[Update] 权限页面增加过滤规则 (#2349)

apps/assets/tasks.py

@@ -229,7 +229,8 @@ def test_admin_user_connectivity_period():
 @shared_task
 def test_admin_user_connectivity_manual(admin_user):
     task_name = _("Test admin user connectivity: {}").format(admin_user.name)
-    return test_admin_user_connectivity_util(admin_user, task_name)
+    test_admin_user_connectivity_util(admin_user, task_name)
+    return True
 
 
 ##  System user connective ##

apps/locale/zh/LC_MESSAGES/django.po

@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Jumpserver 0.3.3\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2018-12-27 15:48+0800\n"
+"POT-Creation-Date: 2019-01-15 17:56+0800\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: ibuler <ibuler@qq.com>\n"
 "Language-Team: Jumpserver team<ibuler@qq.com>\n"
@@ -17,11 +17,11 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 
-#: assets/api/node.py:261
+#: assets/api/node.py:264
 msgid "Update node asset hardware information: {}"
 msgstr "更新节点资产硬件信息: {}"
 
-#: assets/api/node.py:275
+#: assets/api/node.py:278
 msgid "Test if the assets under the node are connectable: {}"
 msgstr "测试节点下资产是否可连接: {}"
 
@@ -65,9 +65,10 @@ msgstr "网域"
 #: assets/forms/asset.py:124 assets/models/node.py:31
 #: assets/templates/assets/asset_create.html:30
 #: assets/templates/assets/asset_update.html:35 perms/forms.py:45
-#: perms/forms.py:52 perms/models.py:79
+#: perms/forms.py:52 perms/models.py:85
 #: perms/templates/perms/asset_permission_list.html:57
-#: perms/templates/perms/asset_permission_list.html:117
+#: perms/templates/perms/asset_permission_list.html:77
+#: perms/templates/perms/asset_permission_list.html:126
 #: xpack/plugins/cloud/models.py:123
 #: xpack/plugins/cloud/templates/cloud/sync_instance_task_detail.html:63
 #: xpack/plugins/cloud/templates/cloud/sync_instance_task_instance.html:66
@@ -118,8 +119,8 @@ msgstr "端口"
 #: perms/models.py:31
 #: perms/templates/perms/asset_permission_create_update.html:45
 #: perms/templates/perms/asset_permission_list.html:56
-#: perms/templates/perms/asset_permission_list.html:114
+#: perms/templates/perms/asset_permission_list.html:123
-#: terminal/backends/command/models.py:13 terminal/models.py:141
+#: terminal/backends/command/models.py:13 terminal/models.py:143
 #: terminal/templates/terminal/command_list.html:40
 #: terminal/templates/terminal/command_list.html:73
 #: terminal/templates/terminal/session_list.html:41
@@ -156,10 +157,11 @@ msgstr "不能包含特殊字符"
 #: orgs/models.py:12 perms/models.py:28
 #: perms/templates/perms/asset_permission_detail.html:62
 #: perms/templates/perms/asset_permission_list.html:53
-#: perms/templates/perms/asset_permission_user.html:54 terminal/models.py:20
+#: perms/templates/perms/asset_permission_list.html:72
-#: terminal/models.py:198 terminal/templates/terminal/terminal_detail.html:43
+#: perms/templates/perms/asset_permission_user.html:54 terminal/models.py:21
+#: terminal/models.py:212 terminal/templates/terminal/terminal_detail.html:43
 #: terminal/templates/terminal/terminal_list.html:29 users/models/group.py:14
-#: users/models/user.py:53 users/templates/users/_select_user_modal.html:13
+#: users/models/user.py:55 users/templates/users/_select_user_modal.html:13
 #: users/templates/users/user_detail.html:63
 #: users/templates/users/user_group_detail.html:55
 #: users/templates/users/user_group_list.html:12
@@ -183,8 +185,9 @@ msgstr "名称"
 #: assets/templates/assets/system_user_detail.html:62
 #: assets/templates/assets/system_user_list.html:30
 #: audits/templates/audits/login_log_list.html:49
+#: perms/templates/perms/asset_permission_list.html:76
 #: perms/templates/perms/asset_permission_user.html:55 users/forms.py:15
-#: users/forms.py:33 users/models/authentication.py:77 users/models/user.py:51
+#: users/forms.py:33 users/models/authentication.py:77 users/models/user.py:53
 #: users/templates/users/_select_user_modal.html:14
 #: users/templates/users/login.html:64
 #: users/templates/users/user_detail.html:67
@@ -210,7 +213,7 @@ msgstr "密码或密钥密码"
 msgid "Password"
 msgstr "密码"
 
-#: assets/forms/user.py:29 users/models/user.py:80
+#: assets/forms/user.py:29 users/models/user.py:82
 msgid "Private key"
 msgstr "ssh私钥"
 
