mirror of https://github.com/jumpserver/jumpserver
老广
GitHub
commit
9491827e01
|
|
@ -2,4 +2,4 @@
|
|||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
|
||||
__version__ = "1.4.3"
|
||||
__version__ = "1.4.4"
|
||||
|
|
|
|||
|
|
@ -17,6 +17,7 @@ from django.db import transaction
|
|||
from rest_framework import generics
|
||||
from rest_framework.response import Response
|
||||
from rest_framework_bulk import BulkModelViewSet
|
||||
from rest_framework.pagination import LimitOffsetPagination
|
||||
|
||||
from common.mixins import IDInFilterMixin
|
||||
from common.utils import get_logger
|
||||
|
|
@ -37,9 +38,17 @@ class AdminUserViewSet(IDInFilterMixin, BulkModelViewSet):
|
|||
"""
|
||||
Admin user api set, for add,delete,update,list,retrieve resource
|
||||
"""
|
||||
|
||||
filter_fields = ("name", "username")
|
||||
search_fields = filter_fields
|
||||
queryset = AdminUser.objects.all()
|
||||
serializer_class = serializers.AdminUserSerializer
|
||||
permission_classes = (IsOrgAdmin,)
|
||||
pagination_class = LimitOffsetPagination
|
||||
|
||||
def get_queryset(self):
|
||||
queryset = super().get_queryset().all()
|
||||
return queryset
|
||||
|
||||
|
||||
class AdminUserAuthApi(generics.UpdateAPIView):
|
||||
|
|
|
|||
|
|
@ -53,14 +53,14 @@ class AssetViewSet(IDInFilterMixin, LabelFilter, BulkModelViewSet):
|
|||
if show_current_asset:
|
||||
self.queryset = self.queryset.filter(
|
||||
Q(nodes=node_id) | Q(nodes__isnull=True)
|
||||
).distinct()
|
||||
)
|
||||
return
|
||||
if show_current_asset:
|
||||
self.queryset = self.queryset.filter(nodes=node).distinct()
|
||||
self.queryset = self.queryset.filter(nodes=node)
|
||||
else:
|
||||
self.queryset = self.queryset.filter(
|
||||
nodes__key__regex='^{}(:[0-9]+)*$'.format(node.key),
|
||||
).distinct()
|
||||
)
|
||||
|
||||
def filter_admin_user_id(self):
|
||||
admin_user_id = self.request.query_params.get('admin_user_id')
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
#
|
||||
|
||||
from rest_framework_bulk import BulkModelViewSet
|
||||
from rest_framework.pagination import LimitOffsetPagination
|
||||
from django.shortcuts import get_object_or_404
|
||||
|
||||
from ..hands import IsOrgAdmin
|
||||
|
|
@ -13,14 +14,20 @@ __all__ = ['CommandFilterViewSet', 'CommandFilterRuleViewSet']
|
|||
|
||||
|
||||
class CommandFilterViewSet(BulkModelViewSet):
|
||||
filter_fields = ("name",)
|
||||
search_fields = filter_fields
|
||||
permission_classes = (IsOrgAdmin,)
|
||||
queryset = CommandFilter.objects.all()
|
||||
serializer_class = serializers.CommandFilterSerializer
|
||||
pagination_class = LimitOffsetPagination
|
||||
|
||||
|
||||
class CommandFilterRuleViewSet(BulkModelViewSet):
|
||||
filter_fields = ("content",)
|
||||
search_fields = filter_fields
|
||||
permission_classes = (IsOrgAdmin,)
|
||||
serializer_class = serializers.CommandFilterRuleSerializer
|
||||
pagination_class = LimitOffsetPagination
|
||||
|
||||
def get_queryset(self):
|
||||
fpk = self.kwargs.get('filter_pk')
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
|
||||
from rest_framework_bulk import BulkModelViewSet
|
||||
from rest_framework.views import APIView, Response
|
||||
from rest_framework.pagination import LimitOffsetPagination
|
||||
|
||||
from django.views.generic.detail import SingleObjectMixin
|
||||
|
||||
|
|
@ -20,6 +21,11 @@ class DomainViewSet(BulkModelViewSet):
|
|||
queryset = Domain.objects.all()
|
||||
permission_classes = (IsOrgAdmin,)
|
||||
serializer_class = serializers.DomainSerializer
|
||||
pagination_class = LimitOffsetPagination
|
||||
|
||||
def get_queryset(self):
|
||||
queryset = super().get_queryset().all()
|
||||
return queryset
|
||||
|
||||
def get_serializer_class(self):
|
||||
if self.request.query_params.get('gateway'):
|
||||
|
|
@ -33,11 +39,12 @@ class DomainViewSet(BulkModelViewSet):
|
|||
|
||||
|
||||
class GatewayViewSet(BulkModelViewSet):
|
||||
filter_fields = ("domain",)
|
||||
filter_fields = ("domain__name", "name", "username", "ip")
|
||||
search_fields = filter_fields
|
||||
queryset = Gateway.objects.all()
|
||||
permission_classes = (IsOrgAdmin,)
|
||||
serializer_class = serializers.GatewaySerializer
|
||||
pagination_class = LimitOffsetPagination
|
||||
|
||||
|
||||
class GatewayTestConnectionApi(SingleObjectMixin, APIView):
|
||||
|
|
|
|||
|
|
@ -14,6 +14,7 @@
|
|||
# limitations under the License.
|
||||
|
||||
from rest_framework_bulk import BulkModelViewSet
|
||||
from rest_framework.pagination import LimitOffsetPagination
|
||||
from django.db.models import Count
|
||||
|
||||
from common.utils import get_logger
|
||||
|
|
@ -27,8 +28,11 @@ __all__ = ['LabelViewSet']
|
|||
|
||||
|
||||
class LabelViewSet(BulkModelViewSet):
|
||||
filter_fields = ("name", "value")
|
||||
search_fields = filter_fields
|
||||
permission_classes = (IsOrgAdmin,)
|
||||
serializer_class = serializers.LabelSerializer
|
||||
pagination_class = LimitOffsetPagination
|
||||
|
||||
def list(self, request, *args, **kwargs):
|
||||
if request.query_params.get("distinct"):
|
||||
|
|
|
|||
|
|
@ -42,9 +42,16 @@ class SystemUserViewSet(BulkModelViewSet):
|
|||
"""
|
||||
System user api set, for add,delete,update,list,retrieve resource
|
||||
"""
|
||||
filter_fields = ("name", "username")
|
||||
search_fields = filter_fields
|
||||
queryset = SystemUser.objects.all()
|
||||
serializer_class = serializers.SystemUserSerializer
|
||||
permission_classes = (IsOrgAdminOrAppUser,)
|
||||
pagination_class = LimitOffsetPagination
|
||||
|
||||
def get_queryset(self):
|
||||
queryset = super().get_queryset().all()
|
||||
return queryset
|
||||
|
||||
|
||||
class SystemUserAuthInfoApi(generics.RetrieveUpdateDestroyAPIView):
|
||||
|
|
|
|||
|
|
@ -219,6 +219,16 @@ class Asset(OrgModelMixin):
|
|||
'become': self.admin_user.become_info,
|
||||
}
|
||||
|
||||
def as_node(self):
|
||||
from .node import Node
|
||||
fake_node = Node()
|
||||
fake_node.id = self.id
|
||||
fake_node.key = self.id
|
||||
fake_node.value = self.hostname
|
||||
fake_node.asset = self
|
||||
fake_node.is_node = False
|
||||
return fake_node
|
||||
|
||||
def _to_secret_json(self):
|
||||
"""
|
||||
Ansible use it create inventory, First using asset user,
|
||||
|
|
|
|||
|
|
@ -92,7 +92,7 @@ class Node(OrgModelMixin):
|
|||
return child
|
||||
|
||||
def get_children(self, with_self=False):
|
||||
pattern = r'^{0}$|^{}:[0-9]+$' if with_self else r'^{}:[0-9]+$'
|
||||
pattern = r'^{0}$|^{0}:[0-9]+$' if with_self else r'^{0}:[0-9]+$'
|
||||
return self.__class__.objects.filter(
|
||||
key__regex=pattern.format(self.key)
|
||||
)
|
||||
|
|
@ -121,10 +121,10 @@ class Node(OrgModelMixin):
|
|||
def get_assets(self):
|
||||
from .asset import Asset
|
||||
if self.is_default_node():
|
||||
assets = Asset.objects.filter(nodes__isnull=True)
|
||||
assets = Asset.objects.filter(Q(nodes__id=self.id) | Q(nodes__isnull=True))
|
||||
else:
|
||||
assets = Asset.objects.filter(nodes__id=self.id)
|
||||
return assets
|
||||
return assets.distinct()
|
||||
|
||||
def get_valid_assets(self):
|
||||
return self.get_assets().valid()
|
||||
|
|
|
|||
|
|
@ -93,7 +93,7 @@ $(document).ready(function(){
|
|||
columns: [{data: function(){return ""}}, {data: "name" }, {data: "username" }, {data: "assets_amount" },
|
||||
{data: "reachable_amount"}, {data: "unreachable_amount"}, {data: "id"}, {data: "comment" }, {data: "id" }]
|
||||
};
|
||||
jumpserver.initDataTable(options);
|
||||
jumpserver.initServerSideDataTable(options)
|
||||
})
|
||||
|
||||
.on('click', '.btn_admin_user_delete', function () {
|
||||
|
|
|
|||
|
|
@ -66,7 +66,7 @@ function initTable() {
|
|||
],
|
||||
op_html: $('#actions').html()
|
||||
};
|
||||
jumpserver.initDataTable(options);
|
||||
jumpserver.initServerSideDataTable(options);
|
||||
}
|
||||
$(document).ready(function(){
|
||||
initTable();
|
||||
|
|
|
|||
|
|
@ -95,7 +95,7 @@ function initTable() {
|
|||
],
|
||||
op_html: $('#actions').html()
|
||||
};
|
||||
jumpserver.initDataTable(options);
|
||||
jumpserver.initServerSideDataTable(options);
|
||||
}
|
||||
$(document).ready(function(){
|
||||
initTable();
|
||||
|
|
|
|||
|
|
@ -98,7 +98,7 @@ function initTable() {
|
|||
],
|
||||
op_html: $('#actions').html()
|
||||
};
|
||||
jumpserver.initDataTable(options);
|
||||
jumpserver.initServerSideDataTable(options);
|
||||
}
|
||||
$(document).ready(function(){
|
||||
initTable();
|
||||
|
|
|
|||
|
|
@ -62,7 +62,7 @@ function initTable() {
|
|||
],
|
||||
op_html: $('#actions').html()
|
||||
};
|
||||
jumpserver.initDataTable(options);
|
||||
jumpserver.initServerSideDataTable(options);
|
||||
}
|
||||
$(document).ready(function(){
|
||||
initTable();
|
||||
|
|
|
|||
|
|
@ -47,7 +47,7 @@ function initTable() {
|
|||
],
|
||||
op_html: $('#actions').html()
|
||||
};
|
||||
jumpserver.initDataTable(options);
|
||||
jumpserver.initServerSideDataTable(options);
|
||||
}
|
||||
$(document).ready(function(){
|
||||
initTable();
|
||||
|
|
|
|||
|
|
@ -100,7 +100,7 @@ function initTable() {
|
|||
],
|
||||
op_html: $('#actions').html()
|
||||
};
|
||||
jumpserver.initDataTable(options);
|
||||
jumpserver.initServerSideDataTable(options);
|
||||
}
|
||||
|
||||
$(document).ready(function(){
|
||||
|
|
|
|||
|
|
@ -62,7 +62,7 @@
|
|||
|
||||
{% block custom_foot_js %}
|
||||
<script>
|
||||
var zTree, asset_table;
|
||||
var zTree, asset_table, show=0;
|
||||
var inited = false;
|
||||
var url;
|
||||
function initTable() {
|
||||
|
|
@ -102,7 +102,7 @@ function initTable() {
|
|||
{data: "system_users_granted", orderable: false}
|
||||
]
|
||||
};
|
||||
asset_table = jumpserver.initDataTable(options);
|
||||
asset_table = jumpserver.initServerSideDataTable(options);
|
||||
return asset_table
|
||||
}
|
||||
|
||||
|
|
@ -183,6 +183,21 @@ $(document).ready(function () {
|
|||
$('#asset_detail_tbody').html(trs)
|
||||
});
|
||||
|
||||
function toggle() {
|
||||
if (show === 0) {
|
||||
$("#split-left").hide(500, function () {
|
||||
$("#split-right").attr("class", "col-lg-12");
|
||||
$("#toggle-icon").attr("class", "fa fa-angle-right fa-x");
|
||||
show = 1;
|
||||
});
|
||||
} else {
|
||||
$("#split-right").attr("class", "col-lg-9");
|
||||
$("#toggle-icon").attr("class", "fa fa-angle-left fa-x");
|
||||
$("#split-left").show(500);
|
||||
show = 0;
|
||||
}
|
||||
}
|
||||
|
||||
</script>
|
||||
|
||||
{% endblock %}
|
||||
|
|
@ -36,6 +36,7 @@ class LabelCreateView(AdminUserRequiredMixin, CreateView):
|
|||
form_class = LabelForm
|
||||
success_url = reverse_lazy('assets:label-list')
|
||||
success_message = create_success_msg
|
||||
disable_name = ['draw', 'search', 'limit', 'offset', '_']
|
||||
|
||||
def get_context_data(self, **kwargs):
|
||||
context = {
|
||||
|
|
@ -45,6 +46,16 @@ class LabelCreateView(AdminUserRequiredMixin, CreateView):
|
|||
kwargs.update(context)
|
||||
return super().get_context_data(**kwargs)
|
||||
|
||||
def form_valid(self, form):
|
||||
name = form.cleaned_data.get('name')
|
||||
if name in self.disable_name:
|
||||
msg = _(
|
||||
'Tips: Avoid using label names reserved internally: {}'
|
||||
).format(', '.join(self.disable_name))
|
||||
form.add_error("name", msg)
|
||||
return self.form_invalid(form)
|
||||
return super().form_valid(form)
|
||||
|
||||
|
||||
class LabelUpdateView(AdminUserRequiredMixin, UpdateView):
|
||||
model = Label
|
||||
|
|
|
|||
|
|
@ -160,8 +160,12 @@ class LoginLogListView(AdminUserRequiredMixin, DatetimeSearchMixin, ListView):
|
|||
return users
|
||||
|
||||
def get_queryset(self):
|
||||
users = self.get_org_users()
|
||||
queryset = super().get_queryset().filter(username__in=users)
|
||||
if current_org.is_default():
|
||||
queryset = super().get_queryset()
|
||||
else:
|
||||
users = self.get_org_users()
|
||||
queryset = super().get_queryset().filter(username__in=users)
|
||||
|
||||
self.user = self.request.GET.get('user', '')
|
||||
self.keyword = self.request.GET.get("keyword", '')
|
||||
|
||||
|
|
|
|||
|
|
@ -0,0 +1 @@
|
|||
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
from django.apps import AppConfig
|
||||
|
||||
|
||||
class AuthenticationConfig(AppConfig):
|
||||
name = 'authentication'
|
||||
|
||||
def ready(self):
|
||||
from . import signals_handlers
|
||||
super().ready()
|
||||
|
||||
|
|
@ -0,0 +1 @@
|
|||
|
||||
|
|
@ -0,0 +1,20 @@
|
|||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
|
||||
from django.conf import settings
|
||||
from .models import Client
|
||||
|
||||
|
||||
def new_client():
|
||||
"""
|
||||
:return: authentication.models.Client
|
||||
"""
|
||||
return Client(
|
||||
server_url=settings.AUTH_OPENID_SERVER_URL,
|
||||
realm_name=settings.AUTH_OPENID_REALM_NAME,
|
||||
client_id=settings.AUTH_OPENID_CLIENT_ID,
|
||||
client_secret=settings.AUTH_OPENID_CLIENT_SECRET
|
||||
)
|
||||
|
||||
|
||||
client = new_client()
|
||||
|
|
@ -0,0 +1,90 @@
|
|||
# coding:utf-8
|
||||
#
|
||||
|
||||
from django.contrib.auth import get_user_model
|
||||
from django.conf import settings
|
||||
|
||||
from . import client
|
||||
from common.utils import get_logger
|
||||
from authentication.openid.models import OIDT_ACCESS_TOKEN
|
||||
|
||||
UserModel = get_user_model()
|
||||
|
||||
logger = get_logger(__file__)
|
||||
|
||||
BACKEND_OPENID_AUTH_CODE = \
|
||||
'authentication.openid.backends.OpenIDAuthorizationCodeBackend'
|
||||
|
||||
|
||||
class BaseOpenIDAuthorizationBackend(object):
|
||||
|
||||
@staticmethod
|
||||
def user_can_authenticate(user):
|
||||
"""
|
||||
Reject users with is_active=False. Custom user models that don't have
|
||||
that attribute are allowed.
|
||||
"""
|
||||
is_active = getattr(user, 'is_active', None)
|
||||
return is_active or is_active is None
|
||||
|
||||
def get_user(self, user_id):
|
||||
try:
|
||||
user = UserModel._default_manager.get(pk=user_id)
|
||||
except UserModel.DoesNotExist:
|
||||
return None
|
||||
|
||||
return user if self.user_can_authenticate(user) else None
|
||||
|
||||
|
||||
class OpenIDAuthorizationCodeBackend(BaseOpenIDAuthorizationBackend):
|
||||
|
||||
def authenticate(self, request, **kwargs):
|
||||
logger.info('1.openid code backend')
|
||||
|
||||
code = kwargs.get('code')
|
||||
redirect_uri = kwargs.get('redirect_uri')
|
||||
|
||||
if not code or not redirect_uri:
|
||||
return None
|
||||
|
||||
try:
|
||||
oidt_profile = client.update_or_create_from_code(
|
||||
code=code,
|
||||
redirect_uri=redirect_uri
|
||||
)
|
||||
|
||||
except Exception as e:
|
||||
logger.error(e)
|
||||
|
||||
else:
|
||||
# Check openid user single logout or not with access_token
|
||||
request.session[OIDT_ACCESS_TOKEN] = oidt_profile.access_token
|
||||
|
||||
user = oidt_profile.user
|
||||
|
||||
return user if self.user_can_authenticate(user) else None
|
||||
|
||||
|
||||
class OpenIDAuthorizationPasswordBackend(BaseOpenIDAuthorizationBackend):
|
||||
|
||||
def authenticate(self, request, username=None, password=None, **kwargs):
|
||||
logger.info('2.openid password backend')
|
||||
|
||||
if not settings.AUTH_OPENID:
|
||||
return None
|
||||
|
||||
elif not username:
|
||||
return None
|
||||
|
||||
try:
|
||||
oidt_profile = client.update_or_create_from_password(
|
||||
username=username, password=password
|
||||
)
|
||||
|
||||
except Exception as e:
|
||||
logger.error(e)
|
||||
|
||||
else:
|
||||
user = oidt_profile.user
|
||||
return user if self.user_can_authenticate(user) else None
|
||||
|
||||
|
|
@ -0,0 +1,42 @@
|
|||
# coding:utf-8
|
||||
#
|
||||
|
||||
from django.conf import settings
|
||||
from django.contrib.auth import logout
|
||||
from django.utils.deprecation import MiddlewareMixin
|
||||
from django.contrib.auth import BACKEND_SESSION_KEY
|
||||
|
||||
from . import client
|
||||
from common.utils import get_logger
|
||||
from .backends import BACKEND_OPENID_AUTH_CODE
|
||||
from authentication.openid.models import OIDT_ACCESS_TOKEN
|
||||
|
||||
logger = get_logger(__file__)
|
||||
|
||||
|
||||
class OpenIDAuthenticationMiddleware(MiddlewareMixin):
|
||||
"""
|
||||
Check openid user single logout (with access_token)
|
||||
"""
|
||||
|
||||
def process_request(self, request):
|
||||
|
||||
# Don't need openid auth if AUTH_OPENID is False
|
||||
if not settings.AUTH_OPENID:
|
||||
return
|
||||
|
||||
# Don't need check single logout if user not authenticated
|
||||
if not request.user.is_authenticated:
|
||||
return
|
||||
|
||||
elif request.session[BACKEND_SESSION_KEY] != BACKEND_OPENID_AUTH_CODE:
|
||||
return
|
||||
|
||||
# Check openid user single logout or not with access_token
|
||||
try:
|
||||
client.openid_connect_client.userinfo(
|
||||
token=request.session.get(OIDT_ACCESS_TOKEN))
|
||||
|
||||
except Exception as e:
|
||||
logout(request)
|
||||
logger.error(e)
|
||||
|
|
@ -0,0 +1,159 @@
|
|||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
|
||||
from django.db import transaction
|
||||
from django.contrib.auth import get_user_model
|
||||
from keycloak.realm import KeycloakRealm
|
||||
from keycloak.keycloak_openid import KeycloakOpenID
|
||||
from ..signals import post_create_openid_user
|
||||
|
||||
OIDT_ACCESS_TOKEN = 'oidt_access_token'
|
||||
|
||||
|
||||
class OpenIDTokenProfile(object):
|
||||
|
||||
def __init__(self, user, access_token, refresh_token):
|
||||
"""
|
||||
:param user: User object
|
||||
:param access_token:
|
||||
:param refresh_token:
|
||||
"""
|
||||
self.user = user
|
||||
self.access_token = access_token
|
||||
self.refresh_token = refresh_token
|
||||
|
||||
def __str__(self):
|
||||
return "{}'s OpenID token profile".format(self.user.username)
|
||||
|
||||
|
||||
class Client(object):
|
||||
|
||||
def __init__(self, server_url, realm_name, client_id, client_secret):
|
||||
self.server_url = server_url
|
||||
self.realm_name = realm_name
|
||||
self.client_id = client_id
|
||||
self.client_secret = client_secret
|
||||
self.realm = self.new_realm()
|
||||
self.openid_client = self.new_openid_client()
|
||||
self.openid_connect_client = self.new_openid_connect_client()
|
||||
|
||||
def new_realm(self):
|
||||
"""
|
||||
:param authentication.openid.models.Realm realm:
|
||||
:return keycloak.realm.Realm:
|
||||
"""
|
||||
return KeycloakRealm(
|
||||
server_url=self.server_url,
|
||||
realm_name=self.realm_name,
|
||||
headers={}
|
||||
)
|
||||
|
||||
def new_openid_connect_client(self):
|
||||
"""
|
||||
:rtype: keycloak.openid_connect.KeycloakOpenidConnect
|
||||
"""
|
||||
openid_connect = self.realm.open_id_connect(
|
||||
client_id=self.client_id,
|
||||
client_secret=self.client_secret
|
||||
)
|
||||
return openid_connect
|
||||
|
||||
def new_openid_client(self):
|
||||
"""
|
||||
:rtype: keycloak.keycloak_openid.KeycloakOpenID
|
||||
"""
|
||||
|
||||
return KeycloakOpenID(
|
||||
server_url='%sauth/' % self.server_url,
|
||||
realm_name=self.realm_name,
|
||||
client_id=self.client_id,
|
||||
client_secret_key=self.client_secret,
|
||||
)
|
||||
|
||||
def update_or_create_from_password(self, username, password):
|
||||
"""
|
||||
Update or create an user based on an authentication username and password.
|
||||
|
||||
:param str username: authentication username
|
||||
:param str password: authentication password
|
||||
:return: authentication.models.OpenIDTokenProfile
|
||||
"""
|
||||
token_response = self.openid_client.token(
|
||||
username=username, password=password
|
||||
)
|
||||
|
||||
return self._update_or_create(token_response=token_response)
|
||||
|
||||
def update_or_create_from_code(self, code, redirect_uri):
|
||||
"""
|
||||
Update or create an user based on an authentication code.
|
||||
Response as specified in:
|
||||
|
||||
https://tools.ietf.org/html/rfc6749#section-4.1.4
|
||||
|
||||
:param str code: authentication code
|
||||
:param str redirect_uri:
|
||||
:rtype: authentication.models.OpenIDTokenProfile
|
||||
"""
|
||||
|
||||
token_response = self.openid_connect_client.authorization_code(
|
||||
code=code, redirect_uri=redirect_uri)
|
||||
|
||||
return self._update_or_create(token_response=token_response)
|
||||
|
||||
def _update_or_create(self, token_response):
|
||||
"""
|
||||
Update or create an user based on a token response.
|
||||
|
||||
`token_response` contains the items returned by the OpenIDConnect Token API
|
||||
end-point:
|
||||
- id_token
|
||||
- access_token
|
||||
- expires_in
|
||||
- refresh_token
|
||||
- refresh_expires_in
|
||||
|
||||
:param dict token_response:
|
||||
:rtype: authentication.openid.models.OpenIDTokenProfile
|
||||
"""
|
||||
|
||||
userinfo = self.openid_connect_client.userinfo(
|
||||
token=token_response['access_token'])
|
||||
|
||||
with transaction.atomic():
|
||||
user, _ = get_user_model().objects.update_or_create(
|
||||
username=userinfo.get('preferred_username', ''),
|
||||
defaults={
|
||||
'email': userinfo.get('email', ''),
|
||||
'first_name': userinfo.get('given_name', ''),
|
||||
'last_name': userinfo.get('family_name', '')
|
||||
}
|
||||
)
|
||||
|
||||
oidt_profile = OpenIDTokenProfile(
|
||||
user=user,
|
||||
access_token=token_response['access_token'],
|
||||
refresh_token=token_response['refresh_token'],
|
||||
)
|
||||
|
||||
if user:
|
||||
post_create_openid_user.send(sender=user.__class__, user=user)
|
||||
|
||||
return oidt_profile
|
||||
|
||||
def __str__(self):
|
||||
return self.client_id
|
||||
|
||||
|
||||
class Nonce(object):
|
||||
"""
|
||||
The openid-login is stored in cache as a temporary object, recording the
|
||||
user's redirect_uri and next_pat
|
||||
"""
|
||||
|
||||
def __init__(self, redirect_uri, next_path):
|
||||
import uuid
|
||||
self.state = uuid.uuid4()
|
||||
self.redirect_uri = redirect_uri
|
||||
self.next_path = next_path
|
||||
|
||||
|
|
@ -0,0 +1,102 @@
|
|||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
|
||||
import logging
|
||||
|
||||
from django.urls import reverse
|
||||
from django.conf import settings
|
||||
from django.core.cache import cache
|
||||
from django.views.generic.base import RedirectView
|
||||
from django.contrib.auth import authenticate, login
|
||||
from django.http.response import (
|
||||
HttpResponseBadRequest,
|
||||
HttpResponseServerError,
|
||||
HttpResponseRedirect
|
||||
)
|
||||
|
||||
from . import client
|
||||
from .models import Nonce
|
||||
from users.models import LoginLog
|
||||
from users.tasks import write_login_log_async
|
||||
from common.utils import get_request_ip
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
|
||||
def get_base_site_url():
|
||||
return settings.BASE_SITE_URL
|
||||
|
||||
|
||||
class LoginView(RedirectView):
|
||||
|
||||
def get_redirect_url(self, *args, **kwargs):
|
||||
nonce = Nonce(
|
||||
redirect_uri=get_base_site_url() + reverse(
|
||||
"authentication:openid-login-complete"),
|
||||
|
||||
next_path=self.request.GET.get('next')
|
||||
)
|
||||
|
||||
cache.set(str(nonce.state), nonce, 24*3600)
|
||||
|
||||
self.request.session['openid_state'] = str(nonce.state)
|
||||
|
||||
authorization_url = client.openid_connect_client.\
|
||||
authorization_url(
|
||||
redirect_uri=nonce.redirect_uri, scope='code',
|
||||
state=str(nonce.state)
|
||||
)
|
||||
|
||||
return authorization_url
|
||||
|
||||
|
||||
class LoginCompleteView(RedirectView):
|
||||
|
||||
def get(self, request, *args, **kwargs):
|
||||
if 'error' in request.GET:
|
||||
return HttpResponseServerError(self.request.GET['error'])
|
||||
|
||||
if 'code' not in self.request.GET and 'state' not in self.request.GET:
|
||||
return HttpResponseBadRequest()
|
||||
|
||||
if self.request.GET['state'] != self.request.session['openid_state']:
|
||||
return HttpResponseBadRequest()
|
||||
|
||||
nonce = cache.get(self.request.GET['state'])
|
||||
|
||||
if not nonce:
|
||||
return HttpResponseBadRequest()
|
||||
|
||||
user = authenticate(
|
||||
request=self.request,
|
||||
code=self.request.GET['code'],
|
||||
redirect_uri=nonce.redirect_uri
|
||||
)
|
||||
|
||||
cache.delete(str(nonce.state))
|
||||
|
||||
if not user:
|
||||
return HttpResponseBadRequest()
|
||||
|
||||
login(self.request, user)
|
||||
|
||||
data = {
|
||||
'username': user.username,
|
||||
'mfa': int(user.otp_enabled),
|
||||
'reason': LoginLog.REASON_NOTHING,
|
||||
'status': True
|
||||
}
|
||||
self.write_login_log(data)
|
||||
|
||||
return HttpResponseRedirect(nonce.next_path or '/')
|
||||
|
||||
def write_login_log(self, data):
|
||||
login_ip = get_request_ip(self.request)
|
||||
user_agent = self.request.META.get('HTTP_USER_AGENT', '')
|
||||
tmp_data = {
|
||||
'ip': login_ip,
|
||||
'type': 'W',
|
||||
'user_agent': user_agent
|
||||
}
|
||||
data.update(tmp_data)
|
||||
write_login_log_async.delay(**data)
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
from django.dispatch import Signal
|
||||
|
||||
|
||||
post_create_openid_user = Signal(providing_args=('user',))
|
||||
|
|
@ -0,0 +1,33 @@
|
|||
from django.http.request import QueryDict
|
||||
from django.contrib.auth.signals import user_logged_out
|
||||
from django.dispatch import receiver
|
||||
from django.conf import settings
|
||||
from .openid import client
|
||||
from .signals import post_create_openid_user
|
||||
|
||||
|
||||
@receiver(user_logged_out)
|
||||
def on_user_logged_out(sender, request, user, **kwargs):
|
||||
if not settings.AUTH_OPENID:
|
||||
return
|
||||
|
||||
query = QueryDict('', mutable=True)
|
||||
query.update({
|
||||
'redirect_uri': settings.BASE_SITE_URL
|
||||
})
|
||||
|
||||
openid_logout_url = "%s?%s" % (
|
||||
client.openid_connect_client.get_url(
|
||||
name='end_session_endpoint'),
|
||||
query.urlencode()
|
||||
)
|
||||
|
||||
request.COOKIES['next'] = openid_logout_url
|
||||
|
||||
|
||||
@receiver(post_create_openid_user)
|
||||
def on_post_create_openid_user(sender, user=None, **kwargs):
|
||||
if user and user.username != 'admin':
|
||||
user.source = user.SOURCE_OPENID
|
||||
user.save()
|
||||
|
||||
|
|
@ -0,0 +1 @@
|
|||
|
||||
|
|
@ -0,0 +1 @@
|
|||
|
||||
|
|
@ -0,0 +1,16 @@
|
|||
# coding:utf-8
|
||||
#
|
||||
|
||||
from django.urls import path
|
||||
from authentication.openid import views
|
||||
|
||||
app_name = 'authentication'
|
||||
|
||||
urlpatterns = [
|
||||
# openid
|
||||
path('openid/login/', views.LoginView.as_view(), name='openid-login'),
|
||||
path('openid/login/complete/', views.LoginCompleteView.as_view(),
|
||||
name='openid-login-complete'),
|
||||
|
||||
# other
|
||||
]
|
||||
|
|
@ -0,0 +1 @@
|
|||
|
||||
|
|
@ -1,6 +1,9 @@
|
|||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
|
||||
import os
|
||||
import json
|
||||
import jms_storage
|
||||
|
||||
from rest_framework.views import Response, APIView
|
||||
from ldap3 import Server, Connection
|
||||
|
|
@ -8,8 +11,9 @@ from django.core.mail import get_connection, send_mail
|
|||
from django.utils.translation import ugettext_lazy as _
|
||||
from django.conf import settings
|
||||
|
||||
from .permissions import IsOrgAdmin
|
||||
from .permissions import IsOrgAdmin, IsSuperUser
|
||||
from .serializers import MailTestSerializer, LDAPTestSerializer
|
||||
from .models import Setting
|
||||
|
||||
|
||||
class MailTestingAPI(APIView):
|
||||
|
|
@ -85,6 +89,79 @@ class LDAPTestingAPI(APIView):
|
|||
return Response({"error": str(serializer.errors)}, status=401)
|
||||
|
||||
|
||||
class ReplayStorageCreateAPI(APIView):
|
||||
permission_classes = (IsSuperUser,)
|
||||
|
||||
def post(self, request):
|
||||
storage_data = request.data
|
||||
|
||||
if storage_data.get('TYPE') == 'ceph':
|
||||
port = storage_data.get('PORT')
|
||||
if port.isdigit():
|
||||
storage_data['PORT'] = int(storage_data.get('PORT'))
|
||||
|
||||
storage_name = storage_data.pop('NAME')
|
||||
data = {storage_name: storage_data}
|
||||
|
||||
if not self.is_valid(storage_data):
|
||||
return Response({"error": _("Error: Account invalid")}, status=401)
|
||||
|
||||
Setting.save_storage('TERMINAL_REPLAY_STORAGE', data)
|
||||
return Response({"msg": _('Create succeed')}, status=200)
|
||||
|
||||
@staticmethod
|
||||
def is_valid(storage_data):
|
||||
if storage_data.get('TYPE') == 'server':
|
||||
return True
|
||||
storage = jms_storage.get_object_storage(storage_data)
|
||||
target = 'tests.py'
|
||||
src = os.path.join(settings.BASE_DIR, 'common', target)
|
||||
return storage.is_valid(src, target)
|
||||
|
||||
|
||||
class ReplayStorageDeleteAPI(APIView):
|
||||
permission_classes = (IsSuperUser,)
|
||||
|
||||
def post(self, request):
|
||||
storage_name = str(request.data.get('name'))
|
||||
Setting.delete_storage('TERMINAL_REPLAY_STORAGE', storage_name)
|
||||
return Response({"msg": _('Delete succeed')}, status=200)
|
||||
|
||||
|
||||
class CommandStorageCreateAPI(APIView):
|
||||
permission_classes = (IsSuperUser,)
|
||||
|
||||
def post(self, request):
|
||||
storage_data = request.data
|
||||
storage_name = storage_data.pop('NAME')
|
||||
data = {storage_name: storage_data}
|
||||
if not self.is_valid(storage_data):
|
||||
return Response({"error": _("Error: Account invalid")}, status=401)
|
||||
|
||||
Setting.save_storage('TERMINAL_COMMAND_STORAGE', data)
|
||||
return Response({"msg": _('Create succeed')}, status=200)
|
||||
|
||||
@staticmethod
|
||||
def is_valid(storage_data):
|
||||
if storage_data.get('TYPE') == 'server':
|
||||
return True
|
||||
try:
|
||||
storage = jms_storage.get_log_storage(storage_data)
|
||||
except Exception:
|
||||
return False
|
||||
|
||||
return storage.ping()
|
||||
|
||||
|
||||
class CommandStorageDeleteAPI(APIView):
|
||||
permission_classes = (IsSuperUser,)
|
||||
|
||||
def post(self, request):
|
||||
storage_name = str(request.data.get('name'))
|
||||
Setting.delete_storage('TERMINAL_COMMAND_STORAGE', storage_name)
|
||||
return Response({"msg": _('Delete succeed')}, status=200)
|
||||
|
||||
|
||||
class DjangoSettingsAPI(APIView):
|
||||
def get(self, request):
|
||||
if not settings.DEBUG:
|
||||
|
|
|
|||
|
|
@ -135,32 +135,24 @@ class TerminalSettingForm(BaseForm):
|
|||
('hostname', _('Hostname')),
|
||||
('ip', _('IP')),
|
||||
)
|
||||
TERMINAL_ASSET_LIST_SORT_BY = forms.ChoiceField(
|
||||
choices=SORT_BY_CHOICES, initial='hostname', label=_("List sort by")
|
||||
)
|
||||
TERMINAL_HEARTBEAT_INTERVAL = forms.IntegerField(
|
||||
initial=5, label=_("Heartbeat interval"), help_text=_("Units: seconds")
|
||||
)
|
||||
TERMINAL_PASSWORD_AUTH = forms.BooleanField(
|
||||
initial=True, required=False, label=_("Password auth")
|
||||
)
|
||||
TERMINAL_PUBLIC_KEY_AUTH = forms.BooleanField(
|
||||
initial=True, required=False, label=_("Public key auth")
|
||||
)
|
||||
TERMINAL_COMMAND_STORAGE = FormEncryptDictField(
|
||||
label=_("Command storage"), help_text=_(
|
||||
"Set terminal storage setting, `default` is the using as default,"
|
||||
"You can set other storage and some terminal using"
|
||||
)
|
||||
TERMINAL_HEARTBEAT_INTERVAL = forms.IntegerField(
|
||||
initial=5, label=_("Heartbeat interval"), help_text=_("Units: seconds")
|
||||
)
|
||||
TERMINAL_REPLAY_STORAGE = FormEncryptDictField(
|
||||
label=_("Replay storage"), help_text=_(
|
||||
"Set replay storage setting, `default` is the using as default,"
|
||||
"You can set other storage and some terminal using"
|
||||
)
|
||||
TERMINAL_ASSET_LIST_SORT_BY = forms.ChoiceField(
|
||||
choices=SORT_BY_CHOICES, initial='hostname', label=_("List sort by")
|
||||
)
|
||||
|
||||
|
||||
class TerminalCommandStorage(BaseForm):
|
||||
pass
|
||||
|
||||
|
||||
class SecuritySettingForm(BaseForm):
|
||||
# MFA global setting
|
||||
SECURITY_MFA_AUTH = forms.BooleanField(
|
||||
|
|
|
|||
|
|
@ -117,6 +117,3 @@ class DatetimeSearchMixin:
|
|||
def get(self, request, *args, **kwargs):
|
||||
self.get_date_range()
|
||||
return super().get(request, *args, **kwargs)
|
||||
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -67,6 +67,30 @@ class Setting(models.Model):
|
|||
except json.JSONDecodeError as e:
|
||||
raise ValueError("Json dump error: {}".format(str(e)))
|
||||
|
||||
@classmethod
|
||||
def save_storage(cls, name, data):
|
||||
obj = cls.objects.filter(name=name).first()
|
||||
if not obj:
|
||||
obj = cls()
|
||||
obj.name = name
|
||||
obj.encrypted = True
|
||||
obj.cleaned_value = data
|
||||
else:
|
||||
value = obj.cleaned_value
|
||||
value.update(data)
|
||||
obj.cleaned_value = value
|
||||
obj.save()
|
||||
return obj
|
||||
|
||||
@classmethod
|
||||
def delete_storage(cls, name, storage_name):
|
||||
obj = cls.objects.get(name=name)
|
||||
value = obj.cleaned_value
|
||||
value.pop(storage_name, '')
|
||||
obj.cleaned_value = value
|
||||
obj.save()
|
||||
return True
|
||||
|
||||
@classmethod
|
||||
def refresh_all_settings(cls):
|
||||
try:
|
||||
|
|
|
|||
|
|
@ -3,6 +3,7 @@ from django.conf import settings
|
|||
from celery import shared_task
|
||||
from .utils import get_logger
|
||||
from .models import Setting
|
||||
from common.models import common_settings
|
||||
|
||||
|
||||
logger = get_logger(__file__)
|
||||
|
|
@ -28,7 +29,7 @@ def send_mail_async(*args, **kwargs):
|
|||
|
||||
if len(args) == 3:
|
||||
args = list(args)
|
||||
args[0] = settings.EMAIL_SUBJECT_PREFIX + args[0]
|
||||
args[0] = common_settings.EMAIL_SUBJECT_PREFIX + args[0]
|
||||
args.insert(2, settings.EMAIL_HOST_USER)
|
||||
args = tuple(args)
|
||||
|
||||
|
|
|
|||
|
|
@ -75,32 +75,6 @@
|
|||
{% block custom_foot_js %}
|
||||
<script>
|
||||
$(document).ready(function () {
|
||||
})
|
||||
.on("click", ".btn-test", function () {
|
||||
var data = {};
|
||||
var form = $("form").serializeArray();
|
||||
$.each(form, function (i, field) {
|
||||
data[field.name] = field.value;
|
||||
});
|
||||
|
||||
var the_url = "{% url 'api-common:mail-testing' %}";
|
||||
|
||||
function error(message) {
|
||||
toastr.error(message)
|
||||
}
|
||||
|
||||
function success(message) {
|
||||
toastr.success(message.msg)
|
||||
}
|
||||
APIUpdateAttr({
|
||||
url: the_url,
|
||||
body: JSON.stringify(data),
|
||||
method: "POST",
|
||||
flash_message: false,
|
||||
success: success,
|
||||
error: error
|
||||
});
|
||||
|
||||
})
|
||||
</script>
|
||||
{% endblock %}
|
||||
|
|
|
|||
|
|
@ -0,0 +1,176 @@
|
|||
{#{% extends 'base.html' %}#}
|
||||
{% extends '_base_create_update.html' %}
|
||||
{% load static %}
|
||||
{% load bootstrap3 %}
|
||||
{% load i18n %}
|
||||
{% load common_tags %}
|
||||
|
||||
{% block content %}
|
||||
<div class="wrapper wrapper-content animated fadeInRight">
|
||||
<div class="row">
|
||||
<div class="col-sm-12">
|
||||
<div class="ibox float-e-margins">
|
||||
<div class="ibox-title">
|
||||
<h5>{{ action }}</h5>
|
||||
<div class="ibox-tools">
|
||||
<a class="collapse-link">
|
||||
<i class="fa fa-chevron-up"></i>
|
||||
</a>
|
||||
<a class="dropdown-toggle" data-toggle="dropdown" href="#">
|
||||
<i class="fa fa-wrench"></i>
|
||||
</a>
|
||||
<a class="close-link">
|
||||
<i class="fa fa-times"></i>
|
||||
</a>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="ibox-content">
|
||||
<form action="" method="POST" class="form-horizontal">
|
||||
<div class="form-group">
|
||||
<label class="col-md-2 control-label" for="id_type">{% trans "Type" %}</label>
|
||||
<div class="col-md-9">
|
||||
<select id="id_type" class="selector form-control">
|
||||
<option value ="server" selected="selected">server</option>
|
||||
<option value ="es">es (elasticsearch)</option>
|
||||
</select>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="form-group">
|
||||
<label class="col-md-2 control-label" for="id_name">{% trans "Name" %}</label>
|
||||
<div class="col-md-9">
|
||||
<input id="id_name" class="form-control" type="text" name="NAME" value="">
|
||||
<div class="help-block">* required</div>
|
||||
<div id="id_error" style="color: red;"></div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="form-group" style="display: none;" >
|
||||
<label class="col-md-2 control-label" for="id_hosts">{% trans "Hosts" %}</label>
|
||||
<div class="col-md-9">
|
||||
<input id="id_hosts" class="form-control" type="text" name="HOSTS" value="">
|
||||
<div class="help-block">{% trans 'Tips: If there are multiple hosts, separate them with a comma (,)' %}</div>
|
||||
<div class="help-block">eg: http://www.jumpserver.a.com, http://www.jumpserver.b.com</div>
|
||||
</div>
|
||||
</div>
|
||||
{# <div class="form-group" style="display: none;" >#}
|
||||
{# <label class="col-md-2 control-label" for="id_other">{% trans "Other" %}</label>#}
|
||||
{# <div class="col-md-9">#}
|
||||
{# <input id="id_other" class="form-control" type="text" name="OTHER" value="">#}
|
||||
{# </div>#}
|
||||
{# </div>#}
|
||||
<div class="form-group" style="display: none;" >
|
||||
<label class="col-md-2 control-label" for="id_bucket">{% trans "Index" %}</label>
|
||||
<div class="col-md-9">
|
||||
<input id="id_index" class="form-control" type="text" name="INDEX" value="jumpserver">
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="form-group" style="display: none;" >
|
||||
<label class="col-md-2 control-label" for="id_doc_type">{% trans "Doc type" %}</label>
|
||||
<div class="col-md-9">
|
||||
<input id="id_doc_type" class="form-control" type="text" name="DOC_TYPE" value="command_store">
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="hr-line-dashed"></div>
|
||||
<div class="form-group">
|
||||
<div class="col-sm-4 col-sm-offset-2">
|
||||
<button class="btn btn-default" type="reset"> {% trans 'Reset' %}</button>
|
||||
<a class="btn btn-primary" type="" id="id_submit_button" >{% trans 'Submit' %}</a>
|
||||
</div>
|
||||
</div>
|
||||
</form>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
{% endblock %}
|
||||
|
||||
{% block custom_foot_js %}
|
||||
<script>
|
||||
|
||||
var field_of_all, need_get_field_of_server, need_get_field_of_es;
|
||||
|
||||
function showField(field){
|
||||
$.each(field, function(index, value){
|
||||
$(value).parent('div').parent('div').css('display', '');
|
||||
});
|
||||
}
|
||||
|
||||
function hiddenField(field){
|
||||
$.each(field, function(index, value){
|
||||
$(value).parent('div').parent('div').css('display', 'none');
|
||||
})
|
||||
}
|
||||
|
||||
function getFieldByType(type){
|
||||
|
||||
if(type === 'server'){
|
||||
return need_get_field_of_server
|
||||
}
|
||||
else if(type === 'es'){
|
||||
return need_get_field_of_es
|
||||
}
|
||||
}
|
||||
|
||||
function ajaxAPI(url, data, success, error){
|
||||
$.ajax({
|
||||
url: url,
|
||||
data: data,
|
||||
method: 'POST',
|
||||
contentType: 'application/json; charset=utf-8',
|
||||
success: success,
|
||||
error: error
|
||||
})
|
||||
}
|
||||
|
||||
$(document).ready(function() {
|
||||
var name_id = '#id_name';
|
||||
var hosts_id = '#id_hosts';
|
||||
{#var other_id = '#id_other';#}
|
||||
var index_id = '#id_index';
|
||||
var doc_type_id = '#id_doc_type';
|
||||
|
||||
field_of_all = [name_id, hosts_id, index_id, doc_type_id];
|
||||
need_get_field_of_server = [name_id];
|
||||
need_get_field_of_es = [name_id, hosts_id, index_id, doc_type_id];
|
||||
})
|
||||
.on('change', '.selector', function(){
|
||||
var type = $('.selector').val();
|
||||
console.log(type);
|
||||
hiddenField(field_of_all);
|
||||
var field = getFieldByType(type);
|
||||
showField(field)
|
||||
})
|
||||
|
||||
.on('click', '#id_submit_button', function(){
|
||||
var type = $('.selector').val();
|
||||
var field = getFieldByType(type);
|
||||
var data = {'TYPE': type};
|
||||
$.each(field, function(index, id_field){
|
||||
var name = $(id_field).attr('name');
|
||||
var value = $(id_field).val();
|
||||
if(name === 'HOSTS'){
|
||||
data[name] = value.split(',');
|
||||
}
|
||||
else{
|
||||
data[name] = value
|
||||
}
|
||||
});
|
||||
var url = "{% url 'api-common:command-storage-create' %}";
|
||||
var success = function(data, textStatus) {
|
||||
console.log(data, textStatus);
|
||||
location = "{% url 'common:terminal-setting' %}";
|
||||
};
|
||||
var error = function(data, textStatus) {
|
||||
var error_msg = data.responseJSON.error;
|
||||
$('#id_error').html(error_msg)
|
||||
};
|
||||
ajaxAPI(url, JSON.stringify(data), success, error)
|
||||
|
||||
})
|
||||
</script>
|
||||
{% endblock %}
|
||||
|
|
@ -0,0 +1,248 @@
|
|||
{#{% extends 'base.html' %}#}
|
||||
{% extends '_base_create_update.html' %}
|
||||
{% load static %}
|
||||
{% load bootstrap3 %}
|
||||
{% load i18n %}
|
||||
{% load common_tags %}
|
||||
|
||||
{% block content %}
|
||||
<div class="wrapper wrapper-content animated fadeInRight">
|
||||
<div class="row">
|
||||
<div class="col-sm-12">
|
||||
<div class="ibox float-e-margins">
|
||||
<div class="ibox-title">
|
||||
<h5>{{ action }}</h5>
|
||||
<div class="ibox-tools">
|
||||
<a class="collapse-link">
|
||||
<i class="fa fa-chevron-up"></i>
|
||||
</a>
|
||||
<a class="dropdown-toggle" data-toggle="dropdown" href="#">
|
||||
<i class="fa fa-wrench"></i>
|
||||
</a>
|
||||
<a class="close-link">
|
||||
<i class="fa fa-times"></i>
|
||||
</a>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="ibox-content">
|
||||
<form action="" method="POST" class="form-horizontal">
|
||||
<div class="form-group">
|
||||
<label class="col-md-2 control-label" for="id_type">{% trans "Type" %}</label>
|
||||
<div class="col-md-9">
|
||||
<select id="id_type" class="selector form-control">
|
||||
<option value ="server" selected="selected">server</option>
|
||||
<option value ="s3">s3</option>
|
||||
<option value="oss">oss</option>
|
||||
<option value ="azure">azure</option>
|
||||
<option value="ceph">ceph</option>
|
||||
</select>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="form-group">
|
||||
<label class="col-md-2 control-label" for="id_name">{% trans "Name" %}</label>
|
||||
<div class="col-md-9">
|
||||
<input id="id_name" class="form-control" type="text" name="NAME" value="">
|
||||
<div class="help-block">* required</div>
|
||||
<div id="id_error" style="color: red;"></div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="form-group" style="display: none;" >
|
||||
<label class="col-md-2 control-label" for="id_host">{% trans "Host" %}</label>
|
||||
<div class="col-md-9">
|
||||
<input id="id_host" class="form-control" type="text" name="HOSTNAME" value="" placeholder="Host">
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="form-group" style="display: none;" >
|
||||
<label class="col-md-2 control-label" for="id_port">{% trans "Port" %}</label>
|
||||
<div class="col-md-9">
|
||||
<input id="id_port" class="form-control" type="text" name="PORT" value="" placeholder="7480">
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="form-group" style="display: none;" >
|
||||
<label class="col-md-2 control-label" for="id_bucket">{% trans "Bucket" %}</label>
|
||||
<div class="col-md-9">
|
||||
<input id="id_bucket" class="form-control" type="text" name="BUCKET" value="" placeholder="Bucket">
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="form-group" style="display: none;" >
|
||||
<label class="col-md-2 control-label" for="id_access_key">{% trans "Access key" %}</label>
|
||||
<div class="col-md-9">
|
||||
<input id="id_access_key" class="form-control" type="text" name="ACCESS_KEY" value="" placeholder="Access key">
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="form-group" style="display: none;" >
|
||||
<label class="col-md-2 control-label" for="id_secret_key">{% trans "Secret key" %}</label>
|
||||
<div class="col-md-9">
|
||||
<input id="id_secret_key" class="form-control" type="text" name="SECRET_KEY" value="", placeholder="Secret key">
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="form-group" style="display: none;" >
|
||||
<label class="col-md-2 control-label" for="id_container_name">{% trans "Container name" %}</label>
|
||||
<div class="col-md-9">
|
||||
<input id="id_container_name" class="form-control" type="text" name="CONTAINER_NAME" value="" placeholder="Container">
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="form-group" style="display: none;" >
|
||||
<label class="col-md-2 control-label" for="id_account_name">{% trans "Account name" %}</label>
|
||||
<div class="col-md-9">
|
||||
<input id="id_account_name" class="form-control" type="text" name="ACCOUNT_NAME" value="" placeholder="Account name">
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="form-group" style="display: none;" >
|
||||
<label class="col-md-2 control-label" for="id_account_key">{% trans "Account key" %}</label>
|
||||
<div class="col-md-9">
|
||||
<input id="id_account_key" class="form-control" type="text" name="ACCOUNT_KEY" value="" placeholder="Account key">
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="form-group" style="display: none;" >
|
||||
<label class="col-md-2 control-label" for="id_endpoint">{% trans "Endpoint" %}</label>
|
||||
<div class="col-md-9">
|
||||
<input id="id_endpoint" class="form-control" type="text" name="ENDPOINT" value="" placeholder="Endpoint">
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="form-group" style="display: none;" >
|
||||
<label class="col-md-2 control-label" for="id_endpoint_suffix">{% trans "Endpoint suffix" %}</label>
|
||||
{# <div class="col-md-9">#}
|
||||
{# <input id="id_endpoint_suffix" class="form-control" type="text" name="ENDPOINT_SUFFIX" value="">#}
|
||||
{# <div class="help-block">{% trans '' %}</div>#}
|
||||
{# </div>#}
|
||||
<div class="col-md-9">
|
||||
<select id="id_endpoint_suffix" name="ENDPOINT_SUFFIX" class="endpoint-suffix-selector form-control">
|
||||
<option value="core.chinacloudapi.cn" selected="selected">core.chinacloudapi.cn</option>
|
||||
<option value="core.windows.net">core.windows.net</option>
|
||||
</select>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="form-group" style="display: none;" >
|
||||
<label class="col-md-2 control-label" for="id_region">{% trans "Region" %}</label>
|
||||
<div class="col-md-9">
|
||||
<input id="id_region" class="form-control" type="text" name="REGION" value="" placeholder="">
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="hr-line-dashed"></div>
|
||||
<div class="form-group">
|
||||
<div class="col-sm-4 col-sm-offset-2">
|
||||
<button class="btn btn-default" type="reset"> {% trans 'Reset' %}</button>
|
||||
<a class="btn btn-primary" type="" id="id_submit_button" >{% trans 'Submit' %}</a>
|
||||
</div>
|
||||
</div>
|
||||
</form>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
{% endblock %}
|
||||
|
||||
{% block custom_foot_js %}
|
||||
<script>
|
||||
|
||||
var field_of_all, need_get_field_of_server, need_get_field_of_s3,
|
||||
need_get_field_of_oss, need_get_field_of_azure, need_get_field_of_ceph;
|
||||
|
||||
function showField(field){
|
||||
$.each(field, function(index, value){
