github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #15000 from jumpserver/pr@dev@connectiontoken 

perf: connection token
pull/15001/head
feng626 2025-03-11 18:34:35 +08:00 committed by GitHub
parent 82de373f8e a2aa5e9bf9
commit a26cc7ce1f
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 26 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
apps/authentication/api/connection_token.py
View File

@ -29,9 +29,9 @@ from terminal.models import EndpointRule, Endpoint
from users.const import FileNameConflictResolution from users.const import FileNameConflictResolution
from users.const import RDPSmartSize, RDPColorQuality from users.const import RDPSmartSize, RDPColorQuality
from users.models import Preference from users.models import Preference
from ..models import ConnectionToken, AdminConnectionToken, date_expired_default
from .face import FaceMonitorContext from .face import FaceMonitorContext
from ..mixins import AuthFaceMixin from ..mixins import AuthFaceMixin
from ..models import ConnectionToken, AdminConnectionToken, date_expired_default
from ..serializers import ( from ..serializers import (
ConnectionTokenSerializer, ConnectionTokenSecretSerializer, ConnectionTokenSerializer, ConnectionTokenSecretSerializer,
SuperConnectionTokenSerializer, ConnectTokenAppletOptionSerializer, SuperConnectionTokenSerializer, ConnectTokenAppletOptionSerializer,
@ -442,9 +442,12 @@ class ConnectionTokenViewSet(AuthFaceMixin, ExtraActionApiMixin, RootOrgViewMixi
return data return data
@staticmethod @staticmethod
def _validate_perm(user, asset, account_name, protocol): def get_permed_account(user, asset, account_name, protocol):
from perms.utils.asset_perm import PermAssetDetailUtil from perms.utils.asset_perm import PermAssetDetailUtil
account = PermAssetDetailUtil(user, asset).validate_permission(account_name, protocol) return PermAssetDetailUtil(user, asset).validate_permission(account_name, protocol)
def _validate_perm(self, user, asset, account_name, protocol):
account = self.get_permed_account(user, asset, account_name, protocol)
if not account or not account.actions: if not account or not account.actions:
msg = _('Account not found') msg = _('Account not found')
raise JMSException(code='perm_account_invalid', detail=msg) raise JMSException(code='perm_account_invalid', detail=msg)
@ -675,3 +678,10 @@ class AdminConnectionTokenViewSet(ConnectionTokenViewSet):
def get_queryset(self): def get_queryset(self):
return AdminConnectionToken.objects.all() return AdminConnectionToken.objects.all()
def get_permed_account(self, user, asset, account_name, protocol):
with tmp_to_org(asset.org):
account = asset.accounts.all().active().get(name=account_name)
account.actions = ActionChoices.all()
account.date_expired = timezone.now() + timezone.timedelta(days=365)
return account

12
apps/authentication/models/connection_token.py
View File

@ -19,6 +19,7 @@ from common.utils import lazyproperty, pretty_string, bulk_get
from common.utils.timezone import as_current_tz from common.utils.timezone import as_current_tz
from orgs.mixins.models import JMSOrgBaseModel from orgs.mixins.models import JMSOrgBaseModel
from orgs.utils import tmp_to_org from orgs.utils import tmp_to_org
from perms.const import ActionChoices
from terminal.models import Applet, VirtualApp from terminal.models import Applet, VirtualApp
@ -306,3 +307,14 @@ class AdminConnectionToken(ConnectionToken):
class Meta: class Meta:
proxy = True proxy = True
verbose_name = _("Admin connection token") verbose_name = _("Admin connection token")
@lazyproperty
def actions(self):
return ActionChoices.all()
@lazyproperty
def expire_at(self):
return (timezone.now() + timezone.timedelta(days=365)).timestamp()
def is_valid(self):
return True

2
apps/i18n/lina/zh.json
View File

@ -1067,7 +1067,7 @@
"ResetSSHKeySuccessMsg": "发送邮件任务已提交, 用户稍后会收到重置密钥邮件", "ResetSSHKeySuccessMsg": "发送邮件任务已提交, 用户稍后会收到重置密钥邮件",
"ResetSSHKeyWarningMsg": "你确定要发送重置用户的SSH Key的邮件吗?", "ResetSSHKeyWarningMsg": "你确定要发送重置用户的SSH Key的邮件吗?",
"ResetSecret": "可改密", "ResetSecret": "可改密",
"ResolveSelected": "解决定", "ResolveSelected": "解决定",
"Resource": "资源", "Resource": "资源",
"ResourceType": "资源类型", "ResourceType": "资源类型",
"RestoreButton": "恢复默认", "RestoreButton": "恢复默认",

8
apps/perms/utils/asset_perm.py
View File

@ -1,7 +1,5 @@
from collections import defaultdict from collections import defaultdict
from django.utils import timezone
from accounts.const import AliasAccount from accounts.const import AliasAccount
from accounts.models import VirtualAccount from accounts.models import VirtualAccount
from assets.models import Asset, MyAsset from assets.models import Asset, MyAsset
@ -42,12 +40,6 @@ class PermAssetDetailUtil:
def validate_permission(self, account_name, protocol): def validate_permission(self, account_name, protocol):
with tmp_to_org(self.asset.org): with tmp_to_org(self.asset.org):
if self.user.is_superuser:
account = self.asset.accounts.all().active().get(name=account_name)
account.actions = ActionChoices.all()
account.date_expired = timezone.now() + timezone.timedelta(days=365)
return account
protocols = self.get_permed_protocols_for_user(only_name=True) protocols = self.get_permed_protocols_for_user(only_name=True)
if 'all' not in protocols and protocol not in protocols: if 'all' not in protocols and protocol not in protocols:
return None return None