mirror of https://github.com/jumpserver/jumpserver
fix: 修改授权树(收集用户)
Jiangjie.Bai
Jiangjie.Bai
parent
ca5708988a
commit
307b739a03
|
|
@ -36,6 +36,7 @@ exclude_permissions = (
|
|||
('assets', 'favoriteasset', '*', '*'),
|
||||
('assets', 'historicalauthbook', '*', '*'),
|
||||
('assets', 'assetuser', '*', '*'),
|
||||
('assets', 'gathereduser', 'add,delete,change', 'gathereduser'),
|
||||
('perms', 'databaseapppermission', '*', '*'),
|
||||
('perms', 'k8sapppermission', '*', '*'),
|
||||
('perms', 'remoteapppermission', '*', '*'),
|
||||
|
|
|
|||
|
|
@ -1,259 +0,0 @@
|
|||
# @ 分割符 $ 企业版 # ! 系统级别 # # 组织级别 # 控制台
|
||||
flag_sep = '@'
|
||||
flag_license_required = '$'
|
||||
flag_scope_system = '!'
|
||||
# flag_scop_org = '#'
|
||||
|
||||
permission_paths = [
|
||||
# format: 权限树路径 / app.codename @ 企业版、系统级别
|
||||
'/root/view/view_console/rbac.view_console',
|
||||
'/root/view/view_console/rbac.view_dashboard',
|
||||
'/root/view/view_console/user_management/user_list/users.view_user',
|
||||
'/root/view/view_console/user_management/user_list/users.add_user',
|
||||
'/root/view/view_console/user_management/user_list/users.change_user',
|
||||
'/root/view/view_console/user_management/user_list/users.delete_user',
|
||||
f'/root/view/view_console/user_management/user_list/users.invite_user{flag_sep}{flag_license_required}',
|
||||
f'/root/view/view_console/user_management/user_list/users.remove_user{flag_sep}{flag_license_required}',
|
||||
'/root/view/view_console/user_management/user_list/user_detail/perms.view_userassets',
|
||||
'/root/view/view_console/user_management/user_list/user_detail/asset_perm/perms.view_assetpermission',
|
||||
'/root/view/view_console/user_management/user_list/user_detail/asset_perm/perms.change_assetpermission',
|
||||
'/root/view/view_console/user_management/user_list/user_detail/asset_perm/perms.delete_assetpermission',
|
||||
'/root/view/view_console/user_management/user_list/user_detail/perms.view_userapps',
|
||||
'/root/view/view_console/user_management/user_list/user_detail/app_perm/perms.view_applicationpermission',
|
||||
'/root/view/view_console/user_management/user_list/user_detail/app_perm/perms.change_applicationpermission',
|
||||
'/root/view/view_console/user_management/user_list/user_detail/app_perm/perms.delete_applicationpermission',
|
||||
'/root/view/view_console/user_management/user_list/user_detail/user_login_acl/acls.view_loginacl',
|
||||
'/root/view/view_console/user_management/user_list/user_detail/user_login_acl/acls.add_loginacl',
|
||||
'/root/view/view_console/user_management/user_list/user_detail/user_login_acl/acls.change_loginacl',
|
||||
'/root/view/view_console/user_management/user_list/user_detail/user_login_acl/acls.delete_loginacl',
|
||||
'/root/view/view_console/user_management/user_group_list/users.view_usergroup',
|
||||
'/root/view/view_console/user_management/user_group_list/users.add_usergroup',
|
||||
'/root/view/view_console/user_management/user_group_list/users.change_usergroup',
|
||||
'/root/view/view_console/user_management/user_group_list/users.delete_usergroup',
|
||||
'/root/view/view_console/user_management/user_group_list/user_group_detail/perms.view_permusergroupasset',
|
||||
'/root/view/view_console/user_management/role_list/permission_list/rbac.view_permission',
|
||||
'/root/view/view_console/user_management/role_list/org_role/rbac.view_orgrole',
|
||||
'/root/view/view_console/user_management/role_list/org_role/rbac.add_orgrole',
|
||||
'/root/view/view_console/user_management/role_list/org_role/rbac.change_orgrole',
|
||||
'/root/view/view_console/user_management/role_list/org_role/rbac.delete_orgrole',
|
||||
'/root/view/view_console/user_management/role_list/org_role/org_role_detail/rbac.view_orgrolebinding',
|
||||
'/root/view/view_console/user_management/role_list/org_role/org_role_detail/rbac.add_orgrolebinding',
|
||||
'/root/view/view_console/user_management/role_list/org_role/org_role_detail/rbac.delete_orgrolebinding',
|
||||
'/root/view/view_console/user_management/role_list/system_role/rbac.view_systemrole',
|
||||
'/root/view/view_console/user_management/role_list/system_role/rbac.add_systemrole',
|
||||
'/root/view/view_console/user_management/role_list/system_role/rbac.change_systemrole',
|
||||
'/root/view/view_console/user_management/role_list/system_role/rbac.delete_systemrole',
|
||||
'/root/view/view_console/user_management/role_list/system_role/system_role_detail/rbac.view_systemrolebinding',
|
||||
'/root/view/view_console/user_management/role_list/system_role/system_role_detail/rbac.add_systemrolebinding',
|
||||
'/root/view/view_console/user_management/role_list/system_role/system_role_detail/rbac.delete_systemrolebinding',
|
||||
|
||||
'/root/view/view_console/asset_management/asset_list/assets.view_asset',
|
||||
'/root/view/view_console/asset_management/asset_list/assets.add_asset',
