diff --git a/apps/assets/serializers/cmd_filter.py b/apps/assets/serializers/cmd_filter.py index a57fab72a..9a33dd6fa 100644 --- a/apps/assets/serializers/cmd_filter.py +++ b/apps/assets/serializers/cmd_filter.py @@ -31,24 +31,24 @@ class CommandFilterSerializer(BulkOrgResourceModelSerializer): class CommandFilterRuleSerializer(BulkOrgResourceModelSerializer): - type_display = serializers.ReadOnlyField(source='get_type_display') - action_display = serializers.ReadOnlyField(source='get_action_display') + type_display = serializers.ReadOnlyField(source='get_type_display', label=_("Type display")) + action_display = serializers.ReadOnlyField(source='get_action_display', label=_("Action display")) class Meta: model = CommandFilterRule fields_mini = ['id'] fields_small = fields_mini + [ - 'type', 'type_display', 'content', 'ignore_case', 'pattern', 'priority', - 'action', 'action_display', 'reviewers', - 'date_created', 'date_updated', - 'comment', 'created_by', + 'type', 'type_display', 'content', 'ignore_case', 'pattern', + 'priority', 'action', 'action_display', 'reviewers', + 'date_created', 'date_updated', 'comment', 'created_by', ] fields_fk = ['filter'] fields = fields_small + fields_fk extra_kwargs = { 'date_created': {'label': _("Date created")}, 'date_updated': {'label': _("Date updated")}, - 'action_display': {'label': _("Action display")} + 'action_display': {'label': _("Action display")}, + 'pattern': {'label': _("Pattern")} } def __init__(self, *args, **kwargs): diff --git a/apps/audits/tasks.py b/apps/audits/tasks.py index 171fbe633..10fb67f44 100644 --- a/apps/audits/tasks.py +++ b/apps/audits/tasks.py @@ -7,7 +7,7 @@ from celery import shared_task from ops.celery.decorator import ( register_as_period_task ) -from .models import UserLoginLog, OperateLog +from .models import UserLoginLog, OperateLog, FTPLog from common.utils import get_log_keep_day @@ -29,7 +29,7 @@ def clean_ftp_log_period(): now = timezone.now() days = get_log_keep_day('FTP_LOG_KEEP_DAYS') expired_day = now - datetime.timedelta(days=days) - OperateLog.objects.filter(datetime__lt=expired_day).delete() + FTPLog.objects.filter(datetime__lt=expired_day).delete() @register_as_period_task(interval=3600*24) diff --git a/apps/authentication/api/access_key.py b/apps/authentication/api/access_key.py index 0762d0de9..bbda04c02 100644 --- a/apps/authentication/api/access_key.py +++ b/apps/authentication/api/access_key.py @@ -2,14 +2,14 @@ # from rest_framework.viewsets import ModelViewSet - -from common.permissions import IsValidUser from .. import serializers +from rbac.permissions import RBACPermission class AccessKeyViewSet(ModelViewSet): serializer_class = serializers.AccessKeySerializer search_fields = ['^id', '^secret'] + permission_classes = [RBACPermission] def get_queryset(self): return self.request.user.access_keys.all() diff --git a/apps/authentication/api/connection_token.py b/apps/authentication/api/connection_token.py index 9e16d31ba..479cac98c 100644 --- a/apps/authentication/api/connection_token.py +++ b/apps/authentication/api/connection_token.py @@ -70,8 +70,6 @@ class ClientProtocolMixin: system_user = serializer.validated_data['system_user'] user = serializer.validated_data.get('user') - if not user or not self.request.user.is_superuser: - user = self.request.user return asset, application, system_user, user @staticmethod diff --git a/apps/authentication/api/temp_token.py b/apps/authentication/api/temp_token.py index a8fcc02af..6e640edd6 100644 --- a/apps/authentication/api/temp_token.py +++ b/apps/authentication/api/temp_token.py @@ -3,15 +3,18 @@ from rest_framework.response import Response from rest_framework.decorators import action from common.drf.api import JMSModelViewSet -from common.permissions import IsValidUser from ..models import TempToken from ..serializers import TempTokenSerializer +from rbac.permissions import RBACPermission class TempTokenViewSet(JMSModelViewSet): serializer_class = TempTokenSerializer - permission_classes = [IsValidUser] + permission_classes = [RBACPermission] http_method_names = ['post', 'get', 'options', 'patch'] + rbac_perms = { + 'expire': 'authentication.change_temptoken', + } def get_queryset(self): username = self.request.user.username diff --git a/apps/common/validators.py b/apps/common/validators.py index 352482a1b..4be90d855 100644 --- a/apps/common/validators.py +++ b/apps/common/validators.py @@ -42,7 +42,7 @@ class NoSpecialChars: class PhoneValidator: - pattern = re.compile(r"^1[356789]\d{9}$") + pattern = re.compile(r"^1[3456789]\d{9}$") message = _('The mobile phone number format is incorrect') def __call__(self, value): diff --git a/apps/jumpserver/conf.py b/apps/jumpserver/conf.py index ec35ae6e5..fa4a211d4 100644 --- a/apps/jumpserver/conf.py +++ b/apps/jumpserver/conf.py @@ -317,6 +317,7 @@ class Config(dict): 'TERMINAL_RDP_ADDR': '', # 保留(Luna还在用) 'TERMINAL_MAGNUS_ENABLED': True, + 'TERMINAL_KOKO_SSH_ENABLED': True, # 保留(Luna还在用) 'XRDP_ENABLED': True, diff --git a/apps/jumpserver/settings/custom.py b/apps/jumpserver/settings/custom.py index cafdc1a59..ecd710a2e 100644 --- a/apps/jumpserver/settings/custom.py +++ b/apps/jumpserver/settings/custom.py @@ -140,6 +140,7 @@ CLOUD_SYNC_TASK_EXECUTION_KEEP_DAYS = CONFIG.CLOUD_SYNC_TASK_EXECUTION_KEEP_DAYS XRDP_ENABLED = CONFIG.XRDP_ENABLED TERMINAL_MAGNUS_ENABLED = CONFIG.TERMINAL_MAGNUS_ENABLED +TERMINAL_KOKO_SSH_ENABLED = CONFIG.TERMINAL_KOKO_SSH_ENABLED # SMS enabled SMS_ENABLED = CONFIG.SMS_ENABLED diff --git a/apps/locale/ja/LC_MESSAGES/django.mo b/apps/locale/ja/LC_MESSAGES/django.mo index c5ec670bb..e13ed4cfb 100644 --- a/apps/locale/ja/LC_MESSAGES/django.mo +++ b/apps/locale/ja/LC_MESSAGES/django.mo @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:54be66877253eed7bec1db706604af83a48f1c5fbc95eef1132c7f880fef154a -size 125598 +oid sha256:4e6962699271d0f5402223321e65211f1c7ad0b7a9b43524f3a0fac7ea2541d9 +size 125623 diff --git a/apps/locale/ja/LC_MESSAGES/django.po b/apps/locale/ja/LC_MESSAGES/django.po index b7026603b..8c5147c50 100644 --- a/apps/locale/ja/LC_MESSAGES/django.po +++ b/apps/locale/ja/LC_MESSAGES/django.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2022-04-13 20:35+0800\n" +"POT-Creation-Date: 2022-04-19 15:57+0800\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" @@ -88,12 +88,12 @@ msgstr "ログイン確認" #: assets/models/cmd_filter.py:30 assets/models/label.py:15 audits/models.py:37 #: audits/models.py:60 audits/models.py:85 audits/serializers.py:100 #: authentication/models.py:51 orgs/models.py:214 perms/models/base.py:84 -#: rbac/builtin.py:107 rbac/models/rolebinding.py:40 +#: rbac/builtin.py:110 rbac/models/rolebinding.py:40 #: terminal/backends/command/models.py:20 #: terminal/backends/command/serializers.py:12 terminal/models/session.py:44 #: terminal/notifications.py:91 terminal/notifications.py:139 -#: tickets/models/comment.py:17 users/const.py:14 users/models/user.py:886 -#: users/models/user.py:917 users/serializers/group.py:19 +#: tickets/models/comment.py:17 users/const.py:14 users/models/user.py:883 +#: users/models/user.py:914 users/serializers/group.py:19 msgid "User" msgstr "ユーザー" @@ -327,7 +327,7 @@ msgstr "ツールバーの" msgid "Can match application" msgstr "アプリケーションを一致させることができます" -#: applications/models/application.py:306 +#: applications/models/application.py:305 msgid "Application user" msgstr "アプリケーションユーザー" @@ -340,8 +340,8 @@ msgstr "カテゴリ表示" #: applications/serializers/application.py:71 #: applications/serializers/application.py:102 -#: assets/serializers/system_user.py:27 audits/serializers.py:29 -#: perms/serializers/application/permission.py:19 +#: assets/serializers/cmd_filter.py:34 assets/serializers/system_user.py:27 +#: audits/serializers.py:29 perms/serializers/application/permission.py:19 #: tickets/serializers/ticket/meta/ticket_type/apply_application.py:33 #: tickets/serializers/ticket/ticket.py:21 #: tickets/serializers/ticket/ticket.py:173 @@ -353,17 +353,17 @@ msgstr "タイプ表示" #: assets/models/domain.py:26 assets/models/gathered_user.py:19 #: assets/models/group.py:22 assets/models/label.py:25 #: assets/serializers/account.py:18 assets/serializers/cmd_filter.py:28 -#: assets/serializers/cmd_filter.py:49 common/db/models.py:113 +#: assets/serializers/cmd_filter.py:48 common/db/models.py:113 #: common/mixins/models.py:50 ops/models/adhoc.py:39 ops/models/command.py:30 #: orgs/models.py:67 orgs/models.py:217 perms/models/base.py:92 -#: users/models/group.py:18 users/models/user.py:918 +#: users/models/group.py:18 users/models/user.py:915 #: xpack/plugins/cloud/models.py:125 msgid "Date created" msgstr "作成された日付" #: applications/serializers/application.py:104 assets/models/base.py:182 #: assets/models/gathered_user.py:20 assets/serializers/account.py:21 -#: assets/serializers/cmd_filter.py:29 assets/serializers/cmd_filter.py:50 +#: assets/serializers/cmd_filter.py:29 