github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

[Update] 修改一些逻辑

pull/1571/head
ibuler 2018-07-14 00:47:21 +08:00
parent 7412bdcba7
commit 28e47f33c1
30 changed files with 167 additions and 185 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
apps/assets/api/admin_user.py
View File

@ -37,19 +37,19 @@ class AdminUserViewSet(IDInFilterMixin, BulkModelViewSet):
"""
Admin user api set, for add,delete,update,list,retrieve resource
"""
queryset = AdminUser.objects.all()
queryset = AdminUser.objects
serializer_class = serializers.AdminUserSerializer
permission_classes = (IsSuperUser,)
class AdminUserAuthApi(generics.UpdateAPIView):
queryset = AdminUser.objects.all()
queryset = AdminUser.objects
serializer_class = serializers.AdminUserAuthSerializer
permission_classes = (IsSuperUser,)
class ReplaceNodesAdminUserApi(generics.UpdateAPIView):
queryset = AdminUser.objects.all()
queryset = AdminUser.objects
serializer_class = serializers.ReplaceNodeAdminUserSerializer
permission_classes = (IsSuperUser,)
@ -74,7 +74,7 @@ class AdminUserTestConnectiveApi(generics.RetrieveAPIView):
"""
Test asset admin user connectivity
"""
queryset = AdminUser.objects.all()
queryset = AdminUser.objects
permission_classes = (IsSuperUser,)
def retrieve(self, request, *args, **kwargs):

12
apps/assets/api/asset.py
View File

@ -36,7 +36,7 @@ class AssetViewSet(IDInFilterMixin, LabelFilter, BulkModelViewSet):
filter_fields = ("hostname", "ip")
search_fields = filter_fields
ordering_fields = ("hostname", "ip", "port", "cpu_cores")
queryset = Asset.objects.all()
queryset = Asset.objects
serializer_class = serializers.AssetSerializer
pagination_class = LimitOffsetPagination
permission_classes = (IsSuperUserOrAppUser,)
@ -65,7 +65,7 @@ class AssetViewSet(IDInFilterMixin, LabelFilter, BulkModelViewSet):
if node_id and not show_current_asset:
node = get_object_or_404(Node, id=node_id)
if node.is_root():
queryset = Asset.objects.all()
queryset = Asset.objects
else:
queryset = queryset.filter(
nodes__key__regex='^{}(:[0-9]+)*$'.format(node.key),
@ -77,7 +77,7 @@ class AssetListUpdateApi(IDInFilterMixin, ListBulkCreateUpdateDestroyAPIView):
"""
Asset bulk update api
"""
queryset = Asset.objects.all()
queryset = Asset.objects
serializer_class = serializers.AssetSerializer
permission_classes = (IsSuperUser,)
@ -86,7 +86,7 @@ class AssetRefreshHardwareApi(generics.RetrieveAPIView):
"""
Refresh asset hardware info
"""
queryset = Asset.objects.all()
queryset = Asset.objects
serializer_class = serializers.AssetSerializer
permission_classes = (IsSuperUser,)
@ -101,7 +101,7 @@ class AssetAdminUserTestApi(generics.RetrieveAPIView):
"""
Test asset admin user connectivity
"""
queryset = Asset.objects.all()
queryset = Asset.objects
permission_classes = (IsSuperUser,)
def retrieve(self, request, *args, **kwargs):
@ -112,7 +112,7 @@ class AssetAdminUserTestApi(generics.RetrieveAPIView):
class AssetGatewayApi(generics.RetrieveAPIView):
queryset = Asset.objects.all()
queryset = Asset.objects
permission_classes = (IsSuperUserOrAppUser,)
def retrieve(self, request, *args, **kwargs):

4
apps/assets/api/domain.py
View File

@ -18,7 +18,7 @@ __all__ = ['DomainViewSet', 'GatewayViewSet', "GatewayTestConnectionApi"]
class DomainViewSet(BulkModelViewSet):
queryset = Domain.objects.all()
queryset = Domain.objects
permission_classes = (IsSuperUser,)
serializer_class = serializers.DomainSerializer
@ -36,7 +36,7 @@ class DomainViewSet(BulkModelViewSet):
class GatewayViewSet(BulkModelViewSet):
filter_fields = ("domain",)
search_fields = filter_fields
queryset = Gateway.objects.all()
queryset = Gateway.objects
permission_classes = (IsSuperUser,)
serializer_class = serializers.GatewaySerializer

12
apps/assets/api/node.py
View File

@ -40,7 +40,7 @@ __all__ = [
class NodeViewSet(BulkModelViewSet):
queryset = Node.objects.all()
queryset = Node.objects
permission_classes = (IsSuperUser,)
serializer_class = serializers.NodeSerializer
@ -79,7 +79,7 @@ class NodeViewSet(BulkModelViewSet):
class NodeChildrenApi(mixins.ListModelMixin, generics.CreateAPIView):
queryset = Node.objects.all()
queryset = Node.objects
permission_classes = (IsSuperUser,)
serializer_class = serializers.NodeSerializer
instance = None
@ -166,7 +166,7 @@ class NodeAssetsApi(generics.ListAPIView):
class NodeAddChildrenApi(generics.UpdateAPIView):
queryset = Node.objects.all()
queryset = Node.objects
permission_classes = (IsSuperUser,)
serializer_class = serializers.NodeAddChildrenSerializer
instance = None
@ -184,7 +184,7 @@ class NodeAddChildrenApi(generics.UpdateAPIView):
class NodeAddAssetsApi(generics.UpdateAPIView):
serializer_class = serializers.NodeAssetsSerializer
queryset = Node.objects.all()
queryset = Node.objects
permission_classes = (IsSuperUser,)
instance = None
@ -196,7 +196,7 @@ class NodeAddAssetsApi(generics.UpdateAPIView):
class NodeRemoveAssetsApi(generics.UpdateAPIView):
serializer_class = serializers.NodeAssetsSerializer
queryset = Node.objects.all()
queryset = Node.objects
permission_classes = (IsSuperUser,)
instance = None
@ -212,7 +212,7 @@ class NodeRemoveAssetsApi(generics.UpdateAPIView):
class NodeReplaceAssetsApi(generics.UpdateAPIView):
serializer_class = serializers.NodeAssetsSerializer
queryset = Node.objects.all()
queryset = Node.objects
permission_classes = (IsSuperUser,)
instance = None

8
apps/assets/api/system_user.py
View File

@ -35,7 +35,7 @@ class SystemUserViewSet(BulkModelViewSet):
"""
System user api set, for add,delete,update,list,retrieve resource
"""
queryset = SystemUser.objects.all()
queryset = SystemUser.objects
serializer_class = serializers.SystemUserSerializer
permission_classes = (IsSuperUserOrAppUser,)
@ -44,7 +44,7 @@ class SystemUserAuthInfoApi(generics.RetrieveUpdateDestroyAPIView):
"""
Get system user auth info
"""
queryset = SystemUser.objects.all()
queryset = SystemUser.objects
permission_classes = (IsSuperUserOrAppUser,)
serializer_class = serializers.SystemUserAuthSerializer
@ -58,7 +58,7 @@ class SystemUserPushApi(generics.RetrieveAPIView):
"""
Push system user to cluster assets api
"""
queryset = SystemUser.objects.all()
queryset = SystemUser.objects
permission_classes = (IsSuperUser,)
def retrieve(self, request, *args, **kwargs):
@ -74,7 +74,7 @@ class SystemUserTestConnectiveApi(generics.RetrieveAPIView):
"""
Push system user to cluster assets api
"""
queryset = SystemUser.objects.all()
queryset = SystemUser.objects
permission_classes = (IsSuperUser,)
def retrieve(self, request, *args, **kwargs):

4
apps/assets/forms/asset.py
View File

@ -93,7 +93,7 @@ class AssetUpdateForm(forms.ModelForm):
class AssetBulkUpdateForm(forms.ModelForm):
assets = forms.ModelMultipleChoiceField(
required=True, help_text='* required',
label=_('Select assets'), queryset=Asset.objects.all(),
label=_('Select assets'), queryset = Asset.objects,
widget=forms.SelectMultiple(
attrs={
'class': 'select2',
@ -105,7 +105,7 @@ class AssetBulkUpdateForm(forms.ModelForm):
label=_('Port'), required=False, min_value=1, max_value=65535,
)
admin_user = forms.ModelChoiceField(
required=False, queryset=AdminUser.objects.all(),
required=False, queryset = AdminUser.objects,
label=_("Admin user"),
widget=forms.Select(
attrs={

2
apps/assets/forms/domain.py
View File

@ -11,7 +11,7 @@ __all__ = ['DomainForm', 'GatewayForm']
class DomainForm(forms.ModelForm):
assets = forms.ModelMultipleChoiceField(
queryset=Asset.objects.all(), label=_('Asset'), required=False,
queryset = Asset.objects, label=_('Asset'), required=False,
widget=forms.SelectMultiple(
attrs={'class': 'select2', 'data-placeholder': _('Select assets')}
)

2
apps/assets/forms/label.py
View File

@ -10,7 +10,7 @@ __all__ = ['LabelForm']
class LabelForm(forms.ModelForm):
assets = forms.ModelMultipleChoiceField(
queryset=Asset.objects.all(), label=_('Asset'), required=False,
queryset = Asset.objects, label=_('Asset'), required=False,
widget=forms.SelectMultiple(
attrs={'class': 'select2', 'data-placeholder': _('Select assets')}
)

2
apps/assets/serializers/admin_user.py
View File

@ -58,7 +58,7 @@ class ReplaceNodeAdminUserSerializer(serializers.ModelSerializer):
管理用户更新关联到的集群
"""
nodes = serializers.PrimaryKeyRelatedField(
many=True, queryset=Node.objects.all()
many=True, queryset = Node.objects
)
class Meta:

2
apps/assets/serializers/node.py
View File

@ -78,7 +78,7 @@ class NodeSerializer(serializers.ModelSerializer):
class NodeAssetsSerializer(serializers.ModelSerializer):
assets = serializers.PrimaryKeyRelatedField(many=True, queryset=Asset.objects.all())
assets = serializers.PrimaryKeyRelatedField(many=True, queryset = Asset.objects)
class Meta:
model = Node