|
||||
$(value).parent('div').parent('div').css('display', '');
|
||||
});
|
||||
}
|
||||
|
||||
function hiddenField(field){
|
||||
$.each(field, function(index, value){
|
||||
$(value).parent('div').parent('div').css('display', 'none');
|
||||
})
|
||||
}
|
||||
|
||||
function getFieldByType(type){
|
||||
|
||||
if(type === 'server'){
|
||||
return need_get_field_of_server
|
||||
}
|
||||
else if(type === 's3'){
|
||||
return need_get_field_of_s3
|
||||
}
|
||||
else if(type === 'oss'){
|
||||
return need_get_field_of_oss
|
||||
}
|
||||
else if(type === 'azure'){
|
||||
return need_get_field_of_azure
|
||||
}
|
||||
else if(type === 'ceph'){
|
||||
return need_get_field_of_ceph
|
||||
}
|
||||
}
|
||||
|
||||
function ajaxAPI(url, data, success, error){
|
||||
$.ajax({
|
||||
url: url,
|
||||
data: data,
|
||||
method: 'POST',
|
||||
contentType: 'application/json; charset=utf-8',
|
||||
success: success,
|
||||
error: error
|
||||
})
|
||||
}
|
||||
|
||||
$(document).ready(function() {
|
||||
var name_id = '#id_name';
|
||||
var host_id = '#id_host';
|
||||
var port_id = '#id_port';
|
||||
var bucket_id = '#id_bucket';
|
||||
var access_key_id = '#id_access_key';
|
||||
var secret_key_id = '#id_secret_key';
|
||||
var container_name_id = '#id_container_name';
|
||||
var account_name_id = '#id_account_name';
|
||||
var account_key_id = '#id_account_key';
|
||||
var endpoint_id = '#id_endpoint';
|
||||
var endpoint_suffix_id = '#id_endpoint_suffix';
|
||||
var region_id = '#id_region';
|
||||
|
||||
field_of_all = [name_id, host_id, port_id, bucket_id, access_key_id, secret_key_id, container_name_id, account_name_id, account_key_id, endpoint_id, endpoint_suffix_id, region_id];
|
||||
need_get_field_of_server = [name_id];
|
||||
need_get_field_of_s3 = [name_id, bucket_id, access_key_id, secret_key_id, region_id];
|
||||
need_get_field_of_oss = [name_id, access_key_id, secret_key_id, endpoint_id];
|
||||
need_get_field_of_azure = [name_id, container_name_id, account_name_id, account_key_id, endpoint_suffix_id];
|
||||
need_get_field_of_ceph = [name_id, host_id, port_id, bucket_id, access_key_id, secret_key_id, region_id];
|
||||
})
|
||||
.on('change', '.selector', function(){
|
||||
var type = $('.selector').val();
|
||||
console.log(type);
|
||||
hiddenField(field_of_all);
|
||||
var field = getFieldByType(type);
|
||||
showField(field)
|
||||
})
|
||||
|
||||
.on('click', '#id_submit_button', function(){
|
||||
var type = $('.selector').val();
|
||||
var field = getFieldByType(type);
|
||||
var data = {'TYPE': type};
|
||||
$.each(field, function(index, id_field){
|
||||
var name = $(id_field).attr('name');
|
||||
data[name] = $(id_field).val();
|
||||
});
|
||||
var url = "{% url 'api-common:replay-storage-create' %}";
|
||||
var success = function(data, textStatus) {
|
||||
location = "{% url 'common:terminal-setting' %}";
|
||||
};
|
||||
var error = function(data, textStatus) {
|
||||
var error_msg = data.responseJSON.error;
|
||||
$('#id_error').html(error_msg)
|
||||
};
|
||||
ajaxAPI(url, JSON.stringify(data), success, error)
|
||||
|
||||
})
|
||||
</script>
|
||||
{% endblock %}
|
||||
|
|
@ -63,6 +63,14 @@
|
|||
{% endif %}
|
||||
{% endfor %}
|
||||
|
||||
<div class="form-group">
|
||||
<div class="col-sm-4 col-sm-offset-2">
|
||||
<button class="btn btn-default" type="reset"> {% trans 'Reset' %}</button>
|
||||
<button id="submit_button" class="btn btn-primary"
|
||||
type="submit">{% trans 'Submit' %}</button>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="hr-line-dashed"></div>
|
||||
|
||||
<h3>{% trans "Command storage" %}</h3>
|
||||
|
|
@ -71,6 +79,7 @@
|
|||
<tr>
|
||||
<th>{% trans 'Name' %}</th>
|
||||
<th>{% trans 'Type' %}</th>
|
||||
<th>{% trans 'Action' %}</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
|
|
@ -78,10 +87,13 @@
|
|||
<tr>
|
||||
<td>{{ name }}</td>
|
||||
<td>{{ setting.TYPE }}</td>
|
||||
<td><a class="btn btn-xs btn-danger m-l-xs btn-del-command" data-name="{{ name }}">{% trans 'Delete' %}</a></td>
|
||||
</tr>
|
||||
{% endfor %}
|
||||
</tbody>
|
||||
</table>
|
||||
<a href="{% url 'common:command-storage-create' %}" class="btn btn-primary">{% trans 'Add' %}</a>
|
||||
|
||||
<div class="hr-line-dashed"></div>
|
||||
<h3>{% trans "Replay storage" %}</h3>
|
||||
<table class="table table-hover " id="task-history-list-table">
|
||||
|
|
@ -89,6 +101,7 @@
|
|||
<tr>
|
||||
<th>{% trans 'Name' %}</th>
|
||||
<th>{% trans 'Type' %}</th>
|
||||
<th>{% trans 'Action' %}</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
|
|
@ -96,18 +109,14 @@
|
|||
<tr>
|
||||
<td>{{ name }}</td>
|
||||
<td>{{ setting.TYPE }}</td>
|
||||
<td><a class="btn btn-xs btn-danger m-l-xs btn-del-replay" data-name="{{ name }}">{% trans 'Delete' %}</a></td>
|
||||
</tr>
|
||||
{% endfor %}
|
||||
</tbody>
|
||||
</table>
|
||||
<a href="{% url 'common:replay-storage-create' %}" class="btn btn-primary">{% trans 'Add' %}</a>
|
||||
|
||||
<div class="hr-line-dashed"></div>
|
||||
<div class="form-group">
|
||||
<div class="col-sm-4 col-sm-offset-2">
|
||||
<button class="btn btn-default" type="reset"> {% trans 'Reset' %}</button>
|
||||
<button id="submit_button" class="btn btn-primary"
|
||||
type="submit">{% trans 'Submit' %}</button>
|
||||
</div>
|
||||
</div>
|
||||
</form>
|
||||
</div>
|
||||
</div>
|
||||
|
|
@ -116,40 +125,63 @@
|
|||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
{% endblock %}
|
||||
{% block custom_foot_js %}
|
||||
<script>
|
||||
$(document).ready(function () {
|
||||
})
|
||||
.on("click", ".btn-test", function () {
|
||||
var data = {};
|
||||
var form = $("form").serializeArray();
|
||||
$.each(form, function (i, field) {
|
||||
data[field.name] = field.value;
|
||||
});
|
||||
<script>
|
||||
|
||||
var the_url = "{% url 'api-common:ldap-testing' %}";
|
||||
function ajaxAPI(url, data, success, error, method){
|
||||
$.ajax({
|
||||
url: url,
|
||||
data: data,
|
||||
method: method,
|
||||
contentType: 'application/json; charset=utf-8',
|
||||
success: success,
|
||||
error: error
|
||||
})
|
||||
}
|
||||
|
||||
function error(message) {
|
||||
toastr.error(message)
|
||||
}
|
||||
function deleteStorage($this, the_url){
|
||||
var name = $this.data('name');
|
||||
function doDelete(){
|
||||
console.log('delete storage');
|
||||
var data = {"name": name};
|
||||
var method = 'POST';
|
||||
var success = function(){
|
||||
$this.parent().parent().remove();
|
||||
toastr.success("{% trans 'Delete succeed' %}");
|
||||
};
|
||||
var error = function(){
|
||||
toastr.error("{% trans 'Delete failed' %}}");
|
||||
};
|
||||
ajaxAPI(the_url, JSON.stringify(data), success, error, method);
|
||||
}
|
||||
swal({
|
||||
title: "{% trans 'Are you sure about deleting it?' %}",
|
||||
text: " [" + name + "] ",
|
||||
type: "warning",
|
||||
showCancelButton: true,
|
||||
cancelButtonText: "{% trans 'Cancel' %}",
|
||||
confirmButtonColor: "#ed5565",
|
||||
confirmButtonText: "{% trans 'Confirm' %}",
|
||||
closeOnConfirm: true
|
||||
}, function () {
|
||||
doDelete()
|
||||
});
|
||||
}
|
||||
|
||||
function success(message) {
|
||||
toastr.success(message.msg)
|
||||
}
|
||||
$(document).ready(function () {
|
||||
|
||||
APIUpdateAttr({
|
||||
url: the_url,
|
||||
body: JSON.stringify(data),
|
||||
method: "POST",
|
||||
flash_message: false,
|
||||
success: success,
|
||||
error: error
|
||||
});
|
||||
})
|
||||
.on('click', '', function () {
|
||||
})
|
||||
.on('click', '.btn-del-replay', function(){
|
||||
var $this = $(this);
|
||||
var the_url = "{% url 'api-common:replay-storage-delete' %}";
|
||||
deleteStorage($this, the_url);
|
||||
})
|
||||
.on('click', '.btn-del-command', function() {
|
||||
var $this = $(this);
|
||||
var the_url = "{% url 'api-common:command-storage-delete' %}";
|
||||
deleteStorage($this, the_url)
|
||||
});
|
||||
|
||||
})
|
||||
</script>
|
||||
</script>
|
||||
{% endblock %}
|
||||
|
|
|
|||
|
|
@ -9,5 +9,9 @@ app_name = 'common'
|
|||
urlpatterns = [
|
||||
path('mail/testing/', api.MailTestingAPI.as_view(), name='mail-testing'),
|
||||
path('ldap/testing/', api.LDAPTestingAPI.as_view(), name='ldap-testing'),
|
||||
path('terminal/replay-storage/create/', api.ReplayStorageCreateAPI.as_view(), name='replay-storage-create'),
|
||||
path('terminal/replay-storage/delete/', api.ReplayStorageDeleteAPI.as_view(), name='replay-storage-delete'),
|
||||
path('terminal/command-storage/create/', api.CommandStorageCreateAPI.as_view(), name='command-storage-create'),
|
||||
path('terminal/command-storage/delete/', api.CommandStorageDeleteAPI.as_view(), name='command-storage-delete'),
|
||||
# path('django-settings/', api.DjangoSettingsAPI.as_view(), name='django-settings'),
|
||||
]
|
||||
|
|
|
|||
|
|
@ -11,5 +11,7 @@ urlpatterns = [
|
|||
url(r'^email/$', views.EmailSettingView.as_view(), name='email-setting'),
|
||||
url(r'^ldap/$', views.LDAPSettingView.as_view(), name='ldap-setting'),
|
||||
url(r'^terminal/$', views.TerminalSettingView.as_view(), name='terminal-setting'),
|
||||
url(r'^terminal/replay-storage/create$', views.ReplayStorageCreateView.as_view(), name='replay-storage-create'),
|
||||
url(r'^terminal/command-storage/create$', views.CommandStorageCreateView.as_view(), name='command-storage-create'),
|
||||
url(r'^security/$', views.SecuritySettingView.as_view(), name='security-setting'),
|
||||
]
|
||||
|
|
|
|||
|
|
@ -37,7 +37,8 @@ def reverse(view_name, urlconf=None, args=None, kwargs=None,
|
|||
kwargs=kwargs, current_app=current_app)
|
||||
|
||||
if external:
|
||||
url = settings.SITE_URL.strip('/') + url
|
||||
from common.models import common_settings
|
||||
url = common_settings.SITE_URL.strip('/') + url
|
||||
return url
|
||||
|
||||
|
||||
|
|
@ -387,6 +388,55 @@ def get_request_ip(request):
|
|||
return login_ip
|
||||
|
||||
|
||||
def get_command_storage_or_create_default_storage():
|
||||
from common.models import common_settings, Setting
|
||||
name = 'TERMINAL_COMMAND_STORAGE'
|
||||
default = {'default': {'TYPE': 'server'}}
|
||||
try:
|
||||
command_storage = common_settings.TERMINAL_COMMAND_STORAGE
|
||||
except Exception:
|
||||
return default
|
||||
if command_storage is None:
|
||||
obj = Setting()
|
||||
obj.name = name
|
||||
obj.encrypted = True
|
||||
obj.cleaned_value = default
|
||||
obj.save()
|
||||
if isinstance(command_storage, dict) and not command_storage:
|
||||
obj = Setting.objects.get(name=name)
|
||||
value = obj.cleaned_value
|
||||
value.update(default)
|
||||
obj.cleaned_value = value
|
||||
obj.save()
|
||||
command_storage = common_settings.TERMINAL_COMMAND_STORAGE
|
||||
return command_storage
|
||||
|
||||
|
||||
def get_replay_storage_or_create_default_storage():
|
||||
from common.models import common_settings, Setting
|
||||
name = 'TERMINAL_REPLAY_STORAGE'
|
||||
default = {'default': {'TYPE': 'server'}}
|
||||
try:
|
||||
replay_storage = common_settings.TERMINAL_REPLAY_STORAGE
|
||||
except Exception:
|
||||
return default
|
||||
if replay_storage is None:
|
||||
obj = Setting()
|
||||
obj.name = name
|
||||
obj.encrypted = True
|
||||
obj.cleaned_value = default
|
||||
obj.save()
|
||||
replay_storage = common_settings.TERMINAL_REPLAY_STORAGE
|
||||
if isinstance(replay_storage, dict) and not replay_storage:
|
||||
obj = Setting.objects.get(name=name)
|
||||
value = obj.cleaned_value
|
||||
value.update(default)
|
||||
obj.cleaned_value = value
|
||||
obj.save()
|
||||
replay_storage = common_settings.TERMINAL_REPLAY_STORAGE
|
||||
return replay_storage
|
||||
|
||||
|
||||
class TeeObj:
|
||||
origin_stdout = sys.stdout
|
||||
|
||||
|
|
|
|||
|
|
@ -4,10 +4,12 @@ from django.contrib import messages
|
|||
from django.utils.translation import ugettext as _
|
||||
from django.conf import settings
|
||||
|
||||
from common.models import common_settings
|
||||
from .forms import EmailSettingForm, LDAPSettingForm, BasicSettingForm, \
|
||||
TerminalSettingForm, SecuritySettingForm
|
||||
from common.permissions import SuperUserRequiredMixin
|
||||
from .signals import ldap_auth_enable
|
||||
from . import utils
|
||||
|
||||
|
||||
class BasicSettingView(SuperUserRequiredMixin, TemplateView):
|
||||
|
|
@ -95,14 +97,15 @@ class TerminalSettingView(SuperUserRequiredMixin, TemplateView):
|
|||
template_name = "common/terminal_setting.html"
|
||||
|
||||
def get_context_data(self, **kwargs):
|
||||
command_storage = settings.TERMINAL_COMMAND_STORAGE
|
||||
replay_storage = settings.TERMINAL_REPLAY_STORAGE
|
||||
command_storage = utils.get_command_storage_or_create_default_storage()
|
||||
replay_storage = utils.get_replay_storage_or_create_default_storage()
|
||||
|
||||
context = {
|
||||
'app': _('Settings'),
|
||||
'action': _('Terminal setting'),
|
||||
'form': self.form_class(),
|
||||
'replay_storage': replay_storage,
|
||||
'command_storage': command_storage,
|
||||
'command_storage': command_storage
|
||||
}
|
||||
kwargs.update(context)
|
||||
return super().get_context_data(**kwargs)
|
||||
|
|
@ -120,6 +123,30 @@ class TerminalSettingView(SuperUserRequiredMixin, TemplateView):
|
|||
return render(request, self.template_name, context)
|
||||
|
||||
|
||||
class ReplayStorageCreateView(SuperUserRequiredMixin, TemplateView):
|
||||
template_name = 'common/replay_storage_create.html'
|
||||
|
||||
def get_context_data(self, **kwargs):
|
||||
context = {
|
||||
'app': _('Settings'),
|
||||
'action': _('Create replay storage')
|
||||
}
|
||||
kwargs.update(context)
|
||||
return super().get_context_data(**kwargs)
|
||||
|
||||
|
||||
class CommandStorageCreateView(SuperUserRequiredMixin, TemplateView):
|
||||
template_name = 'common/command_storage_create.html'
|
||||
|
||||
def get_context_data(self, **kwargs):
|
||||
context = {
|
||||
'app': _('Settings'),
|
||||
'action': _('Create command storage')
|
||||
}
|
||||
kwargs.update(context)
|
||||
return super().get_context_data(**kwargs)
|
||||
|
||||
|
||||
class SecuritySettingView(SuperUserRequiredMixin, TemplateView):
|
||||
form_class = SecuritySettingForm
|
||||
template_name = "common/security_setting.html"
|
||||
|
|
|
|||
|
|
@ -64,6 +64,7 @@ INSTALLED_APPS = [
|
|||
'common.apps.CommonConfig',
|
||||
'terminal.apps.TerminalConfig',
|
||||
'audits.apps.AuditsConfig',
|
||||
'authentication.apps.AuthenticationConfig', # authentication
|
||||
'rest_framework',
|
||||
'rest_framework_swagger',
|
||||
'drf_yasg',
|
||||
|
|
@ -94,6 +95,7 @@ MIDDLEWARE = [
|
|||
'django.contrib.auth.middleware.AuthenticationMiddleware',
|
||||
'django.contrib.messages.middleware.MessageMiddleware',
|
||||
'django.middleware.clickjacking.XFrameOptionsMiddleware',
|
||||
'authentication.openid.middleware.OpenIDAuthenticationMiddleware', # openid
|
||||
'jumpserver.middleware.TimezoneMiddleware',
|
||||
'jumpserver.middleware.DemoMiddleware',
|
||||
'jumpserver.middleware.RequestMiddleware',
|
||||
|
|
@ -389,6 +391,24 @@ AUTH_LDAP_BACKEND = 'django_auth_ldap.backend.LDAPBackend'
|
|||
if AUTH_LDAP:
|
||||
AUTHENTICATION_BACKENDS.insert(0, AUTH_LDAP_BACKEND)
|
||||
|
||||
# openid
|
||||
# Auth OpenID settings
|
||||
BASE_SITE_URL = CONFIG.BASE_SITE_URL
|
||||
AUTH_OPENID = CONFIG.AUTH_OPENID
|
||||
AUTH_OPENID_SERVER_URL = CONFIG.AUTH_OPENID_SERVER_URL
|
||||
AUTH_OPENID_REALM_NAME = CONFIG.AUTH_OPENID_REALM_NAME
|
||||
AUTH_OPENID_CLIENT_ID = CONFIG.AUTH_OPENID_CLIENT_ID
|
||||
AUTH_OPENID_CLIENT_SECRET = CONFIG.AUTH_OPENID_CLIENT_SECRET
|
||||
AUTH_OPENID_BACKENDS = [
|
||||
'authentication.openid.backends.OpenIDAuthorizationPasswordBackend',
|
||||
'authentication.openid.backends.OpenIDAuthorizationCodeBackend',
|
||||
]
|
||||
|
||||
if AUTH_OPENID:
|
||||
LOGIN_URL = reverse_lazy("authentication:openid-login")
|
||||
AUTHENTICATION_BACKENDS.insert(0, AUTH_OPENID_BACKENDS[0])
|
||||
AUTHENTICATION_BACKENDS.insert(0, AUTH_OPENID_BACKENDS[1])
|
||||
|
||||
# Celery using redis as broker
|
||||
CELERY_BROKER_URL = 'redis://:%(password)s@%(host)s:%(port)s/%(db)s' % {
|
||||
'password': CONFIG.REDIS_PASSWORD if CONFIG.REDIS_PASSWORD else '',
|
||||
|
|
|
|||
|
|
@ -75,6 +75,7 @@ app_view_patterns = [
|
|||
path('ops/', include('ops.urls.view_urls', namespace='ops')),
|
||||
path('audits/', include('audits.urls.view_urls', namespace='audits')),
|
||||
path('orgs/', include('orgs.urls.views_urls', namespace='orgs')),
|
||||
path('auth/', include('authentication.urls.view_urls'), name='auth'),
|
||||
]
|
||||
|
||||
if settings.XPACK_ENABLED:
|
||||
|
|
|
|||
Binary file not shown.
