From 9a5f9a9c928e6507f6a16ba8cd3bfc750cfc2d68 Mon Sep 17 00:00:00 2001 From: fit2bot <68588906+fit2bot@users.noreply.github.com> Date: Wed, 16 Dec 2020 10:23:37 +0800 Subject: [PATCH 1/7] =?UTF-8?q?fix:=20=E5=BA=94=E7=94=A8=E6=8E=88=E6=9D=83?= =?UTF-8?q?=E4=B8=8D=E4=BC=9A=E8=87=AA=E5=8A=A8=E6=8E=A8=E9=80=81=E7=9A=84?= =?UTF-8?q?bug=20(#5271)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: xinwen --- apps/perms/signals_handler.py | 84 ++++++++++++++++++++++++++++++++++- 1 file changed, 83 insertions(+), 1 deletion(-) diff --git a/apps/perms/signals_handler.py b/apps/perms/signals_handler.py index 5b33fcb35..7d3527884 100644 --- a/apps/perms/signals_handler.py +++ b/apps/perms/signals_handler.py @@ -7,10 +7,11 @@ from perms.tasks import create_rebuild_user_tree_task, \ create_rebuild_user_tree_task_by_related_nodes_or_assets from users.models import User, UserGroup from assets.models import Asset, SystemUser +from applications.models import Application from common.utils import get_logger from common.exceptions import M2MReverseNotAllowed from common.const.signals import POST_ADD, POST_REMOVE, POST_CLEAR -from .models import AssetPermission, RemoteAppPermission +from .models import AssetPermission, RemoteAppPermission, ApplicationPermission logger = get_logger(__file__) @@ -244,3 +245,84 @@ def on_node_asset_change(action, instance, reverse, pk_set, **kwargs): node_pk_set = pk_set create_rebuild_user_tree_task_by_related_nodes_or_assets.delay(node_pk_set, asset_pk_set) + + +@receiver(m2m_changed, sender=ApplicationPermission.system_users.through) +def on_remote_app_permission_system_users_changed(sender, instance: ApplicationPermission, action, reverse, pk_set, **kwargs): + if reverse: + raise M2MReverseNotAllowed + + if action != POST_ADD: + return + + system_users = SystemUser.objects.filter(pk__in=pk_set) + logger.debug("Application permission system_users change signal received") + attrs = instance.applications.all().values_list('attrs', flat=True) + assets_id = [] + for attr in attrs: + asset_id = attr.get('asset') + if asset_id: + assets_id.append(asset_id) + + for system_user in system_users: + system_user.assets.add(*assets_id) + if system_user.username_same_with_user: + users_id = instance.users.all().values_list('id', flat=True) + groups_id = instance.user_groups.all().values_list('id', flat=True) + system_user.groups.add(*users_id) + system_user.users.add(*groups_id) + + +@receiver(m2m_changed, sender=ApplicationPermission.users.through) +def on_remoteapps_permission_users_changed(sender, instance, action, reverse, pk_set, **kwargs): + if reverse: + raise M2MReverseNotAllowed + + if action != POST_ADD: + return + + logger.debug("Application permission users change signal received") + users_id = User.objects.filter(pk__in=pk_set).values_list('id', flat=True) + system_users = instance.system_users.all() + + for system_user in system_users: + if system_user.username_same_with_user: + system_user.users.add(*users_id) + + +@receiver(m2m_changed, sender=ApplicationPermission.user_groups.through) +def on_remoteapps_permission_user_groups_changed(sender, instance, action, reverse, pk_set, **kwargs): + if reverse: + raise M2MReverseNotAllowed + + if action != POST_ADD: + return + + logger.debug("Application permission user groups change signal received") + groups_id = UserGroup.objects.filter(pk__in=pk_set).values_list('id', flat=True) + system_users = instance.system_users.all() + + for system_user in system_users: + if system_user.username_same_with_user: + system_user.groups.add(*groups_id) + + +@receiver(m2m_changed, sender=ApplicationPermission.applications.through) +def on_remoteapps_permission_user_groups_changed(sender, instance, action, reverse, pk_set, **kwargs): + if reverse: + raise M2MReverseNotAllowed + + if action != POST_ADD: + return + + attrs = Application.objects.filter(id__in=pk_set).values_list('attrs', flat=True) + assets_id = [] + for attr in attrs: + asset_id = attr.get('asset') + if asset_id: + assets_id.append(asset_id) + + system_users = instance.system_users.all() + + for system_user in system_users: + system_user.assets.add(*assets_id) From 3aed4955c8ff941fec4299b01fa44b530fcb09e4 Mon Sep 17 00:00:00 2001 From: xinwen Date: Wed, 16 Dec 2020 11:30:16 +0800 Subject: [PATCH 2/7] =?UTF-8?q?fix:=20=E8=BF=9C=E7=A8=8B=E5=BA=94=E7=94=A8?= =?UTF-8?q?=E6=8E=88=E6=9D=83=E7=9A=84=E4=B8=80=E4=BA=9B=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/perms/signals_handler.py | 43 +++++++++++++++++++++-------------- 1 file changed, 26 insertions(+), 17 deletions(-) diff --git a/apps/perms/signals_handler.py b/apps/perms/signals_handler.py index 7d3527884..d7e1dfb00 100644 --- a/apps/perms/signals_handler.py +++ b/apps/perms/signals_handler.py @@ -7,7 +7,7 @@ from perms.tasks import create_rebuild_user_tree_task, \ create_rebuild_user_tree_task_by_related_nodes_or_assets from users.models import User, UserGroup from assets.models import Asset, SystemUser -from applications.models import Application +from applications.models import Application, Category from common.utils import get_logger from common.exceptions import M2MReverseNotAllowed from common.const.signals import POST_ADD, POST_REMOVE, POST_CLEAR @@ -248,7 +248,10 @@ def on_node_asset_change(action, instance, reverse, pk_set, **kwargs): @receiver(m2m_changed, sender=ApplicationPermission.system_users.through) -def on_remote_app_permission_system_users_changed(sender, instance: ApplicationPermission, action, reverse, pk_set, **kwargs): +def on_application_permission_system_users_changed(sender, instance: ApplicationPermission, action, reverse, pk_set, **kwargs): + if instance.category != Category.remote_app: + return + if reverse: raise M2MReverseNotAllowed @@ -258,23 +261,25 @@ def on_remote_app_permission_system_users_changed(sender, instance: ApplicationP system_users = SystemUser.objects.filter(pk__in=pk_set) logger.debug("Application permission system_users change signal received") attrs = instance.applications.all().values_list('attrs', flat=True) - assets_id = [] - for attr in attrs: - asset_id = attr.get('asset') - if asset_id: - assets_id.append(asset_id) + + assets_id = [attr['asset'] for attr in attrs if attr.get('asset')] + if not assets_id: + return for system_user in system_users: system_user.assets.add(*assets_id) if system_user.username_same_with_user: users_id = instance.users.all().values_list('id', flat=True) groups_id = instance.user_groups.all().values_list('id', flat=True) - system_user.groups.add(*users_id) - system_user.users.add(*groups_id) + system_user.groups.add(*groups_id) + system_user.users.add(*users_id) @receiver(m2m_changed, sender=ApplicationPermission.users.through) -def on_remoteapps_permission_users_changed(sender, instance, action, reverse, pk_set, **kwargs): +def on_application_permission_users_changed(sender, instance, action, reverse, pk_set, **kwargs): + if instance.category != Category.remote_app: + return + if reverse: raise M2MReverseNotAllowed @@ -291,7 +296,10 @@ def on_remoteapps_permission_users_changed(sender, instance, action, reverse, pk @receiver(m2m_changed, sender=ApplicationPermission.user_groups.through) -def on_remoteapps_permission_user_groups_changed(sender, instance, action, reverse, pk_set, **kwargs): +def on_application_permission_user_groups_changed(sender, instance, action, reverse, pk_set, **kwargs): + if