github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #5278 from jumpserver/dev 

chore: Merge master from dev
pull/5308/head
Jiangjie.Bai 2020-12-16 18:50:49 +08:00 committed by GitHub
parent 6d5bec1ef2 89d8efe0f1
commit 8c133d5fdb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 106 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
apps/assets/models/node.py
View File

@ -491,6 +491,10 @@ class Node(OrgModelMixin, SomeNodesMixin, FamilyMixin, NodeAssetsMixin):
sort_key_func = lambda n: [int(i) for i in n.key.split(':')]
nodes_sorted = sorted(list(nodes), key=sort_key_func)
nodes_mapper = {n.key: n for n in nodes_sorted}
if not self.is_org_root():
# 如果是org_root那么parent_key为'', parent为自己所以这种情况不处理
# 更新自己时自己的parent_key获取不到
nodes_mapper.update({self.parent_key: self.parent})
for node in nodes_sorted:
parent = nodes_mapper.get(node.parent_key)
if not parent:

8
apps/authentication/backends/ldap.py
View File

@ -115,8 +115,12 @@ class LDAPUser(_LDAPUser):
else:
# 解决直接配置DC域用户认证失败的问题(库不能从整棵树中搜索)
user_dn = self._search_for_user_dn_from_ldap_util()
self._user_dn = user_dn
self._user_attrs = self._load_user_attrs()
if user_dn is None:
self._user_dn = None
self._user_attrs = None
else:
self._user_dn = user_dn
self._user_attrs = self._load_user_attrs()
return user_dn

4
apps/ops/models/adhoc.py
View File

@ -180,8 +180,10 @@ class AdHoc(OrgModelMixin):
def run(self):
try:
hid = current_task.request.id
if AdHocExecution.objects.filter(id=hid).exists():
hid = uuid.uuid4()
except AttributeError:
hid = str(uuid.uuid4())
hid = uuid.uuid4()
execution = AdHocExecution(
id=hid, adhoc=self, task=self.task,
task_display=str(self.task)[:128],

2
apps/ops/utils.py
View File

@ -3,7 +3,7 @@ from django.utils.translation import ugettext_lazy as _
from common.utils import get_logger, get_object_or_none
from common.tasks import send_mail_async
from orgs.utils import tmp_to_org, org_aware_func
from orgs.utils import org_aware_func
from .models import Task, AdHoc

93
apps/perms/signals_handler.py
View File

@ -7,10 +7,11 @@ from perms.tasks import create_rebuild_user_tree_task, \
create_rebuild_user_tree_task_by_related_nodes_or_assets
from users.models import User, UserGroup
from assets.models import Asset, SystemUser
from applications.models import Application, Category
from common.utils import get_logger
from common.exceptions import M2MReverseNotAllowed
from common.const.signals import POST_ADD, POST_REMOVE, POST_CLEAR
from .models import AssetPermission, RemoteAppPermission
from .models import AssetPermission, RemoteAppPermission, ApplicationPermission
logger = get_logger(__file__)
@ -244,3 +245,93 @@ def on_node_asset_change(action, instance, reverse, pk_set, **kwargs):
node_pk_set = pk_set
create_rebuild_user_tree_task_by_related_nodes_or_assets.delay(node_pk_set, asset_pk_set)
@receiver(m2m_changed, sender=ApplicationPermission.system_users.through)
def on_application_permission_system_users_changed(sender, instance: ApplicationPermission, action, reverse, pk_set, **kwargs):
if instance.category != Category.remote_app:
return
if reverse:
raise M2MReverseNotAllowed
if action != POST_ADD:
return
system_users = SystemUser.objects.filter(pk__in=pk_set)
logger.debug("Application permission system_users change signal received")
attrs = instance.applications.all().values_list('attrs', flat=True)
assets_id = [attr['asset'] for attr in attrs if attr.get('asset')]
if not assets_id:
return
for system_user in system_users:
system_user.assets.add(*assets_id)
if system_user.username_same_with_user:
users_id = instance.users.all().values_list('id', flat=True)
groups_id = instance.user_groups.all().values_list('id', flat=True)
system_user.groups.add(*groups_id)
system_user.users.add(*users_id)
@receiver(m2m_changed, sender=ApplicationPermission.users.through)
def on_application_permission_users_changed(sender, instance, action, reverse, pk_set, **kwargs):
if instance.category != Category.remote_app:
return
if reverse:
raise M2MReverseNotAllowed
if action != POST_ADD:
return
logger.debug("Application permission users change signal received")
users_id = User.objects.filter(pk__in=pk_set).values_list('id', flat=True)
system_users = instance.system_users.all()
for system_user in system_users:
if system_user.username_same_with_user:
system_user.users.add(*users_id)
@receiver(m2m_changed, sender=ApplicationPermission.user_groups.through)
def on_application_permission_user_groups_changed(sender, instance, action, reverse, pk_set, **kwargs):
if instance.category != Category.remote_app:
return
if reverse:
raise M2MReverseNotAllowed
if action != POST_ADD:
return
logger.debug("Application permission user groups change signal received")
groups_id = UserGroup.objects.filter(pk__in=pk_set).values_list('id', flat=True)
system_users = instance.system_users.all()
for system_user in system_users:
if system_user.username_same_with_user:
system_user.groups.add(*groups_id)
@receiver(m2m_changed, sender=ApplicationPermission.applications.through)
def on_application_permission_applications_changed(sender, instance, action, reverse, pk_set, **kwargs):
if instance.category != Category.remote_app:
return
if reverse:
raise M2MReverseNotAllowed
if action != POST_ADD:
return
attrs = Application.objects.filter(id__in=pk_set).values_list('attrs', flat=True)
assets_id = [attr['asset'] for attr in attrs if attr.get('asset')]
if not assets_id:
return
system_users = instance.system_users.all()
for system_user in system_users:
system_user.assets.add(*assets_id)

2
apps/settings/utils/ldap.py
View File

@ -186,7 +186,6 @@ class LDAPServerUtil(object):
user[attr] = value
return user
@timeit
def user_entries_to_dict(self, user_entries):
users = []
for user_entry in user_entries:
@ -194,7 +193,6 @@ class LDAPServerUtil(object):
users.append(user)
return users
@timeit
def search_for_user_dn(self, username):
user_entries = self.search_user_entries(search_users=[username])
if len(user_entries) == 1: