perf: License

2025-03-18 18:48:05 +08:00 · 2025-03-18 18:48:05 +08:00 · 2bfcebd064
parent 7bd03c7863
commit 2bfcebd064
11 changed files with 28 additions and 14 deletions
--- a/apps/accounts/api/automations/base.py
+++ b/apps/accounts/api/automations/base.py
@ -16,7 +16,7 @@ from orgs.mixins import generics
 __all__ = [
    'AutomationAssetsListApi', 'AutomationRemoveAssetApi',
    'AutomationAddAssetApi', 'AutomationNodeAddRemoveApi',
-    'AutomationExecutionViewSet',
+    'AutomationExecutionViewSet', 'RecordListMixin'
 ]


--- a/apps/accounts/api/automations/change_secret.py
+++ b/apps/accounts/api/automations/change_secret.py
@ -11,6 +11,7 @@ from accounts.filters import ChangeSecretRecordFilterSet
 from accounts.models import ChangeSecretAutomation, ChangeSecretRecord
 from accounts.tasks import execute_automation_record_task
 from authentication.permissions import UserConfirmation, ConfirmType
+from common.permissions import IsValidLicense
 from orgs.mixins.api import OrgBulkModelViewSet, OrgGenericViewSet
 from rbac.permissions import RBACPermission
 from .base import (
@ -28,6 +29,7 @@ __all__ = [

 class ChangeSecretAutomationViewSet(OrgBulkModelViewSet):
    model = ChangeSecretAutomation
+    permission_classes = [RBACPermission, IsValidLicense]
    filterset_fields = ('name', 'secret_type', 'secret_strategy')
    search_fields = filterset_fields
    serializer_class = serializers.ChangeSecretAutomationSerializer
@ -35,6 +37,7 @@ class ChangeSecretAutomationViewSet(OrgBulkModelViewSet):

 class ChangeSecretRecordViewSet(RecordListMixin, mixins.ListModelMixin, OrgGenericViewSet):
    filterset_class = ChangeSecretRecordFilterSet
+    permission_classes = [RBACPermission, IsValidLicense]
    search_fields = ('asset__address', 'account__username')
    ordering_fields = ('date_finished',)
    tp = AutomationTypes.change_secret
@ -125,7 +128,7 @@ class ChangSecretExecutionViewSet(AutomationExecutionViewSet):
        ("create", "accounts.add_changesecretexecution"),
        ("report", "accounts.view_changesecretexecution"),
    )
-
+    permission_classes = [RBACPermission, IsValidLicense]
    tp = AutomationTypes.change_secret

    def get_queryset(self):
--- a/apps/accounts/api/automations/change_secret_dashboard.py
+++ b/apps/accounts/api/automations/change_secret_dashboard.py
@ -11,9 +11,11 @@ from accounts.const import AutomationTypes, ChangeSecretRecordStatusChoice
 from accounts.models import ChangeSecretAutomation, AutomationExecution, ChangeSecretRecord
 from assets.models import Node, Asset
 from common.const import Status
+from common.permissions import IsValidLicense
 from common.utils import lazyproperty
 from common.utils.timezone import local_zero_hour, local_now
 from ops.celery import app
+from rbac.permissions import RBACPermission

 __all__ = ['ChangeSecretDashboardApi']

@ -23,7 +25,7 @@ class ChangeSecretDashboardApi(APIView):
    rbac_perms = {
        'GET': 'accounts.view_changesecretautomation',
    }
-
+    permission_classes = [RBACPermission, IsValidLicense]
    tp = AutomationTypes.change_secret
    task_name = 'accounts.tasks.automation.execute_account_automation_task'
    ongoing_change_secret_cache_key = "ongoing_change_secret_cache_key"
--- a/apps/accounts/api/automations/check_account.py
+++ b/apps/accounts/api/automations/check_account.py
@ -18,9 +18,13 @@ from accounts.models import (
 )
 from assets.models import Asset
 from common.api import JMSModelViewSet
+from common.permissions import IsValidLicense
 from common.utils import many_get
 from orgs.mixins.api import OrgBulkModelViewSet
+from rbac.permissions import RBACPermission
 from .base import AutomationExecutionViewSet
+from ...filters import NodeFilterBackend
+from ...risk_handlers import RiskHandler