instance.category != Category.remote_app: + return + if reverse: raise M2MReverseNotAllowed @@ -308,7 +316,10 @@ def on_remoteapps_permission_user_groups_changed(sender, instance, action, rever @receiver(m2m_changed, sender=ApplicationPermission.applications.through) -def on_remoteapps_permission_user_groups_changed(sender, instance, action, reverse, pk_set, **kwargs): +def on_application_permission_user_groups_changed(sender, instance, action, reverse, pk_set, **kwargs): + if instance.category != Category.remote_app: + return + if reverse: raise M2MReverseNotAllowed @@ -316,11 +327,9 @@ def on_remoteapps_permission_user_groups_changed(sender, instance, action, rever return attrs = Application.objects.filter(id__in=pk_set).values_list('attrs', flat=True) - assets_id = [] - for attr in attrs: - asset_id = attr.get('asset') - if asset_id: - assets_id.append(asset_id) + assets_id = [attr['asset'] for attr in attrs if attr.get('asset')] + if not assets_id: + return system_users = instance.system_users.all() From b3642f3ff41e2d79ceccd20fe86ede67e0fbc48c Mon Sep 17 00:00:00 2001 From: Bai Date: Wed, 16 Dec 2020 11:59:46 +0800 Subject: [PATCH 3/7] =?UTF-8?q?fix:=20=E4=BF=AE=E5=A4=8DLDAP=E7=94=A8?= =?UTF-8?q?=E6=88=B7=E7=99=BB=E5=BD=95(=E6=9C=AA=E6=89=BE=E5=88=B0)?= =?UTF-8?q?=E6=97=B6=E5=BE=AA=E7=8E=AF=E8=B0=83=E7=94=A8=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/authentication/backends/ldap.py | 8 ++++++-- apps/settings/utils/ldap.py | 2 -- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/apps/authentication/backends/ldap.py b/apps/authentication/backends/ldap.py index 5a5e16081..5551c83d4 100644 --- a/apps/authentication/backends/ldap.py +++ b/apps/authentication/backends/ldap.py @@ -115,8 +115,12 @@ class LDAPUser(_LDAPUser): else: # 解决直接配置DC域,用户认证失败的问题(库不能从整棵树中搜索) user_dn = self._search_for_user_dn_from_ldap_util() - self._user_dn = user_dn - self._user_attrs = self._load_user_attrs() + if user_dn is None: + self._user_dn = None + self._user_attrs = None + else: + self._user_dn = user_dn + self._user_attrs = self._load_user_attrs() return user_dn diff --git a/apps/settings/utils/ldap.py b/apps/settings/utils/ldap.py index 9b7cd34a2..e4264f0e6 100644 --- a/apps/settings/utils/ldap.py +++ b/apps/settings/utils/ldap.py @@ -186,7 +186,6 @@ class LDAPServerUtil(object): user[attr] = value return user - @timeit def user_entries_to_dict(self, user_entries): users = [] for user_entry in user_entries: @@ -194,7 +193,6 @@ class LDAPServerUtil(object): users.append(user) return users - @timeit def search_for_user_dn(self, username): user_entries = self.search_user_entries(search_users=[username]) if len(user_entries) == 1: From bf308e24b669131b8887c071d167fe1438f921e4 Mon Sep 17 00:00:00 2001 From: xinwen Date: Wed, 16 Dec 2020 17:31:30 +0800 Subject: [PATCH 4/7] =?UTF-8?q?fix:=20=E6=8E=A8=E9=80=81=E7=B3=BB=E7=BB=9F?= =?UTF-8?q?=E7=94=A8=E6=88=B7=E6=97=B6=20AdHocExecution=20id=20=E9=87=8D?= =?UTF-8?q?=E5=A4=8D?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/ops/models/adhoc.py | 4 +++- apps/ops/utils.py | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/apps/ops/models/adhoc.py b/apps/ops/models/adhoc.py index 95a1106b1..aa2884105 100644 --- a/apps/ops/models/adhoc.py +++ b/apps/ops/models/adhoc.py @@ -180,8 +180,10 @@ class AdHoc(OrgModelMixin): def run(self): try: hid = current_task.request.id + if AdHocExecution.objects.filter(id=hid).exists(): + hid = uuid.uuid4() except AttributeError: - hid = str(uuid.uuid4()) + hid = uuid.uuid4() execution = AdHocExecution( id=hid, adhoc=self, task=self.task, task_display=str(self.task)[:128], diff --git a/apps/ops/utils.py b/apps/ops/utils.py index