@@ -274,6 +277,7 @@ msgstr "IP"
 #: assets/templates/assets/user_asset_list.html:45
 #: assets/templates/assets/user_asset_list.html:150 common/forms.py:130
 #: perms/templates/perms/asset_permission_asset.html:54
+#: perms/templates/perms/asset_permission_list.html:75
 #: users/templates/users/user_granted_asset.html:44
 #: users/templates/users/user_group_granted_asset.html:44
 msgid "Hostname"
@@ -381,8 +385,8 @@ msgstr "标签管理"
 #: assets/templates/assets/domain_detail.html:72
 #: assets/templates/assets/system_user_detail.html:100
 #: ops/templates/ops/adhoc_detail.html:86 orgs/models.py:15 perms/models.py:37
-#: perms/models.py:84 perms/templates/perms/asset_permission_detail.html:98
+#: perms/models.py:90 perms/templates/perms/asset_permission_detail.html:98
-#: users/models/user.py:94 users/templates/users/user_detail.html:111
+#: users/models/user.py:96 users/templates/users/user_detail.html:111
 #: xpack/plugins/cloud/models.py:55 xpack/plugins/cloud/models.py:127
 msgid "Created by"
 msgstr "创建者"
@@ -394,7 +398,7 @@ msgstr "创建者"
 #: assets/templates/assets/domain_detail.html:68
 #: assets/templates/assets/system_user_detail.html:96
 #: ops/templates/ops/adhoc_detail.html:90 ops/templates/ops/task_detail.html:64
-#: orgs/models.py:16 perms/models.py:38 perms/models.py:85
+#: orgs/models.py:16 perms/models.py:38 perms/models.py:91
 #: perms/templates/perms/asset_permission_detail.html:94
 #: terminal/templates/terminal/terminal_detail.html:59 users/models/group.py:17
 #: users/templates/users/user_group_detail.html:63
@@ -422,9 +426,9 @@ msgstr "创建日期"
 #: assets/templates/assets/system_user_list.html:37
 #: assets/templates/assets/user_asset_list.html:159 common/models.py:34
 #: ops/models/adhoc.py:43 orgs/models.py:17 perms/models.py:39
-#: perms/models.py:86 perms/templates/perms/asset_permission_detail.html:102
+#: perms/models.py:92 perms/templates/perms/asset_permission_detail.html:102
-#: terminal/models.py:30 terminal/templates/terminal/terminal_detail.html:63
+#: terminal/models.py:31 terminal/templates/terminal/terminal_detail.html:63
-#: users/models/group.py:15 users/models/user.py:86
+#: users/models/group.py:15 users/models/user.py:88
 #: users/templates/users/user_detail.html:127
 #: users/templates/users/user_group_detail.html:67
 #: users/templates/users/user_group_list.html:14
@@ -475,7 +479,7 @@ msgstr "带宽"
 msgid "Contact"
 msgstr "联系人"
 
-#: assets/models/cluster.py:22 users/models/user.py:72
+#: assets/models/cluster.py:22 users/models/user.py:74
 #: users/templates/users/user_detail.html:76
 msgid "Phone"
 msgstr "手机"
@@ -501,7 +505,7 @@ msgid "Default"
 msgstr "默认"
 
 #: assets/models/cluster.py:36 assets/models/label.py:14
-#: users/models/user.py:439
+#: users/models/user.py:441
 msgid "System"
 msgstr "系统"
 
@@ -529,8 +533,8 @@ msgstr "BGP全网通"
 msgid "Regex"
 msgstr "正则表达式"
 
-#: assets/models/cmd_filter.py:36 ops/models/command.py:19
+#: assets/models/cmd_filter.py:36 ops/models/command.py:21
-#: ops/templates/ops/command_execution_list.html:60 terminal/models.py:147
+#: ops/templates/ops/command_execution_list.html:60 terminal/models.py:149
 #: terminal/templates/terminal/command_list.html:55
 #: terminal/templates/terminal/command_list.html:71
 #: terminal/templates/terminal/session_detail.html:48
@@ -633,13 +637,13 @@ msgstr "默认资产组"
 #: perms/models.py:29
 #: perms/templates/perms/asset_permission_create_update.html:41
 #: perms/templates/perms/asset_permission_list.html:54
-#: perms/templates/perms/asset_permission_list.html:108 templates/index.html:87
+#: perms/templates/perms/asset_permission_list.html:117 templates/index.html:87
-#: terminal/backends/command/models.py:12 terminal/models.py:140
+#: terminal/backends/command/models.py:12 terminal/models.py:142
 #: terminal/templates/terminal/command_list.html:32
 #: terminal/templates/terminal/command_list.html:72
 #: terminal/templates/terminal/session_list.html:33
 #: terminal/templates/terminal/session_list.html:71 users/forms.py:303
-#: users/models/user.py:33 users/models/user.py:427
+#: users/models/user.py:33 users/models/user.py:429
 #: users/templates/users/user_group_detail.html:78
 #: users/templates/users/user_group_list.html:13 users/views/user.py:386
 #: xpack/plugins/orgs/forms.py:26
@@ -717,11 +721,11 @@ msgstr "登录模式"
 #: assets/models/user.py:247 assets/templates/assets/user_asset_list.html:156
 #: audits/models.py:19 audits/templates/audits/ftp_log_list.html:49
 #: audits/templates/audits/ftp_log_list.html:72 perms/forms.py:48
-#: perms/models.py:33 perms/models.py:81
+#: perms/models.py:33 perms/models.py:87
 #: perms/templates/perms/asset_permission_detail.html:140
 #: perms/templates/perms/asset_permission_list.html:58
-#: perms/templates/perms/asset_permission_list.html:120 templates/_nav.html:25
+#: perms/templates/perms/asset_permission_list.html:129 templates/_nav.html:25
-#: terminal/backends/command/models.py:14 terminal/models.py:142
+#: terminal/backends/command/models.py:14 terminal/models.py:144
 #: terminal/templates/terminal/command_list.html:48
 #: terminal/templates/terminal/command_list.html:74
 #: terminal/templates/terminal/session_list.html:49
@@ -735,68 +739,68 @@ msgstr "系统用户"
 msgid "%(value)s is not an even number"
 msgstr "%(value)s is not an even number"
 
-#: assets/tasks.py:31
+#: assets/tasks.py:33
 msgid "Asset has been disabled, skipped: {}"
 msgstr "资产或许不支持ansible, 跳过: {}"
 
-#: assets/tasks.py:35
+#: assets/tasks.py:37
 msgid "Asset may not be support ansible, skipped: {}"
 msgstr "资产或许不支持ansible, 跳过: {}"
 
-#: assets/tasks.py:40
+#: assets/tasks.py:42
 msgid "No assets matched, stop task"
 msgstr "没有匹配到资产，结束任务"
 
-#: assets/tasks.py:65
+#: assets/tasks.py:67
 msgid "Get asset info failed: {}"
 msgstr "获取资产信息失败：{}"
 
-#: assets/tasks.py:115
+#: assets/tasks.py:117
 msgid "Update some assets hardware info"
 msgstr "更新资产硬件信息"
 
-#: assets/tasks.py:134
+#: assets/tasks.py:136
 msgid "Update asset hardware info: {}"
 msgstr "更新资产硬件信息: {}"
 
-#: assets/tasks.py:159
+#: assets/tasks.py:161
 msgid "Test assets connectivity"
 msgstr "测试资产可连接性"
 
-#: assets/tasks.py:183
+#: assets/tasks.py:185
 msgid "Test assets connectivity: {}"
 msgstr "测试资产可连接性: {}"
 
-#: assets/tasks.py:222
+#: assets/tasks.py:224
 msgid "Test admin user connectivity period: {}"
 msgstr "定期测试管理账号可连接性: {}"
 
-#: assets/tasks.py:228
+#: assets/tasks.py:231
 msgid "Test admin user connectivity: {}"
 msgstr "测试管理行号可连接性: {}"
 
-#: assets/tasks.py:266
+#: assets/tasks.py:270
 msgid "Test system user connectivity: {}"
 msgstr "测试系统用户可连接性: {}"
 
-#: assets/tasks.py:273
+#: assets/tasks.py:277
 msgid "Test system user connectivity: {} => {}"
 msgstr "测试系统用户可连接性: {} => {}"
 
-#: assets/tasks.py:286
+#: assets/tasks.py:290
 msgid "Test system user connectivity period: {}"
 msgstr "定期测试系统用户可连接性: {}"
 
-#: assets/tasks.py:358
+#: assets/tasks.py:362
 msgid ""
 "Push system user task skip, auto push not enable or protocol is not ssh: {}"
 msgstr "推送系统用户任务跳过，自动推送没有打开，或协议不是ssh: {}"
 
-#: assets/tasks.py:378 assets/tasks.py:392
+#: assets/tasks.py:382 assets/tasks.py:396
 msgid "Push system users to assets: {}"
 msgstr "推送系统用户到入资产: {}"
 
-#: assets/tasks.py:384
+#: assets/tasks.py:388
 msgid "Push system users to asset: {} => {}"
 msgstr "推送系统用户到入资产: {} => {}"
 
@@ -1021,7 +1025,7 @@ msgstr "测试"
 #: assets/templates/assets/system_user_detail.html:26
 #: assets/templates/assets/system_user_list.html:92 audits/models.py:32
 #: perms/templates/perms/asset_permission_detail.html:30
-#: perms/templates/perms/asset_permission_list.html:166
+#: perms/templates/perms/asset_permission_list.html:175
 #: terminal/templates/terminal/terminal_detail.html:16
 #: terminal/templates/terminal/terminal_list.html:71
 #: users/templates/users/user_detail.html:25
@@ -1056,7 +1060,7 @@ msgstr "更新"
 #: common/templates/common/terminal_setting.html:112
 #: ops/templates/ops/task_list.html:72
 #: perms/templates/perms/asset_permission_detail.html:34
-#: perms/templates/perms/asset_permission_list.html:167
+#: perms/templates/perms/asset_permission_list.html:176
 #: terminal/templates/terminal/terminal_list.html:73
 #: users/templates/users/user_detail.html:30
 #: users/templates/users/user_group_detail.html:32
@@ -1166,10 +1170,10 @@ msgstr "快速修改"
 
 #: assets/templates/assets/asset_detail.html:151
 #: assets/templates/assets/user_asset_list.html:47 perms/models.py:34
-#: perms/models.py:82
+#: perms/models.py:88
 #: perms/templates/perms/asset_permission_create_update.html:52
 #: perms/templates/perms/asset_permission_detail.html:120
-#: perms/templates/perms/asset_permission_list.html:59
+#: perms/templates/perms/asset_permission_list.html:73
 #: terminal/templates/terminal/terminal_list.html:34
 #: users/templates/users/_select_user_modal.html:18
 #: users/templates/users/user_detail.html:144
@@ -1657,7 +1661,7 @@ msgstr "系统用户资产"
 #: audits/templates/audits/ftp_log_list.html:73
 #: audits/templates/audits/operate_log_list.html:70
 #: audits/templates/audits/password_change_log_list.html:52
-#: terminal/models.py:144 terminal/templates/terminal/session_list.html:74
+#: terminal/models.py:146 terminal/templates/terminal/session_list.html:74
 #: terminal/templates/terminal/terminal_detail.html:47
 msgid "Remote addr"
 msgstr "远端地址"
@@ -1700,7 +1704,7 @@ msgstr "修改者"
 #: ops/templates/ops/adhoc_history_detail.html:61
 #: ops/templates/ops/command_execution_list.html:65
 #: ops/templates/ops/task_history.html:58 perms/models.py:35
-#: perms/templates/perms/asset_permission_detail.html:86 terminal/models.py:151
+#: perms/templates/perms/asset_permission_detail.html:86 terminal/models.py:153
 #: terminal/templates/terminal/session_list.html:78
 msgid "Date start"
 msgstr "开始日期"
@@ -1744,7 +1748,7 @@ msgid "City"
 msgstr "城市"
 
 #: audits/templates/audits/login_log_list.html:54 users/forms.py:162
-#: users/models/authentication.py:82 users/models/user.py:75
+#: users/models/authentication.py:82 users/models/user.py:77
 #: users/templates/users/first_login.html:45
 msgid "MFA"
 msgstr "MFA"
@@ -1801,37 +1805,41 @@ msgstr "登录日志"
 msgid "Command execution list"
 msgstr "命令执行列表"
 
-#: common/api.py:22
+#: common/api.py:27
 msgid "Test mail sent to {}, please check"
 msgstr "邮件已经发送{}, 请检查"
 
-#: common/api.py:46
+#: common/api.py:51
 msgid "Test ldap success"
 msgstr "连接LDAP成功"
 
-#: common/api.py:76
+#: common/api.py:81
 msgid "Search no entry matched in ou {}"
 msgstr "在ou:{}中没有匹配条目"
 
-#: common/api.py:85
+#: common/api.py:90
 msgid "Match {} s users"
 msgstr "匹配 {} 个用户"
 
-#: common/api.py:108 common/api.py:144
+#: common/api.py:113 common/api.py:149
 msgid ""
 "Error: Account invalid (Please make sure the information such as Access key "
 "or Secret key is correct)"
 msgstr "错误：账户无效 （请确保 Access key 或 Secret key 等信息正确）"
 
-#: common/api.py:114 common/api.py:150
+#: common/api.py:119 common/api.py:155
 msgid "Create succeed"
 msgstr "创建成功"
 
-#: common/api.py:132 common/api.py:170
+#: common/api.py:137 common/api.py:175
 #: common/templates/common/terminal_setting.html:151
 msgid "Delete succeed"
 msgstr "删除成功"
 
