github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

[Update] 增加审计员权限控制 (#2792) 

* [Update] 审计员

* [Update] 增加审计员的权限控制

* [Update] 增加审计员Api全校的控制

* [Update] 优化auditor的api权限控制

* [Update] 优化审计员权限控制

* [Update]优化管理员权限的View

* [Update] 优化超级管理权限的View

* [Update] 添加审计员切换组织查询会话管理数据

* [Update] 前端禁用审计员在线会话终断按钮

* [Update]优化细节问题
pull/2806/head^2
八千流 2019-06-19 10:47:26 +08:00 committed by 老广
parent c71f417ebf
commit 8adaf629b4
36 changed files with 429 additions and 269 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
apps/applications/hands.py
View File

@ -11,6 +11,5 @@
"""
from common.permissions import AdminUserRequiredMixin
from common.permissions import IsAppUser, IsOrgAdmin, IsValidUser, IsOrgAdminOrAppUser
from users.models import User, UserGroup

14
apps/applications/views/remote_app.py
View File

@ -10,7 +10,7 @@ from django.contrib.auth.mixins import LoginRequiredMixin
from django.urls import reverse_lazy
from common.permissions import AdminUserRequiredMixin
from common.permissions import PermissionsMixin, IsOrgAdmin
from common.const import create_success_msg, update_success_msg
from ..models import RemoteApp
@ -23,8 +23,9 @@ __all__ = [
]
class RemoteAppListView(AdminUserRequiredMixin, TemplateView):
class RemoteAppListView(PermissionsMixin, TemplateView):
template_name = 'applications/remote_app_list.html'
permission_classes = [IsOrgAdmin]
def get_context_data(self, **kwargs):
context = {
@ -35,11 +36,12 @@ class RemoteAppListView(AdminUserRequiredMixin, TemplateView):
return super().get_context_data(**kwargs)
class RemoteAppCreateView(AdminUserRequiredMixin, SuccessMessageMixin, CreateView):
class RemoteAppCreateView(PermissionsMixin, SuccessMessageMixin, CreateView):
template_name = 'applications/remote_app_create_update.html'
model = RemoteApp
form_class = forms.RemoteAppCreateUpdateForm
success_url = reverse_lazy('applications:remote-app-list')
permission_classes = [IsOrgAdmin]
def get_context_data(self, **kwargs):
context = {
@ -53,11 +55,12 @@ class RemoteAppCreateView(AdminUserRequiredMixin, SuccessMessageMixin, CreateVie
return create_success_msg % ({'name': cleaned_data['name']})
class RemoteAppUpdateView(AdminUserRequiredMixin, SuccessMessageMixin, UpdateView):
class RemoteAppUpdateView(PermissionsMixin, SuccessMessageMixin, UpdateView):
template_name = 'applications/remote_app_create_update.html'
model = RemoteApp
form_class = forms.RemoteAppCreateUpdateForm
success_url = reverse_lazy('applications:remote-app-list')
permission_classes = [IsOrgAdmin]
def get_initial(self):
return {k: v for k, v in self.object.params.items()}
@ -74,10 +77,11 @@ class RemoteAppUpdateView(AdminUserRequiredMixin, SuccessMessageMixin, UpdateVie
return update_success_msg % ({'name': cleaned_data['name']})
class RemoteAppDetailView(AdminUserRequiredMixin, DetailView):
class RemoteAppDetailView(PermissionsMixin, DetailView):
template_name = 'applications/remote_app_detail.html'
model = RemoteApp
context_object_name = 'remote_app'
permission_classes = [IsOrgAdmin]
def get_context_data(self, **kwargs):
context = {

1
apps/assets/hands.py
View File

@ -11,6 +11,5 @@
"""
from common.permissions import AdminUserRequiredMixin
from common.permissions import IsAppUser, IsOrgAdmin, IsValidUser, IsOrgAdminOrAppUser
from users.models import User, UserGroup

20
apps/assets/views/admin_user.py
View File

@ -11,7 +11,7 @@ from django.views.generic.detail import DetailView, SingleObjectMixin
from common.const import create_success_msg, update_success_msg
from .. import forms
from ..models import AdminUser, Node
from common.permissions import AdminUserRequiredMixin
from common.permissions import PermissionsMixin, IsOrgAdmin
__all__ = [
'AdminUserCreateView', 'AdminUserDetailView',
@ -20,9 +20,10 @@ __all__ = [
]
class AdminUserListView(AdminUserRequiredMixin, TemplateView):
class AdminUserListView(PermissionsMixin, TemplateView):
model = AdminUser
template_name = 'assets/admin_user_list.html'
permission_classes = [IsOrgAdmin]
def get_context_data(self, **kwargs):
context = {
@ -33,7 +34,7 @@ class AdminUserListView(AdminUserRequiredMixin, TemplateView):
return super().get_context_data(**kwargs)
class AdminUserCreateView(AdminUserRequiredMixin,
class AdminUserCreateView(PermissionsMixin,
SuccessMessageMixin,
CreateView):
model = AdminUser
@ -41,6 +42,7 @@ class AdminUserCreateView(AdminUserRequiredMixin,
template_name = 'assets/admin_user_create_update.html'
success_url = reverse_lazy('assets:admin-user-list')
success_message = create_success_msg
permission_classes = [IsOrgAdmin]
def get_context_data(self, **kwargs):
context = {
@ -51,12 +53,13 @@ class AdminUserCreateView(AdminUserRequiredMixin,
return super().get_context_data(**kwargs)
class AdminUserUpdateView(AdminUserRequiredMixin, SuccessMessageMixin, UpdateView):
class AdminUserUpdateView(PermissionsMixin, SuccessMessageMixin, UpdateView):
model = AdminUser
form_class = forms.AdminUserForm
template_name = 'assets/admin_user_create_update.html'
success_url = reverse_lazy('assets:admin-user-list')
success_message = update_success_msg
permission_classes = [IsOrgAdmin]
def get_context_data(self, **kwargs):
context = {
@ -67,11 +70,12 @@ class AdminUserUpdateView(AdminUserRequiredMixin, SuccessMessageMixin, UpdateVie
return super().get_context_data(**kwargs)
class AdminUserDetailView(AdminUserRequiredMixin, DetailView):
class AdminUserDetailView(PermissionsMixin, DetailView):
model = AdminUser
template_name = 'assets/admin_user_detail.html'
context_object_name = 'admin_user'
object = None
permission_classes = [IsOrgAdmin]
def get_context_data(self, **kwargs):
context = {
@ -83,11 +87,12 @@ class AdminUserDetailView(AdminUserRequiredMixin, DetailView):
return super().get_context_data(**kwargs)
class AdminUserAssetsView(AdminUserRequiredMixin, SingleObjectMixin, ListView):
class AdminUserAssetsView(PermissionsMixin, SingleObjectMixin, ListView):
paginate_by = settings.DISPLAY_PER_PAGE
template_name = 'assets/admin_user_assets.html'
context_object_name = 'admin_user'
object = None
permission_classes = [IsOrgAdmin]
def get(self, request, *args, **kwargs):
self.object = self.get_object(queryset=AdminUser.objects.all())
@ -108,9 +113,10 @@ class AdminUserAssetsView(AdminUserRequiredMixin, SingleObjectMixin, ListView):
return super().get_context_data(**kwargs)
class AdminUserDeleteView(AdminUserRequiredMixin, DeleteView):
class AdminUserDeleteView(PermissionsMixin, DeleteView):
model = AdminUser
template_name = 'delete_confirm.html'
success_url = reverse_lazy('assets:admin-user-list')
permission_classes = [IsOrgAdmin]

23
apps/assets/views/asset.py
View File

@ -27,7 +27,7 @@ from django.forms.formsets import formset_factory
from common.mixins import JSONResponseMixin
from common.utils import get_object_or_none, get_logger
from common.permissions import AdminUserRequiredMixin
from common.permissions import PermissionsMixin ,IsOrgAdmin
from common.const import (
create_success_msg, update_success_msg, KEY_CACHE_RESOURCES_ID
)
@ -43,8 +43,9 @@ __all__ = [
logger = get_logger(__file__)
class AssetListView(AdminUserRequiredMixin, TemplateView):
class AssetListView(PermissionsMixin, TemplateView):
template_name = 'assets/asset_list.html'
permission_classes = [IsOrgAdmin]
def get_context_data(self, **kwargs):
Node.root()
@ -58,10 +59,11 @@ class AssetListView(AdminUserRequiredMixin, TemplateView):
return super().get_context_data(**kwargs)
class AssetUserListView(AdminUserRequiredMixin, DetailView):
class AssetUserListView(PermissionsMixin, DetailView):
model = Asset
context_object_name = 'asset'
template_name = 'assets/asset_asset_user_list.html'
permission_classes = [IsOrgAdmin]
def get_context_data(self, **kwargs):
context = {
@ -85,11 +87,12 @@ class UserAssetListView(LoginRequiredMixin, TemplateView):
return super().get_context_data(**kwargs)
class AssetCreateView(AdminUserRequiredMixin, SuccessMessageMixin, CreateView):
class AssetCreateView(PermissionsMixin, SuccessMessageMixin, CreateView):
model = Asset
form_class = forms.AssetCreateForm
template_name = 'assets/asset_create.html'
success_url = reverse_lazy('assets:asset-list')
permission_classes = [IsOrgAdmin]
def get_form(self, form_class=None):
form = super().get_form(form_class=form_class)
@ -133,7 +136,7 @@ class AssetCreateView(AdminUserRequiredMixin, SuccessMessageMixin, CreateView):
return create_success_msg % ({"name": cleaned_data["hostname"]})
class AssetBulkUpdateView(AdminUserRequiredMixin, ListView):
class AssetBulkUpdateView(PermissionsMixin, ListView):
model = Asset
form_class = forms.AssetBulkUpdateForm
template_name = 'assets/asset_bulk_update.html'
@ -141,6 +144,7 @@ class AssetBulkUpdateView(AdminUserRequiredMixin, ListView):
success_message = _("Bulk update asset success")
id_list = None
form = None
permission_classes = [IsOrgAdmin]
def get(self, request, *args, **kwargs):
spm = request.GET.get('spm', '')
@ -173,11 +177,12 @@ class AssetBulkUpdateView(AdminUserRequiredMixin, ListView):
return super().get_context_data(**kwargs)
class AssetUpdateView(AdminUserRequiredMixin, SuccessMessageMixin, UpdateView):
class AssetUpdateView(PermissionsMixin, SuccessMessageMixin, UpdateView):
model = Asset
form_class = forms.AssetUpdateForm
template_name = 'assets/asset_update.html'
success_url = reverse_lazy('assets:asset-list')
permission_classes = [IsOrgAdmin]
def get_protocol_formset(self):
ProtocolFormset = formset_factory(forms.ProtocolForm, extra=0, min_num=1, max_num=5)
@ -202,10 +207,11 @@ class AssetUpdateView(AdminUserRequiredMixin, SuccessMessageMixin, UpdateView):
return update_success_msg % ({"name": cleaned_data["hostname"]})
class AssetDeleteView(AdminUserRequiredMixin, DeleteView):
class AssetDeleteView(PermissionsMixin, DeleteView):
model = Asset
template_name = 'delete_confirm.html'
success_url = reverse_lazy('assets:asset-list')
permission_classes = [IsOrgAdmin]
class AssetDetailView(LoginRequiredMixin, DetailView):
@ -272,8 +278,9 @@ class AssetExportView(LoginRequiredMixin, View):
return JsonResponse({'redirect': url})
class BulkImportAssetView(AdminUserRequiredMixin, JSONResponseMixin, FormView):
class BulkImportAssetView(PermissionsMixin, JSONResponseMixin, FormView):
form_class = forms.FileForm
permission_classes = [IsOrgAdmin]
def form_valid(self, form):
node_id = self.request.GET.get("node_id")