File diff suppressed because it is too large
Load Diff
|
|
@ -50,7 +50,7 @@ class JMSInventory(BaseInventory):
|
|||
def convert_to_ansible(self, asset, run_as_admin=False):
|
||||
info = {
|
||||
'id': asset.id,
|
||||
'hostname': asset.hostname,
|
||||
'hostname': asset.fullname,
|
||||
'ip': asset.ip,
|
||||
'port': asset.port,
|
||||
'vars': dict(),
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@ from django.views.generic import ListView, DetailView, TemplateView
|
|||
|
||||
from common.mixins import DatetimeSearchMixin
|
||||
from .models import Task, AdHoc, AdHocRunHistory, CeleryTask
|
||||
from common.permissions import SuperUserRequiredMixin
|
||||
from common.permissions import SuperUserRequiredMixin, AdminUserRequiredMixin
|
||||
|
||||
|
||||
class TaskListView(SuperUserRequiredMixin, DatetimeSearchMixin, ListView):
|
||||
|
|
@ -121,6 +121,6 @@ class AdHocHistoryDetailView(SuperUserRequiredMixin, DetailView):
|
|||
return super().get_context_data(**kwargs)
|
||||
|
||||
|
||||
class CeleryTaskLogView(SuperUserRequiredMixin, DetailView):
|
||||
class CeleryTaskLogView(AdminUserRequiredMixin, DetailView):
|
||||
template_name = 'ops/celery_task_log.html'
|
||||
model = CeleryTask
|
||||
|
|
|
|||
|
|
@ -1,14 +1,68 @@
|
|||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
|
||||
from rest_framework import viewsets
|
||||
from rest_framework import status
|
||||
from rest_framework.views import Response
|
||||
from rest_framework_bulk import BulkModelViewSet
|
||||
|
||||
from common.permissions import IsSuperUserOrAppUser
|
||||
from .models import Organization
|
||||
from .serializers import OrgSerializer
|
||||
from .serializers import OrgSerializer, OrgReadSerializer, \
|
||||
OrgMembershipUserSerializer, OrgMembershipAdminSerializer
|
||||
from users.models import User, UserGroup
|
||||
from assets.models import Asset, Domain, AdminUser, SystemUser, Label
|
||||
from perms.models import AssetPermission
|
||||
from orgs.utils import current_org
|
||||
from common.utils import get_logger
|
||||
from .mixins import OrgMembershipModelViewSetMixin
|
||||
|
||||
logger = get_logger(__file__)
|
||||
|
||||
|
||||
class OrgViewSet(viewsets.ModelViewSet):
|
||||
class OrgViewSet(BulkModelViewSet):
|
||||
queryset = Organization.objects.all()
|
||||
serializer_class = OrgSerializer
|
||||
permission_classes = (IsSuperUserOrAppUser,)
|
||||
org = None
|
||||
|
||||
def get_serializer_class(self):
|
||||
if self.action in ('list', 'retrieve'):
|
||||
return OrgReadSerializer
|
||||
else:
|
||||
return super().get_serializer_class()
|
||||
|
||||
def get_data_from_model(self, model):
|
||||
if model == User:
|
||||
data = model.objects.filter(orgs__id=self.org.id)
|
||||
else:
|
||||
data = model.objects.filter(org_id=self.org.id)
|
||||
return data
|
||||
|
||||
def destroy(self, request, *args, **kwargs):
|
||||
self.org = self.get_object()
|
||||
models = [
|
||||
User, UserGroup,
|
||||
Asset, Domain, AdminUser, SystemUser, Label,
|
||||
AssetPermission,
|
||||
]
|
||||
for model in models:
|
||||
data = self.get_data_from_model(model)
|
||||
if data:
|
||||
return Response(status=status.HTTP_400_BAD_REQUEST)
|
||||
else:
|
||||
if str(current_org) == str(self.org):
|
||||
return Response(status=status.HTTP_405_METHOD_NOT_ALLOWED)
|
||||
self.org.delete()
|
||||
return Response({'msg': True}, status=status.HTTP_200_OK)
|
||||
|
||||
|
||||
class OrgMembershipAdminsViewSet(OrgMembershipModelViewSetMixin, BulkModelViewSet):
|
||||
serializer_class = OrgMembershipAdminSerializer
|
||||
membership_class = Organization.admins.through
|
||||
permission_classes = (IsSuperUserOrAppUser, )
|
||||
|
||||
|
||||
class OrgMembershipUsersViewSet(OrgMembershipModelViewSetMixin, BulkModelViewSet):
|
||||
serializer_class = OrgMembershipUserSerializer
|
||||
membership_class = Organization.users.through
|
||||
permission_classes = (IsSuperUserOrAppUser, )
|
||||
|
|
|
|||
|
|
@ -9,7 +9,6 @@ from django.forms import ModelForm
|
|||
from django.http.response import HttpResponseForbidden
|
||||
from django.core.exceptions import ValidationError
|
||||
|
||||
|
||||
from common.utils import get_logger
|
||||
from .utils import current_org, set_current_org, set_to_root_org
|
||||
from .models import Organization
|
||||
|
|
@ -19,7 +18,7 @@ tl = Local()
|
|||
|
||||
__all__ = [
|
||||
'OrgManager', 'OrgViewGenericMixin', 'OrgModelMixin', 'OrgModelForm',
|
||||
'RootOrgViewMixin',
|
||||
'RootOrgViewMixin', 'OrgMembershipSerializerMixin', 'OrgMembershipModelViewSetMixin'
|
||||
]
|
||||
|
||||
|
||||
|
|
@ -176,3 +175,29 @@ class OrgModelForm(ModelForm):
|
|||
continue
|
||||
model = field.queryset.model
|
||||
field.queryset = model.objects.all()
|
||||
|
||||
|
||||
class OrgMembershipSerializerMixin:
|
||||
def run_validation(self, initial_data=None):
|
||||
initial_data['organization'] = str(self.context['org'].id)
|
||||
return super().run_validation(initial_data)
|
||||
|
||||
|
||||
class OrgMembershipModelViewSetMixin:
|
||||
org = None
|
||||
membership_class = None
|
||||
lookup_field = 'user'
|
||||
lookup_url_kwarg = 'user_id'
|
||||
http_method_names = ['get', 'post', 'delete', 'head', 'options']
|
||||
|
||||
def dispatch(self, request, *args, **kwargs):
|
||||
self.org = Organization.objects.get(pk=kwargs.get('org_id'))
|
||||
return super().dispatch(request, *args, **kwargs)
|
||||
|
||||
def get_serializer_context(self):
|
||||
context = super().get_serializer_context()
|
||||
context['org'] = self.org
|
||||
return context
|
||||
|
||||
def get_queryset(self):
|
||||
return self.membership_class.objects.filter(organization=self.org)
|
||||
|
|
|
|||
|
|
@ -1,10 +1,81 @@
|
|||
|
||||
from rest_framework.serializers import ModelSerializer
|
||||
from rest_framework import serializers
|
||||
from rest_framework_bulk import BulkListSerializer
|
||||
|
||||
from users.models import User, UserGroup
|
||||
from assets.models import Asset, Domain, AdminUser, SystemUser, Label
|
||||
from perms.models import AssetPermission
|
||||
from .utils import set_current_org, get_current_org
|
||||
from .models import Organization
|
||||
from .mixins import OrgMembershipSerializerMixin
|
||||
|
||||
|
||||
class OrgSerializer(ModelSerializer):
|
||||
class Meta:
|
||||
model = Organization
|
||||
list_serializer_class = BulkListSerializer
|
||||
fields = '__all__'
|
||||
read_only_fields = ['id', 'created_by', 'date_created']
|
||||
|
||||
|
||||
class OrgReadSerializer(ModelSerializer):
|
||||
admins = serializers.SlugRelatedField(slug_field='name', many=True, read_only=True)
|
||||
users = serializers.SlugRelatedField(slug_field='name', many=True, read_only=True)
|
||||
user_groups = serializers.SerializerMethodField()
|
||||
assets = serializers.SerializerMethodField()
|
||||
domains = serializers.SerializerMethodField()
|
||||
admin_users = serializers.SerializerMethodField()
|
||||
system_users = serializers.SerializerMethodField()
|
||||
labels = serializers.SerializerMethodField()
|
||||
perms = serializers.SerializerMethodField()
|
||||
|
||||
class Meta:
|
||||
model = Organization
|
||||
fields = '__all__'
|
||||
|
||||
@staticmethod
|
||||
def get_data_from_model(obj, model):
|
||||
current_org = get_current_org()
|
||||
set_current_org(Organization.root())
|
||||
if model == Asset:
|
||||
data = [o.hostname for o in model.objects.filter(org_id=obj.id)]
|
||||
else:
|
||||
data = [o.name for o in model.objects.filter(org_id=obj.id)]
|
||||
set_current_org(current_org)
|
||||
return data
|
||||
|
||||
def get_user_groups(self, obj):
|
||||
return self.get_data_from_model(obj, UserGroup)
|
||||
|
||||
def get_assets(self, obj):
|
||||
return self.get_data_from_model(obj, Asset)
|
||||
|
||||
def get_domains(self, obj):
|
||||
return self.get_data_from_model(obj, Domain)
|
||||
|
||||
def get_admin_users(self, obj):
|
||||
return self.get_data_from_model(obj, AdminUser)
|
||||
|
||||
def get_system_users(self, obj):
|
||||
return self.get_data_from_model(obj, SystemUser)
|
||||
|
||||
def get_labels(self, obj):
|
||||
return self.get_data_from_model(obj, Label)
|
||||
|
||||
def get_perms(self, obj):
|
||||
return self.get_data_from_model(obj, AssetPermission)
|
||||
|
||||
|
||||
class OrgMembershipAdminSerializer(OrgMembershipSerializerMixin, ModelSerializer):
|
||||
class Meta:
|
||||
model = Organization.admins.through
|
||||
list_serializer_class = BulkListSerializer
|
||||
fields = '__all__'
|
||||
|
||||
|
||||
class OrgMembershipUserSerializer(OrgMembershipSerializerMixin, ModelSerializer):
|
||||
class Meta:
|
||||
model = Organization.users.through
|
||||
list_serializer_class = BulkListSerializer
|
||||
fields = '__all__'
|
||||
|
|
|
|||
|
|
@ -1,12 +1,20 @@
|
|||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
|
||||
from django.urls import path
|
||||
from rest_framework.routers import DefaultRouter
|
||||
from .. import api
|
||||
|
||||
|
||||
app_name = 'orgs'
|
||||
router = DefaultRouter()
|
||||
|
||||
router.register(r'org/(?P<org_id>[0-9a-zA-Z\-]{36})/membership/admins',
|
||||
api.OrgMembershipAdminsViewSet, 'membership-admins')
|
||||
|
||||
router.register(r'org/(?P<org_id>[0-9a-zA-Z\-]{36})/membership/users',
|
||||
api.OrgMembershipUsersViewSet, 'membership-users'),
|
||||
|
||||
router.register(r'orgs', api.OrgViewSet, 'org')
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -5,6 +5,7 @@ from django.shortcuts import get_object_or_404
|
|||
from rest_framework.views import APIView, Response
|
||||
from rest_framework.generics import ListAPIView, get_object_or_404, RetrieveUpdateAPIView
|
||||
from rest_framework import viewsets
|
||||
from rest_framework.pagination import LimitOffsetPagination
|
||||
|
||||
from common.utils import set_or_append_attr_bulk
|
||||
from common.permissions import IsValidUser, IsOrgAdmin, IsOrgAdminOrAppUser
|
||||
|
|
@ -15,6 +16,16 @@ from .hands import AssetGrantedSerializer, User, UserGroup, Asset, Node, \
|
|||
NodeGrantedSerializer, SystemUser, NodeSerializer
|
||||
from orgs.utils import set_to_root_org
|
||||
from . import serializers
|
||||
from .mixins import AssetsFilterMixin
|
||||
|
||||
|
||||
__all__ = [
|
||||
'AssetPermissionViewSet', 'UserGrantedAssetsApi', 'UserGrantedNodesApi',
|
||||
'UserGrantedNodesWithAssetsApi', 'UserGrantedNodeAssetsApi', 'UserGroupGrantedAssetsApi',
|
||||
'UserGroupGrantedNodesApi', 'UserGroupGrantedNodesWithAssetsApi', 'UserGroupGrantedNodeAssetsApi',
|
||||
'ValidateUserAssetPermissionApi', 'AssetPermissionRemoveUserApi', 'AssetPermissionAddUserApi',
|
||||
'AssetPermissionRemoveAssetApi', 'AssetPermissionAddAssetApi', 'UserGrantedNodeChildrenApi',
|
||||
]
|
||||
|
||||
|
||||
class AssetPermissionViewSet(viewsets.ModelViewSet):
|
||||
|
|
@ -23,6 +34,7 @@ class AssetPermissionViewSet(viewsets.ModelViewSet):
|
|||
"""
|
||||
queryset = AssetPermission.objects.all()
|
||||
serializer_class = serializers.AssetPermissionCreateUpdateSerializer
|
||||
pagination_class = LimitOffsetPagination
|
||||
permission_classes = (IsOrgAdmin,)
|
||||
|
||||
def get_serializer_class(self):
|
||||
|
|
@ -31,10 +43,15 @@ class AssetPermissionViewSet(viewsets.ModelViewSet):
|
|||
return self.serializer_class
|
||||
|
||||
def get_queryset(self):
|
||||
queryset = super().get_queryset()
|
||||
queryset = super().get_queryset().all()
|
||||
search = self.request.query_params.get('search')
|
||||
asset_id = self.request.query_params.get('asset')
|
||||
node_id = self.request.query_params.get('node')
|
||||
inherit_nodes = set()
|
||||
|
||||
if search:
|
||||
queryset = queryset.filter(name__icontains=search)
|
||||
|
||||
if not asset_id and not node_id:
|
||||
return queryset
|
||||
|
||||
|
|
@ -53,15 +70,17 @@ class AssetPermissionViewSet(viewsets.ModelViewSet):
|
|||
_permissions = queryset.filter(nodes=n)
|
||||
set_or_append_attr_bulk(_permissions, "inherit", n.value)
|
||||
permissions.update(_permissions)
|
||||
return permissions
|
||||
|
||||
return list(permissions)
|
||||
|
||||
|
||||
class UserGrantedAssetsApi(ListAPIView):
|
||||
class UserGrantedAssetsApi(AssetsFilterMixin, ListAPIView):
|
||||
"""
|
||||
用户授权的所有资产
|
||||
"""
|
||||
permission_classes = (IsOrgAdminOrAppUser,)
|
||||
serializer_class = AssetGrantedSerializer
|
||||
pagination_class = LimitOffsetPagination
|
||||
|
||||
def change_org_if_need(self):
|
||||
if self.request.user.is_superuser or \
|
||||
|
|
@ -84,6 +103,7 @@ class UserGrantedAssetsApi(ListAPIView):
|
|||
system_users_granted = [s for s in v if s.protocol == k.protocol]
|
||||
k.system_users_granted = system_users_granted
|
||||
queryset.append(k)
|
||||
|
||||
return queryset
|
||||
|
||||
def get_permissions(self):
|
||||
|
|
