merge: with dev

Dockerfile

@@ -1,4 +1,3 @@
-# 编译代码
 FROM python:3.8.6-slim as stage-build
 MAINTAINER JumpServer Team <ibuler@qq.com>
 ARG VERSION
@@ -8,22 +7,18 @@ WORKDIR /opt/jumpserver
 ADD . .
 RUN cd utils && bash -ixeu build.sh
 
-
-# 构建运行时环境
 FROM python:3.8.6-slim
 ARG PIP_MIRROR=https://pypi.douban.com/simple
 ENV PIP_MIRROR=$PIP_MIRROR
-ARG PIP_JMS_MIRROR=https://pypi.douban.com/simple
-ENV PIP_JMS_MIRROR=$PIP_JMS_MIRROR
 
 WORKDIR /opt/jumpserver
 
-COPY ./requirements/deb_buster_requirements.txt ./requirements/deb_buster_requirements.txt
+COPY ./requirements/deb_requirements.txt ./requirements/deb_requirements.txt
 RUN sed -i 's/deb.debian.org/mirrors.aliyun.com/g' /etc/apt/sources.list \
     && sed -i 's/security.debian.org/mirrors.aliyun.com/g' /etc/apt/sources.list \
     && apt update \
-    && apt -y install telnet iproute2 redis-tools \
-    && grep -v '^#' ./requirements/deb_buster_requirements.txt | xargs apt -y install \
+    && apt -y install telnet iproute2 redis-tools default-mysql-client vim wget curl locales \
+    && apt -y install $(cat requirements/deb_requirements.txt) \
     && rm -rf /var/lib/apt/lists/* \
     && localedef -c -f UTF-8 -i zh_CN zh_CN.UTF-8 \
     && cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \
@@ -32,19 +27,19 @@ RUN sed -i 's/deb.debian.org/mirrors.aliyun.com/g' /etc/apt/sources.list \
 
 COPY ./requirements/requirements.txt ./requirements/requirements.txt
 RUN pip install --upgrade pip==20.2.4 setuptools==49.6.0 wheel==0.34.2 -i ${PIP_MIRROR} \
-    && pip config set global.index-url ${PIP_MIRROR} \
-    && pip install --no-cache-dir $(grep 'jms' requirements/requirements.txt) -i ${PIP_JMS_MIRROR} \
-    && pip install --no-cache-dir -r requirements/requirements.txt
+    && pip install --no-cache-dir -r requirements/requirements.txt -i ${PIP_MIRROR} \
+    && rm -rf ~/.cache/pip
 
 COPY --from=stage-build /opt/jumpserver/release/jumpserver /opt/jumpserver
 RUN mkdir -p /root/.ssh/ \
     && echo "Host *\n\tStrictHostKeyChecking no\n\tUserKnownHostsFile /dev/null" > /root/.ssh/config
 
-RUN mkdir -p /opt/jumpserver/oracle/
-ADD https://f2c-north-rel.oss-cn-qingdao.aliyuncs.com/2.0/north/jumpserver/instantclient-basiclite-linux.x64-21.1.0.0.0.tar /opt/jumpserver/oracle/
-RUN tar xvf /opt/jumpserver/oracle/instantclient-basiclite-linux.x64-21.1.0.0.0.tar -C /opt/jumpserver/oracle/
-RUN sh -c "echo /opt/jumpserver/oracle/instantclient_21_1 > /etc/ld.so.conf.d/oracle-instantclient.conf"
-RUN ldconfig
+RUN mkdir -p /opt/jumpserver/oracle/ \
+    && wget https://download.jumpserver.org/public/instantclient-basiclite-linux.x64-21.1.0.0.0.tar \
+    && tar xf instantclient-basiclite-linux.x64-21.1.0.0.0.tar -C /opt/jumpserver/oracle/ \
+    && echo "/opt/jumpserver/oracle/instantclient_21_1" > /etc/ld.so.conf.d/oracle-instantclient.conf \
+    && ldconfig \
+    && rm -f instantclient-basiclite-linux.x64-21.1.0.0.0.tar
 
 RUN echo > config.yml
 VOLUME /opt/jumpserver/data

apps/tickets/models/ticket.py

@@ -206,10 +206,12 @@ class Ticket(CommonModelMixin, OrgModelMixin):
         self.save()
         post_change_ticket_action.send(sender=self.__class__, ticket=self, action=action)
 
-    # ticket
-    def has_assignee(self, assignee):
+    def has_current_assignee(self, assignee):
         return self.ticket_steps.filter(ticket_assignees__assignee=assignee, level=self.approval_step).exists()
 
+    def has_all_assignee(self, assignee):
+        return self.ticket_steps.filter(ticket_assignees__assignee=assignee).exists()
+
     @classmethod
     def get_user_related_tickets(cls, user):
         queries = Q(applicant=user) | Q(ticket_steps__ticket_assignees__assignee=user)

apps/tickets/permissions/comment.py

@@ -15,4 +15,7 @@ class IsApplicant(permissions.BasePermission):
 
 class IsAssignee(permissions.BasePermission):
     def has_permission(self, request, view):
-        return view.ticket.has_assignee(request.user)
+        if view.action == 'list':
+            return view.ticket.has_all_assignee(request.user)
+        elif view.action == 'create':
+            return view.ticket.has_current_assignee(request.user)

apps/tickets/permissions/ticket.py

@@ -3,7 +3,7 @@ from rest_framework import permissions
 
 class IsAssignee(permissions.BasePermission):
     def has_object_permission(self, request, view, obj):
-        return obj.has_assignee(request.user)
+        return obj.has_current_assignee(request.user)
 
 
 class IsApplicant(permissions.BasePermission):

requirements/alpine_requirements.txt

@@ -1,2 +1 @@
 gcc make python3-dev python3 libffi-dev mariadb-dev libc-dev libffi-dev krb5-dev openldap-dev jpeg-dev linux-headers sshpass openssh-client
-

requirements/deb_buster_requirements.txt

@@ -1,38 +0,0 @@
-# common
-gcc
-cmake
-curl
-wget
-vim
-locales
-iputils-ping
-
-# mysql-client
-default-mysql-client
-default-libmysqlclient-dev
-
-# Pillow
-libffi-dev
-# libfreetype6-dev
-# libfribidi-dev
-# libharfbuzz-dev
-# libjpeg-turbo-progs
-# libjpeg62-turbo-dev
-# liblcms2-dev
-# libopenjp2-7-dev
-# libtiff5-dev
-# libwebp-dev
-# python3-tk
-# zlib1g-dev
-
-
-# ldap
-openssl
-libssl-dev
-libldap2-dev
-libsasl2-dev
-libkrb5-dev
-sqlite
-
-# ansible
-sshpass

requirements/deb_requirements.txt

@@ -1 +1 @@
-libtiff5-dev libjpeg8-dev zlib1g-dev libfreetype6-dev liblcms2-dev libwebp-dev tcl8.5-dev tk8.5-dev python-tk python-dev openssl libssl-dev libldap2-dev libsasl2-dev sqlite libkrb5-dev sshpass libmysqlclient-dev
+g++ make iputils-ping default-libmysqlclient-dev libpq-dev libffi-dev libldap2-dev libsasl2-dev sshpass

requirements/rpm_requirements.txt

@@ -1 +1 @@
-gcc make krb5-devel libtiff-devel libjpeg-devel libzip-devel freetype-devel lcms2-devel libwebp-devel tcl-devel tk-devel sshpass openldap-devel mariadb-devel mysql-community-devel mysql libffi-devel openssh-clients telnet openldap-clients
+gcc-c++ sshpass mariadb-devel openldap-devel