From d9a9f890f5fe6e0a74f24950996859542affb2b3 Mon Sep 17 00:00:00 2001
From: feng <1304903146@qq.com>
Date: Wed, 20 Nov 2024 14:07:04 +0800
Subject: [PATCH 01/18] perf: Lina AzureKeyVault translate

---
 apps/i18n/lina/en.json      | 1 +
 apps/i18n/lina/ja.json      | 1 +
 apps/i18n/lina/zh.json      | 1 +
 apps/i18n/lina/zh_hant.json | 1 +
 4 files changed, 4 insertions(+)

diff --git a/apps/i18n/lina/en.json b/apps/i18n/lina/en.json
index f4d47d487..49c65e37a 100644
--- a/apps/i18n/lina/en.json
+++ b/apps/i18n/lina/en.json
@@ -177,6 +177,7 @@
     "AwaitingMyApproval": "Assigned",
     "Azure": "Azure (China)",
     "Azure_Int": "Azure (International)",
+    "AzureKeyVault": "Azure vault",
     "Backup": "Backup",
     "BackupAccountsHelpText": "Backup account information externally. it can be stored in an external system or sent via email, supporting segmented delivery.",
     "BadConflictErrorMsg": "Refreshing, please try again later",
diff --git a/apps/i18n/lina/ja.json b/apps/i18n/lina/ja.json
index ba957ef8b..57288b30a 100644
--- a/apps/i18n/lina/ja.json
+++ b/apps/i18n/lina/ja.json
@@ -177,6 +177,7 @@
     "AwaitingMyApproval": "私の承認待ち",
     "Azure": "Azure(中国)",
     "Azure_Int": "アジュール（インターナショナル）",
+    "AzureKeyVault": "Azure vault",
     "Backup": "バックアップ",
     "BackupAccountsHelpText": "アカウント情報を外部にバックアップする。外部システムに保存するかメールを送信することもできます、セクション方式をサポートしています",
     "BadConflictErrorMsg": "更新中です、しばらくお待ちください",
diff --git a/apps/i18n/lina/zh.json b/apps/i18n/lina/zh.json
index 73c7ea3ad..7c82132b3 100644
--- a/apps/i18n/lina/zh.json
+++ b/apps/i18n/lina/zh.json
@@ -177,6 +177,7 @@
     "AwaitingMyApproval": "待我审批",
     "Azure": "Azure (中国)",
     "Azure_Int": "Azure (国际)",
+    "AzureKeyVault": "Azure vault",
     "Backup": "备份",
     "BackupAccountsHelpText": "备份账号信息到外部。可以存储到外部系统或发送邮件，支持分段方式",
     "BadConflictErrorMsg": "正在刷新中，请稍后再试",
diff --git a/apps/i18n/lina/zh_hant.json b/apps/i18n/lina/zh_hant.json
index 3a07509bc..4adc747de 100644
--- a/apps/i18n/lina/zh_hant.json
+++ b/apps/i18n/lina/zh_hant.json
@@ -238,6 +238,7 @@
     "AwaitingMyApproval": "待我審批",
     "Azure": "Azure (中國)",
     "Azure_Int": "Azure (國際)",
+    "AzureKeyVault": "Azure vault",
     "Backup": "備份",
     "BackupAccountsHelpText": "備份帳號資訊至外部。可以儲存到外部系統或寄送郵件，支援分段方式",
     "BadConflictErrorMsg": "正在刷新中，請稍後再試",

From 9cfe974c52b8ce187ad73c21780bb608a0f71116 Mon Sep 17 00:00:00 2001
From: Aaron3S <chenyang@fit2cloud.com>
Date: Wed, 20 Nov 2024 14:11:29 +0800
Subject: [PATCH 02/18] =?UTF-8?q?feat:=20=E6=B7=BB=E5=8A=A0=20mfa=20middle?=
 =?UTF-8?q?ware=20=E7=99=BD=E5=90=8D=E5=8D=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 apps/authentication/middleware.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/authentication/middleware.py b/apps/authentication/middleware.py
index d1f3b087b..64f8818a9 100644
--- a/apps/authentication/middleware.py
+++ b/apps/authentication/middleware.py
@@ -35,7 +35,7 @@ class MFAMiddleware:
 
         # 这个是 mfa 登录页需要的请求, 也得放出来, 用户其实已经在 CAS/OIDC 中完成登录了
         white_urls = [
-            'login/mfa', 'mfa/select', 'jsi18n/', '/static/',
+            'login/mfa', 'mfa/select', 'mfa/face','jsi18n/', '/static/',
             '/profile/otp', '/logout/',
         ]
         for url in white_urls:

From 9966ad4c71ce5a45db6da70e9b040adc5c5bcc08 Mon Sep 17 00:00:00 2001
From: feng <1304903146@qq.com>
Date: Wed, 20 Nov 2024 15:02:58 +0800
Subject: [PATCH 03/18] perf: Dynamic update vault

---
 apps/accounts/backends/__init__.py   |  8 ++++++--
 apps/accounts/signal_handlers.py     | 20 +++++++++++++++++++-
 apps/i18n/lina/en.json               |  1 +
 apps/i18n/lina/ja.json               |  1 +
 apps/i18n/lina/zh.json               |  1 +
 apps/i18n/lina/zh_hant.json          |  1 +
 apps/settings/serializers/feature.py | 17 +++++++++++++----
 7 files changed, 42 insertions(+), 7 deletions(-)

diff --git a/apps/accounts/backends/__init__.py b/apps/accounts/backends/__init__.py
index 832033b73..5e26cfc76 100644
--- a/apps/accounts/backends/__init__.py
+++ b/apps/accounts/backends/__init__.py
@@ -5,8 +5,7 @@ from django.utils.functional import LazyObject
 from common.utils import get_logger
 from ..const import VaultTypeChoices
 
-__all__ = ['vault_client', 'get_vault_client']
-
+__all__ = ['vault_client', 'get_vault_client', 'refresh_vault_client']
 
 logger = get_logger(__file__)
 
@@ -38,3 +37,8 @@ class VaultClient(LazyObject):
 
 """ 为了安全, 页面修改配置, 重启服务后才会重新初始化 vault_client """
 vault_client = VaultClient()
+
+
+def refresh_vault_client():
+    vault_client._wrapped = None
+    vault_client._setup()
diff --git a/apps/accounts/signal_handlers.py b/apps/accounts/signal_handlers.py
index ad07c9bb3..04c2cc333 100644
--- a/apps/accounts/signal_handlers.py
+++ b/apps/accounts/signal_handlers.py
@@ -3,14 +3,17 @@ from collections import defaultdict
 from django.db.models.signals import post_delete
 from django.db.models.signals import pre_save, post_save
 from django.dispatch import receiver
+from django.utils.functional import LazyObject
 from django.utils.translation import gettext_noop
 
-from accounts.backends import vault_client
+from accounts.backends import vault_client, refresh_vault_client
 from accounts.const import Source
 from audits.const import ActivityChoices
 from audits.signal_handlers import create_activities
 from common.decorators import merge_delay_run
+from common.signals import django_ready
 from common.utils import get_logger, i18n_fmt
+from common.utils.connection import RedisPubSub
 from .models import Account, AccountTemplate
 from .tasks.push_account import push_accounts_to_assets_task
 
@@ -91,3 +94,18 @@ class VaultSignalHandler(object):
 for model in (Account, AccountTemplate, Account.history.model):
     post_save.connect(VaultSignalHandler.save_to_vault, sender=model)
     post_delete.connect(VaultSignalHandler.delete_to_vault, sender=model)
+
+
+class VaultPubSub(LazyObject):
+    def _setup(self):
+        self._wrapped = RedisPubSub('refresh_vault')
+
+
+vault_pub_sub = VaultPubSub()
+
+
+@receiver(django_ready)
+def subscribe_vault_change(sender, **kwargs):
+    logger.debug("Start subscribe vault change")
+
+    vault_pub_sub.subscribe(lambda name: refresh_vault_client())
diff --git a/apps/i18n/lina/en.json b/apps/i18n/lina/en.json
index 49c65e37a..fecab5059 100644
--- a/apps/i18n/lina/en.json
+++ b/apps/i18n/lina/en.json
@@ -178,6 +178,7 @@
     "Azure": "Azure (China)",
     "Azure_Int": "Azure (International)",
     "AzureKeyVault": "Azure vault",
+    "HashicorpVault": "HCP vault",
     "Backup": "Backup",
     "BackupAccountsHelpText": "Backup account information externally. it can be stored in an external system or sent via email, supporting segmented delivery.",
     "BadConflictErrorMsg": "Refreshing, please try again later",
diff --git a/apps/i18n/lina/ja.json b/apps/i18n/lina/ja.json
index 57288b30a..b4bd08b0b 100644
--- a/apps/i18n/lina/ja.json
+++ b/apps/i18n/lina/ja.json
@@ -178,6 +178,7 @@
     "Azure": "Azure(中国)",
     "Azure_Int": "アジュール（インターナショナル）",
     "AzureKeyVault": "Azure vault",
+    "HashicorpVault": "HCP vault",
     "Backup": "バックアップ",
     "BackupAccountsHelpText": "アカウント情報を外部にバックアップする。外部システムに保存するかメールを送信することもできます、セクション方式をサポートしています",
     "BadConflictErrorMsg": "更新中です、しばらくお待ちください",
diff --git a/apps/i18n/lina/zh.json b/apps/i18n/lina/zh.json
index 7c82132b3..f84e5c540 100644
--- a/apps/i18n/lina/zh.json
+++ b/apps/i18n/lina/zh.json
@@ -178,6 +178,7 @@
     "Azure": "Azure (中国)",
     "Azure_Int": "Azure (国际)",
     "AzureKeyVault": "Azure vault",
+    "HashicorpVault": "HCP vault",
     "Backup": "备份",
     "BackupAccountsHelpText": "备份账号信息到外部。可以存储到外部系统或发送邮件，支持分段方式",
     "BadConflictErrorMsg": "正在刷新中，请稍后再试",
diff --git a/apps/i18n/lina/zh_hant.json b/apps/i18n/lina/zh_hant.json
index 4adc747de..1216087ee 100644
--- a/apps/i18n/lina/zh_hant.json
+++ b/apps/i18n/lina/zh_hant.json
@@ -239,6 +239,7 @@
     "Azure": "Azure (中國)",
     "Azure_Int": "Azure (國際)",
     "AzureKeyVault": "Azure vault",
+    "HashicorpVault": "HCP vault",
     "Backup": "備份",
     "BackupAccountsHelpText": "備份帳號資訊至外部。可以儲存到外部系統或寄送郵件，支援分段方式",
     "BadConflictErrorMsg": "正在刷新中，請稍後再試",
diff --git a/apps/settings/serializers/feature.py b/apps/settings/serializers/feature.py
index 23a484571..b6dcacc08 100644
--- a/apps/settings/serializers/feature.py
+++ b/apps/settings/serializers/feature.py
@@ -1,9 +1,9 @@
 import uuid
+
 from django.utils import timezone
 from django.utils.translation import gettext_lazy as _
 from rest_framework import serializers
 
