object.system_users.count }} |
+
+
+ | {% trans 'Date start' %}: |
+ {{ object.date_start }} |
+
+
+ | {% trans 'Date expired' %}: |
+ {{ object.date_expired }} |
+
+
+ | {% trans 'Date created' %}: |
+ {{ object.date_created }} |
+
+
+ | {% trans 'Created by' %}: |
+ {{ object.created_by }} |
+
+
+ | {% trans 'Comment' %}: |
+ {{ object.comment }} |
+
+
+
+
+
+
+
+
+
+
+ {% trans 'Quick update' %}
+
+
+
+
+
+ | {% trans 'Active' %} : |
+
+
+ |
+
+
+
+
+
+
+
+
+
+
+
+{% endblock %}
+{% block custom_foot_js %}
+
+{% endblock %}
diff --git a/apps/perms/templates/perms/database_app_permission_list.html b/apps/perms/templates/perms/database_app_permission_list.html
new file mode 100644
index 000000000..cad068929
--- /dev/null
+++ b/apps/perms/templates/perms/database_app_permission_list.html
@@ -0,0 +1,99 @@
+{% extends '_base_list.html' %}
+{% load i18n static %}
+{% block table_search %}{% endblock %}
+{% block table_container %}
+
+
+{% endblock %}
+{% block content_bottom_left %}{% endblock %}
+{% block custom_foot_js %}
+
+{% endblock %}
diff --git a/apps/perms/templates/perms/database_app_permission_user.html b/apps/perms/templates/perms/database_app_permission_user.html
new file mode 100644
index 000000000..603f60a6e
--- /dev/null
+++ b/apps/perms/templates/perms/database_app_permission_user.html
@@ -0,0 +1,251 @@
+{% extends 'base.html' %}
+{% load static %}
+{% load i18n %}
+
+{% block content %}
+
+
+
+
+
+
+
+
+
+
{% trans 'User list of ' %} {{ database_app_permission.name }}
+
+
+
+
+
+
+
+
+ {% trans 'Add user to permission' %}
+
+
+
+
+
+
+ {% trans 'Add user group to permission' %}
+
+
+
+
+
+
+ {% for user_group in database_app_permission.user_groups.all %}
+
+ | {{ user_group }} |
+
+
+ |
+
+ {% endfor %}
+
+
+
+
+
+
+
+
+
+
+{% endblock %}
+{% block custom_foot_js %}
+
+{% endblock %}
diff --git a/apps/perms/templates/perms/remote_app_permission_create_update.html b/apps/perms/templates/perms/remote_app_permission_create_update.html
index a551e48ba..f6e0cda7d 100644
--- a/apps/perms/templates/perms/remote_app_permission_create_update.html
+++ b/apps/perms/templates/perms/remote_app_permission_create_update.html
@@ -123,7 +123,7 @@ $(document).ready(function () {
var method = "POST";
var the_url = '{% url "api-perms:remote-app-permission-list" %}';
var redirect_to = '{% url "perms:remote-app-permission-list" %}';
- {% if type == "update" %}
+ {% if api_action == "update" %}
the_url = '{% url "api-perms:remote-app-permission-detail" pk=object.id %}';
method = "PUT";
{% endif %}
diff --git a/apps/perms/templates/perms/remote_app_permission_list.html b/apps/perms/templates/perms/remote_app_permission_list.html
index 3812b747b..6436c6981 100644
--- a/apps/perms/templates/perms/remote_app_permission_list.html
+++ b/apps/perms/templates/perms/remote_app_permission_list.html
@@ -75,7 +75,7 @@ function initTable() {
{data: "remote_apps", orderable: false},
{data: "system_users", orderable: false},
{data: "is_valid", orderable: false},
- {data: "id", orderable: false}
+ {data: "id", orderable: false, width: "100px"}
],
op_html: $('#actions').html()
};
diff --git a/apps/perms/urls/api_urls.py b/apps/perms/urls/api_urls.py
index 696d34882..9ec3b754f 100644
--- a/apps/perms/urls/api_urls.py
+++ b/apps/perms/urls/api_urls.py
@@ -3,7 +3,8 @@
from django.urls import re_path
from common import api as capi
from .asset_permission import asset_permission_urlpatterns
-from .application_permission import remote_app_permission_urlpatterns
+from .remote_app_permission import remote_app_permission_urlpatterns
+from .database_app_permission import database_app_permission_urlpatterns
app_name = 'perms'
@@ -13,6 +14,7 @@ old_version_urlpatterns = [
]
urlpatterns = asset_permission_urlpatterns + \
- remote_app_permission_urlpatterns \
- + old_version_urlpatterns
+ remote_app_permission_urlpatterns + \
+ database_app_permission_urlpatterns + \
+ old_version_urlpatterns
diff --git a/apps/perms/urls/database_app_permission.py b/apps/perms/urls/database_app_permission.py
new file mode 100644
index 000000000..a793f980e
--- /dev/null
+++ b/apps/perms/urls/database_app_permission.py
@@ -0,0 +1,47 @@
+# coding: utf-8
+#
+
+from django.urls import path, include
+from rest_framework_bulk.routes import BulkRouter
+from .. import api
+
+
+router = BulkRouter()
+router.register('database-app-permissions', api.DatabaseAppPermissionViewSet, 'database-app-permission')
+router.register('database-app-permissions-users-relations', api.DatabaseAppPermissionUserRelationViewSet, 'database-app-permissions-users-relation')
+router.register('database-app-permissions-user-groups-relations', api.DatabaseAppPermissionUserGroupRelationViewSet, 'database-app-permissions-user-groups-relation')
+router.register('database-app-permissions-database-apps-relations', api.DatabaseAppPermissionDatabaseAppRelationViewSet, 'database-app-permissions-database-apps-relation')
+router.register('database-app-permissions-system-users-relations', api.DatabaseAppPermissionSystemUserRelationViewSet, 'database-app-permissions-system-users-relation')
+
+user_permission_urlpatterns = [
+ path('
/database-apps/', api.UserGrantedDatabaseAppsApi.as_view(), name='user-database-apps'),
+ path('database-apps/', api.UserGrantedDatabaseAppsApi.as_view(), name='my-database-apps'),
+
+ # DatabaseApps as tree
+ path('/database-apps/tree/', api.UserGrantedDatabaseAppsAsTreeApi.as_view(), name='user-databases-apps-tree'),
+ path('database-apps/tree/', api.UserGrantedDatabaseAppsAsTreeApi.as_view(), name='my-databases-apps-tree'),
+
+ path('/database-apps//system-users/', api.UserGrantedDatabaseAppSystemUsersApi.as_view(), name='user-database-app-system-users'),
+ path('database-apps//system-users/', api.UserGrantedDatabaseAppSystemUsersApi.as_view(), name='user-database-app-system-users'),
+]
+
+user_group_permission_urlpatterns = [
+ path('/database-apps/', api.UserGroupGrantedDatabaseAppsApi.as_view(), name='user-group-database-apps'),
+]
+
+permission_urlpatterns = [
+ # 授权规则中授权的用户和数据库应用
+ path('/users/all/', api.DatabaseAppPermissionAllUserListApi.as_view(), name='database-app-permission-all-users'),
+ path('/database-apps/all/', api.DatabaseAppPermissionAllDatabaseAppListApi.as_view(), name='database-app-permission-all-database-apps'),
+
+ # 验证用户是否有某个数据库应用的权限
+ path('user/validate/', api.ValidateUserDatabaseAppPermissionApi.as_view(), name='validate-user-database-app-permission'),
+]
+
+database_app_permission_urlpatterns = [
+ path('users/', include(user_permission_urlpatterns)),
+ path('user-groups/', include(user_group_permission_urlpatterns)),
+ path('database-app-permissions/', include(permission_urlpatterns))
+]
+
+database_app_permission_urlpatterns += router.urls
diff --git a/apps/perms/urls/application_permission.py b/apps/perms/urls/remote_app_permission.py
similarity index 100%
rename from apps/perms/urls/application_permission.py
rename to apps/perms/urls/remote_app_permission.py
diff --git a/apps/perms/urls/views_urls.py b/apps/perms/urls/views_urls.py
index 964025db3..f4deba8c8 100644
--- a/apps/perms/urls/views_urls.py
+++ b/apps/perms/urls/views_urls.py
@@ -23,4 +23,12 @@ urlpatterns = [
path('remote-app-permission//', views.RemoteAppPermissionDetailView.as_view(), name='remote-app-permission-detail'),
path('remote-app-permission//user/', views.RemoteAppPermissionUserView.as_view(), name='remote-app-permission-user-list'),
path('remote-app-permission//remote-app/', views.RemoteAppPermissionRemoteAppView.as_view(), name='remote-app-permission-remote-app-list'),
+
+ # database-app-permission
+ path('database-app-permission/', views.DatabaseAppPermissionListView.as_view(), name='database-app-permission-list'),
+ path('database-app-permission/create/', views.DatabaseAppPermissionCreateView.as_view(), name='database-app-permission-create'),
+ path('database-app-permission//update/', views.DatabaseAppPermissionUpdateView.as_view(), name='database-app-permission-update'),
+ path('database-app-permission//', views.DatabaseAppPermissionDetailView.as_view(), name='database-app-permission-detail'),
+ path('database-app-permission//user/', views.DatabaseAppPermissionUserView.as_view(), name='database-app-permission-user-list'),
+ path('database-app-permission//database-app/', views.DatabaseAppPermissionDatabaseAppView.as_view(), name='database-app-permission-database-app-list'),
]
diff --git a/apps/perms/utils/__init__.py b/apps/perms/utils/__init__.py
index 129901afc..c6581b858 100644
--- a/apps/perms/utils/__init__.py
+++ b/apps/perms/utils/__init__.py
@@ -3,3 +3,4 @@
from .asset_permission import *
from .remote_app_permission import *
+from .database_app_permission import *
diff --git a/apps/perms/utils/database_app_permission.py b/apps/perms/utils/database_app_permission.py
new file mode 100644
index 000000000..526b0fc59
--- /dev/null
+++ b/apps/perms/utils/database_app_permission.py
@@ -0,0 +1,99 @@
+# coding: utf-8
+#
+
+from django.db.models import Q
+from orgs.utils import set_to_root_org
+
+from ..models import DatabaseAppPermission
+from common.tree import TreeNode
+from applications.models import DatabaseApp
+from assets.models import SystemUser
+
+
+__all__ = [
+ 'DatabaseAppPermissionUtil',
+ 'construct_database_apps_tree_root',
+ 'parse_database_app_to_tree_node'
+]
+
+
+def get_user_database_app_permissions(user, include_group=True):
+ if include_group:
+ groups = user.groups.all()
+ arg = Q(users=user) | Q(user_groups__in=groups)
+ else:
+ arg = Q(users=user)
+ return DatabaseAppPermission.objects.all().valid().filter(arg)
+
+
+def get_user_group_database_app_permission(user_group):
+ return DatabaseAppPermission.objects.all().valid().filter(
+ user_group=user_group
+ )
+
+
+class DatabaseAppPermissionUtil:
+ get_permissions_map = {
+ 'User': get_user_database_app_permissions,
+ 'UserGroup': get_user_group_database_app_permission
+ }
+
+ def __init__(self, obj):
+ self.object = obj
+ self.change_org_if_need()
+
+ @staticmethod
+ def change_org_if_need():
+ set_to_root_org()
+
+ @property
+ def permissions(self):
+ obj_class = self.object.__class__.__name__
+ func = self.get_permissions_map[obj_class]
+ _permissions = func(self.object)
+ return _permissions
+
+ def get_database_apps(self):
+ database_apps = DatabaseApp.objects.filter(
+ granted_by_permissions__in=self.permissions
+ )
+ return database_apps
+
+ def get_database_app_system_users(self, database_app):
+ queryset = self.permissions
+ kwargs = {'database_apps': database_app}
+ queryset = queryset.filter(**kwargs)
+ system_users_ids = queryset.values_list('system_users', flat=True)
+ system_users_ids = system_users_ids.distinct()
+ system_users = SystemUser.objects.filter(id__in=system_users_ids)
+ system_users = system_users.order_by('-priority')
+ return system_users
+
+
+def construct_database_apps_tree_root():
+ tree_root = {
+ 'id': 'ID_DATABASE_APP_ROOT',
+ 'name': 'DatabaseApp',
+ 'title': 'DatabaseApp',
+ 'pId': '',
+ 'open': False,
+ 'isParent': True,
