github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

perf: 添加 is_org_admin (#7644) 

* fix: 修复 org members 的问题

* perf: 修改 org member

* perf: 修改 is sa

* perf: 修改 active

* perf: 修复写法

* perf: is_sa to is_service_account

Co-authored-by: ibuler <ibuler@qq.com>
pull/7645/head
fit2bot 2022-02-18 16:25:54 +08:00 committed by GitHub
parent 48d0c7b6cc
commit 63de4e1806
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 36 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
apps/authentication/api/connection_token.py
View File

@ -327,11 +327,11 @@ class UserConnectionTokenViewSet(
}
CACHE_KEY_PREFIX = 'CONNECTION_TOKEN_{}'
rbac_perms = {
'GET': 'view_connectiontoken',
'create': 'add_connectiontoken',
'get_secret_detail': 'view_connectiontokensecret',
'get_rdp_file': 'add_connectiontoken',
'get_client_protocol_url': 'add_connectiontoken',
'GET': 'authentication.view_connectiontoken',
'create': 'authentication.add_connectiontoken',
'get_secret_detail': 'authentication.view_connectiontokensecret',
'get_rdp_file': 'authentication.add_connectiontoken',
'get_client_protocol_url': 'authentication.add_connectiontoken',
}
@staticmethod

22
apps/rbac/builtin.py
View File

@ -31,7 +31,7 @@ if len(defines_errors) != 0:
raise ValueError('Perms define error: {}'.format(defines_errors))
class PreRole:
class PredefineRole:
id_prefix = '00000000-0000-0000-0000-00000000000'
def __init__(self, index, name, scope, perms, perms_type='include'):
@ -45,7 +45,7 @@ class PreRole:
from rbac.models import Role
return Role.objects.get(id=self.id)
def get_defaults(self):
def _get_defaults(self):
from rbac.models import Permission
q = Permission.get_define_permissions_q(self.perms)
permissions = Permission.get_permissions(self.scope)
@ -66,7 +66,7 @@ class PreRole:
def get_or_create_role(self):
from rbac.models import Role
defaults = self.get_defaults()
defaults = self._get_defaults()
permissions = defaults.pop('permissions', [])
role, created = Role.objects.get_or_create(defaults, id=self.id)
role.permissions.set(permissions)
@ -74,25 +74,25 @@ class PreRole:
class BuiltinRole:
system_admin = PreRole(
system_admin = PredefineRole(
'1', ugettext_noop('SystemAdmin'), Scope.system, []
)
system_auditor = PreRole(
system_auditor = PredefineRole(
'2', ugettext_noop('SystemAuditor'), Scope.system, auditor_perms
)
system_component = PreRole(
system_component = PredefineRole(
'4', ugettext_noop('SystemComponent'), Scope.system, app_exclude_perms, 'exclude'
)
system_user = PreRole(
system_user = PredefineRole(
'3', ugettext_noop('User'), Scope.system, []
)
org_admin = PreRole(
org_admin = PredefineRole(
'5', ugettext_noop('OrgAdmin'), Scope.org, []
)
org_auditor = PreRole(
org_auditor = PredefineRole(
'6', ugettext_noop('OrgAuditor'), Scope.org, auditor_perms
)
org_user = PreRole(
org_user = PredefineRole(
'7', ugettext_noop('OrgUser'), Scope.org, user_perms
)
@ -101,7 +101,7 @@ class BuiltinRole:
roles = {
k: v
for k, v in cls.__dict__.items()
if isinstance(v, PreRole)
if isinstance(v, PredefineRole)
}
return roles

6
apps/rbac/migrations/0004_auto_20211201_1901.py
View File

@ -14,11 +14,7 @@ def migrate_system_role_binding(apps, schema_editor):
role_bindings = []
for user in users:
role = BuiltinRole.get_system_role_by_old_name(user.role)
role_binding = role_binding_model(
scope='system',
user_id=user.id,
role_id=role.id,
)
role_binding = role_binding_model(scope='system', user_id=user.id, role_id=role.id)
role_bindings.append(role_binding)
role_binding_model.objects.bulk_create(role_bindings, ignore_conflicts=True)