@ -122,7 +142,7 @@ class UserGrantedNodesApi(ListAPIView):
|
|||
return super().get_permissions()
|
||||
|
||||
|
||||
class UserGrantedNodesWithAssetsApi(ListAPIView):
|
||||
class UserGrantedNodesWithAssetsApi(AssetsFilterMixin, ListAPIView):
|
||||
"""
|
||||
用户授权的节点并带着节点下资产的api
|
||||
"""
|
||||
|
|
@ -155,19 +175,25 @@ class UserGrantedNodesWithAssetsApi(ListAPIView):
|
|||
queryset.append(node)
|
||||
return queryset
|
||||
|
||||
def sort_assets(self, queryset):
|
||||
for node in queryset:
|
||||
node.assets_granted = super().sort_assets(node.assets_granted)
|
||||
return queryset
|
||||
|
||||
def get_permissions(self):
|
||||
if self.kwargs.get('pk') is None:
|
||||
self.permission_classes = (IsValidUser,)
|
||||
return super().get_permissions()
|
||||
|
||||
|
||||
class UserGrantedNodeAssetsApi(ListAPIView):
|
||||
class UserGrantedNodeAssetsApi(AssetsFilterMixin, ListAPIView):
|
||||
"""
|
||||
查询用户授权的节点下的资产的api, 与上面api不同的是,只返回某个节点下的资产
|
||||
"""
|
||||
permission_classes = (IsOrgAdminOrAppUser,)
|
||||
serializer_class = AssetGrantedSerializer
|
||||
|
||||
pagination_class = LimitOffsetPagination
|
||||
|
||||
def change_org_if_need(self):
|
||||
if self.request.user.is_superuser or \
|
||||
self.request.user.is_app or \
|
||||
|
|
@ -189,6 +215,8 @@ class UserGrantedNodeAssetsApi(ListAPIView):
|
|||
assets = nodes.get(node, [])
|
||||
for asset, system_users in assets.items():
|
||||
asset.system_users_granted = system_users
|
||||
|
||||
assets = list(assets.keys())
|
||||
return assets
|
||||
|
||||
def get_permissions(self):
|
||||
|
|
@ -274,7 +302,7 @@ class UserGroupGrantedNodeAssetsApi(ListAPIView):
|
|||
return assets
|
||||
|
||||
|
||||
class ValidateUserAssetPermissionView(RootOrgViewMixin, APIView):
|
||||
class ValidateUserAssetPermissionApi(RootOrgViewMixin, APIView):
|
||||
permission_classes = (IsOrgAdminOrAppUser,)
|
||||
|
||||
@staticmethod
|
||||
|
|
@ -367,3 +395,84 @@ class AssetPermissionAddAssetApi(RetrieveUpdateAPIView):
|
|||
return Response({"msg": "ok"})
|
||||
else:
|
||||
return Response({"error": serializer.errors})
|
||||
|
||||
|
||||
class UserGrantedNodeChildrenApi(ListAPIView):
|
||||
permission_classes = (IsValidUser,)
|
||||
serializer_class = serializers.AssetPermissionNodeSerializer
|
||||
|
||||
def change_org_if_need(self):
|
||||
if self.request.user.is_superuser or \
|
||||
self.request.user.is_app or \
|
||||
self.kwargs.get('pk') is None:
|
||||
set_to_root_org()
|
||||
|
||||
def get_children_queryset(self):
|
||||
util = AssetPermissionUtil(self.request.user)
|
||||
node_id = self.request.query_params.get('id')
|
||||
nodes_granted = util.get_nodes_with_assets()
|
||||
if nodes_granted:
|
||||
first_node = sorted(nodes_granted, reverse=True)[0]
|
||||
else:
|
||||
return []
|
||||
if node_id and node_id in [str(node.id) for node in nodes_granted]:
|
||||
node = [node for node in nodes_granted if str(node.id) == node_id][0]
|
||||
else:
|
||||
node = first_node
|
||||
queryset = []
|
||||
if node == first_node:
|
||||
node.assets_amount = len(nodes_granted[node])
|
||||
queryset.append(node)
|
||||
|
||||
children = []
|
||||
for child in node.get_children():
|
||||
if child in nodes_granted:
|
||||
child.assets_amount = len(nodes_granted[node])
|
||||
children.append(child)
|
||||
children = sorted(children, key=lambda x: x.value)
|
||||
queryset.extend(children)
|
||||
fake_nodes = []
|
||||
for asset, system_users in nodes_granted[node].items():
|
||||
fake_node = asset.as_node()
|
||||
fake_node.assets_amount = 0
|
||||
system_users = [s for s in system_users if s.protocol == asset.protocol]
|
||||
fake_node.asset.system_users_granted = system_users
|
||||
fake_node.key = node.key + ':0'
|
||||
fake_nodes.append(fake_node)
|
||||
fake_nodes = sorted(fake_nodes, key=lambda x: x.value)
|
||||
queryset.extend(fake_nodes)
|
||||
return queryset
|
||||
|
||||
def get_search_queryset(self, keyword):
|
||||
util = AssetPermissionUtil(self.request.user)
|
||||
nodes_granted = util.get_nodes_with_assets()
|
||||
queryset = []
|
||||
for node, assets in nodes_granted.items():
|
||||
matched_assets = []
|
||||
node_matched = node.value.lower().find(keyword.lower()) >= 0
|
||||
asset_has_matched = False
|
||||
for asset, system_users in assets.items():
|
||||
asset_matched = (asset.hostname.lower().find(keyword.lower()) >= 0) \
|
||||
or (asset.ip.find(keyword.lower()) >= 0)
|
||||
if node_matched or asset_matched:
|
||||
asset_has_matched = True
|
||||
fake_node = asset.as_node()
|
||||
fake_node.assets_amount = 0
|
||||
system_users = [s for s in system_users if
|
||||
s.protocol == asset.protocol]
|
||||
fake_node.asset.system_users_granted = system_users
|
||||
fake_node.key = node.key + ':0'
|
||||
matched_assets.append(fake_node)
|
||||
if asset_has_matched:
|
||||
node.assets_amount = len(matched_assets)
|
||||
queryset.append(node)
|
||||
queryset.extend(sorted(matched_assets, key=lambda x: x.value))
|
||||
return queryset
|
||||
|
||||
def get_queryset(self):
|
||||
self.change_org_if_need()
|
||||
keyword = self.request.query_params.get('search')
|
||||
if keyword:
|
||||
return self.get_search_queryset(keyword)
|
||||
else:
|
||||
return self.get_children_queryset()
|
||||
|
|
|
|||
|
|
@ -0,0 +1,36 @@
|
|||
# ~*~ coding: utf-8 ~*~
|
||||
#
|
||||
|
||||
|
||||
class AssetsFilterMixin(object):
|
||||
"""
|
||||
对资产进行过滤(查询,排序)
|
||||
"""
|
||||
|
||||
def filter_queryset(self, queryset):
|
||||
queryset = self.search_assets(queryset)
|
||||
queryset = self.sort_assets(queryset)
|
||||
return queryset
|
||||
|
||||
def search_assets(self, queryset):
|
||||
from perms.utils import is_obj_attr_has
|
||||
value = self.request.query_params.get('search')
|
||||
if not value:
|
||||
return queryset
|
||||
queryset = [asset for asset in queryset if is_obj_attr_has(asset, value)]
|
||||
return queryset
|
||||
|
||||
def sort_assets(self, queryset):
|
||||
from perms.utils import sort_assets
|
||||
order_by = self.request.query_params.get('order')
|
||||
if not order_by:
|
||||
order_by = 'hostname'
|
||||
|
||||
if order_by.startswith('-'):
|
||||
order_by = order_by.lstrip('-')
|
||||
reverse = True
|
||||
else:
|
||||
reverse = False
|
||||
|
||||
queryset = sort_assets(queryset, order_by=order_by, reverse=reverse)
|
||||
return queryset
|
||||
|
|
@ -2,8 +2,11 @@
|
|||
#
|
||||
|
||||
from rest_framework import serializers
|
||||
from .models import AssetPermission
|
||||
|
||||
from common.fields import StringManyToManyField
|
||||
from .models import AssetPermission
|
||||
from assets.models import Node
|
||||
from assets.serializers import AssetGrantedSerializer
|
||||
|
||||
|
||||
class AssetPermissionCreateUpdateSerializer(serializers.ModelSerializer):
|
||||
|
|
@ -45,3 +48,29 @@ class AssetPermissionUpdateAssetSerializer(serializers.ModelSerializer):
|
|||
model = AssetPermission
|
||||
fields = ['id', 'assets']
|
||||
|
||||
|
||||
class AssetPermissionNodeSerializer(serializers.ModelSerializer):
|
||||
asset = AssetGrantedSerializer(required=False)
|
||||
assets_amount = serializers.SerializerMethodField()
|
||||
|
||||
tree_id = serializers.SerializerMethodField()
|
||||
tree_parent = serializers.SerializerMethodField()
|
||||
|
||||
class Meta:
|
||||
model = Node
|
||||
fields = [
|
||||
'id', 'key', 'value', 'asset', 'is_node', 'org_id',
|
||||
'tree_id', 'tree_parent', 'assets_amount',
|
||||
]
|
||||
|
||||
@staticmethod
|
||||
def get_assets_amount(obj):
|
||||
return obj.assets_amount
|
||||
|
||||
@staticmethod
|
||||
def get_tree_id(obj):
|
||||
return obj.key
|
||||
|
||||
@staticmethod
|
||||
def get_tree_parent(obj):
|
||||
return obj.parent_key
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@
|
|||
</li>
|
||||
<li class="active">
|
||||
<a href="{% url 'perms:asset-permission-asset-list' pk=asset_permission.id %}" class="text-center">
|
||||
<i class="fa fa-bar-chart-o"></i> {% trans 'Assets and asset groups' %}</a>
|
||||
<i class="fa fa-bar-chart-o"></i> {% trans 'Assets and node' %}</a>
|
||||
</li>
|
||||
</ul>
|
||||
</div>
|
||||
|
|
|
|||
|
|
@ -54,9 +54,9 @@
|
|||
<div class="col-sm-9">
|
||||
<div class="input-daterange input-group" id="datepicker">
|
||||
<span class="input-group-addon"><i class="fa fa-calendar"></i></span>
|
||||
<input type="text" class="input-sm form-control" name="date_start" value="{{ form.date_start.value|date:'Y-m-d' }}">
|
||||
<input type="text" class="input-sm form-control" id="date_start" name="date_start" value="{{ form.date_start.value|date:'Y-m-d H:i' }}">
|
||||
<span class="input-group-addon">to</span>
|
||||
<input type="text" class="input-sm form-control" name="date_expired" value="{{ form.date_expired.value|date:'Y-m-d' }}">
|
||||
<input type="text" class="input-sm form-control" id="date_expired" name="date_expired" value="{{ form.date_expired.value|date:'Y-m-d H:i' }}">
|
||||
</div>
|
||||
<span class="help-block ">{{ form.date_expired.errors }}</span>
|
||||
<span class="help-block ">{{ form.date_start.errors }}</span>
|
||||
|
|
@ -70,6 +70,7 @@
|
|||
<button id="submit_button" class="btn btn-primary" type="submit">{% trans 'Submit' %}</button>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
</form>
|
||||
</div>
|
||||
</div>
|
||||
|
|
@ -80,19 +81,27 @@
|
|||
{% endblock %}
|
||||
{% block custom_foot_js %}
|
||||
<script src="{% static 'js/plugins/datepicker/bootstrap-datepicker.js' %}"></script>
|
||||
<script type="text/javascript" src='{% static "js/plugins/daterangepicker/moment.min.js" %}'></script>
|
||||
<script type="text/javascript" src='{% static "js/plugins/daterangepicker/daterangepicker.min.js" %}'></script>
|
||||
<link rel="stylesheet" type="text/css" href={% static "css/plugins/daterangepicker/daterangepicker.css" %} />
|
||||
|
||||
<script>
|
||||
var dateOptions = {
|
||||
singleDatePicker: true,
|
||||
showDropdowns: true,
|
||||
timePicker: true,
|
||||
timePicker24Hour: true,
|
||||
autoApply: true,
|
||||
locale: {
|
||||
format: 'YYYY-MM-DD HH:mm'
|
||||
}
|
||||
};
|
||||
$(document).ready(function () {
|
||||
$('.select2').select2({
|
||||
closeOnSelect: false
|
||||
});
|
||||
$('#datepicker').datepicker({
|
||||
format: "yyyy-mm-dd",
|
||||
todayBtn: "linked",
|
||||
keyboardNavigation: false,
|
||||
forceParse: false,
|
||||
calendarWeeks: true,
|
||||
autoclose: true
|
||||
});
|
||||
$('#date_start').daterangepicker(dateOptions);
|
||||
$('#date_expired').daterangepicker(dateOptions);
|
||||
$("#id_assets").parent().find(".select2-selection").on('click', function (e) {
|
||||
if ($(e.target).attr('class') !== 'select2-selection__choice__remove'){
|
||||
e.preventDefault();
|
||||
|
|
@ -110,6 +119,6 @@ $(document).ready(function () {
|
|||
$('.select2').val(assets).trigger('change');
|
||||
});
|
||||
$("#asset_list_modal").modal('hide');
|
||||
})
|
||||
});
|
||||
</script>
|
||||
{% endblock %}
|
||||
|
|
@ -24,7 +24,7 @@
|
|||
</li>
|
||||
<li>
|
||||
<a href="{% url 'perms:asset-permission-asset-list' pk=object.id %}" class="text-center">
|
||||
<i class="fa fa-bar-chart-o"></i> {% trans 'Assets and asset groups' %}</a>
|
||||
<i class="fa fa-bar-chart-o"></i> {% trans 'Assets and node' %}</a>
|
||||
</li>
|
||||
<li class="pull-right">
|
||||
<a class="btn btn-outline btn-default" href="{% url 'perms:asset-permission-update' pk=object.id %}"><i class="fa fa-edit"></i>{% trans 'Update' %}</a>
|
||||
|
|
|
|||
|
|
@ -217,7 +217,7 @@ function initTable() {
|
|||
select: {},
|
||||
op_html: $('#actions').html()
|
||||
};
|
||||
table = jumpserver.initDataTable(options);
|
||||
table = jumpserver.initServerSideDataTable(options);
|
||||
return table
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@
|
|||
</li>
|
||||
<li>
|
||||
<a href="{% url 'perms:asset-permission-asset-list' pk=asset_permission.id %}" class="text-center">
|
||||
<i class="fa fa-bar-chart-o"></i> {% trans 'Assets and asset groups' %}</a>
|
||||
<i class="fa fa-bar-chart-o"></i> {% trans 'Assets and node' %}</a>
|
||||
</li>
|
||||
</ul>
|
||||
</div>
|
||||
|
|
|
|||
|
|
@ -19,6 +19,8 @@ urlpatterns = [
|
|||
api.UserGrantedNodesApi.as_view(), name='user-nodes'),
|
||||
path('user/nodes/', api.UserGrantedNodesApi.as_view(),
|
||||
name='my-nodes'),
|
||||
path('user/nodes/children/', api.UserGrantedNodeChildrenApi.as_view(),
|
||||
name='my-node-children'),
|
||||
path('user/<uuid:pk>/nodes/<uuid:node_id>/assets/',
|
||||
api.UserGrantedNodeAssetsApi.as_view(), name='user-node-assets'),
|
||||
path('user/nodes/<uuid:node_id>/assets/',
|
||||
|
|
@ -55,7 +57,7 @@ urlpatterns = [
|
|||
name='asset-permission-add-asset'),
|
||||
|
||||
# 验证用户是否有某个资产和系统用户的权限
|
||||
path('asset-permission/user/validate/', api.ValidateUserAssetPermissionView.as_view(),
