mirror of https://github.com/jumpserver/jumpserver
perf: 修改权限树 (#7757)
* perf: 修改 rbac tree * perf: 修改权限树 * perf: 修改用户默认权限 Co-authored-by: ibuler <ibuler@qq.com>pull/7758/head
fit2bot
GitHub
parent
3222687aaa
commit
1b007c8c5c
|
|
@ -1,25 +0,0 @@
|
|||
# Generated by Django 3.1.14 on 2022-02-23 08:42
|
||||
|
||||
from django.db import migrations, models
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
|
||||
initial = True
|
||||
|
||||
dependencies = [
|
||||
('common', '0006_auto_20190304_1515'),
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.CreateModel(
|
||||
name='Permission',
|
||||
fields=[
|
||||
('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
|
||||
],
|
||||
options={
|
||||
'permissions': [('view_resourcestatistics', 'Can view resource statistics')],
|
||||
'verbose_name': 'Common permission'
|
||||
},
|
||||
),
|
||||
]
|
||||
|
|
@ -1,10 +0,0 @@
|
|||
from django.db import models
|
||||
from django.utils.translation import gettext_lazy as _
|
||||
|
||||
|
||||
class Permission(models.Model):
|
||||
class Meta:
|
||||
verbose_name = _("Common permission")
|
||||
permissions = [
|
||||
('view_resourcestatistics', _('Can view resource statistics'))
|
||||
]
|
||||
|
|
@ -1,3 +1,3 @@
|
|||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:8f6c99abd272924bb5008bc55960af43af3b50ee1312c6aeaec48dbe5a31aa5c
|
||||
size 102226
|
||||
oid sha256:323dbe9835bb3fd4b357d162536d8f38bbacf09c47eb1b68ce4e323a66a01f95
|
||||
size 102621
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ msgid ""
|
|||
msgstr ""
|
||||
"Project-Id-Version: JumpServer 0.3.3\n"
|
||||
"Report-Msgid-Bugs-To: \n"
|
||||
"POT-Creation-Date: 2022-03-07 10:31+0800\n"
|
||||
"POT-Creation-Date: 2022-03-07 18:41+0800\n"
|
||||
"PO-Revision-Date: 2021-05-20 10:54+0800\n"
|
||||
"Last-Translator: ibuler <ibuler@qq.com>\n"
|
||||
"Language-Team: JumpServer team<ibuler@qq.com>\n"
|
||||
|
|
@ -275,13 +275,13 @@ msgstr "自定义"
|
|||
|
||||
#: applications/models/account.py:12 applications/models/application.py:219
|
||||
#: assets/models/backup.py:32 assets/models/cmd_filter.py:45
|
||||
#: perms/models/application_permission.py:27
|
||||
#: perms/models/application_permission.py:28
|
||||
msgid "Application"
|
||||
msgstr "应用程序"
|
||||
|
||||
#: applications/models/account.py:15 assets/models/authbook.py:20
|
||||
#: assets/models/cmd_filter.py:42 assets/models/user.py:325 audits/models.py:40
|
||||
#: perms/models/application_permission.py:32
|
||||
#: perms/models/application_permission.py:33
|
||||
#: perms/models/asset_permission.py:25 terminal/backends/command/models.py:21
|
||||
#: terminal/backends/command/serializers.py:14 terminal/models/session.py:46
|
||||
#: users/templates/users/_granted_assets.html:27
|
||||
|
|
@ -311,7 +311,7 @@ msgstr "可以查看应用账号密码"
|
|||
|
||||
#: applications/models/application.py:204
|
||||
#: applications/serializers/application.py:99 assets/models/label.py:21
|
||||
#: perms/models/application_permission.py:20
|
||||
#: perms/models/application_permission.py:21
|
||||
#: perms/serializers/application/user_permission.py:33
|
||||
#: tickets/serializers/ticket/meta/ticket_type/apply_application.py:22
|
||||
#: xpack/plugins/change_auth_plan/models/app.py:25
|
||||
|
|
@ -321,7 +321,7 @@ msgstr "类别"
|
|||
#: applications/models/application.py:207
|
||||
#: applications/serializers/application.py:101 assets/models/backup.py:49
|
||||
#: assets/models/cmd_filter.py:82 assets/models/user.py:233
|
||||
#: perms/models/application_permission.py:23
|
||||
#: perms/models/application_permission.py:24
|
||||
#: perms/serializers/application/user_permission.py:34
|
||||
#: terminal/models/storage.py:55 terminal/models/storage.py:119
|
||||
#: tickets/models/flow.py:56 tickets/models/ticket.py:131
|
||||
|
|
@ -623,14 +623,18 @@ msgid "Created by"
|
|||
msgstr "创建者"
|
||||
|
||||
#: assets/models/asset.py:358
|
||||
msgid "Can refresh asset hardware info"
|
||||
msgstr "可以更新资产硬件信息"
|
||||
|
||||
#: assets/models/asset.py:359
|
||||
msgid "Can test asset connectivity"
|
||||
msgstr "可以测试资产连接性"
|
||||
|
||||
#: assets/models/asset.py:359
|
||||
#: assets/models/asset.py:360
|
||||
msgid "Can push system user to asset"
|
||||
msgstr "可以推送系统用户到资产"
|
||||
|
||||
#: assets/models/asset.py:360
|
||||
