Merge pull request #8620 from jumpserver/dev

v2.24.0-rc4
pull/8658/head
Jiangjie.Bai 2022-07-19 16:12:08 +08:00 committed by GitHub
commit 6319be0ea3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
18 changed files with 178 additions and 89 deletions

View File

@ -31,7 +31,7 @@ class ExistAssetPrimaryKeyRelatedField(serializers.PrimaryKeyRelatedField):
class RemoteAppSerializer(serializers.Serializer):
asset_info = serializers.SerializerMethodField()
asset_info = serializers.SerializerMethodField(label=_('Asset Info'))
asset = ExistAssetPrimaryKeyRelatedField(
queryset=Asset.objects, required=True, label=_("Asset"), allow_null=True
)

View File

@ -231,7 +231,9 @@ class ConnectionTokenViewSet(ConnectionTokenMixin, RootOrgViewMixin, JMSModelVie
'get_rdp_file': 'authentication.add_connectiontoken',
'get_client_protocol_url': 'authentication.add_connectiontoken',
}
queryset = ConnectionToken.objects.all()
def get_queryset(self):
return ConnectionToken.objects.filter(user=self.request.user)
def create_connection_token(self):
data = self.request.query_params if self.request.method == 'GET' else self.request.data

View File

@ -228,6 +228,13 @@ class ConnectionToken(OrgModelMixin, models.JMSModel):
return {}
return self.application.get_rdp_remote_app_setting()
@lazyproperty
def asset_or_remote_app_asset(self):
if self.asset:
return self.asset
if self.application and self.application.category_remote_app:
return self.application.get_remote_app_asset()
@lazyproperty
def cmd_filter_rules(self):
from assets.models import CommandFilterRule

View File

@ -177,7 +177,7 @@ class ConnectionTokenCmdFilterRuleSerializer(serializers.ModelSerializer):
class ConnectionTokenSecretSerializer(OrgResourceModelSerializerMixin):
user = ConnectionTokenUserSerializer(read_only=True)
asset = ConnectionTokenAssetSerializer(read_only=True)
asset = ConnectionTokenAssetSerializer(read_only=True, source='asset_or_remote_app_asset')
application = ConnectionTokenApplicationSerializer(read_only=True)
remote_app = ConnectionTokenRemoteAppSerializer(read_only=True)
system_user = ConnectionTokenSystemUserSerializer(read_only=True)

View File

@ -8,12 +8,14 @@ from django.utils import timezone
from django.db import models
from django.db.models.signals import post_save, pre_save
UUID_PATTERN = re.compile(r'[0-9a-zA-Z\-]{36}')
def reverse(view_name, urlconf=None, args=None, kwargs=None,
current_app=None, external=False, api_to_ui=False):
def reverse(
view_name, urlconf=None, args=None, kwargs=None,
current_app=None, external=False, api_to_ui=False,
is_console=False, is_audit=False, is_workbench=False
):
url = dj_reverse(view_name, urlconf=urlconf, args=args,
kwargs=kwargs, current_app=current_app)
@ -21,7 +23,15 @@ def reverse(view_name, urlconf=None, args=None, kwargs=None,
site_url = settings.SITE_URL
url = site_url.strip('/') + url
if api_to_ui:
url = url.replace('api/v1', 'ui/#').rstrip('/')
replace_str = 'ui/#'
if is_console:
replace_str += '/console'
elif is_audit:
replace_str += '/audit'
elif is_workbench:
replace_str += '/workbench'
url = url.replace('api/v1', replace_str).rstrip('/')
return url
@ -38,7 +48,7 @@ def date_expired_default():
years = int(settings.DEFAULT_EXPIRED_YEARS)
except TypeError:
years = 70
return timezone.now() + timezone.timedelta(days=365*years)
return timezone.now() + timezone.timedelta(days=365 * years)
def union_queryset(*args, base_queryset=None):

