github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

[Update] 权限页面增加过滤规则 (#2349)

pull/2350/head^2
老广 2019-01-15 19:01:33 +08:00 committed by GitHub
parent d026b31c9f
commit 176052e8e9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
13 changed files with 320 additions and 170 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
apps/assets/tasks.py
View File

@ -229,7 +229,8 @@ def test_admin_user_connectivity_period():
@shared_task
def test_admin_user_connectivity_manual(admin_user):
task_name = _("Test admin user connectivity: {}").format(admin_user.name)
return test_admin_user_connectivity_util(admin_user, task_name)
test_admin_user_connectivity_util(admin_user, task_name)
return True
## System user connective ##

BIN
apps/locale/zh/LC_MESSAGES/django.mo
View File

Binary file not shown.

245
apps/locale/zh/LC_MESSAGES/django.po
View File

@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: Jumpserver 0.3.3\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2018-12-27 15:48+0800\n"
"POT-Creation-Date: 2019-01-15 17:56+0800\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: ibuler <ibuler@qq.com>\n"
"Language-Team: Jumpserver team<ibuler@qq.com>\n"
@ -17,11 +17,11 @@ msgstr ""
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
#: assets/api/node.py:261
#: assets/api/node.py:264
msgid "Update node asset hardware information: {}"
msgstr "更新节点资产硬件信息: {}"
#: assets/api/node.py:275
#: assets/api/node.py:278
msgid "Test if the assets under the node are connectable: {}"
msgstr "测试节点下资产是否可连接: {}"
@ -65,9 +65,10 @@ msgstr "网域"
#: assets/forms/asset.py:124 assets/models/node.py:31
#: assets/templates/assets/asset_create.html:30
#: assets/templates/assets/asset_update.html:35 perms/forms.py:45
#: perms/forms.py:52 perms/models.py:79
#: perms/forms.py:52 perms/models.py:85
#: perms/templates/perms/asset_permission_list.html:57
#: perms/templates/perms/asset_permission_list.html:117
#: perms/templates/perms/asset_permission_list.html:77
#: perms/templates/perms/asset_permission_list.html:126
#: xpack/plugins/cloud/models.py:123
#: xpack/plugins/cloud/templates/cloud/sync_instance_task_detail.html:63
#: xpack/plugins/cloud/templates/cloud/sync_instance_task_instance.html:66
@ -118,8 +119,8 @@ msgstr "端口"
#: perms/models.py:31
#: perms/templates/perms/asset_permission_create_update.html:45
#: perms/templates/perms/asset_permission_list.html:56
#: perms/templates/perms/asset_permission_list.html:114
#: terminal/backends/command/models.py:13 terminal/models.py:141
#: perms/templates/perms/asset_permission_list.html:123
#: terminal/backends/command/models.py:13 terminal/models.py:143
#: terminal/templates/terminal/command_list.html:40
#: terminal/templates/terminal/command_list.html:73
#: terminal/templates/terminal/session_list.html:41
@ -156,10 +157,11 @@ msgstr "不能包含特殊字符"
#: orgs/models.py:12 perms/models.py:28
#: perms/templates/perms/asset_permission_detail.html:62
#: perms/templates/perms/asset_permission_list.html:53
#: perms/templates/perms/asset_permission_user.html:54 terminal/models.py:20
#: terminal/models.py:198 terminal/templates/terminal/terminal_detail.html:43
#: perms/templates/perms/asset_permission_list.html:72
#: perms/templates/perms/asset_permission_user.html:54 terminal/models.py:21
#: terminal/models.py:212 terminal/templates/terminal/terminal_detail.html:43
#: terminal/templates/terminal/terminal_list.html:29 users/models/group.py:14
#: users/models/user.py:53 users/templates/users/_select_user_modal.html:13
#: users/models/user.py:55 users/templates/users/_select_user_modal.html:13
#: users/templates/users/user_detail.html:63
#: users/templates/users/user_group_detail.html:55
#: users/templates/users/user_group_list.html:12
@ -183,8 +185,9 @@ msgstr "名称"
#: assets/templates/assets/system_user_detail.html:62
#: assets/templates/assets/system_user_list.html:30
#: audits/templates/audits/login_log_list.html:49
#: perms/templates/perms/asset_permission_list.html:76
#: perms/templates/perms/asset_permission_user.html:55 users/forms.py:15
#: users/forms.py:33 users/models/authentication.py:77 users/models/user.py:51
#: users/forms.py:33 users/models/authentication.py:77 users/models/user.py:53
#: users/templates/users/_select_user_modal.html:14
#: users/templates/users/login.html:64
#: users/templates/users/user_detail.html:67
@ -210,7 +213,7 @@ msgstr "密码或密钥密码"
msgid "Password"
msgstr "密码"
#: assets/forms/user.py:29 users/models/user.py:80
#: assets/forms/user.py:29 users/models/user.py:82
msgid "Private key"
msgstr "ssh私钥"
@ -274,6 +277,7 @@ msgstr "IP"
#: assets/templates/assets/user_asset_list.html:45
#: assets/templates/assets/user_asset_list.html:150 common/forms.py:130
#: perms/templates/perms/asset_permission_asset.html:54
#: perms/templates/perms/asset_permission_list.html:75
#: users/templates/users/user_granted_asset.html:44
#: users/templates/users/user_group_granted_asset.html:44
msgid "Hostname"
@ -381,8 +385,8 @@ msgstr "标签管理"
#: assets/templates/assets/domain_detail.html:72