-from accounts.const import VaultTypeChoices
 from assets.const import Protocol
 from common.serializers.fields import EncryptedField
 from common.utils import date_expired_default
@@ -43,7 +43,16 @@ class AnnouncementSettingSerializer(serializers.Serializer):
     ANNOUNCEMENT = AnnouncementSerializer(label=_("Announcement"))
 
 
-class VaultSettingSerializer(serializers.Serializer):
+class BaseVaultSettingSerializer(serializers.Serializer):
+
+    def validate(self, data):
+        from accounts.signal_handlers import vault_pub_sub
+        data = super().validate(data)
+        vault_pub_sub.publish('vault')
+        return data
+
+
+class VaultSettingSerializer(BaseVaultSettingSerializer, serializers.Serializer):
     PREFIX_TITLE = _('Vault')
 
     VAULT_ENABLED = serializers.BooleanField(
@@ -65,7 +74,7 @@ class VaultSettingSerializer(serializers.Serializer):
     )
 
 
-class HashicorpKVSerializer(serializers.Serializer):
+class HashicorpKVSerializer(BaseVaultSettingSerializer, serializers.Serializer):
     PREFIX_TITLE = _('HCP Vault')
     VAULT_HCP_HOST = serializers.CharField(
         max_length=256, allow_blank=True, required=False, label=_('Host')
@@ -78,7 +87,7 @@ class HashicorpKVSerializer(serializers.Serializer):
     )
 
 
-class AzureKVSerializer(serializers.Serializer):
+class AzureKVSerializer(BaseVaultSettingSerializer, serializers.Serializer):
     PREFIX_TITLE = _('Azure Key Vault')
     VAULT_AZURE_HOST = serializers.CharField(
         max_length=256, allow_blank=True, required=False, label=_('Host')

From 4068b5c76a09e8fe2588395a59e1096a29a39cee Mon Sep 17 00:00:00 2001
From: feng <1304903146@qq.com>
Date: Wed, 20 Nov 2024 16:18:10 +0800
Subject: [PATCH 04/18] perf: Change secret ssh_key_change_strategy modify the
 default value

---
 apps/accounts/const/automation.py                   | 4 ++--
 apps/accounts/migrations/0002_auto_20220616_0021.py | 4 ++--
 apps/accounts/models/automations/base.py            | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/apps/accounts/const/automation.py b/apps/accounts/const/automation.py
index c0419486d..d8388b6bc 100644
--- a/apps/accounts/const/automation.py
+++ b/apps/accounts/const/automation.py
@@ -49,9 +49,9 @@ class SecretStrategy(models.TextChoices):
 
 
 class SSHKeyStrategy(models.TextChoices):
-    add = 'add', _('Append SSH KEY')
-    set = 'set', _('Empty and append SSH KEY')
     set_jms = 'set_jms', _('Replace (Replace only keys pushed by JumpServer) ')
+    set = 'set', _('Empty and append SSH KEY')
+    add = 'add', _('Append SSH KEY')
 
 
 class TriggerChoice(models.TextChoices, TreeChoices):
diff --git a/apps/accounts/migrations/0002_auto_20220616_0021.py b/apps/accounts/migrations/0002_auto_20220616_0021.py
index 5ac195d63..8fe829dd6 100644
--- a/apps/accounts/migrations/0002_auto_20220616_0021.py
+++ b/apps/accounts/migrations/0002_auto_20220616_0021.py
@@ -50,7 +50,7 @@ class Migration(migrations.Migration):
                 ('secret', common.db.fields.EncryptTextField(blank=True, null=True, verbose_name='Secret')),
                 ('secret_strategy', models.CharField(choices=[('specific', 'Specific secret'), ('random', 'Random generate')], default='specific', max_length=16, verbose_name='Secret strategy')),
                 ('password_rules', models.JSONField(default=dict, verbose_name='Password rules')),
-                ('ssh_key_change_strategy', models.CharField(choices=[('add', 'Append SSH KEY'), ('set', 'Empty and append SSH KEY'), ('set_jms', 'Replace (Replace only keys pushed by JumpServer) ')], default='add', max_length=16, verbose_name='SSH key change strategy')),
+                ('ssh_key_change_strategy', models.CharField(choices=[('set_jms', 'Replace (Replace only keys pushed by JumpServer) '), ('set', 'Empty and append SSH KEY'), ('add', 'Append SSH KEY')], default='set_jms', max_length=16, verbose_name='SSH key change strategy')),
             ],
             options={
                 'verbose_name': 'Change secret automation',
@@ -76,7 +76,7 @@ class Migration(migrations.Migration):
                 ('secret', common.db.fields.EncryptTextField(blank=True, null=True, verbose_name='Secret')),
                 ('secret_strategy', models.CharField(choices=[('specific', 'Specific secret'), ('random', 'Random generate')], default='specific', max_length=16, verbose_name='Secret strategy')),
                 ('password_rules', models.JSONField(default=dict, verbose_name='Password rules')),
-                ('ssh_key_change_strategy', models.CharField(choices=[('add', 'Append SSH KEY'), ('set', 'Empty and append SSH KEY'), ('set_jms', 'Replace (Replace only keys pushed by JumpServer) ')], default='add', max_length=16, verbose_name='SSH key change strategy')),
+                ('ssh_key_change_strategy', models.CharField(choices=[('set_jms', 'Replace (Replace only keys pushed by JumpServer) '), ('set', 'Empty and append SSH KEY'), ('add', 'Append SSH KEY')], default='set_jms', max_length=16, verbose_name='SSH key change strategy')),
                 ('triggers', models.JSONField(default=list, max_length=16, verbose_name='Triggers')),
                 ('username', models.CharField(max_length=128, verbose_name='Username')),
                 ('action', models.CharField(max_length=16, verbose_name='Action')),
diff --git a/apps/accounts/models/automations/base.py b/apps/accounts/models/automations/base.py
index 1adc84bfe..b001e8cc7 100644
--- a/apps/accounts/models/automations/base.py
+++ b/apps/accounts/models/automations/base.py
@@ -51,7 +51,7 @@ class AutomationExecution(AssetAutomationExecution):
 class ChangeSecretMixin(SecretWithRandomMixin):
     ssh_key_change_strategy = models.CharField(
         choices=SSHKeyStrategy.choices, max_length=16,
-        default=SSHKeyStrategy.add, verbose_name=_('SSH key change strategy')
+        default=SSHKeyStrategy.set_jms, verbose_name=_('SSH key change strategy')
     )
     get_all_assets: callable  # get all assets
 

From 88302c8846917dfa3998d8f1f9dd6a4f085fbc2a Mon Sep 17 00:00:00 2001
From: Aaron3S <chenyang@fit2cloud.com>
Date: Wed, 20 Nov 2024 16:36:43 +0800
Subject: [PATCH 05/18] feat: add 'face_context' to check_api white list

---
 apps/common/management/commands/check_api.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/apps/common/management/commands/check_api.py b/apps/common/management/commands/check_api.py
index f8de10f08..b195b2207 100644
--- a/apps/common/management/commands/check_api.py
+++ b/apps/common/management/commands/check_api.py
@@ -73,6 +73,7 @@ known_unauth_urls = [
     "/api/v1/authentication/password/reset-code/",
     "/api/v1/authentication/login-confirm-ticket/status/",
     "/api/v1/authentication/mfa/select/",
+    "/api/v1/authentication/mfa/face/context/",
     "/api/v1/authentication/mfa/send-code/",
     "/api/v1/authentication/sso/login/",
     "/api/v1/authentication/user-session/",

From bdbbebab769ec401fa8bb3286f8af1b51159fc37 Mon Sep 17 00:00:00 2001
From: Aaron3S <chenyang@fit2cloud.com>
Date: Wed, 20 Nov 2024 17:50:46 +0800
Subject: [PATCH 06/18] feat: perf face capture page

---
 apps/authentication/mixins.py                 |  2 +-
 .../authentication/face_capture.html          | 28 ++++++-------------
 2 files changed, 9 insertions(+), 21 deletions(-)

diff --git a/apps/authentication/mixins.py b/apps/authentication/mixins.py
index c00335ec0..92b49f64e 100644
--- a/apps/authentication/mixins.py
+++ b/apps/authentication/mixins.py
@@ -238,7 +238,7 @@ class MFAFaceMixin:
 
         if not self.is_context_success(context):
             msg = context.get('error_message', '')
-            raise RuntimeError("Face recognition failed,{}".format(msg))
+            raise RuntimeError(msg)
 
         face_code = context.get('face_code')
         if not face_code:
diff --git a/apps/authentication/templates/authentication/face_capture.html b/apps/authentication/templates/authentication/face_capture.html
index 4d0f66096..f04716a59 100644
--- a/apps/authentication/templates/authentication/face_capture.html
+++ b/apps/authentication/templates/authentication/face_capture.html
@@ -2,28 +2,18 @@
 {% load i18n %}
 {% load static %}
 
-
 {% block content %}
 
-    <style>
-        .ibox-content {
-            padding: 0;
-        }
-
-        h2 {
-            display: none;
-        }
-
-        .ibox-context-margin {
-            margin: 0;
-        }
-
-    </style>
-
     {% if 'code' in form.errors %}
-        <p class="red-fonts">{{ form.code.errors.as_text }}</p>
+        <div class="alert  alert-danger" id="messages">
+            <p class="red-fonts">{{ form.code.errors.as_text }}</p>
+        </div>
     {% endif %}
 
+    <div id="retry_container" style="text-align: center; margin-top: 20px; display: none;">
+        <button id="retry_button" class="btn btn-primary">{% trans 'Retry' %}</button>
+    </div>
+
     <form class="m-t" role="form" method="post" action="" style="display: none">
         {% csrf_token %}
         <button id="submit_button" type="submit" style="display: none"></button>
@@ -40,9 +30,7 @@
         </iframe>
     </div>
 
-    <div id="retry_container" style="text-align: center; margin-top: 20px; display: none;">
-        <button id="retry_button" class="btn btn-primary">{% trans 'Retry' %}</button>
-    </div>
+
 
     <script>
         $(document).ready(function () {

From 2dae2b37892b250ca8c3be834abc7170b587281b Mon Sep 17 00:00:00 2001
From: feng <1304903146@qq.com>
Date: Wed, 20 Nov 2024 18:20:12 +0800
Subject: [PATCH 07/18] perf: Translate

---
 apps/i18n/koko/en.json      | 4 +++-
 apps/i18n/koko/ja.json      | 4 +++-
 apps/i18n/koko/zh.json      | 2 ++
 apps/i18n/koko/zh_hant.json | 4 +++-
 4 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/apps/i18n/koko/en.json b/apps/i18n/koko/en.json
index cc13ae014..fea028006 100644
--- a/apps/i18n/koko/en.json
+++ b/apps/i18n/koko/en.json
@@ -69,5 +69,7 @@
     "VerifyCode": "Verify Code",
     "WaitFileTransfer": "Wait file transfer to finish",
     "WebSocketClosed": "WebSocket closed",
-    "Writable": "Writable"
+    "Writable": "Writable",
+    "UploadStart": "Upload start",
+    "UploadEnd": "Upload completed, please wait for further processing"
 }
\ No newline at end of file
diff --git a/apps/i18n/koko/ja.json b/apps/i18n/koko/ja.json
index 6c10c68c0..e1d2a46b4 100644
--- a/apps/i18n/koko/ja.json
+++ b/apps/i18n/koko/ja.json
@@ -69,5 +69,7 @@
     "VerifyCode": "認証コード",
     "WaitFileTransfer": "ファイル転送終了待ち",
     "WebSocketClosed": "WebSocket 閉店",
-    "Writable": "書き込み可能"
+    "Writable": "書き込み可能",
+    "UploadStart": "アップロード開始",
+    "UploadEnd": "アップロードが完了しました。後の処理をお待ちください"
 }
\ No newline at end of file
diff --git a/apps/i18n/koko/zh.json b/apps/i18n/koko/zh.json
index bbd125e48..e722723ac 100644
--- a/apps/i18n/koko/zh.json
+++ b/apps/i18n/koko/zh.json
@@ -65,6 +65,8 @@
     "UploadSuccess": "上传成功",
     "UploadTips": "将文件拖到此处，或点击上传",
     "UploadTitle": "上传文件",
+    "UploadStart": "上传开始",
+    "UploadEnd": "上传已完成，请等待后续处理",
     "User": "用户",
     "VerifyCode": "验证码",
     "WaitFileTransfer": "等待文件传输结束",
diff --git a/apps/i18n/koko/zh_hant.json b/apps/i18n/koko/zh_hant.json
index a54c418c8..904c01c46 100644
--- a/apps/i18n/koko/zh_hant.json
+++ b/apps/i18n/koko/zh_hant.json
@@ -69,5 +69,7 @@
     "VerifyCode": "驗證碼",
     "WaitFileTransfer": "等待文件傳輸結束",
     "WebSocketClosed": "WebSocket 已關閉",
-    "Writable": "讀寫"
+    "Writable": "讀寫",
+    "UploadStart": "上傳開始",
+    "UploadEnd": "上傳已完成，請等待後續處理"
 }
\ No newline at end of file

From 1a03f7b26555a08d699f8b8e2bf90de67efc0f62 Mon Sep 17 00:00:00 2001
From: Aaron3S <chenyang@fit2cloud.com>
Date: Wed, 20 Nov 2024 20:05:31 +0800
Subject: [PATCH 08/18] feat: add license edition check

---
 apps/authentication/mfa/face.py    |  6 +++++-
 apps/common/const/choices.py       | 29 +++++++++++++++++++++++++++++
 apps/jumpserver/settings/_xpack.py |  3 ++-
 3 files changed, 36 insertions(+), 2 deletions(-)

diff --git a/apps/authentication/mfa/face.py b/apps/authentication/mfa/face.py
index c37eae526..60ff2c247 100644
--- a/apps/authentication/mfa/face.py
+++ b/apps/authentication/mfa/face.py
@@ -5,6 +5,7 @@ from django.shortcuts import reverse
 from django.utils.translation import gettext_lazy as _
 
 from authentication.mixins import MFAFaceMixin
+from common.const import LicenseEditionChoices
 from settings.api import settings
 
 
@@ -32,7 +33,10 @@ class MFAFace(BaseMFA, MFAFaceMixin):
 
     @staticmethod
     def global_enabled():
-        return settings.XPACK_LICENSE_IS_VALID and settings.FACE_RECOGNITION_ENABLED
+        return settings.XPACK_LICENSE_IS_VALID \
+            and LicenseEditionChoices.ULTIMATE == \
+            LicenseEditionChoices.from_key(settings.XPACK_LICENSE_EDITION) \
+            and settings.FACE_RECOGNITION_ENABLED
 
     def get_enable_url(self) -> str:
         return reverse('authentication:user-face-enable')
diff --git a/apps/common/const/choices.py b/apps/common/const/choices.py
index 3eb0f2a58..804ab7b1a 100644
--- a/apps/common/const/choices.py
+++ b/apps/common/const/choices.py
@@ -76,3 +76,32 @@ class Language(models.TextChoices):
 
 
 COUNTRY_CALLING_CODES = get_country_phone_choices()
+
+
+class LicenseEditionChoices(models.TextChoices):
+    COMMUNITY = 'community', _('Community edition')
+    BASIC = 'basic', _('Basic edition')
+    STANDARD = 'standard', _('Standard edition')
+    PROFESSIONAL = 'professional', _('Professional edition')
+    ULTIMATE = 'ultimate', _('Ultimate edition')
+
+    @staticmethod
+    def from_key(key: str):
+        for choice in LicenseEditionChoices:
+            if choice == key:
+                return choice
+        return LicenseEditionChoices.COMMUNITY
+    @staticmethod
+    def parse_license_edition(info):
+        count = info.get('license', {}).get('count', 0)
+
+        if 50 >= count > 0:
+            return LicenseEditionChoices.BASIC
+        elif count <= 500:
+            return LicenseEditionChoices.STANDARD
+        elif count < 5000:
+            return LicenseEditionChoices.PROFESSIONAL
+        elif count >= 5000:
+            return LicenseEditionChoices.ULTIMATE
+        else:
+            return LicenseEditionChoices.COMMUNITY
diff --git a/apps/jumpserver/settings/_xpack.py b/apps/jumpserver/settings/_xpack.py
index 364a0e377..f0e59cecf 100644
--- a/apps/jumpserver/settings/_xpack.py
+++ b/apps/jumpserver/settings/_xpack.py
@@ -18,11 +18,12 @@ if not XPACK_DISABLED:
 XPACK_TEMPLATES_DIR = []
 XPACK_CONTEXT_PROCESSOR = []
 XPACK_LICENSE_IS_VALID = False
+XPACK_LICENSE_EDITION = ""
 XPACK_LICENSE_INFO = {
     'corporation': corporation,
 }
 
-XPACK_LICENSE_CONTENT = ''
+XPACK_LICENSE_CONTENT = 'community'
 
 if XPACK_ENABLED:
     from xpack.utils import get_xpack_templates_dir, get_xpack_context_processor

From 6abfeee683ca78a3e727fa0f8039a53b82c42db4 Mon Sep 17 00:00:00 2001
From: wangruidong <940853815@qq.com>
Date: Wed, 20 Nov 2024 20:12:46 +0800
Subject: [PATCH 09/18] feat: Add periodic display and validate job params

---
 apps/audits/serializers.py              |   4 +-
 apps/i18n/core/zh/LC_MESSAGES/django.po | 254 +++++++++++++-----------
 apps/ops/api/adhoc.py                   |   3 +-
 apps/ops/api/job.py                     |   1 +
 apps/ops/api/playbook.py                |   2 +-
 apps/ops/serializers/job.py             |  12 ++
 apps/rbac/tree.py                       |   2 +-
 7 files changed, 153 insertions(+), 125 deletions(-)

diff --git a/apps/audits/serializers.py b/apps/audits/serializers.py
index b9d41f8e5..48c408fe2 100644
--- a/apps/audits/serializers.py
+++ b/apps/audits/serializers.py
@@ -38,10 +38,12 @@ class JobsAuditSerializer(JobSerializer):
     material = serializers.ReadOnlyField(label=_("Command"))
     summary = serializers.ReadOnlyField(label=_("Summary"))
     crontab = serializers.ReadOnlyField(label=_("Execution cycle"))
+    is_periodic_display = serializers.BooleanField(read_only=True, source='is_periodic')
 
     class Meta(JobSerializer.Meta):
         read_only_fields = [
-            "id", 'name', 'args', 'material', 'type', 'crontab', 'interval', 'date_last_run', 'summary', 'created_by'
+            "id", 'name', 'args', 'material', 'type', 'crontab', 'interval', 'date_last_run', 'summary', 'created_by',
+            'is_periodic_display'
         ]
         fields = read_only_fields + ['is_periodic']
 
diff --git a/apps/i18n/core/zh/LC_MESSAGES/django.po b/apps/i18n/core/zh/LC_MESSAGES/django.po
index 22687230b..1f5345df8 100644
--- a/apps/i18n/core/zh/LC_MESSAGES/django.po
+++ b/apps/i18n/core/zh/LC_MESSAGES/django.po
@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: JumpServer 0.3.3\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2024-11-19 18:55+0800\n"
+"POT-Creation-Date: 2024-11-20 19:32+0800\n"
 "PO-Revision-Date: 2021-05-20 10:54+0800\n"
 "Last-Translator: ibuler <ibuler@qq.com>\n"
 "Language-Team: JumpServer team<ibuler@qq.com>\n"
@@ -35,7 +35,7 @@ msgstr "生成资产或应用相关备份信息文件"
 
 #: accounts/automations/backup_account/handlers.py:156
 #: accounts/automations/backup_account/handlers.py:295
-#: accounts/automations/backup_account/manager.py:40 ops/serializers/job.py:82
+#: accounts/automations/backup_account/manager.py:40 ops/serializers/job.py:94
 #: settings/templates/ldap/_msg_import_ldap_user.html:7
 msgid "Time cost"
 msgstr "花费时间"
@@ -57,7 +57,7 @@ msgid "The backup file will be sent to"
 msgstr "备份文件将被发送至"
 
 #: accounts/automations/backup_account/handlers.py:213
-#: users/forms/profile.py:75
+#: users/forms/profile.py:76
 msgid "Finish"
 msgstr "完成"
 
@@ -130,7 +130,7 @@ msgstr ">>> 开始执行测试网关账号可连接性任务"
 #: settings/serializers/auth/ldap.py:26 settings/serializers/auth/ldap.py:52
 #: settings/serializers/auth/ldap_ha.py:34 settings/serializers/msg.py:37
 #: settings/serializers/terminal.py:28 terminal/serializers/storage.py:123
-#: terminal/serializers/storage.py:142 users/forms/profile.py:21
+#: terminal/serializers/storage.py:142 users/forms/profile.py:22
 #: users/serializers/user.py:144
 #: users/templates/users/_msg_user_created.html:13
 #: users/templates/users/user_password_verify.html:18
@@ -149,7 +149,7 @@ msgid "Access key"
 msgstr "Access key"
 
