github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

fix: 修改 ACL ActionChoices review, accept, reject 引用

pull/9154/head
Bai 2022-12-04 12:08:44 +08:00
parent 2b5bd558f3
commit a69b762f13
3 changed files with 7 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
apps/acls/migrations/0002_auto_20210926_1047.py
View File

@ -30,10 +30,11 @@ def migrate_login_confirm(apps, schema_editor):
if reviewers.count() == 0: if reviewers.count() == 0:
continue continue
data = { data = {
'user': user, 'user': user,
'name': f'{user.name}-{login_confirm} ({date_created})', 'name': f'{user.name}-{login_confirm} ({date_created})',
'created_by': instance.created_by, 'created_by': instance.created_by,
'action': LoginACL.ActionChoices.confirm, 'action': 'confirm',
'rules': {'ip_group': ['*'], 'time_period': DEFAULT_TIME_PERIODS} 'rules': {'ip_group': ['*'], 'time_period': DEFAULT_TIME_PERIODS}
} }
instance = login_acl_model.objects.create(**data) instance = login_acl_model.objects.create(**data)
@ -44,7 +45,7 @@ def migrate_ip_group(apps, schema_editor):
login_acl_model = apps.get_model("acls", "LoginACL") login_acl_model = apps.get_model("acls", "LoginACL")
updates = list() updates = list()
with transaction.atomic(): with transaction.atomic():
for instance in login_acl_model.objects.exclude(action=LoginACL.ActionChoices.confirm): for instance in login_acl_model.objects.exclude(action='confirm'):
instance.rules = {'ip_group': instance.ip_group, 'time_period': DEFAULT_TIME_PERIODS} instance.rules = {'ip_group': instance.ip_group, 'time_period': DEFAULT_TIME_PERIODS}
updates.append(instance) updates.append(instance)
login_acl_model.objects.bulk_update(updates, ['rules', ]) login_acl_model.objects.bulk_update(updates, ['rules', ])

2
apps/acls/models/login_acl.py
View File

@ -36,7 +36,7 @@ class LoginACL(BaseACL):
return return
for acl in acl_qs: for acl in acl_qs:
if acl.is_action(LoginACL.ActionChoices.confirm) and \ if acl.is_action(LoginACL.ActionChoices.review) and \
not acl.reviewers.exists(): not acl.reviewers.exists():
continue continue
ip_group = acl.rules.get('ip_group') ip_group = acl.rules.get('ip_group')

6
apps/authentication/mixins.py
View File

@ -333,13 +333,13 @@ class AuthACLMixin:
return return
acl: LoginACL acl: LoginACL
if acl.is_action(acl.ActionChoices.allow): if acl.is_action(acl.ActionChoices.accept):
return return
if acl.is_action(acl.ActionChoices.reject): if acl.is_action(acl.ActionChoices.reject):
raise errors.LoginACLIPAndTimePeriodNotAllowed(user.username, request=self.request) raise errors.LoginACLIPAndTimePeriodNotAllowed(user.username, request=self.request)
if acl.is_action(acl.ActionChoices.confirm): if acl.is_action(acl.ActionChoices.review):
self.request.session['auth_confirm_required'] = '1' self.request.session['auth_confirm_required'] = '1'
self.request.session['auth_acl_id'] = str(acl.id) self.request.session['auth_acl_id'] = str(acl.id)
return return
@ -354,7 +354,7 @@ class AuthACLMixin:
acl = LoginACL.filter_acl(user).filter(id=acl_id).first() acl = LoginACL.filter_acl(user).filter(id=acl_id).first()
if not acl: if not acl:
return return
if not acl.is_action(acl.ActionChoices.confirm): if not acl.is_action(acl.ActionChoices.review):
return return
self.get_ticket_or_create(acl) self.get_ticket_or_create(acl)
self.check_user_login_confirm() self.check_user_login_confirm()