e4fa85812..04d35a2fa 100644 --- a/apps/ops/utils.py +++ b/apps/ops/utils.py @@ -3,7 +3,7 @@ from django.utils.translation import ugettext_lazy as _ from common.utils import get_logger, get_object_or_none from common.tasks import send_mail_async -from orgs.utils import tmp_to_org, org_aware_func +from orgs.utils import org_aware_func from .models import Task, AdHoc From 4dcd8dd8dd91f37bcdcad49bdee7a333cc7f63ef Mon Sep 17 00:00:00 2001 From: Bai Date: Wed, 16 Dec 2020 18:19:02 +0800 Subject: [PATCH 5/7] =?UTF-8?q?fix:=20=E4=BF=AE=E5=A4=8D=E8=8A=82=E7=82=B9?= =?UTF-8?q?=E5=88=9B=E5=BB=BA=E6=97=B6=E6=9B=B4=E6=96=B0=E5=AD=A9=E5=AD=90?= =?UTF-8?q?full=5Fvalue=E6=97=A5=E5=BF=97=E8=BE=93=E5=87=BA=E9=97=AE?= =?UTF-8?q?=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/assets/models/node.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/apps/assets/models/node.py b/apps/assets/models/node.py index 72000d9f1..20104412b 100644 --- a/apps/assets/models/node.py +++ b/apps/assets/models/node.py @@ -491,6 +491,8 @@ class Node(OrgModelMixin, SomeNodesMixin, FamilyMixin, NodeAssetsMixin): sort_key_func = lambda n: [int(i) for i in n.key.split(':')] nodes_sorted = sorted(list(nodes), key=sort_key_func) nodes_mapper = {n.key: n for n in nodes_sorted} + # 更新自己时,自己的parent_key获取不到 + nodes_mapper.update({self.parent_key: self.parent}) for node in nodes_sorted: parent = nodes_mapper.get(node.parent_key) if not parent: From 54303ea33f93b5a15f5398a70b5b0e57c4fed7e0 Mon Sep 17 00:00:00 2001 From: Bai Date: Wed, 16 Dec 2020 18:36:08 +0800 Subject: [PATCH 6/7] =?UTF-8?q?fix:=20=E4=BF=AE=E5=A4=8D=E8=8A=82=E7=82=B9?= =?UTF-8?q?=E5=88=9B=E5=BB=BA=E6=97=B6=E6=9B=B4=E6=96=B0=E5=AD=A9=E5=AD=90?= =?UTF-8?q?full=5Fvalue=E6=97=A5=E5=BF=97=E8=BE=93=E5=87=BA=E9=97=AE?= =?UTF-8?q?=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/assets/models/node.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/apps/assets/models/node.py b/apps/assets/models/node.py index 20104412b..710586e6f 100644 --- a/apps/assets/models/node.py +++ b/apps/assets/models/node.py @@ -491,8 +491,10 @@ class Node(OrgModelMixin, SomeNodesMixin, FamilyMixin, NodeAssetsMixin): sort_key_func = lambda n: [int(i) for i in n.key.split(':')] nodes_sorted = sorted(list(nodes), key=sort_key_func) nodes_mapper = {n.key: n for n in nodes_sorted} - # 更新自己时,自己的parent_key获取不到 - nodes_mapper.update({self.parent_key: self.parent}) + if not self.is_org_root(): + # 如果是org_root,那么parent_key为'', parent为自己,所以这种情况不处理 + # 更新自己时,自己的parent_key获取不到 + nodes_mapper.update({self.parent_key: self.parent}) for node in nodes_sorted: parent = nodes_mapper.get(node.parent_key) if not parent: From 89d8efe0f1cb940b3cc66e40fc4a3b74080f549d Mon Sep 17 00:00:00 2001 From: xinwen Date: Wed, 16 Dec 2020 18:44:47 +0800 Subject: [PATCH 7/7] =?UTF-8?q?fix:=20perms.signals=5Fhandler.on=5Fapplica?= =?UTF-8?q?tion=5Fpermission=5Fapplications=5Fchanged=20=E4=BF=AE=E6=94=B9?= =?UTF-8?q?=E5=90=8D=E5=AD=97?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/perms/signals_handler.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/perms/signals_handler.py b/apps/perms/signals_handler.py index d7e1dfb00..95df4c4f2 100644 --- a/apps/perms/signals_handler.py +++ b/apps/perms/signals_handler.py @@ -316,7 +316,7 @@ def on_application_permission_user_groups_changed(sender, instance, action, reve @receiver(m2m_changed, sender=ApplicationPermission.applications.through) -def on_application_permission_user_groups_changed(sender, instance, action, reverse, pk_set, **kwargs): +def on_application_permission_applications_changed(sender, instance, action, reverse, pk_set, **kwargs): if instance.category != Category.remote_app: return