 #: accounts/const/account.py:9 authentication/backends/passkey/models.py:16
-#: authentication/models/sso_token.py:14 settings/serializers/feature.py:74
+#: authentication/models/sso_token.py:14 settings/serializers/feature.py:83
 msgid "Token"
 msgstr "令牌"
 
@@ -233,17 +233,17 @@ msgstr "指定"
 msgid "Random generate"
 msgstr "随机生成"
 
-#: accounts/const/automation.py:52 ops/const.py:13
-msgid "Append SSH KEY"
-msgstr "追加"
+#: accounts/const/automation.py:52 ops/const.py:15
+msgid "Replace (Replace only keys pushed by JumpServer) "
+msgstr "替换 (只替换由 JumpServer 推送的密钥)"
 
 #: accounts/const/automation.py:53 ops/const.py:14
 msgid "Empty and append SSH KEY"
 msgstr "清空所有并添加"
 
-#: accounts/const/automation.py:54 ops/const.py:15
-msgid "Replace (Replace only keys pushed by JumpServer) "
-msgstr "替换 (只替换由 JumpServer 推送的密钥)"
+#: accounts/const/automation.py:54 ops/const.py:13
+msgid "Append SSH KEY"
+msgstr "追加"
 
 #: accounts/const/automation.py:59
 msgid "On asset create"
@@ -297,8 +297,8 @@ msgstr "仅创建"
 #: authentication/serializers/password_mfa.py:17
 #: authentication/serializers/password_mfa.py:25
 #: notifications/backends/__init__.py:10 settings/serializers/msg.py:21
-#: settings/serializers/msg.py:61 users/forms/profile.py:100
-#: users/forms/profile.py:108 users/models/user/__init__.py:65
+#: settings/serializers/msg.py:61 users/forms/profile.py:101
+#: users/forms/profile.py:111 users/models/user/__init__.py:65
 #: users/templates/users/forgot_password.html:162
 #: users/views/profile/reset.py:94
 msgid "Email"
@@ -319,11 +319,11 @@ msgstr "待定的"
 msgid "Database"
 msgstr "数据库"
 
-#: accounts/const/vault.py:9 settings/serializers/feature.py:69
+#: accounts/const/vault.py:9 settings/serializers/feature.py:78
 msgid "HCP Vault"
 msgstr "HashiCorp Vault"
 
-#: accounts/const/vault.py:10 settings/serializers/feature.py:82
+#: accounts/const/vault.py:10 settings/serializers/feature.py:91
 msgid "Azure Key Vault"
 msgstr "Azure Key Vault"
 
@@ -510,7 +510,7 @@ msgstr "原因"
 #: accounts/models/automations/backup_account.py:136
 #: accounts/serializers/automations/change_secret.py:117
 #: accounts/serializers/automations/change_secret.py:152
-#: ops/serializers/job.py:80 terminal/serializers/session.py:54
+#: ops/serializers/job.py:92 terminal/serializers/session.py:54
 msgid "Is success"
 msgstr "是否成功"
 
@@ -593,7 +593,7 @@ msgstr "结束日期"
 #: accounts/models/automations/change_secret.py:44
 #: assets/models/automations/base.py:113
 #: assets/serializers/automations/base.py:39 audits/models.py:208
-#: audits/serializers.py:76 ops/models/base.py:49 ops/models/job.py:235
+#: audits/serializers.py:78 ops/models/base.py:49 ops/models/job.py:235
 #: terminal/models/applet/applet.py:331 terminal/models/applet/host.py:140
 #: terminal/models/component/status.py:30
 #: terminal/models/virtualapp/virtualapp.py:99
@@ -635,8 +635,8 @@ msgstr "最后登录日期"
 #: authentication/forms.py:23 authentication/models/temp_token.py:9
 #: authentication/templates/authentication/_msg_different_city.html:9
 #: authentication/templates/authentication/_msg_oauth_bind.html:9
-#: terminal/serializers/storage.py:136 users/forms/profile.py:31
-#: users/forms/profile.py:114 users/models/user/__init__.py:63
+#: terminal/serializers/storage.py:136 users/forms/profile.py:32
+#: users/forms/profile.py:117 users/models/user/__init__.py:63
 #: users/templates/users/_msg_user_created.html:12
 #: xpack/plugins/cloud/serializers/account_attrs.py:26
 msgid "Username"
@@ -665,7 +665,7 @@ msgstr "触发方式"
 
 #: accounts/models/automations/push_account.py:16 acls/models/base.py:41
 #: acls/serializers/base.py:57 assets/models/cmd_filter.py:81
-#: audits/models.py:92 audits/serializers.py:106
+#: audits/models.py:92 audits/serializers.py:108
 #: authentication/serializers/connect_token_secret.py:119
 #: authentication/templates/authentication/_access_key_modal.html:34
 #: perms/serializers/permission.py:52 perms/serializers/permission.py:74
@@ -734,7 +734,7 @@ msgstr "密码规则"
 #: terminal/models/component/terminal.py:85
 #: terminal/models/virtualapp/provider.py:10
 #: terminal/models/virtualapp/virtualapp.py:19 tickets/api/ticket.py:87
-#: users/forms/profile.py:32 users/models/group.py:13
+#: users/forms/profile.py:33 users/models/group.py:13
 #: users/models/preference.py:11 users/models/user/__init__.py:64
 #: xpack/plugins/cloud/models.py:34 xpack/plugins/cloud/models.py:310
 #: xpack/plugins/cloud/serializers/task.py:75
@@ -885,8 +885,8 @@ msgstr "类别"
 #: acls/serializers/command_acl.py:19 assets/models/automations/base.py:20
 #: assets/models/cmd_filter.py:74 assets/models/platform.py:96
 #: assets/serializers/asset/common.py:146 assets/serializers/platform.py:159
-#: assets/serializers/platform.py:171 audits/serializers.py:75
-#: audits/serializers.py:192
+#: assets/serializers/platform.py:171 audits/serializers.py:77
+#: audits/serializers.py:194
 #: authentication/serializers/connect_token_secret.py:126 ops/models/job.py:153
 #: perms/serializers/user_permission.py:27 terminal/models/applet/applet.py:40
 #: terminal/models/component/storage.py:58
@@ -959,7 +959,7 @@ msgstr "ID"
 #: acls/templates/acls/user_login_reminder.html:8
 #: assets/models/cmd_filter.py:24 assets/models/label.py:16 audits/models.py:54
 #: audits/models.py:90 audits/models.py:172 audits/models.py:271
-#: audits/serializers.py:193 authentication/models/connection_token.py:32
+#: audits/serializers.py:195 authentication/models/connection_token.py:32
 #: authentication/models/ssh_key.py:22 authentication/models/sso_token.py:16
 #: notifications/models/notification.py:12
 #: perms/api/user_permission/mixin.py:55 perms/models/asset_permission.py:63
@@ -1136,17 +1136,17 @@ msgstr "参数设置，目前只对 AIX LINUX UNIX 类型的资产有效。"
 msgid "Automation task execution"
 msgstr "自动化任务执行历史"
 
-#: accounts/signal_handlers.py:48
+#: accounts/signal_handlers.py:51
 #, python-format
 msgid "Push related accounts to assets: %s, by system"
 msgstr "推送账号到资产: %s, 由系统执行"
 
-#: accounts/signal_handlers.py:57
+#: accounts/signal_handlers.py:60
 #, python-format
 msgid "Add account: %s"
 msgstr "添加账号: %s"
 
-#: accounts/signal_handlers.py:59
+#: accounts/signal_handlers.py:62
 #, python-format
 msgid "Delete account: %s"
 msgstr "删除账号: %s"
@@ -1269,11 +1269,11 @@ msgid ""
 "        Accounts' this task will be executed"
 msgstr "当在控制台-账号模板-账号-同步更新账号信息点击同步时，执行该任务"
 
-#: accounts/tasks/vault.py:32
+#: accounts/tasks/vault.py:33
 msgid "Sync secret to vault"
 msgstr "同步密文到 vault"
 
-#: accounts/tasks/vault.py:34
+#: accounts/tasks/vault.py:35
 msgid ""
 "When clicking 'Sync' in 'System Settings - Features - Account Storage' this "
 "task will be executed"
@@ -1388,7 +1388,7 @@ msgstr "激活中"
 
 #: acls/models/base.py:81 perms/serializers/permission.py:42
 #: tickets/models/flow.py:23 users/models/preference.py:16
-#: users/serializers/group.py:21 users/serializers/user.py:424
+#: users/serializers/group.py:21 users/serializers/user.py:432
 msgid "Users"
 msgstr "用户"
 
@@ -1400,7 +1400,7 @@ msgid "Accounts"
 msgstr "账号"
 
 #: acls/models/command_acl.py:16 assets/models/cmd_filter.py:60
-#: audits/serializers.py:38 ops/serializers/job.py:79 terminal/const.py:88
+#: audits/serializers.py:38 ops/serializers/job.py:91 terminal/const.py:88
 #: terminal/models/session/session.py:43 terminal/serializers/command.py:18
 #: terminal/templates/terminal/_msg_command_alert.html:12
 #: terminal/templates/terminal/_msg_command_execute_alert.html:10
@@ -1588,7 +1588,7 @@ msgid "Login city"
 msgstr "登录城市"
 
 #: acls/templates/acls/user_login_reminder.html:11 audits/models.py:197
-#: audits/models.py:266 audits/serializers.py:90
+#: audits/models.py:266 audits/serializers.py:92
 msgid "User agent"
 msgstr "用户代理"
 
@@ -1722,7 +1722,7 @@ msgstr "脚本"
 
 #: assets/const/category.py:10 assets/models/asset/host.py:8
 #: settings/serializers/auth/radius.py:17 settings/serializers/auth/sms.py:76
-#: settings/serializers/feature.py:71 settings/serializers/feature.py:84
+#: settings/serializers/feature.py:80 settings/serializers/feature.py:93
 #: settings/serializers/msg.py:30 terminal/models/component/endpoint.py:14
 #: terminal/serializers/applet.py:17 xpack/plugins/cloud/manager.py:89
 #: xpack/plugins/cloud/serializers/account_attrs.py:72
@@ -2031,7 +2031,7 @@ msgstr "忽略证书校验"
 msgid "Postgresql SSL mode"
 msgstr "PostgreSQL SSL 模式"
 
-#: assets/models/asset/gpt.py:8 settings/serializers/feature.py:114
+#: assets/models/asset/gpt.py:8 settings/serializers/feature.py:123
 msgid "Proxy"
 msgstr "代理"
 
@@ -2858,7 +2858,7 @@ msgstr "是"
 msgid "No"
 msgstr "否"
 
-#: audits/models.py:47 rbac/tree.py:67
+#: audits/models.py:47
 msgid "Job audit log"
 msgstr "作业审计日志"
 