View File

@ -1,3 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:4d5cc27fc996896f8cba5773c99de59ff854f7ef1ae8c470d5c74bb6b371e6ed
size 128472
oid sha256:0f2fdd3a7bd34a26d068fc6ce521d0ea9983c477b13536ba3f51700a554d4ae3
size 128706

View File

@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2022-07-15 17:15+0800\n"
"POT-Creation-Date: 2022-07-19 10:45+0800\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@ -88,8 +88,8 @@ msgstr "ログイン確認"
#: acls/models/login_acl.py:24 acls/models/login_asset_acl.py:20
#: assets/models/cmd_filter.py:30 assets/models/label.py:15 audits/models.py:37
#: audits/models.py:62 audits/models.py:87 audits/serializers.py:100
#: authentication/models.py:54 authentication/models.py:78 orgs/models.py:214
#: perms/models/base.py:84 rbac/builtin.py:117 rbac/models/rolebinding.py:41
#: authentication/models.py:54 authentication/models.py:78 orgs/models.py:215
#: perms/models/base.py:84 rbac/builtin.py:120 rbac/models/rolebinding.py:41
#: terminal/backends/command/models.py:20
#: terminal/backends/command/serializers.py:13 terminal/models/session.py:44
#: terminal/models/sharing.py:33 terminal/notifications.py:91
@ -363,7 +363,7 @@ msgstr "タイプ表示"
#: assets/serializers/account.py:18 assets/serializers/cmd_filter.py:28
#: assets/serializers/cmd_filter.py:48 common/db/models.py:114
#: common/mixins/models.py:50 ops/models/adhoc.py:39 ops/models/command.py:30
#: orgs/models.py:67 orgs/models.py:217 perms/models/base.py:92
#: orgs/models.py:67 orgs/models.py:218 perms/models/base.py:92
#: users/models/group.py:18 users/models/user.py:922
#: xpack/plugins/cloud/models.py:125
msgid "Date created"
@ -373,7 +373,7 @@ msgstr "作成された日付"
#: assets/models/gathered_user.py:20 assets/serializers/account.py:21
#: assets/serializers/cmd_filter.py:29 assets/serializers/cmd_filter.py:49
#: common/db/models.py:115 common/mixins/models.py:51 ops/models/adhoc.py:40
#: orgs/models.py:218
#: orgs/models.py:219
msgid "Date updated"
msgstr "更新日"
@ -412,6 +412,10 @@ msgstr "ホスト"
msgid "Port"
msgstr "ポート"
#: applications/serializers/attrs/application_category/remote_app.py:34
msgid "Asset Info"
msgstr "資産情報"
#: applications/serializers/attrs/application_category/remote_app.py:39
#: applications/serializers/attrs/application_type/chrome.py:14
#: applications/serializers/attrs/application_type/mysql_workbench.py:14
@ -624,7 +628,7 @@ msgstr "ラベル"
#: assets/models/cluster.py:28 assets/models/cmd_filter.py:52
#: assets/models/cmd_filter.py:99 assets/models/group.py:21
#: common/db/models.py:112 common/mixins/models.py:49 orgs/models.py:66
#: orgs/models.py:219 perms/models/base.py:91 users/models/user.py:706
#: orgs/models.py:220 perms/models/base.py:91 users/models/user.py:706
#: users/serializers/group.py:33
#: xpack/plugins/change_auth_plan/models/base.py:48
#: xpack/plugins/cloud/models.py:122 xpack/plugins/gathered_user/models.py:30
@ -735,7 +739,7 @@ msgid "Trigger mode"
msgstr "トリガーモード"
#: assets/models/backup.py:119 audits/models.py:127
#: terminal/models/sharing.py:106
#: terminal/models/sharing.py:108
#: xpack/plugins/change_auth_plan/models/base.py:201
#: xpack/plugins/change_auth_plan/serializers/app.py:66
#: xpack/plugins/change_auth_plan/serializers/asset.py:180
@ -1435,7 +1439,7 @@ msgid "Symlink"
msgstr "Symlink"
#: audits/models.py:38 audits/models.py:66 audits/models.py:89
#: terminal/models/session.py:51 terminal/models/sharing.py:94
#: terminal/models/session.py:51 terminal/models/sharing.py:96
msgid "Remote addr"
msgstr "リモートaddr"
@ -1447,7 +1451,7 @@ msgstr "操作"
msgid "Filename"
msgstr "ファイル名"
#: audits/models.py:43 audits/models.py:117 terminal/models/sharing.py:102
#: audits/models.py:43 audits/models.py:117 terminal/models/sharing.py:104
#: tickets/views/approve.py:115
#: xpack/plugins/change_auth_plan/serializers/app.py:87
#: xpack/plugins/change_auth_plan/serializers/asset.py:198
@ -3025,7 +3029,7 @@ msgid "App organizations"
msgstr "アプリ組織"
#: orgs/mixins/models.py:57 orgs/mixins/serializers.py:25 orgs/models.py:80
#: orgs/models.py:211 rbac/const.py:7 rbac/models/rolebinding.py:48
#: orgs/models.py:212 rbac/const.py:7 rbac/models/rolebinding.py:48
#: rbac/serializers/rolebinding.py:40 settings/serializers/auth/ldap.py:62
#: tickets/models/ticket/general.py:300 tickets/serializers/ticket/ticket.py:71
msgid "Organization"
@ -3039,7 +3043,11 @@ msgstr "グローバル組織"
msgid "Can view root org"
msgstr "グローバル組織を表示できます"
#: orgs/models.py:216 rbac/models/role.py:46 rbac/models/rolebinding.py:44
#: orgs/models.py:83
msgid "Can view all joined org"
msgstr "参加しているすべての組織を表示できます"
#: orgs/models.py:217 rbac/models/role.py:46 rbac/models/rolebinding.py:44
#: users/models/user.py:671
msgid "Role"
msgstr "ロール"
@ -3260,27 +3268,27 @@ msgstr "{} 少なくとも1つのシステムロール"
msgid "RBAC"
msgstr "RBAC"
#: rbac/builtin.py:108
#: rbac/builtin.py:111
msgid "SystemAdmin"
msgstr "システム管理者"
#: rbac/builtin.py:111
#: rbac/builtin.py:114
msgid "SystemAuditor"
msgstr "システム監査人"
#: rbac/builtin.py:114
#: rbac/builtin.py:117
msgid "SystemComponent"
msgstr "システムコンポーネント"
#: rbac/builtin.py:120
#: rbac/builtin.py:123
msgid "OrgAdmin"
msgstr "組織管理者"
#: rbac/builtin.py:123
#: rbac/builtin.py:126
msgid "OrgAuditor"
msgstr "監査員を組織する"
#: rbac/builtin.py:126
#: rbac/builtin.py:129
msgid "OrgUser"
msgstr "組織ユーザー"
@ -3336,18 +3344,22 @@ msgstr "組織の役割"
msgid "Role binding"
msgstr "ロールバインディング"
#: rbac/models/rolebinding.py:159
#: rbac/models/rolebinding.py:137
msgid "All organizations"
msgstr "全ての組織"
#: rbac/models/rolebinding.py:166
msgid ""