23
apps/assets/views/cmd_filter.py
View File

@ -8,7 +8,7 @@ from django.utils.translation import ugettext_lazy as _
from django.urls import reverse_lazy
from django.shortcuts import get_object_or_404, reverse
from common.permissions import AdminUserRequiredMixin
from common.permissions import PermissionsMixin, IsOrgAdmin
from common.const import create_success_msg, update_success_msg
from ..models import CommandFilter, CommandFilterRule, SystemUser
from ..forms import CommandFilterForm, CommandFilterRuleForm
@ -22,8 +22,9 @@ __all__ = (
)
class CommandFilterListView(AdminUserRequiredMixin, TemplateView):
class CommandFilterListView(PermissionsMixin, TemplateView):
template_name = 'assets/cmd_filter_list.html'
permission_classes = [IsOrgAdmin]
def get_context_data(self, **kwargs):
context = {
@ -34,12 +35,13 @@ class CommandFilterListView(AdminUserRequiredMixin, TemplateView):
return super().get_context_data(**kwargs)
class CommandFilterCreateView(AdminUserRequiredMixin, CreateView):
class CommandFilterCreateView(PermissionsMixin, CreateView):
model = CommandFilter
template_name = 'assets/cmd_filter_create_update.html'
form_class = CommandFilterForm
success_url = reverse_lazy('assets:cmd-filter-list')
success_message = create_success_msg
permission_classes = [IsOrgAdmin]
def get_context_data(self, **kwargs):
context = {
@ -50,12 +52,13 @@ class CommandFilterCreateView(AdminUserRequiredMixin, CreateView):
return super().get_context_data(**kwargs)
class CommandFilterUpdateView(AdminUserRequiredMixin, UpdateView):
class CommandFilterUpdateView(PermissionsMixin, UpdateView):
model = CommandFilter
template_name = 'assets/cmd_filter_create_update.html'
form_class = CommandFilterForm
success_url = reverse_lazy('assets:cmd-filter-list')
success_message = update_success_msg
permission_classes = [IsOrgAdmin]
def get_context_data(self, **kwargs):
context = {
@ -66,9 +69,10 @@ class CommandFilterUpdateView(AdminUserRequiredMixin, UpdateView):
return super().get_context_data(**kwargs)
class CommandFilterDetailView(AdminUserRequiredMixin, DetailView):
class CommandFilterDetailView(PermissionsMixin, DetailView):
model = CommandFilter
template_name = 'assets/cmd_filter_detail.html'
permission_classes = [IsOrgAdmin]
def get_context_data(self, **kwargs):
system_users_remain = SystemUser.objects\
@ -83,10 +87,11 @@ class CommandFilterDetailView(AdminUserRequiredMixin, DetailView):
return super().get_context_data(**kwargs)
class CommandFilterRuleListView(AdminUserRequiredMixin, SingleObjectMixin, TemplateView):
class CommandFilterRuleListView(PermissionsMixin, SingleObjectMixin, TemplateView):
template_name = 'assets/cmd_filter_rule_list.html'
model = CommandFilter
object = None
permission_classes = [IsOrgAdmin]
def get(self, request, *args, **kwargs):
self.object = self.get_object(queryset=self.model.objects.all())
@ -102,12 +107,13 @@ class CommandFilterRuleListView(AdminUserRequiredMixin, SingleObjectMixin, Templ
return super().get_context_data(**kwargs)
class CommandFilterRuleCreateView(AdminUserRequiredMixin, CreateView):
class CommandFilterRuleCreateView(PermissionsMixin, CreateView):
template_name = 'assets/cmd_filter_rule_create_update.html'
model = CommandFilterRule
form_class = CommandFilterRuleForm
success_message = create_success_msg
cmd_filter = None
permission_classes = [IsOrgAdmin]
def get_success_url(self):
return reverse('assets:cmd-filter-rule-list', kwargs={
@ -135,12 +141,13 @@ class CommandFilterRuleCreateView(AdminUserRequiredMixin, CreateView):
return super().get_context_data(**kwargs)
class CommandFilterRuleUpdateView(AdminUserRequiredMixin, UpdateView):
class CommandFilterRuleUpdateView(PermissionsMixin, UpdateView):
template_name = 'assets/cmd_filter_rule_create_update.html'
model = CommandFilterRule
form_class = CommandFilterRuleForm
success_message = create_success_msg
cmd_filter = None
permission_classes = [IsOrgAdmin]
def get_success_url(self):
return reverse('assets:cmd-filter-rule-list', kwargs={

26
apps/assets/views/domain.py
View File

@ -7,7 +7,7 @@ from django.views.generic.detail import SingleObjectMixin
from django.utils.translation import ugettext_lazy as _
from django.urls import reverse_lazy, reverse
from common.permissions import AdminUserRequiredMixin
from common.permissions import PermissionsMixin ,IsOrgAdmin
from common.const import create_success_msg, update_success_msg
from common.utils import get_object_or_none
from ..models import Domain, Gateway
@ -21,8 +21,9 @@ __all__ = (
)
class DomainListView(AdminUserRequiredMixin, TemplateView):
class DomainListView(PermissionsMixin, TemplateView):
template_name = 'assets/domain_list.html'
permission_classes = [IsOrgAdmin]
def get_context_data(self, **kwargs):
context = {
@ -33,12 +34,13 @@ class DomainListView(AdminUserRequiredMixin, TemplateView):
return super().get_context_data(**kwargs)
class DomainCreateView(AdminUserRequiredMixin, CreateView):
class DomainCreateView(PermissionsMixin, CreateView):
model = Domain
template_name = 'assets/domain_create_update.html'
form_class = DomainForm
success_url = reverse_lazy('assets:domain-list')
success_message = create_success_msg
permission_classes = [IsOrgAdmin]
def get_context_data(self, **kwargs):
context = {
@ -49,12 +51,13 @@ class DomainCreateView(AdminUserRequiredMixin, CreateView):
return super().get_context_data(**kwargs)
class DomainUpdateView(AdminUserRequiredMixin, UpdateView):
class DomainUpdateView(PermissionsMixin, UpdateView):
model = Domain
template_name = 'assets/domain_create_update.html'
form_class = DomainForm
success_url = reverse_lazy('assets:domain-list')
success_message = update_success_msg
permission_classes = [IsOrgAdmin]
def get_context_data(self, **kwargs):
context = {
@ -65,9 +68,10 @@ class DomainUpdateView(AdminUserRequiredMixin, UpdateView):
return super().get_context_data(**kwargs)
class DomainDetailView(AdminUserRequiredMixin, DetailView):
class DomainDetailView(PermissionsMixin, DetailView):
model = Domain
template_name = 'assets/domain_detail.html'
permission_classes = [IsOrgAdmin]
def get_context_data(self, **kwargs):
context = {
@ -78,16 +82,18 @@ class DomainDetailView(AdminUserRequiredMixin, DetailView):
return super().get_context_data(**kwargs)
class DomainDeleteView(AdminUserRequiredMixin, DeleteView):
class DomainDeleteView(PermissionsMixin, DeleteView):
model = Domain
template_name = 'delete_confirm.html'
success_url = reverse_lazy('assets:domain-list')
permission_classes = [IsOrgAdmin]
class DomainGatewayListView(AdminUserRequiredMixin, SingleObjectMixin, TemplateView):
class DomainGatewayListView(PermissionsMixin, SingleObjectMixin, TemplateView):
template_name = 'assets/domain_gateway_list.html'
model = Domain
object = None
permission_classes = [IsOrgAdmin]
def get(self, request, *args, **kwargs):
self.object = self.get_object(queryset=self.model.objects.all())
@ -103,11 +109,12 @@ class DomainGatewayListView(AdminUserRequiredMixin, SingleObjectMixin, TemplateV
return super().get_context_data(**kwargs)
class DomainGatewayCreateView(AdminUserRequiredMixin, CreateView):
class DomainGatewayCreateView(PermissionsMixin, CreateView):
model = Gateway
template_name = 'assets/gateway_create_update.html'
form_class = GatewayForm
success_message = create_success_msg
permission_classes = [IsOrgAdmin]
def get_success_url(self):
domain = self.object.domain
@ -130,11 +137,12 @@ class DomainGatewayCreateView(AdminUserRequiredMixin, CreateView):
return super().get_context_data(**kwargs)
class DomainGatewayUpdateView(AdminUserRequiredMixin, UpdateView):
class DomainGatewayUpdateView(PermissionsMixin, UpdateView):
model = Gateway
template_name = 'assets/gateway_create_update.html'
form_class = GatewayForm
success_message = update_success_msg
permission_classes = [IsOrgAdmin]
def get_success_url(self):
domain = self.object.domain

16
apps/assets/views/label.py
View File

@ -6,7 +6,7 @@ from django.views.generic import TemplateView, CreateView, \
from django.utils.translation import ugettext_lazy as _
from django.urls import reverse_lazy
from common.permissions import AdminUserRequiredMixin
from common.permissions import PermissionsMixin, IsOrgAdmin
from common.const import create_success_msg, update_success_msg
from ..models import Label
from ..forms import LabelForm
@ -18,8 +18,9 @@ __all__ = (
)
class LabelListView(AdminUserRequiredMixin, TemplateView):
class LabelListView(PermissionsMixin, TemplateView):
template_name = 'assets/label_list.html'
permission_classes = [IsOrgAdmin]
def get_context_data(self, **kwargs):
context = {
@ -30,13 +31,14 @@ class LabelListView(AdminUserRequiredMixin, TemplateView):
return super().get_context_data(**kwargs)
class LabelCreateView(AdminUserRequiredMixin, CreateView):
class LabelCreateView(PermissionsMixin, CreateView):
model = Label
template_name = 'assets/label_create_update.html'
form_class = LabelForm
success_url = reverse_lazy('assets:label-list')
success_message = create_success_msg
disable_name = ['draw', 'search', 'limit', 'offset', '_']
permission_classes = [IsOrgAdmin]
def get_context_data(self, **kwargs):
context = {
@ -57,12 +59,13 @@ class LabelCreateView(AdminUserRequiredMixin, CreateView):
return super().form_valid(form)
class LabelUpdateView(AdminUserRequiredMixin, UpdateView):
class LabelUpdateView(PermissionsMixin, UpdateView):
model = Label
template_name = 'assets/label_create_update.html'
form_class = LabelForm
success_url = reverse_lazy('assets:label-list')
success_message = update_success_msg
permission_classes = [IsOrgAdmin]
def get_context_data(self, **kwargs):
context = {
@ -73,11 +76,12 @@ class LabelUpdateView(AdminUserRequiredMixin, UpdateView):
return super().get_context_data(**kwargs)
class LabelDetailView(AdminUserRequiredMixin, DetailView):
class LabelDetailView(PermissionsMixin, DetailView):
pass
class LabelDeleteView(AdminUserRequiredMixin, DeleteView):
class LabelDeleteView(PermissionsMixin, DeleteView):
model = Label
template_name = 'delete_confirm.html'
success_url = reverse_lazy('assets:label-list')
permission_classes = [IsOrgAdmin]

20
apps/assets/views/system_user.py
View File

@ -10,7 +10,7 @@ from django.views.generic.detail import DetailView
from common.const import create_success_msg, update_success_msg
from ..forms import SystemUserForm
from ..models import SystemUser, Node, CommandFilter
from common.permissions import AdminUserRequiredMixin
from common.permissions import PermissionsMixin, IsOrgAdmin
__all__ = [
@ -20,8 +20,9 @@ __all__ = [
]
class SystemUserListView(AdminUserRequiredMixin, TemplateView):
class SystemUserListView(PermissionsMixin, TemplateView):
template_name = 'assets/system_user_list.html'
permission_classes = [IsOrgAdmin]
def get_context_data(self, **kwargs):
context = {
@ -32,12 +33,13 @@ class SystemUserListView(AdminUserRequiredMixin, TemplateView):
return super().get_context_data(**kwargs)
class SystemUserCreateView(AdminUserRequiredMixin, SuccessMessageMixin, CreateView):
class SystemUserCreateView(PermissionsMixin, SuccessMessageMixin, CreateView):
model = SystemUser
form_class = SystemUserForm
template_name = 'assets/system_user_create.html'
success_url = reverse_lazy('assets:system-user-list')
success_message = create_success_msg
permission_classes = [IsOrgAdmin]
def get_context_data(self, **kwargs):
context = {
@ -48,12 +50,13 @@ class SystemUserCreateView(AdminUserRequiredMixin, SuccessMessageMixin, CreateVi
return super().get_context_data(**kwargs)
class SystemUserUpdateView(AdminUserRequiredMixin, SuccessMessageMixin, UpdateView):
class SystemUserUpdateView(PermissionsMixin, SuccessMessageMixin, UpdateView):
model = SystemUser
form_class = SystemUserForm
template_name = 'assets/system_user_update.html'
success_url = reverse_lazy('assets:system-user-list')
success_message = update_success_msg
permission_classes = [IsOrgAdmin]
def get_context_data(self, **kwargs):
context = {
@ -64,10 +67,11 @@ class SystemUserUpdateView(AdminUserRequiredMixin, SuccessMessageMixin, UpdateVi
return super().get_context_data(**kwargs)
class SystemUserDetailView(AdminUserRequiredMixin, DetailView):
class SystemUserDetailView(PermissionsMixin, DetailView):
template_name = 'assets/system_user_detail.html'
context_object_name = 'system_user'
model = SystemUser
permission_classes = [IsOrgAdmin]
def get_context_data(self, **kwargs):
context = {
@ -79,16 +83,18 @@ class SystemUserDetailView(AdminUserRequiredMixin, DetailView):
return super().get_context_data(**kwargs)
class SystemUserDeleteView(AdminUserRequiredMixin, DeleteView):
class SystemUserDeleteView(PermissionsMixin, DeleteView):
model = SystemUser
template_name = 'delete_confirm.html'
success_url = reverse_lazy('assets:system-user-list')
permission_classes = [IsOrgAdmin]
class SystemUserAssetView(AdminUserRequiredMixin, DetailView):
class SystemUserAssetView(PermissionsMixin, DetailView):
model = SystemUser
template_name = 'assets/system_user_asset.html'
context_object_name = 'system_user'
permission_classes = [IsOrgAdmin]
def get_context_data(self, **kwargs):
nodes_remain = sorted(Node.objects.exclude(systemuser=self.object), reverse=True)

