Merge pull request #8603 from jumpserver/dev

v2.24.0-rc2
2022-07-15 18:07:09 +08:00 · 2022-07-15 18:07:09 +08:00 · c665b0dbae
parent a770a19252 0eaca0c1cb
commit c665b0dbae
10 changed files with 167 additions and 87 deletions
--- a/apps/applications/migrations/0023_auto_20220715_1556.py
+++ b/apps/applications/migrations/0023_auto_20220715_1556.py
@ -0,0 +1,48 @@
 # Generated by Django 3.1.14 on 2022-07-15 07:56
 import time
 from collections import defaultdict
 from django.db import migrations
 def migrate_account_dirty_data(apps, schema_editor):
    db_alias = schema_editor.connection.alias
    account_model = apps.get_model('applications', 'Account')
    count = 0
    bulk_size = 1000
    while True:
        accounts = account_model.objects.using(db_alias) \
                       .filter(org_id='')[count:count + bulk_size]
        if not accounts:
            break
        accounts = list(accounts)
        start = time.time()
        for i in accounts:
            if i.app:
                org_id = i.app.org_id
            elif i.systemuser:
                org_id = i.systemuser.org_id
            else:
                org_id = ''
            if org_id:
                i.org_id = org_id
        account_model.objects.bulk_update(accounts, ['org_id', ])
        print("Update account org is empty: {}-{} using: {:.2f}s".format(
            count, count + len(accounts), time.time() - start
        ))
        count += len(accounts)
 class Migration(migrations.Migration):
    dependencies = [
        ('applications', '0022_auto_20220714_1046'),
    ]
    operations = [
        migrations.RunPython(migrate_account_dirty_data),
    ]
--- a/apps/authentication/errors/mfa.py
+++ b/apps/authentication/errors/mfa.py
@ -14,23 +14,23 @@ class WeComCodeInvalid(JMSException):
 class WeComBindAlready(JMSException):
-    default_code = 'wecom_bind_already'
+    default_code = 'wecom_not_bound'
-    default_detail = 'WeCom already binded'
+    default_detail = _('WeCom is already bound')
 class WeComNotBound(JMSException):
    default_code = 'wecom_not_bound'
-    default_detail = 'WeCom is not bound'
+    default_detail = _('WeCom is not bound')
 class DingTalkNotBound(JMSException):
    default_code = 'dingtalk_not_bound'
-    default_detail = 'DingTalk is not bound'
+    default_detail = _('DingTalk is not bound')
 class FeiShuNotBound(JMSException):
    default_code = 'feishu_not_bound'
-    default_detail = 'FeiShu is not bound'
+    default_detail = _('FeiShu is not bound')
 class PasswordInvalid(JMSException):
--- a/apps/common/permissions.py
+++ b/apps/common/permissions.py
@ -7,6 +7,9 @@ from rest_framework import permissions
 from authentication.const import ConfirmType
 from common.exceptions import UserConfirmRequired
 from orgs.utils import tmp_to_root_org
 from authentication.models import ConnectionToken
 from common.utils import get_object_or_none
 class IsValidUser(permissions.IsAuthenticated, permissions.BasePermission):
@ -17,6 +20,22 @@ class IsValidUser(permissions.IsAuthenticated, permissions.BasePermission):
               and request.user.is_valid
 class IsValidUserOrConnectionToken(IsValidUser):
    def has_permission(self, request, view):
        return super(IsValidUserOrConnectionToken, self).has_permission(request, view) \
               or self.is_valid_connection_token(request)
    @staticmethod
    def is_valid_connection_token(request):
        token_id = request.query_params.get('token')