assets/serializers/cmd_filter.py:49 #: common/db/models.py:114 common/mixins/models.py:51 ops/models/adhoc.py:40 #: orgs/models.py:218 msgid "Date updated" @@ -815,7 +815,7 @@ msgid "Default" msgstr "デフォルト" #: assets/models/cluster.py:36 assets/models/label.py:14 rbac/const.py:6 -#: users/models/user.py:903 +#: users/models/user.py:900 msgid "System" msgstr "システム" @@ -1126,10 +1126,14 @@ msgstr "キーパスワード" msgid "private key invalid or passphrase error" msgstr "秘密鍵が無効またはpassphraseエラー" -#: assets/serializers/cmd_filter.py:51 +#: assets/serializers/cmd_filter.py:35 assets/serializers/cmd_filter.py:50 msgid "Action display" msgstr "アクション表示" +#: assets/serializers/cmd_filter.py:51 ops/models/adhoc.py:155 +msgid "Pattern" +msgstr "パターン" + #: assets/serializers/domain.py:13 assets/serializers/label.py:12 #: assets/serializers/system_user.py:59 #: perms/serializers/asset/permission.py:49 @@ -1566,7 +1570,7 @@ msgstr "DingTalk" #: audits/signal_handlers.py:73 authentication/models.py:76 msgid "Temporary token" -msgstr "一時的なトークン" +msgstr "仮パスワード" #: audits/signal_handlers.py:107 msgid "User and Group" @@ -2177,7 +2181,7 @@ msgstr "コードエラー" #: authentication/templates/authentication/_msg_reset_password.html:3 #: authentication/templates/authentication/_msg_rest_password_success.html:2 #: authentication/templates/authentication/_msg_rest_public_key_success.html:2 -#: jumpserver/conf.py:298 ops/tasks.py:145 ops/tasks.py:148 +#: jumpserver/conf.py:299 ops/tasks.py:145 ops/tasks.py:148 #: perms/templates/perms/_msg_item_permissions_expire.html:3 #: perms/templates/perms/_msg_permed_items_expire.html:3 #: users/templates/users/_msg_account_expire_reminder.html:4 @@ -2638,11 +2642,11 @@ msgstr "特殊文字を含むべきではない" msgid "The mobile phone number format is incorrect" msgstr "携帯電話番号の形式が正しくありません" -#: jumpserver/conf.py:297 +#: jumpserver/conf.py:298 msgid "Create account successfully" msgstr "アカウントを正常に作成" -#: jumpserver/conf.py:299 +#: jumpserver/conf.py:300 msgid "Your account has been created successfully" msgstr "アカウントが正常に作成されました" @@ -2765,10 +2769,6 @@ msgstr "タスクモニターを表示できます" msgid "Tasks" msgstr "タスク" -#: ops/models/adhoc.py:155 -msgid "Pattern" -msgstr "パターン" - #: ops/models/adhoc.py:156 msgid "Options" msgstr "オプション" @@ -3106,15 +3106,15 @@ msgstr "質問があったら、管理者に連絡して下さい" msgid "My applications" msgstr "私のアプリケーション" -#: rbac/api/role.py:32 +#: rbac/api/role.py:33 msgid "Internal role, can't be destroy" msgstr "内部の役割は、破壊することはできません" -#: rbac/api/role.py:36 +#: rbac/api/role.py:37 msgid "The role has been bound to users, can't be destroy" msgstr "ロールはユーザーにバインドされており、破壊することはできません" -#: rbac/api/role.py:43 +#: rbac/api/role.py:44 msgid "Internal role, can't be update" msgstr "内部ロール、更新できません" @@ -3126,27 +3126,27 @@ msgstr "{} 少なくとも1つのシステムロール" msgid "RBAC" msgstr "RBAC" -#: rbac/builtin.py:98 +#: rbac/builtin.py:101 msgid "SystemAdmin" msgstr "システム管理者" -#: rbac/builtin.py:101 +#: rbac/builtin.py:104 msgid "SystemAuditor" msgstr "システム監査人" -#: rbac/builtin.py:104 +#: rbac/builtin.py:107 msgid "SystemComponent" msgstr "システムコンポーネント" -#: rbac/builtin.py:110 +#: rbac/builtin.py:113 msgid "OrgAdmin" msgstr "組織管理者" -#: rbac/builtin.py:113 +#: rbac/builtin.py:116 msgid "OrgAuditor" msgstr "監査員を組織する" -#: rbac/builtin.py:116 +#: rbac/builtin.py:119 msgid "OrgUser" msgstr "組織ユーザー" @@ -3190,11 +3190,11 @@ msgstr "権限" msgid "Built-in" msgstr "内蔵" -#: rbac/models/role.py:130 +#: rbac/models/role.py:144 msgid "System role" msgstr "システムの役割" -#: rbac/models/role.py:138 +#: rbac/models/role.py:152 msgid "Organization role" msgstr "組織の役割" @@ -3202,22 +3202,22 @@ msgstr "組織の役割" msgid "Role binding" msgstr "ロールバインディング" -#: rbac/models/rolebinding.py:128 +#: rbac/models/rolebinding.py:150 msgid "" "User last role in org, can not be delete, you can remove user from org " "instead" msgstr "" "ユーザーの最後のロールは削除できません。ユーザーを組織から削除できます。" -#: rbac/models/rolebinding.py:135 +#: rbac/models/rolebinding.py:157 msgid "Organization role binding" msgstr "組織の役割バインディング" -#: rbac/models/rolebinding.py:150 +#: rbac/models/rolebinding.py:172 msgid "System role binding" msgstr "システムロールバインディング" -#: rbac/serializers/permission.py:26 users/serializers/profile.py:126 +#: rbac/serializers/permission.py:26 users/serializers/profile.py:127 msgid "Perms" msgstr "パーマ" @@ -4225,10 +4225,10 @@ msgstr "Telnetログインregex" #: settings/serializers/terminal.py:33 msgid "" -"The login success message varies with devices. if you cannot log in to the " -"device through Telnet, set this parameter" +"Tips: The login success message varies with devices. if you cannot log in to " +"the device through Telnet, set this parameter" msgstr "" -"ログイン成功メッセージはデバイスによって異なります。Telnet経由でデバイスにロ" +"ヒント: ログイン成功メッセージはデバイスによって異なります。Telnet経由でデバイスにロ" "グインできない場合は、このパラメーターを設定します。" #: settings/serializers/terminal.py:36 @@ -4239,6 +4239,10 @@ msgstr "属性マップの有効化" msgid "Enable XRDP" msgstr "XRDPの有効化" +#: settings/serializers/terminal.py:38 +msgid "Enable KoKo SSH" +msgstr "KoKo SSHの有効化" + #: settings/utils/ldap.py:417 msgid "ldap:// or ldaps:// protocol is used." msgstr "ldap:// または ldaps:// プロトコルが使用されます。" @@ -4541,11 +4545,11 @@ msgstr "" "WindowsはクライアントをダウンロードしてSSH資産に接続する必要があり、macOSシス" "テムは独自のTerminalを採用している。" -#: templates/resource_download.html:51 +#: templates/resource_download.html:53 msgid "Windows Remote application publisher tools" msgstr "Windowsリモートアプリケーション発行者ツール" -#: templates/resource_download.html:52 +#: templates/resource_download.html:54 msgid "" "Jmservisor is the program used to pull up remote applications in Windows " "Remote Application publisher" @@ -4557,7 +4561,7 @@ msgstr "" msgid "Filters" msgstr "フィルター" -#: terminal/api/endpoint.py:65 +#: terminal/api/endpoint.py:63 msgid "Not found protocol query params" msgstr "" @@ -5546,7 +5550,7 @@ msgid "Public key should not be the same as your old one." msgstr "公開鍵は古いものと同じであってはなりません。" #: users/forms/profile.py:149 users/serializers/profile.py:95 -#: users/serializers/profile.py:176 users/serializers/profile.py:203 +#: users/serializers/profile.py:178 users/serializers/profile.py:205 msgid "Not a valid ssh public key" msgstr "有効なssh公開鍵ではありません" @@ -5590,27 +5594,27 @@ msgstr "最終更新日パスワード" msgid "Need update password" msgstr "更新パスワードが必要" -#: users/models/user.py:888 +#: users/models/user.py:885 msgid "Can invite user" msgstr "ユーザーを招待できます" -#: users/models/user.py:889 +#: users/models/user.py:886 msgid "Can remove user" msgstr "ユーザーを削除できます" -#: users/models/user.py:890 +#: users/models/user.py:887 msgid "Can match user" msgstr "ユーザーに一致できます" -#: users/models/user.py:899 +#: users/models/user.py:896 msgid "Administrator" msgstr "管理者" -#: users/models/user.py:902 +#: users/models/user.py:899 msgid "Administrator is the super user of system" msgstr "管理者はシステムのスーパーユーザーです" -#: users/models/user.py:927 +#: users/models/user.py:924 msgid "User password history" msgstr "ユーザーパスワード履歴" @@ -5649,7 +5653,7 @@ msgstr "MFAのリセット" msgid "The old password is incorrect" msgstr "古いパスワードが正しくありません" -#: users/serializers/profile.py:36 users/serializers/profile.py:190 +#: users/serializers/profile.py:36 users/serializers/profile.py:192 msgid "Password does not match security rules" msgstr "パスワードがセキュリティルールと一致しない" @@ -5661,7 +5665,7 @@ msgstr "新しいパスワードを最後の {} 個のパスワードにする msgid "The newly set password is inconsistent" msgstr "新しく設定されたパスワードが一致しない" -#: users/serializers/profile.py:142 users/serializers/user.py:140 +#: users/serializers/profile.py:144 users/serializers/user.py:140 msgid "Is first login" msgstr "最初のログインです" @@ -6721,20 +6725,3 @@ msgstr "究極のエディション" #: xpack/plugins/license/models.py:77 msgid "Community edition" msgstr "コミュニティ版" - -#~ msgid "Inherit" -#~ msgstr "継承" - -#~ msgid "Include" -#~ msgstr "含める" - -#~ msgid "Exclude" -#~ msgstr "除外" - -#~ msgid "DatabaseApp" -#~ msgstr "データベースの適用" - -#, fuzzy -#~| msgid "Connection token" -#~ msgid "One time token" -#~ msgstr "接続トークン" diff --git a/apps/locale/zh/LC_MESSAGES/django.mo b/apps/locale/zh/LC_MESSAGES/django.mo index c77cc1659..c73d42f67 100644 --- a/apps/locale/zh/LC_MESSAGES/django.mo +++ b/apps/locale/zh/LC_MESSAGES/django.mo @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:fa084dd92472110d4bea1674d1e9a96599f42f094aab92f8d34152fdf5726321 -size 103771 +oid sha256:3462a9a3eef8f372bf341f2066a33d85e1f01aca5a8fe506528a1cd0a37e98b4 +size 103951 diff --git a/apps/locale/zh/LC_MESSAGES/django.po b/apps/locale/zh/LC_MESSAGES/django.po index 5682b29ff..5160cbfcf 100644 --- a/apps/locale/zh/LC_MESSAGES/django.po +++ b/apps/locale/zh/LC_MESSAGES/django.