#: assets/models/asset.py:361
|
||||
msgid "Can match asset"
|
||||
msgstr "可以匹配资产"
|
||||
|
||||
|
|
@ -933,7 +937,7 @@ msgstr "新节点"
|
|||
msgid "empty"
|
||||
msgstr "空"
|
||||
|
||||
#: assets/models/node.py:545 perms/models/asset_permission.py:105
|
||||
#: assets/models/node.py:545 perms/models/asset_permission.py:99
|
||||
msgid "Key"
|
||||
msgstr "键"
|
||||
|
||||
|
|
@ -941,7 +945,7 @@ msgstr "键"
|
|||
msgid "Full value"
|
||||
msgstr "全称"
|
||||
|
||||
#: assets/models/node.py:550 perms/models/asset_permission.py:106
|
||||
#: assets/models/node.py:550 perms/models/asset_permission.py:100
|
||||
msgid "Parent key"
|
||||
msgstr "ssh私钥"
|
||||
|
||||
|
|
@ -1339,7 +1343,7 @@ msgstr "日志审计"
|
|||
|
||||
#: audits/models.py:27 audits/models.py:57
|
||||
#: authentication/templates/authentication/_access_key_modal.html:65
|
||||
#: rbac/tree.py:301 users/templates/users/user_asset_permission.html:128
|
||||
#: rbac/tree.py:317 users/templates/users/user_asset_permission.html:128
|
||||
#: users/templates/users/user_database_app_permission.html:111
|
||||
msgid "Delete"
|
||||
msgstr "删除"
|
||||
|
|
@ -1393,11 +1397,11 @@ msgstr "文件管理"
|
|||
|
||||
#: audits/models.py:55
|
||||
#: authentication/templates/authentication/_access_key_modal.html:22
|
||||
#: rbac/tree.py:298
|
||||
#: rbac/tree.py:314
|
||||
msgid "Create"
|
||||
msgstr "创建"
|
||||
|
||||
#: audits/models.py:56 rbac/tree.py:300 templates/_csv_import_export.html:18
|
||||
#: audits/models.py:56 rbac/tree.py:316 templates/_csv_import_export.html:18
|
||||
#: templates/_csv_update_modal.html:6
|
||||
#: users/templates/users/user_asset_permission.html:127
|
||||
#: users/templates/users/user_database_app_permission.html:110
|
||||
|
|
@ -1690,7 +1694,7 @@ msgstr "{ApplicationPermission} 添加 {UserGroup}"
|
|||
msgid "{ApplicationPermission} REMOVE {UserGroup}"
|
||||
msgstr "{ApplicationPermission} 移除 {UserGroup}"
|
||||
|
||||
#: audits/signal_handlers.py:156 perms/models/application_permission.py:37
|
||||
#: audits/signal_handlers.py:156 perms/models/application_permission.py:38
|
||||
msgid "Application permission"
|
||||
msgstr "应用授权"
|
||||
|
||||
|
|
@ -2515,14 +2519,6 @@ msgstr "忽略的"
|
|||
msgid "discard time"
|
||||
msgstr "忽略时间"
|
||||
|
||||
#: common/models.py:7
|
||||
msgid "Common permission"
|
||||
msgstr "通用权限"
|
||||
|
||||
#: common/models.py:9
|
||||
msgid "Can view resource statistics"
|
||||
msgstr "可以查看资源统计"
|
||||
|
||||
#: common/sdk/im/exceptions.py:23
|
||||
msgid "Network error, please contact system administrator"
|
||||
msgstr "网络错误,请联系系统管理员"
|
||||
|
|
@ -2838,7 +2834,7 @@ msgstr "当前组织 ({}) 不能被删除"
|
|||
msgid "The organization have resource ({}) cannot be deleted"
|
||||
msgstr "组织存在资源 ({}) 不能被删除"
|
||||
|
||||
#: orgs/apps.py:7 rbac/tree.py:170
|
||||
#: orgs/apps.py:7 rbac/tree.py:185
|
||||
msgid "App organizations"
|
||||
msgstr "组织管理"
|
||||
|
||||
|
|
@ -2873,46 +2869,54 @@ msgstr "管理员正在修改授权,请稍等"
|
|||
msgid "The authorization cannot be revoked for the time being"
|
||||
msgstr "该授权暂时不能撤销"
|
||||
|
||||
#: perms/models/application_permission.py:40
|
||||
#: perms/models/application_permission.py:110
|
||||
msgid "Permed app"
|
||||
msgstr "授权的应用"
|
||||
|
||||
#: perms/models/application_permission.py:112
|
||||
msgid "Can view my apps"
|
||||
msgstr "可以查看授权的应用"
|
||||
msgstr "可以查看我的应用"
|
||||
|
||||
#: perms/models/application_permission.py:41
|
||||
#: perms/models/application_permission.py:113
|
||||
msgid "Can connect my apps"
|
||||
msgstr "可以连接授权的应用"
|
||||
msgstr "可以我的应用"
|
||||
|
||||
#: perms/models/application_permission.py:42
|
||||
#: perms/models/application_permission.py:114
|
||||
msgid "Can view user apps"
|
||||
msgstr "可以查看授权的应用"
|
||||
msgstr "可以查看用户授权的应用"
|
||||
|
||||
#: perms/models/application_permission.py:43
|
||||
#: perms/models/application_permission.py:115
|
||||
msgid "Can view usergroup apps"
|
||||
msgstr "可以查看用户组授权的应用"
|
||||
|
||||
#: perms/models/asset_permission.py:32
|
||||
msgid "Can view my assets"
|
||||
msgstr "可以查看授权的资产"
|
||||
|
||||
#: perms/models/asset_permission.py:33
|
||||
msgid "Can connect my assets"
|
||||
msgstr "可以连接登录资产"
|
||||
|
||||
#: perms/models/asset_permission.py:34
|
||||
msgid "Can view user assets"
|
||||
msgstr "可以查看用户授权的资产"
|
||||
|
||||
#: perms/models/asset_permission.py:35
|
||||
msgid "Can view usergroup assets"
|
||||
msgstr "可以查看用户组授权的资产"
|
||||
|
||||
#: perms/models/asset_permission.py:138
|
||||
#: perms/models/asset_permission.py:132
|
||||
msgid "Ungrouped"
|
||||
msgstr "未分组"
|
||||
|
||||
#: perms/models/asset_permission.py:140
|
||||
#: perms/models/asset_permission.py:134
|
||||
msgid "Favorite"
|
||||
msgstr "收藏夹"
|
||||
|
||||
#: perms/models/asset_permission.py:181
|
||||
msgid "Permed asset"
|
||||
msgstr "授权的资产"
|
||||
|
||||
#: perms/models/asset_permission.py:183
|
||||
msgid "Can view my assets"
|
||||
msgstr "可以查看资产"
|
||||
|
||||
#: perms/models/asset_permission.py:184
|
||||
msgid "Can connect my assets"
|
||||
msgstr "可以连接资产"
|
||||
|
||||
#: perms/models/asset_permission.py:185
|
||||
msgid "Can view user assets"
|
||||
msgstr "可以查看用户授权的资产"
|
||||
|
||||
#: perms/models/asset_permission.py:186
|
||||
msgid "Can view usergroup assets"
|
||||
msgstr "可以查看用户组授权的资产"
|
||||
|
||||
#: perms/models/base.py:55
|
||||
msgid "Connect"
|
||||
msgstr "连接"
|
||||
|
|
@ -2987,15 +2991,15 @@ msgstr "组织 ({}) 的应用授权"
|
|||
#: perms/serializers/application/permission.py:20
|
||||
#: perms/serializers/application/permission.py:41
|
||||
#: perms/serializers/asset/permission.py:19
|
||||
#: perms/serializers/asset/permission.py:45 users/serializers/user.py:133
|
||||
#: perms/serializers/asset/permission.py:45 users/serializers/user.py:135
|
||||
msgid "Is valid"
|
||||
msgstr "账号是否有效"
|
||||
|
||||
#: perms/serializers/application/permission.py:21
|
||||
#: perms/serializers/application/permission.py:40
|
||||
#: perms/serializers/asset/permission.py:20
|
||||
#: perms/serializers/asset/permission.py:44 users/serializers/user.py:82
|
||||
#: users/serializers/user.py:135
|
||||
#: perms/serializers/asset/permission.py:44 users/serializers/user.py:84
|
||||
#: users/serializers/user.py:137
|
||||
msgid "Is expired"
|
||||
msgstr "已过期"
|
||||
|
||||
|
|
@ -3061,7 +3065,11 @@ msgstr "如果有疑问或需求,请联系系统管理员"
|
|||
msgid "Internal role, can't be destroy"
|
||||
msgstr ""
|
||||
|
||||
#: rbac/api/role.py:38
|
||||
#: rbac/api/role.py:34
|
||||
msgid "The role has been bound to users, can't be destroy"
|
||||
msgstr ""
|
||||
|
||||
#: rbac/api/role.py:41
|
||||
msgid "Internal role, can't be update"
|
||||
msgstr ""
|
||||
|
||||
|
|
@ -3102,16 +3110,28 @@ msgid "Menu permission"
|
|||
msgstr "菜单授权"
|
||||
|
||||
#: rbac/models/menu.py:15
|
||||
msgid "view console view"
|
||||
msgstr "查看控制台"
|
||||
msgid "Can view resource statistics"
|
||||
msgstr "可以查看资源统计"
|
||||
|
||||
#: rbac/models/menu.py:16
|
||||
msgid "view audit view"
|
||||
msgstr "查看安全审计"
|
||||
msgid "Can view console view"
|
||||
msgstr "可以查看控制台"
|
||||
|
||||
#: rbac/models/menu.py:17
|
||||
msgid "view workspace view"
|
||||
msgstr "查看工作台"
|
||||
msgid "Can view audit view"
|
||||
msgstr "可以查看审计台"
|
||||
|
||||
#: rbac/models/menu.py:18
|
||||
msgid "Can view workspace view"
|
||||
msgstr "可以查看工作台"
|
||||
|
||||
#: rbac/models/menu.py:19
|
||||
msgid "Can view web terminal"
|
||||
msgstr "Web终端"
|
||||
|
||||
#: rbac/models/menu.py:20
|
||||
msgid "Can view file manager"
|
||||
msgstr "文件管理"
|
||||
|
||||
#: rbac/models/permission.py:22
|
||||
msgid "Permission"
|
||||
|
|
@ -3189,7 +3209,7 @@ msgstr "工作台"
|
|||
|
||||
#: rbac/tree.py:34
|
||||
msgid "Audit view"
|
||||
msgstr "安全审计"
|
||||
msgstr "审计台"
|
||||
|
||||
#: rbac/tree.py:38 settings/models.py:140
|
||||
msgid "System setting"
|
||||
|
|
@ -3231,7 +3251,19 @@ msgstr "资产改密"
|
|||
msgid "Terminal setting"
|
||||
msgstr "终端设置"
|
||||
|
||||
#: rbac/tree.py:299
|
||||
#: rbac/tree.py:138
|
||||
msgid "My assets"
|
||||
msgstr "我的资产"
|
||||
|
||||
#: rbac/tree.py:143
|
||||
msgid "My apps"
|
||||
msgstr "我的应用"
|
||||
|
||||
#: rbac/tree.py:186
|
||||
msgid "Ticket comment"
|
||||
msgstr "工单评论"
|
||||
|
||||
#: rbac/tree.py:315
|
||||
msgid "View"
|
||||
msgstr "查看"
|
||||
|
||||
|
|
@ -5203,6 +5235,10 @@ msgstr "工单批准信息"
|
|||
msgid "Ticket flow"
|
||||
msgstr "工单流程"
|
||||
|
||||
#: tickets/models/relation.py:10
|
||||
msgid "Ticket session relation"
|
||||
msgstr "工单会话"
|
||||
|
||||
#: tickets/models/ticket.py:35
|
||||
msgid "Ticket step"
|
||||
msgstr "工单步骤"
|
||||
|
|
@ -5505,7 +5541,7 @@ msgid "Public key should not be the same as your old one."
|
|||
msgstr "不能和原来的密钥相同"
|
||||
|
||||
#: users/forms/profile.py:149 users/serializers/profile.py:95
|
||||
#: users/serializers/profile.py:177 users/serializers/profile.py:204
|
||||
#: users/serializers/profile.py:175 users/serializers/profile.py:202
|
||||
msgid "Not a valid ssh public key"
|
||||
msgstr "SSH密钥不合法"
|
||||
|
||||
|
|
@ -5522,7 +5558,7 @@ msgstr "强制启用"
|
|||
msgid "Local"
|
||||
msgstr "数据库"
|
||||
|
||||
#: users/models/user.py:562 users/serializers/user.py:134
|
||||
#: users/models/user.py:562 users/serializers/user.py:136
|
||||
msgid "Is service account"
|
||||
msgstr "服务账号"
|
||||
|
||||
|
|
@ -5609,7 +5645,7 @@ msgstr "重置 MFA"
|
|||
msgid "The old password is incorrect"
|
||||
msgstr "旧密码错误"
|
||||
|
||||
#: users/serializers/profile.py:36 users/serializers/profile.py:191
|
||||
#: users/serializers/profile.py:36 users/serializers/profile.py:189
|
||||
msgid "Password does not match security rules"
|
||||
msgstr "密码不满足安全规则"
|
||||
|
||||
|
|
@ -5621,97 +5657,97 @@ msgstr "新密码不能是最近 {} 次的密码"
|
|||
msgid "The newly set password is inconsistent"
|
||||
msgstr "两次密码不一致"
|
||||
|
||||
#: users/serializers/profile.py:141 users/serializers/user.py:132
|
||||
#: users/serializers/profile.py:141 users/serializers/user.py:134
|
||||
msgid "Is first login"
|
||||
msgstr "首次登录"
|
||||
|
||||
#: users/serializers/user.py:24 users/serializers/user.py:30
|
||||
#: users/serializers/user.py:25 users/serializers/user.py:32
|
||||
msgid "System roles"
|
||||
msgstr "系统角色"
|
||||
|
||||
#: users/serializers/user.py:28 users/serializers/user.py:31
|
||||
#: users/serializers/user.py:30 users/serializers/user.py:33
|
||||
msgid "Org roles"
|
||||
msgstr "组织角色"
|
||||
|
||||
#: users/serializers/user.py:74
|
||||
#: users/serializers/user.py:76
|
||||
#: xpack/plugins/change_auth_plan/models/base.py:35
|
||||
#: xpack/plugins/change_auth_plan/serializers/base.py:22
|
||||
msgid "Password strategy"
|
||||
msgstr "密码策略"
|
||||
|
||||
#: users/serializers/user.py:76
|
||||
#: users/serializers/user.py:78
|
||||
msgid "MFA enabled"
|
||||
msgstr "MFA"
|
||||
|
||||
#: users/serializers/user.py:77
|
||||
#: users/serializers/user.py:79
|
||||
msgid "MFA force enabled"
|
||||
msgstr "强制 MFA"
|
||||
|
||||
#: users/serializers/user.py:79
|
||||
#: users/serializers/user.py:81
|
||||
msgid "MFA level display"
|
||||
msgstr "MFA 等级名称"
|
||||
|
||||
#: users/serializers/user.py:81
|
||||
#: users/serializers/user.py:83
|
||||
msgid "Login blocked"
|
||||
msgstr "登录被阻塞"
|
||||
|
||||
#: users/serializers/user.py:84
|
||||
#: users/serializers/user.py:86
|
||||
msgid "Can public key authentication"
|
||||
msgstr "能否公钥认证"
|
||||
|
||||
#: users/serializers/user.py:136
|
||||
#: users/serializers/user.py:138
|
||||
msgid "Avatar url"
|
||||
msgstr "头像路径"
|
||||
|
||||
#: users/serializers/user.py:138
|
||||
#: users/serializers/user.py:140
|
||||
msgid "Groups name"
|
||||
msgstr "用户组名"
|
||||
|
||||
#: users/serializers/user.py:139
|
||||
#: users/serializers/user.py:141
|
||||
msgid "Source name"
|
||||
msgstr "用户来源名"
|
||||
|
||||
#: users/serializers/user.py:140
|
||||
#: users/serializers/user.py:142
|
||||
msgid "Organization role name"
|
||||
msgstr "组织角色名称"
|
||||
|
||||
#: users/serializers/user.py:141
|
||||
#: users/serializers/user.py:143
|
||||
msgid "Super role name"
|
||||
msgstr "超级角色名称"
|
||||
|
||||
#: users/serializers/user.py:142
|
||||
#: users/serializers/user.py:144
|
||||
msgid "Total role name"
|
||||
msgstr "汇总角色名称"
|
||||
|
||||
#: users/serializers/user.py:144
|
||||
#: users/serializers/user.py:146
|
||||
msgid "Is wecom bound"
|
||||
msgstr "是否绑定了企业微信"
|
||||
|
||||
#: users/serializers/user.py:145
|
||||
#: users/serializers/user.py:147
|
||||
msgid "Is dingtalk bound"
|
||||
msgstr "是否绑定了钉钉"
|
||||
|
||||
#: users/serializers/user.py:146
|
||||
#: users/serializers/user.py:148
|
||||
msgid "Is feishu bound"
|
||||
msgstr "是否绑定了飞书"
|
||||
|
||||
#: users/serializers/user.py:147
|
||||
#: users/serializers/user.py:149
|
||||
msgid "Is OTP bound"
|
||||
msgstr "是否绑定了虚拟 MFA"
|
||||
|
||||
#: users/serializers/user.py:149
|
||||
#: users/serializers/user.py:151
|
||||
msgid "System role name"
|
||||
msgstr "系统角色名称"
|
||||
|
||||
#: users/serializers/user.py:235
|
||||
#: users/serializers/user.py:236
|
||||
msgid "Select users"
|
||||
msgstr "选择用户"
|
||||
|
||||
#: users/serializers/user.py:236
|
||||
#: users/serializers/user.py:237
|
||||
