From aa2255a87e3a2a4fa7b742e6b60afd9ca5c5665f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E8=80=81=E5=B9=BF?= Date: Wed, 5 Feb 2020 12:10:24 +0800 Subject: [PATCH 1/8] =?UTF-8?q?[Update]=20sql=E4=BC=98=E5=8C=96=EF=BC=8C?= =?UTF-8?q?=E6=9F=A5=E8=AF=A2=E7=94=A8=E6=88=B7=E8=B5=84=E4=BA=A7=E6=9D=83?= =?UTF-8?q?=E9=99=90=E6=97=B6=EF=BC=8C=E4=BD=BF=E7=94=A8union=E6=9B=BF?= =?UTF-8?q?=E4=BB=A3or=20(#3681)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/perms/utils/asset_permission.py | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/apps/perms/utils/asset_permission.py b/apps/perms/utils/asset_permission.py index 3ba5c68d6..c0f46f127 100644 --- a/apps/perms/utils/asset_permission.py +++ b/apps/perms/utils/asset_permission.py @@ -25,12 +25,14 @@ __all__ = [ def get_user_permissions(user, include_group=True): + permissions = AssetPermission.get_queryset_with_prefetch().filter(users=user) if include_group: groups = user.groups.all() - arg = Q(users=user) | Q(user_groups__in=groups) - else: - arg = Q(users=user) - return AssetPermission.get_queryset_with_prefetch().filter(arg) + permissions_groups = AssetPermission.get_queryset_with_prefetch().filter( + user_groups__in=groups + ) + permissions = permissions.union(permissions_groups) + return permissions def get_user_group_permissions(user_group): @@ -40,12 +42,14 @@ def get_user_group_permissions(user_group): def get_asset_permissions(asset, include_node=True): + permissions = AssetPermission.get_queryset_with_prefetch().filter(asset=asset) if include_node: nodes = asset.get_all_nodes(flat=True) - arg = Q(assets=asset) | Q(nodes__in=nodes) - else: - arg = Q(assets=asset) - return AssetPermission.objects.valid().filter(arg) + permissions_nodes = AssetPermission.get_queryset_with_prefetch().filter( + nodes__in=nodes + ) + permissions = permissions.union(permissions_nodes) + return permissions def get_node_permissions(node): From 3c69860b2437553c1c511448d4032b6f1aadb298 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E8=80=81=E5=B9=BF?= Date: Wed, 5 Feb 2020 15:56:28 +0800 Subject: [PATCH 2/8] =?UTF-8?q?[Update]=20=E4=BC=98=E5=8C=96sql,=20or?= =?UTF-8?q?=E6=96=B9=E5=BC=8F=E6=94=B9=E4=B8=BAunion=20(#3682)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * [Update] 优化sql, or方式改为union * [Update] 优化union操作,直接union后,queryset 的一些参数不能使用,如annoate, 如filter assets__isnull=True --- apps/common/utils/django.py | 14 ++++++++++++++ apps/perms/api/asset_permission.py | 16 +++++++--------- apps/perms/models/asset_permission.py | 2 +- apps/perms/models/base.py | 9 +++++---- apps/perms/utils/asset_permission.py | 20 +++++++++++--------- apps/perms/utils/database_app_permission.py | 14 ++++++++------ apps/perms/utils/remote_app_permission.py | 12 +++++++----- 7 files changed, 53 insertions(+), 34 deletions(-) diff --git a/apps/common/utils/django.py b/apps/common/utils/django.py index 815bb16b1..50c3f0ea1 100644 --- a/apps/common/utils/django.py +++ b/apps/common/utils/django.py @@ -2,6 +2,7 @@ # import re from django.shortcuts import reverse as dj_reverse +from django.db.models import Subquery, QuerySet from django.conf import settings from django.utils import timezone @@ -35,3 +36,16 @@ def date_expired_default(): years = 70 return timezone.now() + timezone.timedelta(days=365*years) + +def union_queryset(*args, base_queryset=None): + if len(args) == 1: + return args[0] + elif len(args) == 0: + raise ValueError("args is empty") + args = [q.order_by() for q in args] + sub_query = args[0].union(*args[1:]) + queryset_id = list(sub_query.values_list('id', flat=True)) + if not base_queryset: + base_queryset = args[0].model.objects + queryset = base_queryset.filter(id__in=queryset_id) + return queryset diff --git a/apps/perms/api/asset_permission.py