54
apps/assets/urls/api_urls.py
View File

@ -7,53 +7,53 @@ app_name = 'assets'
router = BulkRouter()
router.register(r'v1/assets', api.AssetViewSet, 'asset')
router.register(r'v1/admin-user', api.AdminUserViewSet, 'admin-user')
router.register(r'v1/system-user', api.SystemUserViewSet, 'system-user')
router.register(r'v1/labels', api.LabelViewSet, 'label')
router.register(r'v1/nodes', api.NodeViewSet, 'node')
router.register(r'v1/domain', api.DomainViewSet, 'domain')
router.register(r'v1/gateway', api.GatewayViewSet, 'gateway')
router.register(r'assets', api.AssetViewSet, 'asset')
router.register(r'admin-user', api.AdminUserViewSet, 'admin-user')
router.register(r'system-user', api.SystemUserViewSet, 'system-user')
router.register(r'labels', api.LabelViewSet, 'label')
router.register(r'nodes', api.NodeViewSet, 'node')
router.register(r'domain', api.DomainViewSet, 'domain')
router.register(r'gateway', api.GatewayViewSet, 'gateway')
urlpatterns = [
url(r'^v1/assets-bulk/$', api.AssetListUpdateApi.as_view(), name='asset-bulk-update'),
url(r'^v1/system-user/(?P<pk>[0-9a-zA-Z\-]{36})/auth-info/', api.SystemUserAuthInfoApi.as_view(),
url(r'^assets-bulk/$', api.AssetListUpdateApi.as_view(), name='asset-bulk-update'),
url(r'^system-user/(?P<pk>[0-9a-zA-Z\-]{36})/auth-info/', api.SystemUserAuthInfoApi.as_view(),
name='system-user-auth-info'),
url(r'^v1/assets/(?P<pk>[0-9a-zA-Z\-]{36})/refresh/$',
url(r'^assets/(?P<pk>[0-9a-zA-Z\-]{36})/refresh/$',
api.AssetRefreshHardwareApi.as_view(), name='asset-refresh'),
url(r'^v1/assets/(?P<pk>[0-9a-zA-Z\-]{36})/alive/$',
url(r'^assets/(?P<pk>[0-9a-zA-Z\-]{36})/alive/$',
api.AssetAdminUserTestApi.as_view(), name='asset-alive-test'),
url(r'^v1/assets/(?P<pk>[0-9a-zA-Z\-]{36})/gateway/$',
url(r'^assets/(?P<pk>[0-9a-zA-Z\-]{36})/gateway/$',
api.AssetGatewayApi.as_view(), name='asset-gateway'),
url(r'^v1/admin-user/(?P<pk>[0-9a-zA-Z\-]{36})/nodes/$',
url(r'^admin-user/(?P<pk>[0-9a-zA-Z\-]{36})/nodes/$',
api.ReplaceNodesAdminUserApi.as_view(), name='replace-nodes-admin-user'),
url(r'^v1/admin-user/(?P<pk>[0-9a-zA-Z\-]{36})/auth/$',
url(r'^admin-user/(?P<pk>[0-9a-zA-Z\-]{36})/auth/$',
api.AdminUserAuthApi.as_view(), name='admin-user-auth'),
url(r'^v1/admin-user/(?P<pk>[0-9a-zA-Z\-]{36})/connective/$',
url(r'^admin-user/(?P<pk>[0-9a-zA-Z\-]{36})/connective/$',
api.AdminUserTestConnectiveApi.as_view(), name='admin-user-connective'),
url(r'^v1/system-user/(?P<pk>[0-9a-zA-Z\-]{36})/push/$',
url(r'^system-user/(?P<pk>[0-9a-zA-Z\-]{36})/push/$',
api.SystemUserPushApi.as_view(), name='system-user-push'),
url(r'^v1/system-user/(?P<pk>[0-9a-zA-Z\-]{36})/connective/$',
url(r'^system-user/(?P<pk>[0-9a-zA-Z\-]{36})/connective/$',
api.SystemUserTestConnectiveApi.as_view(), name='system-user-connective'),
url(r'^v1/nodes/(?P<pk>[0-9a-zA-Z\-]{36})/children/$',
url(r'^nodes/(?P<pk>[0-9a-zA-Z\-]{36})/children/$',
api.NodeChildrenApi.as_view(), name='node-children'),
url(r'^v1/nodes/children/$', api.NodeChildrenApi.as_view(), name='node-children-2'),
url(r'^v1/nodes/(?P<pk>[0-9a-zA-Z\-]{36})/children/add/$',
url(r'^nodes/children/$', api.NodeChildrenApi.as_view(), name='node-children-2'),
url(r'^nodes/(?P<pk>[0-9a-zA-Z\-]{36})/children/add/$',
api.NodeAddChildrenApi.as_view(), name='node-add-children'),
url(r'^v1/nodes/(?P<pk>[0-9a-zA-Z\-]{36})/assets/$',
url(r'^nodes/(?P<pk>[0-9a-zA-Z\-]{36})/assets/$',
api.NodeAssetsApi.as_view(), name='node-assets'),
url(r'^v1/nodes/(?P<pk>[0-9a-zA-Z\-]{36})/assets/add/$',
url(r'^nodes/(?P<pk>[0-9a-zA-Z\-]{36})/assets/add/$',
api.NodeAddAssetsApi.as_view(), name='node-add-assets'),
url(r'^v1/nodes/(?P<pk>[0-9a-zA-Z\-]{36})/assets/replace/$',
url(r'^nodes/(?P<pk>[0-9a-zA-Z\-]{36})/assets/replace/$',
api.NodeReplaceAssetsApi.as_view(), name='node-replace-assets'),
url(r'^v1/nodes/(?P<pk>[0-9a-zA-Z\-]{36})/assets/remove/$',
url(r'^nodes/(?P<pk>[0-9a-zA-Z\-]{36})/assets/remove/$',
api.NodeRemoveAssetsApi.as_view(), name='node-remove-assets'),
url(r'^v1/nodes/(?P<pk>[0-9a-zA-Z\-]{36})/refresh-hardware-info/$',
url(r'^nodes/(?P<pk>[0-9a-zA-Z\-]{36})/refresh-hardware-info/$',
api.RefreshNodeHardwareInfoApi.as_view(), name='node-refresh-hardware-info'),
url(r'^v1/nodes/(?P<pk>[0-9a-zA-Z\-]{36})/test-connective/$',
url(r'^nodes/(?P<pk>[0-9a-zA-Z\-]{36})/test-connective/$',
api.TestNodeConnectiveApi.as_view(), name='node-test-connective'),
url(r'^v1/gateway/(?P<pk>[0-9a-zA-Z\-]{36})/test-connective/$',
url(r'^gateway/(?P<pk>[0-9a-zA-Z\-]{36})/test-connective/$',
api.GatewayTestConnectionApi.as_view(), name='test-gateway-connective'),
]

2
apps/assets/views/admin_user.py
View File

@ -90,7 +90,7 @@ class AdminUserAssetsView(AdminUserRequiredMixin, SingleObjectMixin, ListView):
object = None
def get(self, request, *args, **kwargs):
self.object = self.get_object(queryset=AdminUser.objects.all())
self.object = self.get_object(queryset = AdminUser.objects)
return super().get(request, *args, **kwargs)
def get_queryset(self):

2
apps/audits/api.py
View File

@ -9,6 +9,6 @@ from .serializers import FTPLogSerializer
class FTPLogViewSet(viewsets.ModelViewSet):
queryset = FTPLog.objects.all()
queryset = FTPLog.objects
serializer_class = FTPLogSerializer
permission_classes = (IsSuperUserOrAppUser,)