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: JumpServer 0.3.3\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2022-04-13 20:35+0800\n" +"POT-Creation-Date: 2022-04-19 15:57+0800\n" "PO-Revision-Date: 2021-05-20 10:54+0800\n" "Last-Translator: ibuler \n" "Language-Team: JumpServer team\n" @@ -87,12 +87,12 @@ msgstr "登录复核" #: assets/models/cmd_filter.py:30 assets/models/label.py:15 audits/models.py:37 #: audits/models.py:60 audits/models.py:85 audits/serializers.py:100 #: authentication/models.py:51 orgs/models.py:214 perms/models/base.py:84 -#: rbac/builtin.py:107 rbac/models/rolebinding.py:40 +#: rbac/builtin.py:110 rbac/models/rolebinding.py:40 #: terminal/backends/command/models.py:20 #: terminal/backends/command/serializers.py:12 terminal/models/session.py:44 #: terminal/notifications.py:91 terminal/notifications.py:139 -#: tickets/models/comment.py:17 users/const.py:14 users/models/user.py:886 -#: users/models/user.py:917 users/serializers/group.py:19 +#: tickets/models/comment.py:17 users/const.py:14 users/models/user.py:883 +#: users/models/user.py:914 users/serializers/group.py:19 msgid "User" msgstr "用户" @@ -322,7 +322,7 @@ msgstr "属性" msgid "Can match application" msgstr "匹配应用" -#: applications/models/application.py:306 +#: applications/models/application.py:305 msgid "Application user" msgstr "应用用户" @@ -335,8 +335,8 @@ msgstr "类别名称" #: applications/serializers/application.py:71 #: applications/serializers/application.py:102 -#: assets/serializers/system_user.py:27 audits/serializers.py:29 -#: perms/serializers/application/permission.py:19 +#: assets/serializers/cmd_filter.py:34 assets/serializers/system_user.py:27 +#: audits/serializers.py:29 perms/serializers/application/permission.py:19 #: tickets/serializers/ticket/meta/ticket_type/apply_application.py:33 #: tickets/serializers/ticket/ticket.py:21 #: tickets/serializers/ticket/ticket.py:173 @@ -348,17 +348,17 @@ msgstr "类型名称" #: assets/models/domain.py:26 assets/models/gathered_user.py:19 #: assets/models/group.py:22 assets/models/label.py:25 #: assets/serializers/account.py:18 assets/serializers/cmd_filter.py:28 -#: assets/serializers/cmd_filter.py:49 common/db/models.py:113 +#: assets/serializers/cmd_filter.py:48 common/db/models.py:113 #: common/mixins/models.py:50 ops/models/adhoc.py:39 ops/models/command.py:30 #: orgs/models.py:67 orgs/models.py:217 perms/models/base.py:92 -#: users/models/group.py:18 users/models/user.py:918 +#: users/models/group.py:18 users/models/user.py:915 #: xpack/plugins/cloud/models.py:125 msgid "Date created" msgstr "创建日期" #: applications/serializers/application.py:104 assets/models/base.py:182 #: assets/models/gathered_user.py:20 assets/serializers/account.py:21 -#: assets/serializers/cmd_filter.py:29 assets/serializers/cmd_filter.py:50 +#: assets/serializers/cmd_filter.py:29 assets/serializers/cmd_filter.py:49 #: common/db/models.py:114 common/mixins/models.py:51 ops/models/adhoc.py:40 #: orgs/models.py:218 msgid "Date updated" @@ -810,7 +810,7 @@ msgid "Default" msgstr "默认" #: assets/models/cluster.py:36 assets/models/label.py:14 rbac/const.py:6 -#: users/models/user.py:903 +#: users/models/user.py:900 msgid "System" msgstr "系统" @@ -1118,9 +1118,13 @@ msgstr "密钥密码" msgid "private key invalid or passphrase error" msgstr "密钥不合法或密钥密码错误" -#: assets/serializers/cmd_filter.py:51 +#: assets/serializers/cmd_filter.py:35 assets/serializers/cmd_filter.py:50 msgid "Action display" -msgstr "动作" +msgstr "动作名称" + +#: assets/serializers/cmd_filter.py:51 ops/models/adhoc.py:155 +msgid "Pattern" +msgstr "模式" #: assets/serializers/domain.py:13 assets/serializers/label.py:12 #: assets/serializers/system_user.py:59 @@ -1554,7 +1558,7 @@ msgstr "钉钉" #: audits/signal_handlers.py:73 authentication/models.py:76 msgid "Temporary token" -msgstr "临时 Token" +msgstr "临时密码" #: audits/signal_handlers.py:107 msgid "User and Group" @@ -2156,7 +2160,7 @@ msgstr "代码错误" #: authentication/templates/authentication/_msg_reset_password.html:3 #: authentication/templates/authentication/_msg_rest_password_success.html:2 #: authentication/templates/authentication/_msg_rest_public_key_success.html:2 -#: jumpserver/conf.py:298 ops/tasks.py:145 ops/tasks.py:148 +#: jumpserver/conf.py:299 ops/tasks.py:145 ops/tasks.py:148 #: perms/templates/perms/_msg_item_permissions_expire.html:3 #: perms/templates/perms/_msg_permed_items_expire.html:3 #: users/templates/users/_msg_account_expire_reminder.html:4 @@ -2608,11 +2612,11 @@ msgstr "不能包含特殊字符" msgid "The mobile phone number format is incorrect" msgstr "手机号格式不正确" -#: jumpserver/conf.py:297 +#: jumpserver/conf.py:298 msgid "Create account successfully" msgstr "创建账号成功" -#: jumpserver/conf.py:299 +#: jumpserver/conf.py:300 msgid "Your account has been created successfully" msgstr "你的账号已创建成功" @@ -2730,10 +2734,6 @@ msgstr "可以查看任务监控" msgid "Tasks" msgstr "任务" -#: ops/models/adhoc.py:155 -msgid "Pattern" -msgstr "模式" - #: ops/models/adhoc.py:156 msgid "Options" msgstr "选项" @@ -3069,15 +3069,15 @@ msgstr "如果有疑问或需求,请联系系统管理员" msgid "My applications" msgstr "我的应用" -#: rbac/api/role.py:32 +#: rbac/api/role.py:33 msgid "Internal role, can't be destroy" msgstr "内部角色,不能删除" -#: rbac/api/role.py:36 +#: rbac/api/role.py:37 msgid "The role has been bound to users, can't be destroy" msgstr "角色已绑定用户,不能删除" -#: rbac/api/role.py:43 +#: rbac/api/role.py:44 msgid "Internal role, can't be update" msgstr "内部角色,不能更新" @@ -3089,27 +3089,27 @@ msgstr "{} 至少有一个系统角色" msgid "RBAC" msgstr "RBAC" -#: rbac/builtin.py:98 +#: rbac/builtin.py:101 msgid "SystemAdmin" msgstr "系统管理员" -#: rbac/builtin.py:101 +#: rbac/builtin.py:104 msgid "SystemAuditor" msgstr "系统审计员" -#: rbac/builtin.py:104 +#: rbac/builtin.py:107 msgid "SystemComponent" msgstr "系统组件" -#: rbac/builtin.py:110 +#: rbac/builtin.py:113 msgid "OrgAdmin" msgstr "组织管理员" -#: rbac/builtin.py:113 +#: rbac/builtin.py:116 msgid "OrgAuditor" msgstr "组织审计员" -#: rbac/builtin.py:116 +#: rbac/builtin.py:119 msgid "OrgUser" msgstr "组织用户" @@ -3153,11 +3153,11 @@ msgstr "授权" msgid "Built-in" msgstr "内置" -#: rbac/models/role.py:130 +#: rbac/models/role.py:144 msgid "System role" msgstr "系统角色" -#: rbac/models/role.py:138 +#: rbac/models/role.py:152 msgid "Organization role" msgstr "组织角色" @@ -3165,21 +3165,21 @@ msgstr "组织角色" msgid "Role binding" msgstr "角色绑定" -#: rbac/models/rolebinding.py:128 +#: rbac/models/rolebinding.py:150 msgid "" "User last role in org, can not be delete, you can remove user from org " "instead" msgstr "用户最后一个角色,不能删除,你可以将用户从组织移除" -#: rbac/models/rolebinding.py:135 +#: rbac/models/rolebinding.py:157 msgid "Organization role binding" msgstr "组织角色绑定" -#: rbac/models/rolebinding.py:150 +#: rbac/models/rolebinding.py:172 msgid "System role binding" msgstr "系统角色绑定" -#: rbac/serializers/permission.py:26 users/serializers/profile.py:126 +#: rbac/serializers/permission.py:26 users/serializers/profile.py:127 msgid "Perms" msgstr "权限" @@ -4165,9 +4165,9 @@ msgstr "Telnet 成功正则表达式" #: settings/serializers/terminal.py:33 msgid "" -"The login success message varies with devices. if you cannot log in to the " -"device through Telnet, set this parameter" -msgstr "不同设备登录成功提示不一样,所以如果 telnet 不能正常登录,可以这里设置" +"Tips: The login success message varies with devices. if you cannot log in to " +"the device through Telnet, set this parameter" +msgstr "提示: 不同设备登录成功提示不一样,所以如果 telnet 不能正常登录,可以这里设置" #: settings/serializers/terminal.py:36 msgid "Enable database proxy" @@ -4177,6 +4177,10 @@ msgstr "启用数据库组件" msgid "Enable XRDP" msgstr "启用 XRDP 服务" +#: settings/serializers/terminal.py:38 +msgid "Enable KoKo SSH" +msgstr "启用 KoKo SSH" + #: settings/utils/ldap.py:417 msgid "ldap:// or ldaps:// protocol is used." msgstr "使用 ldap:// 或 ldaps:// 协议" @@ -4446,8 +4450,8 @@ msgid "" "JumpServer Client, currently used to launch the client, now only support " "launch RDP SSH client, The Telnet client will next" msgstr "" -"JumpServer 客户端,目前用来唤起 特定客户端程序 连接资产, 目前仅支持 RDP SSH 客户" -"端,Telnet 会在未来支持" +"JumpServer 客户端,目前用来唤起 特定客户端程序 连接资产, 目前仅支持 RDP SSH " +"客户端,Telnet 会在未来支持" #: templates/resource_download.html:30 msgid "Microsoft" @@ -4469,11 +4473,11 @@ msgid "" "system uses its own terminal" msgstr "Windows 需要下载客户端来连接SSH资产,macOS系统采用自带的Terminal" -#: templates/resource_download.html:51 +#: templates/resource_download.html:53 msgid "Windows Remote application publisher tools" msgstr "Windows 远程应用发布服务器工具" -#: templates/resource_download.html:52 +#: templates/resource_download.html:54 msgid "" "Jmservisor is the program used to pull up remote applications in Windows " "Remote Application publisher" @@ -4483,7 +4487,7 @@ msgstr "Jmservisor 是在 windows 远程应用发布服务器中用来拉起远 msgid "Filters" msgstr "过滤" -#: terminal/api/endpoint.py:65 +#: terminal/api/endpoint.py:63 msgid "Not found protocol query params" msgstr "" @@ -5468,7 +5472,7 @@ msgid "Public key should not be the same as your old one." msgstr "不能和原来的密钥相同" #: users/forms/profile.py:149 users/serializers/profile.py:95 -#: users/serializers/profile.py:176 users/serializers/profile.py:203 +#: users/serializers/profile.py:178 users/serializers/profile.py:205 msgid "Not a valid ssh public key" msgstr "SSH密钥不合法" @@ -5512,27 +5516,27 @@ msgstr "最后更新密码日期" msgid "Need update password" msgstr "需要更新密码" -#: users/models/user.py:888 +#: users/models/user.py:885 msgid "Can invite user" msgstr "可以邀请用户" -#: users/models/user.py:889 +#: users/models/user.py:886 msgid "Can remove user" msgstr "可以移除用户" -#: users/models/user.py:890 +#: users/models/user.py:887 msgid "Can match user" msgstr "可以匹配用户" -#: users/models/user.py:899 +#: users/models/user.py:896 msgid "Administrator" msgstr "管理员" -#: users/models/user.py:902 +#: users/models/user.py:899 msgid "Administrator is the super user of system" msgstr "Administrator是初始的超级管理员" -#: users/models/user.py:927 +#: users/models/user.py:924 msgid "User password history" msgstr "用户密码历史" @@ -5571,7 +5575,7 @@ msgstr "重置 MFA" msgid "The old password is incorrect" msgstr "旧密码错误" -#: users/serializers/profile.py:36 users/serializers/profile.py:190 +#: users/serializers/profile.py:36 users/serializers/profile.py:192 msgid "Password does not match security rules" msgstr "密码不满足安全规则" @@ -5583,7 +5587,7 @@ msgstr "新密码不能是最近 {} 次的密码" msgid "The newly set password is inconsistent" msgstr "两次密码不一致" -#: users/serializers/profile.py:142 users/serializers/user.py:140 +#: users/serializers/profile.py:144 users/serializers/user.py:140 msgid "Is first login" msgstr "首次登录" @@ -6629,23 +6633,3 @@ msgstr "旗舰版" #: xpack/plugins/license/models.py:77 msgid "Community edition" msgstr "社区版" - -#~ msgid "Inherit" -#~ msgstr "继承" - -#~ msgid "Include" -#~ msgstr "包含" - -#~ msgid "Exclude" -#~ msgstr "不包含" - -#~ msgid "DatabaseApp" -#~ msgstr "数据库应用" - -#~ msgid "Database proxy MySQL protocol listen port" -#~ msgstr "MySQL 协议监听的端口" - -#, fuzzy -#~| msgid "Database proxy PostgreSQL port" -#~ msgid "Database proxy PostgreSQL listen port" -#~ msgstr "数据库组件 PostgreSQL 协议监听的端口" diff --git a/apps/perms/api/asset/user_permission/common.py b/apps/perms/api/asset/user_permission/common.py index 1594cedb9..86bff2123 100644 --- a/apps/perms/api/asset/user_permission/common.py +++ b/apps/perms/api/asset/user_permission/common.py @@ -141,7 +141,6 @@ class UserGrantedAssetSystemUsersForAdminApi(ListAPIView): return queryset_list -@method_decorator(tmp_to_root_org(), name='list') class MyGrantedAssetSystemUsersApi(UserGrantedAssetSystemUsersForAdminApi): permission_classes = (IsValidUser,) diff --git a/apps/perms/api/asset/user_permission/user_permission_nodes_with_assets.py b/apps/perms/api/asset/user_permission/user_permission_nodes_with_assets.py index d65f08df6..5d3940c9f 100644 --- a/apps/perms/api/asset/user_permission/user_permission_nodes_with_assets.py +++ b/apps/perms/api/asset/user_permission/user_permission_nodes_with_assets.py @@ -65,7 +65,6 @@ class MyGrantedNodesWithAssetsAsTreeApi(SerializeToTreeNodeMixin, ListAPIView): all_assets = all_assets.annotate(parent_key=F('nodes__key')).prefetch_related('platform') data.extend(self.serialize_assets(all_assets)) - @tmp_to_root_org() def list(self, request: Request, *args, **kwargs): """ 此算法依赖 UserGrantedMappingNode diff --git a/apps/perms/api/system_user_permission.py b/apps/perms/api/system_user_permission.py index 48d440baa..6d7569192 100644 --- a/apps/perms/api/system_user_permission.py +++ b/apps/perms/api/system_user_permission.py @@ -1,14 +1,11 @@ from rest_framework import generics -from django.utils.decorators import method_decorator from assets.models import SystemUser from common.permissions import IsValidUser -from orgs.utils import tmp_to_root_org from perms.utils.asset.user_permission import get_user_all_asset_perm_ids from .. import serializers -@method_decorator(tmp_to_root_org(), name='list') class SystemUserPermission(generics.ListAPIView): permission_classes = (IsValidUser,) serializer_class = serializers.SystemUserSerializer diff --git a/apps/rbac/builtin.py b/apps/rbac/builtin.py index a199c149c..c99181d4e 100644 --- a/apps/rbac/builtin.py +++ b/apps/rbac/builtin.py @@ -4,7 +4,8 @@ from .const import Scope, system_exclude_permissions, org_exclude_permissions system_user_perms = ( ('authentication', 'connectiontoken', 'add', 'connectiontoken'), - ('authentication', 'temptoken', 'add', 'temptoken'), + ('authentication', 'temptoken', 'add,change,view', 'temptoken'), + ('authentication', 'accesskey', '*', '*'), ('tickets', 'ticket', 'view', 'ticket'), ('orgs', 'organization', 'view', 'rootorg'), ) diff --git a/apps/rbac/const.py b/apps/rbac/const.py index 5d6ae08ec..d9b80b78a 100644 --- a/apps/rbac/const.py +++ b/apps/rbac/const.py @@ -25,6 +25,7 @@ exclude_permissions = ( ('authentication', 'connectiontoken', 'change,delete', 'connectiontoken'), ('authentication', 'ssotoken', '*', '*'), ('authentication', 'superconnectiontoken', 'change,delete', 'superconnectiontoken'), + ('authentication', 'temptoken', 'delete', 'temptoken'), ('users', 'userpasswordhistory', '*', '*'), ('applications', 'applicationuser', '*', '*'), ('applications', 'historicalaccount', '*', '*'), diff --git a/apps/rbac/tree.py b/apps/rbac/tree.py index dfccafa8f..a585bdf5c 100644 --- a/apps/rbac/tree.py +++ b/apps/rbac/tree.py @@ -86,6 +86,8 @@ special_pid_mapper = { 'terminal.replaystorage': 'terminal_node', 'terminal.status': 'terminal_node', 'terminal.task': 'terminal_node', + 'terminal.endpoint': 'terminal_node', + 'terminal.endpointrule': 'terminal_node', 'audits.ftplog': 'terminal', 'perms.view_myassets': 'my_assets', 'perms.view_myapps': 'my_apps', diff --git a/apps/settings/api/public.py b/apps/settings/api/public.py index 5efa54319..b9076618d 100644 --- a/apps/settings/api/public.py +++ b/apps/settings/api/public.py @@ -65,6 +65,7 @@ class PublicSettingApi(generics.RetrieveAPIView): # Terminal "XRDP_ENABLED": settings.XRDP_ENABLED, "TERMINAL_MAGNUS_ENABLED": settings.TERMINAL_MAGNUS_ENABLED, + "TERMINAL_KOKO_SSH_ENABLED": settings.TERMINAL_KOKO_SSH_ENABLED, # Announcement "ANNOUNCEMENT_ENABLED": settings.ANNOUNCEMENT_ENABLED, "ANNOUNCEMENT": settings.ANNOUNCEMENT, diff --git a/apps/settings/serializers/terminal.py b/apps/settings/serializers/terminal.py index bf4b8d7a0..8cdb9e065 100644 --- a/apps/settings/serializers/terminal.py +++ b/apps/settings/serializers/terminal.py @@ -30,8 +30,9 @@ class TerminalSettingSerializer(serializers.Serializer): ) TERMINAL_TELNET_REGEX = serializers.CharField( allow_blank=True, max_length=1024, required=False, label=_('Telnet login regex'), - help_text=_("The login success message varies with devices. " + help_text=_("Tips: The login success message varies with devices. " "if you cannot log in to the device through Telnet, set this parameter") ) TERMINAL_MAGNUS_ENABLED = serializers.BooleanField(label=_("Enable database proxy")) XRDP_ENABLED = serializers.BooleanField(label=_("Enable XRDP")) + TERMINAL_KOKO_SSH_ENABLED = serializers.BooleanField(label=_("Enable KoKo SSH")) diff --git a/apps/static/js/jumpserver.js b/apps/static/js/jumpserver.js index b930154ff..070c811f7 100644 --- a/apps/static/js/jumpserver.js +++ b/apps/static/js/jumpserver.js @@ -125,8 +125,9 @@ function csrfSafeMethod(method) { } function setAjaxCSRFToken() { - var csrftoken = getCookie('csrftoken'); - var sessionid = getCookie('sessionid'); + const prefix = getCookie('SESSION_COOKIE_NAME_PREFIX', '') + var csrftoken = getCookie(`${prefix}csrftoken`); + var sessionid = getCookie(`${prefix}sessionid`); $.ajaxSetup({ beforeSend: function (xhr, settings) { diff --git a/apps/terminal/api/endpoint.py b/apps/terminal/api/endpoint.py index d612db4a8..494dacbe8 100644 --- a/apps/terminal/api/endpoint.py +++ b/apps/terminal/api/endpoint.py @@ -2,7 +2,7 @@ from rest_framework.decorators import action from rest_framework.response import Response from rest_framework import status from common.drf.api import JMSBulkModelViewSet -from common.utils import get_object_or_none +from django.utils.translation import ugettext_lazy as _ from django.shortcuts import get_object_or_404 from assets.models import Asset from orgs.utils import tmp_to_root_org diff --git a/apps/terminal/models/endpoint.py b/apps/terminal/models/endpoint.py index 39f275f9a..71b79c0e3 100644 --- a/apps/terminal/models/endpoint.py +++ b/apps/terminal/models/endpoint.py @@ -31,8 +31,11 @@ class Endpoint(JMSModel): def get_port(self, protocol): return getattr(self, f'{protocol}_port', 0) + def is_default(self): + return self.id == self.default_id + def delete(self, using=None, keep_parents=False): - if self.id == self.default_id: + if self.is_default(): return return super().delete(using, keep_parents) @@ -78,6 +81,8 @@ class EndpointRule(JMSModel): continue if not endpoint_rule.endpoint: continue + if endpoint_rule.endpoint.is_default(): + return endpoint_rule if not endpoint_rule.endpoint.host: continue if endpoint_rule.endpoint.get_port(protocol) == 0: diff --git a/apps/users/models/user.py b/apps/users/models/user.py index 80b938468..b69cd5726 100644 --- a/apps/users/models/user.py +++ b/apps/users/models/user.py @@ -455,7 +455,7 @@ class RoleMixin: if org is None: org = current_org if not org.is_root(): - queryset = current_org.get_members() + queryset = org.get_members() queryset = cls.filter_not_service_account(queryset) return queryset