@@ -2867,7 +2867,7 @@ msgstr "作业审计日志"
 msgid "Remote addr"
 msgstr "远端地址"
 
-#: audits/models.py:61 audits/serializers.py:60
+#: audits/models.py:61 audits/serializers.py:62
 msgid "Operate"
 msgstr "操作"
 
@@ -2892,12 +2892,12 @@ msgstr "会话"
 msgid "File transfer log"
 msgstr "文件传输"
 
-#: audits/models.py:94 audits/serializers.py:108
+#: audits/models.py:94 audits/serializers.py:110
 msgid "Resource Type"
 msgstr "资源类型"
 
 #: audits/models.py:95 audits/models.py:98 audits/models.py:144
-#: audits/serializers.py:107 labels/serializers.py:46
+#: audits/serializers.py:109 labels/serializers.py:46
 msgid "Resource"
 msgstr "资源"
 
@@ -2939,9 +2939,9 @@ msgstr "登录方式"
 msgid "Login IP"
 msgstr "登录 IP"
 
-#: audits/models.py:200 audits/serializers.py:74
+#: audits/models.py:200 audits/serializers.py:76
 #: authentication/templates/authentication/_mfa_confirm_modal.html:14
-#: users/forms/profile.py:63 users/models/user/__init__.py:86
+#: users/forms/profile.py:64 users/models/user/__init__.py:86
 #: users/serializers/profile.py:70
 msgid "MFA"
 msgstr "MFA"
@@ -2992,20 +2992,20 @@ msgstr "汇总"
 msgid "Execution cycle"
 msgstr "周期执行"
 
-#: audits/serializers.py:91
+#: audits/serializers.py:93
 msgid "Reason display"
 msgstr "原因描述"
 
-#: audits/serializers.py:92 audits/serializers.py:206
+#: audits/serializers.py:94 audits/serializers.py:208
 msgid "Auth backend display"
 msgstr "认证方式"
 
-#: audits/serializers.py:156
+#: audits/serializers.py:158
 #, python-format
 msgid "%s %s this resource"
 msgstr "用户 %s %s 了当前资源"
 
-#: audits/serializers.py:194 authentication/models/connection_token.py:47
+#: audits/serializers.py:196 authentication/models/connection_token.py:47
 #: authentication/models/temp_token.py:13 perms/models/asset_permission.py:80
 #: tickets/models/ticket/apply_application.py:31
 #: tickets/models/ticket/apply_asset.py:20 users/models/user/__init__.py:105
@@ -3150,22 +3150,22 @@ msgstr "ACL 动作是复核"
 msgid "Current user not support mfa type: {}"
 msgstr "当前用户不支持 MFA 类型: {}"
 
-#: authentication/api/password.py:33 terminal/api/session/session.py:334
+#: authentication/api/password.py:34 terminal/api/session/session.py:334
 #: users/views/profile/reset.py:63
 msgid "User does not exist: {}"
 msgstr "用户不存在: {}"
 
-#: authentication/api/password.py:33 users/views/profile/reset.py:166
+#: authentication/api/password.py:34 users/views/profile/reset.py:166
 msgid "No user matched"
 msgstr "没有匹配到用户"
 
-#: authentication/api/password.py:37
+#: authentication/api/password.py:38
 msgid ""
 "The user is from {}, please go to the corresponding system to change the "
 "password"
 msgstr "用户来自 {} 请去相应系统修改密码"
 
-#: authentication/api/password.py:65
+#: authentication/api/password.py:69
 #: authentication/templates/authentication/login.html:393
 #: users/templates/users/forgot_password.html:41
 #: users/templates/users/forgot_password.html:42
@@ -3404,15 +3404,15 @@ msgstr "您的密码无效"
 msgid "Please wait for %s seconds before retry"
 msgstr "请在 %s 秒后重试"
 
-#: authentication/errors/redirect.py:85 authentication/mixins.py:365
+#: authentication/errors/redirect.py:85 authentication/mixins.py:373
 msgid "Your password is too simple, please change it for security"
 msgstr "你的密码过于简单，为了安全，请修改"
 
-#: authentication/errors/redirect.py:93 authentication/mixins.py:374
+#: authentication/errors/redirect.py:93 authentication/mixins.py:382
 msgid "You should to change your password before login"
 msgstr "登录完成前，请先修改密码"
 
-#: authentication/errors/redirect.py:101 authentication/mixins.py:383
+#: authentication/errors/redirect.py:101 authentication/mixins.py:391
 msgid "Your password has expired, please reset before logging in"
 msgstr "您的密码已过期，先修改再登录"
 
@@ -3433,7 +3433,7 @@ msgstr "MFA 类型"
 msgid "Captcha"
 msgstr "验证码"
 
-#: authentication/forms.py:66 users/forms/profile.py:27
+#: authentication/forms.py:66 users/forms/profile.py:28
 msgid "MFA code"
 msgstr "MFA 验证码"
 
@@ -3497,28 +3497,28 @@ msgstr "Radius 动态安全码"
 msgid "Radius global enabled, cannot disable"
 msgstr "Radius MFA 全局开启，无法被禁用"
 
-#: authentication/mfa/sms.py:7
+#: authentication/mfa/sms.py:8
 msgid "SMS verify code invalid"
 msgstr "短信验证码校验失败"
 
-#: authentication/mfa/sms.py:12 authentication/serializers/password_mfa.py:17
+#: authentication/mfa/sms.py:13 authentication/serializers/password_mfa.py:17
 #: authentication/serializers/password_mfa.py:25
 #: settings/serializers/auth/sms.py:18 settings/serializers/auth/sms.py:36
-#: users/forms/profile.py:103 users/forms/profile.py:108
+#: users/forms/profile.py:104 users/forms/profile.py:111
 #: users/templates/users/forgot_password.html:157
 #: users/views/profile/reset.py:100
 msgid "SMS"
 msgstr "短信"
 
-#: authentication/mfa/sms.py:13
+#: authentication/mfa/sms.py:14
 msgid "SMS verification code"
 msgstr "短信验证码"
 
-#: authentication/mfa/sms.py:57
+#: authentication/mfa/sms.py:63
 msgid "Set phone number to enable"
 msgstr "设置手机号码启用"
 
-#: authentication/mfa/sms.py:61
+#: authentication/mfa/sms.py:67
 msgid "Clear phone number to disable"
 msgstr "清空手机号码禁用"
 
@@ -3536,11 +3536,11 @@ msgid ""
 "            The current user source is {}. Please contact the administrator."
 msgstr "管理员已开启'仅允许从用户来源登录'，当前用户来源为{}，请联系管理员。"
 
-#: authentication/mixins.py:311
+#: authentication/mixins.py:319
 msgid "The MFA type ({}) is not enabled"
 msgstr "该 MFA ({}) 方式没有启用"
 
-#: authentication/mixins.py:353
+#: authentication/mixins.py:361
 msgid "Please change your password"
 msgstr "请修改密码"
 
@@ -3641,7 +3641,7 @@ msgid "Private key"
 msgstr "ssh私钥"
 
 #: authentication/models/ssh_key.py:18 settings/serializers/terminal.py:34
-#: users/forms/profile.py:172 users/models/user/__init__.py:96
+#: users/forms/profile.py:175 users/models/user/__init__.py:96
 #: xpack/plugins/cloud/serializers/account_attrs.py:210
 msgid "Public key"
 msgstr "SSH公钥"
@@ -3752,7 +3752,7 @@ msgid ""
 "downloaded once"
 msgstr "创建完成后请下载私钥，每个私钥只有一次下载机会"
 
-#: authentication/serializers/ssh_key.py:57 users/forms/profile.py:161
+#: authentication/serializers/ssh_key.py:57 users/forms/profile.py:164
 #: users/serializers/profile.py:133 users/serializers/profile.py:160
 msgid "Not a valid ssh public key"
 msgstr "SSH密钥不合法"
@@ -3886,7 +3886,7 @@ msgstr "重新申请"
 #: authentication/templates/authentication/_msg_reset_password_code.html:12
 #: terminal/models/session/sharing.py:27 terminal/models/session/sharing.py:97
 #: terminal/templates/terminal/_msg_session_sharing.html:12
-#: users/forms/profile.py:106 users/templates/users/forgot_password.html:98
+#: users/forms/profile.py:108 users/templates/users/forgot_password.html:98
 msgid "Verify code"
 msgstr "验证码"
 
@@ -3934,7 +3934,7 @@ msgstr "如果这次公钥更新不是由你发起的，那么你的账号可能
 msgid "Cancel"
 msgstr "取消"
 
-#: authentication/templates/authentication/face_capture.html:44
+#: authentication/templates/authentication/face_capture.html:14
 msgid "Retry"
 msgstr "重试"
 
@@ -4706,6 +4706,10 @@ msgstr "Ansible 已禁用"
 msgid "Skip hosts below:"
 msgstr "跳过以下主机: "
 
+#: ops/api/adhoc.py:32
+msgid "Deleting other people's script is not allowed"
+msgstr "不允许删除别人的脚本"
+
 #: ops/api/celery.py:66 ops/api/celery.py:81
 msgid "Waiting task start"
 msgstr "等待任务开始"
@@ -4750,6 +4754,10 @@ msgid ""
 "The task is being created and cannot be interrupted. Please try again later."
 msgstr "正在创建任务，无法中断，请稍后重试。"
 
+#: ops/api/playbook.py:49
+msgid "Deleting other people's playbook is not allowed"
+msgstr "不允许删除别人的playbook"
+
 #: ops/api/playbook.py:55
 msgid "Currently playbook is being used in a job"
 msgstr "当前 playbook 正在作业中使用"
@@ -4815,7 +4823,7 @@ msgid "VCS"
 msgstr "VCS"
 
 #: ops/const.py:38 ops/models/adhoc.py:44 ops/models/variable.py:26
-#: settings/serializers/feature.py:145
+#: settings/serializers/feature.py:154
 msgid "Adhoc"
 msgstr "命令"
 
@@ -5024,7 +5032,7 @@ msgstr "运行用户"
 msgid "Run as policy"
 msgstr "用户策略"
 
-#: ops/models/job.py:223 ops/models/variable.py:28 ops/serializers/job.py:98
+#: ops/models/job.py:223 ops/models/variable.py:28 ops/serializers/job.py:110
 #: terminal/notifications.py:182
 msgid "Job"
 msgstr "作业"
@@ -5115,23 +5123,23 @@ msgstr "下次执行时间"
 msgid "Execute after saving"
 msgstr "保存后执行"
 
-#: ops/serializers/job.py:58 terminal/serializers/session.py:49
+#: ops/serializers/job.py:70 terminal/serializers/session.py:49
 msgid "Duration"
 msgstr "时长"
 