|
||||
'/root/view/view_console/asset_management/asset_list/assets.change_asset',
|
||||
'/root/view/view_console/asset_management/asset_list/assets.delete_asset',
|
||||
'/root/view/view_console/asset_management/asset_list/assets.test_assetconnectivity',
|
||||
'/root/view/view_console/asset_management/asset_list/assets.refresh_assethardwareinfo',
|
||||
'/root/view/view_console/asset_management/asset_list/assets.push_assetsystemuser',
|
||||
'/root/view/view_console/asset_management/asset_list/assets.match_asset',
|
||||
'/root/view/view_console/asset_management/asset_list/node_tree/assets.view_node',
|
||||
'/root/view/view_console/asset_management/asset_list/node_tree/assets.add_node',
|
||||
'/root/view/view_console/asset_management/asset_list/node_tree/assets.change_node',
|
||||
'/root/view/view_console/asset_management/asset_list/node_tree/assets.delete_node',
|
||||
'/root/view/view_console/asset_management/asset_list/node_tree/assets.add_assettonode',
|
||||
'/root/view/view_console/asset_management/asset_list/node_tree/assets.move_assettonode',
|
||||
f'/root/view/view_console/asset_management/asset_list/cloud_sync/sync_instance_task_list/xpack.view_syncinstancetask{flag_sep}{flag_license_required}',
|
||||
f'/root/view/view_console/asset_management/asset_list/cloud_sync/sync_instance_task_list/xpack.add_syncinstancetask{flag_sep}{flag_license_required}',
|
||||
f'/root/view/view_console/asset_management/asset_list/cloud_sync/sync_instance_task_list/xpack.change_syncinstancetask{flag_sep}{flag_license_required}',
|
||||
f'/root/view/view_console/asset_management/asset_list/cloud_sync/sync_instance_task_list/xpack.delete_syncinstancetask{flag_sep}{flag_license_required}',
|
||||
f'/root/view/view_console/asset_management/asset_list/cloud_sync/sync_instance_task_list/xpack.add_syncinstancetaskexecution{flag_sep}{flag_license_required}',
|
||||
f'/root/view/view_console/asset_management/asset_list/cloud_sync/sync_instance_task_list/sync_instance_task_detail/xpack.view_syncinstancetaskexecution{flag_sep}{flag_license_required}',
|
||||
f'/root/view/view_console/asset_management/asset_list/cloud_sync/sync_instance_task_list/sync_instance_task_detail/xpack.view_syncinstancedetail{flag_sep}{flag_license_required}',
|
||||
f'/root/view/view_console/asset_management/asset_list/cloud_sync/account_list/xpack.view_account{flag_sep}{flag_license_required}',
|
||||
f'/root/view/view_console/asset_management/asset_list/cloud_sync/account_list/xpack.add_account{flag_sep}{flag_license_required}',
|
||||
f'/root/view/view_console/asset_management/asset_list/cloud_sync/account_list/xpack.change_account{flag_sep}{flag_license_required}',
|
||||
f'/root/view/view_console/asset_management/asset_list/cloud_sync/account_list/xpack.delete_account{flag_sep}{flag_license_required}',
|
||||
f'/root/view/view_console/asset_management/asset_list/cloud_sync/account_list/xpack.test_account{flag_sep}{flag_license_required}',
|
||||
'/root/view/view_console/asset_management/domain_list/assets.view_domain',
|
||||
'/root/view/view_console/asset_management/domain_list/assets.add_domain',
|
||||
'/root/view/view_console/asset_management/domain_list/assets.change_domain',
|
||||
'/root/view/view_console/asset_management/domain_list/assets.delete_domain',
|
||||
'/root/view/view_console/asset_management/domain_list/gateway_list/assets.view_gateway',
|
||||
'/root/view/view_console/asset_management/domain_list/gateway_list/assets.add_gateway',
|
||||
'/root/view/view_console/asset_management/domain_list/gateway_list/assets.change_gateway',
|
||||
'/root/view/view_console/asset_management/domain_list/gateway_list/assets.delete_gateway',
|
||||
'/root/view/view_console/asset_management/domain_list/gateway_list/assets.test_gateway',
|
||||
'/root/view/view_console/asset_management/system_user/assets.view_systemuser',
|
||||
'/root/view/view_console/asset_management/system_user/assets.add_systemuser',
|
||||
'/root/view/view_console/asset_management/system_user/assets.change_systemuser',
|
||||
'/root/view/view_console/asset_management/system_user/assets.delete_systemuser',
|
||||
'/root/view/view_console/asset_management/system_user/assets.test_assetconnectivity',
|
||||
'/root/view/view_console/asset_management/system_user/assets.push_assetsystemuser',
|
||||
'/root/view/view_console/asset_management/system_user/system_user_detail/system_user_asset_list/assets.view_systemuserasset',
|
||||
'/root/view/view_console/asset_management/system_user/system_user_detail/system_user_asset_list/assets.add_systemuserasset',
|
||||
'/root/view/view_console/asset_management/system_user/system_user_detail/system_user_asset_list/assets.remove_systemuserasset',
|
||||
'/root/view/view_console/asset_management/system_user/system_user_detail/system_user_account_list/assets.view_authbook',
|
||||