b/apps/perms/api/asset_permission.py index 724b1d197..72cab48f1 100644 --- a/apps/perms/api/asset_permission.py +++ b/apps/perms/api/asset_permission.py @@ -1,11 +1,9 @@ # -*- coding: utf-8 -*- # -from django.db.models import Q - from common.permissions import IsOrgAdmin from orgs.mixins.api import OrgModelViewSet -from common.utils import get_object_or_none +from common.utils import get_object_or_none, union_queryset from ..models import AssetPermission from ..hands import ( User, UserGroup, Asset, Node, SystemUser, @@ -111,9 +109,9 @@ class AssetPermissionViewSet(OrgModelViewSet): continue ancestor_keys = Node.get_node_ancestor_keys(key, with_self=True) inherit_all_nodes.update(ancestor_keys) - queryset = queryset.filter( - Q(assets__in=assets) | Q(nodes__key__in=inherit_all_nodes) - ).distinct() + assets_queryset = queryset.filter(assets__in=assets) + nodes_queryset = queryset.filter(nodes__key__in=inherit_all_nodes) + queryset = union_queryset(assets_queryset, nodes_queryset) return queryset def filter_user(self, queryset): @@ -131,9 +129,9 @@ class AssetPermissionViewSet(OrgModelViewSet): queryset = queryset.filter(users=user) return queryset groups = user.groups.all() - queryset = queryset.filter( - Q(users=user) | Q(user_groups__in=groups) - ).distinct() + users_queryset = queryset.filter(users=user) + groups_queryset = queryset.filter(user_groups__in=groups) + queryset = union_queryset(users_queryset, groups_queryset) return queryset def filter_user_group(self, queryset): diff --git a/apps/perms/models/asset_permission.py b/apps/perms/models/asset_permission.py index a1af50690..1d92b9852 100644 --- a/apps/perms/models/asset_permission.py +++ b/apps/perms/models/asset_permission.py @@ -93,7 +93,7 @@ class AssetPermission(BasePermission): models.Prefetch('nodes', queryset=Node.objects.all().only('key')), models.Prefetch('assets', queryset=Asset.objects.all().only('id')), models.Prefetch('system_users', queryset=SystemUser.objects.all().only('id')) - ) + ).order_by() def get_all_assets(self): from assets.models import Node diff --git a/apps/perms/models/base.py b/apps/perms/models/base.py index 950d54b10..2885711ae 100644 --- a/apps/perms/models/base.py +++ b/apps/perms/models/base.py @@ -8,7 +8,7 @@ from django.db.models import Q from django.utils import timezone from orgs.mixins.models import OrgModelMixin -from common.utils import date_expired_default, set_or_append_attr_bulk +from common.utils import date_expired_default, union_queryset from orgs.mixins.models import OrgManager @@ -83,7 +83,8 @@ class BasePermission(OrgModelMixin): from users.models import User users_id = self.users.all().values_list('id', flat=True) groups_id = self.user_groups.all().values_list('id', flat=True) - users = User.objects.filter( - Q(id__in=users_id) | Q(groups__id__in=groups_id) - ).distinct() + users = User.objects.filter(id__in=users_id) + if groups_id: + groups_users = User.objects.filter(groups__id__in=groups_id) + users = union_queryset(users, groups_users) return users diff --git a/apps/perms/utils/asset_permission.py b/apps/perms/utils/asset_permission.py index c0f46f127..0f56b0779 100644 --- a/apps/perms/utils/asset_permission.py +++ b/apps/perms/utils/asset_permission.py @@ -9,7 +9,7 @@ from django.db.models import Q from django.conf import settings from orgs.utils import set_to_root_org -from common.utils import get_logger, timeit, lazyproperty +from common.utils import get_logger, timeit, lazyproperty, union_queryset from common.tree import TreeNode from assets.utils import TreeService from ..models import AssetPermission @@ -25,13 +25,16 @@ __all__ = [ def get_user_permissions(user, include_group=True): - permissions = AssetPermission.get_queryset_with_prefetch().filter(users=user) + permissions = AssetPermission.objects.filter(users=user) if include_group: groups = user.groups.all() - permissions_groups = AssetPermission.get_queryset_with_prefetch().filter( + permissions_groups = AssetPermission.objects.filter( user_groups__in=groups ) - permissions = permissions.union(permissions_groups) + base_queryset = AssetPermission.get_queryset_with_prefetch() + permissions = union_queryset( + permissions, permissions_groups, base_queryset=base_queryset + ) return permissions @@ -42,13 +45,12 @@ def get_user_group_permissions(user_group): def get_asset_permissions(asset, include_node=True): - permissions = AssetPermission.get_queryset_with_prefetch().filter(asset=asset) + permissions = AssetPermission.objects.filter(asset=asset) if include_node: nodes = asset.get_all_nodes(flat=True) - permissions_nodes = AssetPermission.get_queryset_with_prefetch().filter( - nodes__in=nodes - ) - permissions = permissions.union(permissions_nodes) + base_queryset = AssetPermission.get_queryset_with_prefetch() + permissions_nodes = AssetPermission.objects.filter(nodes__in=nodes) + permissions = union_queryset(permissions, permissions_nodes, base_queryset=base_queryset) return permissions diff --git a/apps/perms/utils/database_app_permission.py b/apps/perms/utils/database_app_permission.py index 9420ab676..88bbd1eb6 100644 --- a/apps/perms/utils/database_app_permission.py +++ b/apps/perms/utils/database_app_permission.py @@ -1,11 +1,11 @@ # coding: utf-8 # -from django.db.models import Q from django.utils.translation import ugettext as _ -from orgs.utils import set_to_root_org +from orgs.utils import set_to_root_org from ..models import DatabaseAppPermission +from common.utils import union_queryset from common.tree import TreeNode from applications.models import DatabaseApp from assets.models import SystemUser @@ -17,13 +17,15 @@ __all__ = [ 'parse_database_app_to_tree_node' ] + def get_user_database_app_permissions(user, include_group=True): + permissions = DatabaseAppPermission.objects.all().valid().filter(users=user) if include_group: groups = user.groups.all() - arg = Q(users=user) | Q(user_groups__in=groups) - else: - arg = Q(users=user) - return DatabaseAppPermission.objects.all().valid().filter(arg) + groups_permissions = DatabaseAppPermission.objects.all().valid()\ + .filter(user_groups__in=groups) + permissions = union_queryset(permissions, groups_permissions) + return permissions def get_user_group_database_app_permission(user_group): diff --git a/apps/perms/utils/remote_app_permission.py b/apps/perms/utils/remote_app_permission.py index 8f84bf224..9ffab0e61 100644 --- a/apps/perms/utils/remote_app_permission.py +++ b/apps/perms/utils/remote_app_permission.py @@ -1,10 +1,10 @@ # coding: utf-8 # -from django.db.models import Q from django.utils.translation import ugettext as _ from common.tree import TreeNode +from common.utils import union_queryset from orgs.utils import set_to_root_org from ..models import RemoteAppPermission @@ -18,12 +18,14 @@ __all__ = [ def get_user_remote_app_permissions(user, include_group=True): + permissions = RemoteAppPermission.objects.all().valid().filter(users=user) if include_group: groups = user.groups.all() - arg = Q(users=user) | Q(user_groups__in=groups) - else: - arg = Q(users=user) - return RemoteAppPermission.objects.all().valid().filter(arg) + groups_permissions = RemoteAppPermission.objects.all().valid().filter( + user_groups__in=groups + ) + permissions = union_queryset(permissions, groups_permissions) + return permissions def get_user_group_remote_app_permissions(user_group): From edf6baa52d2113e907f774f3fe6ef7f4142ee8de Mon Sep 17 00:00:00 2001 From: ibuler Date: Fri, 7 Feb 2020 17:24:52 +0800 Subject: [PATCH 3/8] =?UTF-8?q?