[Update] 操作日志添加新的Record Model；用户登录日志采用同步机制；修改DatabaseAppAPI权限（加入AppUser）； (#3570)

* [Update] 操作日志 Model Need Record 添加RemoteApp、DatabaseApp、DatabaseAppPermission * [Update] 用户登录日志，采用同步机制 * [Update] 修改DatabaseApp API权限OrgAdmin和AppUser
2019-12-27 16:00:32 +08:00 · 2019-12-27 16:00:32 +08:00 · b4cf540e51
parent deeb9cdfa6
commit b4cf540e51
4 changed files with 7 additions and 14 deletions
--- a/apps/applications/api/database_app.py
+++ b/apps/applications/api/database_app.py
@ -2,11 +2,10 @@
 # 
 from orgs.mixins.api import OrgBulkModelViewSet
 from orgs.mixins import generics
 from .. import models
 from .. import serializers
-from ..hands import IsOrgAdmin, IsAppUser
+from ..hands import IsOrgAdminOrAppUser
 __all__ = [
    'DatabaseAppViewSet',
@ -17,5 +16,5 @@ class DatabaseAppViewSet(OrgBulkModelViewSet):
    model = models.DatabaseApp
    filter_fields = ('name',)
    search_fields = filter_fields
-    permission_classes = (IsOrgAdmin,)
+    permission_classes = (IsOrgAdminOrAppUser,)
    serializer_class = serializers.DatabaseAppSerializer
--- a/apps/audits/signals_handler.py
+++ b/apps/audits/signals_handler.py
@ -15,8 +15,8 @@ from users.signals import post_user_change_password
 from authentication.signals import post_auth_failed, post_auth_success
 from terminal.models import Session, Command
 from common.utils.encode import model_to_json
 from .utils import write_login_log
 from . import models
 from .tasks import write_login_log_async
 logger = get_logger(__name__)
 sys_logger = get_syslogger(__name__)
@ -27,7 +27,8 @@ MODELS_NEED_RECORD = (
    'User', 'UserGroup', 'Asset', 'Node', 'AdminUser', 'SystemUser',
    'Domain', 'Gateway', 'Organization', 'AssetPermission', 'CommandFilter',
    'CommandFilterRule', 'License', 'Setting', 'Account', 'SyncInstanceTask',
-    'Platform', 'RemoteAppPermission', 'ChangeAuthPlan', 'GatherUserTask',
+    'Platform', 'ChangeAuthPlan', 'GatherUserTask',
    'RemoteApp', 'RemoteAppPermission', 'DatabaseApp', 'DatabaseAppPermission',
 )
@ -133,7 +134,7 @@ def on_user_auth_success(sender, user, request, **kwargs):
    logger.debug('User login success: {}'.format(user.username))
    data = generate_data(user.username, request)
    data.update({'mfa': int(user.mfa_enabled), 'status': True})
-    write_login_log_async.delay(**data)
+    write_login_log(**data)
@receiver(post_auth_failed)
@ -141,4 +142,4 @@ def on_user_auth_failed(sender, username, request, reason, **kwargs):
    logger.debug('User login failed: {}'.format(username))
    data = generate_data(username, request)
    data.update({'reason': reason, 'status': False})
-    write_login_log_async.delay(**data)
+    write_login_log(**data)
--- a/apps/audits/tasks.py
+++ b/apps/audits/tasks.py
@ -7,7 +7,6 @@ from celery import shared_task
 from ops.celery.decorator import register_as_period_task
 from .models import UserLoginLog, OperateLog
 from .utils import write_login_log
@register_as_period_task(interval=3600*24)
@ -32,8 +31,3 @@ def clean_operation_log_period():
        days = 90
    expired_day = now - datetime.timedelta(days=days)
    OperateLog.objects.filter(datetime__lt=expired_day).delete()
@shared_task
 def write_login_log_async(*args, **kwargs):
    write_login_log(*args, **kwargs)
--- a/apps/users/hands.py
+++ b/apps/users/hands.py
@ -11,7 +11,6 @@
 """
 # from terminal.models import Terminal
 # from audits.tasks import write_login_log_async
 # from users.models import User
 # from perms.models import AssetPermission
 # from perms.utils import get_user_granted_assets, get_user_granted_asset_groups