github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

feat: 资产登录acl动作增加操作日志 (#11741) 

Co-authored-by: feng <1304903146@qq.com>
pull/11747/head
fit2bot 2023-10-07 15:50:28 +08:00 committed by GitHub
parent 0c1f4d99f8
commit 42b4e7697d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 19 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apps/audits/backends/db.py
View File

@ -58,7 +58,7 @@ class OperateLogStore(object):
return diff_list return diff_list
def save(self, **kwargs): def save(self, **kwargs):
log_id = kwargs.get('id', '') log_id = kwargs.get('id')
before = kwargs.pop('before') or {} before = kwargs.pop('before') or {}
after = kwargs.pop('after') or {} after = kwargs.pop('after') or {}

4
apps/audits/const.py
View File

@ -29,6 +29,10 @@ class ActionChoices(TextChoices):
connect = "connect", _("Connect") connect = "connect", _("Connect")
login = "login", _("Login") login = "login", _("Login")
change_auth = "change_password", _("Change password") change_auth = "change_password", _("Change password")
# acls action
reject = 'reject', _('Reject')
accept = 'accept', _('Accept')
review = 'review', _('Review')
class LoginTypeChoices(TextChoices): class LoginTypeChoices(TextChoices):

15
apps/authentication/api/connection_token.py
View File

@ -374,6 +374,17 @@ class ConnectionTokenViewSet(ExtraActionApiMixin, RootOrgViewMixin, JMSModelView
raise JMSException(code='perm_expired', detail=msg) raise JMSException(code='perm_expired', detail=msg)
return account return account
@staticmethod
def _record_operate_log(acl, asset):
from audits.handler import create_or_update_operate_log
after = {str(_('Assets')): str(asset)}
object_name = acl._meta.object_name
resource_type = acl._meta.verbose_name
create_or_update_operate_log(
acl.action, resource_type, resource=acl,
after=after, object_name=object_name
)
def _validate_acl(self, user, asset, account): def _validate_acl(self, user, asset, account):
from acls.models import LoginAssetACL from acls.models import LoginAssetACL
acls = LoginAssetACL.filter_queryset(user=user, asset=asset, account=account) acls = LoginAssetACL.filter_queryset(user=user, asset=asset, account=account)
@ -382,15 +393,17 @@ class ConnectionTokenViewSet(ExtraActionApiMixin, RootOrgViewMixin, JMSModelView
if not acl: if not acl:
return return
if acl.is_action(acl.ActionChoices.accept): if acl.is_action(acl.ActionChoices.accept):
self._record_operate_log(acl, asset)
return return
if acl.is_action(acl.ActionChoices.reject): if acl.is_action(acl.ActionChoices.reject):
self._record_operate_log(acl, asset)
msg = _('ACL action is reject: {}({})'.format(acl.name, acl.id)) msg = _('ACL action is reject: {}({})'.format(acl.name, acl.id))
raise JMSException(code='acl_reject', detail=msg) raise JMSException(code='acl_reject', detail=msg)
if acl.is_action(acl.ActionChoices.review): if acl.is_action(acl.ActionChoices.review):
if not self.request.query_params.get('create_ticket'): if not self.request.query_params.get('create_ticket'):
msg = _('ACL action is review') msg = _('ACL action is review')
raise JMSException(code='acl_review', detail=msg) raise JMSException(code='acl_review', detail=msg)
self._record_operate_log(acl, asset)
ticket = LoginAssetACL.create_login_asset_review_ticket( ticket = LoginAssetACL.create_login_asset_review_ticket(
user=user, asset=asset, account_username=account.username, user=user, asset=asset, account_username=account.username,
assignees=acl.reviewers.all(), org_id=asset.org_id assignees=acl.reviewers.all(), org_id=asset.org_id