"User last role in org, can not be delete, you can remove user from org "
"instead"
msgstr ""
"ユーザーの最後のロールは削除できません。ユーザーを組織から削除できます。"
#: rbac/models/rolebinding.py:166
#: rbac/models/rolebinding.py:173
msgid "Organization role binding"
msgstr "組織の役割バインディング"
#: rbac/models/rolebinding.py:181
#: rbac/models/rolebinding.py:188
msgid "System role binding"
msgstr "システムロールバインディング"
@ -4775,7 +4787,7 @@ msgid "Output"
msgstr "出力"
#: terminal/backends/command/models.py:25 terminal/models/replay.py:9
#: terminal/models/sharing.py:19 terminal/models/sharing.py:76
#: terminal/models/sharing.py:19 terminal/models/sharing.py:78
#: terminal/templates/terminal/_msg_command_alert.html:10
#: tickets/models/ticket/command_confirm.py:20
msgid "Session"
@ -4897,7 +4909,7 @@ msgstr "セッションのリプレイをアップロードできます"
msgid "Can download session replay"
msgstr "セッション再生をダウンロードできます"
#: terminal/models/session.py:50 terminal/models/sharing.py:99
#: terminal/models/session.py:50 terminal/models/sharing.py:101
msgid "Login from"
msgstr "ログイン元"
@ -4933,7 +4945,7 @@ msgstr "セッションアクションのパーマを検証できます"
msgid "Creator"
msgstr "作成者"
#: terminal/models/sharing.py:26 terminal/models/sharing.py:78
#: terminal/models/sharing.py:26 terminal/models/sharing.py:80
msgid "Verify code"
msgstr "コードの確認"
@ -4941,7 +4953,7 @@ msgstr "コードの確認"
msgid "Expired time (min)"
msgstr "期限切れ時間 (分)"
#: terminal/models/sharing.py:37 terminal/models/sharing.py:81
#: terminal/models/sharing.py:37 terminal/models/sharing.py:83
msgid "Session sharing"
msgstr "セッション共有"
@ -4949,40 +4961,40 @@ msgstr "セッション共有"
msgid "Can add super session sharing"
msgstr "スーパーセッション共有を追加できます"
#: terminal/models/sharing.py:64
#: terminal/models/sharing.py:66
msgid "Link not active"
msgstr "リンクがアクティブでない"
#: terminal/models/sharing.py:66
#: terminal/models/sharing.py:68
msgid "Link expired"
msgstr "リンク期限切れ"
#: terminal/models/sharing.py:68
#: terminal/models/sharing.py:70
msgid "User not allowed to join"
msgstr "ユーザーはセッションに参加できません"
#: terminal/models/sharing.py:85 terminal/serializers/sharing.py:59
#: terminal/models/sharing.py:87 terminal/serializers/sharing.py:59
msgid "Joiner"
msgstr "ジョイナー"
#: terminal/models/sharing.py:88
#: terminal/models/sharing.py:90
msgid "Date joined"
msgstr "参加日"
#: terminal/models/sharing.py:91
#: terminal/models/sharing.py:93
msgid "Date left"
msgstr "日付が残っています"
#: terminal/models/sharing.py:109 tickets/const.py:26
#: terminal/models/sharing.py:111 tickets/const.py:26
#: xpack/plugins/change_auth_plan/models/base.py:192
msgid "Finished"
msgstr "終了"
#: terminal/models/sharing.py:114
#: terminal/models/sharing.py:116
msgid "Session join record"
msgstr "セッション参加記録"
#: terminal/models/sharing.py:130
#: terminal/models/sharing.py:132
msgid "Invalid verification code"
msgstr "検証コードが無効"