        if not token_id:
            return False
        with tmp_to_root_org():
            token = get_object_or_none(ConnectionToken, id=token_id)
        return token and token.is_valid
 class OnlySuperUser(IsValidUser):
    def has_permission(self, request, view):
        return super().has_permission(request, view) \
--- a/apps/locale/ja/LC_MESSAGES/django.po
+++ b/apps/locale/ja/LC_MESSAGES/django.po
@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2022-07-13 16:25+0800\n"
+"POT-Creation-Date: 2022-07-15 17:15+0800\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@ -89,7 +89,7 @@ msgstr "ログイン確認"
 #: assets/models/cmd_filter.py:30 assets/models/label.py:15 audits/models.py:37
 #: audits/models.py:62 audits/models.py:87 audits/serializers.py:100
 #: authentication/models.py:54 authentication/models.py:78 orgs/models.py:214
-#: perms/models/base.py:84 rbac/builtin.py:118 rbac/models/rolebinding.py:41
+#: perms/models/base.py:84 rbac/builtin.py:117 rbac/models/rolebinding.py:41
 #: terminal/backends/command/models.py:20
 #: terminal/backends/command/serializers.py:13 terminal/models/session.py:44
 #: terminal/models/sharing.py:33 terminal/notifications.py:91
@ -214,7 +214,7 @@ msgid "Unsupported protocols: {}"
 msgstr "サポートされていないプロトコル: {}"
 #: acls/serializers/login_asset_acl.py:98
-#: tickets/serializers/ticket/ticket.py:78
+#: tickets/serializers/ticket/ticket.py:85
 msgid "The organization `{}` does not exist"
 msgstr "組織 '{}'は存在しません"
@ -2002,6 +2002,24 @@ msgstr "電話が設定されていない"
 msgid "SSO auth closed"
 msgstr "SSO authは閉鎖されました"
 #: authentication/errors/mfa.py:18 authentication/views/wecom.py:80
 msgid "WeCom is already bound"
 msgstr "企業の微信はすでにバインドされています"
 #: authentication/errors/mfa.py:23 authentication/views/wecom.py:237
 #: authentication/views/wecom.py:291
 msgid "WeCom is not bound"
 msgstr "企業の微信をバインドしていません"
 #: authentication/errors/mfa.py:28 authentication/views/dingtalk.py:242
 #: authentication/views/dingtalk.py:296
 msgid "DingTalk is not bound"
 msgstr "DingTalkはバインドされていません"
 #: authentication/errors/mfa.py:33 authentication/views/feishu.py:203
 msgid "FeiShu is not bound"
 msgstr "本を飛ばすは拘束されていません"
 #: authentication/errors/mfa.py:38
 msgid "Your password is invalid"
 msgstr "パスワードが無効です"
@ -2479,10 +2497,6 @@ msgstr "DingTalkのバインドに成功"
 msgid "Failed to get user from DingTalk"
 msgstr "DingTalkからユーザーを取得できませんでした"
 #: authentication/views/dingtalk.py:242 authentication/views/dingtalk.py:296
 msgid "DingTalk is not bound"
 msgstr "DingTalkはバインドされていません"
 #: authentication/views/dingtalk.py:243 authentication/views/dingtalk.py:297
 msgid "Please login with a password and then bind the DingTalk"
 msgstr "パスワードでログインし、DingTalkをバインドしてください"
@ -2511,10 +2525,6 @@ msgstr "本を飛ばすのバインドに成功"
 msgid "Failed to get user from FeiShu"
 msgstr "本を飛ばすからユーザーを取得できませんでした"
 #: authentication/views/feishu.py:203
 msgid "FeiShu is not bound"
 msgstr "本を飛ばすは拘束されていません"
 #: authentication/views/feishu.py:204
 msgid "Please login with a password and then bind the FeiShu"
 msgstr "パスワードでログインしてから本を飛ばすをバインドしてください"
@ -2559,10 +2569,6 @@ msgstr "企業微信エラー、システム管理者に連絡してください
 msgid "WeCom Error"
 msgstr "企業微信エラー"
 #: authentication/views/wecom.py:80
 msgid "WeCom is already bound"
 msgstr "企業の微信はすでにバインドされています"
 #: authentication/views/wecom.py:163
 msgid "WeCom query user failed"
 msgstr "企業微信ユーザーの問合せに失敗しました"
@ -2579,10 +2585,6 @@ msgstr "企業の微信のバインドに成功"
 msgid "Failed to get user from WeCom"
