Bugfix (#3065)

* [Update] 修复浏览器关闭后session不失效的问题

* [Update] 修改一些内容

* [Update] 解决命令执行找不到对象的问题

* [Update] 修改Permission判断

* [Update] 修改session

* [Update] 修改创建系统用户时没有public key

apps/assets/models/node.py

@@ -212,12 +212,13 @@ class AssetsAmountMixin:
         if cached is not None:
             return cached
         assets_amount = self.get_all_assets().count()
-        cache.set(cache_key, assets_amount, self.cache_time)
         return assets_amount
 
     @assets_amount.setter
     def assets_amount(self, value):
         self._assets_amount = value
+        cache_key = self._assets_amount_cache_key.format(self.key)
+        cache.set(cache_key, value, self.cache_time)
 
     def expire_assets_amount(self):
         ancestor_keys = self.get_ancestor_keys(with_self=True)

apps/assets/serializers/base.py

@@ -59,6 +59,7 @@ class AuthSerializerMixin:
             value = validated_data.get(field)
             if not value:
                 validated_data.pop(field, None)
+
         # print(validated_data)
         # raise serializers.ValidationError(">>>>>>")
 

apps/assets/serializers/system_user.py

@@ -3,6 +3,7 @@ from rest_framework import serializers
 from django.utils.translation import ugettext_lazy as _
 
 from common.serializers import AdaptedBulkListSerializer
+from common.utils import ssh_pubkey_gen
 from orgs.mixins import BulkOrgResourceModelSerializer
 from ..models import SystemUser
 from .base import AuthSerializer, AuthSerializerMixin
@@ -86,6 +87,13 @@ class SystemUserSerializer(AuthSerializerMixin, BulkOrgResourceModelSerializer):
                 private_key, public_key = SystemUser.gen_key(username)
                 attrs["private_key"] = private_key
                 attrs["public_key"] = public_key
+                # 如果设置了private key，没有设置public key则生成
+        elif attrs.get("private_key", None):
+            private_key = attrs["private_key"]
+            password = attrs.get("password")
+            public_key = ssh_pubkey_gen(private_key, password=password,
+                                        username=username)
+            attrs["public_key"] = public_key
         attrs.pop("auto_generate_key", None)
         return attrs
 

apps/common/permissions.py

@@ -49,6 +49,8 @@ class IsOrgAdmin(IsValidUser):
     """Allows access only to superuser"""
 
     def has_permission(self, request, view):
+        if not current_org:
+            return False
         return super(IsOrgAdmin, self).has_permission(request, view) \
             and current_org.can_admin_by(request.user)
 
@@ -57,6 +59,8 @@ class IsOrgAdminOrAppUser(IsValidUser):
     """Allows access between superuser and app user"""
 
     def has_permission(self, request, view):
+        if not current_org:
+            return False
         return super(IsOrgAdminOrAppUser, self).has_permission(request, view) \
             and (current_org.can_admin_by(request.user) or request.user.is_app)
 

apps/jumpserver/middleware.py

@@ -5,6 +5,7 @@ import re
 import pytz
 from django.utils import timezone
 from django.shortcuts import HttpResponse
+from django.conf import settings
 
 from .utils import set_current_request
 
@@ -56,6 +57,7 @@ class RequestMiddleware:
     def __call__(self, request):
         set_current_request(request)
         response = self.get_response(request)
-        age = request.session.get_expiry_age()
+        if not settings.SESSION_EXPIRE_AT_BROWSER_CLOSE:
-        request.session.set_expiry(age)
+            age = request.session.get_expiry_age()
+            request.session.set_expiry(age)
         return response

apps/ops/api/command.py

@@ -4,13 +4,14 @@ from rest_framework import viewsets
 from django.db import transaction
 from django.conf import settings
 
+from orgs.mixins import RootOrgViewMixin
 from common.permissions import IsValidUser
 from ..models import CommandExecution
 from ..serializers import CommandExecutionSerializer
 from ..tasks import run_command_execution
 
 
-class CommandExecutionViewSet(viewsets.ModelViewSet):
+class CommandExecutionViewSet(RootOrgViewMixin, viewsets.ModelViewSet):
     serializer_class = CommandExecutionSerializer
     permission_classes = (IsValidUser,)
 

apps/perms/apps.py

@@ -1,5 +1,6 @@
 from __future__ import unicode_literals
 
+from django.conf import settings
 from django.apps import AppConfig
 
 
@@ -8,4 +9,6 @@ class PermsConfig(AppConfig):
 
     def ready(self):
         from . import signals_handler
+        if not settings.XPACK_ENABLED:
+            settings.ASSETS_PERM_CACHE_ENABLE = False
         return super().ready()

apps/terminal/serializers/v1.py

@@ -27,6 +27,7 @@ class TerminalSerializer(serializers.ModelSerializer):
 
 class SessionSerializer(BulkOrgResourceModelSerializer):
     command_amount = serializers.IntegerField(read_only=True)
+    org_id = serializers.CharField(allow_blank=True)
 
     class Meta:
         model = Session