-#: ops/serializers/job.py:78
+#: ops/serializers/job.py:90
 msgid "Job type"
 msgstr "任务类型"
 
-#: ops/serializers/job.py:81 terminal/serializers/session.py:58
+#: ops/serializers/job.py:93 terminal/serializers/session.py:58
 msgid "Is finished"
 msgstr "是否完成"
 
-#: ops/serializers/job.py:95
+#: ops/serializers/job.py:107
 msgid "Task id"
 msgstr "任务 ID"
 
-#: ops/serializers/job.py:104
+#: ops/serializers/job.py:116
 msgid "You do not have permission for the current job."
 msgstr "你没有当前作业的权限。"
 
@@ -5441,7 +5449,7 @@ msgid "today"
 msgstr "今天"
 
 #: perms/notifications.py:12 perms/notifications.py:44
-#: settings/serializers/feature.py:136
+#: settings/serializers/feature.py:145
 msgid "day"
 msgstr "天"
 
@@ -5696,7 +5704,7 @@ msgstr "账号改密"
 msgid "App ops"
 msgstr "作业中心"
 
-#: rbac/tree.py:57 settings/serializers/feature.py:142
+#: rbac/tree.py:57 settings/serializers/feature.py:151
 msgid "Feature"
 msgstr "功能"
 
@@ -5719,10 +5727,14 @@ msgid "Appearance"
 msgstr "界面"
 
 #: rbac/tree.py:65 xpack/plugins/license/meta.py:10
-#: xpack/plugins/license/models.py:155
+#: xpack/plugins/license/models.py:154
 msgid "License"
 msgstr "许可证"
 
+#: rbac/tree.py:67
+msgid "Job audit"
+msgstr "作业审计"
+
 #: rbac/tree.py:159
 msgid "App organizations"
 msgstr "组织管理"
@@ -5731,8 +5743,8 @@ msgstr "组织管理"
 msgid "Ticket comment"
 msgstr "工单评论"
 
-#: rbac/tree.py:161 settings/serializers/feature.py:123
-#: settings/serializers/feature.py:125 tickets/models/ticket/general.py:308
+#: rbac/tree.py:161 settings/serializers/feature.py:132
+#: settings/serializers/feature.py:134 tickets/models/ticket/general.py:308
 msgid "Ticket"
 msgstr "工单"
 
@@ -6143,13 +6155,13 @@ msgstr "图标"
 msgid "Service provider"
 msgstr "服务提供商"
 
-#: settings/serializers/auth/oauth2.py:31 settings/serializers/feature.py:87
+#: settings/serializers/auth/oauth2.py:31 settings/serializers/feature.py:96
 #: xpack/plugins/cloud/serializers/account_attrs.py:35
 msgid "Client ID"
 msgstr "客户端 ID"
 
 #: settings/serializers/auth/oauth2.py:34 settings/serializers/auth/oidc.py:24
-#: settings/serializers/feature.py:90
+#: settings/serializers/feature.py:99
 #: xpack/plugins/cloud/serializers/account_attrs.py:38
 msgid "Client Secret"
 msgstr "客户端密钥"
@@ -6590,19 +6602,19 @@ msgstr "结束日期"
 msgid "Announcement"
 msgstr "公告"
 
-#: settings/serializers/feature.py:47 settings/serializers/feature.py:50
+#: settings/serializers/feature.py:56 settings/serializers/feature.py:59
 msgid "Vault"
 msgstr "启用 Vault"
 
-#: settings/serializers/feature.py:53
+#: settings/serializers/feature.py:62
 msgid "Vault provider"
 msgstr "保管库服务商"
 
-#: settings/serializers/feature.py:57
+#: settings/serializers/feature.py:66
 msgid "Record limit"
 msgstr "记录限制"
 
-#: settings/serializers/feature.py:59
+#: settings/serializers/feature.py:68
 msgid ""
 "If the specific value is less than 999 (default), the system will "
 "automatically perform a task every night: check and delete historical "
@@ -6612,83 +6624,83 @@ msgstr ""
 "若特定数值小于999，系统将在每日晚间自动执行任务：检查并删除超出预定数量的历史"
 "账号。如果该数值达到或超过999，则不进行任何历史账号的删除操作。"
 
-#: settings/serializers/feature.py:77
+#: settings/serializers/feature.py:86
 msgid "Mount Point"
 msgstr "挂载点"
 
-#: settings/serializers/feature.py:93
+#: settings/serializers/feature.py:102
 #: xpack/plugins/cloud/serializers/account_attrs.py:41
 msgid "Tenant ID"
 msgstr "租户 ID"
 
-#: settings/serializers/feature.py:98 settings/serializers/feature.py:104
+#: settings/serializers/feature.py:107 settings/serializers/feature.py:113
 msgid "Chat AI"
 msgstr "聊天 AI"
 
-#: settings/serializers/feature.py:107
+#: settings/serializers/feature.py:116
 msgid "GPT Base URL"
 msgstr "GPT 地址"
 
-#: settings/serializers/feature.py:108
+#: settings/serializers/feature.py:117
 msgid "The base URL of the GPT service. For example: https://api.openai.com/v1"
 msgstr "GPT 服务的基本 URL。例如：https://api.openai.com/v1"
 
-#: settings/serializers/feature.py:111 templates/_header_bar.html:96
+#: settings/serializers/feature.py:120 templates/_header_bar.html:96
 msgid "API Key"
 msgstr "API Key"
 
-#: settings/serializers/feature.py:115
+#: settings/serializers/feature.py:124
 msgid ""
 "The proxy server address of the GPT service. For example: http://ip:port"
 msgstr "GPT 服务的代理服务器地址。例如：http://ip:port"
 
-#: settings/serializers/feature.py:118
+#: settings/serializers/feature.py:127
 msgid "GPT Model"
 msgstr "GPT 模型"
 
-#: settings/serializers/feature.py:127
+#: settings/serializers/feature.py:136
 msgid "Approval without login"
 msgstr "免登录审批"
 
-#: settings/serializers/feature.py:128
+#: settings/serializers/feature.py:137
 msgid "Allow direct approval ticket without login"
 msgstr "允许无需登录直接批准工单"
 
-#: settings/serializers/feature.py:132
+#: settings/serializers/feature.py:141
 msgid "Period"
 msgstr "时段"
 
-#: settings/serializers/feature.py:133
+#: settings/serializers/feature.py:142
 msgid ""
 "The default authorization time period when applying for assets via a ticket"
 msgstr "工单申请资产的默认授权时间段"
 
-#: settings/serializers/feature.py:136
+#: settings/serializers/feature.py:145
 msgid "hour"
 msgstr "时"
 
-#: settings/serializers/feature.py:137
+#: settings/serializers/feature.py:146
 msgid "Unit"
 msgstr "单位"
 
-#: settings/serializers/feature.py:137
+#: settings/serializers/feature.py:146
 msgid "The unit of period"
 msgstr "执行周期"
 
-#: settings/serializers/feature.py:146
+#: settings/serializers/feature.py:155
 msgid ""
 "Allow users to execute batch commands in the Workbench - Job Center - Adhoc"
 msgstr "允许用户在工作台 - 作业中心 - Adhoc 中执行批量命令"
 
-#: settings/serializers/feature.py:150
+#: settings/serializers/feature.py:159
 msgid "Command blacklist"
 msgstr "作业中心命令黑名单"
 
-#: settings/serializers/feature.py:151
+#: settings/serializers/feature.py:160
 msgid "Command blacklist in Adhoc"
 msgstr "作业中心命令黑名单"
 
-#: settings/serializers/feature.py:156
+#: settings/serializers/feature.py:165
 #: terminal/models/virtualapp/provider.py:17
 #: terminal/models/virtualapp/virtualapp.py:36
 #: terminal/models/virtualapp/virtualapp.py:97
@@ -6696,11 +6708,11 @@ msgstr "作业中心命令黑名单"
 msgid "Virtual app"
 msgstr "虚拟应用"
 
-#: settings/serializers/feature.py:159
+#: settings/serializers/feature.py:168
 msgid "Virtual App"
 msgstr "虚拟应用"
 
-#: settings/serializers/feature.py:161
+#: settings/serializers/feature.py:170
 msgid ""
 "Virtual applications, you can use the Linux operating system as an "
 "application server in remote applications."
@@ -7351,7 +7363,7 @@ msgstr "文档"
 msgid "Commercial support"
 msgstr "商业支持"
 
-#: templates/_header_bar.html:85 users/forms/profile.py:43
+#: templates/_header_bar.html:85 users/forms/profile.py:44
 msgid "Profile"
 msgstr "个人信息"
 
@@ -9051,7 +9063,7 @@ msgstr "无法删除全部用户"
 msgid "Create failed. The number of SSH keys has reached the limit"
 msgstr "创建失败，SSH密钥数量已达到上限"
 
-#: users/forms/profile.py:48
+#: users/forms/profile.py:49
 msgid ""
 "When enabled, you will enter the MFA binding process the next time you log "
 "in. you can also directly bind in \"personal information -> quick "
@@ -9060,11 +9072,11 @@ msgstr ""
 "启用之后您将会在下次登录时进入多因子认证绑定流程；您也可以在 (个人信息->快速"
 "修改->设置 MFA 多因子认证)中直接绑定！"
 
-#: users/forms/profile.py:59
+#: users/forms/profile.py:60
 msgid "* Enable MFA to make the account more secure."
 msgstr "* 启用 MFA 多因子认证，使账号更加安全。"
 
-#: users/forms/profile.py:68
+#: users/forms/profile.py:69
 msgid ""
 "In order to protect you and your company, please keep your account, password "
 "and key sensitive information properly. (for example: setting complex "
@@ -9073,47 +9085,47 @@ msgstr ""
 "为了保护您和公司的安全，请妥善保管您的账号、密码和密钥等重要敏感信息； (如："
 "设置复杂密码，并启用 MFA 多因子认证)"
 
-#: users/forms/profile.py:82 users/serializers/preference/lina.py:21
+#: users/forms/profile.py:83 users/serializers/preference/lina.py:21
 msgid "New password"
 msgstr "新密码"
 
-#: users/forms/profile.py:87 users/serializers/preference/lina.py:26
+#: users/forms/profile.py:88 users/serializers/preference/lina.py:26
 msgid "Confirm password"
 msgstr "确认密码"
 
-#: users/forms/profile.py:95
+#: users/forms/profile.py:96
 msgid "Password does not match"
 msgstr "密码不一致"
 
-#: users/forms/profile.py:104
+#: users/forms/profile.py:105
 msgid "The phone number must contain an area code, for example, +86"
 msgstr "手机号码必须包含区号，例如 +86"
 
-#: users/forms/profile.py:120
+#: users/forms/profile.py:123
 msgid "Old password"
 msgstr "原来密码"
 
-#: users/forms/profile.py:130
+#: users/forms/profile.py:133
 msgid "Old password error"
 msgstr "原来密码错误"
 
-#: users/forms/profile.py:140
+#: users/forms/profile.py:143
 msgid "Automatically configure and download the SSH key"
 msgstr "自动配置并下载SSH密钥"
 
-#: users/forms/profile.py:142
+#: users/forms/profile.py:145
 msgid "ssh public key"
 msgstr "SSH公钥"
 
-#: users/forms/profile.py:143
+#: users/forms/profile.py:146
 msgid "ssh-rsa AAAA..."
 msgstr "ssh-rsa AAAA..."
 