View File

@ -1,3 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:7ee69ce22224f6cae615752c034e495c29d93ed9dbe86767f044d5c0f663b8cc
size 105904
oid sha256:9c2b13f7242beec8786179e03de895bd3e9d8d6392b74c2398409c1bfa33d9f8
size 106088

View File

@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: JumpServer 0.3.3\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2022-07-15 17:15+0800\n"
"POT-Creation-Date: 2022-07-19 10:45+0800\n"
"PO-Revision-Date: 2021-05-20 10:54+0800\n"
"Last-Translator: ibuler <ibuler@qq.com>\n"
"Language-Team: JumpServer team<ibuler@qq.com>\n"
@ -87,8 +87,8 @@ msgstr "登录复核"
#: acls/models/login_acl.py:24 acls/models/login_asset_acl.py:20
#: assets/models/cmd_filter.py:30 assets/models/label.py:15 audits/models.py:37
#: audits/models.py:62 audits/models.py:87 audits/serializers.py:100
#: authentication/models.py:54 authentication/models.py:78 orgs/models.py:214
#: perms/models/base.py:84 rbac/builtin.py:117 rbac/models/rolebinding.py:41
#: authentication/models.py:54 authentication/models.py:78 orgs/models.py:215
#: perms/models/base.py:84 rbac/builtin.py:120 rbac/models/rolebinding.py:41
#: terminal/backends/command/models.py:20
#: terminal/backends/command/serializers.py:13 terminal/models/session.py:44
#: terminal/models/sharing.py:33 terminal/notifications.py:91
@ -358,7 +358,7 @@ msgstr "类型名称"
#: assets/serializers/account.py:18 assets/serializers/cmd_filter.py:28
#: assets/serializers/cmd_filter.py:48 common/db/models.py:114
#: common/mixins/models.py:50 ops/models/adhoc.py:39 ops/models/command.py:30
#: orgs/models.py:67 orgs/models.py:217 perms/models/base.py:92
#: orgs/models.py:67 orgs/models.py:218 perms/models/base.py:92
#: users/models/group.py:18 users/models/user.py:922
#: xpack/plugins/cloud/models.py:125
msgid "Date created"
@ -368,7 +368,7 @@ msgstr "创建日期"
#: assets/models/gathered_user.py:20 assets/serializers/account.py:21
#: assets/serializers/cmd_filter.py:29 assets/serializers/cmd_filter.py:49
#: common/db/models.py:115 common/mixins/models.py:51 ops/models/adhoc.py:40
#: orgs/models.py:218
#: orgs/models.py:219
msgid "Date updated"
msgstr "更新日期"
@ -407,6 +407,10 @@ msgstr "主机"
msgid "Port"
msgstr "端口"
#: applications/serializers/attrs/application_category/remote_app.py:34
msgid "Asset Info"
msgstr "资产信息"
#: applications/serializers/attrs/application_category/remote_app.py:39
#: applications/serializers/attrs/application_type/chrome.py:14
#: applications/serializers/attrs/application_type/mysql_workbench.py:14
@ -619,7 +623,7 @@ msgstr "标签管理"
#: assets/models/cluster.py:28 assets/models/cmd_filter.py:52
#: assets/models/cmd_filter.py:99 assets/models/group.py:21
#: common/db/models.py:112 common/mixins/models.py:49 orgs/models.py:66
#: orgs/models.py:219 perms/models/base.py:91 users/models/user.py:706
#: orgs/models.py:220 perms/models/base.py:91 users/models/user.py:706
#: users/serializers/group.py:33
#: xpack/plugins/change_auth_plan/models/base.py:48
#: xpack/plugins/cloud/models.py:122 xpack/plugins/gathered_user/models.py:30
@ -730,7 +734,7 @@ msgid "Trigger mode"
msgstr "触发模式"
#: assets/models/backup.py:119 audits/models.py:127
#: terminal/models/sharing.py:106
#: terminal/models/sharing.py:108
#: xpack/plugins/change_auth_plan/models/base.py:201
#: xpack/plugins/change_auth_plan/serializers/app.py:66
#: xpack/plugins/change_auth_plan/serializers/asset.py:180
@ -1423,7 +1427,7 @@ msgid "Symlink"
msgstr "建立软链接"
#: audits/models.py:38 audits/models.py:66 audits/models.py:89
#: terminal/models/session.py:51 terminal/models/sharing.py:94
#: terminal/models/session.py:51 terminal/models/sharing.py:96
msgid "Remote addr"
msgstr "远端地址"
@ -1435,7 +1439,7 @@ msgstr "操作"
msgid "Filename"
msgstr "文件名"
#: audits/models.py:43 audits/models.py:117 terminal/models/sharing.py:102
#: audits/models.py:43 audits/models.py:117 terminal/models/sharing.py:104
#: tickets/views/approve.py:115
#: xpack/plugins/change_auth_plan/serializers/app.py:87
#: xpack/plugins/change_auth_plan/serializers/asset.py:198
@ -2985,7 +2989,7 @@ msgid "App organizations"
msgstr "组织管理"
#: orgs/mixins/models.py:57 orgs/mixins/serializers.py:25 orgs/models.py:80