#: assets/templates/assets/system_user_detail.html:100
#: ops/templates/ops/adhoc_detail.html:86 orgs/models.py:15 perms/models.py:37
#: perms/models.py:84 perms/templates/perms/asset_permission_detail.html:98
#: users/models/user.py:94 users/templates/users/user_detail.html:111
#: perms/models.py:90 perms/templates/perms/asset_permission_detail.html:98
#: users/models/user.py:96 users/templates/users/user_detail.html:111
#: xpack/plugins/cloud/models.py:55 xpack/plugins/cloud/models.py:127
msgid "Created by"
msgstr "创建者"
@ -394,7 +398,7 @@ msgstr "创建者"
#: assets/templates/assets/domain_detail.html:68
#: assets/templates/assets/system_user_detail.html:96
#: ops/templates/ops/adhoc_detail.html:90 ops/templates/ops/task_detail.html:64
#: orgs/models.py:16 perms/models.py:38 perms/models.py:85
#: orgs/models.py:16 perms/models.py:38 perms/models.py:91
#: perms/templates/perms/asset_permission_detail.html:94
#: terminal/templates/terminal/terminal_detail.html:59 users/models/group.py:17
#: users/templates/users/user_group_detail.html:63
@ -422,9 +426,9 @@ msgstr "创建日期"
#: assets/templates/assets/system_user_list.html:37
#: assets/templates/assets/user_asset_list.html:159 common/models.py:34
#: ops/models/adhoc.py:43 orgs/models.py:17 perms/models.py:39
#: perms/models.py:86 perms/templates/perms/asset_permission_detail.html:102
#: terminal/models.py:30 terminal/templates/terminal/terminal_detail.html:63
#: users/models/group.py:15 users/models/user.py:86
#: perms/models.py:92 perms/templates/perms/asset_permission_detail.html:102
#: terminal/models.py:31 terminal/templates/terminal/terminal_detail.html:63
#: users/models/group.py:15 users/models/user.py:88
#: users/templates/users/user_detail.html:127
#: users/templates/users/user_group_detail.html:67
#: users/templates/users/user_group_list.html:14
@ -475,7 +479,7 @@ msgstr "带宽"
msgid "Contact"
msgstr "联系人"
#: assets/models/cluster.py:22 users/models/user.py:72
#: assets/models/cluster.py:22 users/models/user.py:74
#: users/templates/users/user_detail.html:76
msgid "Phone"
msgstr "手机"
@ -501,7 +505,7 @@ msgid "Default"
msgstr "默认"
#: assets/models/cluster.py:36 assets/models/label.py:14
#: users/models/user.py:439
#: users/models/user.py:441
msgid "System"
msgstr "系统"
@ -529,8 +533,8 @@ msgstr "BGP全网通"
msgid "Regex"
msgstr "正则表达式"
#: assets/models/cmd_filter.py:36 ops/models/command.py:19
#: ops/templates/ops/command_execution_list.html:60 terminal/models.py:147
#: assets/models/cmd_filter.py:36 ops/models/command.py:21
#: ops/templates/ops/command_execution_list.html:60 terminal/models.py:149
#: terminal/templates/terminal/command_list.html:55
#: terminal/templates/terminal/command_list.html:71
#: terminal/templates/terminal/session_detail.html:48
@ -633,13 +637,13 @@ msgstr "默认资产组"
#: perms/models.py:29
#: perms/templates/perms/asset_permission_create_update.html:41
#: perms/templates/perms/asset_permission_list.html:54
#: perms/templates/perms/asset_permission_list.html:108 templates/index.html:87
#: terminal/backends/command/models.py:12 terminal/models.py:140
#: perms/templates/perms/asset_permission_list.html:117 templates/index.html:87
#: terminal/backends/command/models.py:12 terminal/models.py:142
#: terminal/templates/terminal/command_list.html:32
#: terminal/templates/terminal/command_list.html:72
#: terminal/templates/terminal/session_list.html:33
#: terminal/templates/terminal/session_list.html:71 users/forms.py:303
#: users/models/user.py:33 users/models/user.py:427
#: users/models/user.py:33 users/models/user.py:429
#: users/templates/users/user_group_detail.html:78
#: users/templates/users/user_group_list.html:13 users/views/user.py:386
#: xpack/plugins/orgs/forms.py:26
@ -717,11 +721,11 @@ msgstr "登录模式"
#: assets/models/user.py:247 assets/templates/assets/user_asset_list.html:156
#: audits/models.py:19 audits/templates/audits/ftp_log_list.html:49
#: audits/templates/audits/ftp_log_list.html:72 perms/forms.py:48
#: perms/models.py:33 perms/models.py:81
#: perms/models.py:33 perms/models.py:87
#: perms/templates/perms/asset_permission_detail.html:140
#: perms/templates/perms/asset_permission_list.html:58
#: perms/templates/perms/asset_permission_list.html:120 templates/_nav.html:25
#: terminal/backends/command/models.py:14 terminal/models.py:142
#: perms/templates/perms/asset_permission_list.html:129 templates/_nav.html:25
#: terminal/backends/command/models.py:14 terminal/models.py:144
#: terminal/templates/terminal/command_list.html:48
#: terminal/templates/terminal/command_list.html:74
#: terminal/templates/terminal/session_list.html:49
@ -735,68 +739,68 @@ msgstr "系统用户"
msgid "%(value)s is not an even number"
msgstr "%(value)s is not an even number"
#: assets/tasks.py:31
#: assets/tasks.py:33
msgid "Asset has been disabled, skipped: {}"
msgstr "资产或许不支持ansible, 跳过: {}"
#: assets/tasks.py:35
#: assets/tasks.py:37
msgid "Asset may not be support ansible, skipped: {}"
msgstr "资产或许不支持ansible, 跳过: {}"
#: assets/tasks.py:40