-#: users/forms/profile.py:144
+#: users/forms/profile.py:147
 msgid "Paste your id_rsa.pub here."
 msgstr "复制你的公钥到这里"
 
-#: users/forms/profile.py:157
+#: users/forms/profile.py:160
 msgid "Public key should not be the same as your old one."
 msgstr "不能和原来的密钥相同"
 
@@ -9422,12 +9434,12 @@ msgstr "MFA"
 msgid "Multi-Factor Authentication"
 msgstr "认证"
 
-#: users/serializers/user.py:426
+#: users/serializers/user.py:434
 msgid ""
 "* For security, only a partial of users is displayed. You can search for more"
 msgstr "* 为安全起见，只显示部分用户。您可以搜索更多"
 
-#: users/serializers/user.py:461
+#: users/serializers/user.py:469
 msgid "name not unique"
 msgstr "名称重复"
 
@@ -10608,7 +10620,7 @@ msgstr "企业专业版"
 msgid "Ultimate edition"
 msgstr "企业旗舰版"
 
-#: xpack/plugins/license/models.py:101
+#: xpack/plugins/license/models.py:100
 msgid "FIT2CLOUD"
 msgstr "飞致云"
 
diff --git a/apps/ops/api/adhoc.py b/apps/ops/api/adhoc.py
index 9db6835cf..d9eb35a51 100644
--- a/apps/ops/api/adhoc.py
+++ b/apps/ops/api/adhoc.py
@@ -1,5 +1,6 @@
 # -*- coding: utf-8 -*-
 from django.db.models import Q
+from django.utils.translation import gettext_lazy as _
 
 from common.api.generic import JMSBulkModelViewSet
 from common.utils.http import is_true
@@ -28,7 +29,7 @@ class AdHocViewSet(JMSBulkModelViewSet):
     def check_object_permissions(self, request, obj):
         if request.method != 'GET' and obj.creator != request.user:
             self.permission_denied(
-                request, message={"detail": "Deleting other people's script is not allowed"}
+                request, message={"detail": _("Deleting other people's script is not allowed")}
             )
         return super().check_object_permissions(request, obj)
 
diff --git a/apps/ops/api/job.py b/apps/ops/api/job.py
index 04b2c6bd8..967e50524 100644
--- a/apps/ops/api/job.py
+++ b/apps/ops/api/job.py
@@ -105,6 +105,7 @@ class JobViewSet(OrgBulkModelViewSet):
 
     def perform_update(self, serializer):
         run_after_save = serializer.validated_data.pop('run_after_save', False)
+        self._parameters = serializer.validated_data.pop('parameters', None)
         instance = serializer.save()
         if run_after_save:
             self.run_job(instance, serializer)
diff --git a/apps/ops/api/playbook.py b/apps/ops/api/playbook.py
index bb2a886d7..292f8bd87 100644
--- a/apps/ops/api/playbook.py
+++ b/apps/ops/api/playbook.py
@@ -46,7 +46,7 @@ class PlaybookViewSet(JMSBulkModelViewSet):
     def check_object_permissions(self, request, obj):
         if request.method != 'GET' and obj.creator != request.user:
             self.permission_denied(
-                request, message={"detail": "Deleting other people's playbook is not allowed"}
+                request, message={"detail": _("Deleting other people's playbook is not allowed")}
             )
         return super().check_object_permissions(request, obj)
 
diff --git a/apps/ops/serializers/job.py b/apps/ops/serializers/job.py
index 555532261..3ad738e55 100644
--- a/apps/ops/serializers/job.py
+++ b/apps/ops/serializers/job.py
@@ -38,6 +38,18 @@ class JobSerializer(BulkOrgResourceModelSerializer, PeriodTaskSerializerMixin, W
         user = request.user if request else None
         return user
 
+    def get_periodic_variable(self, variables):
+        periodic_variable = {}
+        for variable in variables:
+            periodic_variable[variable['var_name']] = variable['default_value']
+        return periodic_variable
+
+    def validate(self, attrs):
+        attrs = super().validate(attrs)
+        if attrs.get('is_periodic') is True:
+            attrs['periodic_variable'] = self.get_periodic_variable(attrs.get('variable', []))
+        return attrs
+
     class Meta:
         model = Job
         read_only_fields = [
diff --git a/apps/rbac/tree.py b/apps/rbac/tree.py
index 80b6242db..230fe81a8 100644
--- a/apps/rbac/tree.py
+++ b/apps/rbac/tree.py
@@ -64,7 +64,7 @@ extra_nodes_data = [
     {'id': "tasks", "name": _("Task"), "pId": "view_setting"},
     {'id': "license", "name": _("License"), "pId": "view_setting"},
     {'id': "other", "name": _("Other"), "pId": "view_setting"},
-    {'id': "job_audit", "name": _("Job audit log"), "pId": "view_audit"},
+    {'id': "job_audit", "name": _("Job audit"), "pId": "view_audit"},
 ]
 
 # 将 model 放到其它节点下，而不是本来的 app 中

From 68a490d30552c046171c90000e5a5e75556cd829 Mon Sep 17 00:00:00 2001
From: feng <1304903146@qq.com>
Date: Thu, 21 Nov 2024 11:38:42 +0800
Subject: [PATCH 10/18] perf: Hide azure vault

---
 apps/accounts/backends/__init__.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/apps/accounts/backends/__init__.py b/apps/accounts/backends/__init__.py
index 5e26cfc76..70d55ca2e 100644
--- a/apps/accounts/backends/__init__.py
+++ b/apps/accounts/backends/__init__.py
@@ -12,6 +12,10 @@ logger = get_logger(__file__)
 
 def get_vault_client(raise_exception=False, **kwargs):
     tp = kwargs.get('VAULT_BACKEND') if kwargs.get('VAULT_ENABLED') else VaultTypeChoices.local
+
+    # TODO: Temporary processing, subsequent deletion
+    tp = VaultTypeChoices.local if tp == VaultTypeChoices.azure else tp
+
     try:
         module_path = f'apps.accounts.backends.{tp}.main'
         client = import_module(module_path).Vault(**kwargs)

From 0ae2f04f281044ba9b6d23508b30482b98929674 Mon Sep 17 00:00:00 2001
From: wangruidong <940853815@qq.com>
Date: Thu, 21 Nov 2024 11:24:12 +0800
Subject: [PATCH 11/18] fix: view ops job celery log no perms

---
 apps/ops/ws.py | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/apps/ops/ws.py b/apps/ops/ws.py
index a9660482a..21c60dd6e 100644
--- a/apps/ops/ws.py
+++ b/apps/ops/ws.py
@@ -55,6 +55,10 @@ class TaskLogWebsocket(AsyncJsonWebsocketConsumer):
         user_role_ids = set(map(str, roles.values_list('id', flat=True)))
         return user_role_ids
 
+    @sync_to_async
+    def has_perms(self, user, perms):
+        return user.has_perms(perms)
+
     async def receive_json(self, content, **kwargs):
         task_id = content.get('task')
         task = await self.get_task(task_id)
@@ -71,8 +75,10 @@ class TaskLogWebsocket(AsyncJsonWebsocketConsumer):
         user = self.scope['user']
         user_role_ids = await self.get_current_user_role_ids(user)
         has_admin_auditor_role = bool(admin_auditor_role_ids & user_role_ids)
-
-        if not has_admin_auditor_role and task.name in self.user_tasks and task.creator != user:
+        has_perms = await self.has_perms(user, ['audits.view_joblog'])
+        user_can_view = task.name in self.user_tasks and (task.creator == user or has_perms)
+        # (有管理员或审计员角色) 或者 (任务是用户自己创建的 或者 有查看任务日志权限), 其他情况没有权限
+        if not (has_admin_auditor_role or user_can_view):
             await self.send_json({'message': 'No permission', 'task': task_id})
             return
 

From 230924baace3eb544af09f831031970d923a9d4a Mon Sep 17 00:00:00 2001
From: feng <1304903146@qq.com>
Date: Thu, 21 Nov 2024 13:36:00 +0800
Subject: [PATCH 12/18] fix: Vault proxy

---
 apps/accounts/backends/__init__.py | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/apps/accounts/backends/__init__.py b/apps/accounts/backends/__init__.py
index 70d55ca2e..5b880da68 100644
--- a/apps/accounts/backends/__init__.py
+++ b/apps/accounts/backends/__init__.py
@@ -1,6 +1,6 @@
 from importlib import import_module
 
-from django.utils.functional import LazyObject
+from django.utils.functional import LazyObject, empty
 
 from common.utils import get_logger
 from ..const import VaultTypeChoices
@@ -44,5 +44,4 @@ vault_client = VaultClient()
 
 
 def refresh_vault_client():
-    vault_client._wrapped = None
-    vault_client._setup()
+    vault_client._wrapped = empty

From e491a724ed4cf19191d4e25865763b1477daffa3 Mon Sep 17 00:00:00 2001
From: feng <1304903146@qq.com>
Date: Thu, 21 Nov 2024 11:24:56 +0800
Subject: [PATCH 13/18] perf: Video player download

---
 apps/jumpserver/views/other.py        | 2 +-
 apps/templates/resource_download.html | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/apps/jumpserver/views/other.py b/apps/jumpserver/views/other.py
index 0d38a4f87..95ad4dff3 100644
--- a/apps/jumpserver/views/other.py
+++ b/apps/jumpserver/views/other.py
@@ -101,7 +101,7 @@ class ResourceDownload(TemplateView):
         MRD_VERSION=10.6.7
         OPENSSH_VERSION=v9.4.0.0
         TINKER_VERSION=v0.1.6
-        VIDEO_PLAYER_VERSION=0.1.9
+        VIDEO_PLAYER_VERSION=0.2.0
         CLIENT_VERSION=v2.1.3
         """
 
diff --git a/apps/templates/resource_download.html b/apps/templates/resource_download.html
index 512626d72..90da1acb3 100644
--- a/apps/templates/resource_download.html
+++ b/apps/templates/resource_download.html
@@ -50,10 +50,10 @@ p {
     </div>
 
