github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

[Bugfix] 解决Node.root() 死循环,移动AdminRequired到permission中 (#1571)

pull/1574/head
老广 2018-07-20 05:42:01 -05:00 committed by GitHub
parent e3aa18ff2d
commit 2208d6d51e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
23 changed files with 50 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apps/assets/hands.py
View File

@ -11,6 +11,6 @@
""" """
from common.mixins import AdminUserRequiredMixin from common.permissions import AdminUserRequiredMixin
from common.permissions import IsAppUser, IsSuperUser, IsValidUser, IsSuperUserOrAppUser from common.permissions import IsAppUser, IsSuperUser, IsValidUser, IsSuperUserOrAppUser
from users.models import User, UserGroup from users.models import User, UserGroup

8
apps/assets/models/node.py
View File

@ -7,7 +7,7 @@ from django.db.models import Q
from django.utils.translation import ugettext_lazy as _ from django.utils.translation import ugettext_lazy as _
from orgs.mixins import OrgModelMixin from orgs.mixins import OrgModelMixin
from orgs.utils import current_org, set_current_org from orgs.utils import current_org, set_current_org, get_current_org
from orgs.models import Organization from orgs.models import Organization
__all__ = ['Node'] __all__ = ['Node']
@ -169,13 +169,15 @@ class Node(OrgModelMixin):
@classmethod @classmethod
def create_root_node(cls): def create_root_node(cls):
# 如果使用current_org 在set_current_org时会死循环
_current_org = get_current_org()
with transaction.atomic(): with transaction.atomic():
set_current_org(Organization.root()) set_current_org(Organization.root())
org_nodes_roots = cls.objects.filter(key__regex=r'^[0-9]+$') org_nodes_roots = cls.objects.filter(key__regex=r'^[0-9]+$')
org_nodes_roots_keys = org_nodes_roots.values_list('key', flat=True) org_nodes_roots_keys = org_nodes_roots.values_list('key', flat=True)
max_value = max([int(k) for k in org_nodes_roots_keys]) if org_nodes_roots_keys else 0 max_value = max([int(k) for k in org_nodes_roots_keys]) if org_nodes_roots_keys else 0
set_current_org(current_org) set_current_org(_current_org)
root = cls.objects.create(key=max_value+1, value=current_org.name) root = cls.objects.create(key=str(max_value+1), value=_current_org.name)
return root return root
@classmethod @classmethod

2
apps/assets/views/admin_user.py
View File

@ -11,7 +11,7 @@ from django.views.generic.detail import DetailView, SingleObjectMixin
from common.const import create_success_msg, update_success_msg from common.const import create_success_msg, update_success_msg
from .. import forms from .. import forms
from ..models import AdminUser, Node from ..models import AdminUser, Node
from ..hands import AdminUserRequiredMixin from common.permissions import AdminUserRequiredMixin
__all__ = [ __all__ = [
'AdminUserCreateView', 'AdminUserDetailView', 'AdminUserCreateView', 'AdminUserDetailView',

2
apps/assets/views/asset.py
View File

@ -29,7 +29,7 @@ from common.utils import get_object_or_none, get_logger, is_uuid
from common.const import create_success_msg, update_success_msg from common.const import create_success_msg, update_success_msg
from .. import forms from .. import forms
from ..models import Asset, AdminUser, SystemUser, Label, Node, Domain from ..models import Asset, AdminUser, SystemUser, Label, Node, Domain
from ..hands import AdminUserRequiredMixin from common.permissions import AdminUserRequiredMixin
__all__ = [ __all__ = [

2
apps/assets/views/domain.py
View File

@ -7,7 +7,7 @@ from django.views.generic.detail import SingleObjectMixin
from django.utils.translation import ugettext_lazy as _ from django.utils.translation import ugettext_lazy as _
from django.urls import reverse_lazy, reverse from django.urls import reverse_lazy, reverse
from common.mixins import AdminUserRequiredMixin from common.permissions import AdminUserRequiredMixin
from common.const import create_success_msg, update_success_msg from common.const import create_success_msg, update_success_msg
from common.utils import get_object_or_none from common.utils import get_object_or_none
from ..models import Domain, Gateway from ..models import Domain, Gateway

2
apps/assets/views/label.py
View File

@ -6,7 +6,7 @@ from django.views.generic import TemplateView, CreateView, \
from django.utils.translation import ugettext_lazy as _ from django.utils.translation import ugettext_lazy as _
from django.urls import reverse_lazy from django.urls import reverse_lazy
from common.mixins import AdminUserRequiredMixin from common.permissions import AdminUserRequiredMixin
from common.const import create_success_msg, update_success_msg from common.const import create_success_msg, update_success_msg
from ..models import Label from ..models import Label
from ..forms import LabelForm from ..forms import LabelForm

2
apps/assets/views/system_user.py
View File

@ -10,7 +10,7 @@ from django.views.generic.detail import DetailView
from common.const import create_success_msg, update_success_msg from common.const import create_success_msg, update_success_msg
from ..forms import SystemUserForm from ..forms import SystemUserForm
from ..models import SystemUser, Node from ..models import SystemUser, Node
from ..hands import AdminUserRequiredMixin from common.permissions import AdminUserRequiredMixin
__all__ = [ __all__ = [

3
apps/audits/views.py
View File

@ -2,7 +2,8 @@ from django.conf import settings
from django.views.generic import ListView from django.views.generic import ListView
from django.utils.translation import ugettext as _ from django.utils.translation import ugettext as _
from common.mixins import AdminUserRequiredMixin, DatetimeSearchMixin from common.mixins import DatetimeSearchMixin
from common.permissions import AdminUserRequiredMixin
from .models import FTPLog from .models import FTPLog

11
apps/common/mixins.py
View File

@ -4,7 +4,7 @@ from django.db import models
from django.http import JsonResponse from django.http import JsonResponse
from django.utils import timezone from django.utils import timezone
from django.utils.translation import ugettext_lazy as _ from django.utils.translation import ugettext_lazy as _
from django.contrib.auth.mixins import UserPassesTestMixin
class NoDeleteQuerySet(models.query.QuerySet): class NoDeleteQuerySet(models.query.QuerySet):
@ -116,11 +116,4 @@ class DatetimeSearchMixin:
return super().get(request, *args, **kwargs) return super().get(request, *args, **kwargs)
class AdminUserRequiredMixin(UserPassesTestMixin):
def test_func(self):
if not self.request.user.is_authenticated:
return False
elif not self.request.user:
self.raise_exception = True
return False
return True

13
apps/common/permissions.py
View File

@ -2,6 +2,9 @@
# #
from rest_framework import permissions from rest_framework import permissions
from django.contrib.auth.mixins import UserPassesTestMixin
from orgs.utils import current_org
class IsValidUser(permissions.IsAuthenticated, permissions.BasePermission): class IsValidUser(permissions.IsAuthenticated, permissions.BasePermission):
@ -50,3 +53,13 @@ class IsCurrentUserOrReadOnly(permissions.BasePermission):
if request.method in permissions.SAFE_METHODS: if request.method in permissions.SAFE_METHODS:
return True return True
return obj == request.user return obj == request.user
class AdminUserRequiredMixin(UserPassesTestMixin):
def test_func(self):
if not self.request.user.is_authenticated:
return False
elif not self.request.user:
self.raise_exception = True
return False
return True

2
apps/common/views.py
View File

@ -8,7 +8,7 @@ from django.conf import settings
from .forms import EmailSettingForm, LDAPSettingForm, BasicSettingForm, \ from .forms import EmailSettingForm, LDAPSettingForm, BasicSettingForm, \
TerminalSettingForm, SecuritySettingForm TerminalSettingForm, SecuritySettingForm
from .mixins import AdminUserRequiredMixin from common.permissions import AdminUserRequiredMixin
from .signals import ldap_auth_enable from .signals import ldap_auth_enable

