github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

perf: Pam rbac

pull/15770/head
feng 2025-07-22 18:59:32 +08:00 committed by ZhaoJiSen
parent 299e52cd11
commit 1df04d2a94
5 changed files with 22 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
apps/rbac/migrations/0001_initial.py
View File

@ -1,10 +1,11 @@
# Generated by Django 4.1.13 on 2024-05-09 03:16
import uuid
import django.contrib.auth.models
import django.contrib.contenttypes.models
from django.db import migrations, models
import django.db.models.deletion
import uuid
from django.db import migrations, models
class Migration(migrations.Migration):
@ -24,11 +25,15 @@ class Migration(migrations.Migration):
],
options={
'verbose_name': 'Menu permission',
'permissions': [('view_console', 'Can view console view'), ('view_audit', 'Can view audit view'),
('view_workbench', 'Can view workbench view'),
('view_webterminal', 'Can view web terminal'),
('view_filemanager', 'Can view file manager'),
('view_systemtools', 'Can view System Tools')],
'permissions': [
('view_console', 'Can view console view'),
('view_pam', 'Can view pam view'),
('view_audit', 'Can view audit view'),
('view_workbench', 'Can view workbench view'),
('view_webterminal', 'Can view web terminal'),
('view_filemanager', 'Can view file manager'),
('view_systemtools', 'Can view System Tools')
],
'default_permissions': [],
},
),

1
apps/rbac/models/menu.py
View File

@ -13,6 +13,7 @@ class MenuPermission(models.Model):
verbose_name = _('Menu permission')
permissions = [
('view_console', _('Can view console view')),
('view_pam', _('Can view pam view')),
('view_audit', _('Can view audit view')),
('view_workbench', _('Can view workbench view')),
('view_webterminal', _('Can view web terminal')),

3
apps/rbac/tree.py
View File

@ -22,7 +22,7 @@ root_node_data = {
# 第二层 view 节点,手动创建的
view_nodes_data = [
{'id': 'view_console', 'name': _('Console view')},
{'id': 'view_pam', 'name': 'Pam'},
{'id': 'view_pam', 'name': _('Pam view')},
{'id': 'view_workbench', 'name': _('Workbench view')},
{'id': 'view_audit', 'name': _('Audit view')},
{'id': 'view_setting', 'name': _('System setting')},
@ -115,6 +115,7 @@ special_pid_mapper = {
'ops.jobexecution': 'operation_center',
"rbac.view_console": "view_console",
"rbac.view_audit": "view_audit",
"rbac.view_pam": "view_pam",
'audits.usersession': 'view_audit',
"rbac.view_workbench": "view_workbench",
"rbac.view_webterminal": "view_workbench",

6
apps/users/models/user/_role.py
View File

@ -215,6 +215,10 @@ class RoleMixin:
def workbench_orgs(self):
return self.cached_orgs.get("workbench_orgs", [])
@lazyproperty
def pam_orgs(self):
return self.cached_orgs.get("pam_orgs", [])
@lazyproperty
def joined_orgs(self):
from rbac.models import RoleBinding
@ -229,6 +233,7 @@ class RoleMixin:
data = cache.get(key)
if data:
return data
pam_orgs = RoleBinding.get_user_has_the_perm_orgs("rbac.view_pam", self)
console_orgs = RoleBinding.get_user_has_the_perm_orgs("rbac.view_console", self)
audit_orgs = RoleBinding.get_user_has_the_perm_orgs("rbac.view_audit", self)
workbench_orgs = RoleBinding.get_user_has_the_perm_orgs(
@ -239,6 +244,7 @@ class RoleMixin:
audit_orgs = list(set(audit_orgs) - set(console_orgs))
data = {
"pam_orgs": pam_orgs,
"console_orgs": console_orgs,
"audit_orgs": audit_orgs,
"workbench_orgs": workbench_orgs,

1
apps/users/serializers/profile.py
View File

@ -188,6 +188,7 @@ class UserOrgSerializer(serializers.Serializer):
class UserPermsSerializer(serializers.Serializer):
id = serializers.CharField(label=_("User ID"), read_only=True)
username = serializers.CharField(label=_("Username"), read_only=True)
pam_orgs = UserOrgSerializer(many=True, read_only=True)
console_orgs = UserOrgSerializer(many=True, read_only=True)
audit_orgs = UserOrgSerializer(many=True, read_only=True)
workbench_orgs = UserOrgSerializer(many=True, read_only=True)