github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

perf: 优化控制 ACL Action Choices 的选项

pull/10989/head
Bai 2023-07-17 15:53:35 +08:00 committed by Bryan
parent 819853eae4
commit 7b9c4b300d
7 changed files with 42 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
apps/acls/const.py Normal file
View File

@ -0,0 +1,9 @@
from django.db import models
from django.utils.translation import gettext_lazy as _
class ActionChoices(models.TextChoices):
reject = 'reject', _('Reject')
accept = 'accept', _('Accept')
review = 'review', _('Review')
warning = 'warning', _('Warning')

1
apps/acls/models/__init__.py
View File

@ -2,4 +2,3 @@ from .command_acl import *
from .connect_method import * from .connect_method import *
from .login_acl import * from .login_acl import *
from .login_asset_acl import * from .login_asset_acl import *
from .base import ActionChoices

9
apps/acls/models/base.py
View File

@ -7,23 +7,16 @@ from common.db.models import JMSBaseModel
from common.utils import contains_ip from common.utils import contains_ip
from common.utils.time_period import contains_time_period from common.utils.time_period import contains_time_period
from orgs.mixins.models import OrgModelMixin, OrgManager from orgs.mixins.models import OrgModelMixin, OrgManager
from ..const import ActionChoices
__all__ = [ __all__ = [
'BaseACL', 'UserBaseACL', 'UserAssetAccountBaseACL', 'BaseACL', 'UserBaseACL', 'UserAssetAccountBaseACL',
'ActionChoices',
] ]
from orgs.utils import tmp_to_root_org from orgs.utils import tmp_to_root_org
from orgs.utils import tmp_to_org from orgs.utils import tmp_to_org
class ActionChoices(models.TextChoices):
reject = 'reject', _('Reject')
accept = 'accept', _('Accept')
review = 'review', _('Review')
warning = 'warning', _('Warning')
class BaseACLQuerySet(models.QuerySet): class BaseACLQuerySet(models.QuerySet):
def active(self): def active(self):
return self.filter(is_active=True) return self.filter(is_active=True)

40
apps/acls/serializers/base.py
View File

@ -1,10 +1,11 @@
from django.utils.translation import ugettext_lazy as _ from django.utils.translation import ugettext_lazy as _
from rest_framework import serializers from rest_framework import serializers
from acls.models.base import ActionChoices, BaseACL from acls.models.base import BaseACL
from common.serializers.fields import JSONManyToManyField, LabeledChoiceField from common.serializers.fields import JSONManyToManyField, LabeledChoiceField
from jumpserver.utils import has_valid_xpack_license from jumpserver.utils import has_valid_xpack_license
from orgs.models import Organization from orgs.models import Organization
from ..const import ActionChoices
common_help_text = _( common_help_text = _(
"With * indicating a match all. " "With * indicating a match all. "
@ -60,18 +61,21 @@ class ActionAclSerializer(serializers.Serializer):
super().__init__(*args, **kwargs) super().__init__(*args, **kwargs)
self.set_action_choices() self.set_action_choices()
def set_action_choices(self):
action = self.fields.get("action")
if not action:
return
choices = action.choices
if not has_valid_xpack_license():
choices.pop(ActionChoices.review, None)
action._choices = choices
class BaserACLSerializer(ActionAclSerializer, serializers.Serializer):
class Meta: class Meta:
action_choices_exclude = [ActionChoices.warning]
def set_action_choices(self):
field_action = self.fields.get("action")
if not field_action:
return
if not has_valid_xpack_license():
field_action._choices.pop(ActionChoices.review, None)
for choice in self.Meta.action_choices_exclude:
field_action._choices.pop(choice, None)
class BaseACLSerializer(ActionAclSerializer, serializers.Serializer):
class Meta(ActionAclSerializer.Meta):
model = BaseACL model = BaseACL
fields_mini = ["id", "name"] fields_mini = ["id", "name"]
fields_small = fields_mini + [ fields_small = fields_mini + [
@ -108,16 +112,16 @@ class BaserACLSerializer(ActionAclSerializer, serializers.Serializer):
return valid_reviewers return valid_reviewers
class BaserUserACLSerializer(BaserACLSerializer): class BaseUserACLSerializer(BaseACLSerializer):
users = JSONManyToManyField(label=_('User')) users = JSONManyToManyField(label=_('User'))
class Meta(BaserACLSerializer.Meta): class Meta(BaseACLSerializer.Meta):
fields = BaserACLSerializer.Meta.fields + ['users'] fields = BaseACLSerializer.Meta.fields + ['users']
class BaseUserAssetAccountACLSerializer(BaserUserACLSerializer): class BaseUserAssetAccountACLSerializer(BaseUserACLSerializer):
assets = JSONManyToManyField(label=_('Asset')) assets = JSONManyToManyField(label=_('Asset'))
accounts = serializers.ListField(label=_('Account')) accounts = serializers.ListField(label=_('Account'))
class Meta(BaserUserACLSerializer.Meta): class Meta(BaseUserACLSerializer.Meta):
fields = BaserUserACLSerializer.Meta.fields + ['assets', 'accounts'] fields = BaseUserACLSerializer.Meta.fields + ['assets', 'accounts']

