github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

stash

pull/8566/head
ibuler 2022-07-27 16:51:39 +08:00
parent d176ccde4b
commit 43d3791ddc
6 changed files with 61 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
apps/assets/api/system_user.py
View File

@ -2,6 +2,7 @@
from django.shortcuts import get_object_or_404
from rest_framework.response import Response
from rest_framework.decorators import action
from rest_framework.viewsets import GenericViewSet
from common.utils import get_logger, get_object_or_none
from common.permissions import IsValidUser
@ -20,7 +21,8 @@ logger = get_logger(__file__)
__all__ = [
'SystemUserViewSet', 'SystemUserAuthInfoApi', 'SystemUserAssetAuthInfoApi',
'SystemUserCommandFilterRuleListApi', 'SystemUserTaskApi', 'SystemUserAssetsListView',
'SystemUserTempAuthInfoApi', 'SystemUserAppAuthInfoApi', 'SystemUserAssetAccountApi'
'SystemUserTempAuthInfoApi', 'SystemUserAppAuthInfoApi', 'SystemUserAssetAccountApi',
'SystemUserAssetAccountSecretApi',
]
@ -76,24 +78,61 @@ class SystemUserViewSet(SuggestionMixin, OrgBulkModelViewSet):
return Response(serializer.data)
class SystemUserAssetAccountApi(generics.RetrieveUpdateDestroyAPIView):
class SystemUserAccountViewSet(GenericViewSet):
model = Account
serializer_classes = {
'default': serializers.AccountSerializer,
'account_secret': serializers.AccountSecretSerializer,
}
def get_object(self):
system_user_id = self.kwargs.get('pk')
asset_id = self.kwargs.get('asset_id')
user_id = self.kwargs.get("user_id")
system_user = SystemUser.objects.get(id=system_user_id)
account = system_user.get_account(user_id, asset_id)
return account
@action(methods=['get'], detail=False, url_path='account')
def account(self, request, *args, **kwargs):
pass
@action(methods=['get'], detail=False, url_path='account-secret')
def account_secret(self):
pass
@action(methods=['put'], detail=False, url_path='manual-account')
def manual_account(self, request, *args, **kwargs):
pass
class SystemUserAssetAccountApi(generics.RetrieveAPIView):
model = Account
serializer_class = serializers.AccountSerializer
def get_object(self):
system_user_id = self.kwargs.get('pk')
asset_id = self.kwargs.get('asset_id')
user_id = self.kwargs.get("user_id")
system_user = super().get_object()
system_user = SystemUser.objects.get(id=system_user_id)
account = system_user.get_account(user_id, asset_id)
return account
class SystemUserAssetAccountSecretApi(SystemUserAssetAccountApi):
model = Account
serializer_class = serializers.AccountSecretSerializer
rbac_perms = {
'retrieve': 'assets.view_accountsecret'
}
class SystemUserAuthInfoApi(generics.RetrieveUpdateDestroyAPIView):
"""
Get system user auth info
"""
model = SystemUser
serializer_class = serializers.SystemUserWithAuthInfoSerializer
serializer_class = serializers.AccountSerializer
rbac_perms = {
'retrieve': 'assets.view_systemusersecret',
'list': 'assets.view_systemusersecret',
@ -101,6 +140,14 @@ class SystemUserAuthInfoApi(generics.RetrieveUpdateDestroyAPIView):
'destroy': 'assets.change_systemuser',
}
def get_object(self):
system_user_id = self.kwargs.get('pk')
asset_id = self.kwargs.get('asset_id')
user_id = self.kwargs.get("user_id")
system_user = SystemUser.objects.get(id=system_user_id)
account = system_user.get_account(user_id, asset_id)
return account
def destroy(self, request, *args, **kwargs):
instance = self.get_object()
instance.clear_auth()

2
apps/assets/migrations/0092_auto_20220711_1409.py
View File

@ -75,7 +75,7 @@ class Migration(migrations.Migration):
],
options={
'verbose_name': 'Account',
'permissions': [('view_assetaccountsecret', 'Can view asset account secret'), ('change_assetaccountsecret', 'Can change asset account secret'), ('view_assethistoryaccount', 'Can view asset history account'), ('view_assethistoryaccountsecret', 'Can view asset history account secret')],
'permissions': [('view_accountsecret', 'Can view asset account secret'), ('change_accountsecret', 'Can change asset account secret'), ('view_historyaccount', 'Can view asset history account'), ('view_historyaccountsecret', 'Can view asset history account secret')],
'unique_together': {('username', 'asset')},
},
bases=(models.Model, assets.models.base.AuthMixin, assets.models.user.ProtocolMixin),

8
apps/assets/models/account.py
View File

@ -27,10 +27,10 @@ class Account(BaseUser, AbsConnectivity, ProtocolMixin):
verbose_name = _('Account')
unique_together = [('username', 'asset')]
permissions = [
('view_assetaccountsecret', _('Can view asset account secret')),
('change_assetaccountsecret', _('Can change asset account secret')),
('view_assethistoryaccount', _('Can view asset history account')),
('view_assethistoryaccountsecret', _('Can view asset history account secret')),
('view_accountsecret', _('Can view asset account secret')),
('change_accountsecret', _('Can change asset account secret')),
('view_historyaccount', _('Can view asset history account')),
('view_historyaccountsecret', _('Can view asset history account secret')),
]
def __str__(self):

2
apps/assets/models/user.py
View File

@ -223,7 +223,7 @@ class SystemUser(ProtocolMixin, BaseUser):
return get_object_or_404(Account, asset_id=asset_id, username=username)
def get_account(self, user_id, asset_id):
if self.login_mode == self.LOGIN_AUTO:
if self.login_mode == self.LOGIN_MANUAL:
return self.get_manual_account(user_id, asset_id)
else:
return self.get_auto_account(user_id, asset_id)

6
apps/assets/serializers/system_user.py
View File

@ -298,10 +298,10 @@ class SystemUserAssetRelationSerializer(RelationMixin, serializers.ModelSerializ
asset_display = serializers.ReadOnlyField(label=_('Asset hostname'))
class Meta:
model = SystemUser
model = SystemUser.assets.through
fields = [
"id", "asset", "asset_display", 'systemuser', 'systemuser_display',
"connectivity", 'date_verified', 'org_id'
"id", "asset", "asset_display",
"systemuser", "systemuser_display",
]
use_model_bulk_create = True
model_bulk_create_kwargs = {

4
apps/assets/urls/api_urls.py
View File

@ -45,12 +45,10 @@ urlpatterns = [
path('assets/<uuid:pk>/perm-user-groups/', api.AssetPermUserGroupListApi.as_view(), name='asset-perm-user-group-list'),
path('assets/<uuid:pk>/perm-user-groups/<uuid:perm_user_group_id>/permissions/', api.AssetPermUserGroupPermissionsListApi.as_view(), name='asset-perm-user-group-permission-list'),
path('system-users/<uuid:pk>/auth-info/', api.SystemUserAuthInfoApi.as_view(), name='system-user-auth-info'),
path('system-users/<uuid:pk>/assets/', api.SystemUserAssetsListView.as_view(), name='system-user-assets'),
path('system-users/<uuid:pk>/assets/<uuid:asset_id>/auth-info/', api.SystemUserAssetAuthInfoApi.as_view(), name='system-user-asset-auth-info'),
path('system-users/<uuid:pk>/applications/<uuid:app_id>/auth-info/', api.SystemUserAppAuthInfoApi.as_view(), name='system-user-app-auth-info'),
path('system-users/<uuid:pk>/assets/<uuid:asset_id>/users/<uuid:user_id>/account/', api.SystemUserAssetAccountApi.as_view(), name='system-user-asset-account'),
path('system-users/<uuid:pk>/temp-auth/', api.SystemUserTempAuthInfoApi.as_view(), name='system-user-asset-temp-info'),
path('system-users/<uuid:pk>/assets/<uuid:asset_id>/users/<uuid:user_id>/account-secret/', api.SystemUserAssetAccountSecretApi.as_view(), name='system-user-asset-account-secret'),
path('system-users/<uuid:pk>/tasks/', api.SystemUserTaskApi.as_view(), name='system-user-task-create'),
path('system-users/<uuid:pk>/cmd-filter-rules/', api.SystemUserCommandFilterRuleListApi.as_view(), name='system-user-cmd-filter-rule-list'),
path('cmd-filter-rules/', api.SystemUserCommandFilterRuleListApi.as_view(), name='cmd-filter-rules'),