diff --git a/apps/accounts/const/account.py b/apps/accounts/const/account.py index 55fa02d80..10a681969 100644 --- a/apps/accounts/const/account.py +++ b/apps/accounts/const/account.py @@ -13,6 +13,7 @@ class AliasAccount(TextChoices): ALL = '@ALL', _('All') INPUT = '@INPUT', _('Manual input') USER = '@USER', _('Dynamic user') + ANON = '@ANON', _('Anonymous account') class Source(TextChoices): diff --git a/apps/accounts/models/account.py b/apps/accounts/models/account.py index 30eb853e3..98890b64f 100644 --- a/apps/accounts/models/account.py +++ b/apps/accounts/models/account.py @@ -88,11 +88,24 @@ class Account(AbsConnectivity, BaseAccount): def has_secret(self): return bool(self.secret) + @classmethod + def get_special_account(cls, name): + if name == AliasAccount.INPUT.value: + return cls.get_manual_account() + elif name == AliasAccount.ANON.value: + return cls.get_anonymous_account() + else: + return cls(name=name, username=name, secret=None) + @classmethod def get_manual_account(cls): """ @INPUT 手动登录的账号(any) """ return cls(name=AliasAccount.INPUT.label, username=AliasAccount.INPUT.value, secret=None) + @classmethod + def get_anonymous_account(cls): + return cls(name=AliasAccount.ANON.label, username=AliasAccount.ANON.value, secret=None) + @lazyproperty def versions(self): return self.history.count() diff --git a/apps/authentication/api/connection_token.py b/apps/authentication/api/connection_token.py index c779540a1..c25da482d 100644 --- a/apps/authentication/api/connection_token.py +++ b/apps/authentication/api/connection_token.py @@ -10,10 +10,11 @@ from django.utils import timezone from django.utils.translation import ugettext_lazy as _ from rest_framework import status from rest_framework.decorators import action -from rest_framework.exceptions import PermissionDenied +from rest_framework.exceptions import PermissionDenied, ValidationError from rest_framework.request import Request from rest_framework.response import Response +from accounts.const import AliasAccount from common.api import JMSModelViewSet from common.exceptions import JMSException from common.utils import random_string, get_logger, get_request_ip @@ -285,13 +286,17 @@ class ConnectionTokenViewSet(ExtraActionApiMixin, RootOrgViewMixin, JMSModelView data['org_id'] = asset.org_id data['user'] = user data['value'] = random_string(16) + + if account_name == AliasAccount.ANON and asset.category not in ['web', 'custom']: + raise ValidationError(_('Anonymous account is not supported for this asset')) + account = self._validate_perm(user, asset, account_name) if account.has_secret: data['input_secret'] = '' - if account.username != '@INPUT': + if account.username != AliasAccount.INPUT: data['input_username'] = '' - if account.username == '@USER': + elif account.username == AliasAccount.USER: data['input_username'] = user.username ticket = self._validate_acl(user, asset, account) diff --git a/apps/authentication/models/connection_token.py b/apps/authentication/models/connection_token.py index b721cb982..3375df145 100644 --- a/apps/authentication/models/connection_token.py +++ b/apps/authentication/models/connection_token.py @@ -9,6 +9,7 @@ from django.utils import timezone from django.utils.translation import ugettext_lazy as _ from rest_framework.exceptions import PermissionDenied +from accounts.const import AliasAccount from assets.const import Protocol from assets.const.host import GATEWAY_NAME from common.db.fields import EncryptTextField @@ -209,30 +210,19 @@ class ConnectionToken(JMSOrgBaseModel): if