2
apps/acls/serializers/command_acl.py
View File

@ -31,6 +31,8 @@ class CommandFilterACLSerializer(BaseSerializer, BulkOrgResourceModelSerializer)
class Meta(BaseSerializer.Meta): class Meta(BaseSerializer.Meta):
model = CommandFilterACL model = CommandFilterACL
fields = BaseSerializer.Meta.fields + ['command_groups'] fields = BaseSerializer.Meta.fields + ['command_groups']
# 默认都支持所有的 actions
action_choices_exclude = []
class CommandReviewSerializer(serializers.Serializer): class CommandReviewSerializer(serializers.Serializer):

13
apps/acls/serializers/connect_method.py
View File

@ -1,6 +1,7 @@
from orgs.mixins.serializers import BulkOrgResourceModelSerializer from orgs.mixins.serializers import BulkOrgResourceModelSerializer
from .base import BaseUserAssetAccountACLSerializer as BaseSerializer from .base import BaseUserAssetAccountACLSerializer as BaseSerializer
from ..models import ConnectMethodACL from ..models import ConnectMethodACL
from ..const import ActionChoices
__all__ = ["ConnectMethodACLSerializer"] __all__ = ["ConnectMethodACLSerializer"]
@ -12,12 +13,6 @@ class ConnectMethodACLSerializer(BaseSerializer, BulkOrgResourceModelSerializer)
i for i in BaseSerializer.Meta.fields + ['connect_methods'] i for i in BaseSerializer.Meta.fields + ['connect_methods']
if i not in ['assets', 'accounts'] if i not in ['assets', 'accounts']
] ]
action_choices_exclude = BaseSerializer.Meta.action_choices_exclude + [
def __init__(self, *args, **kwargs): ActionChoices.review, ActionChoices.accept
super().__init__(*args, **kwargs) ]
field_action = self.fields.get('action')
if not field_action:
return
# 仅支持拒绝
for k in ['review', 'accept']:
field_action._choices.pop(k, None)

8
apps/acls/serializers/login_acl.py
View File

@ -2,7 +2,7 @@ from django.utils.translation import ugettext as _
from common.serializers import MethodSerializer from common.serializers import MethodSerializer
from orgs.mixins.serializers import BulkOrgResourceModelSerializer from orgs.mixins.serializers import BulkOrgResourceModelSerializer
from .base import BaserUserACLSerializer from .base import BaseUserACLSerializer
from .rules import RuleSerializer from .rules import RuleSerializer
from ..models import LoginACL from ..models import LoginACL
@ -11,12 +11,12 @@ __all__ = ["LoginACLSerializer"]
common_help_text = _("With * indicating a match all. ") common_help_text = _("With * indicating a match all. ")
class LoginACLSerializer(BaserUserACLSerializer, BulkOrgResourceModelSerializer): class LoginACLSerializer(BaseUserACLSerializer, BulkOrgResourceModelSerializer):
rules = MethodSerializer(label=_('Rule')) rules = MethodSerializer(label=_('Rule'))
class Meta(BaserUserACLSerializer.Meta): class Meta(BaseUserACLSerializer.Meta):
model = LoginACL model = LoginACL
fields = BaserUserACLSerializer.Meta.fields + ['rules', ] fields = BaseUserACLSerializer.Meta.fields + ['rules', ]
def get_rules_serializer(self): def get_rules_serializer(self):
return RuleSerializer() return RuleSerializer()