[Update]=20=E4=BF=AE=E6=94=B9api=E5=88=9B?= =?UTF-8?q?=E5=BB=BA=E7=9A=84token=E6=9C=89=E6=95=88=E6=9C=9F=E6=98=AF600s?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/authentication/api/token.py | 1 + 1 file changed, 1 insertion(+) diff --git a/apps/authentication/api/token.py b/apps/authentication/api/token.py index bea70e4b7..6c6a34aa2 100644 --- a/apps/authentication/api/token.py +++ b/apps/authentication/api/token.py @@ -23,6 +23,7 @@ class TokenCreateApi(AuthMixin, CreateAPIView): def create_session_if_need(self): if self.request.session.is_empty(): self.request.session.create() + self.request.session.set_expiry(600) def create(self, request, *args, **kwargs): self.create_session_if_need() From 5d313a827b1c66027d6a7c9b9c136d15705c344b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E8=80=81=E5=B9=BF?= Date: Thu, 13 Feb 2020 15:17:13 +0800 Subject: [PATCH 4/8] =?UTF-8?q?[Update]=20=E4=BC=98=E5=8C=96session=20?= =?UTF-8?q?=E7=B4=A2=E5=BC=95=20is=5Ffinished=20(#3697)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../migrations/0021_auto_20200213_1316.py | 18 ++++++++++++++++++ apps/terminal/models.py | 2 +- 2 files changed, 19 insertions(+), 1 deletion(-) create mode 100644 apps/terminal/migrations/0021_auto_20200213_1316.py diff --git a/apps/terminal/migrations/0021_auto_20200213_1316.py b/apps/terminal/migrations/0021_auto_20200213_1316.py new file mode 100644 index 000000000..7b1c62b38 --- /dev/null +++ b/apps/terminal/migrations/0021_auto_20200213_1316.py @@ -0,0 +1,18 @@ +# Generated by Django 2.2.10 on 2020-02-13 05:16 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('terminal', '0020_auto_20191218_1721'), + ] + + operations = [ + migrations.AlterField( + model_name='session', + name='is_finished', + field=models.BooleanField(db_index=True, default=False), + ), + ] diff --git a/apps/terminal/models.py b/apps/terminal/models.py index 04bc74c67..66ca84907 100644 --- a/apps/terminal/models.py +++ b/apps/terminal/models.py @@ -181,7 +181,7 @@ class Session(OrgModelMixin): system_user_id = models.CharField(blank=True, default='', max_length=36, db_index=True) login_from = models.CharField(max_length=2, choices=LOGIN_FROM_CHOICES, default="ST") remote_addr = models.CharField(max_length=128, verbose_name=_("Remote addr"), blank=True, null=True) - is_finished = models.BooleanField(default=False) + is_finished = models.BooleanField(default=False, db_index=True) has_replay = models.BooleanField(default=False, verbose_name=_("Replay")) has_command = models.BooleanField(default=False, verbose_name=_("Command")) terminal = models.ForeignKey(Terminal, null=True, on_delete=models.SET_NULL) From 62d2e01cdf1050cf258272a8b33e4171598d4556 Mon Sep 17 00:00:00 2001 From: Bai Date: Fri, 14 Feb 2020 10:40:18 +0800 Subject: [PATCH 5/8] =?UTF-8?q?[Update]=20=E4=BF=AE=E6=94=B9=E7=BB=88?= =?UTF-8?q?=E7=AB=AF=E8=8E=B7=E5=8F=96=E7=99=BB=E5=BD=95=E6=A0=87=E9=A2=98?= =?UTF-8?q?=E9=85=8D=E7=BD=AE=E7=9A=84=E9=80=BB=E8=BE=91?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/terminal/models.py | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/apps/terminal/models.py b/apps/terminal/models.py index 04bc74c67..311e4d07b 100644 --- a/apps/terminal/models.py +++ b/apps/terminal/models.py @@ -90,6 +90,14 @@ class Terminal(models.Model): config = self.get_replay_storage_config() return {"TERMINAL_REPLAY_STORAGE": config} + @staticmethod + def get_login_title_setting(): + login_title = None + if settings.XPACK_ENABLED: + from xpack.plugins.interface.models import Interface + login_title = Interface.get_login_title() + return {'TERMINAL_HEADER_TITLE': login_title} + @property def config(self): configs = {} @@ -99,6 +107,7 @@ class Terminal(models.Model): configs[k] = getattr(settings, k) configs.update(self.get_command_storage_setting()) configs.update(self.get_replay_storage_setting()) + configs.update(self.get_login_title_setting()) configs.update({ 'SECURITY_MAX_IDLE_TIME': settings.SECURITY_MAX_IDLE_TIME }) From 8b8b11ce1e7e7a682ebe5de320cf5b9ee4238591 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E8=80=81=E5=B9=BF?