From d5451a482ad81ab1f277e362c6df19188fafa649 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E8=80=81=E5=B9=BF?= Date: Mon, 6 Aug 2018 23:34:35 -0500 Subject: [PATCH] Dev (#1646) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * [Update] 添加org * [Update] 修改url * [Update] 完成基本框架 * [Update] 修改一些逻辑 * [Update] 修改用户view * [Update] 修改资产 * [Update] 修改asset api * [Update] 修改协议小问题 * [Update] stash it * [Update] 修改约束 * [Update] 修改外键为org_id * [Update] 删掉Premiddleware * [Update] 修改Node * [Update] 修改get_current_org 为 proxy对象 current_org * [Bugfix] 解决Node.root() 死循环,移动AdminRequired到permission中 (#1571) * [Update] 修改permission (#1574) * Tmp org (#1579) * [Update] 添加org api, 升级到django 2.0 * [Update] fix some bug * [Update] 修改一些bug * [Update] 添加授权规则org (#1580) * [Update] 修复创建授权规则,显示org_name不是有效UUID的bug * [Update] 更新org之间隔离授权规则,解决QuerySet与Manager问题;修复创建用户,显示org_name不是有效UUID之bug; * Tmp org (#1583) * [Update] 修改一些内容 * [Update] 修改datatable 支持process * [Bugfix] 修复asset queryset 没有valid方法的bug * [Update] 在线/历史/命令model添加org;修复命令记录保存org失败bug (#1584) * [Update] 修复创建授权规则,显示org_name不是有效UUID的bug * [Update] 更新org之间隔离授权规则,解决QuerySet与Manager问题;修复创建用户,显示org_name不是有效UUID之bug; * [Update] 在线/历史/命令model添加org * [Bugfix] 修复命令记录,保存org不成功bug * [Update] Org功能修改 * [Bugfix] 修复merge带来的问题 * [Update] org admin显示资产详情右侧选项卡;修复资产授权添加用户,会显示其他org用户的bug (#1594) * [Bugfix] 修复资产授权添加用户,显示其他org的用户bug * [Update] org admin 显示资产详情右侧选项卡 * Tmp org (#1596) * [Update] 修改index view * [Update] 修改nav * [Update] 修改profile * [Bugfix] 修复org下普通用户打开web终端看不到已被授权的资产和节点bug * [Update] 修改get_all_assets * [Bugfix] 修复节点前面有个空目录 * [Bugfix] 修复merge引起的bug * [Update] Add init * [Update] Node get_all_assets 过滤游离资产,条件nodes_key=None -> nodes=None * [Update] 恢复原来的api地址 * [Update] 修改api * [Bugfix] 修复org下用户查看我的资产不显示已授权节点/资产的bug * [Bugfix] Fix perm name unique * [Bugfix] 修复校验失败api * [Update] Merge with org * [Merge] 修改一下bug * [Update] 暂时修改一些url * [Update] 修改url 为django 2.0 path * [Update] 优化datatable 和显示组织优化 * [Update] 升级url * [Bugfix] 修复coco启动失败(load_config_from_server)、硬件刷新,测试连接,str 没有 decode(… (#1613) * [Bugfix] 修复coco启动失败(load_config_from_server)、硬件刷新,测试连接,str 没有 decode() method的bug * [Bugfix] (task任务系统)修复资产连接性测试、硬件刷新和系统用户连接性测试失败等bug * [Bugfix] 修复一些bug * [Bugfix] 修复一些bug * [Update] 更新org下普通用户的资产详情 (#1619) * [Update] 更新org下普通用户查看资产详情,只显示数据 * [Update] 优化org下普通用户查看资产详情前端代码 * [Update] 创建/更新用户的role选项;密码强度提示信息中英文; (#1623) * [Update] 修改 超级管理员/组织管理员 在 创建/更新 用户时role的选项 问题 * [Update] 用户密码强度提示信息支持中英文 * [Update] 修改token返回 * [Update] Asset返回org name * [Update] 修改支持xpack * [Update] 修改url * [Bugfix] 修复不登录就能查看资产的bug * [Update] 用户修改 * [Bugfix] ... * [Bugfix] 修复跳转错误的问题 * [Update] xpack/orgs组织添加删除功能-js; 修复Label继承Org后bug; (#1644) * [Update] 更新xpack下orgs的翻译信息 * [Update] 更新model Label,继承OrgModelMixin; * [Update] xpack/orgs组织添加删除功能-js; 修复Label继承Org后bug; * [Bugfix] 修复小bug * [Update] 优化一些api * [Update] 优化用户资产页面 * [Update] 更新 xpack/orgs 删除功能:限制在当前org下删除当前org (#1645) * [Update] 修改版本号 --- .gitignore | 1 + apps/__init__.py | 2 +- apps/assets/api/admin_user.py | 10 +- apps/assets/api/asset.py | 67 +- apps/assets/api/domain.py | 11 +- apps/assets/api/label.py | 9 +- apps/assets/api/node.py | 77 +- apps/assets/api/system_user.py | 11 +- apps/assets/forms/asset.py | 13 +- apps/assets/forms/domain.py | 3 +- apps/assets/hands.py | 4 +- apps/assets/models/asset.py | 38 +- apps/assets/models/base.py | 5 +- apps/assets/models/domain.py | 7 +- apps/assets/models/label.py | 5 +- apps/assets/models/node.py | 113 ++- apps/assets/models/user.py | 2 + apps/assets/serializers/admin_user.py | 2 +- apps/assets/serializers/asset.py | 10 +- apps/assets/serializers/node.py | 24 +- .../templates/assets/_asset_list_modal.html | 9 +- .../assets/_user_asset_detail_modal.html | 24 + .../assets/templates/assets/asset_detail.html | 2 +- apps/assets/templates/assets/asset_list.html | 83 +- apps/assets/templates/assets/domain_list.html | 4 +- .../templates/assets/user_asset_list.html | 81 +- apps/assets/urls/api_urls.py | 92 +-- apps/assets/urls/views_urls.py | 70 +- apps/assets/views/admin_user.py | 2 +- apps/assets/views/asset.py | 8 +- apps/assets/views/domain.py | 2 +- apps/assets/views/label.py | 2 +- apps/assets/views/system_user.py | 2 +- apps/audits/api.py | 4 +- apps/audits/models.py | 4 +- apps/audits/urls/api_urls.py | 3 +- apps/audits/urls/view_urls.py | 5 +- apps/audits/views.py | 3 +- apps/common/api.py | 19 +- apps/common/fields.py | 2 +- apps/common/mixins.py | 10 +- apps/common/permissions.py | 61 +- apps/common/urls/api_urls.py | 8 +- apps/common/utils.py | 124 ++- apps/common/views.py | 8 +- apps/i18n/zh/LC_MESSAGES/django.mo | Bin 37020 -> 37547 bytes apps/i18n/zh/LC_MESSAGES/django.po | 732 +++++++++++------- apps/jumpserver/settings.py | 57 +- apps/jumpserver/urls.py | 111 ++- apps/jumpserver/views.py | 19 +- apps/ops/api.py | 14 +- apps/ops/apps.py | 4 + apps/ops/hands.py | 2 - apps/ops/models/adhoc.py | 3 +- apps/ops/urls/api_urls.py | 12 +- apps/ops/urls/view_urls.py | 21 +- apps/ops/views.py | 2 +- apps/orgs/__init__.py | 0 apps/orgs/admin.py | 3 + apps/orgs/api.py | 14 + apps/orgs/apps.py | 5 + apps/orgs/context_processor.py | 15 + apps/orgs/middleware.py | 16 + apps/orgs/migrations/__init__.py | 0 apps/orgs/mixins.py | 104 +++ apps/orgs/models.py | 103 +++ apps/orgs/serializers.py | 10 + apps/orgs/tests.py | 3 + apps/orgs/urls/__init__.py | 2 + apps/orgs/urls/api_urls.py | 16 + apps/orgs/urls/views_urls.py | 14 + apps/orgs/utils.py | 47 ++ apps/orgs/views.py | 30 + apps/perms/api.py | 41 +- apps/perms/forms.py | 14 +- apps/perms/hands.py | 2 +- apps/perms/models.py | 18 +- .../perms/asset_permission_list.html | 42 +- apps/perms/urls/api_urls.py | 85 +- apps/perms/urls/views_urls.py | 15 +- apps/perms/utils.py | 4 +- apps/perms/views.py | 19 +- apps/static/css/jumpserver.css | 4 +- apps/static/img/header-profile.png | Bin 0 -> 5877 bytes apps/static/js/jumpserver.js | 123 ++- apps/templates/_footer.html | 2 +- apps/templates/_header_bar.html | 2 +- apps/templates/_left_side_bar.html | 2 +- apps/templates/_nav.html | 31 +- apps/templates/_user_profile.html | 34 +- apps/terminal/api.py | 22 +- apps/terminal/backends/command/db.py | 4 +- apps/terminal/backends/command/models.py | 4 +- apps/terminal/backends/command/serializers.py | 1 + apps/terminal/hands.py | 5 +- apps/terminal/models.py | 3 +- .../templates/terminal/session_list.html | 7 +- apps/terminal/urls/api_urls.py | 36 +- apps/terminal/urls/views_urls.py | 24 +- apps/terminal/views/command.py | 3 +- apps/terminal/views/session.py | 2 +- apps/terminal/views/terminal.py | 2 +- apps/users/api.py | 37 +- apps/users/forms.py | 77 +- apps/users/hands.py | 1 + apps/users/models/group.py | 7 +- apps/users/models/user.py | 21 +- apps/users/permissions.py | 52 -- apps/users/serializers.py | 4 +- .../users/templates/users/login_log_list.html | 7 +- .../users/templates/users/reset_password.html | 12 +- .../templates/users/user_granted_asset.html | 43 +- .../users/user_otp_authentication.html | 2 +- .../templates/users/user_password_update.html | 12 +- apps/users/templates/users/user_update.html | 12 +- apps/users/urls/api_urls.py | 39 +- apps/users/urls/views_urls.py | 68 +- apps/users/views/group.py | 3 +- apps/users/views/login.py | 19 +- apps/users/views/user.py | 16 +- requirements/requirements.txt | 5 +- 121 files changed, 2192 insertions(+), 1201 deletions(-) create mode 100644 apps/assets/templates/assets/_user_asset_detail_modal.html create mode 100644 apps/orgs/__init__.py create mode 100644 apps/orgs/admin.py create mode 100644 apps/orgs/api.py create mode 100644 apps/orgs/apps.py create mode 100644 apps/orgs/context_processor.py create mode 100644 apps/orgs/middleware.py create mode 100644 apps/orgs/migrations/__init__.py create mode 100644 apps/orgs/mixins.py create mode 100644 apps/orgs/models.py create mode 100644 apps/orgs/serializers.py create mode 100644 apps/orgs/tests.py create mode 100644 apps/orgs/urls/__init__.py create mode 100644 apps/orgs/urls/api_urls.py create mode 100644 apps/orgs/urls/views_urls.py create mode 100644 apps/orgs/utils.py create mode 100644 apps/orgs/views.py create mode 100755 apps/static/img/header-profile.png delete mode 100644 apps/users/permissions.py diff --git a/.gitignore b/.gitignore index 488f8a776..b75f0c9ff 100644 --- a/.gitignore +++ b/.gitignore @@ -32,3 +32,4 @@ django.db celerybeat-schedule.db data/static docs/_build/ +xpack diff --git a/apps/__init__.py b/apps/__init__.py index be40e1dd2..c84997cac 100644 --- a/apps/__init__.py +++ b/apps/__init__.py @@ -2,4 +2,4 @@ # -*- coding: utf-8 -*- # -__version__ = "1.3.3" +__version__ = "1.4.0" diff --git a/apps/assets/api/admin_user.py b/apps/assets/api/admin_user.py index 968cd6594..7048ce461 100644 --- a/apps/assets/api/admin_user.py +++ b/apps/assets/api/admin_user.py @@ -20,7 +20,7 @@ from rest_framework_bulk import BulkModelViewSet from common.mixins import IDInFilterMixin from common.utils import get_logger -from ..hands import IsSuperUser +from ..hands import IsOrgAdmin from ..models import AdminUser, Asset from .. import serializers from ..tasks import test_admin_user_connectability_manual @@ -39,19 +39,19 @@ class AdminUserViewSet(IDInFilterMixin, BulkModelViewSet): """ queryset = AdminUser.objects.all() serializer_class = serializers.AdminUserSerializer - permission_classes = (IsSuperUser,) + permission_classes = (IsOrgAdmin,) class AdminUserAuthApi(generics.UpdateAPIView): queryset = AdminUser.objects.all() serializer_class = serializers.AdminUserAuthSerializer - permission_classes = (IsSuperUser,) + permission_classes = (IsOrgAdmin,) class ReplaceNodesAdminUserApi(generics.UpdateAPIView): queryset = AdminUser.objects.all() serializer_class = serializers.ReplaceNodeAdminUserSerializer - permission_classes = (IsSuperUser,) + permission_classes = (IsOrgAdmin,) def update(self, request, *args, **kwargs): admin_user = self.get_object() @@ -75,7 +75,7 @@ class AdminUserTestConnectiveApi(generics.RetrieveAPIView): Test asset admin user connectivity """ queryset = AdminUser.objects.all() - permission_classes = (IsSuperUser,) + permission_classes = (IsOrgAdmin,) def retrieve(self, request, *args, **kwargs): admin_user = self.get_object() diff --git a/apps/assets/api/asset.py b/apps/assets/api/asset.py index 8c1f3d726..e2ce1b62a 100644 --- a/apps/assets/api/asset.py +++ b/apps/assets/api/asset.py @@ -2,8 +2,9 @@ # import random +import time -from rest_framework import generics +from rest_framework import generics, permissions from rest_framework.response import Response from rest_framework_bulk import BulkModelViewSet from rest_framework_bulk import ListBulkCreateUpdateDestroyAPIView @@ -13,7 +14,7 @@ from django.db.models import Q from common.mixins import IDInFilterMixin from common.utils import get_logger -from ..hands import IsSuperUser, IsValidUser, IsSuperUserOrAppUser +from common.permissions import IsOrgAdmin, IsAppUser, IsOrgAdminOrAppUser from ..models import Asset, SystemUser, AdminUser, Node from .. import serializers from ..tasks import update_asset_hardware_info_manual, \ @@ -39,38 +40,42 @@ class AssetViewSet(IDInFilterMixin, LabelFilter, BulkModelViewSet): queryset = Asset.objects.all() serializer_class = serializers.AssetSerializer pagination_class = LimitOffsetPagination - permission_classes = (IsSuperUserOrAppUser,) + permission_classes = (permissions.AllowAny,) - def get_queryset(self): - queryset = super().get_queryset()\ - .prefetch_related('labels', 'nodes')\ - .select_related('admin_user') - admin_user_id = self.request.query_params.get('admin_user_id') + def filter_node(self): node_id = self.request.query_params.get("node_id") + if not node_id: + return + + node = get_object_or_404(Node, id=node_id) show_current_asset = self.request.query_params.get("show_current_asset") - if admin_user_id: - admin_user = get_object_or_404(AdminUser, id=admin_user_id) - queryset = queryset.filter(admin_user=admin_user) - - if node_id and show_current_asset: - node = get_object_or_404(Node, id=node_id) - if node.is_root(): - queryset = queryset.filter( + if node.is_root(): + if show_current_asset: + self.queryset = self.queryset.filter( Q(nodes=node_id) | Q(nodes__isnull=True) ).distinct() - else: - queryset = queryset.filter(nodes=node).distinct() + return + if show_current_asset: + self.queryset = self.queryset.filter(nodes=node).distinct() + else: + self.queryset = self.queryset.filter( + nodes__key__regex='^{}(:[0-9]+)*$'.format(node.key), + ).distinct() - if node_id and not show_current_asset: - node = get_object_or_404(Node, id=node_id) - if node.is_root(): - queryset = Asset.objects.all() - else: - queryset = queryset.filter( - nodes__key__regex='^{}(:[0-9]+)*$'.format(node.key), - ).distinct() - return queryset + def filter_admin_user_id(self): + admin_user_id = self.request.query_params.get('admin_user_id') + if admin_user_id: + admin_user = get_object_or_404(AdminUser, id=admin_user_id) + self.queryset = self.queryset.filter(admin_user=admin_user) + + def get_queryset(self): + self.queryset = super().get_queryset()\ + .prefetch_related('labels', 'nodes')\ + .select_related('admin_user') + self.filter_admin_user_id() + self.filter_node() + return self.queryset class AssetListUpdateApi(IDInFilterMixin, ListBulkCreateUpdateDestroyAPIView): @@ -79,7 +84,7 @@ class AssetListUpdateApi(IDInFilterMixin, ListBulkCreateUpdateDestroyAPIView): """ queryset = Asset.objects.all() serializer_class = serializers.AssetSerializer - permission_classes = (IsSuperUser,) + permission_classes = (IsOrgAdmin,) class AssetRefreshHardwareApi(generics.RetrieveAPIView): @@ -88,7 +93,7 @@ class AssetRefreshHardwareApi(generics.RetrieveAPIView): """ queryset = Asset.objects.all() serializer_class = serializers.AssetSerializer - permission_classes = (IsSuperUser,) + permission_classes = (IsOrgAdmin,) def retrieve(self, request, *args, **kwargs): asset_id = kwargs.get('pk') @@ -102,7 +107,7 @@ class AssetAdminUserTestApi(generics.RetrieveAPIView): Test asset admin user connectivity """ queryset = Asset.objects.all() - permission_classes = (IsSuperUser,) + permission_classes = (IsOrgAdmin,) def retrieve(self, request, *args, **kwargs): asset_id = kwargs.get('pk') @@ -113,7 +118,7 @@ class AssetAdminUserTestApi(generics.RetrieveAPIView): class AssetGatewayApi(generics.RetrieveAPIView): queryset = Asset.objects.all() - permission_classes = (IsSuperUserOrAppUser,) + permission_classes = (IsOrgAdminOrAppUser,) def retrieve(self, request, *args, **kwargs): asset_id = kwargs.get('pk') diff --git a/apps/assets/api/domain.py b/apps/assets/api/domain.py index 5114b5561..37bebfb84 100644 --- a/apps/assets/api/domain.py +++ b/apps/assets/api/domain.py @@ -2,12 +2,11 @@ from rest_framework_bulk import BulkModelViewSet from rest_framework.views import APIView, Response -from rest_framework.generics import RetrieveAPIView from django.views.generic.detail import SingleObjectMixin from common.utils import get_logger -from ..hands import IsSuperUser, IsSuperUserOrAppUser +from common.permissions import IsOrgAdmin, IsAppUser, IsOrgAdminOrAppUser from ..models import Domain, Gateway from ..utils import test_gateway_connectability from .. import serializers @@ -19,7 +18,7 @@ __all__ = ['DomainViewSet', 'GatewayViewSet', "GatewayTestConnectionApi"] class DomainViewSet(BulkModelViewSet): queryset = Domain.objects.all() - permission_classes = (IsSuperUser,) + permission_classes = (IsOrgAdmin,) serializer_class = serializers.DomainSerializer def get_serializer_class(self): @@ -29,7 +28,7 @@ class DomainViewSet(BulkModelViewSet): def get_permissions(self): if self.request.query_params.get('gateway'): - self.permission_classes = (IsSuperUserOrAppUser,) + self.permission_classes = (IsOrgAdminOrAppUser,) return super().get_permissions() @@ -37,12 +36,12 @@ class GatewayViewSet(BulkModelViewSet): filter_fields = ("domain",) search_fields = filter_fields queryset = Gateway.objects.all() - permission_classes = (IsSuperUser,) + permission_classes = (IsOrgAdmin,) serializer_class = serializers.GatewaySerializer class GatewayTestConnectionApi(SingleObjectMixin, APIView): - permission_classes = (IsSuperUser,) + permission_classes = (IsOrgAdmin,) model = Gateway object = None diff --git a/apps/assets/api/label.py b/apps/assets/api/label.py index 858834d0a..e5391c76a 100644 --- a/apps/assets/api/label.py +++ b/apps/assets/api/label.py @@ -17,7 +17,7 @@ from rest_framework_bulk import BulkModelViewSet from django.db.models import Count from common.utils import get_logger -from ..hands import IsSuperUser +from ..hands import IsOrgAdmin from ..models import Label from .. import serializers @@ -27,8 +27,7 @@ __all__ = ['LabelViewSet'] class LabelViewSet(BulkModelViewSet): - queryset = Label.objects.annotate(asset_count=Count("assets")) - permission_classes = (IsSuperUser,) + permission_classes = (IsOrgAdmin,) serializer_class = serializers.LabelSerializer def list(self, request, *args, **kwargs): @@ -36,3 +35,7 @@ class LabelViewSet(BulkModelViewSet): self.serializer_class = serializers.LabelDistinctSerializer self.queryset = self.queryset.values("name").distinct() return super().list(request, *args, **kwargs) + + def get_queryset(self): + self.queryset = Label.objects.annotate(asset_count=Count("assets")) + return self.queryset diff --git a/apps/assets/api/node.py b/apps/assets/api/node.py index e5ace021e..515f1f13c 100644 --- a/apps/assets/api/node.py +++ b/apps/assets/api/node.py @@ -13,16 +13,17 @@ # See the License for the specific language governing permissions and # limitations under the License. -from rest_framework import generics, mixins +from rest_framework import generics, mixins, viewsets from rest_framework.serializers import ValidationError from rest_framework.views import APIView from rest_framework.response import Response from rest_framework_bulk import BulkModelViewSet from django.utils.translation import ugettext_lazy as _ from django.shortcuts import get_object_or_404 +from django.db.models import Count from common.utils import get_logger, get_object_or_none -from ..hands import IsSuperUser +from ..hands import IsOrgAdmin from ..models import Node from ..tasks import update_assets_hardware_info_util, test_asset_connectability_util from .. import serializers @@ -30,57 +31,31 @@ from .. import serializers logger = get_logger(__file__) __all__ = [ - 'NodeViewSet', 'NodeChildrenApi', - 'NodeAssetsApi', - 'NodeAddAssetsApi', 'NodeRemoveAssetsApi', - 'NodeReplaceAssetsApi', + 'NodeViewSet', 'NodeChildrenApi', 'NodeAssetsApi', + 'NodeAddAssetsApi', 'NodeRemoveAssetsApi', 'NodeReplaceAssetsApi', 'NodeAddChildrenApi', 'RefreshNodeHardwareInfoApi', 'TestNodeConnectiveApi' ] -class NodeViewSet(BulkModelViewSet): +class NodeViewSet(viewsets.ModelViewSet): queryset = Node.objects.all() - permission_classes = (IsSuperUser,) + permission_classes = (IsOrgAdmin,) serializer_class = serializers.NodeSerializer + def get_queryset(self): + queryset = super().get_queryset().annotate(Count('assets')) + return queryset + def perform_create(self, serializer): child_key = Node.root().get_next_child_key() serializer.validated_data["key"] = child_key serializer.save() -# class NodeWithAssetsApi(generics.ListAPIView): -# permission_classes = (IsSuperUser,) -# serializers = serializers.NodeSerializer -# -# def get_node(self): -# pk = self.kwargs.get('pk') or self.request.query_params.get('node') -# if not pk: -# node = Node.root() -# else: -# node = get_object_or_404(Node, pk) -# return node -# -# def get_queryset(self): -# queryset = [] -# node = self.get_node() -# children = node.get_children() -# assets = node.get_assets() -# queryset.extend(list(children)) -# -# for asset in assets: -# node = Node() -# node.id = asset.id -# node.parent = node.id -# node.value = asset.hostname -# queryset.append(node) -# return queryset - - class NodeChildrenApi(mixins.ListModelMixin, generics.CreateAPIView): queryset = Node.objects.all() - permission_classes = (IsSuperUser,) + permission_classes = (IsOrgAdmin,) serializer_class = serializers.NodeSerializer instance = None @@ -126,22 +101,26 @@ class