msgid "For security, only list several users"
|
||||
msgstr "为了安全,仅列出几个用户"
|
||||
|
||||
#: users/serializers/user.py:269
|
||||
#: users/serializers/user.py:270
|
||||
msgid "name not unique"
|
||||
msgstr "名称重复"
|
||||
|
||||
|
|
@ -6704,6 +6740,9 @@ msgstr "旗舰版"
|
|||
msgid "Community edition"
|
||||
msgstr "社区版"
|
||||
|
||||
#~ msgid "Common permission"
|
||||
#~ msgstr "通用权限"
|
||||
|
||||
#~ msgid "Can view connect token secret"
|
||||
#~ msgstr "可以查看 连接Token 密文"
|
||||
|
||||
|
|
@ -6748,9 +6787,6 @@ msgstr "社区版"
|
|||
#~ msgid "Commands"
|
||||
#~ msgstr "命令记录"
|
||||
|
||||
#~ msgid "Web terminal"
|
||||
#~ msgstr "Web终端"
|
||||
|
||||
#~ msgid "Job Center"
|
||||
#~ msgstr "作业中心"
|
||||
|
||||
|
|
@ -6772,9 +6808,6 @@ msgstr "社区版"
|
|||
#~ msgid "Sync instance"
|
||||
#~ msgstr "同步实例"
|
||||
|
||||
#~ msgid "My assets"
|
||||
#~ msgstr "我的资产"
|
||||
|
||||
#~ msgid "Can update"
|
||||
#~ msgstr "是否可更新"
|
||||
|
||||
|
|
|
|||
|
|
@ -12,10 +12,10 @@ class Migration(migrations.Migration):
|
|||
operations = [
|
||||
migrations.AlterModelOptions(
|
||||
name='applicationpermission',
|
||||
options={'ordering': ('name',), 'permissions': [('view_myapps', 'Can view my apps'), ('connect_myapps', 'Can connect my apps'), ('view_userapps', 'Can view user apps'), ('view_usergroupapps', 'Can view usergroup apps')], 'verbose_name': 'Application permission'},
|
||||
options={'ordering': ('name',), 'verbose_name': 'Application permission'},
|
||||
),
|
||||
migrations.AlterModelOptions(
|
||||
name='assetpermission',
|
||||
options={'ordering': ('name',), 'permissions': [('view_myassets', 'Can view my assets'), ('connect_myassets', 'Can connect my assets'), ('view_userassets', 'Can view user assets'), ('view_usergroupassets', 'Can view usergroup assets')], 'verbose_name': 'Asset permission'},
|
||||
options={'ordering': ('name',), 'verbose_name': 'Asset permission'},
|
||||
),
|
||||
]
|
||||
|
|
|
|||
|
|
@ -0,0 +1,41 @@
|
|||
# Generated by Django 3.1.14 on 2022-03-07 07:00
|
||||
|
||||
from django.db import migrations
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
|
||||
dependencies = [
|
||||
('applications', '0018_auto_20220223_1539'),
|
||||
('assets', '0088_auto_20220303_1612'),
|
||||
('perms', '0025_auto_20220223_1539'),
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.CreateModel(
|
||||
name='PermedApplication',
|
||||
fields=[
|
||||
],
|
||||
options={
|
||||
'verbose_name': 'Permed app',
|
||||
'permissions': [('view_myapps', 'Can view my apps'), ('connect_myapps', 'Can connect my apps'), ('view_userapps', 'Can view user apps'), ('view_usergroupapps', 'Can view usergroup apps')],
|
||||
'proxy': True,
|
||||
'indexes': [],
|
||||
'constraints': [],
|
||||
},
|
||||
bases=('applications.application',),
|
||||
),
|
||||
migrations.CreateModel(
|
||||
name='PermedAsset',
|
||||
fields=[
|
||||
],
|
||||
options={
|
||||
'verbose_name': 'Permed asset',
|
||||
'permissions': [('view_myassets', 'Can view my assets'), ('connect_myassets', 'Can connect my assets'), ('view_userassets', 'Can view user assets'), ('view_usergroupassets', 'Can view usergroup assets')],
|
||||
'proxy': True,
|
||||
'indexes': [],
|
||||
'constraints': [],
|
||||
},
|
||||
bases=('assets.asset',),
|
||||
),
|
||||
]
|
||||
|
|
@ -7,6 +7,7 @@ from django.utils.translation import ugettext_lazy as _
|
|||
|
||||
from common.utils import lazyproperty
|
||||
from .base import BasePermission, Action
|
||||
from applications.models import Application
|
||||
from users.models import User
|
||||
from applications.const import AppCategory, AppType
|
||||
|
||||
|
|
@ -36,12 +37,7 @@ class ApplicationPermission(BasePermission):
|
|||
unique_together = [('org_id', 'name')]
|
||||
verbose_name = _('Application permission')
|
||||
ordering = ('name',)
|
||||
permissions = [
|
||||
('view_myapps', _('Can view my apps')),
|
||||
('connect_myapps', _('Can connect my apps')),
|
||||
('view_userapps', _('Can view user apps')),
|
||||
('view_usergroupapps', _('Can view usergroup apps')),
|
||||
]
|
||||
|
||||
|
||||
@property
|
||||
def category_remote_app(self):
|
||||
|
|
@ -106,3 +102,15 @@ class ApplicationPermission(BasePermission):
|
|||
include_choices = cls.get_include_actions_choices(category)
|
||||
exclude_choices = set(Action.NAME_MAP.values()) - set(include_choices)
|
||||
return exclude_choices
|
||||
|
||||
|
||||
class PermedApplication(Application):
|
||||
class Meta:
|
||||
proxy = True
|
||||
