Merge branch 'v3' of github.com:jumpserver/jumpserver into v3

2022-11-28 22:59:17 +08:00 · 2022-11-28 22:59:17 +08:00 · cb76cad6de
parent f6bdc7f81c 3052aa759c
commit cb76cad6de
7 changed files with 87 additions and 16 deletions
--- a/apps/acls/api/login_asset_check.py
+++ b/apps/acls/api/login_asset_check.py
@ -26,7 +26,7 @@ class LoginAssetCheckAPI(CreateAPIView):
    def check_if_need_confirm(self):
        queries = {
            'user': self.serializer.user, 'asset': self.serializer.asset,
-            'account': self.serializer.account,
+            'account_username': self.serializer.username,
            'action': LoginAssetACL.ActionChoices.login_confirm
        }
        with tmp_to_org(self.serializer.org):
@ -45,7 +45,7 @@ class LoginAssetCheckAPI(CreateAPIView):
        ticket = LoginAssetACL.create_login_asset_confirm_ticket(
            user=self.serializer.user,
            asset=self.serializer.asset,
-            account=self.serializer.account,
+            account_username=self.serializer.username,
            assignees=acl.reviewers.all(),
            org_id=self.serializer.org.id,
        )
--- a/apps/acls/models/login_asset_acl.py
+++ b/apps/acls/models/login_asset_acl.py
@ -43,11 +43,11 @@ class LoginAssetACL(BaseACL, OrgModelMixin):
        return self.name
    @classmethod
-    def filter(cls, user, asset, account, action):
+    def filter(cls, user, asset, account_username, action):
        queryset = cls.objects.filter(action=action)
        queryset = cls.filter_user(user, queryset)
        queryset = cls.filter_asset(asset, queryset)
-        queryset = cls.filter_account(account, queryset)
+        queryset = cls.filter_account(account_username, queryset)
        return queryset
    @classmethod
@ -69,18 +69,18 @@ class LoginAssetACL(BaseACL, OrgModelMixin):
        return queryset
    @classmethod
-    def filter_account(cls, account, queryset):
+    def filter_account(cls, account_username, queryset):
        queryset = queryset.filter(
-            Q(accounts__name_group__contains=account.name) |
+            Q(accounts__name_group__contains=account_username) |
            Q(accounts__name_group__contains='*')
        ).filter(
-            Q(accounts__username_group__contains=account.username) |
+            Q(accounts__username_group__contains=account_username) |
            Q(accounts__username_group__contains='*')
        )
        return queryset
    @classmethod
-    def create_login_asset_confirm_ticket(cls, user, asset, account, assignees, org_id):
+    def create_login_asset_confirm_ticket(cls, user, asset, account_username, assignees, org_id):
        from tickets.const import TicketType
        from tickets.models import ApplyLoginAssetTicket
        title = _('Login asset confirm') + ' ({})'.format(user)
@ -90,7 +90,7 @@ class LoginAssetACL(BaseACL, OrgModelMixin):
            'applicant': user,
            'apply_login_user': user,
            'apply_login_asset': asset,
-            'apply_login_account': str(account),
+            'apply_login_account': account_username,
            'type': TicketType.login_asset_confirm,
        }
        ticket = ApplyLoginAssetTicket.objects.create(**data)
--- a/apps/acls/serializers/login_asset_check.py
+++ b/apps/acls/serializers/login_asset_check.py
@ -10,15 +10,13 @@ __all__ = ['LoginAssetCheckSerializer']
 class LoginAssetCheckSerializer(serializers.Serializer):
    user_id = serializers.UUIDField(required=True, allow_null=False)
    asset_id = serializers.UUIDField(required=True, allow_null=False)
    account_id = serializers.UUIDField(required=True, allow_null=False)
    account_username = serializers.CharField(max_length=128, default='')
    def __init__(self, *args, **kwargs):
        super().__init__(*args, **kwargs)
        self.user = None
        self.asset = None
-        self.account = None
+        self.username = None
        self._account_username = None
    def validate_user_id(self, user_id):
        self.user = self.validate_object_exist(User, user_id)
@ -28,10 +26,6 @@ class LoginAssetCheckSerializer(serializers.Serializer):
        self.asset = self.validate_object_exist(Asset, asset_id)
        return asset_id
    def validate_account_id(self, account_id):
        self.account = self.validate_object_exist(Account, account_id)
        return account_id
    @staticmethod
    def validate_object_exist(model, field_id):
        with tmp_to_root_org():
@ -41,6 +35,17 @@ class LoginAssetCheckSerializer(serializers.Serializer):
            raise serializers.ValidationError(error)
        return obj
    def validate_account_username(self, account_username):
        asset_id = self.initial_data.get('asset_id')
        account = Account.objects.filter(
            username=account_username, asset_id=asset_id
        ).first()
        if not account:
            error = 'Account username does not exist'
            raise serializers.ValidationError(error)
        self.username = account_username
        return account_username
    @lazyproperty
    def org(self):
        return self.asset.org
--- a/apps/assets/migrations/0113_alter_accounttemplate_options.py
+++ b/apps/assets/migrations/0113_alter_accounttemplate_options.py
@ -0,0 +1,17 @@
 # Generated by Django 3.2.14 on 2022-11-28 10:39
 from django.db import migrations
 class Migration(migrations.Migration):
    dependencies = [
        ('assets', '0112_gateway_to_asset'),
    ]
    operations = [
        migrations.AlterModelOptions(
            name='accounttemplate',
            options={'permissions': [('view_accounttemplatesecret', 'Can view asset account template secret'), ('change_accounttemplatesecret', 'Can change asset account template secret')], 'verbose_name': 'Account template'},
        ),
    ]
--- a/apps/assets/models/account.py
+++ b/apps/assets/models/account.py
@ -94,6 +94,10 @@ class AccountTemplate(BaseAccount):
        unique_together = (
            ('name', 'org_id'),
        )
        permissions = [
            ('view_accounttemplatesecret', _('Can view asset account template secret')),
            ('change_accounttemplatesecret', _('Can change asset account template secret')),
        ]
    def __str__(self):
        return self.username
--- a/apps/authentication/migrations/0017_auto_20221128_1839.py
+++ b/apps/authentication/migrations/0017_auto_20221128_1839.py
@ -0,0 +1,24 @@
 # Generated by Django 3.2.14 on 2022-11-28 10:39
 import common.db.fields
 from django.db import migrations, models
 class Migration(migrations.Migration):
    dependencies = [
        ('authentication', '0016_auto_20221125_2240'),
    ]
    operations = [
        migrations.AlterField(
            model_name='connectiontoken',
            name='input_secret',
            field=common.db.fields.EncryptCharField(blank=True, default='', max_length=128, verbose_name='Input Secret'),
        ),
        migrations.AlterField(
            model_name='connectiontoken',
            name='input_username',
            field=models.CharField(blank=True, default='', max_length=128, verbose_name='Input Username'),
        ),
    ]
--- a/apps/ops/migrations/0036_auto_20221128_1839.py
+++ b/apps/ops/migrations/0036_auto_20221128_1839.py
@ -0,0 +1,21 @@
 # Generated by Django 3.2.14 on 2022-11-28 10:39
 from django.db import migrations
 class Migration(migrations.Migration):
    dependencies = [
        ('ops', '0035_jobexecution_org_id'),
    ]
    operations = [
        migrations.AlterModelOptions(
            name='job',
            options={'ordering': ['date_created']},
        ),
        migrations.AlterModelOptions(
            name='jobexecution',
            options={'ordering': ['-date_created']},
        ),
    ]