#: orgs/models.py:211 rbac/const.py:7 rbac/models/rolebinding.py:48
#: orgs/models.py:212 rbac/const.py:7 rbac/models/rolebinding.py:48
#: rbac/serializers/rolebinding.py:40 settings/serializers/auth/ldap.py:62
#: tickets/models/ticket/general.py:300 tickets/serializers/ticket/ticket.py:71
msgid "Organization"
@ -2999,7 +3003,11 @@ msgstr "全局组织"
msgid "Can view root org"
msgstr "可以查看全局组织"
#: orgs/models.py:216 rbac/models/role.py:46 rbac/models/rolebinding.py:44
#: orgs/models.py:83
msgid "Can view all joined org"
msgstr "可以查看所有加入的组织"
#: orgs/models.py:217 rbac/models/role.py:46 rbac/models/rolebinding.py:44
#: users/models/user.py:671
msgid "Role"
msgstr "角色"
@ -3218,27 +3226,27 @@ msgstr "{} 至少有一个系统角色"
msgid "RBAC"
msgstr "RBAC"
#: rbac/builtin.py:108
#: rbac/builtin.py:111
msgid "SystemAdmin"
msgstr "系统管理员"
#: rbac/builtin.py:111
#: rbac/builtin.py:114
msgid "SystemAuditor"
msgstr "系统审计员"
#: rbac/builtin.py:114
#: rbac/builtin.py:117
msgid "SystemComponent"
msgstr "系统组件"
#: rbac/builtin.py:120
#: rbac/builtin.py:123
msgid "OrgAdmin"
msgstr "组织管理员"
#: rbac/builtin.py:123
#: rbac/builtin.py:126
msgid "OrgAuditor"
msgstr "组织审计员"
#: rbac/builtin.py:126
#: rbac/builtin.py:129
msgid "OrgUser"
msgstr "组织用户"
@ -3294,17 +3302,21 @@ msgstr "组织角色"
msgid "Role binding"
msgstr "角色绑定"
#: rbac/models/rolebinding.py:159
#: rbac/models/rolebinding.py:137
msgid "All organizations"
msgstr "所有组织"
#: rbac/models/rolebinding.py:166
msgid ""
"User last role in org, can not be delete, you can remove user from org "
"instead"
msgstr "用户最后一个角色,不能删除,你可以将用户从组织移除"
#: rbac/models/rolebinding.py:166
#: rbac/models/rolebinding.py:173
msgid "Organization role binding"
msgstr "组织角色绑定"
#: rbac/models/rolebinding.py:181
#: rbac/models/rolebinding.py:188
msgid "System role binding"
msgstr "系统角色绑定"
@ -4699,7 +4711,7 @@ msgid "Output"
msgstr "输出"
#: terminal/backends/command/models.py:25 terminal/models/replay.py:9
#: terminal/models/sharing.py:19 terminal/models/sharing.py:76
#: terminal/models/sharing.py:19 terminal/models/sharing.py:78
#: terminal/templates/terminal/_msg_command_alert.html:10
#: tickets/models/ticket/command_confirm.py:20
msgid "Session"
@ -4821,7 +4833,7 @@ msgstr "可以上传会话录像"
msgid "Can download session replay"
msgstr "可以下载会话录像"
#: terminal/models/session.py:50 terminal/models/sharing.py:99
#: terminal/models/session.py:50 terminal/models/sharing.py:101
msgid "Login from"
msgstr "登录来源"
@ -4857,7 +4869,7 @@ msgstr "可以验证会话动作权限"
msgid "Creator"
msgstr "创建者"
#: terminal/models/sharing.py:26 terminal/models/sharing.py:78
#: terminal/models/sharing.py:26 terminal/models/sharing.py:80
msgid "Verify code"
msgstr "验证码"
@ -4865,7 +4877,7 @@ msgstr "验证码"
msgid "Expired time (min)"
msgstr "过期时间 (分)"
#: terminal/models/sharing.py:37 terminal/models/sharing.py:81
#: terminal/models/sharing.py:37 terminal/models/sharing.py:83
msgid "Session sharing"
msgstr "会话分享"
@ -4873,40 +4885,40 @@ msgstr "会话分享"
msgid "Can add super session sharing"
msgstr "可以创建超级会话分享"
#: terminal/models/sharing.py:64
#: terminal/models/sharing.py:66
msgid "Link not active"
msgstr "链接失效"
#: terminal/models/sharing.py:66
#: terminal/models/sharing.py:68
msgid "Link expired"
msgstr "链接过期"
#: terminal/models/sharing.py:68
#: terminal/models/sharing.py:70
msgid "User not allowed to join"
msgstr "该用户无权加入会话"
#: terminal/models/sharing.py:85 terminal/serializers/sharing.py:59
#: terminal/models/sharing.py:87 terminal/serializers/sharing.py:59
msgid "Joiner"
msgstr "加入者"
#: terminal/models/sharing.py:88
#: terminal/models/sharing.py:90
msgid "Date joined"
msgstr "加入日期"
#: terminal/models/sharing.py:91
#: terminal/models/sharing.py:93
msgid "Date left"
msgstr "结束日期"
#: terminal/models/sharing.py:109 tickets/const.py:26
#: terminal/models/sharing.py:111 tickets/const.py:26
#: xpack/plugins/change_auth_plan/models/base.py:192
msgid "Finished"
msgstr "结束"
#: terminal/models/sharing.py:114
#: terminal/models/sharing.py:116
msgid "Session join record"
msgstr "会话加入记录"
#: terminal/models/sharing.py:130
#: terminal/models/sharing.py:132
msgid "Invalid verification code"
msgstr "验证码不正确"