'/root/view/view_console/asset_management/system_user/system_user_detail/system_user_account_list/assets.change_authbook',
|
||||
'/root/view/view_console/asset_management/system_user/system_user_detail/system_user_account_list/assets.delete_authbook',
|
||||
'/root/view/view_console/asset_management/system_user/system_user_detail/system_user_account_list/assets.test_authbook',
|
||||
'/root/view/view_console/asset_management/command_filter/assets.view_commandfilter',
|
||||
'/root/view/view_console/asset_management/command_filter/assets.add_commandfilter',
|
||||
'/root/view/view_console/asset_management/command_filter/assets.change_commandfilter',
|
||||
'/root/view/view_console/asset_management/command_filter/assets.delete_commandfilter',
|
||||
'/root/view/view_console/asset_management/command_filter/command_filter_rule/assets.view_commandfilterrule',
|
||||
'/root/view/view_console/asset_management/command_filter/command_filter_rule/assets.add_commandfilterrule',
|
||||
'/root/view/view_console/asset_management/command_filter/command_filter_rule/assets.change_commandfilterrule',
|
||||
'/root/view/view_console/asset_management/command_filter/command_filter_rule/assets.delete_commandfilterrule',
|
||||
'/root/view/view_console/asset_management/platform_list/assets.view_platform',
|
||||
'/root/view/view_console/asset_management/platform_list/assets.add_platform',
|
||||
'/root/view/view_console/asset_management/platform_list/assets.change_platform',
|
||||
'/root/view/view_console/asset_management/platform_list/assets.delete_platform',
|
||||
'/root/view/view_console/asset_management/label_management/assets.view_label',
|
||||
'/root/view/view_console/asset_management/label_management/assets.add_label',
|
||||
'/root/view/view_console/asset_management/label_management/assets.change_label',
|
||||
'/root/view/view_console/asset_management/label_management/assets.delete_label',
|
||||
|
||||
'/root/view/view_console/app_management/remote_app/applications.view_remoteapp',
|
||||
'/root/view/view_console/app_management/remote_app/applications.add_remoteapp',
|
||||
'/root/view/view_console/app_management/remote_app/applications.change_remoteapp',
|
||||
'/root/view/view_console/app_management/remote_app/applications.delete_remoteapp',
|
||||
'/root/view/view_console/app_management/db_app/applications.view_databaseapp',
|
||||
'/root/view/view_console/app_management/db_app/applications.add_databaseapp',
|
||||
'/root/view/view_console/app_management/db_app/applications.change_databaseapp',
|
||||
'/root/view/view_console/app_management/db_app/applications.delete_databaseapp',
|
||||
'/root/view/view_console/app_management/k8s_app/applications.view_kubernetesapp',
|
||||
'/root/view/view_console/app_management/k8s_app/applications.add_kubernetesapp',
|
||||
'/root/view/view_console/app_management/k8s_app/applications.change_kubernetesapp',
|
||||
'/root/view/view_console/app_management/k8s_app/applications.delete_kubernetesapp',
|
||||
|
||||
'/root/view/view_console/account_management/asset_account/assets.view_authbook',
|
||||
'/root/view/view_console/account_management/asset_account/assets.add_authbook',
|
||||
'/root/view/view_console/account_management/asset_account/assets.change_authbook',
|
||||
'/root/view/view_console/account_management/asset_account/assets.delete_authbook',
|
||||
'/root/view/view_console/account_management/asset_account/assets.test_authbook',
|
||||
'/root/view/view_console/account_management/application_account/applications.view_account',
|
||||
'/root/view/view_console/account_management/application_account/applications.add_account',
|
||||
'/root/view/view_console/account_management/application_account/applications.change_account',
|
||||
'/root/view/view_console/account_management/application_account/applications.delete_account',
|
||||
'/root/view/view_console/account_management/gather_user/gather_user_list/assets.view_gathereduser',
|
||||
'/root/view/view_console/account_management/gather_user/gather_user_task_list/xpack.view_gatherusertask',
|
||||
'/root/view/view_console/account_management/gather_user/gather_user_task_list/xpack.add_gatherusertask',
|
||||
'/root/view/view_console/account_management/gather_user/gather_user_task_list/xpack.change_gatherusertask',
|
||||
'/root/view/view_console/account_management/gather_user/gather_user_task_list/xpack.delete_gatherusertask',
|
||||
'/root/view/view_console/account_management/gather_user/gather_user_task_list/xpack.add_gatherusertaskexecution',
|
||||
'/root/view/view_console/account_management/gather_user/gather_user_task_list/xpack.view_gatherusertaskexecution',
|
||||
'/root/view/view_console/account_management/change_auth_plan/asset_change_auth_plan/xpack.view_changeauthplan',
|
||||
'/root/view/view_console/account_management/change_auth_plan/asset_change_auth_plan/xpack.add_changeauthplan',
|
||||