= Date: Sat, 15 Feb 2020 20:49:20 +0800 Subject: [PATCH 6/8] =?UTF-8?q?[Update]=20=E6=81=A2=E5=A4=8D=E5=88=B0?= =?UTF-8?q?=E5=8E=9F=E6=9D=A5=E7=9A=84sql=20(#3707)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/perms/api/asset_permission.py | 15 +++++++------ apps/perms/api/user_permission/common.py | 2 ++ apps/perms/models/base.py | 9 ++++---- apps/perms/utils/asset_permission.py | 24 ++++++++------------- apps/perms/utils/database_app_permission.py | 11 +++++----- apps/perms/utils/remote_app_permission.py | 12 +++++------ 6 files changed, 33 insertions(+), 40 deletions(-) diff --git a/apps/perms/api/asset_permission.py b/apps/perms/api/asset_permission.py index 72cab48f1..ff477f5af 100644 --- a/apps/perms/api/asset_permission.py +++ b/apps/perms/api/asset_permission.py @@ -1,9 +1,10 @@ # -*- coding: utf-8 -*- # +from django.db.models import Q from common.permissions import IsOrgAdmin from orgs.mixins.api import OrgModelViewSet -from common.utils import get_object_or_none, union_queryset +from common.utils import get_object_or_none from ..models import AssetPermission from ..hands import ( User, UserGroup, Asset, Node, SystemUser, @@ -109,9 +110,9 @@ class AssetPermissionViewSet(OrgModelViewSet): continue ancestor_keys = Node.get_node_ancestor_keys(key, with_self=True) inherit_all_nodes.update(ancestor_keys) - assets_queryset = queryset.filter(assets__in=assets) - nodes_queryset = queryset.filter(nodes__key__in=inherit_all_nodes) - queryset = union_queryset(assets_queryset, nodes_queryset) + queryset = queryset.filter( + Q(assets__in=assets) | Q(nodes__key__in=inherit_all_nodes) + ).distinct() return queryset def filter_user(self, queryset): @@ -129,9 +130,9 @@ class AssetPermissionViewSet(OrgModelViewSet): queryset = queryset.filter(users=user) return queryset groups = user.groups.all() - users_queryset = queryset.filter(users=user) - groups_queryset = queryset.filter(user_groups__in=groups) - queryset = union_queryset(users_queryset, groups_queryset) + queryset = queryset.filter( + Q(users=user) | Q(user_groups__in=groups) + ).distinct() return queryset def filter_user_group(self, queryset): diff --git a/apps/perms/api/user_permission/common.py b/apps/perms/api/user_permission/common.py index 12469d3da..370a921b4 100644 --- a/apps/perms/api/user_permission/common.py +++ b/apps/perms/api/user_permission/common.py @@ -105,6 +105,7 @@ class UserGrantedAssetSystemUsersApi(UserAssetPermissionMixin, ListAPIView): only_fields = serializers.AssetSystemUserSerializer.Meta.only_fields def get_queryset(self): + import time asset_id = self.kwargs.get('asset_id') asset = get_object_or_404(Asset, id=asset_id) system_users_with_actions = self.util.get_asset_system_users_with_actions(asset) @@ -114,3 +115,4 @@ class UserGrantedAssetSystemUsersApi(UserAssetPermissionMixin, ListAPIView): system_users.append(system_user) system_users.sort(key=lambda x: x.priority) return system_users + diff --git a/apps/perms/models/base.py b/apps/perms/models/base.py index 2885711ae..da40ced9d 100644 --- a/apps/perms/models/base.py +++ b/apps/perms/models/base.py @@ -8,7 +8,7 @@ from django.db.models import Q from django.utils import timezone from orgs.mixins.models import OrgModelMixin -from common.utils import date_expired_default, union_queryset +from common.utils import date_expired_default from orgs.mixins.models import OrgManager @@ -83,8 +83,7 @@ class BasePermission(OrgModelMixin): from users.models import User users_id = self.users.all().values_list('id', flat=True) groups_id = self.user_groups.all().values_list('id', flat=True) - users = User.objects.filter(id__in=users_id) - if groups_id: - groups_users = User.objects.filter(groups__id__in=groups_id) - users = union_queryset(users, groups_users) + users = User.objects.filter( + Q(id__in=users_id) | Q(groups__id__in=groups_id) + ).distinct() return users diff --git a/apps/perms/utils/asset_permission.py b/apps/perms/utils/asset_permission.py index 0f56b0779..3ba5c68d6 100644 --- a/apps/perms/utils/asset_permission.py +++ b/apps/perms/utils/asset_permission.py @@ -9,7 +9,7 @@ from django.db.models import Q from django.conf import settings from orgs.utils import set_to_root_org -from common.utils import get_logger, timeit, lazyproperty, union_queryset +from common.utils import get_logger, timeit, lazyproperty from common.tree import TreeNode from assets.utils import TreeService from ..models import AssetPermission @@ -25,17 +25,12 @@ __all__ = [ def get_user_permissions(user, include_group=True): - permissions = AssetPermission.objects.filter(users=user) if include_group: groups = user.groups.all() - permissions_groups = AssetPermission.objects.filter( - user_groups__in=groups - ) - base_queryset = AssetPermission.get_queryset_with_prefetch() - permissions = union_queryset( - permissions, permissions_groups, base_queryset=base_queryset - ) - return permissions + arg = Q(users=user) | Q(user_groups__in=groups) + else: + arg = Q(users=user) + return AssetPermission.get_queryset_with_prefetch().filter(arg) def get_user_group_permissions(user_group): @@ -45,13 +40,12 @@ def get_user_group_permissions(user_group): def get_asset_permissions(asset, include_node=True): - permissions = AssetPermission.objects.filter(asset=asset) if include_node: nodes = asset.get_all_nodes(flat=True) - base_queryset = AssetPermission.get_queryset_with_prefetch() - permissions_nodes = AssetPermission.objects.filter(nodes__in=nodes) - permissions = union_queryset(permissions, permissions_nodes, base_queryset=base_queryset) - return permissions + arg = Q(assets=asset) | Q(nodes__in=nodes) + else: + arg = Q(assets=asset) + return AssetPermission.objects.valid().filter(arg) def get_node_permissions(node): diff --git a/apps/perms/utils/database_app_permission.py b/apps/perms/utils/database_app_permission.py index 88bbd1eb6..38aac99c1 100644 --- a/apps/perms/utils/database_app_permission.py +++ b/apps/perms/utils/database_app_permission.py @@ -2,10 +2,10 @@ # from django.utils.translation import ugettext as _ +from django.db.models import Q from orgs.utils import set_to_root_org from ..models import DatabaseAppPermission -from common.utils import union_queryset from common.tree import TreeNode from applications.models import DatabaseApp from assets.models import SystemUser @@ -19,13 +19,12 @@ __all__ = [ def get_user_database_app_permissions(user, include_group=True): - permissions = DatabaseAppPermission.objects.all().valid().filter(users=user) if include_group: groups = user.groups.all() - groups_permissions = DatabaseAppPermission.objects.all().valid()\ - .filter(user_groups__in=groups) - permissions = union_queryset(permissions, groups_permissions) - return permissions + arg = Q(users=user) | Q(user_groups__in=groups) + else: + arg = Q(users=user) + return DatabaseAppPermission.objects.all().valid().filter(arg) def get_user_group_database_app_permission(user_group): diff --git a/apps/perms/utils/remote_app_permission.py b/apps/perms/utils/remote_app_permission.py index 9ffab0e61..ea0cb9e4b 100644 --- a/apps/perms/utils/remote_app_permission.py +++ b/apps/perms/utils/remote_app_permission.py @@ -2,9 +2,9 @@ # from django.utils.translation