|
||||
path('asset-permission/user/validate/', api.ValidateUserAssetPermissionApi.as_view(),
|
||||
name='validate-user-asset-permission'),
|
||||
]
|
||||
|
||||
|
|
|
|||
|
|
@ -156,3 +156,22 @@ class AssetPermissionUtil:
|
|||
return tree.nodes
|
||||
|
||||
|
||||
def is_obj_attr_has(obj, val, attrs=("hostname", "ip", "comment")):
|
||||
if not attrs:
|
||||
vals = [val for val in obj.__dict__.values() if isinstance(val, (str, int))]
|
||||
else:
|
||||
vals = [getattr(obj, attr) for attr in attrs if
|
||||
hasattr(obj, attr) and isinstance(hasattr(obj, attr), (str, int))]
|
||||
|
||||
for v in vals:
|
||||
if str(v).find(val) != -1:
|
||||
return True
|
||||
return False
|
||||
|
||||
|
||||
def sort_assets(assets, order_by='hostname', reverse=False):
|
||||
if order_by == 'ip':
|
||||
assets = sorted(assets, key=lambda asset: [int(d) for d in asset.ip.split('.') if d.isdigit()], reverse=reverse)
|
||||
else:
|
||||
assets = sorted(assets, key=lambda asset: getattr(asset, order_by), reverse=reverse)
|
||||
return assets
|
||||
|
|
|
|||
|
|
@ -0,0 +1,388 @@
|
|||
.daterangepicker {
|
||||
position: absolute;
|
||||
color: inherit;
|
||||
background-color: #fff;
|
||||
border-radius: 4px;
|
||||
border: 1px solid #ddd;
|
||||
width: 278px;
|
||||
max-width: none;
|
||||
padding: 0;
|
||||
margin-top: 7px;
|
||||
top: 100px;
|
||||
left: 20px;
|
||||
z-index: 3001;
|
||||
display: none;
|
||||
font-family: arial;
|
||||
font-size: 15px;
|
||||
line-height: 1em;
|
||||
}
|
||||
|
||||
.daterangepicker:before, .daterangepicker:after {
|
||||
position: absolute;
|
||||
display: inline-block;
|
||||
border-bottom-color: rgba(0, 0, 0, 0.2);
|
||||
content: '';
|
||||
}
|
||||
|
||||
.daterangepicker:before {
|
||||
top: -7px;
|
||||
border-right: 7px solid transparent;
|
||||
border-left: 7px solid transparent;
|
||||
border-bottom: 7px solid #ccc;
|
||||
}
|
||||
|
||||
.daterangepicker:after {
|
||||
top: -6px;
|
||||
border-right: 6px solid transparent;
|
||||
border-bottom: 6px solid #fff;
|
||||
border-left: 6px solid transparent;
|
||||
}
|
||||
|
||||
.daterangepicker.opensleft:before {
|
||||
right: 9px;
|
||||
}
|
||||
|
||||
.daterangepicker.opensleft:after {
|
||||
right: 10px;
|
||||
}
|
||||
|
||||
.daterangepicker.openscenter:before {
|
||||
left: 0;
|
||||
right: 0;
|
||||
width: 0;
|
||||
margin-left: auto;
|
||||
margin-right: auto;
|
||||
}
|
||||
|
||||
.daterangepicker.openscenter:after {
|
||||
left: 0;
|
||||
right: 0;
|
||||
width: 0;
|
||||
margin-left: auto;
|
||||
margin-right: auto;
|
||||
}
|
||||
|
||||
.daterangepicker.opensright:before {
|
||||
left: 9px;
|
||||
}
|
||||
|
||||
.daterangepicker.opensright:after {
|
||||
left: 10px;
|
||||
}
|
||||
|
||||
.daterangepicker.drop-up {
|
||||
margin-top: -7px;
|
||||
}
|
||||
|
||||
.daterangepicker.drop-up:before {
|
||||
top: initial;
|
||||
bottom: -7px;
|
||||
border-bottom: initial;
|
||||
border-top: 7px solid #ccc;
|
||||
}
|
||||
|
||||
.daterangepicker.drop-up:after {
|
||||
top: initial;
|
||||
bottom: -6px;
|
||||
border-bottom: initial;
|
||||
border-top: 6px solid #fff;
|
||||
}
|
||||
|
||||
.daterangepicker.single .daterangepicker .ranges, .daterangepicker.single .drp-calendar {
|
||||
float: none;
|
||||
}
|
||||
|
||||
.daterangepicker.single .drp-selected {
|
||||
display: none;
|
||||
}
|
||||
|
||||
.daterangepicker.show-calendar .drp-calendar {
|
||||
display: block;
|
||||
}
|
||||
|
||||
.daterangepicker.show-calendar .drp-buttons {
|
||||
display: block;
|
||||
}
|
||||
|
||||
.daterangepicker.auto-apply .drp-buttons {
|
||||
display: none;
|
||||
}
|
||||
|
||||
.daterangepicker .drp-calendar {
|
||||
display: none;
|
||||
max-width: 270px;
|
||||
}
|
||||
|
||||
.daterangepicker .drp-calendar.left {
|
||||
padding: 8px 0 8px 8px;
|
||||
}
|
||||
|
||||
.daterangepicker .drp-calendar.right {
|
||||
padding: 8px;
|
||||
}
|
||||
|
||||
.daterangepicker .drp-calendar.single .calendar-table {
|
||||
border: none;
|
||||
}
|
||||
|
||||
.daterangepicker .calendar-table .next span, .daterangepicker .calendar-table .prev span {
|
||||
color: #fff;
|
||||
border: solid black;
|
||||
border-width: 0 2px 2px 0;
|
||||
border-radius: 0;
|
||||
display: inline-block;
|
||||
padding: 3px;
|
||||
}
|
||||
|
||||
.daterangepicker .calendar-table .next span {
|
||||
transform: rotate(-45deg);
|
||||
-webkit-transform: rotate(-45deg);
|
||||
}
|
||||
|
||||
.daterangepicker .calendar-table .prev span {
|
||||
transform: rotate(135deg);
|
||||
-webkit-transform: rotate(135deg);
|
||||
}
|
||||
|
||||
.daterangepicker .calendar-table th, .daterangepicker .calendar-table td {
|
||||
white-space: nowrap;
|
||||
text-align: center;
|
||||
vertical-align: middle;
|
||||
min-width: 32px;
|
||||
width: 32px;
|
||||
height: 24px;
|
||||
line-height: 24px;
|
||||
font-size: 12px;
|
||||
border-radius: 4px;
|
||||
border: 1px solid transparent;
|
||||
white-space: nowrap;
|
||||
cursor: pointer;
|
||||
}
|
||||
|
||||
.daterangepicker .calendar-table {
|
||||
border: 1px solid #fff;
|
||||
border-radius: 4px;
|
||||
background-color: #fff;
|
||||
}
|
||||
|
||||
.daterangepicker .calendar-table table {
|
||||
width: 100%;
|
||||
margin: 0;
|
||||
border-spacing: 0;
|
||||
border-collapse: collapse;
|
||||
}
|
||||
|
||||
.daterangepicker td.available:hover, .daterangepicker th.available:hover {
|
||||
background-color: #eee;
|
||||
border-color: transparent;
|
||||
color: inherit;
|
||||
}
|
||||
|
||||
.daterangepicker td.week, .daterangepicker th.week {
|
||||
font-size: 80%;
|
||||
color: #ccc;
|
||||
}
|
||||
|
||||
.daterangepicker td.off, .daterangepicker td.off.in-range, .daterangepicker td.off.start-date, .daterangepicker td.off.end-date {
|
||||
background-color: #fff;
|
||||
border-color: transparent;
|
||||
color: #999;
|
||||
}
|
||||
|
||||
.daterangepicker td.in-range {
|
||||
background-color: #ebf4f8;
|
||||
border-color: transparent;
|
||||
color: #000;
|
||||
border-radius: 0;
|
||||
}
|
||||
|
||||
.daterangepicker td.start-date {
|
||||
border-radius: 4px 0 0 4px;
|
||||
}
|
||||
|
||||
.daterangepicker td.end-date {
|
||||
border-radius: 0 4px 4px 0;
|
||||
}
|
||||
|
||||
.daterangepicker td.start-date.end-date {
|
||||
border-radius: 4px;
|
||||
}
|
||||
|
||||
.daterangepicker td.active, .daterangepicker td.active:hover {
|
||||
background-color: #357ebd;
|
||||
border-color: transparent;
|
||||
color: #fff;
|
||||
}
|
||||
|
||||
.daterangepicker th.month {
|
||||
width: auto;
|
||||
}
|
||||
|
||||
.daterangepicker td.disabled, .daterangepicker option.disabled {
|
||||
color: #999;
|
||||
cursor: not-allowed;
|
||||
text-decoration: line-through;
|
||||
}
|
||||
|
||||
.daterangepicker select.monthselect, .daterangepicker select.yearselect {
|
||||
font-size: 12px;
|
||||
padding: 1px;
|
||||
height: auto;
|
||||
margin: 0;
|
||||
cursor: default;
|
||||
}
|
||||
|
||||
.daterangepicker select.monthselect {
|
||||
margin-right: 2%;
|
||||
width: 56%;
|
||||
}
|
||||
|
||||
.daterangepicker select.yearselect {
|
||||
width: 40%;
|
||||
}
|
||||
|
||||
.daterangepicker select.hourselect, .daterangepicker select.minuteselect, .daterangepicker select.secondselect, .daterangepicker select.ampmselect {
|
||||
width: 50px;
|
||||
margin: 0 auto;
|
||||
background: #eee;
|
||||
border: 1px solid #eee;
|
||||
padding: 2px;
|
||||
outline: 0;
|
||||
font-size: 12px;
|
||||
}
|
||||
|
||||
.daterangepicker .calendar-time {
|
||||
text-align: center;
|
||||
margin: 4px auto 0 auto;
|
||||
line-height: 30px;
|
||||
position: relative;
|
||||
}
|
||||
|
||||
.daterangepicker .calendar-time select.disabled {
|
||||
color: #ccc;
|
||||
cursor: not-allowed;
|
||||
}
|
||||
|
||||
.daterangepicker .drp-buttons {
|
||||
clear: both;
|
||||
text-align: right;
|
||||
padding: 8px;
|
||||
border-top: 1px solid #ddd;
|
||||
display: none;
|
||||
line-height: 12px;
|
||||
vertical-align: middle;
|
||||
}
|
||||
|
||||
.daterangepicker .drp-selected {
|
||||
display: inline-block;
|
||||
font-size: 12px;
|
||||
padding-right: 8px;
|
||||
}
|
||||
|
||||
.daterangepicker .drp-buttons .btn {
|
||||
margin-left: 8px;
|
||||
font-size: 12px;
|
||||
font-weight: bold;
|
||||
padding: 4px 8px;
|
||||
}
|
||||
|
||||
.daterangepicker.show-ranges .drp-calendar.left {
|
||||
border-left: 1px solid #ddd;
|
||||
}
|
||||
|
||||
.daterangepicker .ranges {
|
||||
float: none;
|
||||
text-align: left;
|
||||
margin: 0;
|
||||
}
|
||||
|
||||
.daterangepicker.show-calendar .ranges {
|
||||
margin-top: 8px;
|
||||
}
|
||||
|
||||
.daterangepicker .ranges ul {
|
||||
list-style: none;
|
||||
margin: 0 auto;
|
||||
padding: 0;
|
||||
width: 100%;
|
||||
}
|
||||
|
||||
.daterangepicker .ranges li {
|
||||
font-size: 12px;
|
||||
padding: 8px 12px;
|
||||
cursor: pointer;
|
||||
}
|
||||
|
||||
.daterangepicker .ranges li:hover {
|
||||
background-color: #eee;
|
||||
}
|
||||
|
||||
.daterangepicker .ranges li.active {
|
||||
background-color: #08c;
|
||||
color: #fff;
|
||||
}
|
||||
|
||||
/* Larger Screen Styling */
|
||||
@media (min-width: 564px) {
|
||||
.daterangepicker {
|
||||
width: auto; }
|
||||
.daterangepicker .ranges ul {
|
||||
width: 140px; }
|
||||
.daterangepicker.single .ranges ul {
|
||||
width: 100%; }
|
||||
.daterangepicker.single .drp-calendar.left {
|
||||
clear: none; }
|
||||
.daterangepicker.single.ltr .ranges, .daterangepicker.single.ltr .drp-calendar {
|
||||
float: left; }
|
||||
.daterangepicker.single.rtl .ranges, .daterangepicker.single.rtl .drp-calendar {
|
||||
float: right; }
|
||||
.daterangepicker.ltr {
|
||||
direction: ltr;
|
||||
text-align: left; }
|
||||
.daterangepicker.ltr .drp-calendar.left {
|
||||
clear: left;
|
||||
margin-right: 0; }
|
||||
.daterangepicker.ltr .drp-calendar.left .calendar-table {
|
||||
border-right: none;
|
||||
border-top-right-radius: 0;
|
||||
border-bottom-right-radius: 0; }
|
||||
.daterangepicker.ltr .drp-calendar.right {
|
||||
margin-left: 0; }
|
||||
.daterangepicker.ltr .drp-calendar.right .calendar-table {
|
||||
border-left: none;
|
||||
border-top-left-radius: 0;
|
||||
border-bottom-left-radius: 0; }
|
||||
.daterangepicker.ltr .drp-calendar.left .calendar-table {
|
||||
padding-right: 8px; }
|
||||
.daterangepicker.ltr .ranges, .daterangepicker.ltr .drp-calendar {
|
||||
float: left; }
|
||||
.daterangepicker.rtl {
|
||||
direction: rtl;
|
||||
text-align: right; }
|
||||
.daterangepicker.rtl .drp-calendar.left {
|
||||
clear: right;
|
||||
margin-left: 0; }
|
||||
.daterangepicker.rtl .drp-calendar.left .calendar-table {
|
||||
border-left: none;
|
||||
border-top-left-radius: 0;
|
||||
border-bottom-left-radius: 0; }
|
||||
.daterangepicker.rtl .drp-calendar.right {
|
||||
margin-right: 0; }
|
||||
.daterangepicker.rtl .drp-calendar.right .calendar-table {
|
||||
border-right: none;
|
||||
border-top-right-radius: 0;
|
||||
border-bottom-right-radius: 0; }
|
||||
.daterangepicker.rtl .drp-calendar.left .calendar-table {
|
||||
padding-left: 12px; }
|
||||
.daterangepicker.rtl .ranges, .daterangepicker.rtl .drp-calendar {
|
||||
text-align: right;
|
||||
float: right; } }
|
||||
@media (min-width: 730px) {
|
||||
.daterangepicker .ranges {
|
||||
width: auto; }
|
||||
.daterangepicker.ltr .ranges {
|
||||
float: left; }
|
||||
.daterangepicker.rtl .ranges {
|
||||
float: right; }
|
||||
.daterangepicker .drp-calendar.left {
|
||||
clear: none !important; } }
|
||||
|
|
@ -146,12 +146,15 @@ function activeNav() {
|
|||
if (app === ''){
|
||||
$('#index').addClass('active');
|
||||
}
|
||||
else if (app === 'xpack') {
|
||||
else if (app === 'xpack' && resource === 'cloud') {
|
||||
var item = url_array[3];
|
||||
$("#" + app).addClass('active');
|
||||
$('#' + app + ' #' + resource).addClass('active');
|
||||
$('#' + app + ' #' + resource + ' #' + item + ' a').css('color', '#ffffff');
|
||||
}
|
||||
else if (app === 'settings'){
|
||||
$("#" + app).addClass('active');
|
||||
}
|
||||
else {
|
||||
$("#" + app).addClass('active');
|
||||
$('#' + app + ' #' + resource).addClass('active');
|
||||
|
|
|
|||
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
|
@ -31,8 +31,8 @@
|
|||
<div class="ibox-content">
|
||||
{% if form.errors.all %}
|
||||
<div class="alert alert-danger" style="margin: 20px auto 0px">
|
||||
{{ form.errors.all }}
|
||||
</div>
|
||||
{{ form.errors.all }}
|
||||
</div>
|
||||
{% endif %}
|
||||
{% block form %}
|
||||
{% endblock %}
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
{% load i18n %}
|
||||
<div class="footer fixed">
|
||||
<div class="pull-right">
|
||||
Version <strong>1.4.3-{% include '_build.html' %}</strong> GPLv2.
|
||||
Version <strong>1.4.4-{% include '_build.html' %}</strong> GPLv2.