4
apps/audits/urls/api_urls.py
View File

@ -9,10 +9,10 @@ from .. import api
app_name = "audits"
router = DefaultRouter()
router.register(r'v1/ftp-log', api.FTPLogViewSet, 'ftp-log')
router.register(r'ftp-log', api.FTPLogViewSet, 'ftp-log')
urlpatterns = [
# url(r'^v1/celery/task/(?P<pk>[0-9a-zA-Z\-]{36})/log/$', api.CeleryTaskLogApi.as_view(), name='celery-task-log'),
# url(r'^celery/task/(?P<pk>[0-9a-zA-Z\-]{36})/log/$', api.CeleryTaskLogApi.as_view(), name='celery-task-log'),
]
urlpatterns += router.urls

6
apps/common/urls/api_urls.py
View File

@ -7,7 +7,7 @@ from .. import api
app_name = 'common'
urlpatterns = [
url(r'^v1/mail/testing/$', api.MailTestingAPI.as_view(), name='mail-testing'),
url(r'^v1/ldap/testing/$', api.LDAPTestingAPI.as_view(), name='ldap-testing'),
url(r'^v1/django-settings/$', api.DjangoSettingsAPI.as_view(), name='django-settings'),
url(r'^mail/testing/$', api.MailTestingAPI.as_view(), name='mail-testing'),
url(r'^ldap/testing/$', api.LDAPTestingAPI.as_view(), name='ldap-testing'),
url(r'^django-settings/$', api.DjangoSettingsAPI.as_view(), name='django-settings'),
]

10
apps/ops/api.py
View File

@ -16,13 +16,13 @@ from .tasks import run_ansible_task
class TaskViewSet(viewsets.ModelViewSet):
queryset = Task.objects.all()
queryset = Task.objects
serializer_class = TaskSerializer
permission_classes = (IsSuperUser,)
class TaskRun(generics.RetrieveAPIView):
queryset = Task.objects.all()
queryset = Task.objects
serializer_class = TaskViewSet
permission_classes = (IsSuperUser,)
@ -33,7 +33,7 @@ class TaskRun(generics.RetrieveAPIView):
class AdHocViewSet(viewsets.ModelViewSet):
queryset = AdHoc.objects.all()
queryset = AdHoc.objects
serializer_class = AdHocSerializer
permission_classes = (IsSuperUser,)
@ -46,7 +46,7 @@ class AdHocViewSet(viewsets.ModelViewSet):
class AdHocRunHistorySet(viewsets.ModelViewSet):
queryset = AdHocRunHistory.objects.all()
queryset = AdHocRunHistory.objects
serializer_class = AdHocRunHistorySerializer
permission_classes = (IsSuperUser,)
@ -68,7 +68,7 @@ class CeleryTaskLogApi(generics.RetrieveAPIView):
permission_classes = (IsSuperUser,)
buff_size = 1024 * 10
end = False
queryset = CeleryTask.objects.all()
queryset = CeleryTask.objects
def get(self, request, *args, **kwargs):
mark = request.query_params.get("mark") or str(uuid.uuid4())

10
apps/ops/urls/api_urls.py
View File

@ -9,13 +9,13 @@ from .. import api
app_name = "ops"
router = DefaultRouter()
router.register(r'v1/tasks', api.TaskViewSet, 'task')
router.register(r'v1/adhoc', api.AdHocViewSet, 'adhoc')
router.register(r'v1/history', api.AdHocRunHistorySet, 'history')
router.register(r'tasks', api.TaskViewSet, 'task')
router.register(r'adhoc', api.AdHocViewSet, 'adhoc')
router.register(r'history', api.AdHocRunHistorySet, 'history')
urlpatterns = [
url(r'^v1/tasks/(?P<pk>[0-9a-zA-Z\-]{36})/run/$', api.TaskRun.as_view(), name='task-run'),
url(r'^v1/celery/task/(?P<pk>[0-9a-zA-Z\-]{36})/log/$', api.CeleryTaskLogApi.as_view(), name='celery-task-log'),
url(r'^tasks/(?P<pk>[0-9a-zA-Z\-]{36})/run/$', api.TaskRun.as_view(), name='task-run'),
url(r'^celery/task/(?P<pk>[0-9a-zA-Z\-]{36})/log/$', api.CeleryTaskLogApi.as_view(), name='celery-task-log'),
]
urlpatterns += router.urls

41
apps/orgs/mixins.py
View File

@ -15,62 +15,35 @@ __all__ = ['OrgManager', 'OrgViewGenericMixin', 'OrgModelMixin']
class OrgManager(models.Manager):
def get_queryset(self):
print("GET CURR")
current_org = get_current_org()
user_model = get_user_model()
kwargs = {}
print("Get queryset ")
print(self.model)
print(current_org)
if not current_org:
return super().get_queryset().filter(**kwargs)
kwargs['id'] = None
elif issubclass(self.model, user_model):
kwargs['orgs'] = current_org
elif current_org.is_real():
kwargs['org'] = current_org
elif current_org.is_default():
kwargs['org'] = None
queryset = super().get_queryset().filter(**kwargs)
print(kwargs)
return super().get_queryset().filter(**kwargs)
print(queryset)
return queryset
class OrgModelMixin(models.Model):
org = models.ForeignKey('orgs.Organization', on_delete=models.PROTECT, null=True)
objects = OrgManager()
def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs)
def _do_update(self, base_qs, using, pk_val, values, update_fields, forced_update):
def save(self, *args, **kwargs):
current_org = get_current_org()
if current_org and current_org.is_real():
kwargs = {'org': current_org}
base_qs = base_qs.filter(**kwargs)
else:
logger.warn(
'Attempting to update %s instance "%s" without a current tenant '
'set. This may cause issues in a partitioned environment. '
'Recommend calling set_current_org() before performing this '
'operation.', self._meta.model.__name__, self
)
return super()._do_update(base_qs, using, pk_val, values, update_fields, forced_update)
def save(self, force_insert=False, force_update=False, using=None,
update_fields=None):
user_model = get_user_model()
current_org = get_current_org()
if current_org and not current_org.is_real():
self.org = current_org
instance = super().save(
force_insert=force_insert, force_update=force_update,
using=using, update_fields=update_fields
)
if isinstance(instance, user_model):
instance.orgs.add(current_org)
return instance
return super(OrgModelMixin, self).save(*args, **kwargs)
class Meta:
abstract = True