'/root/view/view_console/account_management/change_auth_plan/asset_change_auth_plan/xpack.change_changeauthplan',
|
||||
'/root/view/view_console/account_management/change_auth_plan/asset_change_auth_plan/xpack.delete_changeauthplan',
|
||||
'/root/view/view_console/account_management/change_auth_plan/asset_change_auth_plan/xpack.add_changeauthplanexecution',
|
||||
'/root/view/view_console/account_management/change_auth_plan/asset_change_auth_plan/xpack.view_changeauthplanexecution',
|
||||
'/root/view/view_console/account_management/change_auth_plan/app_change_auth_plan/xpack.view_applicationchangeauthplan',
|
||||
'/root/view/view_console/account_management/change_auth_plan/app_change_auth_plan/xpack.add_applicationchangeauthplan',
|
||||
'/root/view/view_console/account_management/change_auth_plan/app_change_auth_plan/xpack.change_applicationchangeauthplan',
|
||||
'/root/view/view_console/account_management/change_auth_plan/app_change_auth_plan/xpack.delete_applicationchangeauthplan',
|
||||
'/root/view/view_console/account_management/change_auth_plan/app_change_auth_plan/xpack.add_applicationchangeauthplanexecution',
|
||||
'/root/view/view_console/account_management/change_auth_plan/app_change_auth_plan/xpack.view_applicationchangeauthplanexecution',
|
||||
'/root/view/view_console/account_management/account_backup/assets.view_accountbackupplan',
|
||||
'/root/view/view_console/account_management/account_backup/assets.add_accountbackupplan',
|
||||
'/root/view/view_console/account_management/account_backup/assets.change_accountbackupplan',
|
||||
'/root/view/view_console/account_management/account_backup/assets.delete_accountbackupplan',
|
||||
'/root/view/view_console/account_management/account_backup/assets.add_accountbackupplanexecution',
|
||||
'/root/view/view_console/account_management/account_backup/assets.view_accountbackupplanexecution',
|
||||
|
||||
'/root/view/view_console/perm_management/asset_permission/perms.view_assetpermission',
|
||||
'/root/view/view_console/perm_management/asset_permission/perms.add_assetpermission',
|
||||
'/root/view/view_console/perm_management/asset_permission/perms.change_assetpermission',
|
||||
'/root/view/view_console/perm_management/asset_permission/perms.delete_assetpermission',
|
||||
'/root/view/view_console/perm_management/app_permission/perms.view_applicationpermission',
|
||||
'/root/view/view_console/perm_management/app_permission/perms.add_applicationpermission',
|
||||
'/root/view/view_console/perm_management/app_permission/perms.change_applicationpermission',
|
||||
'/root/view/view_console/perm_management/app_permission/perms.delete_applicationpermission',
|
||||
|
||||
'/root/view/view_console/access_control/asset_login/acls.view_loginassetacl',
|
||||
'/root/view/view_console/access_control/asset_login/acls.add_loginassetacl',
|
||||
'/root/view/view_console/access_control/asset_login/acls.change_loginassetacl',
|
||||
'/root/view/view_console/access_control/asset_login/acls.delete_loginassetacl',
|
||||
|
||||
'/root/view/view_console/job_center/task_list/ops.view_task',
|
||||
'/root/view/view_console/job_center/task_list/ops.delete_task',
|
||||
'/root/view/view_console/job_center/task_list/ops.add_adhocexecution',
|
||||
'/root/view/view_console/job_center/task_list/task_list_detail/ops.view_adhoc',
|
||||
'/root/view/view_console/job_center/task_list/task_list_detail/ops.view_adhocexecution',
|
||||
'/root/view/view_console/job_center/ops.view_taskmonitor',
|
||||
|
||||
'/root/view/view_audit/rbac.view_audit',
|
||||
'/root/view/view_audit/rbac.view_dashboard',
|
||||
'/root/view/view_audit/session_audit/session_record/terminal.view_session',
|
||||
'/root/view/view_audit/session_audit/session_record/terminal.terminate_session',
|
||||
'/root/view/view_audit/session_audit/session_record/terminal.monitor_session',
|
||||
'/root/view/view_audit/session_audit/session_record/session_detail/terminal.view_command',
|
||||
'/root/view/view_audit/session_audit/session_record/session_detail/terminal.view_sessionjoinrecord',
|
||||
'/root/view/view_audit/session_audit/command_record/terminal.view_command',
|
||||
'/root/view/view_audit/session_audit/command_record/terminal.view_commandstorage',
|
||||
'/root/view/view_audit/session_audit/file_transfer/audits.view_ftplog',
|
||||
'/root/view/view_audit/log_audit/audits.view_userloginlog',
|
||||
'/root/view/view_audit/log_audit/audits.view_operatelog',
|
||||
'/root/view/view_audit/log_audit/audits.view_passwordchangelog',
|
||||
'/root/view/view_audit/log_audit/ops.view_commandexecution',
|
||||
|
||||
'/root/view/view_workspace/rbac.view_workspace',
|
||||
'/root/view/view_workspace/rbac.view_overview',
|
||||
'/root/view/view_workspace/my_asset/perms.view_myassets',
|
||||
'/root/view/view_workspace/my_asset/perms.connect_myassets',
|
||||