#: assets/tasks.py:42
msgid "No assets matched, stop task"
msgstr "没有匹配到资产,结束任务"
#: assets/tasks.py:65
#: assets/tasks.py:67
msgid "Get asset info failed: {}"
msgstr "获取资产信息失败:{}"
#: assets/tasks.py:115
#: assets/tasks.py:117
msgid "Update some assets hardware info"
msgstr "更新资产硬件信息"
#: assets/tasks.py:134
#: assets/tasks.py:136
msgid "Update asset hardware info: {}"
msgstr "更新资产硬件信息: {}"
#: assets/tasks.py:159
#: assets/tasks.py:161
msgid "Test assets connectivity"
msgstr "测试资产可连接性"
#: assets/tasks.py:183
#: assets/tasks.py:185
msgid "Test assets connectivity: {}"
msgstr "测试资产可连接性: {}"
#: assets/tasks.py:222
#: assets/tasks.py:224
msgid "Test admin user connectivity period: {}"
msgstr "定期测试管理账号可连接性: {}"
#: assets/tasks.py:228
#: assets/tasks.py:231
msgid "Test admin user connectivity: {}"
msgstr "测试管理行号可连接性: {}"
#: assets/tasks.py:266
#: assets/tasks.py:270
msgid "Test system user connectivity: {}"
msgstr "测试系统用户可连接性: {}"
#: assets/tasks.py:273
#: assets/tasks.py:277
msgid "Test system user connectivity: {} => {}"
msgstr "测试系统用户可连接性: {} => {}"
#: assets/tasks.py:286
#: assets/tasks.py:290
msgid "Test system user connectivity period: {}"
msgstr "定期测试系统用户可连接性: {}"
#: assets/tasks.py:358
#: assets/tasks.py:362
msgid ""
"Push system user task skip, auto push not enable or protocol is not ssh: {}"
msgstr "推送系统用户任务跳过自动推送没有打开或协议不是ssh: {}"
#: assets/tasks.py:378 assets/tasks.py:392
#: assets/tasks.py:382 assets/tasks.py:396
msgid "Push system users to assets: {}"
msgstr "推送系统用户到入资产: {}"
#: assets/tasks.py:384
#: assets/tasks.py:388
msgid "Push system users to asset: {} => {}"
msgstr "推送系统用户到入资产: {} => {}"
@ -1021,7 +1025,7 @@ msgstr "测试"
#: assets/templates/assets/system_user_detail.html:26
#: assets/templates/assets/system_user_list.html:92 audits/models.py:32
#: perms/templates/perms/asset_permission_detail.html:30
#: perms/templates/perms/asset_permission_list.html:166
#: perms/templates/perms/asset_permission_list.html:175
#: terminal/templates/terminal/terminal_detail.html:16
#: terminal/templates/terminal/terminal_list.html:71
#: users/templates/users/user_detail.html:25
@ -1056,7 +1060,7 @@ msgstr "更新"
#: common/templates/common/terminal_setting.html:112
#: ops/templates/ops/task_list.html:72
#: perms/templates/perms/asset_permission_detail.html:34
#: perms/templates/perms/asset_permission_list.html:167
#: perms/templates/perms/asset_permission_list.html:176
#: terminal/templates/terminal/terminal_list.html:73
#: users/templates/users/user_detail.html:30
#: users/templates/users/user_group_detail.html:32
@ -1166,10 +1170,10 @@ msgstr "快速修改"
#: assets/templates/assets/asset_detail.html:151
#: assets/templates/assets/user_asset_list.html:47 perms/models.py:34
#: perms/models.py:82
#: perms/models.py:88
#: perms/templates/perms/asset_permission_create_update.html:52
#: perms/templates/perms/asset_permission_detail.html:120
#: perms/templates/perms/asset_permission_list.html:59
#: perms/templates/perms/asset_permission_list.html:73
#: terminal/templates/terminal/terminal_list.html:34
#: users/templates/users/_select_user_modal.html:18
#: users/templates/users/user_detail.html:144
@ -1657,7 +1661,7 @@ msgstr "系统用户资产"
#: audits/templates/audits/ftp_log_list.html:73
#: audits/templates/audits/operate_log_list.html:70
#: audits/templates/audits/password_change_log_list.html:52
#: terminal/models.py:144 terminal/templates/terminal/session_list.html:74
#: terminal/models.py:146 terminal/templates/terminal/session_list.html:74
#: terminal/templates/terminal/terminal_detail.html:47
msgid "Remote addr"
msgstr "远端地址"
@ -1700,7 +1704,7 @@ msgstr "修改者"
#: ops/templates/ops/adhoc_history_detail.html:61
#: ops/templates/ops/command_execution_list.html:65
#: ops/templates/ops/task_history.html:58 perms/models.py:35
#: perms/templates/perms/asset_permission_detail.html:86 terminal/models.py:151
#: perms/templates/perms/asset_permission_detail.html:86 terminal/models.py:153
#: terminal/templates/terminal/session_list.html:78
msgid "Date start"
msgstr "开始日期"
@ -1744,7 +1748,7 @@ msgid "City"
msgstr "城市"
#: audits/templates/audits/login_log_list.html:54 users/forms.py:162
#: users/models/authentication.py:82 users/models/user.py:75
#: users/models/authentication.py:82 users/models/user.py:77
#: users/templates/users/first_login.html:45
msgid "MFA"
msgstr "MFA"
@ -1801,37 +1805,41 @@ msgstr "登录日志"
msgid "Command execution list"
msgstr "命令执行列表"
#: common/api.py:22
#: common/api.py:27
msgid "Test mail sent to {}, please check"
msgstr "邮件已经发送{}, 请检查"
#: common/api.py:46
#: common/api.py:51
msgid "Test ldap success"
msgstr "连接LDAP成功"
#: common/api.py:76
#: common/api.py:81
msgid "Search no entry matched in ou {}"
msgstr "在ou:{}中没有匹配条目"
#: common/api.py:85
#: common/api.py:90
msgid "Match {} s users"
msgstr "匹配 {} 个用户"
#: common/api.py:108 common/api.py:144
#: common/api.py:113 common/api.py:149
msgid ""
"Error: Account invalid (Please make sure the information such as Access key "
"or Secret key is correct)"