not self.asset: return None - account = self.asset.accounts.filter(name=self.account).first() - if self.account == '@INPUT' or not account: - data = { - 'name': self.account, - 'username': self.input_username, - 'secret_type': 'password', - 'secret': self.input_secret, - 'su_from': None, - 'org_id': self.asset.org_id, - 'asset': self.asset - } + if self.account.startswith('@'): + account = Account.get_special_account(self.account) + account.asset = self.asset + account.org_id = self.asset.org_id + + if self.account == AliasAccount.INPUT: + account.username = self.input_username + account.secret = self.input_secret else: - data = { - 'id': account.id, - 'name': account.name, - 'username': account.username, - 'secret_type': account.secret_type, - 'secret': account.secret or self.input_secret, - 'su_from': account.su_from, - 'org_id': account.org_id, - 'privileged': account.privileged, - 'asset': self.asset - } - return Account(**data) + account = self.asset.accounts.filter(name=self.account).first() + if not account.secret and self.input_secret: + account.secret = self.input_secret + return account @lazyproperty def domain(self): diff --git a/apps/locale/ja/LC_MESSAGES/django.mo b/apps/locale/ja/LC_MESSAGES/django.mo index 3a7c3347a..809f19e6d 100644 --- a/apps/locale/ja/LC_MESSAGES/django.mo +++ b/apps/locale/ja/LC_MESSAGES/django.mo @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:b0588a31da5eccf0c1408abb00126f3f5cff58c26c5995c1daf3d2d071d06abe -size 146993 +oid sha256:2e28e9c4ff5d91a24d0c176a134f913de93f4a9bd3e9c8fd7aeacaf875a242d5 +size 145813 diff --git a/apps/locale/ja/LC_MESSAGES/django.po b/apps/locale/ja/LC_MESSAGES/django.po index ff25a1171..546a6a635 100644 --- a/apps/locale/ja/LC_MESSAGES/django.po +++ b/apps/locale/ja/LC_MESSAGES/django.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2023-06-30 15:41+0800\n" +"POT-Creation-Date: 2023-06-27 16:02+0800\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" @@ -62,29 +62,33 @@ msgstr "手動入力" msgid "Dynamic user" msgstr "動的コード" -#: accounts/const/account.py:19 users/models/user.py:699 +#: accounts/const/account.py:16 +msgid "Anonymous account" +msgstr "匿名ユーザー" + +#: accounts/const/account.py:20 users/models/user.py:699 msgid "Local" msgstr "ローカル" -#: accounts/const/account.py:20 +#: accounts/const/account.py:21 msgid "Collected" msgstr "集めました" -#: accounts/const/account.py:21 accounts/serializers/account/account.py:27 +#: accounts/const/account.py:22 accounts/serializers/account/account.py:27 #: settings/serializers/auth/sms.py:75 msgid "Template" msgstr "テンプレート" -#: accounts/const/account.py:25 ops/const.py:45 +#: accounts/const/account.py:26 ops/const.py:45 msgid "Skip" msgstr "スキップ" -#: accounts/const/account.py:26 audits/const.py:24 rbac/tree.py:229 +#: accounts/const/account.py:27 audits/const.py:24 rbac/tree.py:229 #: templates/_csv_import_export.html:18 templates/_csv_update_modal.html:6 msgid "Update" msgstr "更新" -#: accounts/const/account.py:27 +#: accounts/const/account.py:28 #: accounts/serializers/automations/change_secret.py:156 audits/const.py:54 #: audits/signal_handlers/activity_log.py:33 common/const/choices.py:19 #: ops/const.py:58 terminal/const.py:62 xpack/plugins/cloud/const.py:41 @@ -189,7 +193,7 @@ msgstr "作成のみ" #: acls/serializers/base.py:118 assets/models/asset/common.py:93 #: assets/models/asset/common.py:331 assets/models/cmd_filter.py:36 #: assets/serializers/domain.py:19 assets/serializers/label.py:27 -#: audits/models.py:53 authentication/models/connection_token.py:35 +#: audits/models.py:53 authentication/models/connection_token.py:36 #: perms/models/asset_permission.py:64 perms/serializers/permission.py:34 #: terminal/backends/command/models.py:20 terminal/models/session/session.py:31 #: terminal/notifications.py:95 terminal/serializers/command.py:17 @@ -197,7 +201,7 @@ msgstr "作成のみ" msgid "Asset" msgstr "資産" -#: accounts/models/account.py:53 accounts/models/account.py:113 +#: accounts/models/account.py:53 accounts/models/account.py:126 #: accounts/serializers/account/account.py:208 #: accounts/serializers/account/account.py:247 #: accounts/serializers/account/template.py:16 @@ -250,15 +254,15 @@ msgstr "アカウントを確認できます" msgid "Can push account" msgstr "アカウントをプッシュできます" -#: accounts/models/account.py:117 +#: accounts/models/account.py:130 msgid "Account template" msgstr "アカウント テンプレート" -#: accounts/models/account.py:122 +#: accounts/models/account.py:135 msgid "Can view asset account template secret" msgstr "アセット アカウント テンプレートのパスワードを表示できます" -#: accounts/models/account.py:123 +#: accounts/models/account.py:136 msgid "Can change asset account template secret" msgstr "アセット アカウント テンプレートのパスワードを変更できます" @@ -639,7 +643,7 @@ msgstr "ID" #: accounts/serializers/account/account.py:427 acls/serializers/base.py:111 #: assets/models/cmd_filter.py:24 assets/models/label.py:16 audits/models.py:49 #: audits/models.py:85 audits/models.py:163 -#: authentication/models/connection_token.py:31 +#: authentication/models/connection_token.py:32 #: authentication/models/sso_token.py:16 #: notifications/models/notification.py:12 #: perms/api/user_permission/mixin.py:55 perms/models/asset_permission.py:58 @@ -812,7 +816,7 @@ msgid "Reviewers" msgstr "レビュー担当者" #: acls/models/base.py:48 authentication/models/access_key.py:17 -#: authentication/models/connection_token.py:52 +#: authentication/models/connection_token.py:53 #: authentication/templates/authentication/_access_key_modal.html:32 #: perms/models/asset_permission.py:76 terminal/models/session/sharing.py:27 #: tickets/const.py:37 @@ -1004,7 +1008,7 @@ msgid "{} disabled" msgstr "{} 無効" #: assets/automations/ping_gateway/manager.py:33 -#: authentication/models/connection_token.py:117 +#: authentication/models/connection_token.py:118 msgid "No account" msgstr "アカウントなし" @@ -1247,7 +1251,7 @@ msgstr "管理ユーザー" msgid "Username same with user" msgstr "ユーザーと同じユーザー名" -#: assets/models/_user.py:52 authentication/models/connection_token.py:40 +#: assets/models/_user.py:52 authentication/models/connection_token.py:41 #: authentication/serializers/connect_token_secret.py:111 #: terminal/models/applet/applet.py:41 terminal/serializers/session.py:18 #: terminal/serializers/session.py:39 terminal/serializers/storage.py:68 @@ -1460,8 +1464,8 @@ msgstr "ゲートウェイ" msgid "Asset group" msgstr "資産グループ" -#: assets/models/group.py:31 assets/models/platform.py:17 -#: assets/serializers/platform.py:112 +#: assets/models/group.py:34 assets/models/platform.py:17 +#: assets/serializers/platform.py:102 #: xpack/plugins/cloud/providers/nutanix.py:30 msgid "Default" msgstr "デフォルト" @@ -1476,7 +1480,7 @@ msgstr "システム" #: assets/models/label.py:19 assets/models/node.py:557 #: assets/serializers/cagegory.py:7 assets/serializers/cagegory.py:14 -#: authentication/models/connection_token.py:28 +#: authentication/models/connection_token.py:29 #: authentication/serializers/connect_token_secret.py:122 #: common/serializers/common.py:86 settings/models.py:34 msgid "Value" @@ -2179,19 +2183,23 @@ msgstr "外部ストレージへのFTPファイルのアップロード" msgid "This action require verify your MFA" msgstr "この操作には、MFAを検証する必要があります" -#: authentication/api/connection_token.py:305 +#: authentication/api/connection_token.py:288 +msgid "Anonymous account is not supported for this asset" +msgstr "匿名アカウントはこのプロパティではサポートされていません" + +#: authentication/api/connection_token.py:310 msgid "Account not found" msgstr "アカウントが見つかりません" -#: authentication/api/connection_token.py:308 +#: authentication/api/connection_token.py:313 msgid "Permission expired" msgstr "承認の有効期限が切れています" -#: authentication/api/connection_token.py:322 +#: authentication/api/connection_token.py:327 msgid "ACL action is reject: {}({})" msgstr "ACL アクションは拒否です: {}({})" -#: authentication/api/connection_token.py:326 +#: authentication/api/connection_token.py:331 msgid "ACL action is review" msgstr "ACL アクションはレビューです" @@ -2572,78 +2580,78 @@ msgstr "MFAタイプ ({}) が有効になっていない" msgid "Please change your password" msgstr "パスワードを変更してください" -#: authentication/models/connection_token.py:37 +#: authentication/models/connection_token.py:38 #: terminal/serializers/storage.py:111 msgid "Account name" msgstr "アカウント名" -#: authentication/models/connection_token.py:38 +#: authentication/models/connection_token.py:39 msgid "Input username" msgstr "カスタム ユーザー名" -#: authentication/models/connection_token.py:39 +#: authentication/models/connection_token.py:40 #: authentication/serializers/connection_token.py:20 msgid "Input secret" msgstr "カスタムパスワード" -#: authentication/models/connection_token.py:41 +#: authentication/models/connection_token.py:42 msgid "Connect method" msgstr "接続方法" -#: authentication/models/connection_token.py:42 +#: authentication/models/connection_token.py:43 msgid "Connect options" msgstr "接続アイテム" -#: authentication/models/connection_token.py:43 +#: authentication/models/connection_token.py:44 #: rbac/serializers/rolebinding.py:21 msgid "User display" msgstr "ユーザー表示" -#: authentication/models/connection_token.py:44 +#: authentication/models/connection_token.py:45 msgid "Asset display" msgstr "アセット名" -#: authentication/models/connection_token.py:45 +#: authentication/models/connection_token.py:46 msgid "Reusable" msgstr "再利用可能" -#: authentication/models/connection_token.py:46 +#: authentication/models/connection_token.py:47 #: authentication/models/temp_token.py:13 perms/models/asset_permission.py:74 #: tickets/models/ticket/apply_application.py:31 #: tickets/models/ticket/apply_asset.py:20 users/models/user.py:797 msgid "Date expired" msgstr "期限切れの日付" -#: authentication/models/connection_token.py:50 +#: authentication/models/connection_token.py:51 #: perms/models/asset_permission.py:77 msgid "From ticket" msgstr "チケットから" -#: authentication/models/connection_token.py:56 +#: authentication/models/connection_token.py:57 msgid "Connection token" msgstr "接続トークン" -#: authentication/models/connection_token.py:58 +#: authentication/models/connection_token.py:59 msgid "Can view connection token secret" msgstr "接続トークンの秘密を表示できます" -#: authentication/models/connection_token.py:105 +#: authentication/models/connection_token.py:106 msgid "Connection token inactive" msgstr "接続トークンがアクティブ化されていません" -#: authentication/models/connection_token.py:108 +#: authentication/models/connection_token.py:109 msgid "Connection token expired at: {}" msgstr "接続トークンの有効期限: {}" -#: authentication/models/connection_token.py:111 +#: authentication/models/connection_token.py:112 msgid "No user or invalid user" msgstr "ユーザーなしまたは期限切れのユーザー" -#: authentication/models/connection_token.py:114 +#: authentication/models/connection_token.py:115 