'/root/view/view_workspace/my_app/my_remote_app/perms.view_myremoteapp',
|
||||
'/root/view/view_workspace/my_app/my_remote_app/perms.connect_myremoteapp',
|
||||
'/root/view/view_workspace/my_app/my_db_app/perms.view_mydatabaseapp',
|
||||
'/root/view/view_workspace/my_app/my_db_app/perms.connect_mydatabaseapp',
|
||||
'/root/view/view_workspace/my_app/my_k8s_app/perms.view_mykubernetesapp',
|
||||
'/root/view/view_workspace/my_app/my_k8s_app/perms.connect_mykubernetesapp',
|
||||
'/root/view/view_workspace/ops.add_commandexecution',
|
||||
'/root/view/view_workspace/rbac.view_webterminal',
|
||||
'/root/view/view_workspace/rbac.view_filemanager',
|
||||
|
||||
'/root/notifications.view_sitemessage',
|
||||
'/root/rbac.view_webterminal',
|
||||
|
||||
f'/root/system_setting/settings.change_basic{flag_sep}{flag_scope_system}',
|
||||
f'/root/system_setting/settings.change_email{flag_sep}{flag_scope_system}',
|
||||
f'/root/system_setting/settings.change_auth{flag_sep}{flag_scope_system}',
|
||||
f'/root/system_setting/notifications.change_systemmsgsubscription{flag_sep}{flag_scope_system}',
|
||||
f'/root/system_setting/settings.change_sms{flag_sep}{flag_scope_system}{flag_license_required}',
|
||||
f'/root/system_setting/terminal_setting/settings.change_terminal_basic_setting{flag_sep}{flag_scope_system}',
|
||||
f'/root/system_setting/terminal_setting/terminal_management/terminal.view_terminal{flag_sep}{flag_scope_system}',
|
||||
f'/root/system_setting/terminal_setting/terminal_management/terminal.change_terminal{flag_sep}{flag_scope_system}',
|
||||
f'/root/system_setting/terminal_setting/terminal_management/terminal.delete_terminal{flag_sep}{flag_scope_system}',
|
||||
f'/root/system_setting/terminal_setting/replay_storage/terminal.view_replaystorage{flag_sep}{flag_scope_system}',
|
||||
f'/root/system_setting/terminal_setting/replay_storage/terminal.add_replaystorage{flag_sep}{flag_scope_system}',
|
||||
f'/root/system_setting/terminal_setting/replay_storage/terminal.change_replaystorage{flag_sep}{flag_scope_system}',
|
||||
f'/root/system_setting/terminal_setting/replay_storage/terminal.delete_replaystorage{flag_sep}{flag_scope_system}',
|
||||
f'/root/system_setting/terminal_setting/command_storage/terminal.view_commandstorage{flag_sep}{flag_scope_system}',
|
||||
f'/root/system_setting/terminal_setting/command_storage/terminal.add_commandstorage{flag_sep}{flag_scope_system}',
|
||||
f'/root/system_setting/terminal_setting/command_storage/terminal.change_commandstorage{flag_sep}{flag_scope_system}',
|
||||
f'/root/system_setting/terminal_setting/command_storage/terminal.delete_commandstorage{flag_sep}{flag_scope_system}',
|
||||
f'/root/system_setting/terminal_setting/terminal.view_status{flag_sep}{flag_scope_system}',
|
||||
f'/root/system_setting/settings.change_security{flag_sep}{flag_scope_system}',
|
||||
f'/root/system_setting/settings.change_clean{flag_sep}{flag_scope_system}{flag_license_required}',
|
||||
f'/root/system_setting/org_management/orgs.view_rootorg{flag_sep}{flag_scope_system}{flag_license_required}',
|
||||
f'/root/system_setting/org_management/orgs.view_organization{flag_sep}{flag_scope_system}{flag_license_required}',
|
||||
f'/root/system_setting/org_management/orgs.add_organization{flag_sep}{flag_scope_system}{flag_license_required}',
|
||||
f'/root/system_setting/org_management/orgs.change_organization{flag_sep}{flag_scope_system}{flag_license_required}',
|
||||
f'/root/system_setting/org_management/orgs.delete_organization{flag_sep}{flag_scope_system}{flag_license_required}',
|
||||
f'/root/system_setting/settings.change_other{flag_sep}{flag_scope_system}',
|
||||
f'/root/system_setting/license/xpack.view_license{flag_sep}{flag_scope_system}',
|
||||
f'/root/system_setting/license/xpack.add_license{flag_sep}{flag_scope_system}',
|
||||
|
||||
f'/root/ticket/tickets.view_ticket{flag_sep}{flag_license_required}',
|
||||
f'/root/ticket/tickets.add_ticket{flag_sep}{flag_license_required}',
|
||||
f'/root/ticket/ticket_detail/tickets.change_ticket{flag_sep}{flag_license_required}',
|
||||
f'/root/ticket/ticket_detail/tickets.add_comment{flag_sep}{flag_license_required}',
|
||||
f'/root/ticket/ticket_detail/tickets.view_comment{flag_sep}{flag_license_required}',
|
||||
f'/root/ticket/ticket_detail/tickets.view_ticketsession{flag_sep}{flag_license_required}',
|
||||
|
||||
# '/root/rbac.view_help',
|
||||
f'/root/api_permission/terminal.add_session',
|
||||
'/root/api_permission/terminal.add_command',
|
||||
f'/root/api_permission/tickets.add_superticket{flag_sep}{flag_license_required}',
|
||||
'/root/api_permission/authentication.add_superconnectiontoken',
|
||||
'/root/api_permission/authentication.view_connectiontokensecret',
|
||||
# ...
|
||||
]
|
||||
|
|
@ -1,207 +0,0 @@
|
|||
import random
|
||||
from collections import defaultdict
|
||||
from django.utils.translation import ugettext