+#: common/api.py:221
+msgid "Waiting ...\n"
+msgstr ""
+
 #: common/const.py:6
 #, python-format
 msgid "<b>%(name)s</b> was created successfully"
@@ -2210,7 +2218,7 @@ msgid "Password check rule"
 msgstr "密码校验规则"
 
 #: common/templates/common/terminal_setting.html:76 terminal/forms.py:27
-#: terminal/models.py:24
+#: terminal/models.py:25
 msgid "Command storage"
 msgstr "命令存储"
 
@@ -2227,7 +2235,7 @@ msgid "Add"
 msgstr "添加"
 
 #: common/templates/common/terminal_setting.html:98 terminal/forms.py:32
-#: terminal/models.py:25
+#: terminal/models.py:26
 msgid "Replay storage"
 msgstr "录像存储"
 
@@ -2272,10 +2280,6 @@ msgstr ""
 "div><div>如果你看到了这个页面，证明你访问的不是nginx监听的端口，祝你好运</"
 "div>"
 
-#: ops/api/celery.py:32
-msgid "Waiting ..."
-msgstr ""
-
 #: ops/models/adhoc.py:38
 msgid "Interval"
 msgstr "间隔"
@@ -2353,19 +2357,19 @@ msgstr "结果"
 msgid "Adhoc result summary"
 msgstr "汇总"
 
-#: ops/models/command.py:20 xpack/plugins/cloud/models.py:170
+#: ops/models/command.py:22 xpack/plugins/cloud/models.py:170
 msgid "Result"
 msgstr "结果"
 
-#: ops/models/command.py:55
+#: ops/models/command.py:57
 msgid "Task start"
 msgstr "任务开始"
 
-#: ops/models/command.py:67
+#: ops/models/command.py:71
 msgid "Command `{}` is forbidden ........"
 msgstr "命令 `{}` 不允许被执行 ......."
 
-#: ops/models/command.py:73
+#: ops/models/command.py:77
 msgid "Task end"
 msgstr "任务结束"
 
@@ -2470,6 +2474,12 @@ msgstr "没有资产"
 msgid "Success assets"
 msgstr "成功资产"
 
+#: ops/templates/ops/celery_task_log.html:4
+#, fuzzy
+#| msgid "Task list"
+msgid "Task log"
+msgstr "任务列表"
+
 #: ops/templates/ops/command_execution_create.html:71
 #: terminal/templates/terminal/session_detail.html:91
 #: terminal/templates/terminal/session_detail.html:100
@@ -2560,10 +2570,10 @@ msgstr "命令执行"
 msgid "Organization"
 msgstr "组织管理"
 
-#: perms/forms.py:39 perms/models.py:30 perms/models.py:80
+#: perms/forms.py:39 perms/models.py:30 perms/models.py:86
 #: perms/templates/perms/asset_permission_list.html:55
-#: perms/templates/perms/asset_permission_list.html:111 templates/_nav.html:14
+#: perms/templates/perms/asset_permission_list.html:120 templates/_nav.html:14
-#: users/forms.py:273 users/models/group.py:26 users/models/user.py:59
+#: users/forms.py:273 users/models/group.py:26 users/models/user.py:61
 #: users/templates/users/_select_user_modal.html:16
 #: users/templates/users/user_detail.html:213
 #: users/templates/users/user_list.html:26
@@ -2579,14 +2589,14 @@ msgstr "用户和用户组至少选一个"
 msgid "Asset or group at least one required"
 msgstr "资产和节点至少选一个"
 
-#: perms/models.py:36 perms/models.py:83
+#: perms/models.py:36 perms/models.py:89
 #: perms/templates/perms/asset_permission_detail.html:90
-#: users/models/user.py:91 users/templates/users/user_detail.html:107
+#: users/models/user.py:93 users/templates/users/user_detail.html:107
 #: users/templates/users/user_profile.html:116
 msgid "Date expired"
 msgstr "失效日期"
 
-#: perms/models.py:45 perms/models.py:92 templates/_nav.html:34
+#: perms/models.py:45 perms/models.py:98 templates/_nav.html:34
 msgid "Asset permission"
 msgstr "资产授权"
 
@@ -2647,6 +2657,13 @@ msgstr "选择系统用户"
 msgid "Create permission"
 msgstr "创建授权规则"
 
+#: perms/templates/perms/asset_permission_list.html:59
+#: users/templates/users/user_list.html:28 xpack/plugins/cloud/models.py:53
+#: xpack/plugins/cloud/templates/cloud/account_detail.html:60
+#: xpack/plugins/cloud/templates/cloud/account_list.html:14
+msgid "Validity"
+msgstr "有效"
+
 #: perms/templates/perms/asset_permission_user.html:35
 msgid "User list of "
 msgstr "用户列表"
@@ -2801,7 +2818,7 @@ msgstr ""
 #: users/views/group.py:60 users/views/group.py:76 users/views/group.py:92
 #: users/views/login.py:349 users/views/user.py:68 users/views/user.py:83
 #: users/views/user.py:113 users/views/user.py:194 users/views/user.py:355
-#: users/views/user.py:405 users/views/user.py:444
+#: users/views/user.py:405 users/views/user.py:445
 msgid "Users"
 msgstr "用户管理"
 
@@ -3054,55 +3071,55 @@ msgstr ""
 "录像文件支持存储到服务器端硬盘、AWS S3、 阿里云 OSS 中，默认存储到服务器端硬"
 "盘, 更多查看文档"
 
-#: terminal/models.py:21
+#: terminal/models.py:22
 msgid "Remote Address"
 msgstr "远端地址"
 
-#: terminal/models.py:22
+#: terminal/models.py:23
 msgid "SSH Port"
 msgstr "SSH端口"
 
-#: terminal/models.py:23
+#: terminal/models.py:24
 msgid "HTTP Port"
 msgstr "HTTP端口"
 
-#: terminal/models.py:111
+#: terminal/models.py:113
 msgid "Session Online"
 msgstr "在线会话"
 
-#: terminal/models.py:112
+#: terminal/models.py:114
 msgid "CPU Usage"
 msgstr "CPU使用"
 
-#: terminal/models.py:113
+#: terminal/models.py:115
 msgid "Memory Used"
 msgstr "内存使用"
 
-#: terminal/models.py:114
+#: terminal/models.py:116
 msgid "Connections"
 msgstr "连接数"
 
-#: terminal/models.py:115
+#: terminal/models.py:117
 msgid "Threads"
 msgstr "线程数"
 
-#: terminal/models.py:116
+#: terminal/models.py:118
 msgid "Boot Time"
 msgstr "运行时间"
 
-#: terminal/models.py:146 terminal/templates/terminal/session_list.html:104
+#: terminal/models.py:148 terminal/templates/terminal/session_list.html:104
 msgid "Replay"
 msgstr "回放"
 
-#: terminal/models.py:150
+#: terminal/models.py:152
 msgid "Date last active"
 msgstr "最后活跃日期"
 
-#: terminal/models.py:152
+#: terminal/models.py:154
 msgid "Date end"
 msgstr "结束日期"
 
-#: terminal/models.py:199
+#: terminal/models.py:213
 msgid "Args"
 msgstr "参数"
 
@@ -3259,7 +3276,7 @@ msgstr "请先进行用户名和密码验证"
 msgid "MFA certification failed"
 msgstr "MFA认证失败"
 
-#: users/api/user.py:140
+#: users/api/user.py:145
 msgid "Could not reset self otp, use profile reset instead"
 msgstr "不能再该页面重置MFA, 请去个人信息页面重置"
 
@@ -3318,7 +3335,7 @@ msgstr ""
 msgid "MFA code"
 msgstr "MFA 验证码"
 
-#: users/forms.py:52 users/models/user.py:63
+#: users/forms.py:52 users/models/user.py:65
 #: users/templates/users/_select_user_modal.html:15
 #: users/templates/users/user_detail.html:87
 #: users/templates/users/user_list.html:25
@@ -3406,7 +3423,7 @@ msgstr "自动配置并下载SSH密钥"
 msgid "Paste your id_rsa.pub here."
 msgstr "复制你的公钥到这里"
 
-#: users/forms.py:250 users/models/user.py:83
+#: users/forms.py:250 users/models/user.py:85
 #: users/templates/users/first_login.html:42
 #: users/templates/users/user_password_update.html:46
 #: users/templates/users/user_profile.html:68
@@ -3473,7 +3490,7 @@ msgstr "Agent"
 msgid "Date login"
 msgstr "登录日期"
 
-#: users/models/user.py:32 users/models/user.py:435
+#: users/models/user.py:32 users/models/user.py:437
 msgid "Administrator"
 msgstr "管理员"
 
@@ -3496,35 +3513,35 @@ msgstr "启用"
 msgid "Force enable"
 msgstr "强制启用"
 
-#: users/models/user.py:55 users/templates/users/user_detail.html:71
+#: users/models/user.py:57 users/templates/users/user_detail.html:71
 #: users/templates/users/user_profile.html:59
 msgid "Email"
 msgstr "邮件"
 
-#: users/models/user.py:66
+#: users/models/user.py:68
 msgid "Avatar"
 msgstr "头像"
 
-#: users/models/user.py:69 users/templates/users/user_detail.html:82
+#: users/models/user.py:71 users/templates/users/user_detail.html:82
 msgid "Wechat"
 msgstr "微信"
 
-#: users/models/user.py:98 users/templates/users/user_detail.html:103
+#: users/models/user.py:100 users/templates/users/user_detail.html:103
 #: users/templates/users/user_list.html:27
 #: users/templates/users/user_profile.html:100
 msgid "Source"
 msgstr "用户来源"
 
-#: users/models/user.py:102
+#: users/models/user.py:104
 msgid "Date password last updated"
 msgstr "最后更新密码日期"
 
-#: users/models/user.py:126 users/templates/users/user_update.html:22
+#: users/models/user.py:128 users/templates/users/user_update.html:22
 #: users/views/login.py:243 users/views/login.py:302 users/views/user.py:418
 msgid "User auth from {}, go there change password"
 msgstr "用户认证源来自 {}, 请去相应系统修改密码"
 
-#: users/models/user.py:438
+#: users/models/user.py:440
 msgid "Administrator is the super user of system"
 msgstr "Administrator是初始的超级管理员"
 
@@ -3945,12 +3962,6 @@ msgstr "用户组删除"
 msgid "UserGroup Deleting failed."
 msgstr "用户组删除失败"
 
-#: users/templates/users/user_list.html:28 xpack/plugins/cloud/models.py:53
-#: xpack/plugins/cloud/templates/cloud/account_detail.html:60
-#: xpack/plugins/cloud/templates/cloud/account_list.html:14
-msgid "Validity"
-msgstr "账户状态"
-
 #: users/templates/users/user_list.html:203
 msgid "This will delete the selected users !!!"
 msgstr "删除选中用户 !!!"
@@ -4279,7 +4290,7 @@ msgstr "用户组授权资产"
 msgid "Please enable cookies and try again."
 msgstr "设置你的浏览器支持cookie"
 
-#: users/views/login.py:191 users/views/user.py:531 users/views/user.py:556
+#: users/views/login.py:191 users/views/user.py:532 users/views/user.py:557
 msgid "MFA code invalid, or ntp sync server time"
 msgstr "MFA验证码不正确，或者服务器端时间不对"
 
@@ -4320,7 +4331,7 @@ msgstr "Token错误或失效"
 msgid "Password not same"
 msgstr "密码不一致"
 
-#: users/views/login.py:311 users/views/user.py:128 users/views/user.py:427
+#: users/views/login.py:311 users/views/user.py:128 users/views/user.py:428
 msgid "* Your password does not meet the requirements"
 msgstr "* 您的密码不符合要求"
 
@@ -4352,27 +4363,27 @@ msgstr "个人信息设置"
 msgid "Password update"
 msgstr "密码更新"
 
-#: users/views/user.py:445
+#: users/views/user.py:446
 msgid "Public key update"
 msgstr "密钥更新"
 
-#: users/views/user.py:486
+#: users/views/user.py:487
 msgid "Password invalid"
 msgstr "用户名或密码无效"
 