msgstr "错误:账户无效 (请确保 Access key 或 Secret key 等信息正确)"
#: common/api.py:114 common/api.py:150
#: common/api.py:119 common/api.py:155
msgid "Create succeed"
msgstr "创建成功"
#: common/api.py:132 common/api.py:170
#: common/api.py:137 common/api.py:175
#: common/templates/common/terminal_setting.html:151
msgid "Delete succeed"
msgstr "删除成功"
#: common/api.py:221
msgid "Waiting ...\n"
msgstr ""
#: common/const.py:6
#, python-format
msgid "<b>%(name)s</b> was created successfully"
@ -2210,7 +2218,7 @@ msgid "Password check rule"
msgstr "密码校验规则"
#: common/templates/common/terminal_setting.html:76 terminal/forms.py:27
#: terminal/models.py:24
#: terminal/models.py:25
msgid "Command storage"
msgstr "命令存储"
@ -2227,7 +2235,7 @@ msgid "Add"
msgstr "添加"
#: common/templates/common/terminal_setting.html:98 terminal/forms.py:32
#: terminal/models.py:25
#: terminal/models.py:26
msgid "Replay storage"
msgstr "录像存储"
@ -2272,10 +2280,6 @@ msgstr ""
"div><div>如果你看到了这个页面证明你访问的不是nginx监听的端口祝你好运</"
"div>"
#: ops/api/celery.py:32
msgid "Waiting ..."
msgstr ""
#: ops/models/adhoc.py:38
msgid "Interval"
msgstr "间隔"
@ -2353,19 +2357,19 @@ msgstr "结果"
msgid "Adhoc result summary"
msgstr "汇总"
#: ops/models/command.py:20 xpack/plugins/cloud/models.py:170
#: ops/models/command.py:22 xpack/plugins/cloud/models.py:170
msgid "Result"
msgstr "结果"
#: ops/models/command.py:55
#: ops/models/command.py:57
msgid "Task start"
msgstr "任务开始"
#: ops/models/command.py:67
#: ops/models/command.py:71
msgid "Command `{}` is forbidden ........"
msgstr "命令 `{}` 不允许被执行 ......."
#: ops/models/command.py:73
#: ops/models/command.py:77
msgid "Task end"
msgstr "任务结束"
@ -2470,6 +2474,12 @@ msgstr "没有资产"
msgid "Success assets"
msgstr "成功资产"
#: ops/templates/ops/celery_task_log.html:4
#, fuzzy
#| msgid "Task list"
msgid "Task log"
msgstr "任务列表"
#: ops/templates/ops/command_execution_create.html:71
#: terminal/templates/terminal/session_detail.html:91
#: terminal/templates/terminal/session_detail.html:100
@ -2560,10 +2570,10 @@ msgstr "命令执行"
msgid "Organization"
msgstr "组织管理"
#: perms/forms.py:39 perms/models.py:30 perms/models.py:80
#: perms/forms.py:39 perms/models.py:30 perms/models.py:86
#: perms/templates/perms/asset_permission_list.html:55
#: perms/templates/perms/asset_permission_list.html:111 templates/_nav.html:14
#: users/forms.py:273 users/models/group.py:26 users/models/user.py:59
#: perms/templates/perms/asset_permission_list.html:120 templates/_nav.html:14
#: users/forms.py:273 users/models/group.py:26 users/models/user.py:61
#: users/templates/users/_select_user_modal.html:16
#: users/templates/users/user_detail.html:213
#: users/templates/users/user_list.html:26
@ -2579,14 +2589,14 @@ msgstr "用户和用户组至少选一个"
msgid "Asset or group at least one required"
msgstr "资产和节点至少选一个"
#: perms/models.py:36 perms/models.py:83
#: perms/models.py:36 perms/models.py:89
#: perms/templates/perms/asset_permission_detail.html:90
#: users/models/user.py:91 users/templates/users/user_detail.html:107
#: users/models/user.py:93 users/templates/users/user_detail.html:107
#: users/templates/users/user_profile.html:116
msgid "Date expired"
msgstr "失效日期"
#: perms/models.py:45 perms/models.py:92 templates/_nav.html:34
#: perms/models.py:45 perms/models.py:98 templates/_nav.html:34
msgid "Asset permission"
msgstr "资产授权"
@ -2647,6 +2657,13 @@ msgstr "选择系统用户"
msgid "Create permission"
msgstr "创建授权规则"
#: perms/templates/perms/asset_permission_list.html:59
#: users/templates/users/user_list.html:28 xpack/plugins/cloud/models.py:53
#: xpack/plugins/cloud/templates/cloud/account_detail.html:60
#: xpack/plugins/cloud/templates/cloud/account_list.html:14
msgid "Validity"
msgstr "有效"
#: perms/templates/perms/asset_permission_user.html:35
msgid "User list of "
msgstr "用户列表"
@ -2801,7 +2818,7 @@ msgstr ""
#: users/views/group.py:60 users/views/group.py:76 users/views/group.py:92
#: users/views/login.py:349 users/views/user.py:68 users/views/user.py:83
#: users/views/user.py:113 users/views/user.py:194 users/views/user.py:355
#: users/views/user.py:405 users/views/user.py:444
#: users/views/user.py:405 users/views/user.py:445
msgid "Users"
msgstr "用户管理"
@ -3054,55 +3071,55 @@ msgstr ""
"录像文件支持存储到服务器端硬盘、AWS S3、 阿里云 OSS 中,默认存储到服务器端硬"
"盘, 更多查看文档"
#: terminal/models.py:21
#: terminal/models.py:22
msgid "Remote Address"
msgstr "远端地址"
#: terminal/models.py:22
#: terminal/models.py:23
msgid "SSH Port"
msgstr "SSH端口"
#: terminal/models.py:23
#: terminal/models.py:24
msgid "HTTP Port"
msgstr "HTTP端口"
#: terminal/models.py:111
#: terminal/models.py:113
msgid "Session Online"
msgstr "在线会话"
#: terminal/models.py:112
#: terminal/models.py:114
msgid "CPU Usage"
msgstr "CPU使用"
#: terminal/models.py:113
#: terminal/models.py:115
msgid "Memory Used"
msgstr "内存使用"
#: terminal/models.py:114
#: terminal/models.py:116
msgid "Connections"
msgstr "连接数"
#: terminal/models.py:115
#: terminal/models.py:117
msgid "Threads"
msgstr "线程数"
#: terminal/models.py:116
#: terminal/models.py:118
msgid "Boot Time"
msgstr "运行时间"