|
||||
from common.tree import TreeNode as RawTreeNode
|
||||
from django.utils.translation import gettext_lazy as _, gettext
|
||||
from rbac.models import Permission, ContentType
|
||||
from django.db.models import F, Count
|
||||
from .permissions import permission_paths, flag_license_required, flag_sep, flag_scope_system
|
||||
from .tree_nodes import permission_tree_nodes
|
||||
from ..const import Scope
|
||||
from jumpserver.utils import has_valid_xpack_license
|
||||
from django.conf import settings
|
||||
|
||||
|
||||
class TreeNode(RawTreeNode):
|
||||
total_count = 0
|
||||
checked_count = 0
|
||||
app_label_codename = ''
|
||||
|
||||
def mark_checked_if_need(self):
|
||||
if self.isParent:
|
||||
self.checked = self.total_count == self.checked_count
|
||||
|
||||
def refresh_name_if_need(self):
|
||||
if self.isParent:
|
||||
self.name = str(self.name) + f'({self.checked_count}/{self.total_count})'
|
||||
elif settings.DEBUG:
|
||||
self.name = str(self.name) + f'({self.app_label_codename})'
|
||||
|
||||
|
||||
class TreeNodes:
|
||||
|
||||
def __init__(self):
|
||||
self.tree_nodes = defaultdict(TreeNode)
|
||||
|
||||
def add_node(self, data):
|
||||
tree_node = self.add(data)
|
||||
tree_node.total_count += 1
|
||||
|
||||
def add_leaf(self, data):
|
||||
tree_node = self.add(data)
|
||||
if not data['checked']:
|
||||
return
|
||||
|
||||
parent_node = self.tree_nodes.get(tree_node.pId)
|
||||
while parent_node:
|
||||
parent_node.checked_count += 1
|
||||
parent_node = self.tree_nodes.get(parent_node.pId)
|
||||
|
||||
def add(self, data):
|
||||
_id = data['id']
|
||||
data['name'] = data.get('name') or data['id']
|
||||
tree_node = self.tree_nodes.get(_id, TreeNode(**data))
|
||||
self.tree_nodes[tree_node.id] = tree_node
|
||||
return tree_node
|
||||
|
||||
def get(self):
|
||||
tree_nodes = list(self.tree_nodes.values())
|
||||
for tree_node in tree_nodes:
|
||||
tree_node.mark_checked_if_need()
|
||||
tree_node.refresh_name_if_need()
|
||||
return tree_nodes
|
||||
|
||||
|
||||
class ZTree(object):
|
||||
|
||||
has_valid_license = has_valid_xpack_license()
|
||||
|
||||
def __init__(self, checked_permission, scope, check_disabled=False):
|
||||
self.scope = scope
|
||||
self.checked_permission = self.prefetch_permissions(
|
||||
checked_permission
|
||||
)
|
||||
self.checked_permissions_mapper = {p.id: p for p in self.checked_permission}
|
||||
self.permissions = self.prefetch_permissions(
|
||||
Permission.get_permissions(scope)
|
||||
)
|
||||
self.permissions_mapper = {p.app_label_codename: p for p in self.permissions}
|
||||
self.content_types_name_mapper = {ct.model: ct.name for ct in ContentType.objects.all()}
|
||||
self.check_disabled = check_disabled
|
||||
self.tree_nodes = TreeNodes()
|
||||
self.show_node_level = 3
|
||||
|
||||
@staticmethod
|
||||
def prefetch_permissions(permissions):
|
||||
return permissions.select_related('content_type') \
|
||||
.annotate(app=F('content_type__app_label')) \
|
||||
.annotate(model=F('content_type__model'))
|
||||
|
||||
def get_tree_nodes(self):
|
||||
perm_paths = self.__class__.get_permission_paths(self.scope)
|
||||
for perm_path in perm_paths:
|
||||
self.generate_tree_nodes_by_path(perm_path)
|
||||
return self.tree_nodes.get()
|
||||
|
||||
def generate_tree_nodes_by_path(self, perm_path):
|
||||
path, perm_app_label_codename = perm_path.rsplit('/', 1)
|
||||
|
||||
# add path
|
||||
path_list = path.lstrip('/').split('/')
|
||||
pid = ''
|
||||
for level, tree_node_id in enumerate(path_list, start=1):
|
||||
name = _('Detail') if 'detail' in tree_node_id else tree_node_id
|
||||
data = dict({
|
||||
'id': tree_node_id,
|
||||
'name': name,
|
||||
'title': name,
|
||||
'pId': pid,
|
||||
'isParent': True,
|
||||
'chkDisabled': self.check_disabled,
|
||||
'open': level < self.show_node_level,
|
||||
'meta': {
|
||||
'type': 'perm',
|
||||
}
|
||||
})
|
||||
_data = permission_tree_nodes.get(tree_node_id, {})
|
||||
data.update(_data)
|
||||
pid = data['id']
|
||||
self.tree_nodes.add_node(data)
|
||||
|
||||
# add perm
|
||||
if not perm_app_label_codename:
|
||||
return
|
||||
perm = self.permissions_mapper.get(perm_app_label_codename)
|
||||
if perm:
|
||||
# 解决同一个权限不能在多个节点的问题
|
||||
_id = f'{pid}#{perm.id}'
|
||||
name = self._get_permission_name(perm)
|
||||
checked = perm.id in self.checked_permissions_mapper
|
||||
else:
|
||||
# 最终不应该走这里,所有权限都要在数据库里
|
||||
_id = perm_app_label_codename
|
||||
name = perm_app_label_codename
|
||||
checked = False
|
||||
|
||||
data = {
|
||||
'id': _id,
|
||||
'pId': pid,
|
||||
'name': name,
|
||||
'title': perm_app_label_codename,
|
||||
'chkDisabled': self.check_disabled,
|
||||
'app_label_codename': perm_app_label_codename,
|
||||
'isParent': False,
|
||||
'iconSkin': 'file',
|
||||
'open': False,
|
||||
'checked': checked,
|
||||
