From 9ba792cf1cd337912905fb2035f1270b36cd3021 Mon Sep 17 00:00:00 2001 From: Aaron3S Date: Mon, 26 Dec 2022 19:02:05 +0800 Subject: [PATCH 1/6] =?UTF-8?q?feat:=20ops=20=E6=94=AF=E6=8C=81=E8=8A=82?= =?UTF-8?q?=E7=82=B9=E5=92=8C=E8=B5=84=E4=BA=A7?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/ops/ansible/runner.py | 4 +++- apps/ops/api/job.py | 14 +++++++++++++- apps/ops/models/job.py | 16 ++++++++++++++-- apps/ops/serializers/job.py | 14 +++++++++++++- apps/ops/urls/api_urls.py | 1 + 5 files changed, 44 insertions(+), 5 deletions(-) diff --git a/apps/ops/ansible/runner.py b/apps/ops/ansible/runner.py index 13d56bd00..8c7517ade 100644 --- a/apps/ops/ansible/runner.py +++ b/apps/ops/ansible/runner.py @@ -13,7 +13,8 @@ class AdHocRunner: "reboot", 'shutdown', 'poweroff', 'halt', 'dd', 'half', 'top' ] - def __init__(self, inventory, module, module_args='', pattern='*', project_dir='/tmp/', extra_vars={}): + def __init__(self, inventory, module, module_args='', pattern='*', project_dir='/tmp/', extra_vars={}, + dry_run=False): self.id = uuid.uuid4() self.inventory = inventory self.pattern = pattern @@ -23,6 +24,7 @@ class AdHocRunner: self.cb = DefaultCallback() self.runner = None self.extra_vars = extra_vars + self.dry_run = dry_run def check_module(self): if self.module not in self.cmd_modules_choices: diff --git a/apps/ops/api/job.py b/apps/ops/api/job.py index 0cf8ade0c..1c7cac33d 100644 --- a/apps/ops/api/job.py +++ b/apps/ops/api/job.py @@ -1,3 +1,4 @@ +from django.db.models import Count from rest_framework.views import APIView from django.shortcuts import get_object_or_404 from rest_framework.response import Response @@ -5,12 +6,14 @@ from rest_framework.response import Response from ops.models import Job, JobExecution from ops.serializers.job import JobSerializer, JobExecutionSerializer -__all__ = ['JobViewSet', 'JobExecutionViewSet', 'JobRunVariableHelpAPIView', 'JobAssetDetail', 'JobExecutionTaskDetail'] +__all__ = ['JobViewSet', 'JobExecutionViewSet', 'JobRunVariableHelpAPIView', + 'JobAssetDetail', 'JobExecutionTaskDetail','FrequentUsernames'] from ops.tasks import run_ops_job_execution from ops.variables import JMS_JOB_VARIABLE_HELP from orgs.mixins.api import OrgBulkModelViewSet from orgs.utils import tmp_to_org, get_current_org_id, get_current_org +from assets.models import Account def set_task_to_serializer_data(serializer, task): @@ -111,3 +114,12 @@ class JobExecutionTaskDetail(APIView): 'is_success': execution.is_success, 'time_cost': execution.time_cost, }) + + +class FrequentUsernames(APIView): + rbac_perms = () + permission_classes = () + + def get(self, request, **kwargs): + top_accounts = Account.objects.all().values('username').annotate(total=Count('username')).order_by('total') + return Response(data=top_accounts) diff --git a/apps/ops/models/job.py b/apps/ops/models/job.py index c83038f80..1b6a33b59 100644 --- a/apps/ops/models/job.py +++ b/apps/ops/models/job.py @@ -166,6 +166,10 @@ class JobExecution(JMSOrgBaseModel): return result = self.current_job.args result += " chdir={}".format(self.current_job.chdir) + + if self.current_job.module in ['python']: + result += " executable={}".format(self.current_job.module) + print(result) return self.job.args def get_runner(self): @@ -187,9 +191,17 @@ class JobExecution(JMSOrgBaseModel): if self.current_job.type == 'adhoc': args = self.compile_shell() + module = "shell" + if self.current_job.module not in ['python']: + module = self.current_job.module + runner = AdHocRunner( - self.inventory_path, self.current_job.module, module_args=args, - pattern="all", project_dir=self.private_dir, extra_vars=extra_vars, + self.inventory_path, + module, + module_args=args, + pattern="all", + project_dir=self.private_dir, + extra_vars=extra_vars, ) elif self.current_job.type == 'playbook': runner = PlaybookRunner( diff --git a/apps/ops/serializers/job.py b/apps/ops/serializers/job.py index 386c4e92f..4b6ea82d1 100644 --- a/apps/ops/serializers/job.py +++ b/apps/ops/serializers/job.py @@ -1,5 +1,7 @@ from django.utils.translation import ugettext as _ from rest_framework import serializers + +from assets.models import Node from common.drf.fields import ReadableHiddenField from ops.mixin import PeriodTaskSerializerMixin from ops.models import Job, JobExecution @@ -10,6 +12,16 @@ from orgs.mixins.serializers import BulkOrgResourceModelSerializer class JobSerializer(BulkOrgResourceModelSerializer, PeriodTaskSerializerMixin): creator = ReadableHiddenField(default=serializers.CurrentUserDefault()) run_after_save = serializers.BooleanField(label=_("Run after save"), default=False, required=False) + nodes = serializers.ListField(required=False, child=serializers.CharField()) + + def create(self, validated_data): + assets = validated_data.