#: terminal/models.py:146 terminal/templates/terminal/session_list.html:104
#: terminal/models.py:148 terminal/templates/terminal/session_list.html:104
msgid "Replay"
msgstr "回放"
#: terminal/models.py:150
#: terminal/models.py:152
msgid "Date last active"
msgstr "最后活跃日期"
#: terminal/models.py:152
#: terminal/models.py:154
msgid "Date end"
msgstr "结束日期"
#: terminal/models.py:199
#: terminal/models.py:213
msgid "Args"
msgstr "参数"
@ -3259,7 +3276,7 @@ msgstr "请先进行用户名和密码验证"
msgid "MFA certification failed"
msgstr "MFA认证失败"
#: users/api/user.py:140
#: users/api/user.py:145
msgid "Could not reset self otp, use profile reset instead"
msgstr "不能再该页面重置MFA, 请去个人信息页面重置"
@ -3318,7 +3335,7 @@ msgstr ""
msgid "MFA code"
msgstr "MFA 验证码"
#: users/forms.py:52 users/models/user.py:63
#: users/forms.py:52 users/models/user.py:65
#: users/templates/users/_select_user_modal.html:15
#: users/templates/users/user_detail.html:87
#: users/templates/users/user_list.html:25
@ -3406,7 +3423,7 @@ msgstr "自动配置并下载SSH密钥"
msgid "Paste your id_rsa.pub here."
msgstr "复制你的公钥到这里"
#: users/forms.py:250 users/models/user.py:83
#: users/forms.py:250 users/models/user.py:85
#: users/templates/users/first_login.html:42
#: users/templates/users/user_password_update.html:46
#: users/templates/users/user_profile.html:68
@ -3473,7 +3490,7 @@ msgstr "Agent"
msgid "Date login"
msgstr "登录日期"
#: users/models/user.py:32 users/models/user.py:435
#: users/models/user.py:32 users/models/user.py:437
msgid "Administrator"
msgstr "管理员"
@ -3496,35 +3513,35 @@ msgstr "启用"
msgid "Force enable"
msgstr "强制启用"
#: users/models/user.py:55 users/templates/users/user_detail.html:71
#: users/models/user.py:57 users/templates/users/user_detail.html:71
#: users/templates/users/user_profile.html:59
msgid "Email"
msgstr "邮件"
#: users/models/user.py:66
#: users/models/user.py:68
msgid "Avatar"
msgstr "头像"
#: users/models/user.py:69 users/templates/users/user_detail.html:82
#: users/models/user.py:71 users/templates/users/user_detail.html:82
msgid "Wechat"
msgstr "微信"
#: users/models/user.py:98 users/templates/users/user_detail.html:103
#: users/models/user.py:100 users/templates/users/user_detail.html:103
#: users/templates/users/user_list.html:27
#: users/templates/users/user_profile.html:100
msgid "Source"
msgstr "用户来源"
#: users/models/user.py:102
#: users/models/user.py:104
msgid "Date password last updated"
msgstr "最后更新密码日期"
#: users/models/user.py:126 users/templates/users/user_update.html:22
#: users/models/user.py:128 users/templates/users/user_update.html:22
#: users/views/login.py:243 users/views/login.py:302 users/views/user.py:418
msgid "User auth from {}, go there change password"
msgstr "用户认证源来自 {}, 请去相应系统修改密码"
#: users/models/user.py:438
#: users/models/user.py:440
msgid "Administrator is the super user of system"
msgstr "Administrator是初始的超级管理员"
@ -3945,12 +3962,6 @@ msgstr "用户组删除"
msgid "UserGroup Deleting failed."
msgstr "用户组删除失败"
#: users/templates/users/user_list.html:28 xpack/plugins/cloud/models.py:53
#: xpack/plugins/cloud/templates/cloud/account_detail.html:60
#: xpack/plugins/cloud/templates/cloud/account_list.html:14
msgid "Validity"
msgstr "账户状态"
#: users/templates/users/user_list.html:203
msgid "This will delete the selected users !!!"
msgstr "删除选中用户 !!!"
@ -4279,7 +4290,7 @@ msgstr "用户组授权资产"
msgid "Please enable cookies and try again."
msgstr "设置你的浏览器支持cookie"
#: users/views/login.py:191 users/views/user.py:531 users/views/user.py:556
#: users/views/login.py:191 users/views/user.py:532 users/views/user.py:557
msgid "MFA code invalid, or ntp sync server time"
msgstr "MFA验证码不正确或者服务器端时间不对"
@ -4320,7 +4331,7 @@ msgstr "Token错误或失效"
msgid "Password not same"
msgstr "密码不一致"
#: users/views/login.py:311 users/views/user.py:128 users/views/user.py:427
#: users/views/login.py:311 users/views/user.py:128 users/views/user.py:428
msgid "* Your password does not meet the requirements"
msgstr "* 您的密码不符合要求"
@ -4352,27 +4363,27 @@ msgstr "个人信息设置"
msgid "Password update"
msgstr "密码更新"
#: users/views/user.py:445
#: users/views/user.py:446
msgid "Public key update"
msgstr "密钥更新"
#: users/views/user.py:486
#: users/views/user.py:487
msgid "Password invalid"
msgstr "用户名或密码无效"
#: users/views/user.py:586
#: users/views/user.py:587
msgid "MFA enable success"
msgstr "MFA 绑定成功"
#: users/views/user.py:587
#: users/views/user.py:588
msgid "MFA enable success, return login page"
msgstr "MFA 绑定成功,返回到登录页面"
#: users/views/user.py:589
#: users/views/user.py:590
msgid "MFA disable success"
msgstr "MFA 解绑成功"
#: users/views/user.py:590
#: users/views/user.py:591
msgid "MFA disable success, return login page"
msgstr "MFA 解绑成功,返回登录页面"
@ -4631,6 +4642,9 @@ msgstr "创建组织"
msgid "Update org"
msgstr "更新组织"
#~ msgid "Valid"
#~ msgstr "账户状态"
#~ msgid "Error: Account invalid"
#~ msgstr "错误: 账户无效"
@ -4643,11 +4657,6 @@ msgstr "更新组织"
#~ msgid "No assets, task stop"
#~ msgstr "没有匹配到资产,结束任务"
#, fuzzy
#~| msgid "Validity"
#~ msgid "Valid"
#~ msgstr "账户状态"
#~ msgid "You can't update the root node name"
#~ msgstr "不能修改根节点名称"