+ 'iconSkin': '',
+ 'meta': {'type': 'database_app'}
+ }
+ return TreeNode(**tree_root)
+
+
+def parse_database_app_to_tree_node(parent, database_app):
+ pid = parent.id if parent else ''
+ tree_node = {
+ 'id': database_app.id,
+ 'name': database_app.name,
+ 'title': database_app.name,
+ 'pId': pid,
+ 'open': False,
+ 'isParent': False,
+ 'iconSkin': 'file',
+ 'meta': {'type': 'database_app'}
+ }
+ return TreeNode(**tree_node)
diff --git a/apps/perms/views/__init__.py b/apps/perms/views/__init__.py
index 129901afc..c6581b858 100644
--- a/apps/perms/views/__init__.py
+++ b/apps/perms/views/__init__.py
@@ -3,3 +3,4 @@
from .asset_permission import *
from .remote_app_permission import *
+from .database_app_permission import *
diff --git a/apps/perms/views/asset_permission.py b/apps/perms/views/asset_permission.py
index 48a7f2aa3..71b4d5604 100644
--- a/apps/perms/views/asset_permission.py
+++ b/apps/perms/views/asset_permission.py
@@ -162,13 +162,14 @@ class AssetPermissionAssetView(PermissionsMixin,
def get_context_data(self, **kwargs):
assets = self.object.assets.all().values_list('id', flat=True)
assets = [str(i) for i in assets]
+ system_users_remain = SystemUser.objects\
+ .exclude(granted_by_permissions=self.object)\
+ .exclude(protocol=SystemUser.PROTOCOL_MYSQL)
context = {
'app': _('Perms'),
'assets': assets,
'action': _('Asset permission asset list'),
- 'system_users_remain': SystemUser.objects.exclude(
- granted_by_permissions=self.object
- ),
+ 'system_users_remain': system_users_remain,
}
kwargs.update(context)
return super().get_context_data(**kwargs)
diff --git a/apps/perms/views/database_app_permission.py b/apps/perms/views/database_app_permission.py
new file mode 100644
index 000000000..50627defe
--- /dev/null
+++ b/apps/perms/views/database_app_permission.py
@@ -0,0 +1,152 @@
+# coding: utf-8
+#
+
+from django.utils.translation import ugettext as _
+
+from django.views.generic import (
+ TemplateView, CreateView, UpdateView, DetailView, ListView
+)
+from django.views.generic.edit import SingleObjectMixin
+from django.conf import settings
+
+from common.permissions import PermissionsMixin, IsOrgAdmin
+from users.models import UserGroup
+from applications.models import DatabaseApp
+from assets.models import SystemUser
+
+from .. import models, forms
+
+
+__all__ = [
+ 'DatabaseAppPermissionListView', 'DatabaseAppPermissionCreateView',
+ 'DatabaseAppPermissionUpdateView', 'DatabaseAppPermissionDetailView',
+ 'DatabaseAppPermissionUserView', 'DatabaseAppPermissionDatabaseAppView',
+]
+
+
+class DatabaseAppPermissionListView(PermissionsMixin, TemplateView):
+ template_name = 'perms/database_app_permission_list.html'
+ permission_classes = [IsOrgAdmin]
+
+ def get_context_data(self, **kwargs):
+ context = {
+ 'app': _('Perms'),
+ 'action': _('DatabaseApp permission list')
+ }
+ kwargs.update(context)
+ return super().get_context_data(**kwargs)
+
+
+class DatabaseAppPermissionCreateView(PermissionsMixin, CreateView):
+ template_name = 'perms/database_app_permission_create_update.html'
+ model = models.DatabaseAppPermission
+ form_class = forms.DatabaseAppPermissionCreateUpdateForm
+ permission_classes = [IsOrgAdmin]
+
+ def get_context_data(self, **kwargs):
+ context = {
+ 'app': _('Perms'),
+ 'action': _('Create DatabaseApp permission'),
+ 'api_action': 'create',
+ }
+ kwargs.update(context)
+ return super().get_context_data(**kwargs)
+
+
+class DatabaseAppPermissionUpdateView(PermissionsMixin, UpdateView):
+ template_name = 'perms/database_app_permission_create_update.html'
+ model = models.DatabaseAppPermission
+ form_class = forms.DatabaseAppPermissionCreateUpdateForm