 msgstr "企業の微信からユーザーを取得できませんでした"
 #: authentication/views/wecom.py:237 authentication/views/wecom.py:291
 msgid "WeCom is not bound"
 msgstr "企業の微信をバインドしていません"
 #: authentication/views/wecom.py:238 authentication/views/wecom.py:292
 msgid "Please login with a password and then bind the WeCom"
 msgstr "パスワードでログインしてからWeComをバインドしてください"
@ -3022,10 +3024,10 @@ msgstr "組織のリソース ({}) は削除できません"
 msgid "App organizations"
 msgstr "アプリ組織"
-#: orgs/mixins/models.py:54 orgs/mixins/serializers.py:25 orgs/models.py:80
+#: orgs/mixins/models.py:57 orgs/mixins/serializers.py:25 orgs/models.py:80
 #: orgs/models.py:211 rbac/const.py:7 rbac/models/rolebinding.py:48
 #: rbac/serializers/rolebinding.py:40 settings/serializers/auth/ldap.py:62
-#: tickets/models/ticket/general.py:300 tickets/serializers/ticket/ticket.py:64
+#: tickets/models/ticket/general.py:300 tickets/serializers/ticket/ticket.py:71
 msgid "Organization"
 msgstr "組織"
@ -3258,27 +3260,27 @@ msgstr "{} 少なくとも1つのシステムロール"
 msgid "RBAC"
 msgstr "RBAC"
-#: rbac/builtin.py:109
+#: rbac/builtin.py:108
 msgid "SystemAdmin"
 msgstr "システム管理者"
-#: rbac/builtin.py:112
+#: rbac/builtin.py:111
 msgid "SystemAuditor"
 msgstr "システム監査人"
-#: rbac/builtin.py:115
+#: rbac/builtin.py:114
 msgid "SystemComponent"
 msgstr "システムコンポーネント"
-#: rbac/builtin.py:121
+#: rbac/builtin.py:120
 msgid "OrgAdmin"
 msgstr "組織管理者"
-#: rbac/builtin.py:124
+#: rbac/builtin.py:123
 msgid "OrgAuditor"
 msgstr "監査員を組織する"
-#: rbac/builtin.py:127
+#: rbac/builtin.py:126
 msgid "OrgUser"
 msgstr "組織ユーザー"
@ -4687,7 +4689,7 @@ msgstr ""
 msgid "Offline video player"
 msgstr "オフラインビデオプレーヤー"
-#: terminal/api/endpoint.py:33
+#: terminal/api/endpoint.py:34
 msgid "Not found protocol query params"
 msgstr "プロトコルクエリパラメータが見つかりません"
@ -5261,7 +5263,7 @@ msgstr "カスタムユーザー"
 msgid "Ticket already closed"
 msgstr "チケットはすでに閉じています"
-#: tickets/handlers/apply_application.py:35
+#: tickets/handlers/apply_application.py:37
 msgid ""
 "Created by the ticket, ticket title: {}, ticket applicant: {}, ticket "
 "processor: {}, ticket ID: {}"
@ -5269,7 +5271,7 @@ msgstr ""
 "チケットによって作成されたチケットタイトル: {}、チケット申請者: {}、チケット"
 "処理者: {}、チケットID: {}"
-#: tickets/handlers/apply_asset.py:35
+#: tickets/handlers/apply_asset.py:37
 msgid ""
 "Created by the ticket ticket title: {} ticket applicant: {} ticket "
 "processor: {} ticket ID: {}"
@ -5277,19 +5279,19 @@ msgstr ""
 "チケットのタイトル: {} チケット申請者: {} チケットプロセッサ: {} チケットID: "
 "{}"
-#: tickets/handlers/base.py:79
+#: tickets/handlers/base.py:84
 msgid "Change field"
 msgstr "フィールドを変更"
-#: tickets/handlers/base.py:79
+#: tickets/handlers/base.py:84
 msgid "Before change"
 msgstr "変更前"
-#: tickets/handlers/base.py:79
+#: tickets/handlers/base.py:84
 msgid "After change"
 msgstr "変更後"
-#: tickets/handlers/base.py:91
+#: tickets/handlers/base.py:96
 msgid "{} {} the ticket"
 msgstr "{} {} チケット"
@ -5503,7 +5505,7 @@ msgstr "有効期限は開始日より大きくする必要があります"
 msgid "Permission named `{}` already exists"
 msgstr "'{}'という名前の権限は既に存在します"
-#: tickets/serializers/ticket/ticket.py:92
+#: tickets/serializers/ticket/ticket.py:99
 msgid "The ticket flow `{}` does not exist"
 msgstr "チケットフロー '{}'が存在しない"
--- a/apps/locale/zh/LC_MESSAGES/django.po
+++ b/apps/locale/zh/LC_MESSAGES/django.po
@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: JumpServer 0.3.3\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2022-07-13 16:25+0800\n"
+"POT-Creation-Date: 2022-07-15 17:15+0800\n"
