From 9e12f3cd1775f62a7569788917c9ff8d556c08a0 Mon Sep 17 00:00:00 2001 From: ibuler Date: Fri, 27 Sep 2019 14:18:51 +0800 Subject: [PATCH] =?UTF-8?q?[Update]=20=E8=A1=A8=E5=8D=95=E4=B8=AD=E7=94=A8?= =?UTF-8?q?=E6=88=B7=E4=BD=BF=E7=94=A8=E5=BC=82=E6=AD=A5?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../templates/assets/admin_user_detail.html | 3 +- .../assets/templates/assets/asset_create.html | 3 +- .../assets/templates/assets/asset_detail.html | 3 +- .../templates/assets/system_user_assets.html | 3 +- apps/jumpserver/conf.py | 1 + apps/jumpserver/settings.py | 2 ++ apps/locale/zh/LC_MESSAGES/django.po | 2 +- apps/orgs/models.py | 8 +++-- apps/orgs/utils.py | 9 +++++ apps/perms/forms/asset_permission.py | 7 ++-- apps/perms/forms/remote_app_permission.py | 9 +++-- .../perms/asset_permission_asset.html | 3 +- .../perms/asset_permission_create_update.html | 6 ++-- .../remote_app_permission_create_update.html | 3 +- apps/static/js/jumpserver.js | 33 +++++++++++++++++++ apps/users/api/user.py | 9 +++-- apps/users/forms.py | 10 +++--- .../users/user_group_create_update.html | 1 + 18 files changed, 85 insertions(+), 30 deletions(-) diff --git a/apps/assets/templates/assets/admin_user_detail.html b/apps/assets/templates/assets/admin_user_detail.html index a44b3cbb5..66480a2cb 100644 --- a/apps/assets/templates/assets/admin_user_detail.html +++ b/apps/assets/templates/assets/admin_user_detail.html @@ -140,8 +140,7 @@ function replaceNodeAssetsAdminUser(nodes) { jumpserver.nodes_selected = {}; $(document).ready(function () { - var url = "{% url 'api-assets:node-list' %}"; - nodesSelect2Init(".nodes-select2", url) + nodesSelect2Init(".nodes-select2") .on('select2:select', function(evt) { var data = evt.params.data; jumpserver.nodes_selected[data.id] = data.text; diff --git a/apps/assets/templates/assets/asset_create.html b/apps/assets/templates/assets/asset_create.html index e8c2b1e83..0f50b2b86 100644 --- a/apps/assets/templates/assets/asset_create.html +++ b/apps/assets/templates/assets/asset_create.html @@ -110,8 +110,7 @@ $(document).ready(function () { $('.select2').select2({ allowClear: true }); - var url = "{% url 'api-assets:node-list' %}"; - nodesSelect2Init(".nodes-select2", url); + nodesSelect2Init(".nodes-select2"); $(".labels").select2({ allowClear: true, templateSelection: format diff --git a/apps/assets/templates/assets/asset_detail.html b/apps/assets/templates/assets/asset_detail.html index c086e83f1..221818d2d 100644 --- a/apps/assets/templates/assets/asset_detail.html +++ b/apps/assets/templates/assets/asset_detail.html @@ -287,8 +287,7 @@ function refreshAssetHardware() { $(document).ready(function () { - var url = "{% url 'api-assets:node-list' %}"; - nodesSelect2Init(".nodes-select2", url) + nodesSelect2Init(".nodes-select2") .on('select2:select', function(evt) { var data = evt.params.data; jumpserver.nodes_selected[data.id] = data.text; diff --git a/apps/assets/templates/assets/system_user_assets.html b/apps/assets/templates/assets/system_user_assets.html index d4346003a..4229d12ab 100644 --- a/apps/assets/templates/assets/system_user_assets.html +++ b/apps/assets/templates/assets/system_user_assets.html @@ -153,8 +153,7 @@ jumpserver.nodes_selected = {}; $(document).ready(function () { $('.select2').select2() - var url = "{% url 'api-assets:node-list' %}"; - nodesSelect2Init(".nodes-select2", url) + nodesSelect2Init(".nodes-select2") .on('select2:select', function(evt) { var data = evt.params.data; jumpserver.nodes_selected[data.id] = data.text; diff --git a/apps/jumpserver/conf.py b/apps/jumpserver/conf.py index 64bc6df23..44fddfc63 100644 --- a/apps/jumpserver/conf.py +++ b/apps/jumpserver/conf.py @@ -387,6 +387,7 @@ defaults = { 'WINDOWS_SSH_DEFAULT_SHELL': 'cmd', 'FLOWER_URL': "127.0.0.1:5555", 'AUTH_LDAP_SEARCH_PAGED_SIZE': 1000, + 'DEFAULT_ORG_SHOW_ALL_USERS': True, } diff --git a/apps/jumpserver/settings.py b/apps/jumpserver/settings.py index 7cdd22d15..b5184de1a 100644 --- a/apps/jumpserver/settings.py +++ b/apps/jumpserver/settings.py @@ -624,6 +624,8 @@ ASSETS_PERM_CACHE_TIME = CONFIG.ASSETS_PERM_CACHE_TIME # Asset user auth external backend, default AuthBook backend BACKEND_ASSET_USER_AUTH_VAULT = False +DEFAULT_ORG_SHOW_ALL_USERS = CONFIG.DEFAULT_ORG_SHOW_ALL_USERS + PERM_SINGLE_ASSET_TO_UNGROUP_NODE = CONFIG.PERM_SINGLE_ASSET_TO_UNGROUP_NODE WINDOWS_SSH_DEFAULT_SHELL = CONFIG.WINDOWS_SSH_DEFAULT_SHELL FLOWER_URL = CONFIG.FLOWER_URL diff --git a/apps/locale/zh/LC_MESSAGES/django.po b/apps/locale/zh/LC_MESSAGES/django.po index 5c9d8c4bd..a12df41ac 100644 --- a/apps/locale/zh/LC_MESSAGES/django.po +++ b/apps/locale/zh/LC_MESSAGES/django.po @@ -6135,7 +6135,7 @@ msgstr "管理员" #: xpack/plugins/orgs/forms.py:42 msgid "Select auditor" -msgstr "选择审计员员" +msgstr "选择审计员" #: xpack/plugins/orgs/meta.py:8 xpack/plugins/orgs/views.py:26 #: xpack/plugins/orgs/views.py:43 xpack/plugins/orgs/views.py:60 diff --git a/apps/orgs/models.py b/apps/orgs/models.py index 59e28b1d1..c9bdc1f53 100644 --- a/apps/orgs/models.py +++ b/apps/orgs/models.py @@ -1,4 +1,5 @@ import uuid +from django.conf import settings from django.db import models from django.utils.translation import ugettext_lazy as _ @@ -75,7 +76,10 @@ class Organization(models.Model): from users.models import User if self.is_real(): return self.users.all() - return User.objects.filter(role=User.ROLE_USER) + users = User.objects.filter(role=User.ROLE_USER) + if self.is_default() and not settings.DEFAULT_ORG_SHOW_ALL_USERS: + users = users.filter(related_user_orgs__isnull=True) + return users def get_org_admins(self): from users.models import User @@ -130,7 +134,7 @@ class Organization(models.Model): return admin_orgs @classmethod - def get_user_user_orgs(self, user): + def get_user_user_orgs(cls, user): user_orgs = [] if user.is_anonymous: return user_orgs diff --git a/apps/orgs/utils.py b/apps/orgs/utils.py index 0d040d1d2..8fca26e35 100644 --- a/apps/orgs/utils.py +++ b/apps/orgs/utils.py @@ -11,8 +11,17 @@ def get_org_from_request(request): oid = request.session.get("oid") if not oid: oid = request.META.get("HTTP_X_JMS_ORG") + + request_params_oid = request.GET.get("oid") + if request_params_oid: + oid = request.GET.get("oid") + if not oid: oid = Organization.DEFAULT_ID + if oid.lower() == "default": + oid = Organization.DEFAULT_ID + elif oid.lower() == "root": + oid = Organization.ROOT_ID org = Organization.get_instance(oid) return org diff --git a/apps/perms/forms/asset_permission.py b/apps/perms/forms/asset_permission.py index b11269b85..a04efc767 100644 --- a/apps/perms/forms/asset_permission.py +++ b/apps/perms/forms/asset_permission.py @@ -38,20 +38,21 @@ class AssetPermissionForm(OrgModelForm): def __init__(self, *args, **kwargs): super().__init__(*args, **kwargs) - users_field = self.fields.get('users') - users_field.queryset = current_org.get_org_members(exclude=('Auditor',)) if self.data: return # 前端渲染优化, 防止过多资产 + users_field = self.fields.get('users') assets_field = self.fields['assets'] nodes_field = self.fields['nodes'] if self.instance: assets_field.queryset = self.instance.assets.all() nodes_field.queryset = self.instance.nodes.all() + users_field.queryset = self.instance.users.all() else: assets_field.queryset = Asset.objects.none() nodes_field.queryset = Node.objects.none() + users_field.queryset = [] def set_nodes_initial(self, nodes): field = self.fields['nodes'] @@ -70,7 +71,7 @@ class AssetPermissionForm(OrgModelForm): ) widgets = { 'users': forms.SelectMultiple( - attrs={'class': 'select2', 'data-placeholder': _("User")} + attrs={'class': 'users-select2', 'data-placeholder': _("User")} ), 'user_groups': forms.SelectMultiple( attrs={'class': 'select2', 'data-placeholder': _("User group")} diff --git a/apps/perms/forms/remote_app_permission.py b/apps/perms/forms/remote_app_permission.py index 5d38b283c..abac92e05 100644 --- a/apps/perms/forms/remote_app_permission.py +++ b/apps/perms/forms/remote_app_permission.py @@ -17,9 +17,12 @@ __all__ = [ class RemoteAppPermissionCreateUpdateForm(OrgModelForm): def __init__(self, *args, **kwargs): super().__init__(*args, **kwargs) + users_field = self.fields.get('users') - if hasattr(users_field, 'queryset'): - users_field.queryset = current_org.get_org_members(exclude=('Auditor',)) + if self.instance: + users_field.queryset = self.instance.users.all() + else: + users_field.queryset = [] class Meta: model = RemoteAppPermission @@ -28,7 +31,7 @@ class RemoteAppPermissionCreateUpdateForm(OrgModelForm): ) widgets = { 'users': forms.SelectMultiple( - attrs={'class': 'select2', 'data-placeholder': _('User')} + attrs={'class': 'users-select2', 'data-placeholder': _('User')} ), 'user_groups': forms.SelectMultiple( attrs={'class': 'select2', 'data-placeholder': _('User group')} diff --git a/apps/perms/templates/perms/asset_permission_asset.html b/apps/perms/templates/perms/asset_permission_asset.html index 8e9223ec3..f01f7cec8 100644 --- a/apps/perms/templates/perms/asset_permission_asset.html +++ b/apps/perms/templates/perms/asset_permission_asset.html @@ -204,8 +204,7 @@ $(document).ready(function () { $('.select2').select2(); table = initAssetTable(); - var nodeListUrl = "{% url 'api-assets:node-list' %}"; - nodesSelect2Init(".nodes-select2", nodeListUrl); + nodesSelect2Init(".nodes-select2"); $("#id_assets").parent().find(".select2-selection").on('click', function (e) { if ($(e.target).attr('class') !== 'select2-selection__choice__remove'){ diff --git a/apps/perms/templates/perms/asset_permission_create_update.html b/apps/perms/templates/perms/asset_permission_create_update.html index 02d51e220..5e4c650d0 100644 --- a/apps/perms/templates/perms/asset_permission_create_update.html +++ b/apps/perms/templates/perms/asset_permission_create_update.html @@ -116,8 +116,8 @@ $(document).ready(function () { $('.select2').select2({ closeOnSelect: false }); - var url = "{% url 'api-assets:node-list' %}"; - nodesSelect2Init(".nodes-select2", url); + nodesSelect2Init(".nodes-select2"); + usersSelect2Init(".users-select2"); $('#date_start').daterangepicker(dateOptions); $('#date_expired').daterangepicker(dateOptions); @@ -154,4 +154,4 @@ $(document).ready(function () { formSubmit(props); }) -{% endblock %} \ No newline at end of file +{% endblock %} diff --git a/apps/perms/templates/perms/remote_app_permission_create_update.html b/apps/perms/templates/perms/remote_app_permission_create_update.html index ce37d788b..e7e9eb099 100644 --- a/apps/perms/templates/perms/remote_app_permission_create_update.html +++ b/apps/perms/templates/perms/remote_app_permission_create_update.html @@ -114,6 +114,7 @@ $(document).ready(function () { $('.select2').select2({ closeOnSelect: false }); + usersSelect2Init('.users-select2'); $('#date_start').daterangepicker(dateOptions); $('#date_expired').daterangepicker(dateOptions); }) @@ -141,4 +142,4 @@ $(document).ready(function () { formSubmit(props); }) -{% endblock %} \ No newline at end of file +{% endblock %} diff --git a/apps/static/js/jumpserver.js b/apps/static/js/jumpserver.js index f7f7b655c..d028743be 100644 --- a/apps/static/js/jumpserver.js +++ b/apps/static/js/jumpserver.js @@ -1177,6 +1177,9 @@ function readFile(ref) { } function nodesSelect2Init(selector, url) { + if (!url) { + url = '/api/v1/assets/nodes/' + } return $(selector).select2({ closeOnSelect: false, ajax: { @@ -1201,6 +1204,36 @@ function nodesSelect2Init(selector, url) { }) } +function usersSelect2Init(selector, url) { + if (!url) { + url = '/api/v1/users/users/' + } + return $(selector).select2({ + closeOnSelect: false, + ajax: { + url: url, + data: function (params) { + var page = params.page || 1; + var query = { + search: params.term, + offset: (page - 1) * 10, + limit: 10 + }; + return query + }, + processResults: function (data) { + var results = $.map(data.results, function (v, i) { + var display = v.name + '(' + v.username +')'; + return {id: v.id, text: display} + }); + var more = !!data.next; + return {results: results, pagination: {"more": more}} + } + }, + }) + +} + function showCeleryTaskLog(taskId) { var url = '/ops/celery/task/taskId/log/'.replace('taskId', taskId); window.open(url, '', 'width=900,height=600') diff --git a/apps/users/api/user.py b/apps/users/api/user.py index b8a215c47..77406c896 100644 --- a/apps/users/api/user.py +++ b/apps/users/api/user.py @@ -12,7 +12,7 @@ from rest_framework_bulk import BulkModelViewSet from common.permissions import ( IsOrgAdmin, IsCurrentUserOrReadOnly, IsOrgAdminOrAppUser, - CanUpdateDeleteUser, + CanUpdateDeleteUser, IsSuperUser ) from common.mixins import CommonApiMixin from common.utils import get_logger @@ -52,12 +52,15 @@ class UserViewSet(CommonApiMixin, BulkModelViewSet): self.send_created_signal(users) def get_queryset(self): - queryset = current_org.get_org_members().prefetch_related('groups') + queryset = current_org.get_org_members()\ + .prefetch_related('groups') return queryset def get_permissions(self): if self.action in ["retrieve", "list"]: self.permission_classes = (IsOrgAdminOrAppUser,) + if self.request.query_params.get('all'): + self.permission_classes = (IsSuperUser,) return super().get_permissions() def perform_bulk_destroy(self, objects): @@ -176,4 +179,4 @@ class UserResetOTPApi(generics.RetrieveAPIView): user.otp_secret_key = '' user.save() logout(request) - return Response({"msg": "success"}) \ No newline at end of file + return Response({"msg": "success"}) diff --git a/apps/users/forms.py b/apps/users/forms.py index 6dcd1ade4..3a8228b49 100644 --- a/apps/users/forms.py +++ b/apps/users/forms.py @@ -308,11 +308,11 @@ class UserBulkUpdateForm(OrgModelForm): class UserGroupForm(OrgModelForm): users = forms.ModelMultipleChoiceField( - queryset=User.objects.all(), + queryset=User.objects.none(), label=_("User"), widget=forms.SelectMultiple( attrs={ - 'class': 'select2', + 'class': 'users-select2', 'data-placeholder': _('Select users') } ), @@ -329,8 +329,10 @@ class UserGroupForm(OrgModelForm): if 'initial' not in kwargs: return users_field = self.fields.get('users') - if hasattr(users_field, 'queryset'): - users_field.queryset = current_org.get_org_members(exclude=('Auditor',)) + if instance: + users_field.queryset = instance.users.all() + else: + users_field.queryset = User.objects.none() def save(self, commit=True): group = super().save(commit=commit) diff --git a/apps/users/templates/users/user_group_create_update.html b/apps/users/templates/users/user_group_create_update.html index dcf02adb9..1ae714618 100644 --- a/apps/users/templates/users/user_group_create_update.html +++ b/apps/users/templates/users/user_group_create_update.html @@ -46,6 +46,7 @@ $(document).ready(function () { $('.select2').select2({ closeOnSelect: false }); + usersSelect2Init('.users-select2') }) .on("submit", "form", function (evt) { evt.preventDefault();