10
apps/perms/api.py
View File

@ -19,7 +19,7 @@ class AssetPermissionViewSet(viewsets.ModelViewSet):
"""
资产授权列表的增删改查api
"""
queryset = AssetPermission.objects.all()
queryset = AssetPermission.objects
serializer_class = serializers.AssetPermissionCreateUpdateSerializer
permission_classes = (IsSuperUser,)
@ -268,7 +268,7 @@ class AssetPermissionRemoveUserApi(RetrieveUpdateAPIView):
"""
permission_classes = (IsSuperUser,)
serializer_class = serializers.AssetPermissionUpdateUserSerializer
queryset = AssetPermission.objects.all()
queryset = AssetPermission.objects
def update(self, request, *args, **kwargs):
perm = self.get_object()
@ -285,7 +285,7 @@ class AssetPermissionRemoveUserApi(RetrieveUpdateAPIView):
class AssetPermissionAddUserApi(RetrieveUpdateAPIView):
permission_classes = (IsSuperUser,)
serializer_class = serializers.AssetPermissionUpdateUserSerializer
queryset = AssetPermission.objects.all()
queryset = AssetPermission.objects
def update(self, request, *args, **kwargs):
perm = self.get_object()
@ -305,7 +305,7 @@ class AssetPermissionRemoveAssetApi(RetrieveUpdateAPIView):
"""
permission_classes = (IsSuperUser,)
serializer_class = serializers.AssetPermissionUpdateAssetSerializer
queryset = AssetPermission.objects.all()
queryset = AssetPermission.objects
def update(self, request, *args, **kwargs):
perm = self.get_object()
@ -322,7 +322,7 @@ class AssetPermissionRemoveAssetApi(RetrieveUpdateAPIView):
class AssetPermissionAddAssetApi(RetrieveUpdateAPIView):
permission_classes = (IsSuperUser,)
serializer_class = serializers.AssetPermissionUpdateAssetSerializer
queryset = AssetPermission.objects.all()
queryset = AssetPermission.objects
def update(self, request, *args, **kwargs):
perm = self.get_object()

36
apps/perms/urls/api_urls.py
View File

@ -7,57 +7,57 @@ from .. import api
app_name = 'perms'
router = routers.DefaultRouter()
router.register('v1/asset-permissions', api.AssetPermissionViewSet, 'asset-permission')
router.register('asset-permissions', api.AssetPermissionViewSet, 'asset-permission')
urlpatterns = [
# 查询某个用户授权的资产和资产组
url(r'^v1/user/(?P<pk>[0-9a-zA-Z\-]{36})/assets/$',
url(r'^user/(?P<pk>[0-9a-zA-Z\-]{36})/assets/$',
api.UserGrantedAssetsApi.as_view(), name='user-assets'),
url(r'^v1/user/assets/$', api.UserGrantedAssetsApi.as_view(),
url(r'^user/assets/$', api.UserGrantedAssetsApi.as_view(),
name='my-assets'),
url(r'^v1/user/(?P<pk>[0-9a-zA-Z\-]{36})/nodes/$',
url(r'^user/(?P<pk>[0-9a-zA-Z\-]{36})/nodes/$',
api.UserGrantedNodesApi.as_view(), name='user-nodes'),
url(r'^v1/user/nodes/$', api.UserGrantedNodesApi.as_view(),
url(r'^user/nodes/$', api.UserGrantedNodesApi.as_view(),
name='my-nodes'),
url(
r'^v1/user/(?P<pk>[0-9a-zA-Z\-]{36})/nodes/(?P<node_id>[0-9a-zA-Z\-]{36})/assets/$',
r'^user/(?P<pk>[0-9a-zA-Z\-]{36})/nodes/(?P<node_id>[0-9a-zA-Z\-]{36})/assets/$',
api.UserGrantedNodeAssetsApi.as_view(), name='user-node-assets'),
url(r'^v1/user/nodes/(?P<node_id>[0-9a-zA-Z\-]{36})/assets/$',
url(r'^user/nodes/(?P<node_id>[0-9a-zA-Z\-]{36})/assets/$',
api.UserGrantedNodeAssetsApi.as_view(), name='my-node-assets'),
url(r'^v1/user/(?P<pk>[0-9a-zA-Z\-]{36})/nodes-assets/$',
url(r'^user/(?P<pk>[0-9a-zA-Z\-]{36})/nodes-assets/$',
api.UserGrantedNodesWithAssetsApi.as_view(), name='user-nodes-assets'),
url(r'^v1/user/nodes-assets/$', api.UserGrantedNodesWithAssetsApi.as_view(),
url(r'^user/nodes-assets/$', api.UserGrantedNodesWithAssetsApi.as_view(),
name='my-nodes-assets'),
# 查询某个用户组授权的资产和资产组
url(r'^v1/user-group/(?P<pk>[0-9a-zA-Z\-]{36})/assets/$',
url(r'^user-group/(?P<pk>[0-9a-zA-Z\-]{36})/assets/$',
api.UserGroupGrantedAssetsApi.as_view(), name='user-group-assets'),
url(r'^v1/user-group/(?P<pk>[0-9a-zA-Z\-]{36})/nodes/$',
url(r'^user-group/(?P<pk>[0-9a-zA-Z\-]{36})/nodes/$',
api.UserGroupGrantedNodesApi.as_view(), name='user-group-nodes'),
url(r'^v1/user-group/(?P<pk>[0-9a-zA-Z\-]{36})/nodes-assets/$',
url(r'^user-group/(?P<pk>[0-9a-zA-Z\-]{36})/nodes-assets/$',
api.UserGroupGrantedNodesWithAssetsApi.as_view(),
name='user-group-nodes-assets'),
url(
r'^v1/user-group/(?P<pk>[0-9a-zA-Z\-]{36})/nodes/(?P<node_id>[0-9a-zA-Z\-]{36})/assets/$',
r'^user-group/(?P<pk>[0-9a-zA-Z\-]{36})/nodes/(?P<node_id>[0-9a-zA-Z\-]{36})/assets/$',
api.UserGroupGrantedNodeAssetsApi.as_view(),
name='user-group-node-assets'),
# 用户和资产授权变更
url(r'^v1/asset-permissions/(?P<pk>[0-9a-zA-Z\-]{36})/user/remove/$',
url(r'^asset-permissions/(?P<pk>[0-9a-zA-Z\-]{36})/user/remove/$',
api.AssetPermissionRemoveUserApi.as_view(),
name='asset-permission-remove-user'),
url(r'^v1/asset-permissions/(?P<pk>[0-9a-zA-Z\-]{36})/user/add/$',
url(r'^asset-permissions/(?P<pk>[0-9a-zA-Z\-]{36})/user/add/$',
api.AssetPermissionAddUserApi.as_view(),
name='asset-permission-add-user'),
url(r'^v1/asset-permissions/(?P<pk>[0-9a-zA-Z\-]{36})/asset/remove/$',
url(r'^asset-permissions/(?P<pk>[0-9a-zA-Z\-]{36})/asset/remove/$',
api.AssetPermissionRemoveAssetApi.as_view(),
name='asset-permission-remove-asset'),
url(r'^v1/asset-permissions/(?P<pk>[0-9a-zA-Z\-]{36})/asset/add/$',
url(r'^asset-permissions/(?P<pk>[0-9a-zA-Z\-]{36})/asset/add/$',
api.AssetPermissionAddAssetApi.as_view(),
name='asset-permission-add-asset'),
# 验证用户是否有某个资产和系统用户的权限
url(r'v1/asset-permission/user/validate/$', api.ValidateUserAssetPermissionView.as_view(), name='validate-user-asset-permission'),
url(r'asset-permission/user/validate/$', api.ValidateUserAssetPermissionView.as_view(), name='validate-user-asset-permission'),
]
urlpatterns += router.urls