9
apps/ops/tasks.py
View File

@ -1,6 +1,8 @@
# coding: utf-8
import os
import subprocess
from django.conf import settings
from celery import shared_task, subtask
from django.utils import timezone
@ -59,8 +61,9 @@ def clean_tasks_adhoc_period():
@after_app_shutdown_clean_periodic
@register_as_period_task(interval=3600*24)
def clean_celery_tasks_period():
expire_days = 30
logger.debug("Start clean celery task history")
one_month_ago = timezone.now() - timezone.timedelta(days=30)
one_month_ago = timezone.now() - timezone.timedelta(days=expire_days)
tasks = CeleryTask.objects.filter(date_start__lt=one_month_ago)
for task in tasks:
if os.path.isfile(task.full_log_path):
@ -71,6 +74,10 @@ def clean_celery_tasks_period():
task.delete()
tasks = CeleryTask.objects.filter(date_start__isnull=True)
tasks.delete()
command = "find %s -mtime +%s -name '*.log' -type f -exec rm -f {} \\;" % (
settings.CELERY_LOG_DIR, expire_days
)
subprocess.call(command, shell=True)
@shared_task

1
apps/orgs/api.py
View File

@ -66,3 +66,4 @@ class OrgMembershipUsersViewSet(OrgMembershipModelViewSetMixin, BulkModelViewSet
serializer_class = OrgMembershipUserSerializer
membership_class = Organization.users.through
permission_classes = (IsSuperUserOrAppUser, )

7
apps/orgs/mixins.py
View File

@ -4,7 +4,7 @@
from werkzeug.local import Local
from django.db import models
from django.utils.translation import ugettext_lazy as _
from django.shortcuts import redirect
from django.shortcuts import redirect, get_object_or_404
from django.forms import ModelForm
from django.http.response import HttpResponseForbidden
from django.core.exceptions import ValidationError
@ -191,7 +191,7 @@ class OrgMembershipModelViewSetMixin:
http_method_names = ['get', 'post', 'delete', 'head', 'options']
def dispatch(self, request, *args, **kwargs):
self.org = Organization.objects.get(pk=kwargs.get('org_id'))
self.org = get_object_or_404(Organization, pk=kwargs.get('org_id'))
return super().dispatch(request, *args, **kwargs)
def get_serializer_context(self):
@ -200,4 +200,5 @@ class OrgMembershipModelViewSetMixin:
return context
def get_queryset(self):
return self.membership_class.objects.filter(organization=self.org)
queryset = self.membership_class.objects.filter(organization=self.org)
return queryset

7
apps/orgs/urls/api_urls.py
View File

@ -9,11 +9,16 @@ from .. import api
app_name = 'orgs'
router = DefaultRouter()
# 将会删除
router.register(r'org/(?P<org_id>[0-9a-zA-Z\-]{36})/membership/admins',
api.OrgMembershipAdminsViewSet, 'membership-admins')
router.register(r'org/(?P<org_id>[0-9a-zA-Z\-]{36})/membership/users',
api.OrgMembershipUsersViewSet, 'membership-users'),
# 替换为这个
router.register(r'orgs/(?P<org_id>[0-9a-zA-Z\-]{36})/membership/admins',
api.OrgMembershipAdminsViewSet, 'membership-admins-2')
router.register(r'orgs/(?P<org_id>[0-9a-zA-Z\-]{36})/membership/users',
api.OrgMembershipUsersViewSet, 'membership-users-2'),
router.register(r'orgs', api.OrgViewSet, 'org')