View File

@ -0,0 +1,17 @@
# Generated by Django 3.2.12 on 2022-07-18 05:57
from django.db import migrations
class Migration(migrations.Migration):
dependencies = [
('orgs', '0012_auto_20220118_1054'),
]
operations = [
migrations.AlterModelOptions(
name='organization',
options={'permissions': (('view_rootorg', 'Can view root org'), ('view_alljoinedorg', 'Can view all joined org')), 'verbose_name': 'Organization'},
),
]

View File

@ -80,6 +80,7 @@ class Organization(OrgRoleMixin, models.Model):
verbose_name = _("Organization")
permissions = (
('view_rootorg', _('Can view root org')),
('view_alljoinedorg', _('Can view all joined org')),
)
def __str__(self):

View File

@ -73,7 +73,7 @@ def check_asset_permission_will_expired():
for asset_perm in asset_perms:
date_expired = dt_parser(asset_perm.date_expired)
remain_days = (end - date_expired).days
remain_days = (date_expired - start).days
org = asset_perm.org
# 资产授权按照组织分类
@ -121,7 +121,7 @@ def check_app_permission_will_expired():
for app_perm in app_perms:
date_expired = dt_parser(app_perm.date_expired)
remain_days = (end - date_expired).days
remain_days = (date_expired - start).days
org = app_perm.org
if org in org_perm_remain_day_mapper[remain_days]:

View File

@ -5,6 +5,9 @@ from .const import Scope, system_exclude_permissions, org_exclude_permissions
_view_root_perms = (
('orgs', 'organization', 'view', 'rootorg'),
)
_view_all_joined_org_perms = (
('orgs', 'organization', 'view', 'alljoinedorg'),
)
user_perms = (
('rbac', 'menupermission', 'view', 'workbench'),
@ -20,11 +23,11 @@ user_perms = (
)
system_user_perms = (
('authentication', 'connectiontoken', 'add', 'connectiontoken'),
('authentication', 'connectiontoken', 'add,view', 'connectiontoken'),
('authentication', 'temptoken', 'add,change,view', 'temptoken'),
('authentication', 'accesskey', '*', '*'),
('tickets', 'ticket', 'view', 'ticket'),
) + user_perms + _view_root_perms
) + user_perms + _view_all_joined_org_perms
_auditor_perms = (
('rbac', 'menupermission', 'view', 'audit'),

View File

@ -60,11 +60,11 @@ class Permission(DjangoPermission):
if actions == '*' and resource == '*':
pass
elif actions == '*' and resource != '*':
kwargs['codename__iregex'] = r'[a-z]+_{}'.format(resource)
kwargs['codename__iregex'] = r'[a-z]+_{}$'.format(resource)
elif actions != '*' and resource == '*':
kwargs['codename__iregex'] = r'({})_[a-z]+'.format(actions_regex)
else:
kwargs['codename__iregex'] = r'({})_{}'.format(actions_regex, resource)
kwargs['codename__iregex'] = r'({})_{}$'.format(actions_regex, resource)
q |= Q(**kwargs)
return q

View File

@ -126,9 +126,16 @@ class RoleBinding(JMSModel):
org_ids = [b.org.id for b in bindings if b.org]
orgs = all_orgs.filter(id__in=org_ids)
workbench_perm = 'rbac.view_workbench'
# 全局组织
if orgs and user.has_perm('orgs.view_rootorg'):
orgs = [Organization.root(), *list(orgs)]
if orgs and perm != workbench_perm and user.has_perm('orgs.view_rootorg'):
root_org = Organization.root()
orgs = [root_org, *list(orgs)]
elif orgs and perm == workbench_perm and user.has_perm('orgs.view_alljoinedorg'):
# Todo: 先复用组织
root_org = Organization.root()
root_org.name = _("All organizations")
orgs = [root_org, *list(orgs)]
return orgs

View File

@ -130,7 +130,7 @@ class CommandExecutionAlert(CommandAlertMixin, SystemMessage):
for asset in command['assets']:
url = reverse(
'assets:asset-detail', kwargs={'pk': asset.id},
api_to_ui=True, external=True
api_to_ui=True, external=True, is_console=True
) + '?oid={}'.format(asset.org_id)
assets_with_url.append([asset, url])

View File

@ -3,6 +3,10 @@ import uuid
from rest_framework import generics
from rest_framework.permissions import IsAuthenticated
from common.permissions import IsValidUserOrConnectionToken
from common.utils import get_object_or_none
from orgs.utils import tmp_to_root_org
from authentication.models import ConnectionToken
from users.notifications import (
ResetPasswordMsg, ResetPasswordSuccessMsg, ResetSSHKeyMsg,
@ -44,12 +48,26 @@ class UserResetPKApi(UserQuerysetMixin, generics.UpdateAPIView):
class UserProfileApi(generics.RetrieveUpdateAPIView):
permission_classes = (IsAuthenticated,)
permission_classes = (IsValidUserOrConnectionToken,)
serializer_class = serializers.UserProfileSerializer
def get_object(self):
if self.request.user.is_anonymous:
user = self.get_connection_token_user()
if user:
return user
return self.request.user
def get_connection_token_user(self):
token_id = self.request.query_params.get('token')
if not token_id:
return
with tmp_to_root_org():
token = get_object_or_none(ConnectionToken, id=token_id)
if not token:
return
return token.user
class UserPasswordApi(generics.RetrieveUpdateAPIView):
permission_classes = (IsAuthenticated,)

View File

@ -62,7 +62,7 @@ jsonfield2==4.0.0.post0
geoip2==4.5.0
ipip-ipdb==1.6.1
# Django environment
Django==3.2.13
Django==3.1.14
django-bootstrap3==14.2.0
django-filter==2.4.0
django-formtools==2.2