verbose_name = _("Permed app")
|
||||
permissions = [
|
||||
('view_myapps', _('Can view my apps')),
|
||||
('connect_myapps', _('Can connect my apps')),
|
||||
('view_userapps', _('Can view user apps')),
|
||||
('view_usergroupapps', _('Can view usergroup apps')),
|
||||
]
|
||||
|
|
|
|||
|
|
@ -28,12 +28,6 @@ class AssetPermission(BasePermission):
|
|||
unique_together = [('org_id', 'name')]
|
||||
verbose_name = _("Asset permission")
|
||||
ordering = ('name',)
|
||||
permissions = [
|
||||
('view_myassets', _('Can view my assets')),
|
||||
('connect_myassets', _('Can connect my assets')),
|
||||
('view_userassets', _('Can view user assets')),
|
||||
('view_usergroupassets', _('Can view usergroup assets')),
|
||||
]
|
||||
|
||||
@lazyproperty
|
||||
def users_amount(self):
|
||||
|
|
@ -179,3 +173,16 @@ class PermNode(Node):
|
|||
def save(self):
|
||||
# 这是个只读 Model
|
||||
raise NotImplementedError
|
||||
|
||||
|
||||
class PermedAsset(Asset):
|
||||
class Meta:
|
||||
proxy = True
|
||||
verbose_name = _('Permed asset')
|
||||
permissions = [
|
||||
('view_myassets', _('Can view my assets')),
|
||||
('connect_myassets', _('Can connect my assets')),
|
||||
('view_userassets', _('Can view user assets')),
|
||||
('view_usergroupassets', _('Can view usergroup assets')),
|
||||
]
|
||||
|
||||
|
|
|
|||
|
|
@ -21,11 +21,14 @@ auditor_perms = (
|
|||
|
||||
user_perms = (
|
||||
('rbac', 'menupermission', 'view', 'userview'),
|
||||
('perms', 'assetpermission', 'view,connect', 'myassets'),
|
||||
('perms', 'applicationpermission', 'view,connect', 'myapps'),
|
||||
('rbac', 'menupermission', 'view', 'webterminal'),
|
||||
('rbac', 'menupermission', 'view', 'filemanager'),
|
||||
('perms', 'permedasset', 'view,connect', 'myassets'),
|
||||
('perms', 'permedapplication', 'view,connect', 'myapps'),
|
||||
('assets', 'asset', 'match', 'asset'),
|
||||
('assets', 'systemuser', 'match', 'systemuser'),
|
||||
('assets', 'node', 'match', 'node'),
|
||||
('ops', 'commandexecution', 'add', 'commandexecution'),
|
||||
)
|
||||
|
||||
app_exclude_perms = [
|
||||
|
|
|
|||
|
|
@ -22,6 +22,8 @@ exclude_permissions = (
|
|||
('notifications', '*', '*', '*'),
|
||||
('common', 'setting', '*', '*'),
|
||||
|
||||
('authentication', 'privatetoken', '*', '*'),
|
||||
('users', 'userpasswordhistory', '*', '*'),
|
||||
('applications', 'applicationuser', '*', '*'),
|
||||
('applications', 'historicalaccount', '*', '*'),
|
||||
('applications', 'databaseapp', '*', '*'),
|
||||
|
|
@ -33,7 +35,6 @@ exclude_permissions = (
|
|||
('assets', 'favoriteasset', '*', '*'),
|
||||
('assets', 'historicalauthbook', '*', '*'),
|
||||
('assets', 'assetuser', '*', '*'),
|
||||
('authentication', 'privatetoken', '*', '*'),
|
||||
('perms', 'databaseapppermission', '*', '*'),
|
||||
('perms', 'k8sapppermission', '*', '*'),
|
||||
('perms', 'remoteapppermission', '*', '*'),
|
||||
|
|
@ -41,6 +42,8 @@ exclude_permissions = (
|
|||
('perms', 'usergrantedmappingnode', '*', '*'),
|
||||
('perms', 'permnode', '*', '*'),
|
||||
('perms', 'rebuildusertreetask', '*', '*'),
|
||||
('perms', 'permedasset', 'add,change,delete', 'permedasset'),
|
||||
('perms', 'permedapplication', 'add,change,delete', 'permedapplication'),
|
||||
('rbac', 'contenttype', '*', '*'),
|
||||
('rbac', 'permission', 'add,delete,change', 'permission'),
|
||||
('rbac', 'rolebinding', '*', '*'),
|
||||
|
|
@ -49,22 +52,22 @@ exclude_permissions = (
|
|||
('ops', 'adhocexecution', '*', '*'),
|
||||
('ops', 'celerytask', '*', '*'),
|
||||
('ops', 'task', 'add,change', 'task'),
|
||||
('ops', 'commandexecution', 'delete,change', 'commandexecution'),
|
||||
('orgs', 'organizationmember', '*', '*'),
|
||||
('settings', 'setting', 'add,delete', 'setting'),
|
||||
('audits', 'operatelog', 'add,delete,change', 'operatelog'),
|
||||
('audits', 'passwordchangelog', 'add,change,delete', 'passwordchangelog'),
|
||||
('audits', 'userloginlog', 'change,delete,change', 'userloginlog'),
|
||||
('audits', 'ftplog', 'change,delete', 'ftplog'),
|
||||
('terminal', 'session', 'delete', 'session'),
|
||||
('terminal', 'session', 'delete,change', 'command'),
|
||||
('tickets', 'ticket', '*', '*'),
|
||||
('users', 'userpasswordhistory', '*', '*'),
|
||||
('xpack', 'interface', '*', '*'),
|
||||
('xpack', 'license', '*', '*'),
|
||||
('common', 'permission', 'add,delete,view,change', 'permission'),
|
||||
('terminal', 'command', 'delete,change', 'command'),
|
||||
