github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

stash

pull/8566/head
ibuler 2022-07-20 12:56:41 +08:00
parent b961d1f9ee
commit c9becca633
3 changed files with 34 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
apps/assets/api/system_user.py
View File

@ -9,9 +9,8 @@ from common.mixins.api import SuggestionMixin
from orgs.mixins.api import OrgBulkModelViewSet from orgs.mixins.api import OrgBulkModelViewSet
from orgs.mixins import generics from orgs.mixins import generics
from orgs.utils import tmp_to_root_org from orgs.utils import tmp_to_root_org
from ..models import SystemUser, CommandFilterRule from ..models import SystemUser, CommandFilterRule, Account
from .. import serializers from .. import serializers
from ..serializers import SystemUserWithAuthInfoSerializer, SystemUserTempAuthSerializer
from ..tasks import ( from ..tasks import (
push_system_user_to_assets_manual, test_system_user_connectivity_manual, push_system_user_to_assets_manual, test_system_user_connectivity_manual,
push_system_user_to_assets push_system_user_to_assets
@ -21,7 +20,7 @@ logger = get_logger(__file__)
__all__ = [ __all__ = [
'SystemUserViewSet', 'SystemUserAuthInfoApi', 'SystemUserAssetAuthInfoApi', 'SystemUserViewSet', 'SystemUserAuthInfoApi', 'SystemUserAssetAuthInfoApi',
'SystemUserCommandFilterRuleListApi', 'SystemUserTaskApi', 'SystemUserAssetsListView', 'SystemUserCommandFilterRuleListApi', 'SystemUserTaskApi', 'SystemUserAssetsListView',
'SystemUserTempAuthInfoApi', 'SystemUserAppAuthInfoApi', 'SystemUserTempAuthInfoApi', 'SystemUserAppAuthInfoApi', 'SystemUserAssetAccountApi'
] ]
@ -77,12 +76,23 @@ class SystemUserViewSet(SuggestionMixin, OrgBulkModelViewSet):
return Response(serializer.data) return Response(serializer.data)
class SystemUserAssetAccountApi(generics.RetrieveUpdateDestroyAPIView):
model = Account
serializer_class = serializers.AccountSerializer
def get_object(self):
asset_id = self.kwargs.get('asset_id')
user_id = self.request.query_params.get("user_id")
system_user = super().get_object()
return system_user.get_account(user_id, asset_id)
class SystemUserAuthInfoApi(generics.RetrieveUpdateDestroyAPIView): class SystemUserAuthInfoApi(generics.RetrieveUpdateDestroyAPIView):
""" """
Get system user auth info Get system user auth info
""" """
model = SystemUser model = SystemUser
serializer_class = SystemUserWithAuthInfoSerializer serializer_class = serializers.SystemUserWithAuthInfoSerializer
rbac_perms = { rbac_perms = {
'retrieve': 'assets.view_systemusersecret', 'retrieve': 'assets.view_systemusersecret',
'list': 'assets.view_systemusersecret', 'list': 'assets.view_systemusersecret',
@ -99,7 +109,7 @@ class SystemUserAuthInfoApi(generics.RetrieveUpdateDestroyAPIView):
class SystemUserTempAuthInfoApi(generics.CreateAPIView): class SystemUserTempAuthInfoApi(generics.CreateAPIView):
model = SystemUser model = SystemUser
permission_classes = (IsValidUser,) permission_classes = (IsValidUser,)
serializer_class = SystemUserTempAuthSerializer serializer_class = serializers.SystemUserTempAuthSerializer
def create(self, request, *args, **kwargs): def create(self, request, *args, **kwargs):
serializer = super().get_serializer(data=request.data) serializer = super().get_serializer(data=request.data)
@ -120,7 +130,7 @@ class SystemUserAssetAuthInfoApi(generics.RetrieveAPIView):
Get system user with asset auth info Get system user with asset auth info
""" """
model = SystemUser model = SystemUser
serializer_class = SystemUserWithAuthInfoSerializer serializer_class = serializers.SystemUserWithAuthInfoSerializer
def get_object(self): def get_object(self):
instance = super().get_object() instance = super().get_object()
@ -136,7 +146,7 @@ class SystemUserAppAuthInfoApi(generics.RetrieveAPIView):
Get system user with asset auth info Get system user with asset auth info
""" """
model = SystemUser model = SystemUser
serializer_class = SystemUserWithAuthInfoSerializer serializer_class = serializers.SystemUserWithAuthInfoSerializer
rbac_perms = { rbac_perms = {
'retrieve': 'assets.view_systemusersecret', 'retrieve': 'assets.view_systemusersecret',
} }

