- {% trans 'Using api key sign api header, every requests header difference'%}, {% trans 'docs' %}
+ {% trans 'Using api key sign api header, every requests header difference'%}
+ {% trans 'docs' %}
diff --git a/apps/jumpserver/conf.py b/apps/jumpserver/conf.py
index 64bc6df23..44fddfc63 100644
--- a/apps/jumpserver/conf.py
+++ b/apps/jumpserver/conf.py
@@ -387,6 +387,7 @@ defaults = {
'WINDOWS_SSH_DEFAULT_SHELL': 'cmd',
'FLOWER_URL': "127.0.0.1:5555",
'AUTH_LDAP_SEARCH_PAGED_SIZE': 1000,
+ 'DEFAULT_ORG_SHOW_ALL_USERS': True,
}
diff --git a/apps/jumpserver/settings.py b/apps/jumpserver/settings.py
index 7cdd22d15..b5184de1a 100644
--- a/apps/jumpserver/settings.py
+++ b/apps/jumpserver/settings.py
@@ -624,6 +624,8 @@ ASSETS_PERM_CACHE_TIME = CONFIG.ASSETS_PERM_CACHE_TIME
# Asset user auth external backend, default AuthBook backend
BACKEND_ASSET_USER_AUTH_VAULT = False
+DEFAULT_ORG_SHOW_ALL_USERS = CONFIG.DEFAULT_ORG_SHOW_ALL_USERS
+
PERM_SINGLE_ASSET_TO_UNGROUP_NODE = CONFIG.PERM_SINGLE_ASSET_TO_UNGROUP_NODE
WINDOWS_SSH_DEFAULT_SHELL = CONFIG.WINDOWS_SSH_DEFAULT_SHELL
FLOWER_URL = CONFIG.FLOWER_URL
diff --git a/apps/locale/zh/LC_MESSAGES/django.po b/apps/locale/zh/LC_MESSAGES/django.po
index 5c9d8c4bd..a12df41ac 100644
--- a/apps/locale/zh/LC_MESSAGES/django.po
+++ b/apps/locale/zh/LC_MESSAGES/django.po
@@ -6135,7 +6135,7 @@ msgstr "管理员"
#: xpack/plugins/orgs/forms.py:42
msgid "Select auditor"
-msgstr "选择审计员员"
+msgstr "选择审计员"
#: xpack/plugins/orgs/meta.py:8 xpack/plugins/orgs/views.py:26
#: xpack/plugins/orgs/views.py:43 xpack/plugins/orgs/views.py:60
diff --git a/apps/orgs/models.py b/apps/orgs/models.py
index 59e28b1d1..c9bdc1f53 100644
--- a/apps/orgs/models.py
+++ b/apps/orgs/models.py
@@ -1,4 +1,5 @@
import uuid
+from django.conf import settings
from django.db import models
from django.utils.translation import ugettext_lazy as _
@@ -75,7 +76,10 @@ class Organization(models.Model):
from users.models import User
if self.is_real():
return self.users.all()
- return User.objects.filter(role=User.ROLE_USER)
+ users = User.objects.filter(role=User.ROLE_USER)
+ if self.is_default() and not settings.DEFAULT_ORG_SHOW_ALL_USERS:
+ users = users.filter(related_user_orgs__isnull=True)
+ return users
def get_org_admins(self):
from users.models import User
@@ -130,7 +134,7 @@ class Organization(models.Model):
return admin_orgs
@classmethod
- def get_user_user_orgs(self, user):
+ def get_user_user_orgs(cls, user):
user_orgs = []
if user.is_anonymous:
return user_orgs
diff --git a/apps/orgs/utils.py b/apps/orgs/utils.py
index 0d040d1d2..8fca26e35 100644
--- a/apps/orgs/utils.py
+++ b/apps/orgs/utils.py
@@ -11,8 +11,17 @@ def get_org_from_request(request):
oid = request.session.get("oid")
if not oid:
oid = request.META.get("HTTP_X_JMS_ORG")
+
+ request_params_oid = request.GET.get("oid")
+ if request_params_oid:
+ oid = request.GET.get("oid")
+
if not oid:
oid = Organization.DEFAULT_ID
+ if oid.lower() == "default":
+ oid = Organization.DEFAULT_ID
+ elif oid.lower() == "root":
+ oid = Organization.ROOT_ID
org = Organization.get_instance(oid)
return org
diff --git a/apps/perms/forms/asset_permission.py b/apps/perms/forms/asset_permission.py
index b11269b85..a04efc767 100644
--- a/apps/perms/forms/asset_permission.py
+++ b/apps/perms/forms/asset_permission.py
@@ -38,20 +38,21 @@ class AssetPermissionForm(OrgModelForm):
def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs)
- users_field = self.fields.get('users')
- users_field.queryset = current_org.get_org_members(exclude=('Auditor',))
if self.data:
return
# 前端渲染优化, 防止过多资产
+ users_field = self.fields.get('users')
assets_field = self.fields['assets']
nodes_field = self.fields['nodes']
if self.instance:
assets_field.queryset = self.instance.assets.all()
nodes_field.queryset = self.instance.nodes.all()
+ users_field.queryset = self.instance.users.all()
else:
assets_field.queryset = Asset.objects.none()
nodes_field.queryset = Node.objects.none()
+ users_field.queryset = []
def set_nodes_initial(self, nodes):
field = self.fields['nodes']
@@ -70,7 +71,7 @@ class AssetPermissionForm(OrgModelForm):
)
widgets = {
'users': forms.SelectMultiple(
- attrs={'class': 'select2', 'data-placeholder': _("User")}
+ attrs={'class': 'users-select2', 'data-placeholder': _("User")}
),
'user_groups': forms.SelectMultiple(
attrs={'class': 'select2', 'data-placeholder': _("User group")}
diff --git a/apps/perms/forms/remote_app_permission.py b/apps/perms/forms/remote_app_permission.py
index 5d38b283c..abac92e05 100644
--- a/apps/perms/forms/remote_app_permission.py
+++ b/apps/perms/forms/remote_app_permission.py
@@ -17,9 +17,12 @@ __all__ = [
class RemoteAppPermissionCreateUpdateForm(OrgModelForm):
def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs)
+
users_field = self.fields.get('users')
- if hasattr(users_field, 'queryset'):
- users_field.queryset = current_org.get_org_members(exclude=('Auditor',))
+ if self.instance:
+ users_field.queryset = self.instance.users.all()
+ else:
+ users_field.queryset = []
class Meta:
model = RemoteAppPermission
@@ -28,7 +31,7 @@ class RemoteAppPermissionCreateUpdateForm(OrgModelForm):
)
widgets = {
'users': forms.SelectMultiple(
- attrs={'class': 'select2', 'data-placeholder': _('User')}
+ attrs={'class': 'users-select2', 'data-placeholder': _('User')}
),
'user_groups': forms.SelectMultiple(
attrs={'class': 'select2', 'data-placeholder': _('User group')}
diff --git a/apps/perms/templates/perms/asset_permission_asset.html b/apps/perms/templates/perms/asset_permission_asset.html
index 8e9223ec3..f01f7cec8 100644
--- a/apps/perms/templates/perms/asset_permission_asset.html
+++ b/apps/perms/templates/perms/asset_permission_asset.html
@@ -204,8 +204,7 @@ $(document).ready(function () {
$('.select2').select2();
table = initAssetTable();
- var nodeListUrl = "{% url 'api-assets:node-list' %}";
- nodesSelect2Init(".nodes-select2", nodeListUrl);
+ nodesSelect2Init(".nodes-select2");
$("#id_assets").parent().find(".select2-selection").on('click', function (e) {
if ($(e.target).attr('class') !== 'select2-selection__choice__remove'){
diff --git a/apps/perms/templates/perms/asset_permission_create_update.html b/apps/perms/templates/perms/asset_permission_create_update.html
index 02d51e220..5e4c650d0 100644
--- a/apps/perms/templates/perms/asset_permission_create_update.html
+++ b/apps/perms/templates/perms/asset_permission_create_update.html
@@ -116,8 +116,8 @@ $(document).ready(function () {
$('.select2').select2({
closeOnSelect: false
});
- var url = "{% url 'api-assets:node-list' %}";
- nodesSelect2Init(".nodes-select2", url);
+ nodesSelect2Init(".nodes-select2");
+ usersSelect2Init(".users-select2");
$('#date_start').daterangepicker(dateOptions);
$('#date_expired').daterangepicker(dateOptions);
@@ -154,4 +154,4 @@ $(document).ready(function () {
formSubmit(props);
})
-{% endblock %}
\ No newline at end of file
+{% endblock %}
diff --git a/apps/perms/templates/perms/remote_app_permission_create_update.html b/apps/perms/templates/perms/remote_app_permission_create_update.html
index ce37d788b..e7e9eb099 100644
--- a/apps/perms/templates/perms/remote_app_permission_create_update.html
+++ b/apps/perms/templates/perms/remote_app_permission_create_update.html
@@ -114,6 +114,7 @@ $(document).ready(function () {
$('.select2').select2({
closeOnSelect: false
});
+ usersSelect2Init('.users-select2');
$('#date_start').daterangepicker(dateOptions);
$('#date_expired').daterangepicker(dateOptions);
})
@@ -141,4 +142,4 @@ $(document).ready(function () {
formSubmit(props);
})
-{% endblock %}
\ No newline at end of file
+{% endblock %}
diff --git a/apps/static/js/jumpserver.js b/apps/static/js/jumpserver.js
index f7f7b655c..d028743be 100644
--- a/apps/static/js/jumpserver.js
+++ b/apps/static/js/jumpserver.js
@@ -1177,6 +1177,9 @@ function readFile(ref) {
}
function nodesSelect2Init(selector, url) {
+ if (!url) {
+ url = '/api/v1/assets/nodes/'
+ }
return $(selector).select2({
closeOnSelect: false,
ajax: {
@@ -1201,6 +1204,36 @@ function nodesSelect2Init(selector, url) {
})
}
+function usersSelect2Init(selector, url) {
+ if (!url) {
+ url = '/api/v1/users/users/'
+ }
+ return $(selector).select2({
+ closeOnSelect: false,
+ ajax: {
+ url: url,
+ data: function (params) {
+ var page = params.page || 1;
+ var query = {
+ search: params.term,
+ offset: (page - 1) * 10,
+ limit: 10
+ };
+ return query
+ },
+ processResults: function (data) {
+ var results = $.map(data.results, function (v, i) {
+ var display = v.name + '(' + v.username +')';
+ return {id: v.id, text: display}
+ });
+ var more = !!data.next;
+ return {results: results, pagination: {"more": more}}
+ }
+ },
+ })
+
+}
+
function showCeleryTaskLog(taskId) {
var url = '/ops/celery/task/taskId/log/'.replace('taskId', taskId);
window.open(url, '', 'width=900,height=600')
diff --git a/apps/users/api/user.py b/apps/users/api/user.py
index b8a215c47..77406c896 100644
--- a/apps/users/api/user.py
+++ b/apps/users/api/user.py
@@ -12,7 +12,7 @@ from rest_framework_bulk import BulkModelViewSet
from common.permissions import (
IsOrgAdmin, IsCurrentUserOrReadOnly, IsOrgAdminOrAppUser,
- CanUpdateDeleteUser,
+ CanUpdateDeleteUser, IsSuperUser
)
from common.mixins import CommonApiMixin
from common.utils import get_logger
@@ -52,12 +52,15 @@ class UserViewSet(CommonApiMixin, BulkModelViewSet):
self.send_created_signal(users)
def get_queryset(self):
- queryset = current_org.get_org_members().prefetch_related('groups')
+ queryset = current_org.get_org_members()\
+ .prefetch_related('groups')
return queryset
def get_permissions(self):
if self.action in ["retrieve", "list"]:
self.permission_classes = (IsOrgAdminOrAppUser,)
+ if self.request.query_params.get('all'):
+ self.permission_classes = (IsSuperUser,)
return super().get_permissions()
def perform_bulk_destroy(self, objects):
@@ -176,4 +179,4 @@ class UserResetOTPApi(generics.RetrieveAPIView):
user.otp_secret_key = ''
user.save()
logout(request)
- return Response({"msg": "success"})
\ No newline at end of file
+ return Response({"msg": "success"})
diff --git a/apps/users/forms.py b/apps/users/forms.py
index 6dcd1ade4..3a8228b49 100644
--- a/apps/users/forms.py
+++ b/apps/users/forms.py
@@ -308,11 +308,11 @@ class UserBulkUpdateForm(OrgModelForm):
class UserGroupForm(OrgModelForm):
users = forms.ModelMultipleChoiceField(
- queryset=User.objects.all(),
+ queryset=User.objects.none(),
label=_("User"),
widget=forms.SelectMultiple(
attrs={
- 'class': 'select2',
+ 'class': 'users-select2',
'data-placeholder': _('Select users')
}
),
@@ -329,8 +329,10 @@ class UserGroupForm(OrgModelForm):
if 'initial' not in kwargs:
return
users_field = self.fields.get('users')
- if hasattr(users_field, 'queryset'):
- users_field.queryset = current_org.get_org_members(exclude=('Auditor',))
+ if instance:
+ users_field.queryset = instance.users.all()
+ else:
+ users_field.queryset = User.objects.none()
def save(self, commit=True):
group = super().save(commit=commit)
diff --git a/apps/users/templates/users/user_group_create_update.html b/apps/users/templates/users/user_group_create_update.html
index dcf02adb9..1ae714618 100644
--- a/apps/users/templates/users/user_group_create_update.html
+++ b/apps/users/templates/users/user_group_create_update.html
@@ -46,6 +46,7 @@ $(document).ready(function () {
$('.select2').select2({
closeOnSelect: false
});
+ usersSelect2Init('.users-select2')
})
.on("submit", "form", function (evt) {
evt.preventDefault();