diff --git a/Dockerfile b/Dockerfile index 769209673..d8652be34 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,3 @@ -# 编译代码 FROM python:3.8.6-slim as stage-build MAINTAINER JumpServer Team ARG VERSION @@ -8,22 +7,18 @@ WORKDIR /opt/jumpserver ADD . . RUN cd utils && bash -ixeu build.sh - -# 构建运行时环境 FROM python:3.8.6-slim ARG PIP_MIRROR=https://pypi.douban.com/simple ENV PIP_MIRROR=$PIP_MIRROR -ARG PIP_JMS_MIRROR=https://pypi.douban.com/simple -ENV PIP_JMS_MIRROR=$PIP_JMS_MIRROR WORKDIR /opt/jumpserver -COPY ./requirements/deb_buster_requirements.txt ./requirements/deb_buster_requirements.txt +COPY ./requirements/deb_requirements.txt ./requirements/deb_requirements.txt RUN sed -i 's/deb.debian.org/mirrors.aliyun.com/g' /etc/apt/sources.list \ && sed -i 's/security.debian.org/mirrors.aliyun.com/g' /etc/apt/sources.list \ && apt update \ - && apt -y install telnet iproute2 redis-tools \ - && grep -v '^#' ./requirements/deb_buster_requirements.txt | xargs apt -y install \ + && apt -y install telnet iproute2 redis-tools default-mysql-client vim wget curl locales \ + && apt -y install $(cat requirements/deb_requirements.txt) \ && rm -rf /var/lib/apt/lists/* \ && localedef -c -f UTF-8 -i zh_CN zh_CN.UTF-8 \ && cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \ @@ -32,19 +27,19 @@ RUN sed -i 's/deb.debian.org/mirrors.aliyun.com/g' /etc/apt/sources.list \ COPY ./requirements/requirements.txt ./requirements/requirements.txt RUN pip install --upgrade pip==20.2.4 setuptools==49.6.0 wheel==0.34.2 -i ${PIP_MIRROR} \ - && pip config set global.index-url ${PIP_MIRROR} \ - && pip install --no-cache-dir $(grep 'jms' requirements/requirements.txt) -i ${PIP_JMS_MIRROR} \ - && pip install --no-cache-dir -r requirements/requirements.txt + && pip install --no-cache-dir -r requirements/requirements.txt -i ${PIP_MIRROR} \ + && rm -rf ~/.cache/pip COPY --from=stage-build /opt/jumpserver/release/jumpserver /opt/jumpserver RUN mkdir -p /root/.ssh/ \ && echo "Host *\n\tStrictHostKeyChecking no\n\tUserKnownHostsFile /dev/null" > /root/.ssh/config -RUN mkdir -p /opt/jumpserver/oracle/ -ADD https://f2c-north-rel.oss-cn-qingdao.aliyuncs.com/2.0/north/jumpserver/instantclient-basiclite-linux.x64-21.1.0.0.0.tar /opt/jumpserver/oracle/ -RUN tar xvf /opt/jumpserver/oracle/instantclient-basiclite-linux.x64-21.1.0.0.0.tar -C /opt/jumpserver/oracle/ -RUN sh -c "echo /opt/jumpserver/oracle/instantclient_21_1 > /etc/ld.so.conf.d/oracle-instantclient.conf" -RUN ldconfig +RUN mkdir -p /opt/jumpserver/oracle/ \ + && wget https://download.jumpserver.org/public/instantclient-basiclite-linux.x64-21.1.0.0.0.tar \ + && tar xf instantclient-basiclite-linux.x64-21.1.0.0.0.tar -C /opt/jumpserver/oracle/ \ + && echo "/opt/jumpserver/oracle/instantclient_21_1" > /etc/ld.so.conf.d/oracle-instantclient.conf \ + && ldconfig \ + && rm -f instantclient-basiclite-linux.x64-21.1.0.0.0.tar RUN echo > config.yml VOLUME /opt/jumpserver/data diff --git a/apps/tickets/models/ticket.py b/apps/tickets/models/ticket.py index 9abd29c96..beb6d129b 100644 --- a/apps/tickets/models/ticket.py +++ b/apps/tickets/models/ticket.py @@ -206,10 +206,12 @@ class Ticket(CommonModelMixin, OrgModelMixin): self.save() post_change_ticket_action.send(sender=self.__class__, ticket=self, action=action) - # ticket - def has_assignee(self, assignee): + def has_current_assignee(self, assignee): return self.ticket_steps.filter(ticket_assignees__assignee=assignee, level=self.approval_step).exists() + def has_all_assignee(self, assignee): + return self.ticket_steps.filter(ticket_assignees__assignee=assignee).exists() + @classmethod def get_user_related_tickets(cls, user): queries = Q(applicant=user) | Q(ticket_steps__ticket_assignees__assignee=user) diff --git a/apps/tickets/permissions/comment.py b/apps/tickets/permissions/comment.py index c478c7529..deea43d52 100644 --- a/apps/tickets/permissions/comment.py +++ b/apps/tickets/permissions/comment.py @@ -15,4 +15,7 @@ class IsApplicant(permissions.BasePermission): class IsAssignee(permissions.BasePermission): def has_permission(self, request, view): - return view.ticket.has_assignee(request.user) + if view.action == 'list': + return view.ticket.has_all_assignee(request.user) + elif view.action == 'create': + return view.ticket.has_current_assignee(request.user) diff --git a/apps/tickets/permissions/ticket.py b/apps/tickets/permissions/ticket.py index bd77421a8..29c7dd7b5 100644 --- a/apps/tickets/permissions/ticket.py +++ b/apps/tickets/permissions/ticket.py @@ -3,7 +3,7 @@ from rest_framework import permissions class IsAssignee(permissions.BasePermission): def has_object_permission(self, request, view, obj): - return obj.has_assignee(request.user) + return obj.has_current_assignee(request.user) class IsApplicant(permissions.BasePermission): diff --git a/requirements/alpine_requirements.txt b/requirements/alpine_requirements.txt index 47935bf96..f64e3baf9 100644 --- a/requirements/alpine_requirements.txt +++ b/requirements/alpine_requirements.txt @@ -1,2 +1 @@ gcc make python3-dev python3 libffi-dev mariadb-dev libc-dev libffi-dev krb5-dev openldap-dev jpeg-dev linux-headers sshpass openssh-client - diff --git a/requirements/deb_buster_requirements.txt b/requirements/deb_buster_requirements.txt deleted file mode 100644 index 72cd44b7a..000000000 --- a/requirements/deb_buster_requirements.txt +++ /dev/null @@ -1,38 +0,0 @@ -# common -gcc -cmake -curl -wget -vim -locales -iputils-ping - -# mysql-client -default-mysql-client -default-libmysqlclient-dev - -# Pillow -libffi-dev -# libfreetype6-dev -# libfribidi-dev -# libharfbuzz-dev -# libjpeg-turbo-progs -# libjpeg62-turbo-dev -# liblcms2-dev -# libopenjp2-7-dev -# libtiff5-dev -# libwebp-dev -# python3-tk -# zlib1g-dev - - -# ldap -openssl -libssl-dev -libldap2-dev -libsasl2-dev -libkrb5-dev -sqlite - -# ansible -sshpass diff --git a/requirements/deb_requirements.txt b/requirements/deb_requirements.txt index f32a217e6..6edb70062 100644 --- a/requirements/deb_requirements.txt +++ b/requirements/deb_requirements.txt @@ -1 +1 @@ -libtiff5-dev libjpeg8-dev zlib1g-dev libfreetype6-dev liblcms2-dev libwebp-dev tcl8.5-dev tk8.5-dev python-tk python-dev openssl libssl-dev libldap2-dev libsasl2-dev sqlite libkrb5-dev sshpass libmysqlclient-dev +g++ make iputils-ping default-libmysqlclient-dev libpq-dev libffi-dev libldap2-dev libsasl2-dev sshpass diff --git a/requirements/rpm_requirements.txt b/requirements/rpm_requirements.txt index 0501d2860..a11e46125 100644 --- a/requirements/rpm_requirements.txt +++ b/requirements/rpm_requirements.txt @@ -1 +1 @@ -gcc make krb5-devel libtiff-devel libjpeg-devel libzip-devel freetype-devel lcms2-devel libwebp-devel tcl-devel tk-devel sshpass openldap-devel mariadb-devel mysql-community-devel mysql libffi-devel openssh-clients telnet openldap-clients +gcc-c++ sshpass mariadb-devel openldap-devel