From 42547751495fbc367658276525026b64d9c5666f Mon Sep 17 00:00:00 2001 From: BaiJiangJie <32935519+BaiJiangJie@users.noreply.github.com> Date: Thu, 1 Aug 2019 17:10:02 +0800 Subject: [PATCH] Bugfix (#3065) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * [Update] 修复浏览器关闭后session不失效的问题 * [Update] 修改一些内容 * [Update] 解决命令执行找不到对象的问题 * [Update] 修改Permission判断 * [Update] 修改session * [Update] 修改创建系统用户时没有public key --- apps/assets/models/node.py | 3 ++- apps/assets/serializers/base.py | 1 + apps/assets/serializers/system_user.py | 8 ++++++++ apps/common/permissions.py | 4 ++++ apps/jumpserver/middleware.py | 6 ++++-- apps/ops/api/command.py | 3 ++- apps/perms/apps.py | 3 +++ apps/terminal/serializers/v1.py | 1 + 8 files changed, 25 insertions(+), 4 deletions(-) diff --git a/apps/assets/models/node.py b/apps/assets/models/node.py index d668cea51..916dae1e2 100644 --- a/apps/assets/models/node.py +++ b/apps/assets/models/node.py @@ -212,12 +212,13 @@ class AssetsAmountMixin: if cached is not None: return cached assets_amount = self.get_all_assets().count() - cache.set(cache_key, assets_amount, self.cache_time) return assets_amount @assets_amount.setter def assets_amount(self, value): self._assets_amount = value + cache_key = self._assets_amount_cache_key.format(self.key) + cache.set(cache_key, value, self.cache_time) def expire_assets_amount(self): ancestor_keys = self.get_ancestor_keys(with_self=True) diff --git a/apps/assets/serializers/base.py b/apps/assets/serializers/base.py index 5e853219b..39e33ffe1 100644 --- a/apps/assets/serializers/base.py +++ b/apps/assets/serializers/base.py @@ -59,6 +59,7 @@ class AuthSerializerMixin: value = validated_data.get(field) if not value: validated_data.pop(field, None) + # print(validated_data) # raise serializers.ValidationError(">>>>>>") diff --git a/apps/assets/serializers/system_user.py b/apps/assets/serializers/system_user.py index 70855c9f7..912e085c0 100644 --- a/apps/assets/serializers/system_user.py +++ b/apps/assets/serializers/system_user.py @@ -3,6 +3,7 @@ from rest_framework import serializers from django.utils.translation import ugettext_lazy as _ from common.serializers import AdaptedBulkListSerializer +from common.utils import ssh_pubkey_gen from orgs.mixins import BulkOrgResourceModelSerializer from ..models import SystemUser from .base import AuthSerializer, AuthSerializerMixin @@ -86,6 +87,13 @@ class SystemUserSerializer(AuthSerializerMixin, BulkOrgResourceModelSerializer): private_key, public_key = SystemUser.gen_key(username) attrs["private_key"] = private_key attrs["public_key"] = public_key + # 如果设置了private key,没有设置public key则生成 + elif attrs.get("private_key", None): + private_key = attrs["private_key"] + password = attrs.get("password") + public_key = ssh_pubkey_gen(private_key, password=password, + username=username) + attrs["public_key"] = public_key attrs.pop("auto_generate_key", None) return attrs diff --git a/apps/common/permissions.py b/apps/common/permissions.py index 8bea6b390..648689165 100644 --- a/apps/common/permissions.py +++ b/apps/common/permissions.py @@ -49,6 +49,8 @@ class IsOrgAdmin(IsValidUser): """Allows access only to superuser""" def has_permission(self, request, view): + if not current_org: + return False return super(IsOrgAdmin, self).has_permission(request, view) \ and current_org.can_admin_by(request.user) @@ -57,6 +59,8 @@ class IsOrgAdminOrAppUser(IsValidUser): """Allows access between superuser and app user""" def has_permission(self, request, view): + if not current_org: + return False return super(IsOrgAdminOrAppUser, self).has_permission(request, view) \ and (current_org.can_admin_by(request.user) or request.user.is_app) diff --git a/apps/jumpserver/middleware.py b/apps/jumpserver/middleware.py index f2ea1f077..c0472d64f 100644 --- a/apps/jumpserver/middleware.py +++ b/apps/jumpserver/middleware.py @@ -5,6 +5,7 @@ import re import pytz from django.utils import timezone from django.shortcuts import HttpResponse +from django.conf import settings from .utils import set_current_request @@ -56,6 +57,7 @@ class RequestMiddleware: def __call__(self, request): set_current_request(request) response = self.get_response(request) - age = request.session.get_expiry_age() - request.session.set_expiry(age) + if not settings.SESSION_EXPIRE_AT_BROWSER_CLOSE: + age = request.session.get_expiry_age() + request.session.set_expiry(age) return response diff --git a/apps/ops/api/command.py b/apps/ops/api/command.py index ab5b97176..c63cbfdb8 100644 --- a/apps/ops/api/command.py +++ b/apps/ops/api/command.py @@ -4,13 +4,14 @@ from rest_framework import viewsets from django.db import transaction from django.conf import settings +from orgs.mixins import RootOrgViewMixin from common.permissions import IsValidUser from ..models import CommandExecution from ..serializers import CommandExecutionSerializer from ..tasks import run_command_execution -class CommandExecutionViewSet(viewsets.ModelViewSet): +class CommandExecutionViewSet(RootOrgViewMixin, viewsets.ModelViewSet): serializer_class = CommandExecutionSerializer permission_classes = (IsValidUser,) diff --git a/apps/perms/apps.py b/apps/perms/apps.py index 216e9c3d7..d6fa5f712 100644 --- a/apps/perms/apps.py +++ b/apps/perms/apps.py @@ -1,5 +1,6 @@ from __future__ import unicode_literals +from django.conf import settings from django.apps import AppConfig @@ -8,4 +9,6 @@ class PermsConfig(AppConfig): def ready(self): from . import signals_handler + if not settings.XPACK_ENABLED: + settings.ASSETS_PERM_CACHE_ENABLE = False return super().ready() diff --git a/apps/terminal/serializers/v1.py b/apps/terminal/serializers/v1.py index 10898ebd6..e2807731c 100644 --- a/apps/terminal/serializers/v1.py +++ b/apps/terminal/serializers/v1.py @@ -27,6 +27,7 @@ class TerminalSerializer(serializers.ModelSerializer): class SessionSerializer(BulkOrgResourceModelSerializer): command_amount = serializers.IntegerField(read_only=True) + org_id = serializers.CharField(allow_blank=True) class Meta: model = Session