msgid "No asset or inactive asset" msgstr "アセットがないか、有効化されていないアセット" -#: authentication/models/connection_token.py:267 +#: authentication/models/connection_token.py:258 msgid "Super connection token" msgstr "スーパー接続トークン" @@ -3040,15 +3048,18 @@ msgstr "リダイレクト" msgid "Redirecting to {} authentication" msgstr "{} 認証へのリダイレクト" +#: authentication/views/login.py:207 +msgid "Please enable cookies and try again." +msgstr "クッキーを有効にして、もう一度お試しください。" #: authentication/views/login.py:207 msgid "Login timeout, please try again." msgstr "ログインタイムアウト、もう一度お試しください" -#: authentication/views/login.py:250 +#: authentication/views/login.py:248 msgid "User email already exists ({})" msgstr "ユーザー メールボックスは既に存在します ({})" -#: authentication/views/login.py:328 +#: authentication/views/login.py:326 msgid "" "Wait for {} confirm, You also can copy link to her/him
\n" " Don't close this page" @@ -3056,15 +3067,15 @@ msgstr "" "{} 確認を待ちます。彼女/彼へのリンクをコピーすることもできます
\n" " このページを閉じないでください" -#: authentication/views/login.py:333 +#: authentication/views/login.py:331 msgid "No ticket found" msgstr "チケットが見つかりません" -#: authentication/views/login.py:369 +#: authentication/views/login.py:367 msgid "Logout success" msgstr "ログアウト成功" -#: authentication/views/login.py:370 +#: authentication/views/login.py:368 msgid "Logout success, return login page" msgstr "ログアウト成功、ログインページを返す" diff --git a/apps/locale/zh/LC_MESSAGES/django.mo b/apps/locale/zh/LC_MESSAGES/django.mo index a0ae902e3..131e221ae 100644 --- a/apps/locale/zh/LC_MESSAGES/django.mo +++ b/apps/locale/zh/LC_MESSAGES/django.mo @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:6cedb6d13bc42a5621b60813fb4db0c094a343568eb3f5678566cbbe7f763228 -size 120269 +oid sha256:092b15ed84725ceb974bd46407e3d247e6ff9d0505b6044f18c122bf6da1b7f6 +size 119308 diff --git a/apps/locale/zh/LC_MESSAGES/django.po b/apps/locale/zh/LC_MESSAGES/django.po index 9792d6a89..d2b7bc7f6 100644 --- a/apps/locale/zh/LC_MESSAGES/django.po +++ b/apps/locale/zh/LC_MESSAGES/django.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: JumpServer 0.3.3\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2023-06-30 15:41+0800\n" +"POT-Creation-Date: 2023-06-15 15:35+0800\n" "PO-Revision-Date: 2021-05-20 10:54+0800\n" "Last-Translator: ibuler \n" "Language-Team: JumpServer team\n" @@ -61,29 +61,33 @@ msgstr "手动输入" msgid "Dynamic user" msgstr "同名账号" -#: accounts/const/account.py:19 users/models/user.py:699 +#: accounts/const/account.py:16 +msgid "Anonymous account" +msgstr "匿名账号" + +#: accounts/const/account.py:20 users/models/user.py:699 msgid "Local" msgstr "数据库" -#: accounts/const/account.py:20 +#: accounts/const/account.py:21 msgid "Collected" msgstr "收集" -#: accounts/const/account.py:21 accounts/serializers/account/account.py:27 +#: accounts/const/account.py:22 accounts/serializers/account/account.py:27 #: settings/serializers/auth/sms.py:75 msgid "Template" msgstr "模板" -#: accounts/const/account.py:25 ops/const.py:45 +#: accounts/const/account.py:26 ops/const.py:45 msgid "Skip" msgstr "跳过" -#: accounts/const/account.py:26 audits/const.py:24 rbac/tree.py:229 +#: accounts/const/account.py:27 audits/const.py:24 rbac/tree.py:229 #: templates/_csv_import_export.html:18 templates/_csv_update_modal.html:6 msgid "Update" msgstr "更新" -#: accounts/const/account.py:27 +#: accounts/const/account.py:28 #: accounts/serializers/automations/change_secret.py:156 audits/const.py:54 #: audits/signal_handlers/activity_log.py:33 common/const/choices.py:19 #: ops/const.py:58 terminal/const.py:62 