4
apps/audits/api.py
View File

@ -3,7 +3,7 @@
from rest_framework import viewsets
from common.permissions import IsOrgAdminOrAppUser
from common.permissions import IsOrgAdminOrAppUser, IsAuditor
from .models import FTPLog
from .serializers import FTPLogSerializer
@ -11,4 +11,4 @@ from .serializers import FTPLogSerializer
class FTPLogViewSet(viewsets.ModelViewSet):
queryset = FTPLog.objects.all()
serializer_class = FTPLogSerializer
permission_classes = (IsOrgAdminOrAppUser,)
permission_classes = (IsOrgAdminOrAppUser | IsAuditor,)

15
apps/audits/views.py
View File

@ -19,7 +19,7 @@ from django.db.models import Q
from audits.utils import get_excel_response, write_content_to_excel
from common.mixins import DatetimeSearchMixin
from common.permissions import AdminUserRequiredMixin
from common.permissions import PermissionsMixin, IsOrgAdmin, IsAuditor
from orgs.utils import current_org
from ops.views import CommandExecutionListView as UserCommandExecutionListView
@ -42,12 +42,13 @@ def get_resource_type_list():
return [model._meta.verbose_name for model in models]
class FTPLogListView(AdminUserRequiredMixin, DatetimeSearchMixin, ListView):
class FTPLogListView(PermissionsMixin, DatetimeSearchMixin, ListView):
model = FTPLog
template_name = 'audits/ftp_log_list.html'
paginate_by = settings.DISPLAY_PER_PAGE
user = asset = system_user = filename = ''
date_from = date_to = None
permission_classes = [IsOrgAdmin | IsAuditor]
def get_queryset(self):
self.queryset = super().get_queryset()
@ -89,13 +90,14 @@ class FTPLogListView(AdminUserRequiredMixin, DatetimeSearchMixin, ListView):
return super().get_context_data(**kwargs)
class OperateLogListView(AdminUserRequiredMixin, DatetimeSearchMixin, ListView):
class OperateLogListView(PermissionsMixin, DatetimeSearchMixin, ListView):
model = OperateLog
template_name = 'audits/operate_log_list.html'
paginate_by = settings.DISPLAY_PER_PAGE
user = action = resource_type = ''
date_from = date_to = None
actions_dict = dict(OperateLog.ACTION_CHOICES)
permission_classes = [IsOrgAdmin | IsAuditor]
def get_queryset(self):
self.queryset = super().get_queryset()
@ -124,7 +126,6 @@ class OperateLogListView(AdminUserRequiredMixin, DatetimeSearchMixin, ListView):
'date_from': self.date_from,
'date_to': self.date_to,
'user': self.user,
'action': self.action,
'resource_type': self.resource_type,
"app": _("Audits"),
"action": _("Operate log"),
@ -133,12 +134,13 @@ class OperateLogListView(AdminUserRequiredMixin, DatetimeSearchMixin, ListView):
return super().get_context_data(**kwargs)
class PasswordChangeLogList(AdminUserRequiredMixin, DatetimeSearchMixin, ListView):
class PasswordChangeLogList(PermissionsMixin, DatetimeSearchMixin, ListView):
model = PasswordChangeLog
template_name = 'audits/password_change_log_list.html'
paginate_by = settings.DISPLAY_PER_PAGE
user = ''
date_from = date_to = None
permission_classes = [IsOrgAdmin | IsAuditor]
def get_queryset(self):
users = current_org.get_org_users()
@ -169,12 +171,13 @@ class PasswordChangeLogList(AdminUserRequiredMixin, DatetimeSearchMixin, ListVie
return super().get_context_data(**kwargs)
class LoginLogListView(AdminUserRequiredMixin, DatetimeSearchMixin, ListView):
class LoginLogListView(PermissionsMixin, DatetimeSearchMixin, ListView):
template_name = 'audits/login_log_list.html'
model = UserLoginLog
paginate_by = settings.DISPLAY_PER_PAGE
user = keyword = ""
date_to = date_from = None
permission_classes = [IsOrgAdmin | IsAuditor]
@staticmethod
def get_org_users():

17
apps/common/permissions.py
View File

@ -27,6 +27,12 @@ class IsAppUser(IsValidUser):
and request.user.is_app
class IsAuditor(IsValidUser):
def has_permission(self, request, view):
return super(IsAuditor, self).has_permission(request, view) \
and request.user.is_auditor
class IsSuperUser(IsValidUser):
def has_permission(self, request, view):
return super(IsSuperUser, self).has_permission(request, view) \
@ -115,3 +121,14 @@ class WithBootstrapToken(permissions.BasePermission):
return False
request_bootstrap_token = authorization.split()[-1]
return settings.BOOTSTRAP_TOKEN == request_bootstrap_token
class PermissionsMixin(UserPassesTestMixin):
permission_classes = []
def test_func(self):
permission_classes = self.permission_classes
for permission_class in permission_classes:
if not permission_class().has_permission(self.request, self):
return False
return True

2
apps/jumpserver/views.py
View File

@ -31,6 +31,8 @@ class IndexView(LoginRequiredMixin, TemplateView):
def dispatch(self, request, *args, **kwargs):
if not request.user.is_authenticated:
return self.handle_no_permission()
if request.user.is_auditor:
return super(IndexView, self).dispatch(request, *args, **kwargs)
if not request.user.is_org_admin:
return redirect('assets:user-asset-list')
if not current_org or not current_org.can_admin_by(request.user):

BIN
apps/locale/zh/LC_MESSAGES/django.mo
View File

Binary file not shown.

252
apps/locale/zh/LC_MESSAGES/django.po
View File

@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: Jumpserver 0.3.3\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2019-06-14 10:41+0800\n"
"POT-Creation-Date: 2019-06-14 17:01+0800\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: ibuler <ibuler@qq.com>\n"
"Language-Team: Jumpserver team<ibuler@qq.com>\n"
@ -95,7 +95,7 @@ msgstr "运行参数"
#: terminal/templates/terminal/session_list.html:41
#: terminal/templates/terminal/session_list.html:72
#: xpack/plugins/change_auth_plan/forms.py:114
#: xpack/plugins/change_auth_plan/models.py:413
#: xpack/plugins/change_auth_plan/models.py:409
#: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_create_update.html:46
#: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_execution_list.html:54
#: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_execution_subtask_list.html:13
@ -165,7 +165,7 @@ msgstr "系统用户"
#: settings/templates/settings/terminal_setting.html:105 terminal/models.py:22
#: terminal/models.py:258 terminal/templates/terminal/terminal_detail.html:43
#: terminal/templates/terminal/terminal_list.html:29 users/models/group.py:14
#: users/models/user.py:61 users/templates/users/_select_user_modal.html:13
#: users/models/user.py:63 users/templates/users/_select_user_modal.html:13
#: users/templates/users/user_detail.html:63
#: users/templates/users/user_group_detail.html:55
#: users/templates/users/user_group_list.html:35
@ -173,7 +173,7 @@ msgstr "系统用户"
#: users/templates/users/user_profile.html:51
#: users/templates/users/user_pubkey_update.html:53
#: xpack/plugins/change_auth_plan/forms.py:97
#: xpack/plugins/change_auth_plan/models.py:61
#: xpack/plugins/change_auth_plan/models.py:58
#: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_detail.html:61
#: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_list.html:12
#: xpack/plugins/cloud/models.py:49 xpack/plugins/cloud/models.py:119
@ -183,7 +183,6 @@ msgstr "系统用户"
#: xpack/plugins/cloud/templates/cloud/sync_instance_task_list.html:12
#: xpack/plugins/orgs/templates/orgs/org_detail.html:52
#: xpack/plugins/orgs/templates/orgs/org_list.html:12
#: xpack/plugins/vault/templates/vault/vault.html:90
msgid "Name"
msgstr "名称"
@ -217,9 +216,9 @@ msgstr "参数"
#: perms/models/asset_permission.py:62 perms/models/base.py:41
#: perms/templates/perms/asset_permission_detail.html:98
#: perms/templates/perms/remote_app_permission_detail.html:90
#: users/models/user.py:102 users/serializers/v1.py:72
#: users/models/user.py:104 users/serializers/v1.py:72
#: users/templates/users/user_detail.html:111
#: xpack/plugins/change_auth_plan/models.py:106
#: xpack/plugins/change_auth_plan/models.py:103
#: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_detail.html:113
#: xpack/plugins/cloud/models.py:55 xpack/plugins/cloud/models.py:127
msgid "Created by"
@ -279,11 +278,11 @@ msgstr "创建日期"
#: perms/templates/perms/remote_app_permission_detail.html:94
#: settings/models.py:34 terminal/models.py:32
#: terminal/templates/terminal/terminal_detail.html:63 users/models/group.py:15
#: users/models/user.py:94 users/templates/users/user_detail.html:127
#: users/models/user.py:96 users/templates/users/user_detail.html:127
#: users/templates/users/user_group_detail.html:67
#: users/templates/users/user_group_list.html:37
#: users/templates/users/user_profile.html:134
#: xpack/plugins/change_auth_plan/models.py:102
#: xpack/plugins/change_auth_plan/models.py:99
#: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_detail.html:117
#: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_list.html:19
#: xpack/plugins/cloud/models.py:54 xpack/plugins/cloud/models.py:125
@ -447,7 +446,6 @@ msgstr "详情"
#: xpack/plugins/cloud/templates/cloud/account_list.html:39
#: xpack/plugins/orgs/templates/orgs/org_detail.html:25
#: xpack/plugins/orgs/templates/orgs/org_list.html:87
#: xpack/plugins/vault/templates/vault/vault.html:149
msgid "Update"
msgstr "更新"
@ -488,7 +486,6 @@ msgstr "更新"
#: xpack/plugins/cloud/templates/cloud/sync_instance_task_list.html:55
#: xpack/plugins/orgs/templates/orgs/org_detail.html:29
#: xpack/plugins/orgs/templates/orgs/org_list.html:89
#: xpack/plugins/vault/templates/vault/vault.html:150
msgid "Delete"
msgstr "删除"
@ -547,7 +544,6 @@ msgstr "创建远程应用"
#: xpack/plugins/cloud/templates/cloud/account_list.html:16
#: xpack/plugins/cloud/templates/cloud/sync_instance_task_list.html:18
#: xpack/plugins/orgs/templates/orgs/org_list.html:23
#: xpack/plugins/vault/templates/vault/vault.html:78
msgid "Action"
msgstr "动作"
@ -577,7 +573,7 @@ msgstr "连接"
#: assets/views/label.py:26 assets/views/label.py:43 assets/views/label.py:69
#: assets/views/system_user.py:28 assets/views/system_user.py:44
#: assets/views/system_user.py:60 assets/views/system_user.py:74
#: templates/_nav.html:19 xpack/plugins/change_auth_plan/models.py:68
#: templates/_nav.html:19 xpack/plugins/change_auth_plan/models.py:65
msgid "Assets"
msgstr "资产管理"
@ -623,7 +619,7 @@ msgstr "测试节点下资产是否可连接: {}"
#: assets/templates/assets/asset_detail.html:203
#: assets/templates/assets/system_user_asset.html:95
#: perms/models/asset_permission.py:38
#: xpack/plugins/change_auth_plan/models.py:72
#: xpack/plugins/change_auth_plan/models.py:69
msgid "Nodes"
msgstr "节点管理"
@ -720,18 +716,17 @@ msgstr "SSH网关支持代理SSH,RDP和VNC"
#: perms/templates/perms/asset_permission_user.html:55
#: perms/templates/perms/remote_app_permission_user.html:54
#: settings/templates/settings/_ldap_list_users_modal.html:37 users/forms.py:13
#: users/models/user.py:59 users/templates/users/_select_user_modal.html:14
#: users/models/user.py:61 users/templates/users/_select_user_modal.html:14
#: users/templates/users/user_detail.html:67
#: users/templates/users/user_list.html:36
#: users/templates/users/user_profile.html:47
#: xpack/plugins/change_auth_plan/forms.py:99
#: xpack/plugins/change_auth_plan/models.py:63
#: xpack/plugins/change_auth_plan/models.py:409
#: xpack/plugins/change_auth_plan/models.py:60
#: xpack/plugins/change_auth_plan/models.py:405
#: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_detail.html:65
#: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_execution_list.html:53
#: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_execution_subtask_list.html:12
#: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_list.html:13
#: xpack/plugins/vault/templates/vault/vault.html:74
msgid "Username"
msgstr "用户名"
@ -754,13 +749,13 @@ msgstr "密码或密钥密码"
#: users/templates/users/user_profile_update.html:40
#: users/templates/users/user_pubkey_update.html:40
#: users/templates/users/user_update.html:20
#: xpack/plugins/change_auth_plan/models.py:93
#: xpack/plugins/change_auth_plan/models.py:264
#: xpack/plugins/change_auth_plan/models.py:90
#: xpack/plugins/change_auth_plan/models.py:260
msgid "Password"
msgstr "密码"
#: assets/forms/user.py:29 assets/serializers/asset_user.py:27
#: users/models/user.py:88
#: users/models/user.py:90
msgid "Private key"
msgstr "ssh私钥"
@ -827,7 +822,6 @@ msgstr "端口"
#: users/templates/users/user_granted_asset.html:45
#: users/templates/users/user_group_granted_asset.html:45
#: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_asset_list.html:51
#: xpack/plugins/vault/templates/vault/vault.html:73
msgid "IP"
msgstr "IP"
@ -845,7 +839,6 @@ msgstr "IP"
#: users/templates/users/user_granted_asset.html:44
#: users/templates/users/user_group_granted_asset.html:44
#: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_asset_list.html:50
#: xpack/plugins/vault/templates/vault/vault.html:72
msgid "Hostname"
msgstr "主机名"
@ -974,7 +967,6 @@ msgstr "最新版本"
#: assets/models/authbook.py:29 ops/templates/ops/adhoc_history.html:58
#: ops/templates/ops/adhoc_history_detail.html:57
#: ops/templates/ops/task_adhoc.html:58 ops/templates/ops/task_history.html:64
#: xpack/plugins/vault/templates/vault/vault.html:75
msgid "Version"
msgstr "版本"
@ -982,13 +974,13 @@ msgstr "版本"
msgid "AuthBook"
msgstr ""
#: assets/models/base.py:29 xpack/plugins/change_auth_plan/models.py:97
#: xpack/plugins/change_auth_plan/models.py:271
#: assets/models/base.py:29 xpack/plugins/change_auth_plan/models.py:94
#: xpack/plugins/change_auth_plan/models.py:267
msgid "SSH private key"
msgstr "ssh密钥"
#: assets/models/base.py:30 xpack/plugins/change_auth_plan/models.py:100
#: xpack/plugins/change_auth_plan/models.py:267
#: assets/models/base.py:30 xpack/plugins/change_auth_plan/models.py:97
#: xpack/plugins/change_auth_plan/models.py:263
msgid "SSH public key"
msgstr "ssh公钥"
@ -1000,7 +992,7 @@ msgstr "带宽"
msgid "Contact"
msgstr "联系人"
#: assets/models/cluster.py:22 users/models/user.py:80
#: assets/models/cluster.py:22 users/models/user.py:82
#: users/templates/users/user_detail.html:76
msgid "Phone"
msgstr "手机"
@ -1027,7 +1019,7 @@ msgid "Default"
msgstr "默认"
#: assets/models/cluster.py:36 assets/models/label.py:14
#: users/models/user.py:479
#: users/models/user.py:485
msgid "System"
msgstr "系统"
@ -1145,8 +1137,8 @@ msgstr "默认资产组"
#: terminal/models.py:154 terminal/templates/terminal/command_list.html:32
#: terminal/templates/terminal/command_list.html:72
#: terminal/templates/terminal/session_list.html:33
#: terminal/templates/terminal/session_list.html:71 users/forms.py:300
#: users/models/user.py:36 users/models/user.py:467 users/serializers/v1.py:61
#: terminal/templates/terminal/session_list.html:71 users/forms.py:301
#: users/models/user.py:37 users/models/user.py:473 users/serializers/v1.py:61
#: users/templates/users/user_group_detail.html:78
#: users/templates/users/user_group_list.html:36 users/views/user.py:399
#: xpack/plugins/orgs/forms.py:26
@ -1216,7 +1208,6 @@ msgid "Hardware info"
msgstr "硬件信息"
#: assets/serializers/asset.py:53
#: xpack/plugins/vault/templates/vault/vault.html:76
msgid "Connectivity"
msgstr "连接"
@ -1228,8 +1219,8 @@ msgstr "组织名"
msgid "Protocol duplicate: {}"
msgstr "协议重复: {}"
#: assets/serializers/asset_user.py:23 users/forms.py:247
#: users/models/user.py:91 users/templates/users/first_login.html:42
#: assets/serializers/asset_user.py:23 users/forms.py:248
#: users/models/user.py:93 users/templates/users/first_login.html:42
#: users/templates/users/user_password_update.html:46
#: users/templates/users/user_profile.html:68
#: users/templates/users/user_profile_update.html:43
@ -1306,7 +1297,6 @@ msgid "Test system user connectivity period: {}"
msgstr "定期测试系统用户可连接性: {}"
#: assets/tasks.py:469 assets/tasks.py:555
#: xpack/plugins/change_auth_plan/models.py:522
msgid "The asset {} system platform {} does not support run Ansible tasks"
msgstr "资产 {} 系统平台 {} 不支持运行 Ansible 任务"
@ -1397,7 +1387,7 @@ msgstr "资产用户信息"
#: assets/templates/assets/_asset_user_view_auth_modal.html:14
#: audits/models.py:99 audits/templates/audits/login_log_list.html:56
#: users/forms.py:159 users/models/user.py:83
#: users/forms.py:160 users/models/user.py:85
#: users/templates/users/first_login.html:45
msgid "MFA"
msgstr "MFA"
@ -1601,7 +1591,6 @@ msgstr "Windows或其它硬件可以随意设置一个"
#: audits/templates/audits/login_log_list.html:85
#: users/templates/users/user_group_list.html:10
#: users/templates/users/user_list.html:10
#: xpack/plugins/vault/templates/vault/vault.html:55
msgid "Export"
msgstr "导出"
@ -1612,7 +1601,6 @@ msgstr "导出"
#: users/templates/users/user_group_list.html:15
#: users/templates/users/user_list.html:15
#: xpack/plugins/license/templates/license/license_detail.html:110
#: xpack/plugins/vault/templates/vault/vault.html:60
msgid "Import"
msgstr "导入"
@ -2250,7 +2238,7 @@ msgid "User agent"
msgstr "Agent"
#: audits/models.py:100 audits/templates/audits/login_log_list.html:57
#: xpack/plugins/change_auth_plan/models.py:417
#: xpack/plugins/change_auth_plan/models.py:413
#: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_execution_subtask_list.html:15
#: xpack/plugins/cloud/models.py:172
#: xpack/plugins/cloud/templates/cloud/sync_instance_task_history.html:69
@ -2276,8 +2264,8 @@ msgstr "登录日期"
#: perms/templates/perms/asset_permission_detail.html:86
#: perms/templates/perms/remote_app_permission_detail.html:78
#: terminal/models.py:165 terminal/templates/terminal/session_list.html:78
#: xpack/plugins/change_auth_plan/models.py:250
#: xpack/plugins/change_auth_plan/models.py:420
#: xpack/plugins/change_auth_plan/models.py:246
#: xpack/plugins/change_auth_plan/models.py:416
#: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_execution_list.html:59
#: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_execution_subtask_list.html:17
msgid "Date start"
@ -2332,32 +2320,32 @@ msgstr "日期"
#: ops/templates/ops/task_adhoc.html:63
#: terminal/templates/terminal/command_list.html:76
#: terminal/templates/terminal/session_detail.html:50
#: xpack/plugins/vault/templates/vault/vault.html:77
msgid "Datetime"
msgstr "日期"
#: audits/views.py:85 audits/views.py:129 audits/views.py:165
#: audits/views.py:209 audits/views.py:241 templates/_nav.html:87
#: audits/views.py:86 audits/views.py:130 audits/views.py:167
#: audits/views.py:212 audits/views.py:244 templates/_nav.html:87
#: templates/_nav_audits.html:22
msgid "Audits"
msgstr "日志审计"
#: audits/views.py:86 templates/_nav.html:91
#: audits/views.py:87 templates/_nav.html:91 templates/_nav_audits.html:26
msgid "FTP log"
msgstr "FTP日志"
#: audits/views.py:130 templates/_nav.html:92
#: audits/views.py:131 templates/_nav.html:92 templates/_nav_audits.html:27
msgid "Operate log"
msgstr "操作日志"
#: audits/views.py:166 templates/_nav.html:93
#: audits/views.py:168 templates/_nav.html:93 templates/_nav_audits.html:28
msgid "Password change log"
msgstr "改密日志"
#: audits/views.py:210 templates/_nav.html:90
#: audits/views.py:213 templates/_nav.html:90 templates/_nav_audits.html:25
msgid "Login log"
msgstr "登录日志"
#: audits/views.py:242
#: audits/views.py:245
msgid "Command execution log"
msgstr "命令执行"
@ -2753,8 +2741,8 @@ msgstr "完成时间"
#: ops/models/adhoc.py:327 ops/templates/ops/adhoc_history.html:57
#: ops/templates/ops/task_history.html:63 ops/templates/ops/task_list.html:33
#: xpack/plugins/change_auth_plan/models.py:253
#: xpack/plugins/change_auth_plan/models.py:423
#: xpack/plugins/change_auth_plan/models.py:249
#: xpack/plugins/change_auth_plan/models.py:419
#: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_execution_list.html:58
#: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_execution_subtask_list.html:16