16
apps/assets/models/user.py
View File

@ -9,6 +9,7 @@ from django.utils.translation import ugettext_lazy as _
from django.core.validators import MinValueValidator, MaxValueValidator from django.core.validators import MinValueValidator, MaxValueValidator
from common.utils import signer from common.utils import signer
from users.models import User
from .base import BaseUser from .base import BaseUser
from .asset import Asset from .asset import Asset
@ -203,6 +204,21 @@ class SystemUser(ProtocolMixin, BaseUser):
def create_accounts_with_assets(cls, asset_ids, system_user_ids): def create_accounts_with_assets(cls, asset_ids, system_user_ids):
pass pass
def get_manual_account(self, user_id, asset_id):
pass
def get_auto_account(self, user_id, asset_id):
username = self.username
if self.username_same_with_user:
user = get_object_or_404(User, id=user_id)
username = user.username
def get_account(self, user_id, asset_id):
if self.login_mode == self.LOGIN_AUTO:
return self.get_manual_account(user_id, asset_id)
else:
return self.get_auto_account(user_id, asset_id)
class Meta: class Meta:
ordering = ['name'] ordering = ['name']
unique_together = [('name', 'org_id')] unique_together = [('name', 'org_id')]

1
apps/assets/urls/api_urls.py
View File

@ -49,6 +49,7 @@ urlpatterns = [
path('system-users/<uuid:pk>/assets/', api.SystemUserAssetsListView.as_view(), name='system-user-assets'), path('system-users/<uuid:pk>/assets/', api.SystemUserAssetsListView.as_view(), name='system-user-assets'),
path('system-users/<uuid:pk>/assets/<uuid:asset_id>/auth-info/', api.SystemUserAssetAuthInfoApi.as_view(), name='system-user-asset-auth-info'), path('system-users/<uuid:pk>/assets/<uuid:asset_id>/auth-info/', api.SystemUserAssetAuthInfoApi.as_view(), name='system-user-asset-auth-info'),
path('system-users/<uuid:pk>/applications/<uuid:app_id>/auth-info/', api.SystemUserAppAuthInfoApi.as_view(), name='system-user-app-auth-info'), path('system-users/<uuid:pk>/applications/<uuid:app_id>/auth-info/', api.SystemUserAppAuthInfoApi.as_view(), name='system-user-app-auth-info'),
path('system-users/<uuid:pk>/assets/<uuid:asset_id>/account/', api.SystemUserAssetAccountApi.as_view(), name='system-user-asset-account'),
path('system-users/<uuid:pk>/temp-auth/', api.SystemUserTempAuthInfoApi.as_view(), name='system-user-asset-temp-info'), path('system-users/<uuid:pk>/temp-auth/', api.SystemUserTempAuthInfoApi.as_view(), name='system-user-asset-temp-info'),
path('system-users/<uuid:pk>/tasks/', api.SystemUserTaskApi.as_view(), name='system-user-task-create'), path('system-users/<uuid:pk>/tasks/', api.SystemUserTaskApi.as_view(), name='system-user-task-create'),
path('system-users/<uuid:pk>/cmd-filter-rules/', api.SystemUserCommandFilterRuleListApi.as_view(), name='system-user-cmd-filter-rule-list'), path('system-users/<uuid:pk>/cmd-filter-rules/', api.SystemUserCommandFilterRuleListApi.as_view(), name='system-user-cmd-filter-rule-list'),