('terminal', 'sessionjoinrecord', 'delete', 'sessionjoinrecord'),
|
||||
('terminal', 'sessionreplay', 'delete', 'sessionreplay'),
|
||||
('terminal', 'session', 'delete', 'session'),
|
||||
('terminal', 'session', 'delete,change', 'command'),
|
||||
)
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -27,7 +27,7 @@ class Migration(migrations.Migration):
|
|||
],
|
||||
options={
|
||||
'verbose_name': 'Menu permission',
|
||||
'permissions': [('view_adminview', 'view console view'), ('view_auditview', 'view audit view'), ('view_userview', 'view workspace view')],
|
||||
'permissions': [('view_adminview', 'Can view console view'), ('view_auditview', 'Can view audit view'), ('view_userview', 'Can view workspace view')],
|
||||
'default_permissions': [],
|
||||
},
|
||||
),
|
||||
|
|
|
|||
|
|
@ -0,0 +1,17 @@
|
|||
# Generated by Django 3.1.14 on 2022-03-07 07:46
|
||||
|
||||
from django.db import migrations
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
|
||||
dependencies = [
|
||||
('rbac', '0004_auto_20211201_1901'),
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.AlterModelOptions(
|
||||
name='menupermission',
|
||||
options={'default_permissions': [], 'permissions': [('view_resourcestatistics', 'Can view resource statistics'), ('view_adminview', 'Can view console view'), ('view_auditview', 'Can view audit view'), ('view_userview', 'Can view workspace view'), ('view_webterminal', 'Can view web terminal'), ('view_filemanager', 'Can view file manager')], 'verbose_name': 'Menu permission'},
|
||||
),
|
||||
]
|
||||
|
|
@ -0,0 +1,39 @@
|
|||
# Generated by Django 3.1.14 on 2022-03-07 07:58
|
||||
|
||||
from django.db import migrations
|
||||
|
||||
|
||||
def delete_unused_permissions(apps, schema_editor):
|
||||
permission_model = apps.get_model('rbac', 'Permission')
|
||||
content_type_model = apps.get_model('rbac', 'ContentType')
|
||||
content_type_delete_required = [
|
||||
('common', 'permission'),
|
||||
]
|
||||
for app, model in content_type_delete_required:
|
||||
content_type_model.objects.filter(app_label=app, model=model).delete()
|
||||
|
||||
permissions_delete_required = [
|
||||
('perms', 'assetpermission', 'connect_myassets'),
|
||||
('perms', 'assetpermission', 'view_myassets'),
|
||||
('perms', 'assetpermission', 'view_userassets'),
|
||||
('perms', 'assetpermission', 'view_usergroupassets'),
|
||||
('perms', 'applicationpermission', 'view_myapps'),
|
||||
('perms', 'applicationpermission', 'connect_myapps'),
|
||||
('perms', 'applicationpermission', 'view_userapps'),
|
||||
('perms', 'applicationpermission', 'view_usergroupapps'),
|
||||
]
|
||||
for app, model, codename in permissions_delete_required:
|
||||
permission_model.objects.filter(
|
||||
codename=codename, content_type__model=model, content_type__app_label=app
|
||||
).delete()
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
|
||||
dependencies = [
|
||||
('rbac', '0005_auto_20220307_1524'),
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.RunPython(delete_unused_permissions)
|
||||
]
|
||||
|
|
@ -12,7 +12,10 @@ class MenuPermission(models.Model):
|
|||
default_permissions = []
|
||||
verbose_name = _('Menu permission')
|
||||
permissions = [
|
||||
('view_adminview', _('view console view')),
|
||||
('view_auditview', _('view audit view')),
|
||||
('view_userview', _('view workspace view')),
|
||||
('view_resourcestatistics', _('Can view resource statistics')),
|
||||
('view_adminview', _('Can view console view')),
|
||||
('view_auditview', _('Can view audit view')),
|
||||
('view_userview', _('Can view workspace view')),
|
||||
('view_webterminal', _('Can view web terminal')),
|
||||
('view_filemanager', _('Can view file manager')),
|
||||
]
|
||||
|
|
|
|||
|
|
@ -132,7 +132,17 @@ extra_nodes_data = [
|
|||
"id": "terminal_node",
|
||||
"name": _("Terminal setting"),
|
||||
"pId": "view_setting"
|
||||
}
|
||||
},
|
||||
{
|
||||
'id': "my_assets",
|
||||
"name": _("My assets"),
|
||||
"pId": "view_workspace"
|
||||
},
|
||||
{
|
||||
'id': "my_apps",
|
||||
"name": _("My apps"),
|
||||
"pId": "view_workspace"
|
||||
},
|
||||
]
|
||||
|
||||
# 将 model 放到其它节点下,而不是本来的 app 中
|
||||
|
|
@ -164,10 +174,16 @@ special_model_pid_mapper = {
|
|||
'terminal.task': 'terminal_node',
|
||||
'audits.ftplog': 'terminal',
|
||||
'rbac.menupermission': 'view_other',
|
||||
'perms.view_myassets': 'my_assets',
|
||||
'perms.connect_myassets': 'my_assets',
|
||||
'perms.view_myapps': 'my_apps',