4
apps/perms/views.py
View File

@ -108,7 +108,7 @@ class AssetPermissionUserView(AdminUserRequiredMixin,
object = None
def get(self, request, *args, **kwargs):
self.object = self.get_object(queryset=AssetPermission.objects.all())
self.object = self.get_object(queryset = AssetPermission.objects)
return super().get(request, *args, **kwargs)
def get_queryset(self):
@ -138,7 +138,7 @@ class AssetPermissionAssetView(AdminUserRequiredMixin,
object = None
def get(self, request, *args, **kwargs):
self.object = self.get_object(queryset=AssetPermission.objects.all())
self.object = self.get_object(queryset = AssetPermission.objects)
return super().get(request, *args, **kwargs)
def get_queryset(self):

6
apps/terminal/api.py
View File

@ -102,7 +102,7 @@ class TerminalTokenApi(APIView):
class StatusViewSet(viewsets.ModelViewSet):
queryset = Status.objects.all()
queryset = Status.objects
serializer_class = StatusSerializer
permission_classes = (IsSuperUserOrAppUser,)
session_serializer_class = SessionSerializer
@ -174,7 +174,7 @@ class StatusViewSet(viewsets.ModelViewSet):
class SessionViewSet(viewsets.ModelViewSet):
queryset = Session.objects.all()
queryset = Session.objects
serializer_class = SessionSerializer
permission_classes = (IsSuperUserOrAppUser,)
@ -192,7 +192,7 @@ class SessionViewSet(viewsets.ModelViewSet):
class TaskViewSet(BulkModelViewSet):
queryset = Task.objects.all()
queryset = Task.objects
serializer_class = TaskSerializer
permission_classes = (IsSuperUserOrAppUser,)

22
apps/terminal/urls/api_urls.py
View File

@ -10,22 +10,22 @@ from .. import api
app_name = 'terminal'
router = routers.DefaultRouter()
router.register(r'v1/terminal/(?P<terminal>[a-zA-Z0-9\-]{36})?/?status', api.StatusViewSet, 'terminal-status')
router.register(r'v1/terminal/(?P<terminal>[a-zA-Z0-9\-]{36})?/?sessions', api.SessionViewSet, 'terminal-sessions')
router.register(r'v1/tasks', api.TaskViewSet, 'tasks')
router.register(r'v1/terminal', api.TerminalViewSet, 'terminal')
router.register(r'v1/command', api.CommandViewSet, 'command')
router.register(r'v1/sessions', api.SessionViewSet, 'session')
router.register(r'v1/status', api.StatusViewSet, 'session')
router.register(r'terminal/(?P<terminal>[a-zA-Z0-9\-]{36})?/?status', api.StatusViewSet, 'terminal-status')
router.register(r'terminal/(?P<terminal>[a-zA-Z0-9\-]{36})?/?sessions', api.SessionViewSet, 'terminal-sessions')
router.register(r'tasks', api.TaskViewSet, 'tasks')
router.register(r'terminal', api.TerminalViewSet, 'terminal')
router.register(r'command', api.CommandViewSet, 'command')
router.register(r'sessions', api.SessionViewSet, 'session')
router.register(r'status', api.StatusViewSet, 'session')
urlpatterns = [
url(r'^v1/sessions/(?P<pk>[0-9a-zA-Z\-]{36})/replay/$',
url(r'^sessions/(?P<pk>[0-9a-zA-Z\-]{36})/replay/$',
api.SessionReplayViewSet.as_view({'get': 'retrieve', 'post': 'create'}),
name='session-replay'),
url(r'^v1/tasks/kill-session/', api.KillSessionAPI.as_view(), name='kill-session'),
url(r'^v1/terminal/(?P<terminal>[a-zA-Z0-9\-]{36})/access-key', api.TerminalTokenApi.as_view(),
url(r'^tasks/kill-session/', api.KillSessionAPI.as_view(), name='kill-session'),
url(r'^terminal/(?P<terminal>[a-zA-Z0-9\-]{36})/access-key', api.TerminalTokenApi.as_view(),
name='terminal-access-key'),
url(r'^v1/terminal/config', api.TerminalConfig.as_view(), name='terminal-config'),
url(r'^terminal/config', api.TerminalConfig.as_view(), name='terminal-config'),
# v2: get session's replay
url(r'^v2/sessions/(?P<pk>[0-9a-zA-Z\-]{36})/replay/$',
api.SessionReplayV2ViewSet.as_view({'get': 'retrieve'}),

18
apps/users/api.py
View File

@ -9,6 +9,7 @@ from rest_framework import generics
from rest_framework.permissions import AllowAny, IsAuthenticated
from rest_framework.response import Response
from rest_framework.views import APIView
from rest_framework import viewsets
from rest_framework_bulk import BulkModelViewSet
from .serializers import UserSerializer, UserGroupSerializer, \
@ -21,6 +22,7 @@ from .permissions import IsSuperUser, IsValidUser, IsCurrentUserOrReadOnly, \
from .utils import check_user_valid, generate_token, get_login_ip, \
check_otp_code, set_user_login_failed_count_to_cache, is_block_login
from orgs.utils import get_current_org
from orgs.mixins import OrgViewGenericMixin
from common.mixins import IDInFilterMixin
from common.utils import get_logger
@ -51,7 +53,7 @@ class UserViewSet(IDInFilterMixin, BulkModelViewSet):
class ChangeUserPasswordApi(generics.RetrieveUpdateAPIView):
permission_classes = (IsSuperUser,)
queryset = User.objects.all()
queryset = User.objects
serializer_class = ChangeUserPasswordSerializer
def perform_update(self, serializer):
@ -61,13 +63,13 @@ class ChangeUserPasswordApi(generics.RetrieveUpdateAPIView):
class UserUpdateGroupApi(generics.RetrieveUpdateAPIView):
queryset = User.objects.all()
queryset = User.objects
serializer_class = UserUpdateGroupSerializer
permission_classes = (IsSuperUser,)
class UserResetPasswordApi(generics.UpdateAPIView):
queryset = User.objects.all()
queryset = User.objects
serializer_class = UserSerializer
permission_classes = (IsAuthenticated,)
@ -82,7 +84,7 @@ class UserResetPasswordApi(generics.UpdateAPIView):
class UserResetPKApi(generics.UpdateAPIView):
queryset = User.objects.all()
queryset = User.objects
serializer_class = UserSerializer
permission_classes = (IsAuthenticated,)
@ -95,7 +97,7 @@ class UserResetPKApi(generics.UpdateAPIView):
class UserUpdatePKApi(generics.UpdateAPIView):
queryset = User.objects.all()
queryset = User.objects
serializer_class = UserPKUpdateSerializer
permission_classes = (IsCurrentUserOrReadOnly,)
@ -105,14 +107,14 @@ class UserUpdatePKApi(generics.UpdateAPIView):
user.save()
class UserGroupViewSet(IDInFilterMixin, BulkModelViewSet):
queryset = UserGroup.objects.all()
class UserGroupViewSet(IDInFilterMixin, OrgViewGenericMixin, BulkModelViewSet):
queryset = UserGroup.objects
serializer_class = UserGroupSerializer
permission_classes = (IsSuperUser,)
class UserGroupUpdateUserApi(generics.RetrieveUpdateAPIView):
queryset = UserGroup.objects.all()
queryset = UserGroup.objects
serializer_class = UserGroupUpdateMemeberSerializer
permission_classes = (IsSuperUser,)

17
apps/users/forms.py
View File

@ -54,6 +54,15 @@ class UserCreateUpdateForm(forms.ModelForm):
widget=forms.Textarea(attrs={'placeholder': _('ssh-rsa AAAA...')}),
help_text=_('Paste user id_rsa.pub here.')
)
# groups = forms.ModelMultipleChoiceField(
# queryset=UserGroup.objects, required=False, label=_("Groups"),
# widget=forms.SelectMultiple(
# attrs={
# 'class': 'select2',
# 'data-placeholder': _('Join user groups')
# }
# )
# )
class Meta:
model = User
@ -67,12 +76,6 @@ class UserCreateUpdateForm(forms.ModelForm):
'email': '* required',
}
widgets = {
'groups': forms.SelectMultiple(
attrs={
'class': 'select2',
'data-placeholder': _('Join user groups')
}
),
'otp_level': forms.RadioSelect(),
}
@ -237,7 +240,7 @@ class UserBulkUpdateForm(forms.ModelForm):
required=True,
help_text='* required',
label=_('Select users'),
queryset=User.objects.all(),
queryset = User.objects,
widget=forms.SelectMultiple(
attrs={
'class': 'select2',

4
apps/users/models/group.py
View File

@ -4,10 +4,12 @@ import uuid
from django.db import models, IntegrityError
from django.utils.translation import ugettext_lazy as _
from orgs.mixins import OrgModelMixin
__all__ = ['UserGroup']
class UserGroup(models.Model):
class UserGroup(OrgModelMixin):
id = models.UUIDField(default=uuid.uuid4, primary_key=True)
name = models.CharField(max_length=128, unique=True, verbose_name=_('Name'))
comment = models.TextField(blank=True, verbose_name=_('Comment'))

5
apps/users/models/user.py
View File

@ -220,11 +220,10 @@ class User(AbstractUser):
if self.username == 'admin':
self.role = 'Admin'
self.is_active = True
instance = super().save(*args, **kwargs)
super().save(*args, **kwargs)
current_org = get_current_org()
if current_org and current_org.is_real():
instance.orgs.add(current_org)
return instance
self.orgs.add(current_org)
@property
def private_token(self):

6
apps/users/serializers.py
View File

@ -14,7 +14,7 @@ signer = get_signer()
class UserSerializer(BulkSerializerMixin, serializers.ModelSerializer):
groups_display = serializers.SerializerMethodField()
groups = serializers.PrimaryKeyRelatedField(many=True, queryset=UserGroup.objects.all(), required=False)
groups = serializers.PrimaryKeyRelatedField(many=True, queryset = UserGroup.objects, required=False)
class Meta:
model = User
@ -50,7 +50,7 @@ class UserPKUpdateSerializer(serializers.ModelSerializer):
class UserUpdateGroupSerializer(serializers.ModelSerializer):
groups = serializers.PrimaryKeyRelatedField(many=True, queryset=UserGroup.objects.all())
groups = serializers.PrimaryKeyRelatedField(many=True, queryset = UserGroup.objects)
class Meta:
model = User
@ -71,7 +71,7 @@ class UserGroupSerializer(BulkSerializerMixin, serializers.ModelSerializer):
class UserGroupUpdateMemeberSerializer(serializers.ModelSerializer):
users = serializers.PrimaryKeyRelatedField(many=True, queryset=User.objects.all())
users = serializers.PrimaryKeyRelatedField(many=True, queryset = User.objects)
class Meta:
model = UserGroup