 __all__ = [
    "CheckAccountAutomationViewSet",
@ -29,15 +33,12 @@ __all__ = [
    "CheckAccountEngineViewSet",
 ]

-from ...filters import NodeFilterBackend
-
-from ...risk_handlers import RiskHandler
-

 class CheckAccountAutomationViewSet(OrgBulkModelViewSet):
    model = CheckAccountAutomation
    filterset_fields = ("name",)
    search_fields = filterset_fields
+    permission_classes = [RBACPermission, IsValidLicense]
    serializer_class = serializers.CheckAccountAutomationSerializer


@ -51,6 +52,7 @@ class CheckAccountExecutionViewSet(AutomationExecutionViewSet):
    )
    ordering = ("-date_created",)
    tp = AutomationTypes.check_account
+    permission_classes = [RBACPermission, IsValidLicense]

    def get_queryset(self):
        queryset = super().get_queryset()
@ -84,6 +86,7 @@ class AccountRiskViewSet(OrgBulkModelViewSet):
    search_fields = ["username", "asset__name"]
    filterset_fields = ("risk", "status", "asset_id")
    extra_filter_backends = [NodeFilterBackend]
+    permission_classes = [RBACPermission, IsValidLicense]
    serializer_classes = {
        "default": serializers.AccountRiskSerializer,
        "assets": serializers.AssetRiskSerializer,
@ -140,7 +143,7 @@ class AccountRiskViewSet(OrgBulkModelViewSet):
 class CheckAccountEngineViewSet(JMSModelViewSet):
    search_fields = ("name",)
    serializer_class = serializers.CheckAccountEngineSerializer
-
+    permission_classes = [RBACPermission, IsValidLicense]
    perm_model = CheckAccountEngine

    def get_queryset(self):
--- a/apps/accounts/templates/accounts/backup_account_report.html
+++ b/apps/accounts/templates/accounts/backup_account_report.html
@ -157,7 +157,7 @@
    }

    .collapsible-content {
-        overflow: hidden;
+        overflow: auto;
        max-height: 1000px;
        opacity: 1;
        transition: max-height 0.3s ease-in-out, opacity 0.3s ease-in-out;
--- a/apps/accounts/templates/accounts/change_secret_report.html
+++ b/apps/accounts/templates/accounts/change_secret_report.html
@ -247,7 +247,7 @@
    }

    .collapsible-content {
-        overflow: hidden;
+        overflow: auto;
        max-height: 1000px;
        opacity: 1;
        transition: max-height 0.3s ease-in-out, opacity 0.3s ease-in-out;
--- a/apps/accounts/templates/accounts/check_account_report.html
+++ b/apps/accounts/templates/accounts/check_account_report.html
@ -180,7 +180,7 @@
    }

    .collapsible-content {
-        overflow: hidden;
+        overflow: auto;
        max-height: 1000px;
        opacity: 1;
        transition: max-height 0.3s ease-in-out, opacity 0.3s ease-in-out;
--- a/apps/accounts/templates/accounts/gather_account_report.html
+++ b/apps/accounts/templates/accounts/gather_account_report.html
@ -245,7 +245,7 @@
    }

    .collapsible-content {
-        overflow: hidden;
+        overflow: auto;
        max-height: 1000px;
        opacity: 1;
        transition: max-height 0.3s ease-in-out, opacity 0.3s ease-in-out;
--- a/apps/accounts/templates/accounts/push_account_report.html
+++ b/apps/accounts/templates/accounts/push_account_report.html
@ -246,7 +246,7 @@
    }

    .collapsible-content {
-        overflow: hidden;
+        overflow: auto;
        max-height: 1000px;
        opacity: 1;
        transition: max-height 0.3s ease-in-out, opacity 0.3s ease-in-out;
--- a/apps/common/permissions.py
+++ b/apps/common/permissions.py
@ -68,3 +68,9 @@ class ServiceAccountSignaturePermission(permissions.BasePermission):

    def has_object_permission(self, request, view, obj):
        return False
+
+
+class IsValidLicense(permissions.BasePermission):
+
+    def has_permission(self, request, view):
+        return settings.XPACK_LICENSE_IS_VALID
--- a/apps/i18n/lina/zh.json
+++ b/apps/i18n/lina/zh.json
@ -7,7 +7,7 @@
    "Accept": "同意",
    "AccessIP": "IP 白名单",
    "AccessKey": "访问密钥",
-    "Account": "账号信息",
+    "Account": "账号",
    "AccountActivities": "账号活动",
    "AccountBackup": "账号备份",
    "AccountBackupCreate": "创建账号备份",