msgid "Time"
@ -2991,7 +2979,7 @@ msgstr "更新任务内容: {}"
#: ops/views/adhoc.py:44 ops/views/adhoc.py:69 ops/views/adhoc.py:82
#: ops/views/adhoc.py:95 ops/views/adhoc.py:108 ops/views/adhoc.py:121
#: ops/views/adhoc.py:134 ops/views/command.py:44 ops/views/command.py:68
#: ops/views/adhoc.py:134 ops/views/command.py:47 ops/views/command.py:71
msgid "Ops"
msgstr "作业中心"
@ -3003,11 +2991,11 @@ msgstr "任务列表"
msgid "Task run history"
msgstr "执行历史"
#: ops/views/command.py:45
#: ops/views/command.py:48
msgid "Command execution list"
msgstr "命令执行列表"
#: ops/views/command.py:69 templates/_nav_user.html:22
#: ops/views/command.py:72 templates/_nav_user.html:22
msgid "Command execution"
msgstr "命令执行"
@ -3033,8 +3021,8 @@ msgstr "下载文件"
#: perms/templates/perms/asset_permission_list.html:75
#: perms/templates/perms/asset_permission_list.html:122
#: perms/templates/perms/remote_app_permission_list.html:16
#: templates/_nav.html:14 users/forms.py:270 users/models/group.py:26
#: users/models/user.py:67 users/templates/users/_select_user_modal.html:16
#: templates/_nav.html:14 users/forms.py:271 users/models/group.py:26
#: users/models/user.py:69 users/templates/users/_select_user_modal.html:16
#: users/templates/users/user_detail.html:213
#: users/templates/users/user_list.html:38
#: xpack/plugins/orgs/templates/orgs/org_list.html:15
@ -3063,7 +3051,7 @@ msgstr "资产授权"
#: perms/models/asset_permission.py:61 perms/models/base.py:40
#: perms/templates/perms/asset_permission_detail.html:90
#: perms/templates/perms/remote_app_permission_detail.html:82
#: users/models/user.py:99 users/templates/users/user_detail.html:107
#: users/models/user.py:101 users/templates/users/user_detail.html:107
#: users/templates/users/user_profile.html:116
msgid "Date expired"
msgstr "失效日期"
@ -3155,7 +3143,6 @@ msgstr "选择系统用户"
#: perms/templates/perms/asset_permission_list.html:46
#: perms/templates/perms/remote_app_permission_list.html:6
#: xpack/plugins/vault/templates/vault/vault.html:46
msgid "Create permission"
msgstr "创建授权规则"
@ -3600,7 +3587,7 @@ msgid "Please submit the LDAP configuration before import"
msgstr "请先提交LDAP配置再进行导入"
#: settings/templates/settings/_ldap_list_users_modal.html:39
#: users/models/user.py:63 users/templates/users/user_detail.html:71
#: users/models/user.py:65 users/templates/users/user_detail.html:71
#: users/templates/users/user_profile.html:59
msgid "Email"
msgstr "邮件"
@ -3833,7 +3820,7 @@ msgstr "文档"
msgid "Commercial support"
msgstr "商业支持"
#: templates/_header_bar.html:89 templates/_nav_user.html:28 users/forms.py:138
#: templates/_header_bar.html:89 templates/_nav_user.html:28 users/forms.py:139
#: users/templates/users/_user.html:43
#: users/templates/users/first_login.html:39
#: users/templates/users/user_password_update.html:40
@ -3857,6 +3844,7 @@ msgid "Logout"
msgstr "注销登录"
#: templates/_header_bar.html:114 templates/_nav.html:4
#: templates/_nav_audits.html:4
msgid "Dashboard"
msgstr "仪表盘"
@ -3952,19 +3940,19 @@ msgstr "命令过滤"
msgid "Applications"
msgstr "应用管理"
#: templates/_nav.html:55
#: templates/_nav.html:55 templates/_nav_audits.html:11
msgid "Sessions"
msgstr "会话管理"
#: templates/_nav.html:58
#: templates/_nav.html:58 templates/_nav_audits.html:14
msgid "Session online"
msgstr "在线会话"
#: templates/_nav.html:59
#: templates/_nav.html:59 templates/_nav_audits.html:15
msgid "Session offline"
msgstr "历史会话"
#: templates/_nav.html:60
#: templates/_nav.html:60 templates/_nav_audits.html:16
msgid "Commands"
msgstr "命令记录"
@ -3976,9 +3964,9 @@ msgstr "Web终端"
msgid "File manager"
msgstr "文件管理"
#: templates/_nav.html:72 terminal/views/command.py:50
#: templates/_nav.html:72 terminal/views/command.py:51
#: terminal/views/session.py:74 terminal/views/session.py:92
#: terminal/views/session.py:115 terminal/views/terminal.py:31
#: terminal/views/session.py:116 terminal/views/terminal.py:31
#: terminal/views/terminal.py:46 terminal/views/terminal.py:58
msgid "Terminal"
msgstr "终端管理"
@ -3987,7 +3975,7 @@ msgstr "终端管理"
msgid "Job Center"
msgstr "作业中心"
#: templates/_nav.html:82 templates/_nav.html:94
#: templates/_nav.html:82 templates/_nav.html:94 templates/_nav_audits.html:29
msgid "Batch command"
msgstr "批量命令"
@ -4266,12 +4254,12 @@ msgid "Export command"
msgstr "导出命令"
#: terminal/templates/terminal/session_detail.html:17
#: terminal/views/session.py:116
#: terminal/views/session.py:117
msgid "Session detail"
msgstr "会话详情"
#: terminal/templates/terminal/session_detail.html:28
#: terminal/views/command.py:51
#: terminal/views/command.py:52
msgid "Command list"
msgstr "命令记录列表"
@ -4394,7 +4382,7 @@ msgstr "你没有权限"
msgid "Could not reset self otp, use profile reset instead"
msgstr "不能再该页面重置MFA, 请去个人信息页面重置"
#: users/forms.py:32 users/models/user.py:71
#: users/forms.py:32 users/models/user.py:73
#: users/templates/users/_select_user_modal.html:15
#: users/templates/users/user_detail.html:87
#: users/templates/users/user_list.html:37
@ -4402,11 +4390,11 @@ msgstr "不能再该页面重置MFA, 请去个人信息页面重置"
msgid "Role"
msgstr "角色"
#: users/forms.py:35 users/forms.py:217
#: users/forms.py:35 users/forms.py:218
msgid "ssh public key"
msgstr "ssh公钥"
#: users/forms.py:36 users/forms.py:218
#: users/forms.py:36 users/forms.py:219
msgid "ssh-rsa AAAA..."
msgstr ""
@ -4418,23 +4406,23 @@ msgstr "复制用户公钥到这里"
msgid "Join user groups"
msgstr "添加到用户组"
#: users/forms.py:85 users/forms.py:232
#: users/forms.py:86 users/forms.py:233
msgid "Public key should not be the same as your old one."
msgstr "不能和原来的密钥相同"
#: users/forms.py:89 users/forms.py:236 users/serializers/v1.py:47
#: users/forms.py:90 users/forms.py:237 users/serializers/v1.py:47
msgid "Not a valid ssh public key"
msgstr "ssh密钥不合法"
#: users/forms.py:109
#: users/forms.py:110
msgid "Reset link will be generated and sent to the user"
msgstr "生成重置密码链接,通过邮件发送给用户"
#: users/forms.py:110
#: users/forms.py:111
msgid "Set password"
msgstr "设置密码"
#: users/forms.py:117 xpack/plugins/change_auth_plan/models.py:86
#: users/forms.py:118 xpack/plugins/change_auth_plan/models.py:83
#: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_create_update.html:51
#: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_detail.html:69
#: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_execution_list.html:57
@ -4442,7 +4430,7 @@ msgstr "设置密码"
msgid "Password strategy"
msgstr "密码策略"
#: users/forms.py:144
#: users/forms.py:145
msgid ""
"Tip: when enabled, you will enter the MFA binding process the next time you "
"log in. you can also directly bind in \"personal information -> quick "
@ -4451,11 +4439,11 @@ msgstr ""
"提示启用之后您将会在下次登录时进入MFA绑定流程您也可以在个人信息->快速修"
"改->更改MFA设置中直接绑定!"
#: users/forms.py:154
#: users/forms.py:155
msgid "* Enable MFA authentication to make the account more secure."
msgstr "* 启用MFA认证使账号更加安全."
#: users/forms.py:164
#: users/forms.py:165
msgid ""
"In order to protect you and your company, please keep your account, password "
"and key sensitive information properly. (for example: setting complex "
@ -4464,92 +4452,96 @@ msgstr ""
"为了保护您和公司的安全,请妥善保管您的账户、密码和密钥等重要敏感信息;(如:"
"设置复杂密码启用MFA认证"
#: users/forms.py:171 users/templates/users/first_login.html:48
#: users/forms.py:172 users/templates/users/first_login.html:48
#: users/templates/users/first_login.html:107
#: users/templates/users/first_login.html:130
msgid "Finish"
msgstr "完成"
#: users/forms.py:177
#: users/forms.py:178
msgid "Old password"
msgstr "原来密码"
#: users/forms.py:182
#: users/forms.py:183
msgid "New password"
msgstr "新密码"
#: users/forms.py:187
#: users/forms.py:188
msgid "Confirm password"
msgstr "确认密码"
#: users/forms.py:197
#: users/forms.py:198
msgid "Old password error"
msgstr "原来密码错误"
#: users/forms.py:205
#: users/forms.py:206
msgid "Password does not match"
msgstr "密码不一致"
#: users/forms.py:215
#: users/forms.py:216
msgid "Automatically configure and download the SSH key"
msgstr "自动配置并下载SSH密钥"
#: users/forms.py:219
#: users/forms.py:220
msgid "Paste your id_rsa.pub here."
msgstr "复制你的公钥到这里"
#: users/forms.py:253 users/forms.py:258 users/forms.py:304
#: users/forms.py:254 users/forms.py:259 users/forms.py:305
#: xpack/plugins/orgs/forms.py:30
msgid "Select users"
msgstr "选择用户"
#: users/models/user.py:35 users/models/user.py:475
#: users/models/user.py:36 users/models/user.py:481
msgid "Administrator"
msgstr "管理员"
#: users/models/user.py:37
#: users/models/user.py:38
msgid "Application"
msgstr "应用程序"
#: users/models/user.py:40 users/templates/users/user_profile.html:92
#: users/models/user.py:39
msgid "Auditor"
msgstr "审计员"
#: users/models/user.py:42 users/templates/users/user_profile.html:92
#: users/templates/users/user_profile.html:159
#: users/templates/users/user_profile.html:162
msgid "Disable"
msgstr "禁用"
#: users/models/user.py:41 users/templates/users/user_profile.html:90
#: users/models/user.py:43 users/templates/users/user_profile.html:90
#: users/templates/users/user_profile.html:166
msgid "Enable"
msgstr "启用"
#: users/models/user.py:42 users/templates/users/user_profile.html:88
#: users/models/user.py:44 users/templates/users/user_profile.html:88
msgid "Force enable"
msgstr "强制启用"
#: users/models/user.py:74
#: users/models/user.py:76
msgid "Avatar"
msgstr "头像"
#: users/models/user.py:77 users/templates/users/user_detail.html:82
#: users/models/user.py:79 users/templates/users/user_detail.html:82
msgid "Wechat"
msgstr "微信"
#: users/models/user.py:106 users/templates/users/user_detail.html:103
#: users/models/user.py:108 users/templates/users/user_detail.html:103
#: users/templates/users/user_list.html:39
#: users/templates/users/user_profile.html:100
msgid "Source"
msgstr "用户来源"
#: users/models/user.py:110
#: users/models/user.py:112
msgid "Date password last updated"
msgstr "最后更新密码日期"
#: users/models/user.py:136 users/templates/users/user_update.html:22
#: users/models/user.py:138 users/templates/users/user_update.html:22
#: users/views/login.py:47 users/views/login.py:108 users/views/user.py:431
msgid "User auth from {}, go there change password"
msgstr "用户认证源来自 {}, 请去相应系统修改密码"
#: users/models/user.py:478
#: users/models/user.py:484
msgid "Administrator is the super user of system"
msgstr "Administrator是初始的超级管理员"
@ -5338,17 +5330,23 @@ msgstr "定时执行"
#: xpack/plugins/change_auth_plan/forms.py:120
msgid ""
"Tips: Currently only unix-like assets are supported, while Windows assets "
"are not"
msgstr ""
#: xpack/plugins/change_auth_plan/forms.py:122
msgid ""
"Tips: The username of the user on the asset to be modified. if the user "
"exists, change the password; If the user does not exist, create the user."
msgstr ""
"提示:用户名为将要修改的资产上的用户的用户名。如果用户存在,则修改密码;如果"
"用户不存在,则创建用户。"
#: xpack/plugins/change_auth_plan/forms.py:124
#: xpack/plugins/change_auth_plan/forms.py:126
msgid "Tips: (Units: hour)"
msgstr "提示:(单位: 时)"
#: xpack/plugins/change_auth_plan/forms.py:125
#: xpack/plugins/change_auth_plan/forms.py:127
msgid ""
"eg: Every Sunday 03:05 run <5 3 * * 0> <br> Tips: Using 5 digits linux "
"crontab expressions <min hour day month week> (<a href='https://tool.lu/"
@ -5360,8 +5358,8 @@ msgstr ""
"具</a> <br>注意: 如果同时设置了定期执行和周期执行,优先使用定期执行"
#: xpack/plugins/change_auth_plan/meta.py:9
#: xpack/plugins/change_auth_plan/models.py:114
#: xpack/plugins/change_auth_plan/models.py:257
#: xpack/plugins/change_auth_plan/models.py:111
#: xpack/plugins/change_auth_plan/models.py:253
#: xpack/plugins/change_auth_plan/views.py:31
#: xpack/plugins/change_auth_plan/views.py:47
#: xpack/plugins/change_auth_plan/views.py:68
@ -5372,61 +5370,61 @@ msgstr ""
msgid "Change auth plan"
msgstr "改密计划"
#: xpack/plugins/change_auth_plan/models.py:55
#: xpack/plugins/change_auth_plan/models.py:52
msgid "Custom password"
msgstr "自定义密码"
#: xpack/plugins/change_auth_plan/models.py:56
#: xpack/plugins/change_auth_plan/models.py:53
msgid "All assets use the same random password"
msgstr "所有资产使用相同的随机密码"
#: xpack/plugins/change_auth_plan/models.py:57
#: xpack/plugins/change_auth_plan/models.py:54
msgid "All assets use different random password"
msgstr "所有资产使用不同的随机密码"
#: xpack/plugins/change_auth_plan/models.py:76
#: xpack/plugins/change_auth_plan/models.py:145
#: xpack/plugins/change_auth_plan/models.py:73
#: xpack/plugins/change_auth_plan/models.py:142
#: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_detail.html:100
msgid "Cycle perform"
msgstr "周期执行"
#: xpack/plugins/change_auth_plan/models.py:81
#: xpack/plugins/change_auth_plan/models.py:143
#: xpack/plugins/change_auth_plan/models.py:78
#: xpack/plugins/change_auth_plan/models.py:140
#: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_detail.html:92
msgid "Regularly perform"
msgstr "定期执行"
#: xpack/plugins/change_auth_plan/models.py:90
#: xpack/plugins/change_auth_plan/models.py:87
#: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_detail.html:74
msgid "Password rules"
msgstr "密码规则"
#: xpack/plugins/change_auth_plan/models.py:213
msgid "For security, do not change {} user's password"
#: xpack/plugins/change_auth_plan/models.py:210
msgid "For security, do not change root user's password"
msgstr "为了安全,禁止更改 {} 用户的密码"
#: xpack/plugins/change_auth_plan/models.py:217
#: xpack/plugins/change_auth_plan/models.py:213
msgid "Assets is empty, please add the asset"
msgstr "资产为空,请添加资产"
#: xpack/plugins/change_auth_plan/models.py:261
#: xpack/plugins/change_auth_plan/models.py:257
msgid "Change auth plan snapshot"
msgstr "改密计划快照"
#: xpack/plugins/change_auth_plan/models.py:276
#: xpack/plugins/change_auth_plan/models.py:427
#: xpack/plugins/change_auth_plan/models.py:272
#: xpack/plugins/change_auth_plan/models.py:423
msgid "Change auth plan execution"
msgstr "改密计划执行"
#: xpack/plugins/change_auth_plan/models.py:436
#: xpack/plugins/change_auth_plan/models.py:432
msgid "Change auth plan execution subtask"
msgstr "改密计划执行子任务"
#: xpack/plugins/change_auth_plan/models.py:454
#: xpack/plugins/change_auth_plan/models.py:450
msgid "Authentication failed"
msgstr "认证失败"
#: xpack/plugins/change_auth_plan/models.py:456
#: xpack/plugins/change_auth_plan/models.py:452
msgid "Connection timeout"
msgstr "连接超时"
@ -5941,13 +5939,11 @@ msgstr "创建组织"
msgid "Update org"
msgstr "更新组织"
#: xpack/plugins/vault/meta.py:11 xpack/plugins/vault/views.py:16
msgid "Vault"
msgstr "密码匣子"
#~ msgid "Vault"
#~ msgstr "密码匣子"
#: xpack/plugins/vault/views.py:17
msgid "vault list"
msgstr "密码匣子"
#~ msgid "vault list"
#~ msgstr "密码匣子"
#~ msgid "User does not exist"
#~ msgstr "用户不存在"