 "PO-Revision-Date: 2021-05-20 10:54+0800\n"
 "Last-Translator: ibuler <ibuler@qq.com>\n"
 "Language-Team: JumpServer team<ibuler@qq.com>\n"
@ -88,7 +88,7 @@ msgstr "登录复核"
 #: assets/models/cmd_filter.py:30 assets/models/label.py:15 audits/models.py:37
 #: audits/models.py:62 audits/models.py:87 audits/serializers.py:100
 #: authentication/models.py:54 authentication/models.py:78 orgs/models.py:214
-#: perms/models/base.py:84 rbac/builtin.py:118 rbac/models/rolebinding.py:41
+#: perms/models/base.py:84 rbac/builtin.py:117 rbac/models/rolebinding.py:41
 #: terminal/backends/command/models.py:20
 #: terminal/backends/command/serializers.py:13 terminal/models/session.py:44
 #: terminal/models/sharing.py:33 terminal/notifications.py:91
@ -210,7 +210,7 @@ msgid "Unsupported protocols: {}"
 msgstr "不支持的协议: {}"
 #: acls/serializers/login_asset_acl.py:98
-#: tickets/serializers/ticket/ticket.py:78
+#: tickets/serializers/ticket/ticket.py:85
 msgid "The organization `{}` does not exist"
 msgstr "组织 `{}` 不存在"
@ -1982,6 +1982,24 @@ msgstr "手机号没有设置"
 msgid "SSO auth closed"
 msgstr "SSO 认证关闭了"
 #: authentication/errors/mfa.py:18 authentication/views/wecom.py:80
 msgid "WeCom is already bound"
 msgstr "企业微信已经绑定"
 #: authentication/errors/mfa.py:23 authentication/views/wecom.py:237
 #: authentication/views/wecom.py:291
 msgid "WeCom is not bound"
 msgstr "没有绑定企业微信"
 #: authentication/errors/mfa.py:28 authentication/views/dingtalk.py:242
 #: authentication/views/dingtalk.py:296
 msgid "DingTalk is not bound"
 msgstr "钉钉没有绑定"
 #: authentication/errors/mfa.py:33 authentication/views/feishu.py:203
 msgid "FeiShu is not bound"
 msgstr "没有绑定飞书"
 #: authentication/errors/mfa.py:38
 msgid "Your password is invalid"
 msgstr "您的密码无效"
@ -2445,10 +2463,6 @@ msgstr "绑定 钉钉 成功"
 msgid "Failed to get user from DingTalk"
 msgstr "从钉钉获取用户失败"
 #: authentication/views/dingtalk.py:242 authentication/views/dingtalk.py:296
 msgid "DingTalk is not bound"
 msgstr "钉钉没有绑定"
 #: authentication/views/dingtalk.py:243 authentication/views/dingtalk.py:297
 msgid "Please login with a password and then bind the DingTalk"
 msgstr "请使用密码登录，然后绑定钉钉"
@ -2477,10 +2491,6 @@ msgstr "绑定 飞书 成功"
 msgid "Failed to get user from FeiShu"
 msgstr "从飞书获取用户失败"
 #: authentication/views/feishu.py:203
 msgid "FeiShu is not bound"
 msgstr "没有绑定飞书"
 #: authentication/views/feishu.py:204
 msgid "Please login with a password and then bind the FeiShu"
 msgstr "请使用密码登录，然后绑定飞书"
@ -2525,10 +2535,6 @@ msgstr "企业微信错误，请联系系统管理员"
 msgid "WeCom Error"
 msgstr "企业微信错误"
 #: authentication/views/wecom.py:80
 msgid "WeCom is already bound"
 msgstr "企业微信已经绑定"
 #: authentication/views/wecom.py:163
 msgid "WeCom query user failed"
 msgstr "企业微信查询用户失败"
@ -2545,10 +2551,6 @@ msgstr "绑定 企业微信 成功"
 msgid "Failed to get user from WeCom"
 msgstr "从企业微信获取用户失败"
 #: authentication/views/wecom.py:237 authentication/views/wecom.py:291
 msgid "WeCom is not bound"
 msgstr "没有绑定企业微信"
 #: authentication/views/wecom.py:238 authentication/views/wecom.py:292
 msgid "Please login with a password and then bind the WeCom"
 msgstr "请使用密码登录，然后绑定企业微信"
@ -2982,10 +2984,10 @@ msgstr "组织存在资源 ({}) 不能被删除"
 msgid "App organizations"
 msgstr "组织管理"
-#: orgs/mixins/models.py:54 orgs/mixins/serializers.py:25 orgs/models.py:80
+#: orgs/mixins/models.py:57 orgs/mixins/serializers.py:25 orgs/models.py:80
 #: orgs/models.py:211 rbac/const.py:7 rbac/models/rolebinding.py:48
 #: rbac/serializers/rolebinding.py:40 settings/serializers/auth/ldap.py:62
