github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

fix: windows sync remove account fail and applet deploy rbac perm error and job exection log admin auditor cannot view

pull/13304/head
feng 2024-05-25 22:45:30 +08:00 committed by Eric_Lee
parent 7f90fccc4f
commit 81da9e018a
3 changed files with 21 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apps/accounts/automations/remove_account/host/windows/main.yml
View File

@ -5,5 +5,3 @@
ansible.windows.win_user: ansible.windows.win_user:
name: "{{ account.username }}" name: "{{ account.username }}"
state: absent state: absent
purge: yes
force: yes

20
apps/ops/ws.py
View File

@ -7,6 +7,7 @@ from channels.generic.websocket import AsyncJsonWebsocketConsumer
from common.db.utils import close_old_connections from common.db.utils import close_old_connections
from common.utils import get_logger from common.utils import get_logger
from rbac.builtin import BuiltinRole
from .ansible.utils import get_ansible_task_log_path from .ansible.utils import get_ansible_task_log_path
from .celery.utils import get_celery_task_log_path from .celery.utils import get_celery_task_log_path
from .const import CELERY_LOG_MAGIC_MARK from .const import CELERY_LOG_MAGIC_MARK
@ -48,13 +49,30 @@ class TaskLogWebsocket(AsyncJsonWebsocketConsumer):
else: else:
return None return None
@sync_to_async
def get_current_user_role_ids(self, user):
roles = user.system_roles.all() | user.org_roles.all()
user_role_ids = set(map(str, roles.values_list('id', flat=True)))
return user_role_ids
async def receive_json(self, content, **kwargs): async def receive_json(self, content, **kwargs):
task_id = content.get('task') task_id = content.get('task')
task = await self.get_task(task_id) task = await self.get_task(task_id)
if not task: if not task:
await self.send_json({'message': 'Task not found', 'task': task_id}) await self.send_json({'message': 'Task not found', 'task': task_id})
return return
if task.name in self.user_tasks and task.creator != self.scope['user']:
admin_auditor_role_ids = {
BuiltinRole.system_admin.id,
BuiltinRole.system_auditor.id,
BuiltinRole.org_admin.id,
BuiltinRole.org_auditor.id
}
user = self.scope['user']
user_role_ids = await self.get_current_user_role_ids(user)
has_admin_auditor_role = bool(admin_auditor_role_ids & user_role_ids)
if not has_admin_auditor_role and task.name in self.user_tasks and task.creator != user:
await self.send_json({'message': 'No permission', 'task': task_id}) await self.send_json({'message': 'No permission', 'task': task_id})
return return

2
apps/terminal/api/applet/host.py
View File

@ -60,7 +60,7 @@ class AppletHostDeploymentViewSet(viewsets.ModelViewSet):
queryset = AppletHostDeployment.objects.all() queryset = AppletHostDeployment.objects.all()
filterset_fields = ['host', ] filterset_fields = ['host', ]
rbac_perms = ( rbac_perms = (
('applets', 'terminal.view_AppletHostDeployment'), ('applets', 'terminal.view_applethostdeployment'),
('uninstall', 'terminal.change_applethost'), ('uninstall', 'terminal.change_applethost'),
) )