23
apps/ops/views/adhoc.py
View File

@ -5,7 +5,7 @@ from django.conf import settings
from django.views.generic import ListView, DetailView
from common.mixins import DatetimeSearchMixin
from common.permissions import AdminUserRequiredMixin
from common.permissions import PermissionsMixin, IsOrgAdmin
from orgs.utils import current_org
from ..models import Task, AdHoc, AdHocRunHistory
@ -17,13 +17,14 @@ __all__ = [
]
class TaskListView(AdminUserRequiredMixin, DatetimeSearchMixin, ListView):
class TaskListView(PermissionsMixin, DatetimeSearchMixin, ListView):
paginate_by = settings.DISPLAY_PER_PAGE
model = Task
ordering = ('-date_created',)
context_object_name = 'task_list'
template_name = 'ops/task_list.html'
keyword = ''
permission_classes = [IsOrgAdmin]
def get_queryset(self):
queryset = super().get_queryset()
@ -51,9 +52,10 @@ class TaskListView(AdminUserRequiredMixin, DatetimeSearchMixin, ListView):
return super().get_context_data(**kwargs)
class TaskDetailView(AdminUserRequiredMixin, DetailView):
class TaskDetailView(PermissionsMixin, DetailView):
model = Task
template_name = 'ops/task_detail.html'
permission_classes = [IsOrgAdmin]
def get_queryset(self):
queryset = super().get_queryset()
@ -73,9 +75,10 @@ class TaskDetailView(AdminUserRequiredMixin, DetailView):
return super().get_context_data(**kwargs)
class TaskAdhocView(AdminUserRequiredMixin, DetailView):
class TaskAdhocView(PermissionsMixin, DetailView):
model = Task
template_name = 'ops/task_adhoc.html'
permission_classes = [IsOrgAdmin]
def get_context_data(self, **kwargs):
context = {
@ -86,9 +89,10 @@ class TaskAdhocView(AdminUserRequiredMixin, DetailView):
return super().get_context_data(**kwargs)
class TaskHistoryView(AdminUserRequiredMixin, DetailView):
class TaskHistoryView(PermissionsMixin, DetailView):
model = Task
template_name = 'ops/task_history.html'
permission_classes = [IsOrgAdmin]
def get_context_data(self, **kwargs):
context = {
@ -99,9 +103,10 @@ class TaskHistoryView(AdminUserRequiredMixin, DetailView):
return super().get_context_data(**kwargs)
class AdHocDetailView(AdminUserRequiredMixin, DetailView):
class AdHocDetailView(PermissionsMixin, DetailView):
model = AdHoc
template_name = 'ops/adhoc_detail.html'
permission_classes = [IsOrgAdmin]
def get_context_data(self, **kwargs):
context = {
@ -112,9 +117,10 @@ class AdHocDetailView(AdminUserRequiredMixin, DetailView):
return super().get_context_data(**kwargs)
class AdHocHistoryView(AdminUserRequiredMixin, DetailView):
class AdHocHistoryView(PermissionsMixin, DetailView):
model = AdHoc
template_name = 'ops/adhoc_history.html'
permission_classes = [IsOrgAdmin]
def get_context_data(self, **kwargs):
context = {
@ -125,9 +131,10 @@ class AdHocHistoryView(AdminUserRequiredMixin, DetailView):
return super().get_context_data(**kwargs)
class AdHocHistoryDetailView(AdminUserRequiredMixin, DetailView):
class AdHocHistoryDetailView(PermissionsMixin, DetailView):
model = AdHocRunHistory
template_name = 'ops/adhoc_history_detail.html'
permission_classes = [IsOrgAdmin]
def get_context_data(self, **kwargs):
context = {

5
apps/ops/views/celery.py
View File

@ -2,14 +2,15 @@
#
from django.views.generic import TemplateView
from common.permissions import AdminUserRequiredMixin
from common.permissions import PermissionsMixin, IsOrgAdmin, IsAuditor
__all__ = ['CeleryTaskLogView']
class CeleryTaskLogView(AdminUserRequiredMixin, TemplateView):
class CeleryTaskLogView(PermissionsMixin, TemplateView):
template_name = 'ops/celery_task_log.html'
permission_classes = [IsOrgAdmin | IsAuditor]
def get_context_data(self, **kwargs):
context = super().get_context_data(**kwargs)

7
apps/ops/views/command.py
View File

@ -5,7 +5,9 @@ from django.utils.translation import ugettext as _
from django.conf import settings
from django.views.generic import ListView, TemplateView
from common.permissions import AdminUserRequiredMixin, LoginRequiredMixin
from common.permissions import (
LoginRequiredMixin, PermissionsMixin, IsOrgAdmin, IsAuditor
)
from common.mixins import DatetimeSearchMixin
from ..models import CommandExecution
from ..forms import CommandExecutionForm
@ -16,13 +18,14 @@ __all__ = [
]
class CommandExecutionListView(AdminUserRequiredMixin, DatetimeSearchMixin, ListView):
class CommandExecutionListView(PermissionsMixin, DatetimeSearchMixin, ListView):
template_name = 'ops/command_execution_list.html'
model = CommandExecution
paginate_by = settings.DISPLAY_PER_PAGE
ordering = ('-date_created',)
context_object_name = 'task_list'
keyword = ''
permission_classes = [IsOrgAdmin | IsAuditor]
def _get_queryset(self):
self.keyword = self.request.GET.get('keyword', '')

2
apps/orgs/models.py
View File

@ -96,7 +96,7 @@ class Organization(models.Model):
admin_orgs = []
if user.is_anonymous:
return admin_orgs
elif user.is_superuser:
elif user.is_superuser or user.is_auditor:
admin_orgs = list(cls.objects.all())
admin_orgs.append(cls.default())
elif user.is_org_admin:

1
apps/perms/hands.py
View File

@ -1,7 +1,6 @@
# ~*~ coding: utf-8 ~*~
#
from common.permissions import AdminUserRequiredMixin
from users.models import User, UserGroup
from assets.models import Asset, SystemUser, Node
from assets.serializers import (

23
apps/perms/views/asset_permission.py
View File

@ -8,7 +8,7 @@ from django.views.generic.edit import DeleteView, SingleObjectMixin
from django.urls import reverse_lazy
from django.conf import settings
from common.permissions import AdminUserRequiredMixin
from common.permissions import PermissionsMixin, IsOrgAdmin
from orgs.utils import current_org
from perms.hands import Node, Asset, SystemUser, User, UserGroup
from perms.models import AssetPermission, Action
@ -25,8 +25,9 @@ __all__ = [
]
class AssetPermissionListView(AdminUserRequiredMixin, TemplateView):
class AssetPermissionListView(PermissionsMixin, TemplateView):
template_name = 'perms/asset_permission_list.html'
permission_classes = [IsOrgAdmin]
def get_context_data(self, **kwargs):
context = {
@ -37,11 +38,12 @@ class AssetPermissionListView(AdminUserRequiredMixin, TemplateView):
return super().get_context_data(**kwargs)
class AssetPermissionCreateView(AdminUserRequiredMixin, CreateView):
class AssetPermissionCreateView(PermissionsMixin, CreateView):
model = AssetPermission
form_class = AssetPermissionForm
template_name = 'perms/asset_permission_create_update.html'
success_url = reverse_lazy('perms:asset-permission-list')
permission_classes = [IsOrgAdmin]
def get_form(self, form_class=None):
form = super().get_form(form_class=form_class)
@ -69,11 +71,12 @@ class AssetPermissionCreateView(AdminUserRequiredMixin, CreateView):
return super().get_context_data(**kwargs)
class AssetPermissionUpdateView(AdminUserRequiredMixin, UpdateView):
class AssetPermissionUpdateView(PermissionsMixin, UpdateView):
model = AssetPermission
form_class = AssetPermissionForm
template_name = 'perms/asset_permission_create_update.html'
success_url = reverse_lazy("perms:asset-permission-list")
permission_classes = [IsOrgAdmin]
def get_context_data(self, **kwargs):
context = {
@ -84,11 +87,12 @@ class AssetPermissionUpdateView(AdminUserRequiredMixin, UpdateView):
return super().get_context_data(**kwargs)
class AssetPermissionDetailView(AdminUserRequiredMixin, DetailView):
class AssetPermissionDetailView(PermissionsMixin, DetailView):
model = AssetPermission
form_class = AssetPermissionForm
template_name = 'perms/asset_permission_detail.html'
success_url = reverse_lazy("perms:asset-permission-list")
permission_classes = [IsOrgAdmin]
def get_context_data(self, **kwargs):
context = {
@ -102,19 +106,21 @@ class AssetPermissionDetailView(AdminUserRequiredMixin, DetailView):
return super().get_context_data(**kwargs)
class AssetPermissionDeleteView(AdminUserRequiredMixin, DeleteView):
class AssetPermissionDeleteView(PermissionsMixin, DeleteView):
model = AssetPermission
template_name = 'delete_confirm.html'
success_url = reverse_lazy('perms:asset-permission-list')
permission_classes = [IsOrgAdmin]
class AssetPermissionUserView(AdminUserRequiredMixin,
class AssetPermissionUserView(PermissionsMixin,
SingleObjectMixin,
ListView):
template_name = 'perms/asset_permission_user.html'
context_object_name = 'asset_permission'
paginate_by = settings.DISPLAY_PER_PAGE
object = None
permission_classes = [IsOrgAdmin]
def get(self, request, *args, **kwargs):
self.object = self.get_object(queryset=AssetPermission.objects.all())
@ -140,13 +146,14 @@ class AssetPermissionUserView(AdminUserRequiredMixin,
return super().get_context_data(**kwargs)
class AssetPermissionAssetView(AdminUserRequiredMixin,
class AssetPermissionAssetView(PermissionsMixin,
SingleObjectMixin,
ListView):
template_name = 'perms/asset_permission_asset.html'
context_object_name = 'asset_permission'
paginate_by = settings.DISPLAY_PER_PAGE
object = None
permission_classes = [IsOrgAdmin]
def get(self, request, *args, **kwargs):
self.object = self.get_object(queryset = AssetPermission.objects.all())

20
apps/perms/views/remote_app_permission.py
View File

@ -9,7 +9,7 @@ from django.views.generic import (
from django.views.generic.edit import SingleObjectMixin
from django.conf import settings
from common.permissions import AdminUserRequiredMixin
from common.permissions import PermissionsMixin, IsOrgAdmin
from orgs.utils import current_org
from ..hands import RemoteApp, UserGroup
@ -24,8 +24,9 @@ __all__ = [
]
class RemoteAppPermissionListView(AdminUserRequiredMixin, TemplateView):
class RemoteAppPermissionListView(PermissionsMixin, TemplateView):
template_name = 'perms/remote_app_permission_list.html'
permission_classes = [IsOrgAdmin]
def get_context_data(self, **kwargs):
context = {
@ -36,11 +37,12 @@ class RemoteAppPermissionListView(AdminUserRequiredMixin, TemplateView):
return super().get_context_data(**kwargs)
class RemoteAppPermissionCreateView(AdminUserRequiredMixin, CreateView):
class RemoteAppPermissionCreateView(PermissionsMixin, CreateView):
template_name = 'perms/remote_app_permission_create_update.html'
model = RemoteAppPermission
form_class = RemoteAppPermissionCreateUpdateForm
success_url = reverse_lazy('perms:remote-app-permission-list')
permission_classes = [IsOrgAdmin]
def get_context_data(self, **kwargs):
context = {
@ -51,11 +53,12 @@ class RemoteAppPermissionCreateView(AdminUserRequiredMixin, CreateView):
return super().get_context_data(**kwargs)
class RemoteAppPermissionUpdateView(AdminUserRequiredMixin, UpdateView):
class RemoteAppPermissionUpdateView(PermissionsMixin, UpdateView):
template_name = 'perms/remote_app_permission_create_update.html'
model = RemoteAppPermission
form_class = RemoteAppPermissionCreateUpdateForm
success_url = reverse_lazy('perms:remote-app-permission-list')
permission_classes = [IsOrgAdmin]
def get_context_data(self, **kwargs):
context = {
@ -66,9 +69,10 @@ class RemoteAppPermissionUpdateView(AdminUserRequiredMixin, UpdateView):
return super().get_context_data(**kwargs)
class RemoteAppPermissionDetailView(AdminUserRequiredMixin, DetailView):
class RemoteAppPermissionDetailView(PermissionsMixin, DetailView):
template_name = 'perms/remote_app_permission_detail.html'
model = RemoteAppPermission
permission_classes = [IsOrgAdmin]
def get_context_data(self, **kwargs):
context = {
@ -79,13 +83,14 @@ class RemoteAppPermissionDetailView(AdminUserRequiredMixin, DetailView):
return super().get_context_data(**kwargs)
class RemoteAppPermissionUserView(AdminUserRequiredMixin,
class RemoteAppPermissionUserView(PermissionsMixin,
SingleObjectMixin,
ListView):
template_name = 'perms/remote_app_permission_user.html'
context_object_name = 'remote_app_permission'
paginate_by = settings.DISPLAY_PER_PAGE
object = None
permission_classes = [IsOrgAdmin]
def get(self, request, *args, **kwargs):
self.object = self.get_object(
@ -111,13 +116,14 @@ class RemoteAppPermissionUserView(AdminUserRequiredMixin,
return super().get_context_data(**kwargs)
class RemoteAppPermissionRemoteAppView(AdminUserRequiredMixin,
class RemoteAppPermissionRemoteAppView(PermissionsMixin,
SingleObjectMixin,
ListView):
template_name = 'perms/remote_app_permission_remote_app.html'
context_object_name = 'remote_app_permission'
paginate_by = settings.DISPLAY_PER_PAGE
object = None
permission_classes = [IsOrgAdmin]
def get(self, request, *args, **kwargs):
self.object = self.get_object(