+ permission_classes = [IsOrgAdmin]
+
+ def get_context_data(self, **kwargs):
+ context = {
+ 'app': _('Perms'),
+ 'action': _('Update DatabaseApp permission'),
+ 'api_action': 'update'
+ }
+ kwargs.update(context)
+ return super().get_context_data(**kwargs)
+
+
+class DatabaseAppPermissionDetailView(PermissionsMixin, DetailView):
+ template_name = 'perms/database_app_permission_detail.html'
+ model = models.DatabaseAppPermission
+ permission_classes = [IsOrgAdmin]
+
+ def get_context_data(self, **kwargs):
+ context = {
+ 'app': _('Perms'),
+ 'action': _('DatabaseApp permission detail')
+ }
+ kwargs.update(context)
+ return super().get_context_data(**kwargs)
+
+
+class DatabaseAppPermissionUserView(PermissionsMixin,
+ SingleObjectMixin,
+ ListView):
+ template_name = 'perms/database_app_permission_user.html'
+ context_object_name = 'database_app_permission'
+ paginate_by = settings.DISPLAY_PER_PAGE
+ object = None
+ permission_classes = [IsOrgAdmin]
+
+ def get(self, request, *args, **kwargs):
+ self.object = self.get_object(queryset=models.DatabaseAppPermission.objects.all())
+ return super().get(request, *args, **kwargs)
+
+ def get_queryset(self):
+ queryset = list(self.object.get_all_users())
+ return queryset
+
+ def get_context_data(self, **kwargs):
+ users = [str(i) for i in self.object.users.all().values_list('id', flat=True)]
+ user_groups_remain = UserGroup.objects.exclude(
+ databaseapppermission=self.object)
+ context = {
+ 'app': _('Perms'),
+ 'action': _('DatabaseApp permission user list'),
+ 'users': users,
+ 'user_groups_remain': user_groups_remain,
+ }
+ kwargs.update(context)
+ return super().get_context_data(**kwargs)
+
+
+class DatabaseAppPermissionDatabaseAppView(PermissionsMixin,
+ SingleObjectMixin,
+ ListView):
+ template_name = 'perms/database_app_permission_database_app.html'
+ context_object_name = 'database_app_permission'
+ paginate_by = settings.DISPLAY_PER_PAGE
+ object = None
+ permission_classes = [IsOrgAdmin]
+
+ def get(self, request, *args, **kwargs):
+ self.object = self.get_object(
+ queryset=models.DatabaseAppPermission.objects.all()
+ )
+ return super().get(request, *args, **kwargs)
+
+ def get_queryset(self):
+ queryset = list(self.object.get_all_database_apps())
+ return queryset
+
+ def get_context_data(self, **kwargs):
+ database_apps = self.object.get_all_database_apps().values_list('id', flat=True)
+ database_apps = [str(i) for i in database_apps]
+ system_users_remain = SystemUser.objects\
+ .exclude(granted_by_database_app_permissions=self.object)\
+ .filter(protocol=SystemUser.PROTOCOL_MYSQL)
+ context = {
+ 'app': _('Perms'),
+ 'database_apps': database_apps,
+ 'database_apps_remain': DatabaseApp.objects.exclude(
+ granted_by_permissions=self.object
+ ),
+ 'system_users_remain': system_users_remain,
+ 'action': _('DatabaseApp permission DatabaseApp list'),
+ }
+ kwargs.update(context)
+ return super().get_context_data(**kwargs)
diff --git a/apps/perms/views/remote_app_permission.py b/apps/perms/views/remote_app_permission.py
index 742a5fd85..875600c68 100644
--- a/apps/perms/views/remote_app_permission.py
+++ b/apps/perms/views/remote_app_permission.py
@@ -48,7 +48,7 @@ class RemoteAppPermissionCreateView(PermissionsMixin, CreateView):
context = {
'app': _('Perms'),
'action': _('Create RemoteApp permission'),
- 'type': 'create'
+ 'api_action': 'create'
}
kwargs.update(context)
return super().get_context_data(**kwargs)
@@ -65,7 +65,7 @@ class RemoteAppPermissionUpdateView(PermissionsMixin, UpdateView):
context = {
'app': _('Perms'),
'action': _('Update RemoteApp permission'),
- 'type': 'update'
+ 'api_action': 'update'
}
kwargs.update(context)