'meta': {
|
||||
'type': 'perm',
|
||||
}
|
||||
}
|
||||
_data = permission_tree_nodes.get(perm_app_label_codename, {})
|
||||
data.update(_data)
|
||||
self.tree_nodes.add_leaf(data)
|
||||
|
||||
def _get_permission_name(self, p):
|
||||
code_name = p.codename
|
||||
action_mapper = {
|
||||
'add': ugettext('Create'),
|
||||
'view': ugettext('View'),
|
||||
'change': ugettext('Update'),
|
||||
'delete': ugettext('Delete')
|
||||
}
|
||||
name = ''
|
||||
ct = ''
|
||||
if 'add_' in p.codename:
|
||||
name = action_mapper['add']
|
||||
ct = code_name.replace('add_', '')
|
||||
elif 'view_' in p.codename:
|
||||
name = action_mapper['view']
|
||||
ct = code_name.replace('view_', '')
|
||||
elif 'change_' in p.codename:
|
||||
name = action_mapper['change']
|
||||
ct = code_name.replace('change_', '')
|
||||
elif 'delete' in code_name:
|
||||
name = action_mapper['delete']
|
||||
ct = code_name.replace('delete_', '')
|
||||
|
||||
if ct in self.content_types_name_mapper:
|
||||
name += self.content_types_name_mapper[ct]
|
||||
else:
|
||||
name = gettext(p.name)
|
||||
name = name.replace('Can ', '').replace('可以', '')
|
||||
return name
|
||||
|
||||
@classmethod
|
||||
def get_permissions_app_label_codename(cls, scope):
|
||||
perm_paths = cls.get_permission_paths(scope)
|
||||
perms = []
|
||||
for path in perm_paths:
|
||||
path, app_label_code_name = path.rsplit('/', 1)
|
||||
if not app_label_code_name:
|
||||
continue
|
||||
perms.append(app_label_code_name)
|
||||
return perms
|
||||
|
||||
@classmethod
|
||||
def get_permission_paths(cls, scope):
|
||||
perm_paths = []
|
||||
for path in permission_paths:
|
||||
if flag_sep in path:
|
||||
path, flags = path.split(flag_sep)
|
||||
if flag_scope_system in flags and scope == Scope.org:
|
||||
continue
|
||||
if flag_license_required in flags and not cls.has_valid_license:
|
||||
continue
|
||||
perm_paths.append(path)
|
||||
return perm_paths
|
||||
|
|
@ -1,308 +0,0 @@
|
|||
from django.utils.translation import gettext_lazy as _
|
||||
|
||||
permission_tree_nodes = {
|
||||
# 节点
|
||||
'root': {
|
||||
'name': _('All permissions'),
|
||||
},
|
||||
'view': {
|
||||
'name': _("View menu")
|
||||
},
|
||||
'view_console': {
|
||||
'name': _('Console view'),
|
||||
},
|
||||
'user_management': {
|
||||
'name': _('User management')
|
||||
},
|
||||
'user_list': {
|
||||
'name': _('User list')
|
||||
},
|
||||
'view_workspace': {
|
||||
'name': _('Workspace view')
|
||||
},
|
||||
'view_audit': {
|
||||
'name': _("Audit view")
|
||||
},
|
||||
'asset_perm': {
|
||||
'name': _('Asset permission')
|
||||
},
|
||||
'session_audits': {
|
||||
'name': _('Session audits')
|
||||
},
|
||||
'session_record': {
|
||||
'name': _('Online/Offline Session record')
|
||||
},
|
||||
'asset_management': {
|
||||
'name': _('Asset management')
|
||||
},
|
||||
'asset_list': {
|
||||
'name': _('Asset list')
|
||||
},
|
||||
'my_asset': {
|
||||
'name': _('My assets')
|
||||
},
|
||||
'my_app': {
|
||||
'name': _('My application')
|
||||
},
|
||||
'bulk_command': {
|
||||
'name': _('Bulk command')
|
||||
},
|
||||
'system_setting': {
|
||||
'name': _('System setting')
|
||||
},
|
||||
'ticket': {
|
||||
'name': _('Ticket system')
|
||||
},
|
||||
'help': {
|
||||
'name': _('Help')
|
||||
},
|
||||
'api_permission': {
|
||||
'name': _('API permission')
|
||||
},
|
||||
'app_management': {
|
||||
'name': _('Application management')
|
||||
},
|
||||
'account_management': {
|
||||
'name': _('Account management'),
|
||||
},
|
||||
'perm_management': {
|
||||
'name': _('Permission management'),
|
||||
},
|
||||
'access_control': {
|
||||
'name': _('Access control'),
|
||||
},
|
||||
'job_center': {
|
||||
'name': _('Job center'),
|
||||
},
|
||||
'session_audit': {
|
||||
'name': _('Session audit')
|
||||
},
|
||||
'log_audit': {
|
||||
'name': _('Log audit')
|
||||
},
|
||||
'user_group_list': {
|
||||
'name': _('User group')
|
||||
},
|
||||
'role_list': {
|
||||
'name': _('Role list')
|
||||
},
|
||||
'app_perm': {
|
||||
'name': _('Application permission')
|
||||
},
|
||||
'user_login_acl': {
|
||||
'name': _('User login acl')
|
||||
},
|
||||
'user_group_detail': {
|
||||
'name': _('Detail')
|
||||
},
|
||||
'permission_list': {
|
||||
'name': _('Permission list')
|
||||
},
|
||||
'node_tree': {
|
||||
'name': _('Node tree')
|
||||
},
|
||||
'cloud_sync': {
|
||||
'name': _('Cloud sync')
|
||||
},
|
||||
'sync_instance_task_list': {
|
||||
'name': _('Sync instance task list')
|
||||
},
|
||||
'account_list': {
|
||||
'name': _('Account list')
|
||||
},
|
||||
'system_user': {
|
||||
'name': _('Common/Admin User')
|
||||
},
|
||||
'system_user_asset_list': {
|
||||
'name': _('Asset list'),
|
||||
},
|
||||
'system_user_account_list': {
|
||||
'name': _('Account list')
|
||||
},
|
||||
'command_filter': {
|
||||
'name': _('Command filter')
|
||||