146
apps/perms/api.py
View File

@ -2,21 +2,26 @@
#
from django.shortcuts import get_object_or_404
from django.utils import timezone
from django.db.models import Q
from rest_framework.views import APIView, Response
from rest_framework.generics import ListAPIView, get_object_or_404, \
RetrieveUpdateAPIView
from rest_framework.generics import (
ListAPIView, get_object_or_404, RetrieveUpdateAPIView
)
from rest_framework import viewsets
from rest_framework.pagination import LimitOffsetPagination
from common.utils import set_or_append_attr_bulk
from common.permissions import IsValidUser, IsOrgAdmin, IsOrgAdminOrAppUser
from common.tree import TreeNode, TreeNodeSerializer
from common.utils import get_object_or_none
from orgs.mixins import RootOrgViewMixin
from orgs.utils import set_to_root_org
from .utils import AssetPermissionUtil
from .models import AssetPermission
from .hands import AssetGrantedSerializer, User, UserGroup, Asset, Node, \
from .hands import (
AssetGrantedSerializer, User, UserGroup, Asset, Node,
SystemUser, NodeSerializer
)
from . import serializers
from .mixins import AssetsFilterMixin
@ -38,6 +43,7 @@ class AssetPermissionViewSet(viewsets.ModelViewSet):
queryset = AssetPermission.objects.all()
serializer_class = serializers.AssetPermissionCreateUpdateSerializer
pagination_class = LimitOffsetPagination
filter_fields = ['name']
permission_classes = (IsOrgAdmin,)
def get_serializer_class(self):
@ -45,36 +51,122 @@ class AssetPermissionViewSet(viewsets.ModelViewSet):
return serializers.AssetPermissionListSerializer
return self.serializer_class
def get_queryset(self):
queryset = super().get_queryset().all()
search = self.request.query_params.get('search')
asset_id = self.request.query_params.get('asset')
node_id = self.request.query_params.get('node')
inherit_nodes = set()
if search:
queryset = queryset.filter(name__icontains=search)
if not asset_id and not node_id:
def filter_valid(self, queryset):
valid = self.request.query_params.get('is_valid', None)
if valid is None:
return queryset
if valid in ['0', 'N', 'false', 'False']:
valid = False
else:
valid = True
now = timezone.now()
if valid:
queryset = queryset.filter(is_active=True).filter(
date_start__lt=now, date_expired__gt=now,
)
else:
queryset = queryset.filter(
Q(is_active=False) |
Q(date_start__gt=now) |
Q(date_expired__lt=now)
)
return queryset
permissions = set()
def filter_system_user(self, queryset):
system_user_id = self.request.query_params.get('system_user_id')
system_user_name = self.request.query_params.get('system_user')
if system_user_id:
system_user = get_object_or_none(SystemUser, pk=system_user_id)
elif system_user_name:
system_user = get_object_or_none(SystemUser, name=system_user_name)
else:
return queryset
if not system_user:
return queryset.none()
queryset = queryset.filter(system_users=system_user)
return queryset
def filter_node(self, queryset):
node_id = self.request.query_params.get('node_id')
node_name = self.request.query_params.get('node')
if node_id:
node = get_object_or_none(Node, pk=node_id)
elif node_name:
node = get_object_or_none(Node, name=node_name)
else:
return queryset
if not node:
return queryset.none()
nodes = node.get_ancestor(with_self=True)
queryset = queryset.filter(nodes__in=nodes)
return queryset
def filter_asset(self, queryset):
asset_id = self.request.query_params.get('asset_id')
hostname = self.request.query_params.get('hostname')
ip = self.request.query_params.get('ip')
if asset_id:
asset = get_object_or_404(Asset, pk=asset_id)
permissions = set(queryset.filter(assets=asset))
assets = Asset.objects.filter(pk=asset_id)
elif hostname:
assets = Asset.objects.filter(hostname=hostname)
elif ip:
assets = Asset.objects.filter(ip=ip)
else:
return queryset
if not assets:
return queryset.none()
inherit_nodes = set()
for asset in assets:
for node in asset.nodes.all():
inherit_nodes.update(set(node.get_ancestor(with_self=True)))
elif node_id:
node = get_object_or_404(Node, pk=node_id)
permissions = set(queryset.filter(nodes=node))
inherit_nodes = node.get_ancestor()
queryset = queryset.filter(Q(assets__in=assets) | Q(nodes__in=inherit_nodes))
return queryset
for n in inherit_nodes:
_permissions = queryset.filter(nodes=n)
set_or_append_attr_bulk(_permissions, "inherit", n.value)
permissions.update(_permissions)
def filter_user(self, queryset):
user_id = self.request.query_params.get('user_id')
username = self.request.query_params.get('username')
if user_id:
user = get_object_or_none(User, pk=user_id)
elif username:
user = get_object_or_none(User, username=username)
else:
return queryset
if not user:
return queryset.none()
return list(permissions)
def filter_user_group(self, queryset):
user_group_id = self.request.query_params.get('user_group_id')
user_group_name = self.request.query_params.get('user_group')
if user_group_id:
group = get_object_or_none(UserGroup, pk=user_group_id)
elif user_group_name:
group = get_object_or_none(UserGroup, name=user_group_name)
else:
return queryset
if not group:
return queryset.none()
queryset = queryset.filter(user_groups=group)
return queryset
def filter_keyword(self, queryset):
keyword = self.request.query_params.get('search')
if not keyword:
return queryset
queryset = queryset.filter(name__icontains=keyword)
return queryset
def filter_queryset(self, queryset):
queryset = super().filter_queryset(queryset)
queryset = self.filter_valid(queryset)
queryset = self.filter_keyword(queryset)
queryset = self.filter_asset(queryset)
queryset = self.filter_node(queryset)
queryset = self.filter_system_user(queryset)
queryset = self.filter_user_group(queryset)
return queryset
def get_queryset(self):
return self.queryset.all()
class UserGrantedAssetsApi(AssetsFilterMixin, ListAPIView):

8
apps/perms/models.py
View File

@ -51,9 +51,15 @@ class AssetPermission(OrgModelMixin):
def id_str(self):
return str(self.id)
@property
def is_expired(self):
if self.date_expired > timezone.now() > self.date_start:
return False
return True
@property
def is_valid(self):
if self.date_expired > timezone.now() > self.date_start and self.is_active:
if not self.is_expired and self.is_active:
return True
return False