return super().get_context_data(**kwargs)
@@ -77,12 +77,13 @@ class RemoteAppPermissionDetailView(PermissionsMixin, DetailView):
permission_classes = [IsOrgAdmin]
def get_context_data(self, **kwargs):
+ system_users_remain = SystemUser.objects\
+ .exclude(granted_by_remote_app_permissions=self.object)\
+ .filter(protocol=SystemUser.PROTOCOL_RDP)
context = {
'app': _('Perms'),
'action': _('RemoteApp permission detail'),
- 'system_users_remain': SystemUser.objects.exclude(
- granted_by_remote_app_permissions=self.object
- ),
+ 'system_users_remain': system_users_remain,
}
kwargs.update(context)
return super().get_context_data(**kwargs)
@@ -107,10 +108,10 @@ class RemoteAppPermissionUserView(PermissionsMixin,
return queryset
def get_context_data(self, **kwargs):
- user_remain = current_org.get_org_members(exclude=('Auditor',)).exclude(
- remoteapppermission=self.object)
- user_groups_remain = UserGroup.objects.exclude(
- remoteapppermission=self.object)
+ user_remain = current_org.get_org_members(exclude=('Auditor',))\
+ .exclude(remoteapppermission=self.object)
+ user_groups_remain = UserGroup.objects\
+ .exclude(remoteapppermission=self.object)
context = {
'app': _('Perms'),
'action': _('RemoteApp permission user list'),
diff --git a/apps/templates/_nav.html b/apps/templates/_nav.html
index 578cedfa6..5ad4a2618 100644
--- a/apps/templates/_nav.html
+++ b/apps/templates/_nav.html
@@ -61,6 +61,7 @@
{% endif %}
@@ -78,6 +79,9 @@
{% trans 'RemoteApp' %}
+
+ {% trans 'DatabaseApp' %}
+
{% endif %}
diff --git a/apps/templates/_nav_user.html b/apps/templates/_nav_user.html
index 8196a4f44..bc8ff88a7 100644
--- a/apps/templates/_nav_user.html
+++ b/apps/templates/_nav_user.html
@@ -16,6 +16,11 @@
{% trans 'RemoteApp' %}
+
+
+ {% trans 'DatabaseApp' %}
+
+
{% endif %}
diff --git a/apps/terminal/migrations/0020_auto_20191218_1721.py b/apps/terminal/migrations/0020_auto_20191218_1721.py
new file mode 100644
index 000000000..d9c6bfa5b
--- /dev/null
+++ b/apps/terminal/migrations/0020_auto_20191218_1721.py
@@ -0,0 +1,18 @@
+# Generated by Django 2.1.11 on 2019-12-18 09:21
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+ dependencies = [
+ ('terminal', '0019_auto_20191206_1000'),
+ ]
+
+ operations = [
+ migrations.AlterField(
+ model_name='session',
+ name='protocol',
+ field=models.CharField(choices=[('ssh', 'ssh'), ('rdp', 'rdp'), ('vnc', 'vnc'), ('telnet', 'telnet'), ('mysql', 'mysql')], db_index=True, default='ssh', max_length=8),
+ ),
+ ]
diff --git a/apps/terminal/models.py b/apps/terminal/models.py
index f6676383a..5cb6583d8 100644
--- a/apps/terminal/models.py
+++ b/apps/terminal/models.py
@@ -169,6 +169,7 @@ class Session(OrgModelMixin):
('rdp', 'rdp'),
('vnc', 'vnc'),
('telnet', 'telnet'),
+ ('mysql', 'mysql'),
)
id = models.UUIDField(default=uuid.uuid4, primary_key=True)
diff --git a/apps/terminal/templates/terminal/command_list.html b/apps/terminal/templates/terminal/command_list.html
index 1fc6f1d76..5e2dcddc9 100644
--- a/apps/terminal/templates/terminal/command_list.html
+++ b/apps/terminal/templates/terminal/command_list.html
@@ -168,7 +168,7 @@ $(document).ready(function () {
function format(d) {
- var output = $("");
+ var output = $("");
output.append('$ ', d.input);
output.append('\r\n\r\n');
diff --git a/apps/terminal/templates/terminal/session_detail.html b/apps/terminal/templates/terminal/session_detail.html
index 1c96e3ee7..37f256d70 100644
--- a/apps/terminal/templates/terminal/session_detail.html
+++ b/apps/terminal/templates/terminal/session_detail.html
@@ -55,7 +55,7 @@
| {{ forloop.counter }} |
{{ command.input | truncatechars:40 }} |
-
+
$ {{ command.input }}
{{ command.output }}
| |