-#: tickets/models/ticket/general.py:300 tickets/serializers/ticket/ticket.py:64
+#: tickets/models/ticket/general.py:300 tickets/serializers/ticket/ticket.py:71
 msgid "Organization"
 msgstr "组织"
@ -3216,27 +3218,27 @@ msgstr "{} 至少有一个系统角色"
 msgid "RBAC"
 msgstr "RBAC"
-#: rbac/builtin.py:109
+#: rbac/builtin.py:108
 msgid "SystemAdmin"
 msgstr "系统管理员"
-#: rbac/builtin.py:112
+#: rbac/builtin.py:111
 msgid "SystemAuditor"
 msgstr "系统审计员"
-#: rbac/builtin.py:115
+#: rbac/builtin.py:114
 msgid "SystemComponent"
 msgstr "系统组件"
-#: rbac/builtin.py:121
+#: rbac/builtin.py:120
 msgid "OrgAdmin"
 msgstr "组织管理员"
-#: rbac/builtin.py:124
+#: rbac/builtin.py:123
 msgid "OrgAuditor"
 msgstr "组织审计员"
-#: rbac/builtin.py:127
+#: rbac/builtin.py:126
 msgid "OrgUser"
 msgstr "组织用户"
@ -4611,7 +4613,7 @@ msgstr "Jmservisor 是在 windows 远程应用发布服务器中用来拉起远
 msgid "Offline video player"
 msgstr "离线录像播放器"
-#: terminal/api/endpoint.py:33
+#: terminal/api/endpoint.py:34
 msgid "Not found protocol query params"
 msgstr ""
@ -5183,33 +5185,33 @@ msgstr "自定义用户"
 msgid "Ticket already closed"
 msgstr "工单已经关闭"
-#: tickets/handlers/apply_application.py:35
+#: tickets/handlers/apply_application.py:37
 msgid ""
 "Created by the ticket, ticket title: {}, ticket applicant: {}, ticket "
 "processor: {}, ticket ID: {}"
 msgstr ""
 "通过工单创建, 工单标题: {}, 工单申请人: {}, 工单处理人: {}, 工单 ID: {}"
-#: tickets/handlers/apply_asset.py:35
+#: tickets/handlers/apply_asset.py:37
 msgid ""
 "Created by the ticket ticket title: {} ticket applicant: {} ticket "
 "processor: {} ticket ID: {}"
 msgstr ""
 "通过工单创建, 工单标题: {}, 工单申请人: {}, 工单处理人: {}, 工单 ID: {}"
-#: tickets/handlers/base.py:79
+#: tickets/handlers/base.py:84
 msgid "Change field"
 msgstr "变更字段"
-#: tickets/handlers/base.py:79
+#: tickets/handlers/base.py:84
 msgid "Before change"
 msgstr "变更前"
-#: tickets/handlers/base.py:79
+#: tickets/handlers/base.py:84
 msgid "After change"
 msgstr "变更后"
-#: tickets/handlers/base.py:91
+#: tickets/handlers/base.py:96
 msgid "{} {} the ticket"
 msgstr "{} {} 工单"
@ -5423,7 +5425,7 @@ msgstr "过期时间要大于开始时间"
 msgid "Permission named `{}` already exists"
 msgstr "授权名称 `{}` 已存在"
-#: tickets/serializers/ticket/ticket.py:92
+#: tickets/serializers/ticket/ticket.py:99
 msgid "The ticket flow `{}` does not exist"
 msgstr "工单流程 `{}` 不存在"
--- a/apps/settings/api/public.py
+++ b/apps/settings/api/public.py
@ -3,7 +3,11 @@ from rest_framework.permissions import AllowAny, IsAuthenticated
 from django.conf import settings
 from jumpserver.utils import has_valid_xpack_license, get_xpack_license_info
-from common.utils import get_logger, lazyproperty
+from common.utils import get_logger, lazyproperty, get_object_or_none
 from authentication.models import ConnectionToken
 from orgs.utils import tmp_to_root_org
 from common.permissions import IsValidUserOrConnectionToken
 from .. import serializers
 from ..utils import get_interface_setting_or_default
@ -28,7 +32,7 @@ class OpenPublicSettingApi(generics.RetrieveAPIView):
 class PublicSettingApi(OpenPublicSettingApi):
-    permission_classes = (IsAuthenticated,)
+    permission_classes = (IsValidUserOrConnectionToken,)
    serializer_class = serializers.PrivateSettingSerializer
    def get_object(self):
--- a/apps/terminal/api/endpoint.py
+++ b/apps/terminal/api/endpoint.py
@ -9,9 +9,9 @@ from assets.models import Asset
 from orgs.utils import tmp_to_root_org
 from applications.models import Application