26
apps/settings/views.py
View File

@ -3,15 +3,16 @@ from django.shortcuts import render, redirect
from django.contrib import messages
from django.utils.translation import ugettext as _
from common.permissions import SuperUserRequiredMixin
from common.permissions import PermissionsMixin, IsSuperUser
from common import utils
from .forms import EmailSettingForm, LDAPSettingForm, BasicSettingForm, \
TerminalSettingForm, SecuritySettingForm, EmailContentSettingForm
class BasicSettingView(SuperUserRequiredMixin, TemplateView):
class BasicSettingView(PermissionsMixin, TemplateView):
form_class = BasicSettingForm
template_name = "settings/basic_setting.html"
permission_classes = [IsSuperUser]
def get_context_data(self, **kwargs):
context = {
@ -35,9 +36,10 @@ class BasicSettingView(SuperUserRequiredMixin, TemplateView):
return render(request, self.template_name, context)
class EmailSettingView(SuperUserRequiredMixin, TemplateView):
class EmailSettingView(PermissionsMixin, TemplateView):
form_class = EmailSettingForm
template_name = "settings/email_setting.html"
permission_classes = [IsSuperUser]
def get_context_data(self, **kwargs):
context = {
@ -61,9 +63,10 @@ class EmailSettingView(SuperUserRequiredMixin, TemplateView):
return render(request, self.template_name, context)
class LDAPSettingView(SuperUserRequiredMixin, TemplateView):
class LDAPSettingView(PermissionsMixin, TemplateView):
form_class = LDAPSettingForm
template_name = "settings/ldap_setting.html"
permission_classes = [IsSuperUser]
def get_context_data(self, **kwargs):
context = {
@ -87,9 +90,10 @@ class LDAPSettingView(SuperUserRequiredMixin, TemplateView):
return render(request, self.template_name, context)
class TerminalSettingView(SuperUserRequiredMixin, TemplateView):
class TerminalSettingView(PermissionsMixin, TemplateView):
form_class = TerminalSettingForm
template_name = "settings/terminal_setting.html"
permission_classes = [IsSuperUser]
def get_context_data(self, **kwargs):
command_storage = utils.get_command_storage_setting()
@ -118,8 +122,9 @@ class TerminalSettingView(SuperUserRequiredMixin, TemplateView):
return render(request, self.template_name, context)
class ReplayStorageCreateView(SuperUserRequiredMixin, TemplateView):
class ReplayStorageCreateView(PermissionsMixin, TemplateView):
template_name = 'settings/replay_storage_create.html'
permission_classes = [IsSuperUser]
def get_context_data(self, **kwargs):
context = {
@ -130,8 +135,9 @@ class ReplayStorageCreateView(SuperUserRequiredMixin, TemplateView):
return super().get_context_data(**kwargs)
class CommandStorageCreateView(SuperUserRequiredMixin, TemplateView):
class CommandStorageCreateView(PermissionsMixin, TemplateView):
template_name = 'settings/command_storage_create.html'
permission_classes = [IsSuperUser]
def get_context_data(self, **kwargs):
context = {
@ -142,9 +148,10 @@ class CommandStorageCreateView(SuperUserRequiredMixin, TemplateView):
return super().get_context_data(**kwargs)
class SecuritySettingView(SuperUserRequiredMixin, TemplateView):
class SecuritySettingView(PermissionsMixin, TemplateView):
form_class = SecuritySettingForm
template_name = "settings/security_setting.html"
permission_classes = [IsSuperUser]
def get_context_data(self, **kwargs):
context = {
@ -168,9 +175,10 @@ class SecuritySettingView(SuperUserRequiredMixin, TemplateView):
return render(request, self.template_name, context)
class EmailContentSettingView(SuperUserRequiredMixin, TemplateView):
class EmailContentSettingView(PermissionsMixin, TemplateView):
template_name = "settings/email_content_setting.html"
form_class = EmailContentSettingForm
permission_classes = [IsSuperUser]
def get_context_data(self, **kwargs):
context = {

2
apps/templates/_left_side_bar.html
View File

@ -4,6 +4,8 @@
{% include '_user_profile.html' %}
{% if request.user.is_org_admin and request.COOKIES.IN_ADMIN_PAGE != "No" %}
{% include '_nav.html' %}
{% elif request.user.is_auditor %}
{% include '_nav_audits.html' %}
{% else %}
{% include '_nav_user.html' %}
{% endif %}

31
apps/templates/_nav_audits.html Normal file
View File

@ -0,0 +1,31 @@
{% load i18n %}
<li id="index">
<a href="{% url 'index' %}">
<i class="fa fa-dashboard" style="width: 14px"></i> <span class="nav-label">{% trans 'Dashboard' %}</span>
<span class="label label-info pull-right"></span>
</a>
</li>
<li id="terminal">
<a>
<i class="fa fa-rocket" style="width: 14px"></i> <span class="nav-label">{% trans 'Sessions' %}</span><span class="fa arrow"></span>
</a>
<ul class="nav nav-second-level">
<li id="session-online"><a href="{% url 'terminal:session-online-list' %}">{% trans 'Session online' %}</a></li>
<li id="session-offline"><a href="{% url 'terminal:session-offline-list' %}">{% trans 'Session offline' %}</a></li>
<li id="command"><a href="{% url 'terminal:command-list' %}">{% trans 'Commands' %}</a></li>
</ul>
</li>
<li id="audits">
<a>
<i class="fa fa-history" style="width: 14px"></i> <span class="nav-label">{% trans 'Audits' %}</span><span class="fa arrow"></span>
</a>
<ul class="nav nav-second-level">
<li id="login-log"><a href="{% url 'audits:login-log-list' %}">{% trans 'Login log' %}</a></li>
<li id="ftp-log"><a href="{% url 'audits:ftp-log-list' %}">{% trans 'FTP log' %}</a></li>
<li id="operate-log"><a href="{% url 'audits:operate-log-list' %}">{% trans 'Operate log' %}</a></li>
<li id="password-change-log"><a href="{% url 'audits:password-change-log-list' %}">{% trans 'Password change log' %}</a></li>
<li id="command-execution-log"><a href="{% url 'audits:command-execution-log-list' %}">{% trans 'Batch command' %}</a></li>
</ul>
</li>

6
apps/terminal/api/session.py
View File

@ -15,7 +15,7 @@ import jms_storage
from common.utils import is_uuid
from common.permissions import IsOrgAdminOrAppUser
from common.permissions import IsOrgAdminOrAppUser, IsAuditor
from ..hands import SystemUser
from ..models import Terminal, Session
from .. import serializers
@ -30,7 +30,7 @@ class SessionViewSet(BulkModelViewSet):
queryset = Session.objects.all()
serializer_class = serializers.SessionSerializer
pagination_class = LimitOffsetPagination
permission_classes = (IsOrgAdminOrAppUser,)
permission_classes = (IsOrgAdminOrAppUser | IsAuditor, )
def get_queryset(self):
queryset = super().get_queryset()
@ -68,7 +68,7 @@ class CommandViewSet(viewsets.ViewSet):
"""
command_store = get_command_storage()
serializer_class = SessionCommandSerializer
permission_classes = (IsOrgAdminOrAppUser,)
permission_classes = (IsOrgAdminOrAppUser | IsAuditor,)
def get_queryset(self):
self.command_store.filter(**dict(self.request.query_params))

4
apps/terminal/templates/terminal/session_list.html
View File

@ -103,7 +103,7 @@
{% if session.is_finished %}
<a {% if not session.can_replay %} disabled="" {% endif %} onclick="window.open('/luna/replay/{{ session.id }}','luna', 'height=600, width=800, top=400, left=400, toolbar=no, menubar=no, scrollbars=no, location=no, status=no')" class="btn btn-xs btn-warning btn-replay" >{% trans "Replay" %}</a>
{% else %}
{% if session.protocol == 'ssh' %}
{% if session.protocol == 'ssh' and request.user.is_org_admin%}
<a class="btn btn-xs btn-danger btn-term" value="{{ session.id }}" terminal="{{ session.terminal.id }}" >{% trans "Terminate" %}</a>
{% else %}
<a class="btn btn-xs btn-danger btn-term" disabled value="{{ session.id }}" terminal="{{ session.terminal.id }}" >{% trans "Terminate" %}</a>
@ -115,6 +115,7 @@
{% endblock %}
{% block content_bottom_left %}
{% if request.user.is_org_admin %}
<div id="actions" {% if type != "online" %} style="display: none" {% endif %}>
<div class="input-group">
<select class="form-control m-b" style="width: auto" id="slct_bulk_update">
@ -128,6 +129,7 @@
</div>
</div>
</div>
{% endif %}
{% endblock %}
{% block custom_foot_js %}

8
apps/terminal/views/command.py
View File

@ -9,7 +9,7 @@ from django.template import loader
import time
from common.mixins import DatetimeSearchMixin
from common.permissions import AdminUserRequiredMixin
from common.permissions import PermissionsMixin, IsOrgAdmin, IsAuditor
from ..models import Command
from .. import utils
from ..backends import get_multi_command_storage
@ -18,13 +18,14 @@ __all__ = ['CommandListView', 'CommandExportView']
common_storage = get_multi_command_storage()
class CommandListView(DatetimeSearchMixin, AdminUserRequiredMixin, ListView):
class CommandListView(DatetimeSearchMixin, PermissionsMixin, ListView):
model = Command
template_name = "terminal/command_list.html"
context_object_name = 'command_list'
paginate_by = settings.DISPLAY_PER_PAGE
command = user = asset = system_user = ""
date_from = date_to = None
permission_classes = [IsOrgAdmin | IsAuditor]
def get_queryset(self):
self.command = self.request.GET.get('command', '')
@ -63,10 +64,11 @@ class CommandListView(DatetimeSearchMixin, AdminUserRequiredMixin, ListView):
return super().get_context_data(**kwargs)
class CommandExportView(DatetimeSearchMixin, AdminUserRequiredMixin, View):
class CommandExportView(DatetimeSearchMixin, PermissionsMixin, View):
model = Command
command = user = asset = system_user = action = ''
date_from = date_to = None
permission_classes = [IsOrgAdmin | IsAuditor]
def get(self, request, *args, **kwargs):
queryset = self.get_queryset()

9
apps/terminal/views/session.py
View File

@ -7,7 +7,7 @@ from django.utils.translation import ugettext as _
from django.utils import timezone
from django.conf import settings
from common.permissions import AdminUserRequiredMixin
from common.permissions import PermissionsMixin, IsOrgAdmin, IsAuditor
from common.mixins import DatetimeSearchMixin
from ..models import Session, Command, Terminal
from ..backends import get_multi_command_storage
@ -20,14 +20,14 @@ __all__ = [
]
class SessionListView(AdminUserRequiredMixin, DatetimeSearchMixin, ListView):
class SessionListView(PermissionsMixin, DatetimeSearchMixin, ListView):
model = Session
template_name = 'terminal/session_list.html'
context_object_name = 'session_list'
paginate_by = settings.DISPLAY_PER_PAGE
user = asset = system_user = ''
date_from = date_to = None
permission_classes = [IsOrgAdmin | IsAuditor]
def get_queryset(self):
self.queryset = super().get_queryset()
@ -97,10 +97,11 @@ class SessionOfflineListView(SessionListView):
return super().get_context_data(**kwargs)
class SessionDetailView(SingleObjectMixin, AdminUserRequiredMixin, ListView):
class SessionDetailView(SingleObjectMixin, PermissionsMixin, ListView):
template_name = 'terminal/session_detail.html'
model = Session
object = None
permission_classes = [IsOrgAdmin | IsAuditor]
def get(self, request, *args, **kwargs):
self.object = self.get_object(queryset=self.model.objects.all())