xpack/plugins/cloud/const.py:41 @@ -188,7 +192,7 @@ msgstr "仅创建" #: acls/serializers/base.py:118 assets/models/asset/common.py:93 #: assets/models/asset/common.py:331 assets/models/cmd_filter.py:36 #: assets/serializers/domain.py:19 assets/serializers/label.py:27 -#: audits/models.py:53 authentication/models/connection_token.py:35 +#: audits/models.py:53 authentication/models/connection_token.py:36 #: perms/models/asset_permission.py:64 perms/serializers/permission.py:34 #: terminal/backends/command/models.py:20 terminal/models/session/session.py:31 #: terminal/notifications.py:95 terminal/serializers/command.py:17 @@ -196,7 +200,7 @@ msgstr "仅创建" msgid "Asset" msgstr "资产" -#: accounts/models/account.py:53 accounts/models/account.py:113 +#: accounts/models/account.py:53 accounts/models/account.py:126 #: accounts/serializers/account/account.py:208 #: accounts/serializers/account/account.py:247 #: accounts/serializers/account/template.py:16 @@ -249,15 +253,15 @@ msgstr "可以验证账号" msgid "Can push account" msgstr "可以推送账号" -#: accounts/models/account.py:117 +#: accounts/models/account.py:130 msgid "Account template" msgstr "账号模版" -#: accounts/models/account.py:122 +#: accounts/models/account.py:135 msgid "Can view asset account template secret" msgstr "可以查看资产账号模版密码" -#: accounts/models/account.py:123 +#: accounts/models/account.py:136 msgid "Can change asset account template secret" msgstr "可以更改资产账号模版密码" @@ -635,7 +639,7 @@ msgstr "ID" #: accounts/serializers/account/account.py:427 acls/serializers/base.py:111 #: assets/models/cmd_filter.py:24 assets/models/label.py:16 audits/models.py:49 #: audits/models.py:85 audits/models.py:163 -#: authentication/models/connection_token.py:31 +#: authentication/models/connection_token.py:32 #: authentication/models/sso_token.py:16 #: notifications/models/notification.py:12 #: perms/api/user_permission/mixin.py:55 perms/models/asset_permission.py:58 @@ -808,7 +812,7 @@ msgid "Reviewers" msgstr "审批人" #: acls/models/base.py:48 authentication/models/access_key.py:17 -#: authentication/models/connection_token.py:52 +#: authentication/models/connection_token.py:53 #: authentication/templates/authentication/_access_key_modal.html:32 #: perms/models/asset_permission.py:76 terminal/models/session/sharing.py:27 #: tickets/const.py:37 @@ -997,7 +1001,7 @@ msgid "{} disabled" msgstr "{} 已禁用" #: assets/automations/ping_gateway/manager.py:33 -#: authentication/models/connection_token.py:117 +#: authentication/models/connection_token.py:118 msgid "No account" msgstr "没有账号" @@ -1238,7 +1242,7 @@ msgstr "特权用户" msgid "Username same with user" msgstr "用户名与用户相同" -#: assets/models/_user.py:52 authentication/models/connection_token.py:40 +#: assets/models/_user.py:52 authentication/models/connection_token.py:41 #: authentication/serializers/connect_token_secret.py:111 #: terminal/models/applet/applet.py:41 terminal/serializers/session.py:18 #: terminal/serializers/session.py:39 terminal/serializers/storage.py:68 @@ -1451,8 +1455,8 @@ msgstr "网关" msgid "Asset group" msgstr "资产组" -#: assets/models/group.py:31 assets/models/platform.py:17 -#: assets/serializers/platform.py:112 +#: assets/models/group.py:34 assets/models/platform.py:17 +#: assets/serializers/platform.py:102 #: xpack/plugins/cloud/providers/nutanix.py:30 msgid "Default" msgstr "默认" @@ -1467,7 +1471,7 @@ msgstr "系统" #: assets/models/label.py:19 assets/models/node.py:557 #: assets/serializers/cagegory.py:7 assets/serializers/cagegory.py:14 -#: authentication/models/connection_token.py:28 +#: authentication/models/connection_token.py:29 #: authentication/serializers/connect_token_secret.py:122 #: common/serializers/common.py:86 settings/models.py:34 msgid "Value" @@ -2161,19 +2165,23 @@ msgstr "上传 FTP 文件到外部存储" msgid "This action require verify your MFA" msgstr "该操作需要验证您的 MFA, 请先开启并配置" -#: authentication/api/connection_token.py:305 +#: authentication/api/connection_token.py:288 +msgid "Anonymous account is not supported for this asset" +msgstr "匿名账号不支持当前资产" + +#: authentication/api/connection_token.py:310 msgid "Account not found" msgstr "账号未找到" -#: authentication/api/connection_token.py:308 +#: authentication/api/connection_token.py:313 msgid "Permission expired" msgstr "授权已过期" -#: authentication/api/connection_token.py:322 +#: authentication/api/connection_token.py:327 msgid "ACL action is reject: {}({})" msgstr "ACL 动作是拒绝: {}({})" -#: authentication/api/connection_token.py:326 +#: authentication/api/connection_token.py:331 msgid "ACL action is review" msgstr "ACL 动作是复核" @@ -2540,78 +2548,78 @@ msgstr "该 MFA ({}) 方式没有启用" msgid "Please change your password" msgstr "请修改密码" -#: authentication/models/connection_token.py:37 +#: authentication/models/connection_token.py:38 #: terminal/serializers/storage.py:111 msgid "Account name" msgstr "账号名称" -#: authentication/models/connection_token.py:38 +#: authentication/models/connection_token.py:39 msgid "Input username" msgstr "自定义用户名" -#: authentication/models/connection_token.py:39 +#: authentication/models/connection_token.py:40 #: authentication/serializers/connection_token.py:20 msgid "Input secret" msgstr "自定义密码" -#: authentication/models/connection_token.py:41 +#: authentication/models/connection_token.py:42 msgid "Connect method" msgstr "连接方式" -#: authentication/models/connection_token.py:42 +#: authentication/models/connection_token.py:43 msgid "Connect options" msgstr "连接项" -#: authentication/models/connection_token.py:43 +#: authentication/models/connection_token.py:44 #: rbac/serializers/rolebinding.py:21 msgid "User display" msgstr "用户名称" -#: authentication/models/connection_token.py:44 +#: authentication/models/connection_token.py:45 msgid "Asset display" msgstr "资产名称" -#: authentication/models/connection_token.py:45 +#: authentication/models/connection_token.py:46 msgid "Reusable" msgstr "可以重复使用" -#: authentication/models/connection_token.py:46 +#: authentication/models/connection_token.py:47 #: authentication/models/temp_token.py:13 perms/models/asset_permission.py:74 #: tickets/models/ticket/apply_application.py:31 #: tickets/models/ticket/apply_asset.py:20 users/models/user.py:797 msgid "Date expired" msgstr "失效日期" -#: authentication/models/connection_token.py:50 +#: authentication/models/connection_token.py:51 #: perms/models/asset_permission.py:77 msgid "From ticket" msgstr "来自工单" -#: authentication/models/connection_token.py:56 +#: authentication/models/connection_token.py:57 msgid "Connection token" msgstr "连接令牌" -#: authentication/models/connection_token.py:58 +#: authentication/models/connection_token.py:59 msgid "Can view connection token secret" msgstr "可以查看连接令牌密文" -#: authentication/models/connection_token.py:105 +#: authentication/models/connection_token.py:106 msgid "Connection token inactive" msgstr "连接令牌未激活" -#: authentication/models/connection_token.py:108 +#: authentication/models/connection_token.py:109 msgid "Connection token expired at: {}" msgstr "连接令牌过期: {}" -#: authentication/models/connection_token.py:111 +#: authentication/models/connection_token.py:112 msgid "No user or invalid user" msgstr "没有用户或用户失效" -#: authentication/models/connection_token.py:114 +#: authentication/models/connection_token.py:115 msgid "No asset or inactive asset" msgstr "没有资产或资产未激活" -#: authentication/models/connection_token.py:267 +#: authentication/models/connection_token.py:258 msgid "Super connection token" msgstr "超级连接令牌" @@ -3002,11 +3010,11 @@ msgstr "正在跳转到 {} 认证" msgid "Login timeout, please try again." msgstr "登录超时,请重新登录" -#: authentication/views/login.py:250 +#: authentication/views/login.py:247 msgid "User email already exists ({})" msgstr "用户邮箱已存在 ({})" -#: authentication/views/login.py:328 +#: authentication/views/login.py:325 msgid "" "Wait for {} confirm, You also can copy link to her/him
\n" " Don't close this page" @@ -3014,15 +3022,15 @@ msgstr "" "等待 {} 确认, 你也可以复制链接发给他/她
\n" " 不要关闭本页面" -#: authentication/views/login.py:333 +#: authentication/views/login.py:330 msgid "No ticket found" msgstr "没有发现工单" -#: authentication/views/login.py:369 +#: authentication/views/login.py:366 msgid "Logout success" msgstr "退出登录成功" -#: authentication/views/login.py:370 +#: authentication/views/login.py:367 msgid "Logout success, return login page" msgstr "退出登录成功,返回到登录页面" diff --git a/apps/perms/utils/account.py b/apps/perms/utils/account.py index b66b247d8..62c7b68d0 100644 --- a/apps/perms/utils/account.py +++ b/apps/perms/utils/account.py @@ -1,8 +1,8 @@ from collections import defaultdict -from orgs.utils import tmp_to_org -from accounts.models import Account from accounts.const import AliasAccount +from accounts.models import Account +from orgs.utils import tmp_to_org from .permission import AssetPermissionUtil __all__ = ['PermAccountUtil'] @@ -31,14 +31,14 @@ class PermAccountUtil(AssetPermissionUtil): @staticmethod def get_permed_accounts_from_perms(perms, user, asset): - # alias: is a collection of account usernames and special accounts [@ALL, @INPUT, @USER] + # alias: is a collection of account usernames and special accounts [@ALL, @INPUT, @USER, @ANON] alias_action_bit_mapper = defaultdict(int) - alias_expired_mapper = defaultdict(list) + alias_date_expired_mapper = defaultdict(list) for perm in perms: for alias in perm.accounts: alias_action_bit_mapper[alias] |= perm.actions - alias_expired_mapper[alias].append(perm.date_expired) + alias_date_expired_mapper[alias].append(perm.date_expired) asset_accounts = asset.accounts.all().active() username_account_mapper = {account.username: account for account in asset_accounts} @@ -52,7 +52,7 @@ class PermAccountUtil(AssetPermissionUtil): for account in asset_accounts: cleaned_accounts_action_bit[account] |= all_action_bit cleaned_accounts_expired[account].extend( - alias_expired_mapper[AliasAccount.ALL] + alias_date_expired_mapper[AliasAccount.ALL] ) for alias, action_bit in alias_action_bit_mapper.items(): @@ -63,6 +63,10 @@ class PermAccountUtil(AssetPermissionUtil): account = Account.get_user_account() elif alias == AliasAccount.INPUT: account = Account.get_manual_account() + elif alias == AliasAccount.ANON: + account = Account.get_anonymous_account() + elif alias.startswith('@'): + continue elif alias in username_account_mapper: account = username_account_mapper[alias] else: @@ -70,7 +74,7 @@ class PermAccountUtil(AssetPermissionUtil): if account: cleaned_accounts_action_bit[account] |= action_bit - cleaned_accounts_expired[account].extend(alias_expired_mapper[alias]) + cleaned_accounts_expired[account].extend(alias_date_expired_mapper[alias]) accounts = [] for account, action_bit in cleaned_accounts_action_bit.items():