github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

perf: add user filter

pull/14871/head
ibuler 2025-02-10 17:39:03 +08:00
parent 5067b7635f
commit 96f8b929e5
4 changed files with 73 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
apps/i18n/lina/en.json
View File

@ -509,9 +509,12 @@
"ExistError": "This element already exists", "ExistError": "This element already exists",
"Existing": "Already exists", "Existing": "Already exists",
"ExpirationTimeout": "Expiration timeout (seconds)", "ExpirationTimeout": "Expiration timeout (seconds)",
"Expire": "Expired", "Expire": "Expire",
"Expired": "Expiration date", "Expired": "Expired",
"Export": "Export", "Export": "Export",
"NeverLogin": "Never login",
"NoMFA": "MFA not enabled",
"LoginBlocked": "Login blocked",
"ExportAll": "Export all", "ExportAll": "Export all",
"ExportOnlyFiltered": "Export filtered items", "ExportOnlyFiltered": "Export filtered items",
"ExportOnlySelectedItems": "Export selected items", "ExportOnlySelectedItems": "Export selected items",

3
apps/i18n/lina/zh.json
View File

@ -1003,6 +1003,9 @@
"RestoreDialogTitle": "你确认吗", "RestoreDialogTitle": "你确认吗",
"Result": "结果", "Result": "结果",
"Resume": "恢复", "Resume": "恢复",
"NeverLogin": "从未登录",
"NoMFA": "未启用 MFA",
"LoginBlocked": "登录被阻止",
"ResumeTaskSendSuccessMsg": "恢复任务已下发,请稍后刷新查看", "ResumeTaskSendSuccessMsg": "恢复任务已下发,请稍后刷新查看",
"Retry": "重试", "Retry": "重试",
"RetrySelected": "重试所选", "RetrySelected": "重试所选",

60
apps/users/filters.py
View File

@ -1,11 +1,13 @@
from django.db.models import Q
from django.utils import timezone
from django.utils.translation import gettext as _ from django.utils.translation import gettext as _
from django_filters import rest_framework as filters from django_filters import rest_framework as filters
from common.drf.filters import BaseFilterSet from common.drf.filters import BaseFilterSet
from common.utils import is_uuid from common.utils import is_uuid
from jumpserver import settings
from rbac.models import Role, OrgRoleBinding, SystemRoleBinding from rbac.models import Role, OrgRoleBinding, SystemRoleBinding
from users.models.user import User from users.models.user import User
from orgs.utils import current_org
class UserFilter(BaseFilterSet): class UserFilter(BaseFilterSet):
@ -16,15 +18,69 @@ class UserFilter(BaseFilterSet):
exclude_group_id = filters.CharFilter( exclude_group_id = filters.CharFilter(
field_name="groups__id", lookup_expr='exact', exclude=True field_name="groups__id", lookup_expr='exact', exclude=True
) )
is_expired = filters.BooleanFilter(method='filter_is_expired')
is_valid = filters.BooleanFilter(method='filter_is_valid')
is_password_expired = filters.BooleanFilter(method='filter_long_time')
is_long_time_no_login = filters.BooleanFilter(method='filter_long_time')
is_login_blocked = filters.BooleanFilter(method='filter_is_blocked')
class Meta: class Meta:
model = User model = User
fields = ( fields = (
'id', 'username', 'email', 'name', 'id', 'username', 'email', 'name',
'groups', 'group_id', 'exclude_group_id', 'groups', 'group_id', 'exclude_group_id',
'source', 'org_roles', 'system_roles', 'is_active', 'source', 'org_roles', 'system_roles',
'is_active', 'is_first_login',
) )
def filter_is_blocked(self, queryset, name, value):
from users.utils import LoginBlockUtil
usernames = LoginBlockUtil.get_blocked_usernames()
if value:
queryset = queryset.filter(username__in=usernames)
else:
queryset = queryset.exclude(username__in=usernames)
return queryset
def filter_long_time(self, queryset, name, value):
now = timezone.now()
if name == 'is_password_expired':
interval = settings.SECURITY_PASSWORD_EXPIRATION_TIME
else:
interval = 30
date_expired = now - timezone.timedelta(days=int(interval))
if name == 'is_password_expired':
key = 'date_password_last_updated'
elif name == 'long_time_no_login':
key = 'last_login'
else:
raise ValueError('Invalid filter name')
if value:
kwargs = {f'{key}__lt': date_expired}
else:
kwargs = {f'{key}__gt': date_expired}
q = Q(**kwargs) | Q(**{f'{key}__isnull': True})
return queryset.filter(q)
def filter_is_valid(self, queryset, name, value):
if value:
queryset = self.filter_is_expired(queryset, name, False).filter(is_active=True)
else:
q = Q(date_expired__lt=timezone.now()) | Q(is_active=False)
queryset = queryset.filter(q)
return queryset
@staticmethod
def filter_is_expired(queryset, name, value):
now = timezone.now()
if value:
queryset = queryset.filter(date_expired__lt=now)
else:
queryset = queryset.filter(date_expired__gte=now)
return queryset
@staticmethod @staticmethod
def _get_role(value): def _get_role(value):
from rbac.builtin import BuiltinRole from rbac.builtin import BuiltinRole

6
apps/users/utils.py
View File

@ -172,6 +172,12 @@ class BlockUtilBase:
def is_block(self): def is_block(self):
return bool(cache.get(self.block_key)) return bool(cache.get(self.block_key))
@classmethod
def get_blocked_usernames(cls):
key = cls.BLOCK_KEY_TMPL.format('*')
keys = cache.keys(key)
return [k.split('_')[-1] for k in keys]
class BlockGlobalIpUtilBase: class BlockGlobalIpUtilBase:
LIMIT_KEY_TMPL: str LIMIT_KEY_TMPL: str