Merge pull request #5808 from jumpserver/dev

Dev
pull/5813/head
老广 2021-03-19 20:01:03 +08:00 committed by GitHub
commit 61d4311e24
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 63 additions and 27 deletions

View File

@ -27,6 +27,39 @@ class LDAPAuthorizationBackend(LDAPBackend):
is_valid = getattr(user, 'is_valid', None)
return is_valid or is_valid is None
def get_or_build_user(self, username, ldap_user):
"""
This must return a (User, built) 2-tuple for the given LDAP user.
username is the Django-friendly username of the user. ldap_user.dn is
the user's DN and ldap_user.attrs contains all of their LDAP
attributes.
The returned User object may be an unsaved model instance.
"""
model = self.get_user_model()
if self.settings.USER_QUERY_FIELD:
query_field = self.settings.USER_QUERY_FIELD
query_value = ldap_user.attrs[self.settings.USER_ATTR_MAP[query_field]][0]
query_value = query_value.strip()
lookup = query_field
else:
query_field = model.USERNAME_FIELD
query_value = username.lower()
lookup = "{}__iexact".format(query_field)
try:
user = model.objects.get(**{lookup: query_value})
except model.DoesNotExist:
user = model(**{query_field: query_value})
built = True
else:
built = False
return (user, built)
def pre_check(self, username, password):
if not settings.AUTH_LDAP:
error = 'Not enabled auth ldap'
@ -128,6 +161,7 @@ class LDAPUser(_LDAPUser):
for field, attr in self.settings.USER_ATTR_MAP.items():
try:
value = self.attrs[attr][0]
value = value.strip()
if attr.lower() == 'useraccountcontrol' \
and field == 'is_active' and value:
value = int(value) & LDAP_AD_ACCOUNT_DISABLE \

Binary file not shown.