2
apps/ops/hands.py
View File

@ -1,4 +1,4 @@
# ~*~ coding: utf-8 ~*~ # ~*~ coding: utf-8 ~*~
from users.permissions import IsSuperUser from users.permissions import IsSuperUser
from users.utils import AdminUserRequiredMixin from common.permissions import AdminUserRequiredMixin

2
apps/ops/views.py
View File

@ -6,7 +6,7 @@ from django.views.generic import ListView, DetailView, TemplateView
from common.mixins import DatetimeSearchMixin from common.mixins import DatetimeSearchMixin
from .models import Task, AdHoc, AdHocRunHistory, CeleryTask from .models import Task, AdHoc, AdHocRunHistory, CeleryTask
from .hands import AdminUserRequiredMixin from common.permissions import AdminUserRequiredMixin
class TaskListView(AdminUserRequiredMixin, DatetimeSearchMixin, ListView): class TaskListView(AdminUserRequiredMixin, DatetimeSearchMixin, ListView):

24
apps/orgs/utils.py
View File

@ -20,19 +20,6 @@ def get_org_from_request(request):
return org return org
def get_current_request():
return getattr(_thread_locals, 'request', None)
def get_current_org():
org = getattr(_thread_locals, 'current_org', None)
return org
def get_current_user():
return getattr(_thread_locals, 'user', None)
def set_current_org(org): def set_current_org(org):
setattr(_thread_locals, 'current_org', org) setattr(_thread_locals, 'current_org', org)
@ -46,10 +33,13 @@ def set_to_root_org():
def _find(attr): def _find(attr):
if hasattr(_thread_locals, attr): return getattr(_thread_locals, attr, None)
return getattr(_thread_locals, attr)
return None
current_org = LocalProxy(get_current_org) def get_current_org():
return _find('current_org')
current_org = LocalProxy(partial(_find, 'current_org'))
current_user = LocalProxy(partial(_find, 'current_user'))
current_request = LocalProxy(partial(_find, 'current_request'))

2
apps/perms/hands.py
View File

@ -1,7 +1,7 @@
# ~*~ coding: utf-8 ~*~ # ~*~ coding: utf-8 ~*~
# #
from users.utils import AdminUserRequiredMixin from common.permissions import AdminUserRequiredMixin
from users.models import User, UserGroup from users.models import User, UserGroup
from assets.models import Asset, SystemUser, Node from assets.models import Asset, SystemUser, Node
from assets.serializers import AssetGrantedSerializer, NodeGrantedSerializer, NodeSerializer from assets.serializers import AssetGrantedSerializer, NodeGrantedSerializer, NodeSerializer

2
apps/perms/views.py
View File

@ -8,7 +8,7 @@ from django.views.generic.edit import DeleteView, SingleObjectMixin
from django.urls import reverse_lazy from django.urls import reverse_lazy
from django.conf import settings from django.conf import settings
from common.mixins import AdminUserRequiredMixin from common.permissions import AdminUserRequiredMixin
from .hands import Node, Asset, SystemUser, User, UserGroup from .hands import Node, Asset, SystemUser, User, UserGroup
from .models import AssetPermission from .models import AssetPermission
from .forms import AssetPermissionForm from .forms import AssetPermissionForm

2
apps/terminal/hands.py
View File

@ -4,4 +4,4 @@
from users.models import User from users.models import User
from users.permissions import IsSuperUserOrAppUser, IsAppUser, \ from users.permissions import IsSuperUserOrAppUser, IsAppUser, \
IsSuperUserOrAppUserOrUserReadonly IsSuperUserOrAppUserOrUserReadonly
from users.utils import AdminUserRequiredMixin from common.permissions import AdminUserRequiredMixin