-#: users/views/user.py:586
+#: users/views/user.py:587
 msgid "MFA enable success"
 msgstr "MFA 绑定成功"
 
-#: users/views/user.py:587
+#: users/views/user.py:588
 msgid "MFA enable success, return login page"
 msgstr "MFA 绑定成功，返回到登录页面"
 
-#: users/views/user.py:589
+#: users/views/user.py:590
 msgid "MFA disable success"
 msgstr "MFA 解绑成功"
 
-#: users/views/user.py:590
+#: users/views/user.py:591
 msgid "MFA disable success, return login page"
 msgstr "MFA 解绑成功，返回登录页面"
 
@@ -4631,6 +4642,9 @@ msgstr "创建组织"
 msgid "Update org"
 msgstr "更新组织"
 
+#~ msgid "Valid"
+#~ msgstr "账户状态"
+
 #~ msgid "Error: Account invalid"
 #~ msgstr "错误: 账户无效"
 
@@ -4643,11 +4657,6 @@ msgstr "更新组织"
 #~ msgid "No assets, task stop"
 #~ msgstr "没有匹配到资产，结束任务"
 
-#, fuzzy
-#~| msgid "Validity"
-#~ msgid "Valid"
-#~ msgstr "账户状态"
-
 #~ msgid "You can't update the root node name"
 #~ msgstr "不能修改根节点名称"
 

apps/ops/tasks.py

@@ -1,6 +1,8 @@
 # coding: utf-8
 import os
+import subprocess
 
+from django.conf import settings
 from celery import shared_task, subtask
 from django.utils import timezone
 
@@ -59,8 +61,9 @@ def clean_tasks_adhoc_period():
 @after_app_shutdown_clean_periodic
 @register_as_period_task(interval=3600*24)
 def clean_celery_tasks_period():
+    expire_days = 30
     logger.debug("Start clean celery task history")
-    one_month_ago = timezone.now() - timezone.timedelta(days=30)
+    one_month_ago = timezone.now() - timezone.timedelta(days=expire_days)
     tasks = CeleryTask.objects.filter(date_start__lt=one_month_ago)
     for task in tasks:
         if os.path.isfile(task.full_log_path):
@@ -71,6 +74,10 @@ def clean_celery_tasks_period():
         task.delete()
     tasks = CeleryTask.objects.filter(date_start__isnull=True)
     tasks.delete()
+    command = "find %s -mtime +%s -name '*.log' -type f -exec rm -f {} \\;" % (
+        settings.CELERY_LOG_DIR, expire_days
+    )
+    subprocess.call(command, shell=True)
 
 
 @shared_task

apps/orgs/api.py

@@ -66,3 +66,4 @@ class OrgMembershipUsersViewSet(OrgMembershipModelViewSetMixin, BulkModelViewSet
     serializer_class = OrgMembershipUserSerializer
     membership_class = Organization.users.through
     permission_classes = (IsSuperUserOrAppUser, )
+

apps/orgs/mixins.py

@@ -4,7 +4,7 @@
 from werkzeug.local import Local
 from django.db import models
 from django.utils.translation import ugettext_lazy as _
-from django.shortcuts import redirect
+from django.shortcuts import redirect, get_object_or_404
 from django.forms import ModelForm
 from django.http.response import HttpResponseForbidden
 from django.core.exceptions import ValidationError
@@ -191,7 +191,7 @@ class OrgMembershipModelViewSetMixin:
     http_method_names = ['get', 'post', 'delete', 'head', 'options']
 
     def dispatch(self, request, *args, **kwargs):
-        self.org = Organization.objects.get(pk=kwargs.get('org_id'))
+        self.org = get_object_or_404(Organization, pk=kwargs.get('org_id'))
         return super().dispatch(request, *args, **kwargs)
 
     def get_serializer_context(self):
@@ -200,4 +200,5 @@ class OrgMembershipModelViewSetMixin:
         return context
 
     def get_queryset(self):
-        return self.membership_class.objects.filter(organization=self.org)
+        queryset = self.membership_class.objects.filter(organization=self.org)
+        return queryset

apps/orgs/urls/api_urls.py

@@ -9,11 +9,16 @@ from .. import api
 app_name = 'orgs'
 router = DefaultRouter()
 
+# 将会删除
 router.register(r'org/(?P<org_id>[0-9a-zA-Z\-]{36})/membership/admins',
                 api.OrgMembershipAdminsViewSet, 'membership-admins')
-
 router.register(r'org/(?P<org_id>[0-9a-zA-Z\-]{36})/membership/users',
                 api.OrgMembershipUsersViewSet, 'membership-users'),
+# 替换为这个
+router.register(r'orgs/(?P<org_id>[0-9a-zA-Z\-]{36})/membership/admins',
+                api.OrgMembershipAdminsViewSet, 'membership-admins-2')
+router.register(r'orgs/(?P<org_id>[0-9a-zA-Z\-]{36})/membership/users',
+                api.OrgMembershipUsersViewSet, 'membership-users-2'),
 
 router.register(r'orgs', api.OrgViewSet, 'org')
 

apps/perms/api.py

@@ -2,21 +2,26 @@
 # 
 
 from django.shortcuts import get_object_or_404
+from django.utils import timezone
+from django.db.models import Q
 from rest_framework.views import APIView, Response
-from rest_framework.generics import ListAPIView, get_object_or_404, \
+from rest_framework.generics import (
-    RetrieveUpdateAPIView
+    ListAPIView, get_object_or_404, RetrieveUpdateAPIView
+)
 from rest_framework import viewsets
 from rest_framework.pagination import LimitOffsetPagination
 
-from common.utils import set_or_append_attr_bulk
 from common.permissions import IsValidUser, IsOrgAdmin, IsOrgAdminOrAppUser
 from common.tree import TreeNode, TreeNodeSerializer
+from common.utils import get_object_or_none
 from orgs.mixins import RootOrgViewMixin
 from orgs.utils import set_to_root_org
 from .utils import AssetPermissionUtil
 from .models import AssetPermission
-from .hands import AssetGrantedSerializer, User, UserGroup, Asset, Node, \
+from .hands import (
+    AssetGrantedSerializer, User, UserGroup, Asset, Node,
     SystemUser, NodeSerializer
+)
 from . import serializers
 from .mixins import AssetsFilterMixin
 
