diff --git a/apps/jumpserver/api.py b/apps/jumpserver/api.py index eb09f7214..2de05b9c6 100644 --- a/apps/jumpserver/api.py +++ b/apps/jumpserver/api.py @@ -214,7 +214,7 @@ class DatesLoginMetricMixin: class IndexApi(DatesLoginMetricMixin, APIView): http_method_names = ['get'] rbac_perms = { - 'GET': 'rbac.view_dashboard' + 'GET': 'rbac.view_audit | rbac.view_console' } def get(self, request, *args, **kwargs): diff --git a/apps/rbac/migrations/0005_auto_20220307_1524.py b/apps/rbac/migrations/0005_auto_20220307_1524.py index 88b9a0f91..afc8ea8ba 100644 --- a/apps/rbac/migrations/0005_auto_20220307_1524.py +++ b/apps/rbac/migrations/0005_auto_20220307_1524.py @@ -12,6 +12,6 @@ class Migration(migrations.Migration): operations = [ migrations.AlterModelOptions( name='menupermission', - options={'default_permissions': [], 'permissions': [('view_dashboard', 'Can view resource statistics'), ('view_console', 'Can view console view'), ('view_audit', 'Can view audit view'), ('view_workspace', 'Can view workspace view'), ('view_webterminal', 'Can view web terminal'), ('view_filemanager', 'Can view file manager')], 'verbose_name': 'Menu permission'}, + options={'default_permissions': [], 'permissions': [('view_console', 'Can view console view'), ('view_audit', 'Can view audit view'), ('view_workspace', 'Can view workspace view'), ('view_webterminal', 'Can view web terminal'), ('view_filemanager', 'Can view file manager')], 'verbose_name': 'Menu permission'}, ), ] diff --git a/apps/rbac/migrations/0006_auto_20220310_0616.py b/apps/rbac/migrations/0006_auto_20220310_0616.py index aa76969bd..395b73f03 100644 --- a/apps/rbac/migrations/0006_auto_20220310_0616.py +++ b/apps/rbac/migrations/0006_auto_20220310_0616.py @@ -12,6 +12,6 @@ class Migration(migrations.Migration): operations = [ migrations.AlterModelOptions( name='menupermission', - options={'default_permissions': [], 'permissions': [('view_console', 'Can view console view'), ('view_audit', 'Can view audit view'), ('view_workspace', 'Can view workspace view'), ('view_webterminal', 'Can view web terminal'), ('view_filemanager', 'Can view file manager'), ('view_dashboard', 'Can view dashboard')], 'verbose_name': 'Menu permission'}, + options={'default_permissions': [], 'permissions': [('view_console', 'Can view console view'), ('view_audit', 'Can view audit view'), ('view_workspace', 'Can view workspace view'), ('view_webterminal', 'Can view web terminal'), ('view_filemanager', 'Can view file manager') ], 'verbose_name': 'Menu permission'}, ), ] diff --git a/apps/rbac/models/menu.py b/apps/rbac/models/menu.py index b13c3d99e..524894664 100644 --- a/apps/rbac/models/menu.py +++ b/apps/rbac/models/menu.py @@ -17,5 +17,4 @@ class MenuPermission(models.Model): ('view_workspace', _('Can view workspace view')), ('view_webterminal', _('Can view web terminal')), ('view_filemanager', _('Can view file manager')), - ('view_dashboard', _('Can view dashboard')), ] diff --git a/apps/rbac/tree.py b/apps/rbac/tree.py index 38ca93d78..a5d0cde1a 100644 --- a/apps/rbac/tree.py +++ b/apps/rbac/tree.py @@ -98,7 +98,14 @@ special_pid_mapper = { "perms.view_mydatabaseapp": "my_apps", "perms.connect_mydatabaseapp": "my_apps", "xpack.interface": "view_setting", - "settings.change_terminal": "terminal_node" + "settings.change_terminal": "terminal_node", + "settings.view_setting": "view_setting", + "settings.change_setting": "view_setting", + "rbac.view_console": "view_console", + "rbac.view_audit": "view_audit", + "rbac.view_workspace": "view_workspace", + "rbac.view_webterminal": "view_workspace", + "rbac.view_filemanager": "view_workspace", } verbose_name_mapper = { @@ -115,6 +122,32 @@ xpack_nodes = [ ] +def _sort_action(node): + value = 0 + + if 'view' in node.title: + value += 2 + elif 'add' in node.title: + value += 4 + elif 'change' in node.title: + value += 6 + elif 'delete' in node.title: + value += 8 + else: + value += 10 + return value + + +def sort_nodes(node): + value = 0 + + if node.isParent: + value += 50 + else: + value += _sort_action(node) + return value + + class PermissionTreeUtil: get_permissions: Callable @@ -122,7 +155,7 @@ class PermissionTreeUtil: self.permissions = self.prefetch_permissions(permissions) self.all_permissions = self.prefetch_permissions( Permission.get_permissions(scope) - ).order_by('-codename') + ) self.check_disabled = check_disabled self.total_counts = defaultdict(int) self.checked_counts = defaultdict(int) @@ -323,6 +356,8 @@ class PermissionTreeUtil: if not node_data.get('title'): node_data['title'] = node_data['name'] node = TreeNode(**node_data) + if settings.DEBUG: + node.name += ('-' + node.id) node.name += f'({checked_count}/{total_count})' return node @@ -367,12 +402,12 @@ class PermissionTreeUtil: return nodes def create_tree_nodes(self): - nodes = [self._create_root_tree_node()] - perms_nodes = self._create_perms_nodes() - models_nodes = self._create_models_nodes() - apps_nodes = self.create_apps_nodes() - extra_nodes = self._create_extra_nodes() - views_nodes = self._create_views_node() + nodes = self._create_perms_nodes() + nodes += self._create_models_nodes() + nodes += self.create_apps_nodes() + nodes += self._create_extra_nodes() + nodes += self._create_views_node() + nodes += [self._create_root_tree_node()] - nodes += views_nodes + apps_nodes + models_nodes + perms_nodes + extra_nodes + nodes.sort(key=sort_nodes) return nodes diff --git a/apps/settings/migrations/0005_auto_20220310_0616.py b/apps/settings/migrations/0005_auto_20220310_0616.py index f29f017c5..5e7d2c747 100644 --- a/apps/settings/migrations/0005_auto_20220310_0616.py +++ b/apps/settings/migrations/0005_auto_20220310_0616.py @@ -12,6 +12,6 @@ class Migration(migrations.Migration): operations = [ migrations.AlterModelOptions( name='setting', - options={'permissions': [('change_basic', 'Can change basic setting'), ('change_email', 'Can change email setting'), ('change_auth', 'Can change auth setting'), ('change_sms', 'Can change sms setting'), ('change_security', 'Can change security setting'), ('change_clean', 'Can change clean setting'), ('change_other', 'Can change other setting'), ('change_terminal_basic_setting', 'Can change terminal basic setting')], 'verbose_name': 'System setting'}, + options={'permissions': [('change_email', 'Can change email setting'), ('change_auth', 'Can change auth setting'), ('change_systemmsgsubscription', 'Can sys msg sub setting'), ('change_sms', 'Can change sms setting'), ('change_security', 'Can change security setting'), ('change_clean', 'Can change clean setting'), ('change_interface', 'Can change interface setting'), ('change_license', 'Can change license setting'), ('change_terminal', 'Can change terminal setting'), ('change_other', 'Can change other setting')], 'verbose_name': 'System setting'}, ), ] diff --git a/apps/settings/migrations/0006_auto_20220310_1952.py b/apps/settings/migrations/0006_auto_20220310_1952.py deleted file mode 100644 index 55e4572bc..000000000 --- a/apps/settings/migrations/0006_auto_20220310_1952.py +++ /dev/null @@ -1,17 +0,0 @@ -# Generated by Django 3.1.14 on 2022-03-10 11:52 - -from django.db import migrations - - -class Migration(migrations.Migration): - - dependencies = [ - ('settings', '0005_auto_20220310_0616'), - ] - - operations = [ - migrations.AlterModelOptions( - name='setting', - options={'permissions': [('change_basic', 'Can change basic setting'), ('change_email', 'Can change email setting'), ('change_auth', 'Can change auth setting'), ('change_sms', 'Can change sms setting'), ('change_security', 'Can change security setting'), ('change_clean', 'Can change clean setting'), ('change_other', 'Can change other setting'), ('change_interface', 'Can change interface setting'), ('change_license', 'Can change license setting'), ('change_terminal_basic_setting', 'Can change terminal basic setting')], 'verbose_name': 'System setting'}, - ), - ] diff --git a/apps/settings/migrations/0007_auto_20220310_2006.py b/apps/settings/migrations/0007_auto_20220310_2006.py deleted file mode 100644 index 257abde35..000000000 --- a/apps/settings/migrations/0007_auto_20220310_2006.py +++ /dev/null @@ -1,17 +0,0 @@ -# Generated by Django 3.1.14 on 2022-03-10 12:06 - -from django.db import migrations - - -class Migration(migrations.Migration): - - dependencies = [ - ('settings', '0006_auto_20220310_1952'), - ] - - operations = [ - migrations.AlterModelOptions( - name='setting', - options={'permissions': [('change_basic', 'Can change basic setting'), ('change_email', 'Can change email setting'), ('change_auth', 'Can change auth setting'), ('change_sys_msg_sub', 'Can sys msg sub setting'), ('change_sms', 'Can change sms setting'), ('change_security', 'Can change security setting'), ('change_clean', 'Can change clean setting'), ('change_interface', 'Can change interface setting'), ('change_license', 'Can change license setting'), ('change_terminal', 'Can change terminal setting'), ('change_other', 'Can change other setting')], 'verbose_name': 'System setting'}, - ), - ] diff --git a/apps/settings/models.py b/apps/settings/models.py index eee1a0d94..9fb07a18f 100644 --- a/apps/settings/models.py +++ b/apps/settings/models.py @@ -139,7 +139,6 @@ class Setting(models.Model): db_table = "settings_setting" verbose_name = _("System setting") permissions = [ - ('change_basic', _('Can change basic setting')), ('change_email', _('Can change email setting')), ('change_auth', _('Can change auth setting')), ('change_systemmsgsubscription', _('Can sys msg sub setting')), diff --git a/utils/clean_db_content_types.py b/utils/clean_db_content_types.py index 585c72314..6b317bcc5 100644 --- a/utils/clean_db_content_types.py +++ b/utils/clean_db_content_types.py @@ -53,9 +53,11 @@ def clean_db_content_types(): ('applications', 'remoteapp', 'view_remoteapp'), ('settings', 'setting', 'change_terminal_basic_setting'), - ('rbac', 'menupermission', 'view_resourcestatistics'), - - + ('settings', 'setting', 'change_sys_msg_sub'), + ('settings', 'setting', 'change_basic'), + ('rbac', 'menupermission', 'view_userview'), + ('rbac', 'menupermission', 'view_adminview'), + ('rbac', 'menupermission', 'view_auditview'), ] for app, model, codename in permissions_delete_required: print('delete {}.{} ({})'.format(app, codename, model))