|
||||
'perms.connect_myapps': 'my_apps',
|
||||
'ops.commandexecution': 'view_workspace',
|
||||
}
|
||||
|
||||
model_verbose_name_mapper = {
|
||||
'orgs.organization': _("App organizations"),
|
||||
'tickets.comment': _("Ticket comment"),
|
||||
}
|
||||
|
||||
xpack_apps = [
|
||||
|
|
@ -259,28 +275,28 @@ class PermissionTreeUtil:
|
|||
|
||||
def _create_models_nodes(self):
|
||||
content_types = ContentType.objects.all()
|
||||
total_counts_mapper, checked_counts_mapper = self._get_model_counts_mapper()
|
||||
|
||||
nodes = []
|
||||
for ct in content_types:
|
||||
total_count = total_counts_mapper.get(ct.id, 0)
|
||||
checked_count = checked_counts_mapper.get(ct.id, 0)
|
||||
if total_count == 0:
|
||||
continue
|
||||
|
||||
model_id = '{}.{}'.format(ct.app_label, ct.model)
|
||||
if not self._check_model_xpack(model_id):
|
||||
continue
|
||||
|
||||
total_count = self.total_counts[model_id]
|
||||
checked_count = self.checked_counts[model_id]
|
||||
if total_count == 0:
|
||||
continue
|
||||
|
||||
# 获取 pid
|
||||
app = ct.app_label
|
||||
if special_model_pid_mapper.get(model_id):
|
||||
if model_id in special_model_pid_mapper:
|
||||
app = special_model_pid_mapper[model_id]
|
||||
self.total_counts[app] += total_count
|
||||
self.checked_counts[app] += checked_count
|
||||
|
||||
# 获取 name
|
||||
name = f'{ct.name}'
|
||||
if model_verbose_name_mapper.get(model_id):
|
||||
if model_id in model_verbose_name_mapper:
|
||||
name = model_verbose_name_mapper[model_id]
|
||||
|
||||
node = self._create_node({
|
||||
|
|
@ -336,11 +352,21 @@ class PermissionTreeUtil:
|
|||
if settings.DEBUG:
|
||||
name += '({})'.format(p.app_label_codename)
|
||||
|
||||
title = p.app_label_codename
|
||||
pid = model_id
|
||||
if title in special_model_pid_mapper:
|
||||
pid = special_model_pid_mapper[title]
|
||||
|
||||
self.total_counts[pid] += 1
|
||||
checked = p.id in permissions_id
|
||||
if checked:
|
||||
self.checked_counts[pid] += 1
|
||||
|
||||
node = TreeNode(**{
|
||||
'id': p.id,
|
||||
'name': name,
|
||||
'title': p.app_label_codename,
|
||||
'pId': model_id,
|
||||
'title': title,
|
||||
'pId': pid,
|
||||
'isParent': False,
|
||||
'chkDisabled': self.check_disabled,
|
||||
'iconSkin': 'file',
|
||||
|
|
@ -395,10 +421,10 @@ class PermissionTreeUtil:
|
|||
checked_count = self.checked_counts[view]
|
||||
if total_count == 0:
|
||||
continue
|
||||
node = self._create_node(data, total_count, checked_count, 'view')
|
||||
node = self._create_node(data, total_count, checked_count, 'view', is_open=False)
|
||||
nodes.append(node)
|
||||
return nodes
|
||||
|
||||
|
||||
def _create_extra_nodes(self):
|
||||
nodes = []
|
||||
for data in extra_nodes_data:
|
||||
|
|
@ -423,8 +449,8 @@ class PermissionTreeUtil:
|
|||
perms_nodes = self._create_perms_nodes()
|
||||
models_nodes = self._create_models_nodes()
|
||||
apps_nodes = self.create_apps_nodes()
|
||||
views_nodes = self._create_views_node()
|
||||
extra_nodes = self._create_extra_nodes()
|
||||
views_nodes = self._create_views_node()
|
||||
|
||||
nodes += views_nodes + apps_nodes + models_nodes + perms_nodes + extra_nodes
|
||||
return nodes
|
||||
|
|
|
|||
|
|
@ -19,5 +19,6 @@ class Migration(migrations.Migration):
|
|||
('session', models.ForeignKey(db_constraint=False, on_delete=django.db.models.deletion.CASCADE, related_name='ticket_relation', to='terminal.session')),
|
||||
('ticket', models.ForeignKey(db_constraint=False, on_delete=django.db.models.deletion.CASCADE, related_name='session_relation', to='tickets.ticket')),
|
||||
],
|
||||
options={'verbose_name': 'Ticket session relation'},
|
||||
),
|
||||
]
|
||||
|
|
|
|||
|
|
@ -1,11 +1,14 @@
|
|||
from django.db import models
|
||||
from django.db.models import Model
|
||||
from django.utils.translation import ugettext_lazy as _
|
||||
|
||||
|
||||
class TicketSession(Model):
|
||||
class TicketSession(models.Model):
|
||||
ticket = models.ForeignKey('tickets.Ticket', related_name='session_relation', on_delete=models.CASCADE, db_constraint=False)
|
||||
session = models.ForeignKey('terminal.Session', related_name='ticket_relation', on_delete=models.CASCADE, db_constraint=False)
|
||||
|
||||
class Meta:
|
||||
verbose_name = _("Ticket session relation")
|
||||
|
||||
@classmethod
|
||||
def get_ticket_by_session_id(cls, session_id):
|
||||
relation = cls.objects.filter(session=session_id).first()
|
||||
|
|
|
|||
Loading…
Reference in New Issue