mirror of https://github.com/jumpserver/jumpserver
perf: Pam rbac
parent
299e52cd11
commit
1df04d2a94
|
@ -1,10 +1,11 @@
|
|||
# Generated by Django 4.1.13 on 2024-05-09 03:16
|
||||
|
||||
import uuid
|
||||
|
||||
import django.contrib.auth.models
|
||||
import django.contrib.contenttypes.models
|
||||
from django.db import migrations, models
|
||||
import django.db.models.deletion
|
||||
import uuid
|
||||
from django.db import migrations, models
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
|
@ -24,11 +25,15 @@ class Migration(migrations.Migration):
|
|||
],
|
||||
options={
|
||||
'verbose_name': 'Menu permission',
|
||||
'permissions': [('view_console', 'Can view console view'), ('view_audit', 'Can view audit view'),
|
||||
('view_workbench', 'Can view workbench view'),
|
||||
('view_webterminal', 'Can view web terminal'),
|
||||
('view_filemanager', 'Can view file manager'),
|
||||
('view_systemtools', 'Can view System Tools')],
|
||||
'permissions': [
|
||||
('view_console', 'Can view console view'),
|
||||
('view_pam', 'Can view pam view'),
|
||||
('view_audit', 'Can view audit view'),
|
||||
('view_workbench', 'Can view workbench view'),
|
||||
('view_webterminal', 'Can view web terminal'),
|
||||
('view_filemanager', 'Can view file manager'),
|
||||
('view_systemtools', 'Can view System Tools')
|
||||
],
|
||||
'default_permissions': [],
|
||||
},
|
||||
),
|
||||
|
|
|
@ -13,6 +13,7 @@ class MenuPermission(models.Model):
|
|||
verbose_name = _('Menu permission')
|
||||
permissions = [
|
||||
('view_console', _('Can view console view')),
|
||||
('view_pam', _('Can view pam view')),
|
||||
('view_audit', _('Can view audit view')),
|
||||
('view_workbench', _('Can view workbench view')),
|
||||
('view_webterminal', _('Can view web terminal')),
|
||||
|
|
|
@ -22,7 +22,7 @@ root_node_data = {
|
|||
# 第二层 view 节点,手动创建的
|
||||
view_nodes_data = [
|
||||
{'id': 'view_console', 'name': _('Console view')},
|
||||
{'id': 'view_pam', 'name': 'Pam'},
|
||||
{'id': 'view_pam', 'name': _('Pam view')},
|
||||
{'id': 'view_workbench', 'name': _('Workbench view')},
|
||||
{'id': 'view_audit', 'name': _('Audit view')},
|
||||
{'id': 'view_setting', 'name': _('System setting')},
|
||||
|
@ -115,6 +115,7 @@ special_pid_mapper = {
|
|||
'ops.jobexecution': 'operation_center',
|
||||
"rbac.view_console": "view_console",
|
||||
"rbac.view_audit": "view_audit",
|
||||
"rbac.view_pam": "view_pam",
|
||||
'audits.usersession': 'view_audit',
|
||||
"rbac.view_workbench": "view_workbench",
|
||||
"rbac.view_webterminal": "view_workbench",
|
||||
|
|
|
@ -215,6 +215,10 @@ class RoleMixin:
|
|||
def workbench_orgs(self):
|
||||
return self.cached_orgs.get("workbench_orgs", [])
|
||||
|
||||
@lazyproperty
|
||||
def pam_orgs(self):
|
||||
return self.cached_orgs.get("pam_orgs", [])
|
||||
|
||||
@lazyproperty
|
||||
def joined_orgs(self):
|
||||
from rbac.models import RoleBinding
|
||||
|
@ -229,6 +233,7 @@ class RoleMixin:
|
|||
data = cache.get(key)
|
||||
if data:
|
||||
return data
|
||||
pam_orgs = RoleBinding.get_user_has_the_perm_orgs("rbac.view_pam", self)
|
||||
console_orgs = RoleBinding.get_user_has_the_perm_orgs("rbac.view_console", self)
|
||||
audit_orgs = RoleBinding.get_user_has_the_perm_orgs("rbac.view_audit", self)
|
||||
workbench_orgs = RoleBinding.get_user_has_the_perm_orgs(
|
||||
|
@ -239,6 +244,7 @@ class RoleMixin:
|
|||
audit_orgs = list(set(audit_orgs) - set(console_orgs))
|
||||
|
||||
data = {
|
||||
"pam_orgs": pam_orgs,
|
||||
"console_orgs": console_orgs,
|
||||
"audit_orgs": audit_orgs,
|
||||
"workbench_orgs": workbench_orgs,
|
||||
|
|
|
@ -188,6 +188,7 @@ class UserOrgSerializer(serializers.Serializer):
|
|||
class UserPermsSerializer(serializers.Serializer):
|
||||
id = serializers.CharField(label=_("User ID"), read_only=True)
|
||||
username = serializers.CharField(label=_("Username"), read_only=True)
|
||||
pam_orgs = UserOrgSerializer(many=True, read_only=True)
|
||||
console_orgs = UserOrgSerializer(many=True, read_only=True)
|
||||
audit_orgs = UserOrgSerializer(many=True, read_only=True)
|
||||
workbench_orgs = UserOrgSerializer(many=True, read_only=True)
|
||||
|
|
Loading…
Reference in New Issue