|
||||
<!--<img style="display: none" src="http://www.jumpserver.org/img/evaluate_avatar1.jpg">-->
|
||||
</div>
|
||||
<div>
|
||||
|
|
|
|||
|
|
@ -2,6 +2,8 @@ from importlib import import_module
|
|||
from django.conf import settings
|
||||
from .command.serializers import SessionCommandSerializer
|
||||
|
||||
from common import utils
|
||||
|
||||
TYPE_ENGINE_MAPPING = {
|
||||
'elasticsearch': 'terminal.backends.command.es',
|
||||
}
|
||||
|
|
@ -16,7 +18,9 @@ def get_command_storage():
|
|||
|
||||
def get_terminal_command_storages():
|
||||
storage_list = {}
|
||||
for name, params in settings.TERMINAL_COMMAND_STORAGE.items():
|
||||
command_storage = utils.get_command_storage_or_create_default_storage()
|
||||
|
||||
for name, params in command_storage.items():
|
||||
tp = params['TYPE']
|
||||
if tp == 'server':
|
||||
storage = get_command_storage()
|
||||
|
|
|
|||
|
|
@ -2,36 +2,33 @@
|
|||
#
|
||||
|
||||
from django import forms
|
||||
from django.conf import settings
|
||||
from django.utils.translation import ugettext_lazy as _
|
||||
|
||||
from .models import Terminal
|
||||
|
||||
|
||||
def get_all_command_storage():
|
||||
# storage_choices = []
|
||||
from common.models import Setting
|
||||
Setting.refresh_all_settings()
|
||||
for k, v in settings.TERMINAL_COMMAND_STORAGE.items():
|
||||
from common import utils
|
||||
command_storage = utils.get_command_storage_or_create_default_storage()
|
||||
for k, v in command_storage.items():
|
||||
yield (k, k)
|
||||
|
||||
|
||||
def get_all_replay_storage():
|
||||
# storage_choices = []
|
||||
from common.models import Setting
|
||||
Setting.refresh_all_settings()
|
||||
for k, v in settings.TERMINAL_REPLAY_STORAGE.items():
|
||||
from common import utils
|
||||
replay_storage = utils.get_replay_storage_or_create_default_storage()
|
||||
for k, v in replay_storage.items():
|
||||
yield (k, k)
|
||||
|
||||
|
||||
class TerminalForm(forms.ModelForm):
|
||||
command_storage = forms.ChoiceField(
|
||||
choices=get_all_command_storage(),
|
||||
choices=get_all_command_storage,
|
||||
label=_("Command storage"),
|
||||
help_text=_("Command can store in server db or ES, default to server, more see docs"),
|
||||
)
|
||||
replay_storage = forms.ChoiceField(
|
||||
choices=get_all_replay_storage(),
|
||||
choices=get_all_replay_storage,
|
||||
label=_("Replay storage"),
|
||||
help_text=_("Replay file can store in server disk, AWS S3, Aliyun OSS, default to server, more see docs"),
|
||||
)
|
||||
|
|
|
|||
|
|
@ -43,10 +43,13 @@ class UserAuthApi(RootOrgViewMixin, APIView):
|
|||
|
||||
user, msg = self.check_user_valid(request)
|
||||
if not user:
|
||||
username = request.data.get('username', '')
|
||||
exist = User.objects.filter(username=username).first()
|
||||
reason = LoginLog.REASON_PASSWORD if exist else LoginLog.REASON_NOT_EXIST
|
||||
data = {
|
||||
'username': request.data.get('username', ''),
|
||||
'username': username,
|
||||
'mfa': LoginLog.MFA_UNKNOWN,
|
||||
'reason': LoginLog.REASON_PASSWORD,
|
||||
'reason': reason,
|
||||
'status': False
|
||||
}
|
||||
self.write_login_log(request, data)
|
||||
|
|
|
|||
|
|
@ -3,6 +3,7 @@
|
|||
|
||||
from rest_framework import generics
|
||||
from rest_framework_bulk import BulkModelViewSet
|
||||
from rest_framework.pagination import LimitOffsetPagination
|
||||
|
||||
from ..serializers import UserGroupSerializer, \
|
||||
UserGroupUpdateMemeberSerializer
|
||||
|
|
@ -15,9 +16,12 @@ __all__ = ['UserGroupViewSet', 'UserGroupUpdateUserApi']
|
|||
|
||||
|
||||
class UserGroupViewSet(IDInFilterMixin, BulkModelViewSet):
|
||||
filter_fields = ("name",)
|
||||
search_fields = filter_fields
|
||||
queryset = UserGroup.objects.all()
|
||||
serializer_class = UserGroupSerializer
|
||||
permission_classes = (IsOrgAdmin,)
|
||||
pagination_class = LimitOffsetPagination
|
||||
|
||||
|
||||
class UserGroupUpdateUserApi(generics.RetrieveUpdateAPIView):
|
||||
|
|
|
|||
|
|
@ -9,6 +9,7 @@ from rest_framework import generics
|
|||
from rest_framework.response import Response
|
||||
from rest_framework.permissions import IsAuthenticated
|
||||
from rest_framework_bulk import BulkModelViewSet
|
||||
from rest_framework.pagination import LimitOffsetPagination
|
||||
|
||||
from ..serializers import UserSerializer, UserPKUpdateSerializer, \
|
||||
UserUpdateGroupSerializer, ChangeUserPasswordSerializer
|
||||
|
|
@ -28,10 +29,12 @@ __all__ = [
|
|||
|
||||
|
||||
class UserViewSet(IDInFilterMixin, BulkModelViewSet):
|
||||
filter_fields = ('username', 'email', 'name', 'id')
|
||||
search_fields = filter_fields
|
||||
queryset = User.objects.exclude(role="App")
|
||||
serializer_class = UserSerializer
|
||||
permission_classes = (IsOrgAdmin,)
|
||||
filter_fields = ('username', 'email', 'name', 'id')
|
||||
pagination_class = LimitOffsetPagination
|
||||
|
||||
def get_queryset(self):
|
||||
queryset = super().get_queryset()
|
||||
|
|
|
|||
|
|
@ -55,11 +55,13 @@ class LoginLog(models.Model):
|
|||
REASON_NOTHING = 0
|
||||
REASON_PASSWORD = 1
|
||||
REASON_MFA = 2
|
||||
REASON_NOT_EXIST = 3
|
||||
|
||||
REASON_CHOICE = (
|
||||
(REASON_NOTHING, _('-')),
|
||||
(REASON_PASSWORD, _('Username/password check failed')),
|
||||
(REASON_MFA, _('MFA authentication failed')),
|
||||
(REASON_NOT_EXIST, _("Username does not exist")),
|
||||
)
|
||||
|
||||
STATUS_CHOICE = (
|
||||
|
|
@ -67,7 +69,7 @@ class LoginLog(models.Model):
|
|||
(False, _('Failed'))
|
||||
)
|
||||
id = models.UUIDField(default=uuid.uuid4, primary_key=True)
|
||||
username = models.CharField(max_length=20, verbose_name=_('Username'))
|
||||
username = models.CharField(max_length=128, verbose_name=_('Username'))
|
||||
type = models.CharField(choices=LOGIN_TYPE_CHOICE, max_length=2, verbose_name=_('Login type'))
|
||||
ip = models.GenericIPAddressField(verbose_name=_('Login ip'))
|
||||
city = models.CharField(max_length=254, blank=True, null=True, verbose_name=_('Login city'))
|
||||
|
|
|
|||
|
|
@ -40,9 +40,11 @@ class User(AbstractUser):
|
|||
)
|
||||
SOURCE_LOCAL = 'local'
|
||||
SOURCE_LDAP = 'ldap'
|
||||
SOURCE_OPENID = 'openid'
|
||||
SOURCE_CHOICES = (
|
||||
(SOURCE_LOCAL, 'Local'),
|
||||
(SOURCE_LDAP, 'LDAP/AD'),
|
||||
(SOURCE_OPENID, 'OpenID'),
|
||||
)
|
||||
id = models.UUIDField(default=uuid.uuid4, primary_key=True)
|
||||
username = models.CharField(
|
||||
|
|
|
|||
|
|
@ -30,7 +30,7 @@
|
|||
<div class="col-sm-9">
|
||||
<div class="input-group date">
|
||||
<span class="input-group-addon"><i class="fa fa-calendar"></i></span>
|
||||
<input id="{{ form.date_expired.id_for_label }}" name="{{ form.date_expired.html_name }}" type="text" class="form-control" value="{{ form.date_expired.value|date:'Y-m-d' }}">
|
||||
<input id="{{ form.date_expired.id_for_label }}" name="{{ form.date_expired.html_name }}" type="text" class="form-control" value="{{ form.date_expired.value|date:'Y-m-d H:i' }}">
|
||||
</div>
|
||||
<span class="help-block ">{{ form.date_expired.errors }}</span>
|
||||
</div>
|
||||
|
|
@ -52,18 +52,24 @@
|
|||
{% endblock %}
|
||||
{% block custom_foot_js %}
|
||||
<script src="{% static 'js/plugins/datepicker/bootstrap-datepicker.js' %}"></script>
|
||||
<script type="text/javascript" src='{% static "js/plugins/daterangepicker/moment.min.js" %}'></script>
|
||||
<script type="text/javascript" src='{% static "js/plugins/daterangepicker/daterangepicker.min.js" %}'></script>
|
||||
<link rel="stylesheet" type="text/css" href={% static "css/plugins/daterangepicker/daterangepicker.css" %} />
|
||||
|
||||
<script>
|
||||
var dateOptions = {
|
||||
singleDatePicker: true,
|
||||
showDropdowns: true,
|
||||
timePicker: true,
|
||||
timePicker24Hour: true,
|
||||
autoApply: true,
|
||||
locale: {
|
||||
format: 'YYYY-MM-DD HH:mm'
|
||||
}
|
||||
};
|
||||
$(document).ready(function () {
|
||||
$('.select2').select2();
|
||||
|
||||
$('.input-group.date').datepicker({
|
||||
format: "yyyy-mm-dd",
|
||||
todayBtn: "linked",
|
||||
keyboardNavigation: false,
|
||||
forceParse: false,
|
||||
calendarWeeks: true,
|
||||
autoclose: true
|
||||
});
|
||||
$('#id_date_expired').daterangepicker(dateOptions);
|
||||
})
|
||||
</script>
|
||||
{% endblock %}
|
||||
|
|
|
|||
|
|
@ -75,9 +75,23 @@
|
|||
</p>
|
||||
{% endif %}
|
||||
|
||||
<a href="{% url 'users:forgot-password' %}">
|
||||
<small>{% trans 'Forgot password' %}?</small>
|
||||
</a>
|
||||
<div class="text-muted text-center">
|
||||
<div>
|
||||
<a href="{% url 'users:forgot-password' %}">
|
||||
<small>{% trans 'Forgot password' %}?</small>
|
||||
</a>
|
||||
</div>
|
||||
|
||||
{% if AUTH_OPENID %}
|
||||
<div class="hr-line-dashed"></div>
|
||||
<p class="text-muted text-center">{% trans "More login options" %}</p>
|
||||
<div>
|
||||
<button type="button" class="btn btn-default btn-sm btn-block" onclick="location.href='{% url 'authentication:openid-login' %}'">
|
||||
<i class="fa fa-openid"></i>
|
||||
{% trans 'Keycloak' %}
|
||||
</button>
|
||||
</div>
|
||||
{% endif %}
|
||||
|
||||
</form>
|
||||
<p class="m-t">
|
||||
|
|
|
|||
|
|
@ -103,7 +103,7 @@ function initTable() {
|
|||
{data: "system_users_granted", orderable: false}
|
||||
]
|
||||
};
|
||||
asset_table = jumpserver.initDataTable(options);
|
||||
asset_table = jumpserver.initServerSideDataTable(options)
|
||||
}
|
||||
|
||||
function onSelected(event, treeNode) {
|
||||
|
|
|
|||
|
|
@ -58,7 +58,8 @@ $(document).ready(function() {
|
|||
order: [],
|
||||
op_html: $('#actions').html()
|
||||
};
|
||||
jumpserver.initDataTable(options);
|
||||
jumpserver.initServerSideDataTable(options);
|
||||
|
||||
}).on('click', '.btn_delete_user_group', function(){
|
||||
var $this = $(this);
|
||||
var group_id = $this.data('gid');
|
||||
|
|
|
|||
|
|
@ -95,7 +95,7 @@ function initTable() {
|
|||
],
|
||||
op_html: $('#actions').html()
|
||||
};
|
||||
table = jumpserver.initDataTable(options);
|
||||
var table = jumpserver.initServerSideDataTable(options);
|
||||
return table
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -21,6 +21,7 @@ from formtools.wizard.views import SessionWizardView
|
|||
from django.conf import settings
|
||||
|
||||
from common.utils import get_object_or_none, get_request_ip
|
||||
from common.models import common_settings
|
||||
from ..models import User, LoginLog
|
||||
from ..utils import send_reset_password_mail, check_otp_code, \
|
||||
redirect_user_first_login_or_index, get_user_or_tmp_user, \
|
||||
|
|
@ -78,12 +79,15 @@ class UserLoginView(FormView):
|
|||
def form_invalid(self, form):
|
||||
# write login failed log
|
||||
username = form.cleaned_data.get('username')
|
||||
exist = User.objects.filter(username=username).first()
|
||||
reason = LoginLog.REASON_PASSWORD if exist else LoginLog.REASON_NOT_EXIST
|
||||
data = {
|
||||
'username': username,
|
||||
'mfa': LoginLog.MFA_UNKNOWN,
|
||||
'reason': LoginLog.REASON_PASSWORD,
|
||||
'reason': reason,
|
||||
'status': False
|
||||
}
|
||||
|
||||
self.write_login_log(data)
|
||||
|
||||
# limit user login failed count
|
||||
|
|
@ -128,6 +132,7 @@ class UserLoginView(FormView):
|
|||
def get_context_data(self, **kwargs):
|
||||
context = {
|
||||
'demo_mode': os.environ.get("DEMO_MODE"),
|
||||
'AUTH_OPENID': settings.AUTH_OPENID,
|
||||
}
|
||||
kwargs.update(context)
|
||||
return super().get_context_data(**kwargs)
|
||||
|
|
@ -196,6 +201,9 @@ class UserLogoutView(TemplateView):
|
|||
|
||||
def get(self, request, *args, **kwargs):
|
||||
auth_logout(request)
|
||||
next_uri = request.COOKIES.get("next")
|
||||
if next_uri:
|
||||
return redirect(next_uri)
|
||||
response = super().get(request, *args, **kwargs)
|
||||
return response
|
||||
|
||||
|
|
@ -318,7 +326,7 @@ class UserFirstLoginView(LoginRequiredMixin, SessionWizardView):
|
|||
user.is_public_key_valid = True
|
||||
user.save()
|
||||
context = {
|
||||
'user_guide_url': settings.USER_GUIDE_URL
|
||||
'user_guide_url': common_settings.USER_GUIDE_URL
|
||||
}
|
||||
return render(self.request, 'users/first_login_done.html', context)
|
||||
|
||||
|
|
|
|||
|
|
@ -54,6 +54,14 @@ class Config:
|
|||
REDIS_DB_CELERY = os.environ.get('REDIS_DB') or 3
|
||||
REDIS_DB_CACHE = os.environ.get('REDIS_DB') or 4
|
||||
|
||||
# Use OpenID authorization
|
||||
# BASE_SITE_URL = 'http://localhost:8080'
|
||||
# AUTH_OPENID = False # True or False
|
||||
# AUTH_OPENID_SERVER_URL = 'https://openid-auth-server.com/'
|
||||
# AUTH_OPENID_REALM_NAME = 'realm-name'
|
||||
# AUTH_OPENID_CLIENT_ID = 'client-id'
|
||||
# AUTH_OPENID_CLIENT_SECRET = 'client-secret'
|
||||
|
||||
def __init__(self):
|
||||
pass
|
||||
|
||||
|
|
|
|||
19
jms
19
jms
|
|
@ -42,10 +42,26 @@ try:
|
|||
except:
|
||||
pass
|
||||
|
||||
def check_database_connection():
|
||||
os.chdir(os.path.join(BASE_DIR, 'apps'))
|
||||
for i in range(60):
|
||||
print("Check database connection ...")
|
||||
code = subprocess.call("python manage.py showmigrations users ", shell=True)
|
||||
if code == 0:
|
||||
print("Database connect success")
|
||||
return
|
||||
time.sleep(1)
|
||||
print("Connection database failed, exist")
|
||||
sys.exit(10)
|
||||
|
||||
|
||||
def make_migrations():
|
||||
print("Check database structure change ...")
|
||||
os.chdir(os.path.join(BASE_DIR, 'apps'))
|
||||
if len(os.listdir('assets/migrations')) < 4:
|
||||
print("Make database migrations ...")
|
||||
subprocess.call('python3 manage.py makemigrations', shell=True)
|
||||
print("Migrate model change to database ...")
|
||||
subprocess.call('python3 manage.py migrate', shell=True)
|
||||
|
||||
|
||||
|
|
@ -56,6 +72,7 @@ def collect_static():
|
|||
|
||||
|
||||
def prepare():
|
||||
check_database_connection()
|
||||
make_migrations()
|
||||
collect_static()
|
||||
|
||||
|
|
@ -112,7 +129,6 @@ def parse_service(s):
|
|||
|
||||
def start_gunicorn():
|
||||
print("\n- Start Gunicorn WSGI HTTP Server")
|
||||
prepare()
|
||||
service = 'gunicorn'
|
||||
bind = '{}:{}'.format(HTTP_HOST, HTTP_PORT)
|
||||
log_format = '%(h)s %(t)s "%(r)s" %(s)s %(b)s '
|
||||
|
|
@ -205,6 +221,7 @@ def start_service(s):
|
|||
print(time.ctime())
|
||||
print('Jumpserver version {}, more see https://www.jumpserver.org'.format(
|
||||
__version__))
|
||||
prepare()
|
||||
|
||||
services_handler = {
|
||||
"gunicorn": start_gunicorn,
|
||||
|
|
|
|||
|
|
@ -1 +1 @@
|
|||
libtiff5-dev libjpeg8-dev zlib1g-dev libfreetype6-dev liblcms2-dev libwebp-dev tcl8.5-dev tk8.5-dev python-tk python-dev openssl libssl-dev libldap2-dev libsasl2-dev sqlite gcc automake libkrb5-dev
|
||||
libtiff5-dev libjpeg8-dev zlib1g-dev libfreetype6-dev liblcms2-dev libwebp-dev tcl8.5-dev tk8.5-dev python-tk python-dev openssl libssl-dev libldap2-dev libsasl2-dev sqlite gcc automake libkrb5-dev sshpass
|
||||
|
|
|
|||
|
|
@ -35,7 +35,7 @@ eventlet==0.24.1
|
|||
ForgeryPy==0.1
|
||||
greenlet==0.4.14
|
||||
gunicorn==19.9.0
|
||||
idna==2.7
|
||||
idna==2.6
|
||||
itsdangerous==0.24
|
||||
itypes==1.1.0
|
||||
Jinja2==2.10
|
||||
|
|
@ -61,7 +61,7 @@ pytz==2018.3
|
|||
PyYAML==3.12
|
||||
redis==2.10.6
|
||||
requests==2.18.4
|
||||
jms-storage==0.0.19
|
||||
jms-storage==0.0.20
|
||||
s3transfer==0.1.13
|
||||
simplejson==3.13.2
|
||||
six==1.11.0
|
||||
|
|
@ -74,4 +74,5 @@ Werkzeug==0.14.1
|
|||
drf-nested-routers==0.90.2
|
||||
aliyun-python-sdk-core-v3==2.9.1
|
||||
aliyun-python-sdk-ecs==4.10.1
|
||||
tencentcloud-sdk-python==3.0.32
|
||||
python-keycloak==0.13.3
|
||||
python-keycloak-client==0.1.3
|
||||
|
|
|
|||
|
|
@ -1 +1 @@
|
|||
libtiff-devel libjpeg-devel libzip-devel freetype-devel lcms2-devel libwebp-devel tcl-devel tk-devel sshpass openldap-devel mysql-devel libffi-devel openssh-clients
|
||||
libtiff-devel libjpeg-devel libzip-devel freetype-devel lcms2-devel libwebp-devel tcl-devel tk-devel sshpass openldap-devel mariadb-devel mysql-devel libffi-devel openssh-clients
|
||||
|
|
|
|||
Loading…
Reference in New Issue