import ugettext as _ +from django.db.models import Q from common.tree import TreeNode -from common.utils import union_queryset from orgs.utils import set_to_root_org from ..models import RemoteAppPermission @@ -18,14 +18,12 @@ __all__ = [ def get_user_remote_app_permissions(user, include_group=True): - permissions = RemoteAppPermission.objects.all().valid().filter(users=user) if include_group: groups = user.groups.all() - groups_permissions = RemoteAppPermission.objects.all().valid().filter( - user_groups__in=groups - ) - permissions = union_queryset(permissions, groups_permissions) - return permissions + arg = Q(users=user) | Q(user_groups__in=groups) + else: + arg = Q(users=user) + return RemoteAppPermission.objects.all().valid().filter(arg) def get_user_group_remote_app_permissions(user_group): From 98bb6c63f54d31db8c527f2c66dc26598aeb523b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E8=80=81=E5=B9=BF?= Date: Mon, 24 Feb 2020 12:00:20 +0800 Subject: [PATCH 7/8] =?UTF-8?q?[Update]=20=E4=BF=AE=E6=94=B9=E5=88=87?= =?UTF-8?q?=E6=8D=A2=E7=BB=84=E7=BB=87=E5=90=8E=E9=A1=B5=E9=9D=A2=E8=B7=B3?= =?UTF-8?q?=E8=BD=AC=20(#3715)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/jumpserver/conf.py | 1 + apps/jumpserver/settings/custom.py | 1 + apps/orgs/views.py | 4 ++++ 3 files changed, 6 insertions(+) diff --git a/apps/jumpserver/conf.py b/apps/jumpserver/conf.py index 70876623e..8707690c2 100644 --- a/apps/jumpserver/conf.py +++ b/apps/jumpserver/conf.py @@ -193,6 +193,7 @@ class Config(dict): 'FORCE_SCRIPT_NAME': '', 'LOGIN_CONFIRM_ENABLE': False, 'WINDOWS_SKIP_ALL_MANUAL_PASSWORD': False, + 'ORG_CHANGE_TO_URL': '' } def convert_type(self, k, v): diff --git a/apps/jumpserver/settings/custom.py b/apps/jumpserver/settings/custom.py index 0a910f984..cdffa0b61 100644 --- a/apps/jumpserver/settings/custom.py +++ b/apps/jumpserver/settings/custom.py @@ -82,3 +82,4 @@ USER_GUIDE_URL = DYNAMIC.USER_GUIDE_URL HTTP_LISTEN_PORT = CONFIG.HTTP_LISTEN_PORT WS_LISTEN_PORT = CONFIG.WS_LISTEN_PORT LOGIN_LOG_KEEP_DAYS = DYNAMIC.LOGIN_LOG_KEEP_DAYS +ORG_CHANGE_TO_URL = CONFIG.ORG_CHANGE_TO_URL diff --git a/apps/orgs/views.py b/apps/orgs/views.py index d599fbab3..0cbcd00e0 100644 --- a/apps/orgs/views.py +++ b/apps/orgs/views.py @@ -1,4 +1,5 @@ from django.shortcuts import redirect, reverse +from django.conf import settings from django.http import HttpResponseForbidden from django.views.generic import DetailView, View @@ -16,6 +17,9 @@ class SwitchOrgView(DetailView): self.object = Organization.get_instance(pk) oid = str(self.object.id) request.session['oid'] = oid + org_change_to_url = settings.ORG_CHANGE_TO_URL + if org_change_to_url: + return redirect(org_change_to_url) host = request.get_host() referer = request.META.get('HTTP_REFERER', '') if referer.find(host) == -1: From bcae30814de3505a83d37e9d47ffa0c9a00037c3 Mon Sep 17 00:00:00 2001 From: ibuler Date: Mon, 24 Feb 2020 12:06:02 +0800 Subject: [PATCH 8/8] =?UTF-8?q?[Update]=20=E4=BF=AE=E6=94=B9=E5=AF=BC?= =?UTF-8?q?=E5=85=A5?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/perms/api/user_permission/common.py | 1 - 1 file changed, 1 deletion(-) diff --git a/apps/perms/api/user_permission/common.py b/apps/perms/api/user_permission/common.py index 370a921b4..badd5cbbc 100644 --- a/apps/perms/api/user_permission/common.py +++ b/apps/perms/api/user_permission/common.py @@ -105,7 +105,6 @@ class UserGrantedAssetSystemUsersApi(UserAssetPermissionMixin, ListAPIView): only_fields = serializers.AssetSystemUserSerializer.Meta.only_fields def get_queryset(self): - import time asset_id = self.kwargs.get('asset_id') asset = get_object_or_404(Asset, id=asset_id) system_users_with_actions = self.util.get_asset_system_users_with_actions(asset)