github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

perf: Pam rbac

pull/15770/head
feng 2025-07-22 18:59:32 +08:00 committed by ZhaoJiSen
parent 299e52cd11
commit 1df04d2a94
5 changed files with 22 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
apps/rbac/migrations/0001_initial.py
View File

@ -1,10 +1,11 @@
# Generated by Django 4.1.13 on 2024-05-09 03:16 # Generated by Django 4.1.13 on 2024-05-09 03:16
import uuid
import django.contrib.auth.models import django.contrib.auth.models
import django.contrib.contenttypes.models import django.contrib.contenttypes.models
from django.db import migrations, models
import django.db.models.deletion import django.db.models.deletion
import uuid from django.db import migrations, models
class Migration(migrations.Migration): class Migration(migrations.Migration):
@ -24,11 +25,15 @@ class Migration(migrations.Migration):
], ],
options={ options={
'verbose_name': 'Menu permission', 'verbose_name': 'Menu permission',
'permissions': [('view_console', 'Can view console view'), ('view_audit', 'Can view audit view'), 'permissions': [
('view_workbench', 'Can view workbench view'), ('view_console', 'Can view console view'),
('view_webterminal', 'Can view web terminal'), ('view_pam', 'Can view pam view'),
('view_filemanager', 'Can view file manager'), ('view_audit', 'Can view audit view'),
('view_systemtools', 'Can view System Tools')], ('view_workbench', 'Can view workbench view'),
('view_webterminal', 'Can view web terminal'),
('view_filemanager', 'Can view file manager'),
('view_systemtools', 'Can view System Tools')
],
'default_permissions': [], 'default_permissions': [],
}, },
), ),

1
apps/rbac/models/menu.py
View File

@ -13,6 +13,7 @@ class MenuPermission(models.Model):
verbose_name = _('Menu permission') verbose_name = _('Menu permission')
permissions = [ permissions = [
('view_console', _('Can view console view')), ('view_console', _('Can view console view')),
('view_pam', _('Can view pam view')),
('view_audit', _('Can view audit view')), ('view_audit', _('Can view audit view')),
('view_workbench', _('Can view workbench view')), ('view_workbench', _('Can view workbench view')),
('view_webterminal', _('Can view web terminal')), ('view_webterminal', _('Can view web terminal')),

3
apps/rbac/tree.py
View File

@ -22,7 +22,7 @@ root_node_data = {
# 第二层 view 节点,手动创建的 # 第二层 view 节点,手动创建的
view_nodes_data = [ view_nodes_data = [
{'id': 'view_console', 'name': _('Console view')}, {'id': 'view_console', 'name': _('Console view')},
{'id': 'view_pam', 'name': 'Pam'}, {'id': 'view_pam', 'name': _('Pam view')},
{'id': 'view_workbench', 'name': _('Workbench view')}, {'id': 'view_workbench', 'name': _('Workbench view')},
{'id': 'view_audit', 'name': _('Audit view')}, {'id': 'view_audit', 'name': _('Audit view')},
{'id': 'view_setting', 'name': _('System setting')}, {'id': 'view_setting', 'name': _('System setting')},
@ -115,6 +115,7 @@ special_pid_mapper = {
'ops.jobexecution': 'operation_center', 'ops.jobexecution': 'operation_center',
"rbac.view_console": "view_console", "rbac.view_console": "view_console",
"rbac.view_audit": "view_audit", "rbac.view_audit": "view_audit",
"rbac.view_pam": "view_pam",
'audits.usersession': 'view_audit', 'audits.usersession': 'view_audit',
"rbac.view_workbench": "view_workbench", "rbac.view_workbench": "view_workbench",
"rbac.view_webterminal": "view_workbench", "rbac.view_webterminal": "view_workbench",

6
apps/users/models/user/_role.py
View File

@ -215,6 +215,10 @@ class RoleMixin:
def workbench_orgs(self): def workbench_orgs(self):
return self.cached_orgs.get("workbench_orgs", []) return self.cached_orgs.get("workbench_orgs", [])
@lazyproperty
def pam_orgs(self):
return self.cached_orgs.get("pam_orgs", [])
@lazyproperty @lazyproperty
def joined_orgs(self): def joined_orgs(self):
from rbac.models import RoleBinding from rbac.models import RoleBinding
@ -229,6 +233,7 @@ class RoleMixin:
data = cache.get(key) data = cache.get(key)
if data: if data:
return data return data
pam_orgs = RoleBinding.get_user_has_the_perm_orgs("rbac.view_pam", self)
console_orgs = RoleBinding.get_user_has_the_perm_orgs("rbac.view_console", self) console_orgs = RoleBinding.get_user_has_the_perm_orgs("rbac.view_console", self)
audit_orgs = RoleBinding.get_user_has_the_perm_orgs("rbac.view_audit", self) audit_orgs = RoleBinding.get_user_has_the_perm_orgs("rbac.view_audit", self)
workbench_orgs = RoleBinding.get_user_has_the_perm_orgs( workbench_orgs = RoleBinding.get_user_has_the_perm_orgs(
@ -239,6 +244,7 @@ class RoleMixin:
audit_orgs = list(set(audit_orgs) - set(console_orgs)) audit_orgs = list(set(audit_orgs) - set(console_orgs))
data = { data = {
"pam_orgs": pam_orgs,
"console_orgs": console_orgs, "console_orgs": console_orgs,
"audit_orgs": audit_orgs, "audit_orgs": audit_orgs,
"workbench_orgs": workbench_orgs, "workbench_orgs": workbench_orgs,

1
apps/users/serializers/profile.py
View File

@ -188,6 +188,7 @@ class UserOrgSerializer(serializers.Serializer):
class UserPermsSerializer(serializers.Serializer): class UserPermsSerializer(serializers.Serializer):
id = serializers.CharField(label=_("User ID"), read_only=True) id = serializers.CharField(label=_("User ID"), read_only=True)
username = serializers.CharField(label=_("Username"), read_only=True) username = serializers.CharField(label=_("Username"), read_only=True)
pam_orgs = UserOrgSerializer(many=True, read_only=True)
console_orgs = UserOrgSerializer(many=True, read_only=True) console_orgs = UserOrgSerializer(many=True, read_only=True)
audit_orgs = UserOrgSerializer(many=True, read_only=True) audit_orgs = UserOrgSerializer(many=True, read_only=True)
workbench_orgs = UserOrgSerializer(many=True, read_only=True) workbench_orgs = UserOrgSerializer(many=True, read_only=True)