},
|
||||
'command_filter_rule': {
|
||||
'name': _('Command filter rule')
|
||||
},
|
||||
'platform_list': {
|
||||
'name': _('Platform list')
|
||||
},
|
||||
'label_management': {
|
||||
'name': _('Label management')
|
||||
},
|
||||
'remote_app': {
|
||||
'name': _('Remote application')
|
||||
},
|
||||
'db_app': {
|
||||
'name': _('Database application')
|
||||
},
|
||||
'k8s_app': {
|
||||
'name': _('Kubernetes')
|
||||
},
|
||||
'asset_account': {
|
||||
'name': _('Asset account')
|
||||
},
|
||||
'application_account': {
|
||||
'name': _('Application account')
|
||||
},
|
||||
'gather_user': {
|
||||
'name': _('Gathered user')
|
||||
},
|
||||
'gather_user_list': {
|
||||
'name': _('Gathered user list')
|
||||
},
|
||||
'gather_user_task_list': {
|
||||
'name': _('Gathered user task list')
|
||||
},
|
||||
'change_auth_plan': {
|
||||
'name': _('Change auth plan')
|
||||
},
|
||||
'asset_change_auth_plan': {
|
||||
'name': _('Asset change auth plan')
|
||||
},
|
||||
'app_change_auth_plan': {
|
||||
'name': _('Application change auth plan')
|
||||
},
|
||||
'account_backup': {
|
||||
'name': _('Account backup')
|
||||
},
|
||||
'asset_permission': {
|
||||
'name': _('Asset permission')
|
||||
},
|
||||
'app_permission': {
|
||||
'name': _('Application permission')
|
||||
},
|
||||
'asset_login': {
|
||||
'name': _('Asset login')
|
||||
},
|
||||
'task_list': {
|
||||
'name': _('Task list')
|
||||
},
|
||||
'command_record': {
|
||||
'name': _('Command record')
|
||||
},
|
||||
'file_transfer': {
|
||||
'name': _('File transfer')
|
||||
},
|
||||
'my_remote_app': {
|
||||
'name': _('Remote App')
|
||||
},
|
||||
'my_db_app': {
|
||||
'name': _('Database application')
|
||||
},
|
||||
'my_k8s_app': {
|
||||
'name': _('Kubernetes')
|
||||
},
|
||||
'terminal_setting': {
|
||||
'name': _('Terminal setting')
|
||||
},
|
||||
'terminal_management': {
|
||||
'name': _('Terminal management')
|
||||
},
|
||||
'command_storage': {
|
||||
'name': _('Command storage')
|
||||
},
|
||||
'replay_storage': {
|
||||
'name': _('Replay storage')
|
||||
},
|
||||
'org_management': {
|
||||
'name': _('Organization management')
|
||||
},
|
||||
'license': {
|
||||
'name': _('License')
|
||||
},
|
||||
|
||||
# 权限
|
||||
'rbac.view_permission': {
|
||||
'name': _('View all permission')
|
||||
},
|
||||
'domain_list': {
|
||||
'name': _('Domain list')
|
||||
},
|
||||
'gateway_list': {
|
||||
'name': _('Gateway list')
|
||||
},
|
||||
'org_role': {
|
||||
'name': _('Organization role')
|
||||
},
|
||||
'system_role': {
|
||||
'name': _('System role')
|
||||
},
|
||||
'xpack.add_gatherusertaskexecution': {
|
||||
'name': _('Run gather user task')
|
||||
},
|
||||
'xpack.add_changeauthplanexecution': {
|
||||
'name': _('Run asset change auth plan')
|
||||
},
|
||||
'xpack.add_applicationchangeauthplanexecution': {
|
||||
'name': _('Run application change auth plan')
|
||||
},
|
||||
'assets.add_accountbackupplanexecution': {
|
||||
'name': _('Run account backup plan')
|
||||
},
|
||||
'ops.add_adhocexecution': {
|
||||
'name': _('Run task')
|
||||
},
|
||||
'ops.view_adhoc': {
|
||||
'name': _('View task version')
|
||||
},
|
||||
'ops.view_adhocexecution': {
|
||||
'name': _('View execution history')
|
||||
},
|
||||
'ops.add_commandexecution': {
|
||||
'name': _('Bulk command')
|
||||
},
|
||||
'notifications.view_sitemessage': {
|
||||
'name': _('Site message')
|
||||
},
|
||||
'notifications.change_systemmsgsubscription': {
|
||||
'name': _('Message subscription')
|
||||
},
|
||||
'terminal.view_status': {
|
||||
'name': _('Component monitor')
|
||||
},
|
||||
'tickets.view_ticket': {
|
||||
'name': _('View my/assigned ticket')
|
||||
},
|
||||
'tickets.add_ticket': {
|
||||
'name': _('Create asset/application ticket')
|
||||
},
|
||||
'tickets.change_ticket': {
|
||||
'name': _('Change/close ticket')
|
||||
},
|
||||
'assets.match_asset': {
|
||||
'name': _('View some of the assets searched')
|
||||
},
|
||||
'rbac.view_workspace': {
|
||||
'checked': True,
|
||||
'chkDisabled': True,
|
||||
},
|
||||
'rbac.view_overview': {
|
||||
'name': _('Overview'),
|
||||
'checked': True,
|
||||
'chkDisabled': True,
|
||||
},
|
||||
'rbac.view_orgrolebinding': {
|
||||
'name': _('View permission user')
|
||||
},
|
||||
'rbac.add_orgrolebinding': {
|
||||
'name': _('Add user to role')
|
||||
},
|
||||
'rbac.delete_orgrolebinding': {
|
||||
'name': _('Remove user from role')
|
||||
},
|
||||
'rbac.view_systemrolebinding': {
|
||||
'name': _('View permission user')
|
||||
},
|
||||
'rbac.add_systemrolebinding': {
|
||||
'name': _('Add user to role')
|
||||
},
|
||||
'rbac.delete_systemrolebinding': {
|
||||
'name': _('Remove user from role')
|
||||
},
|
||||
'xpack.add_syncinstancetaskexecution': {
|
||||
'name': _('Run sync instance task')
|
||||
}
|
||||
|
||||
}
|
||||
Loading…
Reference in New Issue