View File

@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: JumpServer 0.3.3\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2021-03-17 18:17+0800\n"
"POT-Creation-Date: 2021-03-19 14:34+0800\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: ibuler <ibuler@qq.com>\n"
"Language-Team: JumpServer team<ibuler@qq.com>\n"
@ -428,7 +428,7 @@ msgstr "激活"
#: assets/models/asset.py:196 assets/models/cluster.py:19
#: assets/models/user.py:66 templates/_nav.html:44
#: xpack/plugins/cloud/models.py:92 xpack/plugins/cloud/serializers.py:137
#: xpack/plugins/cloud/models.py:92 xpack/plugins/cloud/serializers.py:138
msgid "Admin user"
msgstr "管理用户"
@ -693,7 +693,7 @@ msgstr "ssh私钥"
#: users/templates/users/user_asset_permission.html:41
#: users/templates/users/user_asset_permission.html:73
#: users/templates/users/user_asset_permission.html:158
#: xpack/plugins/cloud/models.py:89 xpack/plugins/cloud/serializers.py:138
#: xpack/plugins/cloud/models.py:89 xpack/plugins/cloud/serializers.py:139
msgid "Node"
msgstr "节点"
@ -1140,7 +1140,7 @@ msgstr "启用"
msgid "-"
msgstr ""
#: audits/models.py:96 xpack/plugins/cloud/const.py:23
#: audits/models.py:96 xpack/plugins/cloud/const.py:24
msgid "Failed"
msgstr "失败"
@ -1879,10 +1879,6 @@ msgstr "`{model._meta.verbose_name}` 存在数据, 请先删除"
msgid "The current organization cannot be deleted"
msgstr "当前组织不能被删除"
#: orgs/mixins/api.py:46
msgid "Root organization only allow view and delete"
msgstr "全局组织仅支持 查看和删除"
#: orgs/mixins/models.py:45 orgs/mixins/serializers.py:25 orgs/models.py:36
#: orgs/models.py:416 orgs/serializers.py:101
#: tickets/serializers/ticket/ticket.py:81
@ -3788,7 +3784,7 @@ msgstr "安全令牌验证"
#: users/templates/users/_base_otp.html:14 users/templates/users/_user.html:13
#: users/templates/users/user_profile_update.html:55
#: xpack/plugins/cloud/models.py:78 xpack/plugins/cloud/serializers.py:136
#: xpack/plugins/cloud/models.py:78 xpack/plugins/cloud/serializers.py:137
msgid "Account"
msgstr "账户"
@ -4778,42 +4774,46 @@ msgid "Azure (China)"
msgstr "Azure (中国)"
#: xpack/plugins/cloud/const.py:12
msgid "Azure (International)"
msgstr "Azure (国际)"
#: xpack/plugins/cloud/const.py:13
msgid "Huawei Cloud"
msgstr "华为云"
#: xpack/plugins/cloud/const.py:13
#: xpack/plugins/cloud/const.py:14
msgid "Tencent Cloud"
msgstr "腾讯云"
#: xpack/plugins/cloud/const.py:14
#: xpack/plugins/cloud/const.py:15
msgid "VMware"
msgstr ""
#: xpack/plugins/cloud/const.py:18
#: xpack/plugins/cloud/const.py:19
msgid "Instance name"
msgstr "实例名称"
#: xpack/plugins/cloud/const.py:19
#: xpack/plugins/cloud/const.py:20
msgid "Instance name and Partial IP"
msgstr "实例名称和部分IP"
#: xpack/plugins/cloud/const.py:24
#: xpack/plugins/cloud/const.py:25
msgid "Succeed"
msgstr "成功"
#: xpack/plugins/cloud/const.py:28
#: xpack/plugins/cloud/const.py:29
msgid "Unsync"
msgstr "未同步"
#: xpack/plugins/cloud/const.py:29
#: xpack/plugins/cloud/const.py:30
msgid "New Sync"
msgstr "新同步"
#: xpack/plugins/cloud/const.py:30
#: xpack/plugins/cloud/const.py:31
msgid "Synced"
msgstr "已同步"
#: xpack/plugins/cloud/const.py:31
#: xpack/plugins/cloud/const.py:32
msgid "Released"
msgstr "已释放"
@ -4829,7 +4829,7 @@ msgstr "云服务商"
msgid "Cloud account"
msgstr "云账号"
#: xpack/plugins/cloud/models.py:81 xpack/plugins/cloud/serializers.py:117
#: xpack/plugins/cloud/models.py:81 xpack/plugins/cloud/serializers.py:118
msgid "Regions"
msgstr "地域"
@ -4837,7 +4837,7 @@ msgstr "地域"
msgid "Hostname strategy"
msgstr "主机名策略"
#: xpack/plugins/cloud/models.py:95 xpack/plugins/cloud/serializers.py:140
#: xpack/plugins/cloud/models.py:95 xpack/plugins/cloud/serializers.py:141
msgid "Always update"
msgstr "总是更新"
@ -5029,15 +5029,15 @@ msgstr ""
msgid "Subscription ID"
msgstr ""
#: xpack/plugins/cloud/serializers.py:115
#: xpack/plugins/cloud/serializers.py:116
msgid "History count"
msgstr "执行次数"
#: xpack/plugins/cloud/serializers.py:116
#: xpack/plugins/cloud/serializers.py:117
msgid "Instance count"
msgstr "实例个数"
#: xpack/plugins/cloud/serializers.py:139
#: xpack/plugins/cloud/serializers.py:140
#: xpack/plugins/gathered_user/serializers.py:20
msgid "Periodic display"
msgstr "定时执行"
@ -5130,6 +5130,9 @@ msgstr "旗舰版"
msgid "Community edition"
msgstr "社区版"
#~ msgid "Root organization only allow view and delete"
#~ msgstr "全局组织仅支持 查看和删除"
#~ msgid ""
#~ "Push system user task skip, auto push not enable or protocol is not ssh "
#~ "or rdp: {}"

View File

@ -81,7 +81,7 @@ class ValidateUserAssetPermissionApi(APIView):
except ValueError:
return Response({'msg': False}, status=403)
asset = get_object_or_404(Asset, id=asset_id)
asset = get_object_or_404(Asset, id=asset_id, is_active=True)
system_user = get_object_or_404(SystemUser, id=system_id)
system_users_actions = get_asset_system_user_ids_with_actions_by_user(self.get_user(), asset)
@ -116,7 +116,7 @@ class UserGrantedAssetSystemUsersForAdminApi(ListAPIView):
def get_queryset(self):
asset_id = self.kwargs.get('asset_id')
asset = get_object_or_404(Asset, id=asset_id)
asset = get_object_or_404(Asset, id=asset_id, is_active=True)
system_users_with_actions = self.get_asset_system_user_ids_with_actions(asset)
system_user_ids = system_users_with_actions.keys()
system_users = SystemUser.objects.filter(id__in=system_user_ids)\

View File

@ -27,8 +27,7 @@ def on_user_groups_change(sender, instance, action, reverse, pk_set, **kwargs):
else:
group_ids = pk_set
user_ids = [instance.id]
group = UserGroup.objects.get(id=group_ids[0])
group = UserGroup.objects.get(id=list(group_ids)[0])
org_id = group.org_id
exists = AssetPermission.user_groups.through.objects.filter(usergroup_id__in=group_ids).exists()