26
apps/users/urls/api_urls.py
View File

@ -10,28 +10,28 @@ from .. import api
app_name = 'users'
router = BulkRouter()
router.register(r'v1/users', api.UserViewSet, 'user')
router.register(r'v1/groups', api.UserGroupViewSet, 'user-group')
router.register(r'users', api.UserViewSet, 'user')
router.register(r'groups', api.UserGroupViewSet, 'user-group')
urlpatterns = [
# url(r'', api.UserListView.as_view()),
url(r'^v1/token/$', api.UserToken.as_view(), name='user-token'),
url(r'^v1/connection-token/$', api.UserConnectionTokenApi.as_view(), name='connection-token'),
url(r'^v1/profile/$', api.UserProfile.as_view(), name='user-profile'),
url(r'^v1/auth/$', api.UserAuthApi.as_view(), name='user-auth'),
url(r'^v1/otp/auth/$', api.UserOtpAuthApi.as_view(), name='user-otp-auth'),
url(r'^v1/users/(?P<pk>[0-9a-zA-Z\-]{36})/password/$',
url(r'^token/$', api.UserToken.as_view(), name='user-token'),
url(r'^connection-token/$', api.UserConnectionTokenApi.as_view(), name='connection-token'),
url(r'^profile/$', api.UserProfile.as_view(), name='user-profile'),
url(r'^auth/$', api.UserAuthApi.as_view(), name='user-auth'),
url(r'^otp/auth/$', api.UserOtpAuthApi.as_view(), name='user-otp-auth'),
url(r'^users/(?P<pk>[0-9a-zA-Z\-]{36})/password/$',
api.ChangeUserPasswordApi.as_view(), name='change-user-password'),
url(r'^v1/users/(?P<pk>[0-9a-zA-Z\-]{36})/password/reset/$',
url(r'^users/(?P<pk>[0-9a-zA-Z\-]{36})/password/reset/$',
api.UserResetPasswordApi.as_view(), name='user-reset-password'),
url(r'^v1/users/(?P<pk>[0-9a-zA-Z\-]{36})/pubkey/reset/$',
url(r'^users/(?P<pk>[0-9a-zA-Z\-]{36})/pubkey/reset/$',
api.UserResetPKApi.as_view(), name='user-public-key-reset'),
url(r'^v1/users/(?P<pk>[0-9a-zA-Z\-]{36})/pubkey/update/$',
url(r'^users/(?P<pk>[0-9a-zA-Z\-]{36})/pubkey/update/$',
api.UserUpdatePKApi.as_view(), name='user-public-key-update'),
url(r'^v1/users/(?P<pk>[0-9a-zA-Z\-]{36})/groups/$',
url(r'^users/(?P<pk>[0-9a-zA-Z\-]{36})/groups/$',
api.UserUpdateGroupApi.as_view(), name='user-update-group'),
url(r'^v1/groups/(?P<pk>[0-9a-zA-Z\-]{36})/users/$',
url(r'^groups/(?P<pk>[0-9a-zA-Z\-]{36})/users/$',
api.UserGroupUpdateUserApi.as_view(), name='user-group-update-user'),
]

13
apps/users/views/group.py
View File

@ -11,6 +11,7 @@ from django.contrib.messages.views import SuccessMessageMixin
from common.utils import get_logger
from common.const import create_success_msg, update_success_msg
from orgs.mixins import OrgViewGenericMixin
from ..models import User, UserGroup
from ..utils import AdminUserRequiredMixin
from .. import forms
@ -20,7 +21,7 @@ __all__ = ['UserGroupListView', 'UserGroupCreateView', 'UserGroupDetailView',
logger = get_logger(__name__)
class UserGroupListView(AdminUserRequiredMixin, TemplateView):
class UserGroupListView(AdminUserRequiredMixin, OrgViewGenericMixin, TemplateView):
template_name = 'users/user_group_list.html'
def get_context_data(self, **kwargs):
@ -32,7 +33,8 @@ class UserGroupListView(AdminUserRequiredMixin, TemplateView):
return super().get_context_data(**kwargs)
class UserGroupCreateView(AdminUserRequiredMixin, SuccessMessageMixin, CreateView):
class UserGroupCreateView(AdminUserRequiredMixin, OrgViewGenericMixin,
SuccessMessageMixin, CreateView):
model = UserGroup
form_class = forms.UserGroupForm
template_name = 'users/user_group_create_update.html'
@ -48,7 +50,8 @@ class UserGroupCreateView(AdminUserRequiredMixin, SuccessMessageMixin, CreateVie
return super().get_context_data(**kwargs)
class UserGroupUpdateView(AdminUserRequiredMixin, SuccessMessageMixin, UpdateView):
class UserGroupUpdateView(AdminUserRequiredMixin, SuccessMessageMixin,
OrgViewGenericMixin, UpdateView):
model = UserGroup
form_class = forms.UserGroupForm
template_name = 'users/user_group_create_update.html'
@ -68,7 +71,7 @@ class UserGroupUpdateView(AdminUserRequiredMixin, SuccessMessageMixin, UpdateVie
return super().get_context_data(**kwargs)
class UserGroupDetailView(AdminUserRequiredMixin, DetailView):
class UserGroupDetailView(AdminUserRequiredMixin, OrgViewGenericMixin, DetailView):
model = UserGroup
context_object_name = 'user_group'
template_name = 'users/user_group_detail.html'
@ -84,7 +87,7 @@ class UserGroupDetailView(AdminUserRequiredMixin, DetailView):
return super().get_context_data(**kwargs)
class UserGroupGrantedAssetView(AdminUserRequiredMixin, DetailView):
class UserGroupGrantedAssetView(AdminUserRequiredMixin, OrgViewGenericMixin, DetailView):
model = UserGroup
template_name = 'users/user_group_granted_asset.html'
context_object_name = 'user_group'