20
apps/terminal/views/terminal.py
View File

@ -10,7 +10,7 @@ from django.urls import reverse_lazy, reverse
from common.mixins import JSONResponseMixin
from ..models import Terminal
from ..forms import TerminalForm
from common.permissions import SuperUserRequiredMixin
from common.permissions import PermissionsMixin, IsSuperUser
__all__ = [
@ -20,10 +20,11 @@ __all__ = [
]
class TerminalListView(SuperUserRequiredMixin, ListView):
class TerminalListView(PermissionsMixin, ListView):
model = Terminal
template_name = 'terminal/terminal_list.html'
form_class = TerminalForm
permission_classes = [IsSuperUser]
def get_context_data(self, **kwargs):
context = super(TerminalListView, self).get_context_data(**kwargs)
@ -35,11 +36,12 @@ class TerminalListView(SuperUserRequiredMixin, ListView):
return context
class TerminalUpdateView(SuperUserRequiredMixin, UpdateView):
class TerminalUpdateView(PermissionsMixin, UpdateView):
model = Terminal
form_class = TerminalForm
template_name = 'terminal/terminal_update.html'
success_url = reverse_lazy('terminal:terminal-list')
permission_classes = [IsSuperUser]
def get_context_data(self, **kwargs):
context = super(TerminalUpdateView, self).get_context_data(**kwargs)
@ -47,10 +49,11 @@ class TerminalUpdateView(SuperUserRequiredMixin, UpdateView):
return context
class TerminalDetailView(LoginRequiredMixin, SuperUserRequiredMixin, DetailView):
class TerminalDetailView(LoginRequiredMixin, PermissionsMixin, DetailView):
model = Terminal
template_name = 'terminal/terminal_detail.html'
context_object_name = 'terminal'
permission_classes = [IsSuperUser]
def get_context_data(self, **kwargs):
context = super(TerminalDetailView, self).get_context_data(**kwargs)
@ -61,16 +64,18 @@ class TerminalDetailView(LoginRequiredMixin, SuperUserRequiredMixin, DetailView)
return context
class TerminalDeleteView(SuperUserRequiredMixin, DeleteView):
class TerminalDeleteView(PermissionsMixin, DeleteView):
model = Terminal
template_name = 'delete_confirm.html'
success_url = reverse_lazy('terminal:terminal-list')
permission_classes = [IsSuperUser]
class TerminalAcceptView(SuperUserRequiredMixin, JSONResponseMixin, UpdateView):
class TerminalAcceptView(PermissionsMixin, JSONResponseMixin, UpdateView):
model = Terminal
form_class = TerminalForm
template_name = 'terminal/terminal_modal_accept.html'
permission_classes = [IsSuperUser]
def form_valid(self, form):
terminal = form.save()
@ -92,12 +97,13 @@ class TerminalAcceptView(SuperUserRequiredMixin, JSONResponseMixin, UpdateView):
return self.render_json_response(data)
class TerminalConnectView(LoginRequiredMixin, SuperUserRequiredMixin, DetailView):
class TerminalConnectView(LoginRequiredMixin, PermissionsMixin, DetailView):
"""
Abandon
"""
template_name = 'flash_message_standalone.html'
model = Terminal
permission_classes = [IsSuperUser]
def get_context_data(self, **kwargs):
if self.object.type == 'Web':

1
apps/users/forms.py
View File

@ -62,6 +62,7 @@ class UserCreateUpdateFormMixin(OrgModelForm):
if self.request.user.is_superuser:
roles.append((User.ROLE_ADMIN, dict(User.ROLE_CHOICES).get(User.ROLE_ADMIN)))
roles.append((User.ROLE_USER, dict(User.ROLE_CHOICES).get(User.ROLE_USER)))
roles.append((User.ROLE_AUDITOR, dict(User.ROLE_CHOICES).get(User.ROLE_AUDITOR)))
# Org admin user
else:

18
apps/users/migrations/0020_auto_20190612_1825.py Normal file
View File

@ -0,0 +1,18 @@
# Generated by Django 2.1.7 on 2019-06-12 10:25
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
('users', '0019_auto_20190304_1459'),
]
operations = [
migrations.AlterField(
model_name='user',
name='role',
field=models.CharField(blank=True, choices=[('Admin', 'Administrator'), ('User', 'User'), ('App', 'Application'), ('Auditor', 'Auditor')], default='User', max_length=10, verbose_name='Role'),
),
]

8
apps/users/models/user.py
View File

@ -30,11 +30,13 @@ class User(AbstractUser):
ROLE_ADMIN = 'Admin'
ROLE_USER = 'User'
ROLE_APP = 'App'
ROLE_AUDITOR = 'Auditor'
ROLE_CHOICES = (
(ROLE_ADMIN, _('Administrator')),
(ROLE_USER, _('User')),
(ROLE_APP, _('Application'))
(ROLE_APP, _('Application')),
(ROLE_AUDITOR, _("Auditor"))
)
OTP_LEVEL_CHOICES = (
(0, _('Disable')),
@ -243,6 +245,10 @@ class User(AbstractUser):
else:
return False
@property
def is_auditor(self):
return self.role == 'Auditor'
@property
def is_app(self):
return self.role == 'App'

10
apps/users/utils.py
View File

@ -24,16 +24,6 @@ from .models import User
logger = logging.getLogger('jumpserver')
class AdminUserRequiredMixin(UserPassesTestMixin):
def test_func(self):
if not self.request.user.is_authenticated:
return False
elif not self.request.user.is_superuser:
self.raise_exception = True
return False
return True
def construct_user_created_email_body(user):
default_body = _("""
<link rel="stylesheet" href="//maxcdn.bootstrapcdn.com/bootstrap/3.2.0/css/bootstrap.min.css">

17
apps/users/views/group.py
View File

@ -9,7 +9,7 @@ from django.contrib.messages.views import SuccessMessageMixin
from common.utils import get_logger
from common.const import create_success_msg, update_success_msg
from common.permissions import AdminUserRequiredMixin
from common.permissions import PermissionsMixin, IsOrgAdmin
from orgs.utils import current_org
from ..models import User, UserGroup
from .. import forms
@ -19,8 +19,9 @@ __all__ = ['UserGroupListView', 'UserGroupCreateView', 'UserGroupDetailView',
logger = get_logger(__name__)
class UserGroupListView(AdminUserRequiredMixin, TemplateView):
class UserGroupListView(PermissionsMixin, TemplateView):
template_name = 'users/user_group_list.html'
permission_classes = [IsOrgAdmin]
def get_context_data(self, **kwargs):
context = {
@ -31,12 +32,13 @@ class UserGroupListView(AdminUserRequiredMixin, TemplateView):
return super().get_context_data(**kwargs)
class UserGroupCreateView(AdminUserRequiredMixin, SuccessMessageMixin, CreateView):
class UserGroupCreateView(PermissionsMixin, SuccessMessageMixin, CreateView):
model = UserGroup
form_class = forms.UserGroupForm
template_name = 'users/user_group_create_update.html'
success_url = reverse_lazy('users:user-group-list')
success_message = create_success_msg
permission_classes = [IsOrgAdmin]
def get_context_data(self, **kwargs):
context = {
@ -47,12 +49,13 @@ class UserGroupCreateView(AdminUserRequiredMixin, SuccessMessageMixin, CreateVie
return super().get_context_data(**kwargs)
class UserGroupUpdateView(AdminUserRequiredMixin, SuccessMessageMixin, UpdateView):
class UserGroupUpdateView(PermissionsMixin, SuccessMessageMixin, UpdateView):
model = UserGroup
form_class = forms.UserGroupForm
template_name = 'users/user_group_create_update.html'
success_url = reverse_lazy('users:user-group-list')
success_message = update_success_msg
permission_classes = [IsOrgAdmin]
def get_context_data(self, **kwargs):
context = {
@ -64,10 +67,11 @@ class UserGroupUpdateView(AdminUserRequiredMixin, SuccessMessageMixin, UpdateVie
return super().get_context_data(**kwargs)
class UserGroupDetailView(AdminUserRequiredMixin, DetailView):
class UserGroupDetailView(PermissionsMixin, DetailView):
model = UserGroup
context_object_name = 'user_group'
template_name = 'users/user_group_detail.html'
permission_classes = [IsOrgAdmin]
def get_context_data(self, **kwargs):
users = current_org.get_org_users().exclude(id__in=self.object.users.all())
@ -80,11 +84,12 @@ class UserGroupDetailView(AdminUserRequiredMixin, DetailView):
return super().get_context_data(**kwargs)
class UserGroupGrantedAssetView(AdminUserRequiredMixin, DetailView):
class UserGroupGrantedAssetView(PermissionsMixin, DetailView):
model = UserGroup
template_name = 'users/user_group_granted_asset.html'
context_object_name = 'user_group'
object = None
permission_classes = [IsOrgAdmin]
def get_context_data(self, **kwargs):
context = {

23
apps/users/views/user.py
View File

@ -36,7 +36,7 @@ from common.const import (
)
from common.mixins import JSONResponseMixin
from common.utils import get_logger, get_object_or_none, is_uuid, ssh_key_gen
from common.permissions import AdminUserRequiredMixin
from common.permissions import PermissionsMixin, IsOrgAdmin
from orgs.utils import current_org
from .. import forms
from ..models import User, UserGroup
@ -61,8 +61,9 @@ __all__ = [
logger = get_logger(__name__)
class UserListView(AdminUserRequiredMixin, TemplateView):
class UserListView(PermissionsMixin, TemplateView):
template_name = 'users/user_list.html'
permission_classes = [IsOrgAdmin]
def get_context_data(self, **kwargs):
context = super().get_context_data(**kwargs)
@ -73,12 +74,13 @@ class UserListView(AdminUserRequiredMixin, TemplateView):
return context
class UserCreateView(AdminUserRequiredMixin, SuccessMessageMixin, CreateView):
class UserCreateView(PermissionsMixin, SuccessMessageMixin, CreateView):
model = User
form_class = forms.UserCreateForm
template_name = 'users/user_create.html'
success_url = reverse_lazy('users:user-list')
success_message = create_success_msg
permission_classes = [IsOrgAdmin]
def get_context_data(self, **kwargs):
check_rules = get_password_check_rules()
@ -106,13 +108,14 @@ class UserCreateView(AdminUserRequiredMixin, SuccessMessageMixin, CreateView):
return kwargs
class UserUpdateView(AdminUserRequiredMixin, SuccessMessageMixin, UpdateView):
class UserUpdateView(PermissionsMixin, SuccessMessageMixin, UpdateView):
model = User
form_class = forms.UserUpdateForm
template_name = 'users/user_update.html'
context_object_name = 'user_object'
success_url = reverse_lazy('users:user-list')
success_message = update_success_msg
permission_classes = [IsOrgAdmin]
def _deny_permission(self):
obj = self.get_object()
@ -153,7 +156,7 @@ class UserUpdateView(AdminUserRequiredMixin, SuccessMessageMixin, UpdateView):
return kwargs
class UserBulkUpdateView(AdminUserRequiredMixin, TemplateView):
class UserBulkUpdateView(PermissionsMixin, TemplateView):
model = User
form_class = forms.UserBulkUpdateForm
template_name = 'users/user_bulk_update.html'
@ -161,6 +164,7 @@ class UserBulkUpdateView(AdminUserRequiredMixin, TemplateView):
success_message = _("Bulk update user success")
form = None
id_list = None
permission_classes = [IsOrgAdmin]
def get(self, request, *args, **kwargs):
spm = request.GET.get('spm', '')
@ -193,11 +197,12 @@ class UserBulkUpdateView(AdminUserRequiredMixin, TemplateView):
return super().get_context_data(**kwargs)
class UserDetailView(AdminUserRequiredMixin, DetailView):
class UserDetailView(PermissionsMixin, DetailView):
model = User
template_name = 'users/user_detail.html'
context_object_name = "user_object"
key_prefix_block = "_LOGIN_BLOCK_{}"
permission_classes = [IsOrgAdmin]
def get_context_data(self, **kwargs):
user = self.get_object()
@ -263,8 +268,9 @@ class UserExportView(View):
return JsonResponse({'redirect': url})
class UserBulkImportView(AdminUserRequiredMixin, JSONResponseMixin, FormView):
class UserBulkImportView(PermissionsMixin, JSONResponseMixin, FormView):
form_class = forms.FileForm
permission_classes = [IsOrgAdmin]
def form_invalid(self, form):
try:
@ -359,9 +365,10 @@ class UserBulkImportView(AdminUserRequiredMixin, JSONResponseMixin, FormView):
return self.render_json_response(data)
class UserGrantedAssetView(AdminUserRequiredMixin, DetailView):
class UserGrantedAssetView(PermissionsMixin, DetailView):
model = User
template_name = 'users/user_granted_asset.html'
permission_classes = [IsOrgAdmin]
def get_context_data(self, **kwargs):
context = {