 from terminal.models import Session
 from common.permissions import IsValidUser
 from ..models import Endpoint, EndpointRule
 from .. import serializers
 from common.permissions import IsValidUserOrConnectionToken
 __all__ = ['EndpointViewSet', 'EndpointRuleViewSet']
@ -25,7 +25,8 @@ class SmartEndpointViewMixin:
    target_instance: None
    target_protocol: None
-    @action(methods=['get'], detail=False, permission_classes=[IsValidUser], url_path='smart')
+    @action(methods=['get'], detail=False, permission_classes=[IsValidUserOrConnectionToken],
            url_path='smart')
    def smart(self, request, *args, **kwargs):
        self.target_instance = self.get_target_instance()
        self.target_protocol = self.get_target_protocol()
--- a/apps/tickets/handlers/apply_application.py
+++ b/apps/tickets/handlers/apply_application.py
@ -16,16 +16,18 @@ class Handler(BaseHandler):
    # permission
    def _create_application_permission(self):
-        with tmp_to_root_org():
+        org_id = self.ticket.org_id
        with tmp_to_org(org_id):
            application_permission = ApplicationPermission.objects.filter(id=self.ticket.id).first()
            if application_permission:
                return application_permission
            apply_applications = self.ticket.apply_applications.all()
            apply_system_users = self.ticket.apply_system_users.all()
        apply_permission_name = self.ticket.apply_permission_name
        apply_category = self.ticket.apply_category
        apply_type = self.ticket.apply_type
        apply_applications = self.ticket.apply_applications.all()
        apply_system_users = self.ticket.apply_system_users.all()
        apply_date_start = self.ticket.apply_date_start
        apply_date_expired = self.ticket.apply_date_expired
        permission_created_by = '{}:{}'.format(
--- a/apps/tickets/handlers/apply_asset.py
+++ b/apps/tickets/handlers/apply_asset.py
@ -16,15 +16,17 @@ class Handler(BaseHandler):
    # permission
    def _create_asset_permission(self):
-        with tmp_to_root_org():
+        org_id = self.ticket.org_id
        with tmp_to_org(org_id):
            asset_permission = AssetPermission.objects.filter(id=self.ticket.id).first()
            if asset_permission:
                return asset_permission
            apply_nodes = self.ticket.apply_nodes.all()
            apply_assets = self.ticket.apply_assets.all()
            apply_system_users = self.ticket.apply_system_users.all()
        apply_permission_name = self.ticket.apply_permission_name
        apply_nodes = self.ticket.apply_nodes.all()
        apply_assets = self.ticket.apply_assets.all()
        apply_system_users = self.ticket.apply_system_users.all()
        apply_actions = self.ticket.apply_actions
        apply_date_start = self.ticket.apply_date_start
        apply_date_expired = self.ticket.apply_date_expired
--- a/requirements/mac_pkg.sh
+++ b/requirements/mac_pkg.sh
@ -3,7 +3,7 @@ BASE_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" >/dev/null 2>&1 && pwd)"
 PROJECT_DIR=$(dirname "$BASE_DIR")
 echo "1. 安装依赖"
-brew install libtiff libjpeg webp little-cms2 openssl gettext git git-lfs mysql libxml2 libxmlsec1 pkg-config
+brew install libtiff libjpeg webp little-cms2 openssl gettext git git-lfs mysql libxml2 libxmlsec1 pkg-config postgresql freetds openssl
 echo "2. 下载 IP 数据库"
 ip_db_path="${PROJECT_DIR}/apps/common/utils/geoip/GeoLite2-City.mmdb"