@@ -38,6 +43,7 @@ class AssetPermissionViewSet(viewsets.ModelViewSet):
     queryset = AssetPermission.objects.all()
     serializer_class = serializers.AssetPermissionCreateUpdateSerializer
     pagination_class = LimitOffsetPagination
+    filter_fields = ['name']
     permission_classes = (IsOrgAdmin,)
 
     def get_serializer_class(self):
@@ -45,36 +51,122 @@ class AssetPermissionViewSet(viewsets.ModelViewSet):
             return serializers.AssetPermissionListSerializer
         return self.serializer_class
 
-    def get_queryset(self):
+    def filter_valid(self, queryset):
-        queryset = super().get_queryset().all()
+        valid = self.request.query_params.get('is_valid', None)
-        search = self.request.query_params.get('search')
+        if valid is None:
-        asset_id = self.request.query_params.get('asset')
+            return queryset
-        node_id = self.request.query_params.get('node')
+        if valid in ['0', 'N', 'false', 'False']:
-        inherit_nodes = set()
+            valid = False
-
+        else:
-        if search:
+            valid = True
-            queryset = queryset.filter(name__icontains=search)
+        now = timezone.now()
-
+        if valid:
-        if not asset_id and not node_id:
+            queryset = queryset.filter(is_active=True).filter(
+                date_start__lt=now, date_expired__gt=now,
+            )
+        else:
+            queryset = queryset.filter(
+                Q(is_active=False) |
+                Q(date_start__gt=now) |
+                Q(date_expired__lt=now)
+            )
         return queryset
 
-        permissions = set()
+    def filter_system_user(self, queryset):
+        system_user_id = self.request.query_params.get('system_user_id')
+        system_user_name = self.request.query_params.get('system_user')
+        if system_user_id:
+            system_user = get_object_or_none(SystemUser, pk=system_user_id)
+        elif system_user_name:
+            system_user = get_object_or_none(SystemUser, name=system_user_name)
+        else:
+            return queryset
+        if not system_user:
+            return queryset.none()
+        queryset = queryset.filter(system_users=system_user)
+        return queryset
+
+    def filter_node(self, queryset):
+        node_id = self.request.query_params.get('node_id')
+        node_name = self.request.query_params.get('node')
+        if node_id:
+            node = get_object_or_none(Node, pk=node_id)
+        elif node_name:
+            node = get_object_or_none(Node, name=node_name)
+        else:
+            return queryset
+        if not node:
+            return queryset.none()
+        nodes = node.get_ancestor(with_self=True)
+        queryset = queryset.filter(nodes__in=nodes)
+        return queryset
+
+    def filter_asset(self, queryset):
+        asset_id = self.request.query_params.get('asset_id')
+        hostname = self.request.query_params.get('hostname')
+        ip = self.request.query_params.get('ip')
         if asset_id:
-            asset = get_object_or_404(Asset, pk=asset_id)
+            assets = Asset.objects.filter(pk=asset_id)
-            permissions = set(queryset.filter(assets=asset))
+        elif hostname:
+            assets = Asset.objects.filter(hostname=hostname)
+        elif ip:
+            assets = Asset.objects.filter(ip=ip)
+        else:
+            return queryset
+        if not assets:
+            return queryset.none()
+        inherit_nodes = set()
+        for asset in assets:
             for node in asset.nodes.all():
                 inherit_nodes.update(set(node.get_ancestor(with_self=True)))
-        elif node_id:
+        queryset = queryset.filter(Q(assets__in=assets) | Q(nodes__in=inherit_nodes))
-            node = get_object_or_404(Node, pk=node_id)
+        return queryset
-            permissions = set(queryset.filter(nodes=node))
-            inherit_nodes = node.get_ancestor()
 
-        for n in inherit_nodes:
+    def filter_user(self, queryset):
-            _permissions = queryset.filter(nodes=n)
+        user_id = self.request.query_params.get('user_id')
-            set_or_append_attr_bulk(_permissions, "inherit", n.value)
+        username = self.request.query_params.get('username')
-            permissions.update(_permissions)
+        if user_id:
+            user = get_object_or_none(User, pk=user_id)
+        elif username:
+            user = get_object_or_none(User, username=username)
+        else:
+            return queryset
+        if not user:
+            return queryset.none()
 
-        return list(permissions)
+    def filter_user_group(self, queryset):
+        user_group_id = self.request.query_params.get('user_group_id')
+        user_group_name = self.request.query_params.get('user_group')
+        if user_group_id:
+            group = get_object_or_none(UserGroup, pk=user_group_id)
+        elif user_group_name:
+            group = get_object_or_none(UserGroup, name=user_group_name)
+        else:
+            return queryset
+        if not group:
+            return queryset.none()
+        queryset = queryset.filter(user_groups=group)
+        return queryset
+
+    def filter_keyword(self, queryset):
+        keyword = self.request.query_params.get('search')
+        if not keyword:
+            return queryset
+        queryset = queryset.filter(name__icontains=keyword)
+        return queryset
+
+    def filter_queryset(self, queryset):
+        queryset = super().filter_queryset(queryset)
+        queryset = self.filter_valid(queryset)
+        queryset = self.filter_keyword(queryset)
+        queryset = self.filter_asset(queryset)
+        queryset = self.filter_node(queryset)
+        queryset = self.filter_system_user(queryset)
+        queryset = self.filter_user_group(queryset)
+        return queryset
+
+    def get_queryset(self):
+        return self.queryset.all()
 
 
 class UserGrantedAssetsApi(AssetsFilterMixin, ListAPIView):

apps/perms/models.py

@@ -51,9 +51,15 @@ class AssetPermission(OrgModelMixin):
     def id_str(self):
         return str(self.id)
 