__getitem__('assets') + node_ids = validated_data.pop('nodes') + if node_ids: + nodes = Node.objects.filter(id__in=node_ids) + assets.extend( + Node.get_nodes_all_assets(*nodes).exclude(id__in=[asset.id for asset in assets])) + return super().create(validated_data) class Meta: model = Job @@ -22,7 +34,7 @@ class JobSerializer(BulkOrgResourceModelSerializer, PeriodTaskSerializerMixin): "chdir", "comment", "summary", - "is_periodic", "interval", "crontab", "run_after_save" + "is_periodic", "interval", "crontab", "run_after_save", "nodes" ] diff --git a/apps/ops/urls/api_urls.py b/apps/ops/urls/api_urls.py index 20f581b1d..5d859b801 100644 --- a/apps/ops/urls/api_urls.py +++ b/apps/ops/urls/api_urls.py @@ -26,6 +26,7 @@ urlpatterns = [ path('variables/help/', api.JobRunVariableHelpAPIView.as_view(), name='variable-help'), path('job-execution/asset-detail/', api.JobAssetDetail.as_view(), name='asset-detail'), path('job-execution/task-detail/', api.JobExecutionTaskDetail.as_view(), name='task-detail'), + path('frequent-username/', api.FrequentUsernames.as_view(), name='frequent-usernames'), path('ansible/job-execution//log/', api.AnsibleTaskLogApi.as_view(), name='job-execution-log'), path('celery/task//task-execution//log/', api.CeleryTaskExecutionLogApi.as_view(), From d0f70f4316a6a10704d4e02730a9e6908d4a7d90 Mon Sep 17 00:00:00 2001 From: Bai Date: Mon, 26 Dec 2022 19:16:11 +0800 Subject: [PATCH 2/6] =?UTF-8?q?perf:=20=E4=BF=AE=E6=94=B9=E7=94=A8?= =?UTF-8?q?=E6=88=B7=E5=BA=8F=E5=88=97=E7=B1=BB=20can=5Fpublic=5Fkey=5Faut?= =?UTF-8?q?h=20=E7=B1=BB=E5=9E=8B;=20=E4=BF=AE=E6=94=B9=20OPTION=20?= =?UTF-8?q?=E8=8E=B7=E5=8F=96=E5=AD=97=E6=AE=B5=20id=20label=20=E4=B8=BA?= =?UTF-8?q?=20ID?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/common/drf/metadata.py | 4 ++++ apps/users/serializers/user.py | 5 +++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/apps/common/drf/metadata.py b/apps/common/drf/metadata.py index fc9ceb961..52c89ba43 100644 --- a/apps/common/drf/metadata.py +++ b/apps/common/drf/metadata.py @@ -122,6 +122,10 @@ class SimpleMetadataWithFilters(SimpleMetadata): self.set_tree_field(field, field_info) elif isinstance(field, serializers.ChoiceField): self.set_choices_field(field, field_info) + + if field.field_name == 'id': + field_info['label'] = 'ID' + return field_info @staticmethod diff --git a/apps/users/serializers/user.py b/apps/users/serializers/user.py index be083a322..b872f4bd0 100644 --- a/apps/users/serializers/user.py +++ b/apps/users/serializers/user.py @@ -83,8 +83,9 @@ class UserSerializer(RolesSerializerMixin, CommonBulkSerializerMixin, serializer ) login_blocked = serializers.BooleanField(read_only=True, label=_("Login blocked")) is_expired = serializers.BooleanField(read_only=True, label=_("Is expired")) - can_public_key_auth = serializers.ReadOnlyField( - source="can_use_ssh_key_login", label=_("Can public key authentication") + can_public_key_auth = serializers.BooleanField( + source="can_use_ssh_key_login", label=_("Can public key authentication"), + read_only=True ) password = EncryptedField( label=_("Password"), From ed35ac2930c7baca87c2b48931b8dcee60e0f747 Mon Sep 17 00:00:00 2001 From: Bai Date: Mon, 26 Dec 2022 19:32:07 +0800 Subject: [PATCH 3/6] =?UTF-8?q?perf:=20=E4=BF=AE=E6=94=B9=20OPTION=20?= =?UTF-8?q?=E8=8E=B7=E5=8F=96=E5=AD=97=E6=AE=B5=20org=5Fid=20label=20?= =?UTF-8?q?=E4=B8=BA=20Organization=20ID?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/common/drf/metadata.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/apps/common/drf/metadata.py b/apps/common/drf/metadata.py index 52c89ba43..a4b5bf7ad 100644 --- a/apps/common/drf/metadata.py +++ b/apps/common/drf/metadata.py @@ -8,6 +8,7 @@ from collections import OrderedDict from django.core.exceptions import PermissionDenied from django.http import Http404 from django.utils.encoding import force_text +from django.utils.translation import ugettext_lazy as _ from rest_framework import exceptions, serializers from rest_framework.fields import empty from rest_framework.metadata import SimpleMetadata @@ -125,6 +126,8 @@ class SimpleMetadataWithFilters(SimpleMetadata): if field.field_name == 'id': field_info['label'] = 'ID' + if field.field_name == 'org_id': + field_info['label'] = _('Organization ID') return field_info From a7be8bf365c1bce6d914d52bd1836ff7970cdc98 Mon Sep 17 00:00:00 2001 From: Bai Date: Mon, 26 Dec 2022 20:29:56 +0800 Subject: [PATCH 4/6] =?UTF-8?q?perf:=20=E4=BF=AE=E6=94=B9=E7=BF=BB?= =?UTF-8?q?=E8=AF=91=E7=BB=84=E7=BB=87ID?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/locale/ja/LC_MESSAGES/django.po | 100 +++++++++++++++------------ apps/locale/zh/LC_MESSAGES/django.po | 92 +++++++++++++----------- 2 files changed, 107 insertions(+), 85 deletions(-) diff --git a/apps/locale/ja/LC_MESSAGES/django.po b/apps/locale/ja/LC_MESSAGES/django.po index 07878a508..33caf18a8 100644 --- a/apps/locale/ja/LC_MESSAGES/django.po +++ b/apps/locale/ja/LC_MESSAGES/django.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2022-12-23 15:35+0800\n" +"POT-Creation-Date: 2022-12-26 20:28+0800\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" @@ -95,8 +95,8 @@ msgstr "アクティブ" #: authentication/models/sso_token.py:16 #: notifications/models/notification.py:12 #: perms/api/user_permission/mixin.py:55 perms/models/asset_permission.py:57 -#: rbac/builtin.py:120 rbac/models/rolebinding.py:41 -#: terminal/backends/command/models.py:20 +#: perms/serializers/permission.py:23 rbac/builtin.py:120 +#: rbac/models/rolebinding.py:41 terminal/backends/command/models.py:20 #: terminal/backends/command/serializers.py:13 #: terminal/models/session/session.py:29 terminal/models/session/sharing.py:32 #: terminal/notifications.py:94 terminal/notifications.py:142 @@ -114,7 +114,8 @@ msgstr "ユーザー" #: assets/serializers/domain.py:19 assets/serializers/gathered_user.py:11 #: assets/serializers/label.py:27 audits/models.py:34 #: authentication/models/connection_token.py:32 -#: perms/models/asset_permission.py:63 terminal/backends/command/models.py:21 +#: perms/models/asset_permission.py:63 perms/serializers/permission.py:27 +#: terminal/backends/command/models.py:21 #: terminal/backends/command/serializers.py:14 #: terminal/models/session/session.py:31 terminal/notifications.py:93 #: xpack/plugins/cloud/models.py:220 @@ -369,9 +370,9 @@ msgstr "失敗しました" #: assets/const/account.py:12 assets/models/_user.py:35 #: audits/signal_handlers.py:49 authentication/confirm/password.py:9 #: authentication/forms.py:32 -#: authentication/templates/authentication/login.html:260 +#: authentication/templates/authentication/login.html:288 #: settings/serializers/auth/ldap.py:25 settings/serializers/auth/ldap.py:47 -#: users/forms/profile.py:22 users/serializers/user.py:90 +#: users/forms/profile.py:22 users/serializers/user.py:97 #: users/templates/users/_msg_user_created.html:13 #: users/templates/users/user_password_verify.html:18 #: xpack/plugins/cloud/serializers/account_attrs.py:28 @@ -421,7 +422,7 @@ msgstr "パスワード/キーの確認" msgid "Gather accounts" msgstr "アカウントを集める" -#: assets/const/automation.py:38 assets/serializers/account/base.py:26 +#: assets/const/automation.py:38 assets/serializers/account/base.py:29 msgid "Specific" msgstr "" @@ -651,17 +652,17 @@ msgstr "資産履歴アカウントを表示できます" msgid "Can view asset history account secret" msgstr "資産履歴アカウントパスワードを表示できます" -#: assets/models/account.py:102 assets/serializers/account/account.py:15 +#: assets/models/account.py:106 assets/serializers/account/account.py:15 #, fuzzy msgid "Account template" msgstr "アカウント名" -#: assets/models/account.py:107 +#: assets/models/account.py:111 #, fuzzy msgid "Can view asset account template secret" msgstr "資産アカウントの秘密を表示できます" -#: assets/models/account.py:108 +#: assets/models/account.py:112 #, fuzzy msgid "Can change asset account template secret" msgstr "資産口座の秘密を変更できます" @@ -691,7 +692,7 @@ msgstr "ノード" #: assets/models/base.py:71 assets/models/cmd_filter.py:39 #: assets/models/label.py:22 #: authentication/serializers/connect_token_secret.py:106 -#: terminal/models/applet/applet.py:27 users/serializers/user.py:151 +#: terminal/models/applet/applet.py:27 users/serializers/user.py:158 msgid "Is active" msgstr "アクティブです。" @@ -985,7 +986,8 @@ msgid "Privileged" msgstr "" #: assets/models/cmd_filter.py:28 perms/models/asset_permission.py:60 -#: users/models/group.py:25 users/models/user.py:681 +#: perms/serializers/permission.py:25 users/models/group.py:25 +#: users/models/user.py:681 msgid "User group" msgstr "ユーザーグループ" @@ -1104,7 +1106,8 @@ msgstr "フルバリュー" msgid "Parent key" msgstr "親キー" -#: assets/models/node.py:566 xpack/plugins/cloud/models.py:96 +#: assets/models/node.py:566 perms/serializers/permission.py:28 +#: xpack/plugins/cloud/models.py:96 msgid "Node" msgstr "ノード" @@ -1267,6 +1270,7 @@ msgid "Push now" msgstr "" #: assets/serializers/account/account.py:20 +#: assets/serializers/account/base.py:13 #, fuzzy msgid "Has secret" msgstr "ひみつ" @@ -1781,7 +1785,7 @@ msgstr "" "さい。" #: authentication/api/password.py:59 -#: authentication/templates/authentication/login.html:289 +#: authentication/templates/authentication/login.html:319 #: users/templates/users/forgot_password.html:27 #: users/templates/users/forgot_password.html:28 #: users/templates/users/forgot_password_previewing.html:13 @@ -2266,7 +2270,7 @@ msgid "The {} cannot be empty" msgstr "{} 空にしてはならない" #: authentication/serializers/token.py:79 perms/serializers/permission.py:30 -#: perms/serializers/permission.py:61 users/serializers/user.py:152 +#: perms/serializers/permission.py:61 users/serializers/user.py:159 msgid "Is valid" msgstr "有効です" @@ -2455,17 +2459,13 @@ msgstr "" msgid "Cancel" msgstr "キャンセル" -#: authentication/templates/authentication/login.html:235 -msgid "Welcome back, please enter username and password to login" -msgstr "" -"おかえりなさい、ログインするためにユーザー名とパスワードを入力してください" - -#: authentication/templates/authentication/login.html:297 +#: authentication/templates/authentication/login.html:254 +#: authentication/templates/authentication/login.html:327 #: templates/_header_bar.html:89 msgid "Login" msgstr "ログイン" -#: authentication/templates/authentication/login.html:304 +#: authentication/templates/authentication/login.html:334 msgid "More login options" msgstr "その他のログインオプション" @@ -2735,6 +2735,10 @@ msgstr "" msgid "Invalid choice: {}" msgstr "無効なIP" +#: common/drf/metadata.py:130 +msgid "Organization ID" +msgstr "組織 ID" + #: common/drf/parsers/base.py:17 msgid "The file content overflowed (The maximum length `{}` bytes)" msgstr "ファイルの内容がオーバーフローしました (最大長 '{}' バイト)" @@ -2912,7 +2916,7 @@ msgstr "アカウントを正常に作成" msgid "Your account has been created successfully" msgstr "アカウントが正常に作成されました" -#: jumpserver/context_processor.py:13 +#: jumpserver/context_processor.py:12 msgid "JumpServer Open Source Bastion Host" msgstr "JumpServer オープンソースの要塞ホスト" @@ -3040,6 +3044,12 @@ msgstr "特権アカウント優先" msgid "Skip" msgstr "スキップ" +#: ops/const.py:45 ops/models/adhoc.py:20 +#, fuzzy +#| msgid "PowerShell" +msgid "Powershell" +msgstr "PowerShell" + #: ops/exception.py:6 msgid "no valid program entry found." msgstr "利用可能なプログラムポータルがありません" @@ -3176,11 +3186,11 @@ msgstr "ジョブ#ジョブ#" msgid "Parameters" msgstr "パラメータ" -#: ops/models/job.py:288 +#: ops/models/job.py:300 msgid "Job Execution" msgstr "ジョブ実行" -#: ops/models/job.py:299 +#: ops/models/job.py:311 msgid "Job audit log" msgstr "ジョブ監査ログ" @@ -3212,17 +3222,17 @@ msgstr "{max_threshold}%: => {value} を超える使用メモリ" msgid "CPU load more than {max_threshold}: => {value}" msgstr "{max_threshold} を超えるCPUロード: => {value}" -#: ops/serializers/job.py:12 +#: ops/serializers/job.py:14 #, fuzzy msgid "Run after save" msgstr "システムユーザーの実行" -#: ops/serializers/job.py:31 +#: ops/serializers/job.py:43 #, fuzzy msgid "Job type" msgstr "Docタイプ" -#: ops/serializers/job.py:32 +#: ops/serializers/job.py:44 msgid "Material" msgstr "マテリアル" @@ -3458,7 +3468,7 @@ msgid "asset permissions of organization {}" msgstr "組織 {} の資産権限" #: perms/serializers/permission.py:31 perms/serializers/permission.py:60 -#: users/serializers/user.py:85 users/serializers/user.py:154 +#: users/serializers/user.py:91 users/serializers/user.py:161 msgid "Is expired" msgstr "期限切れです" @@ -6131,7 +6141,7 @@ msgstr "強制有効" msgid "Local" msgstr "ローカル" -#: users/models/user.py:687 users/serializers/user.py:153 +#: users/models/user.py:687 users/serializers/user.py:160 msgid "Is service account" msgstr "サービスアカウントです" @@ -6160,7 +6170,7 @@ msgid "Secret key" msgstr "秘密キー" #: users/models/user.py:716 users/serializers/profile.py:149 -#: users/serializers/user.py:150 +#: users/serializers/user.py:157 msgid "Is first login" msgstr "最初のログインです" @@ -6247,51 +6257,51 @@ msgstr "新しいパスワードを最後の {} 個のパスワードにする msgid "The newly set password is inconsistent" msgstr "新しく設定されたパスワードが一致しない" -#: users/serializers/user.py:29 +#: users/serializers/user.py:31 msgid "System roles" msgstr "システムの役割" -#: users/serializers/user.py:30 +#: users/serializers/user.py:35 msgid "Org roles" msgstr "組織ロール" -#: users/serializers/user.py:78 +#: users/serializers/user.py:84 msgid "Password strategy" msgstr "パスワード戦略" -#: users/serializers/user.py:80 +#: users/serializers/user.py:86 msgid "MFA enabled" msgstr "MFA有効化" -#: users/serializers/user.py:82 +#: users/serializers/user.py:88 msgid "MFA force enabled" msgstr "MFAフォース有効化" -#: users/serializers/user.py:84 +#: users/serializers/user.py:90 msgid "Login blocked" msgstr "ログインブロック" -#: users/serializers/user.py:87 +#: users/serializers/user.py:93 msgid "Can public key authentication" msgstr "公開鍵認証が可能" -#: users/serializers/user.py:155 +#: users/serializers/user.py:162 msgid "Avatar url" msgstr "アバターURL" -#: users/serializers/user.py:158 +#: users/serializers/user.py:165 msgid "Is OTP bound" msgstr "仮想MFAがバインドされているか" -#: users/serializers/user.py:265 +#: users/serializers/user.py:272 msgid "Select users" msgstr "ユーザーの選択" -#: users/serializers/user.py:266 +#: users/serializers/user.py:273 msgid "For security, only list several users" msgstr "セキュリティのために、複数のユーザーのみをリストします" -#: users/serializers/user.py:300 +#: users/serializers/user.py:307 msgid "name not unique" msgstr "名前が一意ではない" @@ -7124,6 +7134,10 @@ msgstr "究極のエディション" msgid "Community edition" msgstr "コミュニティ版" +#~ msgid "Welcome back, please enter username and password to login" +#~ msgstr "" +#~ "おかえりなさい、ログインするためにユーザー名とパスワードを入力してください" + #, fuzzy #~ msgid "Run account" #~ msgstr "アカウント" diff --git a/apps/locale/zh/LC_MESSAGES/django.po b/apps/locale/zh/LC_MESSAGES/django.po index 52fb6014f..2fe65075a 100644 --- a/apps/locale/zh/LC_MESSAGES/django.po +++ b/apps/locale/zh/LC_MESSAGES/django.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: JumpServer 0.3.3\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2022-12-23 15:35+0800\n" +"POT-Creation-Date: 2022-12-26 20:28+0800\n" "PO-Revision-Date: 2021-05-20 10:54+0800\n" "Last-Translator: ibuler \n" "Language-Team: JumpServer team\n" @@ -94,8 +94,8 @@ msgstr "激活中" #: authentication/models/sso_token.py:16 #: notifications/models/notification.py:12 #: perms/api/user_permission/mixin.py:55 perms/models/asset_permission.py:57 -#: rbac/builtin.py:120 rbac/models/rolebinding.py:41 -#: terminal/backends/command/models.py:20 +#: perms/serializers/permission.py:23 rbac/builtin.py:120 +#: rbac/models/rolebinding.py:41 terminal/backends/command/models.py:20 #: terminal/backends/command/serializers.py:13 #: terminal/models/session/session.py:29 terminal/models/session/sharing.py:32 #: terminal/notifications.py:94 terminal/notifications.py:142 @@ -113,7 +113,8 @@ msgstr "用户" #: assets/serializers/domain.py:19 assets/serializers/gathered_user.py:11 #: assets/serializers/label.py:27 audits/models.py:34 #: authentication/models/connection_token.py:32 -#: perms/models/asset_permission.py:63 terminal/backends/command/models.py:21 +#: perms/models/asset_permission.py:63 perms/serializers/permission.py:27 +#: terminal/backends/command/models.py:21 #: terminal/backends/command/serializers.py:14 #: terminal/models/session/session.py:31 terminal/notifications.py:93 #: xpack/plugins/cloud/models.py:220 @@ -363,9 +364,9 @@ msgstr "失败" #: assets/const/account.py:12 assets/models/_user.py:35 #: audits/signal_handlers.py:49 authentication/confirm/password.py:9 #: authentication/forms.py:32 -#: authentication/templates/authentication/login.html:260 +#: authentication/templates/authentication/login.html:288 #: settings/serializers/auth/ldap.py:25 settings/serializers/auth/ldap.py:47 -#: users/forms/profile.py:22 users/serializers/user.py:90 +#: users/forms/profile.py:22 users/serializers/user.py:97 #: users/templates/users/_msg_user_created.html:13 #: users/templates/users/user_password_verify.html:18 #: xpack/plugins/cloud/serializers/account_attrs.py:28 @@ -409,7 +410,7 @@ msgstr "验证账号" msgid "Gather accounts" msgstr "收集账号" -#: assets/const/automation.py:38 assets/serializers/account/base.py:26 +#: assets/const/automation.py:38 assets/serializers/account/base.py:29 msgid "Specific" msgstr "特有的" @@ -634,15 +635,15 @@ msgstr "可以查看资产历史账号" msgid "Can view asset history account secret" msgstr "可以查看资产历史账号密码" -#: assets/models/account.py:102 assets/serializers/account/account.py:15 +#: assets/models/account.py:106 assets/serializers/account/account.py:15 msgid "Account template" msgstr "账号模版" -#: assets/models/account.py:107 +#: assets/models/account.py:111 msgid "Can view asset account template secret" msgstr "可以查看资产账号密码" -#: assets/models/account.py:108 +#: assets/models/account.py:112 msgid "Can change asset account template secret" msgstr "可以更改账号模版密码" @@ -671,7 +672,7 @@ msgstr "节点" #: assets/models/base.py:71 assets/models/cmd_filter.py:39 #: assets/models/label.py:22 #: authentication/serializers/connect_token_secret.py:106 -#: terminal/models/applet/applet.py:27 users/serializers/user.py:151 +#: terminal/models/applet/applet.py:27 users/serializers/user.py:158 msgid "Is active" msgstr "激活" @@ -944,7 +945,8 @@ msgid "Privileged" msgstr "特权账号" #: assets/models/cmd_filter.py:28 perms/models/asset_permission.py:60 -#: users/models/group.py:25 users/models/user.py:681 +#: perms/serializers/permission.py:25 users/models/group.py:25 +#: users/models/user.py:681 msgid "User group" msgstr "用户组" @@ -1062,7 +1064,8 @@ msgstr "全称" msgid "Parent key" msgstr "ssh私钥" -#: assets/models/node.py:566 xpack/plugins/cloud/models.py:96 +#: assets/models/node.py:566 perms/serializers/permission.py:28 +#: xpack/plugins/cloud/models.py:96 msgid "Node" msgstr "节点" @@ -1208,6 +1211,7 @@ msgid "Push now" msgstr "立即推送" #: assets/serializers/account/account.py:20 +#: assets/serializers/account/base.py:13 msgid "Has secret" msgstr "已托管密码" @@ -1700,7 +1704,7 @@ msgid "" msgstr "用户来自 {} 请去相应系统修改密码" #: authentication/api/password.py:59 -#: authentication/templates/authentication/login.html:289 +#: authentication/templates/authentication/login.html:319 #: users/templates/users/forgot_password.html:27 #: users/templates/users/forgot_password.html:28 #: users/templates/users/forgot_password_previewing.html:13 @@ -2166,7 +2170,7 @@ msgid "The {} cannot be empty" msgstr "{} 不能为空" #: authentication/serializers/token.py:79 perms/serializers/permission.py:30 -#: perms/serializers/permission.py:61 users/serializers/user.py:152 +#: perms/serializers/permission.py:61 users/serializers/user.py:159 msgid "Is valid" msgstr "账号是否有效" @@ -2347,16 +2351,13 @@ msgstr "如果这次公钥更新不是由你发起的,那么你的账号可能 msgid "Cancel" msgstr "取消" -#: authentication/templates/authentication/login.html:235 -msgid "Welcome back, please enter username and password to login" -msgstr "欢迎回来,请输入用户名和密码登录" - -#: authentication/templates/authentication/login.html:297 +#: authentication/templates/authentication/login.html:254 +#: authentication/templates/authentication/login.html:327 #: templates/_header_bar.html:89 msgid "Login" msgstr "登录" -#: authentication/templates/authentication/login.html:304 +#: authentication/templates/authentication/login.html:334 msgid "More login options" msgstr "其他方式登录" @@ -2624,6 +2625,10 @@ msgstr "错误的数据类型,应该是列表" msgid "Invalid choice: {}" msgstr "无效选项: {}" +#: common/drf/metadata.py:130 +msgid "Organization ID" +msgstr "组织 ID" + #: common/drf/parsers/base.py:17 msgid "The file content overflowed (The maximum length `{}` bytes)" msgstr "文件内容太大 (最大长度 `{}` 字节)" @@ -2798,7 +2803,7 @@ msgstr "创建账号成功" msgid "Your account has been created successfully" msgstr "你的账号已创建成功" -#: jumpserver/context_processor.py:13 +#: jumpserver/context_processor.py:12 msgid "JumpServer Open Source Bastion Host" msgstr "JumpServer 开源堡垒机" @@ -3053,11 +3058,11 @@ msgstr "作业" msgid "Parameters" msgstr "" -#: ops/models/job.py:288 +#: ops/models/job.py:300 msgid "Job Execution" msgstr "作业执行" -#: ops/models/job.py:299 +#: ops/models/job.py:311 msgid "Job audit log" msgstr "作业审计日志" @@ -3089,15 +3094,15 @@ msgstr "内存使用率超过 {max_threshold}%: => {value}" msgid "CPU load more than {max_threshold}: => {value}" msgstr "CPU 使用率超过 {max_threshold}: => {value}" -#: ops/serializers/job.py:12 +#: ops/serializers/job.py:14 msgid "Run after save" msgstr "保存后执行" -#: ops/serializers/job.py:31 +#: ops/serializers/job.py:43 msgid "Job type" msgstr "任务类型" -#: ops/serializers/job.py:32 +#: ops/serializers/job.py:44 msgid "Material" msgstr "" @@ -3323,7 +3328,7 @@ msgid "asset permissions of organization {}" msgstr "组织 ({}) 的资产授权" #: perms/serializers/permission.py:31 perms/serializers/permission.py:60 -#: users/serializers/user.py:85 users/serializers/user.py:154 +#: users/serializers/user.py:91 users/serializers/user.py:161 msgid "Is expired" msgstr "已过期" @@ -5930,7 +5935,7 @@ msgstr "强制启用" msgid "Local" msgstr "数据库" -#: users/models/user.py:687 users/serializers/user.py:153 +#: users/models/user.py:687 users/serializers/user.py:160 msgid "Is service account" msgstr "服务账号" @@ -5959,7 +5964,7 @@ msgid "Secret key" msgstr "Secret key" #: users/models/user.py:716 users/serializers/profile.py:149 -#: users/serializers/user.py:150 +#: users/serializers/user.py:157 msgid "Is first login" msgstr "首次登录" @@ -6046,51 +6051,51 @@ msgstr "新密码不能是最近 {} 次的密码" msgid "The newly set password is inconsistent" msgstr "两次密码不一致" -#: users/serializers/user.py:29 +#: users/serializers/user.py:31 msgid "System roles" msgstr "系统角色" -#: users/serializers/user.py:30 +#: users/serializers/user.py:35 msgid "Org roles" msgstr "组织角色" -#: users/serializers/user.py:78 +#: users/serializers/user.py:84 msgid "Password strategy" msgstr "密码策略" -#: users/serializers/user.py:80 +#: users/serializers/user.py:86 msgid "MFA enabled" msgstr "MFA 已启用" -#: users/serializers/user.py:82 +#: users/serializers/user.py:88 msgid "MFA force enabled" msgstr "强制 MFA" -#: users/serializers/user.py:84 +#: users/serializers/user.py:90 msgid "Login blocked" msgstr "登录被阻塞" -#: users/serializers/user.py:87 +#: users/serializers/user.py:93 msgid "Can public key authentication" msgstr "能否公钥认证" -#: users/serializers/user.py:155 +#: users/serializers/user.py:162 msgid "Avatar url" msgstr "头像路径" -#: users/serializers/user.py:158 +#: users/serializers/user.py:165 msgid "Is OTP bound" msgstr "是否绑定了虚拟 MFA" -#: users/serializers/user.py:265 +#: users/serializers/user.py:272 msgid "Select users" msgstr "选择用户" -#: users/serializers/user.py:266 +#: users/serializers/user.py:273 msgid "For security, only list several users" msgstr "为了安全,仅列出几个用户" -#: users/serializers/user.py:300 +#: users/serializers/user.py:307 msgid "name not unique" msgstr "名称重复" @@ -6908,6 +6913,9 @@ msgstr "旗舰版" msgid "Community edition" msgstr "社区版" +#~ msgid "Welcome back, please enter username and password to login" +#~ msgstr "欢迎回来,请输入用户名和密码登录" + #~ msgid "Discovery account automation" #~ msgstr "账号发现" From bb23c2a9fab32bf1755a1ee07a97bae9f3ab14de Mon Sep 17 00:00:00 2001 From: Bai Date: Mon, 26 Dec 2022 20:30:10 +0800 Subject: [PATCH 5/6] =?UTF-8?q?perf:=20=E4=BF=AE=E6=94=B9=E7=BF=BB?= =?UTF-8?q?=E8=AF=91=E7=BB=84=E7=BB=87ID?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/locale/ja/LC_MESSAGES/django.mo | 4 ++-- apps/locale/zh/LC_MESSAGES/django.mo | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/apps/locale/ja/LC_MESSAGES/django.mo b/apps/locale/ja/LC_MESSAGES/django.mo index 963b2c7cf..f98c635ae 100644 --- a/apps/locale/ja/LC_MESSAGES/django.mo +++ b/apps/locale/ja/LC_MESSAGES/django.mo @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:7f83a00d90fe74749386ecd1f64d507b135e8c4d35acea1c5cd56bba3387e834 -size 119674 +oid sha256:a533ee3b36cdd61fe239be159cc80362e5cd358f134857987029bde8e4c1231e +size 119530 diff --git a/apps/locale/zh/LC_MESSAGES/django.mo b/apps/locale/zh/LC_MESSAGES/django.mo index 110c90b6a..acd56e90a 100644 --- a/apps/locale/zh/LC_MESSAGES/django.mo +++ b/apps/locale/zh/LC_MESSAGES/django.mo @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:aec4662e56ce44daac5eea9fe6d39c21ce9b2c55cfb60006ad6f0e639329c552 -size 105895 +oid sha256:7496f27202b5dcd9d677a70f9efc86c30b74fc306d6b5fa7202238c15c845971 +size 105814 From 1e0bfbf8a8db1d8fd4f499ee5a5fe68ae36042ba Mon Sep 