10
apps/perms/serializers.py
View File

@ -28,19 +28,13 @@ class AssetPermissionListSerializer(serializers.ModelSerializer):
assets = StringManyToManyField(many=True, read_only=True)
nodes = StringManyToManyField(many=True, read_only=True)
system_users = StringManyToManyField(many=True, read_only=True)
inherit = serializers.SerializerMethodField()
is_valid = serializers.BooleanField()
is_expired = serializers.BooleanField()
class Meta:
model = AssetPermission
fields = '__all__'
@staticmethod
def get_inherit(obj):
if hasattr(obj, 'inherit'):
return obj.inherit
else:
return None
class AssetPermissionUpdateUserSerializer(serializers.ModelSerializer):

46
apps/perms/templates/perms/asset_permission_list.html
View File

@ -56,7 +56,7 @@
<th class="text-center">{% trans 'Asset' %}</th>
<th class="text-center">{% trans 'Node'%}</th>
<th class="text-center">{% trans 'System user' %}</th>
<th class="text-center">{% trans 'Active' %}</th>
<th class="text-center">{% trans 'Validity' %}</th>
<th class="text-center" >{% trans 'Action' %}</th>
</tr>
</thead>
@ -67,6 +67,17 @@
</div>
</div>
</div>
<ul class="dropdown-menu search-help">
<li><a class="search-item" data-value="name">{% trans 'Name' %}</a></li>
<li><a class="search-item" data-value="is_valid">{% trans 'Validity' %}</a></li>
<li><a class="search-item" data-value="username">{% trans 'Username' %}</a></li>
<li><a class="search-item" data-value="user_group">{% trans 'User group' %}</a></li>
<li><a class="search-item" data-value="ip">IP</a></li>
<li><a class="search-item" data-value="hostname">{% trans 'Hostname' %}</a></li>
<li><a class="search-item" data-value="node">{% trans 'Node' %}</a></li>
<li><a class="search-item" data-value="system_user">{% trans 'System user' %}</a></li>
</ul>
{% endblock %}
{% block custom_foot_js %}
@ -79,11 +90,11 @@ function onSelected(event, treeNode) {
setCookie('node_selected', treeNode.id);
var url = table.ajax.url();
if (treeNode.meta.type === 'node') {
url = setUrlParam(url, 'asset', "");
url = setUrlParam(url, 'node', treeNode.meta.node.id)
url = setUrlParam(url, 'asset_id', "");
url = setUrlParam(url, 'node_id', treeNode.meta.node.id)
} else {
url = setUrlParam(url, 'node', "");
url = setUrlParam(url, 'asset', treeNode.meta.asset.id)
url = setUrlParam(url, 'node_id', "");
url = setUrlParam(url, 'asset_id', treeNode.meta.asset.id)
}
setCookie('node_selected', treeNode.node_id);
table.ajax.url(url);
@ -178,7 +189,7 @@ function initTable() {
{data: "id"}, {data: "name"}, {data: "users"},
{data: "user_groups"}, {data: "assets"},
{data: "nodes"}, {data: "system_users"},
{data: "is_active", orderable: false}, {data: "id", orderable: false}
{data: "is_valid", orderable: false}, {data: "id", orderable: false}
],
select: {},
op_html: $('#actions').html()
@ -231,6 +242,7 @@ function toggle() {
$(document).ready(function(){
initTable();
initTree();
})
.on('click', '.btn-del', function () {
var $this = $(this);
@ -279,6 +291,28 @@ $(document).ready(function(){
}
}
}).on('click', '#permission_list_table_filter input', function (e) {
e.preventDefault();
e.stopPropagation();
var position = $('#permission_list_table_filter input').offset();
var y = position['top'];
var x = position['left'];
x -= 220;
y += 30;
$('.search-help').css({"top":y+"px", "left":x+"px", "position": "absolute"});
$('.dropdown-menu.search-help').show();
}).on('click', '.search-item', function (e) {
e.preventDefault();
e.stopPropagation();
var value = $(this).data('value');
var old_value = $('#permission_list_table_filter input').val();
var new_value = old_value + ' ' + value + ':';
$('#permission_list_table_filter input').val(new_value.trim());
$('.dropdown-menu.search-help').hide();
$('#permission_list_table_filter input').focus()
}).on('click', 'body', function (e) {
$('.dropdown-menu.search-help').hide()
})
</script>

4
apps/static/js/jumpserver.js
View File

@ -478,7 +478,7 @@ jumpserver.initServerSideDataTable = function (options) {
url: options.ajax_url ,
data: function (data) {
delete data.columns;
if (data.length !== null ){
if (data.length !== null){
data.limit = data.length;
delete data.length;
}
@ -525,7 +525,7 @@ jumpserver.initServerSideDataTable = function (options) {
columns: options.columns || [],
select: options.select || select,
language: jumpserver.language,
lengthMenu: [[10, 15, 25, 50], [10, 15, 25, 50]]
lengthMenu: [[15, 25, 50, 9999], [15, 25, 50, 'All']]
});
table.selected = [];
table.selected_rows = [];

4
utils/create_assets_user/bulk_create_user.py
View File

@ -17,13 +17,13 @@ class UserCreation:
self.domain = domain
def auth(self):
url = "{}/api/users/v1/token/".format(self.domain)
url = "{}/api/users/v1/auth/".format(self.domain)
data = {"username": self.username, "password": self.password}
resp = requests.post(url, data=data)
if resp.status_code == 200:
data = resp.json()
self.headers.update({
'Authorization': '{} {}'.format(data['Keyword'], data['Token'])
'Authorization': '{} {}'.format('Bearer', data['token'])
})
else:
print("用户名 或 密码 或 地址 不对")