4
apps/rbac/models/role.py
View File

@ -49,10 +49,10 @@ class Role(JMSModel):
return '%s(%s)' % (self.name, self.get_scope_display())
def is_system_admin(self):
return self.name == self.BuiltinRole.system_admin.name and self.builtin
return self.id == self.BuiltinRole.system_admin.id and self.builtin
def is_org_admin(self):
return self.name == self.BuiltinRole.org_admin.name and self.builtin
return self.id == self.BuiltinRole.org_admin.id and self.builtin
def is_admin(self):
yes = self.is_system_admin() or self.is_org_admin()

6
apps/users/migrations/0039_auto_20211229_1852.py
View File

@ -6,7 +6,7 @@ from django.db import migrations, models
def migrate_app_users(apps, schema_editor):
user_model = apps.get_model('users', 'User')
app_users = user_model.objects.filter(role='App')
app_users.update(is_app=True)
app_users.update(is_service_account=True)
class Migration(migrations.Migration):
@ -18,8 +18,8 @@ class Migration(migrations.Migration):
operations = [
migrations.AddField(
model_name='user',
name='is_app',
field=models.BooleanField(default=False),
name='is_service_account',
field=models.BooleanField(default=False, verbose_name='Is service account'),
),
migrations.RunPython(migrate_app_users),
migrations.AlterModelOptions(

19
apps/users/models/user.py
View File

@ -270,9 +270,14 @@ class RoleMixin:
@lazyproperty
def is_superuser(self):
from rbac.builtin import BuiltinRole
names = [r.name for r in self.system_roles.all()]
yes = BuiltinRole.system_admin.name in names
return yes
return self.system_roles.filter(id=BuiltinRole.system_admin.id).exists()
@lazyproperty
def is_org_admin(self):
from rbac.builtin import BuiltinRole
if self.is_superuser:
return True
return self.org_roles.filter(id=BuiltinRole.org_admin.id).exists()
@property
def is_staff(self):
@ -286,8 +291,8 @@ class RoleMixin:
def create_service_account(cls, name, comment):
app = cls.objects.create(
username=name, name=name, email='{}@local.domain'.format(name),
is_active=False, comment=comment, is_first_login=False,
created_by='System', is_app=True,
comment=comment, is_first_login=False,
created_by='System', is_service_account=True,
)
access_key = app.create_access_key()
return app, access_key
@ -319,7 +324,7 @@ class RoleMixin:
@classmethod
def get_nature_users(cls):
return cls.objects.filter(is_app=False)
return cls.objects.filter(is_service_account=False)
@classmethod
def get_org_users(cls, org=None):
@ -528,7 +533,7 @@ class User(AuthMixin, TokenMixin, RoleMixin, MFAMixin, AbstractUser):
default='User', max_length=10,
blank=True, verbose_name=_('Role')
)
is_app = models.BooleanField(default=False)
is_service_account = models.BooleanField(default=False, verbose_name=_("Is service account"))
avatar = models.ImageField(
upload_to="avatar", null=True, verbose_name=_('Avatar')
)

4
apps/users/serializers/user.py
View File

@ -101,7 +101,7 @@ class UserSerializer(RolesSerializerMixin, CommonBulkSerializerMixin, serializer
fields_small = fields_mini + fields_write_only + [
'email', 'wechat', 'phone', 'mfa_level', 'source', 'source_display',
'can_public_key_auth', 'need_update_password',
'mfa_enabled', 'is_app', 'is_valid', 'is_expired', 'is_active', # 布尔字段
'mfa_enabled', 'is_service_account', 'is_valid', 'is_expired', 'is_active', # 布尔字段
'date_expired', 'date_joined', 'last_login', # 日期字段
'created_by', 'comment', # 通用字段
'is_wecom_bound', 'is_dingtalk_bound', 'is_feishu_bound', 'is_otp_secret_key_bound',
@ -132,7 +132,7 @@ class UserSerializer(RolesSerializerMixin, CommonBulkSerializerMixin, serializer
'public_key': {'write_only': True},
'is_first_login': {'label': _('Is first login'), 'read_only': True},
'is_valid': {'label': _('Is valid')},
'is_app': {'label': _('Is app user')},
'is_service_account': {'label': _('Is service account')},
'is_expired': {'label': _('Is expired')},
'avatar_url': {'label': _('Avatar url')},
'created_by': {'read_only': True, 'allow_blank': True},