17 00:00:00 2001 From: fit2bot <68588906+fit2bot@users.noreply.github.com> Date: Tue, 27 Dec 2022 14:48:00 +0800 Subject: [PATCH 6/6] perf: permission (#9244) Co-authored-by: feng <1304903146@qq.com> --- .../0034_alter_celerytask_options.py | 17 +++++++++++++ apps/ops/models/celery.py | 3 +++ apps/rbac/const.py | 4 ---- .../0011_remove_redundant_permission.py | 24 +++++++++++++++++++ apps/rbac/tree.py | 2 ++ 5 files changed, 46 insertions(+), 4 deletions(-) create mode 100644 apps/ops/migrations/0034_alter_celerytask_options.py create mode 100644 apps/rbac/migrations/0011_remove_redundant_permission.py diff --git a/apps/ops/migrations/0034_alter_celerytask_options.py b/apps/ops/migrations/0034_alter_celerytask_options.py new file mode 100644 index 000000000..9645782c4 --- /dev/null +++ b/apps/ops/migrations/0034_alter_celerytask_options.py @@ -0,0 +1,17 @@ +# Generated by Django 3.2.16 on 2022-12-27 06:07 + +from django.db import migrations + + +class Migration(migrations.Migration): + + dependencies = [ + ('ops', '0033_auto_20221223_1536'), + ] + + operations = [ + migrations.AlterModelOptions( + name='celerytask', + options={'ordering': ('name',), 'permissions': [('view_taskmonitor', 'Can view task monitor')], 'verbose_name': 'Celery Task'}, + ), + ] diff --git a/apps/ops/models/celery.py b/apps/ops/models/celery.py index de9633c70..316eca876 100644 --- a/apps/ops/models/celery.py +++ b/apps/ops/models/celery.py @@ -46,6 +46,9 @@ class CeleryTask(models.Model): class Meta: verbose_name = _("Celery Task") ordering = ('name',) + permissions = [ + ('view_taskmonitor', _('Can view task monitor')) + ] class CeleryTaskExecution(models.Model): diff --git a/apps/rbac/const.py b/apps/rbac/const.py index d63c2f610..b4e217977 100644 --- a/apps/rbac/const.py +++ b/apps/rbac/const.py @@ -70,7 +70,6 @@ exclude_permissions = ( ('rbac', 'role', '*', '*'), ('ops', 'adhoc', 'delete,change', '*'), ('ops', 'adhocexecution', 'add,delete,change', '*'), - ('ops', 'task', 'add,change', 'task'), ('ops', 'jobexecution', 'change,delete', 'jobexecution'), ('ops', 'historicaljob', '*', '*'), ('ops', 'celerytask', 'add,change,delete', 'celerytask'), @@ -99,9 +98,6 @@ exclude_permissions = ( ('xpack', 'license', '*', '*'), ('xpack', 'syncinstancedetail', 'add,delete,change', 'syncinstancedetail'), ('xpack', 'syncinstancetaskexecution', 'delete,change', 'syncinstancetaskexecution'), - ('xpack', 'changeauthplanexecution', '*', '*'), - ('xpack', 'changeauthplantask', '*', '*'), - ('xpack', 'gatherusertaskexecution', '*', '*'), ('common', 'permission', 'add,delete,view,change', 'permission'), ('terminal', 'command', 'delete,change', 'command'), ('terminal', 'status', 'delete,change', 'status'), diff --git a/apps/rbac/migrations/0011_remove_redundant_permission.py b/apps/rbac/migrations/0011_remove_redundant_permission.py new file mode 100644 index 000000000..15cb8ef47 --- /dev/null +++ b/apps/rbac/migrations/0011_remove_redundant_permission.py @@ -0,0 +1,24 @@ +# Generated by Django 3.2.16 on 2022-12-27 02:41 + +from django.db import migrations + + +def migrate_remove_redundant_permission(apps, *args): + model = apps.get_model('rbac', 'ContentType') + model.objects.filter(app_label='applications').delete() + model.objects.filter(app_label='ops', model='task').delete() + model.objects.filter(app_label='xpack', model__in=[ + 'applicationchangeauthplan', 'applicationchangeauthplanexecution', + 'applicationchangeauthplantask', 'changeauthplan', 'changeauthplanexecution', + 'changeauthplantask', 'gatherusertask', 'gatherusertaskexecution' + ]).delete() + + +class Migration(migrations.Migration): + dependencies = [ + ('rbac', '0010_auto_20221220_1956'), + ] + + operations = [ + migrations.RunPython(migrate_remove_redundant_permission) + ] diff --git a/apps/rbac/tree.py b/apps/rbac/tree.py index e515896c9..14ed53343 100644 --- a/apps/rbac/tree.py +++ b/apps/rbac/tree.py @@ -100,6 +100,8 @@ special_pid_mapper = { 'ops.jobauditlog': 'audits', 'ops.view_celerytask': 'task_center', 'ops.view_celerytaskexecution': 'task_center', + 'ops.view_taskmonitor': 'task_center', + 'ops.adhocexecution': 'task_center', 'ops.job': 'operation_center', 'ops.adhoc': 'operation_center', 'ops.playbook': 'operation_center',