3
apps/terminal/views/command.py
View File

@ -6,7 +6,8 @@ from django.conf import settings
from django.utils import timezone from django.utils import timezone
from django.utils.translation import ugettext as _ from django.utils.translation import ugettext as _
from common.mixins import DatetimeSearchMixin, AdminUserRequiredMixin from common.mixins import DatetimeSearchMixin
from common.permissions import AdminUserRequiredMixin
from ..models import Command from ..models import Command
from .. import utils from .. import utils
from ..backends import get_multi_command_storage from ..backends import get_multi_command_storage

2
apps/terminal/views/session.py
View File

@ -7,7 +7,7 @@ from django.utils.translation import ugettext as _
from django.utils import timezone from django.utils import timezone
from django.conf import settings from django.conf import settings
from users.utils import AdminUserRequiredMixin from common.permissions import AdminUserRequiredMixin
from common.mixins import DatetimeSearchMixin from common.mixins import DatetimeSearchMixin
from ..models import Session, Command, Terminal from ..models import Session, Command, Terminal
from ..backends import get_multi_command_storage from ..backends import get_multi_command_storage

2
apps/terminal/views/terminal.py
View File

@ -10,7 +10,7 @@ from django.urls import reverse_lazy, reverse
from common.mixins import JSONResponseMixin from common.mixins import JSONResponseMixin
from ..models import Terminal from ..models import Terminal
from ..forms import TerminalForm from ..forms import TerminalForm
from ..hands import AdminUserRequiredMixin from common.permissions import AdminUserRequiredMixin
__all__ = [ __all__ = [

2
apps/users/views/group.py
View File

@ -13,7 +13,7 @@ from common.utils import get_logger
from common.const import create_success_msg, update_success_msg from common.const import create_success_msg, update_success_msg
from orgs.mixins import OrgViewGenericMixin from orgs.mixins import OrgViewGenericMixin
from ..models import User, UserGroup from ..models import User, UserGroup
from ..utils import AdminUserRequiredMixin from common.permissions import AdminUserRequiredMixin
from .. import forms from .. import forms
__all__ = ['UserGroupListView', 'UserGroupCreateView', 'UserGroupDetailView', __all__ = ['UserGroupListView', 'UserGroupCreateView', 'UserGroupDetailView',

3
apps/users/views/login.py
View File

@ -22,7 +22,8 @@ from formtools.wizard.views import SessionWizardView
from django.conf import settings from django.conf import settings
from common.utils import get_object_or_none from common.utils import get_object_or_none
from common.mixins import DatetimeSearchMixin, AdminUserRequiredMixin from common.mixins import DatetimeSearchMixin
from common.permissions import AdminUserRequiredMixin
from orgs.utils import current_org from orgs.utils import current_org
from ..models import User, LoginLog from ..models import User, LoginLog
from ..utils import send_reset_password_mail, check_otp_code, get_login_ip, \ from ..utils import send_reset_password_mail, check_otp_code, get_login_ip, \

3
apps/users/views/user.py
View File

@ -34,9 +34,10 @@ from common.const import create_success_msg, update_success_msg
from common.mixins import JSONResponseMixin from common.mixins import JSONResponseMixin
from common.utils import get_logger, get_object_or_none, is_uuid, ssh_key_gen from common.utils import get_logger, get_object_or_none, is_uuid, ssh_key_gen
from common.models import Setting from common.models import Setting
from common.permissions import AdminUserRequiredMixin
from .. import forms from .. import forms
from ..models import User, UserGroup from ..models import User, UserGroup
from ..utils import AdminUserRequiredMixin, generate_otp_uri, check_otp_code, get_user_or_tmp_user, get_password_check_rules, check_password_rules from ..utils import generate_otp_uri, check_otp_code, get_user_or_tmp_user, get_password_check_rules, check_password_rules
from ..signals import post_user_create from ..signals import post_user_create
from ..tasks import write_login_log_async from ..tasks import write_login_log_async