+    @property
+    def is_expired(self):
+        if self.date_expired > timezone.now() > self.date_start:
+            return False
+        return True
+
     @property
     def is_valid(self):
-        if self.date_expired > timezone.now() > self.date_start and self.is_active:
+        if not self.is_expired and self.is_active:
             return True
         return False
 

apps/perms/serializers.py

@@ -28,19 +28,13 @@ class AssetPermissionListSerializer(serializers.ModelSerializer):
     assets = StringManyToManyField(many=True, read_only=True)
     nodes = StringManyToManyField(many=True, read_only=True)
     system_users = StringManyToManyField(many=True, read_only=True)
-    inherit = serializers.SerializerMethodField()
+    is_valid = serializers.BooleanField()
+    is_expired = serializers.BooleanField()
 
     class Meta:
         model = AssetPermission
         fields = '__all__'
 
-    @staticmethod
-    def get_inherit(obj):
-        if hasattr(obj, 'inherit'):
-            return obj.inherit
-        else:
-            return None
-
 
 class AssetPermissionUpdateUserSerializer(serializers.ModelSerializer):
 

apps/perms/templates/perms/asset_permission_list.html

@@ -56,7 +56,7 @@
                        <th class="text-center">{% trans 'Asset' %}</th>
                        <th class="text-center">{% trans 'Node'%}</th>
                        <th class="text-center">{% trans 'System user' %}</th>
-                       <th class="text-center">{% trans 'Active' %}</th>
+                       <th class="text-center">{% trans 'Validity' %}</th>
                        <th class="text-center" >{% trans 'Action' %}</th>
                    </tr>
                   </thead>
@@ -67,6 +67,17 @@
        </div>
    </div>
 </div>
+
+<ul class="dropdown-menu search-help">
+    <li><a class="search-item" data-value="name">{% trans 'Name' %}</a></li>
+    <li><a class="search-item" data-value="is_valid">{% trans 'Validity' %}</a></li>
+    <li><a class="search-item" data-value="username">{% trans 'Username' %}</a></li>
+    <li><a class="search-item" data-value="user_group">{% trans 'User group' %}</a></li>
+    <li><a class="search-item" data-value="ip">IP</a></li>
+    <li><a class="search-item" data-value="hostname">{% trans 'Hostname' %}</a></li>
+    <li><a class="search-item" data-value="node">{% trans 'Node' %}</a></li>
+    <li><a class="search-item" data-value="system_user">{% trans 'System user' %}</a></li>
+</ul>
 {% endblock %}
 
 {% block custom_foot_js %}
@@ -79,11 +90,11 @@ function onSelected(event, treeNode) {
     setCookie('node_selected', treeNode.id);
     var url = table.ajax.url();
     if (treeNode.meta.type === 'node') {
-        url = setUrlParam(url, 'asset', "");
+        url = setUrlParam(url, 'asset_id', "");
-        url = setUrlParam(url, 'node', treeNode.meta.node.id)
+        url = setUrlParam(url, 'node_id', treeNode.meta.node.id)
     } else {
-        url = setUrlParam(url, 'node', "");
+        url = setUrlParam(url, 'node_id', "");
-        url = setUrlParam(url, 'asset', treeNode.meta.asset.id)
+        url = setUrlParam(url, 'asset_id', treeNode.meta.asset.id)
     }
     setCookie('node_selected', treeNode.node_id);
     table.ajax.url(url);
@@ -178,7 +189,7 @@ function initTable() {
             {data: "id"}, {data: "name"}, {data: "users"},
             {data: "user_groups"}, {data: "assets"},
             {data: "nodes"}, {data: "system_users"},
-            {data: "is_active", orderable: false}, {data: "id", orderable: false}
+            {data: "is_valid", orderable: false}, {data: "id", orderable: false}
         ],
         select: {},
         op_html: $('#actions').html()
@@ -231,6 +242,7 @@ function toggle() {
 $(document).ready(function(){
     initTable();
     initTree();
+
 })
 .on('click', '.btn-del', function () {
     var $this = $(this);
@@ -279,6 +291,28 @@ $(document).ready(function(){
         }
     }
 
+}).on('click', '#permission_list_table_filter input', function (e) {
+    e.preventDefault();
+    e.stopPropagation();
+    var position = $('#permission_list_table_filter input').offset();
+    var y = position['top'];
+    var x = position['left'];
+    x -= 220;
+    y += 30;
+
+    $('.search-help').css({"top":y+"px", "left":x+"px", "position": "absolute"});
+    $('.dropdown-menu.search-help').show();
+}).on('click', '.search-item', function (e) {
+    e.preventDefault();
+    e.stopPropagation();
+    var value = $(this).data('value');
+    var old_value = $('#permission_list_table_filter input').val();
+    var new_value = old_value + ' ' + value + ':';
+    $('#permission_list_table_filter input').val(new_value.trim());
+    $('.dropdown-menu.search-help').hide();
+    $('#permission_list_table_filter input').focus()
+}).on('click', 'body', function (e) {
+    $('.dropdown-menu.search-help').hide()
 })
 
 </script>

apps/static/js/jumpserver.js

@@ -478,7 +478,7 @@ jumpserver.initServerSideDataTable = function (options) {
             url: options.ajax_url ,
             data: function (data) {
                 delete data.columns;
-                if (data.length !== null ){
+                if (data.length !== null){
                     data.limit = data.length;
                     delete data.length;
                 }
@@ -525,7 +525,7 @@ jumpserver.initServerSideDataTable = function (options) {
         columns: options.columns || [],
         select: options.select || select,
         language: jumpserver.language,
-        lengthMenu: [[10, 15, 25, 50], [10, 15, 25, 50]]
+        lengthMenu: [[15, 25, 50, 9999], [15, 25, 50, 'All']]
     });
     table.selected = [];
     table.selected_rows = [];

utils/create_assets_user/bulk_create_user.py

@@ -17,13 +17,13 @@ class UserCreation:
         self.domain = domain
 
     def auth(self):
-        url = "{}/api/users/v1/token/".format(self.domain)
+        url = "{}/api/users/v1/auth/".format(self.domain)
         data = {"username": self.username, "password": self.password}
         resp = requests.post(url, data=data)
         if resp.status_code == 200:
             data = resp.json()
             self.headers.update({
-                'Authorization': '{} {}'.format(data['Keyword'], data['Token'])
+                'Authorization': '{} {}'.format('Bearer', data['token'])
             })
         else:
             print("用户名 或 密码 或 地址 不对")