Merge pull request #5794 from jumpserver/dev

v2.8 发版 (rc6)
2021-03-18 17:39:02 +08:00 · 2021-03-18 17:39:02 +08:00 · 2b3bb65114
parent 776234e8cc b597cfcd19
commit 2b3bb65114
7 changed files with 24 additions and 20 deletions
--- a/apps/assets/api/system_user_relation.py
+++ b/apps/assets/api/system_user_relation.py
@ -19,9 +19,10 @@ __all__ = [
 class RelationMixin:
    def get_queryset(self):
        queryset = self.model.objects.all()
-        org_id = current_org.org_id()
+        if not current_org.is_root():
-        if org_id is not None:
+            org_id = current_org.org_id()
            queryset = queryset.filter(systemuser__org_id=org_id)
        queryset = queryset.annotate(systemuser_display=Concat(
            F('systemuser__name'), Value('('), F('systemuser__username'),
            Value(')')
--- a/apps/assets/backends/db.py
+++ b/apps/assets/backends/db.py
@ -165,7 +165,7 @@ class SystemUserBackend(DBBackend):
        kwargs = self.get_annotate()
        filters = self.get_filter()
        qs = self.model.objects.all().annotate(**kwargs)
-        if current_org.org_id() is not None:
+        if not current_org.is_root():
            filters['org_id'] = current_org.org_id()
        qs = qs.filter(**filters)
        qs = self.qs_to_values(qs)
--- a/apps/audits/api.py
+++ b/apps/audits/api.py
@ -100,6 +100,8 @@ class CommandExecutionViewSet(ListModelMixin, OrgGenericViewSet):
    def get_queryset(self):
        queryset = super().get_queryset()
        if current_org.is_root():
            return queryset
        queryset = queryset.filter(run_as__org_id=current_org.org_id())
        return queryset
--- a/apps/orgs/mixins/api.py
+++ b/apps/orgs/mixins/api.py
@ -43,17 +43,7 @@ class OrgQuerySetMixin:
 class OrgViewSetMixin(OrgQuerySetMixin):
-    root_org_readonly_msg = _("Root organization only allow view and delete")
+    pass
    def update(self, request, *args, **kwargs):
        if current_org.is_root():
            raise MethodNotAllowed('put', self.root_org_readonly_msg)
        return super().update(request, *args, **kwargs)
    def create(self, request, *args, **kwargs):
        if current_org.is_root():
            raise MethodNotAllowed('post', self.root_org_readonly_msg)
        return super().update(request, *args, **kwargs)
 class OrgModelViewSet(CommonApiMixin, OrgViewSetMixin, ModelViewSet):
@ -80,7 +70,7 @@ class OrgBulkModelViewSet(CommonApiMixin, OrgViewSetMixin, BulkModelViewSet):
 class OrgRelationMixin(RelationMixin):
    def get_queryset(self):
        queryset = super().get_queryset()
-        org_id = current_org.org_id()
+        if not current_org.is_root():
-        if org_id is not None:
+            org_id = current_org.org_id()
            queryset = queryset.filter(**{f'{self.from_field}__org_id': org_id})
        return queryset
--- a/apps/perms/signals_handler/refresh_perms.py
+++ b/apps/perms/signals_handler/refresh_perms.py
@ -3,7 +3,7 @@
 from django.db.models.signals import m2m_changed, pre_delete, pre_save, post_save
 from django.dispatch import receiver
-from users.models import User
+from users.models import User, UserGroup
 from assets.models import Asset
 from orgs.utils import current_org, tmp_to_org
 from common.utils import get_logger
@ -23,16 +23,20 @@ def on_user_groups_change(sender, instance, action, reverse, pk_set, **kwargs):
    if reverse:
        group_ids = [instance.id]
        user_ids = pk_set
        org_id = instance.org_id
    else:
        group_ids = pk_set
        user_ids = [instance.id]
        group = UserGroup.objects.get(id=group_ids[0])
        org_id = group.org_id
    exists = AssetPermission.user_groups.through.objects.filter(usergroup_id__in=group_ids).exists()
    if not exists:
        return
-    with tmp_to_org(instance.org):
+
-        org_ids = [current_org.id]
+    org_ids = [org_id]
-        UserGrantedTreeRefreshController.add_need_refresh_orgs_for_users(org_ids, user_ids)
+    UserGrantedTreeRefreshController.add_need_refresh_orgs_for_users(org_ids, user_ids)
@receiver([pre_delete], sender=AssetPermission)
--- a/apps/static/img/login_image.png
+++ b/apps/static/img/login_image.png
--- a/apps/terminal/backends/init.py
+++ b/apps/terminal/backends/init.py
@ -2,9 +2,12 @@ from importlib import import_module
 from django.conf import settings
 from django.utils.functional import LazyObject
 from common.utils import get_logger
 from .command.serializers import SessionCommandSerializer
 logger = get_logger(__file__)
 TYPE_ENGINE_MAPPING = {
    'elasticsearch': 'terminal.backends.command.es',
    'es': 'terminal.backends.command.es',
@ -29,6 +32,10 @@ def get_terminal_command_storages():
    from ..models import CommandStorage
    storage_list = {}
    for s in CommandStorage.objects.all():
        if not s.is_valid():
            logger.warn(f'Command storage invalid: storage={s}')
            continue
        if s.type_server:
            storage = get_command_storage()
        else: