diff --git a/apps/authentication/api/token.py b/apps/authentication/api/token.py index bea70e4b7..6c6a34aa2 100644 --- a/apps/authentication/api/token.py +++ b/apps/authentication/api/token.py @@ -23,6 +23,7 @@ class TokenCreateApi(AuthMixin, CreateAPIView): def create_session_if_need(self): if self.request.session.is_empty(): self.request.session.create() + self.request.session.set_expiry(600) def create(self, request, *args, **kwargs): self.create_session_if_need() diff --git a/apps/common/utils/django.py b/apps/common/utils/django.py index 815bb16b1..50c3f0ea1 100644 --- a/apps/common/utils/django.py +++ b/apps/common/utils/django.py @@ -2,6 +2,7 @@ # import re from django.shortcuts import reverse as dj_reverse +from django.db.models import Subquery, QuerySet from django.conf import settings from django.utils import timezone @@ -35,3 +36,16 @@ def date_expired_default(): years = 70 return timezone.now() + timezone.timedelta(days=365*years) + +def union_queryset(*args, base_queryset=None): + if len(args) == 1: + return args[0] + elif len(args) == 0: + raise ValueError("args is empty") + args = [q.order_by() for q in args] + sub_query = args[0].union(*args[1:]) + queryset_id = list(sub_query.values_list('id', flat=True)) + if not base_queryset: + base_queryset = args[0].model.objects + queryset = base_queryset.filter(id__in=queryset_id) + return queryset diff --git a/apps/jumpserver/conf.py b/apps/jumpserver/conf.py index 70876623e..8707690c2 100644 --- a/apps/jumpserver/conf.py +++ b/apps/jumpserver/conf.py @@ -193,6 +193,7 @@ class Config(dict): 'FORCE_SCRIPT_NAME': '', 'LOGIN_CONFIRM_ENABLE': False, 'WINDOWS_SKIP_ALL_MANUAL_PASSWORD': False, + 'ORG_CHANGE_TO_URL': '' } def convert_type(self, k, v): diff --git a/apps/jumpserver/settings/custom.py b/apps/jumpserver/settings/custom.py index 0a910f984..cdffa0b61 100644 --- a/apps/jumpserver/settings/custom.py +++ b/apps/jumpserver/settings/custom.py @@ -82,3 +82,4 @@ USER_GUIDE_URL = DYNAMIC.USER_GUIDE_URL HTTP_LISTEN_PORT = CONFIG.HTTP_LISTEN_PORT WS_LISTEN_PORT = CONFIG.WS_LISTEN_PORT LOGIN_LOG_KEEP_DAYS = DYNAMIC.LOGIN_LOG_KEEP_DAYS +ORG_CHANGE_TO_URL = CONFIG.ORG_CHANGE_TO_URL diff --git a/apps/orgs/views.py b/apps/orgs/views.py index d599fbab3..0cbcd00e0 100644 --- a/apps/orgs/views.py +++ b/apps/orgs/views.py @@ -1,4 +1,5 @@ from django.shortcuts import redirect, reverse +from django.conf import settings from django.http import HttpResponseForbidden from django.views.generic import DetailView, View @@ -16,6 +17,9 @@ class SwitchOrgView(DetailView): self.object = Organization.get_instance(pk) oid = str(self.object.id) request.session['oid'] = oid + org_change_to_url = settings.ORG_CHANGE_TO_URL + if org_change_to_url: + return redirect(org_change_to_url) host = request.get_host() referer = request.META.get('HTTP_REFERER', '') if referer.find(host) == -1: diff --git a/apps/perms/api/asset_permission.py b/apps/perms/api/asset_permission.py index 724b1d197..ff477f5af 100644 --- a/apps/perms/api/asset_permission.py +++ b/apps/perms/api/asset_permission.py @@ -1,6 +1,5 @@ # -*- coding: utf-8 -*- # - from django.db.models import Q from common.permissions import IsOrgAdmin diff --git a/apps/perms/api/user_permission/common.py b/apps/perms/api/user_permission/common.py index 12469d3da..badd5cbbc 100644 --- a/apps/perms/api/user_permission/common.py +++ b/apps/perms/api/user_permission/common.py @@ -114,3 +114,4 @@ class UserGrantedAssetSystemUsersApi(UserAssetPermissionMixin, ListAPIView): system_users.append(system_user) system_users.sort(key=lambda x: x.priority) return system_users + diff --git a/apps/perms/models/asset_permission.py b/apps/perms/models/asset_permission.py index a1af50690..1d92b9852 100644 --- a/apps/perms/models/asset_permission.py +++ b/apps/perms/models/asset_permission.py @@ -93,7 +93,7 @@ class AssetPermission(BasePermission): models.Prefetch('nodes', queryset=Node.objects.all().only('key')), models.Prefetch('assets', queryset=Asset.objects.all().only('id')), models.Prefetch('system_users', queryset=SystemUser.objects.all().only('id')) - ) + ).order_by() def get_all_assets(self): from assets.models import Node diff --git a/apps/perms/models/base.py b/apps/perms/models/base.py index 950d54b10..da40ced9d 100644 --- a/apps/perms/models/base.py +++ b/apps/perms/models/base.py @@ -8,7 +8,7 @@ from django.db.models import Q from django.utils import timezone from orgs.mixins.models import OrgModelMixin -from common.utils import date_expired_default, set_or_append_attr_bulk +from common.utils import date_expired_default from orgs.mixins.models import OrgManager diff --git a/apps/perms/utils/database_app_permission.py b/apps/perms/utils/database_app_permission.py index 9420ab676..38aac99c1 100644 --- a/apps/perms/utils/database_app_permission.py +++ b/apps/perms/utils/database_app_permission.py @@ -1,10 +1,10 @@ # coding: utf-8 # -from django.db.models import Q from django.utils.translation import ugettext as _ -from orgs.utils import set_to_root_org +from django.db.models import Q +from orgs.utils import set_to_root_org from ..models import DatabaseAppPermission from common.tree import TreeNode from applications.models import DatabaseApp @@ -17,6 +17,7 @@ __all__ = [ 'parse_database_app_to_tree_node' ] + def get_user_database_app_permissions(user, include_group=True): if include_group: groups = user.groups.all() diff --git a/apps/perms/utils/remote_app_permission.py b/apps/perms/utils/remote_app_permission.py index 8f84bf224..ea0cb9e4b 100644 --- a/apps/perms/utils/remote_app_permission.py +++ b/apps/perms/utils/remote_app_permission.py @@ -1,8 +1,8 @@ # coding: utf-8 # -from django.db.models import Q from django.utils.translation import ugettext as _ +from django.db.models import Q from common.tree import TreeNode from orgs.utils import set_to_root_org diff --git a/apps/terminal/migrations/0021_auto_20200213_1316.py b/apps/terminal/migrations/0021_auto_20200213_1316.py new file mode 100644 index 000000000..7b1c62b38 --- /dev/null +++ b/apps/terminal/migrations/0021_auto_20200213_1316.py @@ -0,0 +1,18 @@ +# Generated by Django 2.2.10 on 2020-02-13 05:16 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('terminal', '0020_auto_20191218_1721'), + ] + + operations = [ + migrations.AlterField( + model_name='session', + name='is_finished', + field=models.BooleanField(db_index=True, default=False), + ), + ] diff --git a/apps/terminal/models.py b/apps/terminal/models.py index 04bc74c67..eebeb611c 100644 --- a/apps/terminal/models.py +++ b/apps/terminal/models.py @@ -90,6 +90,14 @@ class Terminal(models.Model): config = self.get_replay_storage_config() return {"TERMINAL_REPLAY_STORAGE": config} + @staticmethod + def get_login_title_setting(): + login_title = None + if settings.XPACK_ENABLED: + from xpack.plugins.interface.models import Interface + login_title = Interface.get_login_title() + return {'TERMINAL_HEADER_TITLE': login_title} + @property def config(self): configs = {} @@ -99,6 +107,7 @@ class Terminal(models.Model): configs[k] = getattr(settings, k) configs.update(self.get_command_storage_setting()) configs.update(self.get_replay_storage_setting()) + configs.update(self.get_login_title_setting()) configs.update({ 'SECURITY_MAX_IDLE_TIME': settings.SECURITY_MAX_IDLE_TIME }) @@ -181,7 +190,7 @@ class Session(OrgModelMixin): system_user_id = models.CharField(blank=True, default='', max_length=36, db_index=True) login_from = models.CharField(max_length=2, choices=LOGIN_FROM_CHOICES, default="ST") remote_addr = models.CharField(max_length=128, verbose_name=_("Remote addr"), blank=True, null=True) - is_finished = models.BooleanField(default=False) + is_finished = models.BooleanField(default=False, db_index=True) has_replay = models.BooleanField(default=False, verbose_name=_("Replay")) has_command = models.BooleanField(default=False, verbose_name=_("Command")) terminal = models.ForeignKey(Terminal, null=True, on_delete=models.SET_NULL)