     <div class="group">
-        <h2>JumpServer {% trans 'Offline video player' %} v0.1.9</h2>
+        <h2>JumpServer {% trans 'Offline video player' %} v{{ VIDEO_PLAYER_VERSION }}</h2>
         <ul>
-            <li><a href="/download/public/JumpServer.Video.Player-{{ VIDEO_PLAYER_VERSION }}.dmg">jumpserver-video-player.dmg</a></li>
-            <li><a href="/download/public/JumpServer.Video.Player.Setup.{{ VIDEO_PLAYER_VERSION }}.exe">jumpserver-video-player.exe</a></li>
+            <li><a href="/download/public/JumpServerVideoPlayer-{{ VIDEO_PLAYER_VERSION }}.dmg">jumpserver-video-player.dmg</a></li>
+            <li><a href="/download/public/JumpServerVideoPlayer-{{ VIDEO_PLAYER_VERSION }}.exe">jumpserver-video-player.exe</a></li>
         </ul>
     </div>
 </div>

From 442290703a6db99ca4f6a604e4130ea498d8df95 Mon Sep 17 00:00:00 2001
From: fit2bot <68588906+fit2bot@users.noreply.github.com>
Date: Thu, 21 Nov 2024 14:26:22 +0800
Subject: [PATCH 14/18] fix: pyfreerdp verify account, the default value of
 gateway_args field is wrong (#14490)

* fix: pyfreerdp verify account, the default value of gateway_args field is wrong

* fix: pyfreerdp verify account, the default value of gateway_args field is wrong

---------

Co-authored-by: Ewall555 <a03216@foxmail.com>
---
 .../automations/change_secret/host/windows_rdp_verify/main.yml  | 2 +-
 .../automations/push_account/host/windows_rdp_verify/main.yml   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/apps/accounts/automations/change_secret/host/windows_rdp_verify/main.yml b/apps/accounts/automations/change_secret/host/windows_rdp_verify/main.yml
index 31da190ef..6c59ef7ef 100644
--- a/apps/accounts/automations/change_secret/host/windows_rdp_verify/main.yml
+++ b/apps/accounts/automations/change_secret/host/windows_rdp_verify/main.yml
@@ -30,6 +30,6 @@
         login_user: "{{ account.username }}"
         login_password: "{{ account.secret }}"
         login_secret_type: "{{ account.secret_type }}"
-        gateway_args: "{{ jms_gateway | default(None) }}"
+        gateway_args: "{{ jms_gateway | default({}) }}"
       when: account.secret_type == "password"
       delegate_to: localhost
diff --git a/apps/accounts/automations/push_account/host/windows_rdp_verify/main.yml b/apps/accounts/automations/push_account/host/windows_rdp_verify/main.yml
index e15b5889e..0c650bfb3 100644
--- a/apps/accounts/automations/push_account/host/windows_rdp_verify/main.yml
+++ b/apps/accounts/automations/push_account/host/windows_rdp_verify/main.yml
@@ -30,6 +30,6 @@
         login_user: "{{ account.username }}"
         login_password: "{{ account.secret }}"
         login_secret_type: "{{ account.secret_type }}"
-        gateway_args: "{{ jms_gateway | default(None) }}"
+        gateway_args: "{{ jms_gateway | default({}) }}"
       when: account.secret_type == "password"
       delegate_to: localhost

From 6db56eb2aa75c1d52ab7d34dd25d5c3cfb80d554 Mon Sep 17 00:00:00 2001
From: wangruidong <940853815@qq.com>
Date: Thu, 21 Nov 2024 17:19:43 +0800
Subject: [PATCH 15/18] fix: view ops job celery log no perms

---
 apps/i18n/lina/en.json |  4 ++--
 apps/ops/ws.py         | 28 ++++++++++++++++++++++++++--
 2 files changed, 28 insertions(+), 4 deletions(-)

diff --git a/apps/i18n/lina/en.json b/apps/i18n/lina/en.json
index fecab5059..8059b7dae 100644
--- a/apps/i18n/lina/en.json
+++ b/apps/i18n/lina/en.json
@@ -653,7 +653,7 @@
     "JobCenter": "Job center",
     "JobCreate": "Create job",
     "JobDetail": "Job details",
-    "JobExecutionLog": "Execution record",
+    "JobExecutionLog": "Executions",
     "JobManagement": "Job List",
     "JobUpdate": "Update the job",
     "KingSoftCloud": "KingSoft cloud",
@@ -1413,7 +1413,7 @@
     "forceEnableMFAHelpText": "If force enable, user can not disable by themselves",
     "removeWarningMsg": "Are you sure you want to remove",
     "setVariable": "Set variable",
-    "JobsAudit": "Jobs audit",
+    "JobsAudit": "Job audits",
     "JobList": "Job List",
     "StopJobMsg": "Stop job successfully",
     "ExtraArgsFormatError": "Format error, please enter according to the requirements",
diff --git a/apps/ops/ws.py b/apps/ops/ws.py
index 21c60dd6e..6b862999c 100644
--- a/apps/ops/ws.py
+++ b/apps/ops/ws.py
@@ -4,9 +4,12 @@ import os
 import aiofiles
 from asgiref.sync import sync_to_async
 from channels.generic.websocket import AsyncJsonWebsocketConsumer
+from http.cookies import SimpleCookie
 
 from common.db.utils import close_old_connections
 from common.utils import get_logger
+from orgs.models import Organization
+from orgs.utils import tmp_to_org, current_org
 from rbac.builtin import BuiltinRole
 from .ansible.utils import get_ansible_task_log_path
 from .celery.utils import get_celery_task_log_path
@@ -18,6 +21,8 @@ logger = get_logger(__name__)
 
 class TaskLogWebsocket(AsyncJsonWebsocketConsumer):
     disconnected = False
+    cookie = None
+    org = None
     user_tasks = (
         'ops.tasks.run_ops_job',
         'ops.tasks.run_ops_job_execution',
@@ -28,10 +33,25 @@ class TaskLogWebsocket(AsyncJsonWebsocketConsumer):
         'ansible': get_ansible_task_log_path
     }
 
+    def get_cookie(self):
+        try:
+            headers = self.scope['headers']
+            headers_dict = {key.decode('utf-8'): value.decode('utf-8') for key, value in headers}
+            cookie = SimpleCookie(headers_dict.get('cookie', ''))
+        except Exception as e:
+            cookie = SimpleCookie()
+        return cookie
+
+    def get_current_org(self):
+        oid = self.cookie.get('X-JMS-ORG')
+        return oid.value if oid else None
+
     async def connect(self):
         user = self.scope["user"]
         if user.is_authenticated:
             await self.accept()
+            self.cookie = self.get_cookie()
+            self.org = self.get_current_org()
         else:
             await self.close()
 
@@ -51,13 +71,17 @@ class TaskLogWebsocket(AsyncJsonWebsocketConsumer):
 
     @sync_to_async
     def get_current_user_role_ids(self, user):
-        roles = user.system_roles.all() | user.org_roles.all()
+        with tmp_to_org(self.org):
+            org_roles = user.org_roles.all()
+        system_roles = user.system_roles.all()
+        roles = system_roles | org_roles
         user_role_ids = set(map(str, roles.values_list('id', flat=True)))
         return user_role_ids
 
     @sync_to_async
     def has_perms(self, user, perms):
-        return user.has_perms(perms)
+        with tmp_to_org(self.org):
+            return user.has_perms(perms)
 
     async def receive_json(self, content, **kwargs):
         task_id = content.get('task')

From d2f7376f7850329dcb2b4299436a9406882d68d1 Mon Sep 17 00:00:00 2001
From: Bai <baijiangjie@gmail.com>
Date: Thu, 21 Nov 2024 18:36:36 +0800
Subject: [PATCH 16/18] fix: job execution stop failed

---
 apps/ops/api/job.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/apps/ops/api/job.py b/apps/ops/api/job.py
index 967e50524..d257d2209 100644
--- a/apps/ops/api/job.py
+++ b/apps/ops/api/job.py
@@ -228,9 +228,9 @@ class JobExecutionViewSet(OrgBulkModelViewSet):
         try:
             user = request.user
             if user.has_perm("audits.view_joblog"):
-                instance = get_object_or_404(JobExecution, pk=task_id)
+                instance = get_object_or_404(JobExecution, task_id=task_id)
             else:
-                instance = get_object_or_404(JobExecution, pk=task_id, creator=request.user)
+                instance = get_object_or_404(JobExecution, task_id=task_id, creator=request.user)
         except Http404:
             return Response(
                 {'error': _('The task is being created and cannot be interrupted. Please try again later.')},

From f7313bfcc157ff3680b03a73d0bb3dfb4b8b960e Mon Sep 17 00:00:00 2001
From: wangruidong <940853815@qq.com>
Date: Thu, 21 Nov 2024 18:42:09 +0800
Subject: [PATCH 17/18] perf: Audits job api disable periodic task

---
 apps/audits/api.py | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/apps/audits/api.py b/apps/audits/api.py
index d586f8e3b..0c7278476 100644
--- a/apps/audits/api.py
+++ b/apps/audits/api.py
@@ -7,6 +7,7 @@ from django.db.models import F, Value, CharField, Q
 from django.db.models.functions import Cast
 from django.http import HttpResponse, FileResponse
 from django.utils.encoding import escape_uri_path
+from django_celery_beat.models import PeriodicTask
 from rest_framework import generics
 from rest_framework import status
 from rest_framework import viewsets
@@ -74,6 +75,21 @@ class JobsAuditViewSet(OrgModelViewSet):
         queryset = queryset.exclude(type=Types.upload_file).filter(instant=False)
         return queryset
 
+    def perform_update(self, serializer):
+        job = self.get_object()
+        is_periodic = serializer.validated_data.get('is_periodic')
+        if job.is_periodic != is_periodic:
+            job.is_periodic = is_periodic
+            job.save()
+        name, task, args, kwargs = job.get_register_task()
+        task_obj = PeriodicTask.objects.filter(name=name).first()
+        if task_obj:
+            is_periodic = job.is_periodic
+            if task_obj.enabled != is_periodic:
+                task_obj.enabled = is_periodic
+                task_obj.save()
+        return super().perform_update(serializer)
+
 
 class FTPLogViewSet(OrgModelViewSet):
     model = FTPLog

From c9c55b5fcbf3d59d3ebdc067c27f9bb04ae1d3f7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=90=B4=E5=B0=8F=E7=99=BD?= <296015668@qq.com>
Date: Thu, 21 Nov 2024 20:30:03 +0800
Subject: [PATCH 18/18] fix: add libldap2-dev

---
 Dockerfile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Dockerfile b/Dockerfile
index da9ff59d2..82f87db5d 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -24,6 +24,7 @@ ENV LANG=en_US.UTF-8 \
     PATH=/opt/py3/bin:$PATH
 
 ARG DEPENDENCIES="                    \
+        libldap2-dev                  \
         libx11-dev"
 
 ARG TOOLS="                           \