NodeChildrenApi(mixins.ListModelMixin, generics.CreateAPIView): query_all = self.request.query_params.get("all") query_assets = self.request.query_params.get('assets') node = self.get_object() + if node is None: node = Node.root() + node.assets__count = node.get_all_assets().count() queryset.append(node) - if query_all: - children = node.get_all_children() - else: - children = node.get_children() + if query_all: + children = node.get_all_children().annotate(Count("assets")) + else: + children = node.get_children().annotate(Count("assets")) queryset.extend(list(children)) + if query_assets: assets = node.get_assets() for asset in assets: node_fake = Node() + node_fake.assets__count = 0 node_fake.id = asset.id node_fake.is_node = False - node_fake.parent_id = node.id + node_fake.key = node.key + ':0' node_fake.value = asset.hostname queryset.append(node_fake) queryset = sorted(queryset, key=lambda x: x.is_node, reverse=True) @@ -152,7 +131,7 @@ class NodeChildrenApi(mixins.ListModelMixin, generics.CreateAPIView): class NodeAssetsApi(generics.ListAPIView): - permission_classes = (IsSuperUser,) + permission_classes = (IsOrgAdmin,) serializer_class = serializers.AssetSerializer def get_queryset(self): @@ -167,7 +146,7 @@ class NodeAssetsApi(generics.ListAPIView): class NodeAddChildrenApi(generics.UpdateAPIView): queryset = Node.objects.all() - permission_classes = (IsSuperUser,) + permission_classes = (IsOrgAdmin,) serializer_class = serializers.NodeAddChildrenSerializer instance = None @@ -185,7 +164,7 @@ class NodeAddChildrenApi(generics.UpdateAPIView): class NodeAddAssetsApi(generics.UpdateAPIView): serializer_class = serializers.NodeAssetsSerializer queryset = Node.objects.all() - permission_classes = (IsSuperUser,) + permission_classes = (IsOrgAdmin,) instance = None def perform_update(self, serializer): @@ -197,7 +176,7 @@ class NodeAddAssetsApi(generics.UpdateAPIView): class NodeRemoveAssetsApi(generics.UpdateAPIView): serializer_class = serializers.NodeAssetsSerializer queryset = Node.objects.all() - permission_classes = (IsSuperUser,) + permission_classes = (IsOrgAdmin,) instance = None def perform_update(self, serializer): @@ -213,7 +192,7 @@ class NodeRemoveAssetsApi(generics.UpdateAPIView): class NodeReplaceAssetsApi(generics.UpdateAPIView): serializer_class = serializers.NodeAssetsSerializer queryset = Node.objects.all() - permission_classes = (IsSuperUser,) + permission_classes = (IsOrgAdmin,) instance = None def perform_update(self, serializer): @@ -224,7 +203,7 @@ class NodeReplaceAssetsApi(generics.UpdateAPIView): class RefreshNodeHardwareInfoApi(APIView): - permission_classes = (IsSuperUser,) + permission_classes = (IsOrgAdmin,) model = Node def get(self, request, *args, **kwargs): @@ -237,7 +216,7 @@ class RefreshNodeHardwareInfoApi(APIView): class TestNodeConnectiveApi(APIView): - permission_classes = (IsSuperUser,) + permission_classes = (IsOrgAdmin,) model = Node def get(self, request, *args, **kwargs): diff --git a/apps/assets/api/system_user.py b/apps/assets/api/system_user.py index 66d62232d..f44c60f5b 100644 --- a/apps/assets/api/system_user.py +++ b/apps/assets/api/system_user.py @@ -16,8 +16,9 @@ from rest_framework import generics from rest_framework.response import Response from rest_framework_bulk import BulkModelViewSet + from common.utils import get_logger -from ..hands import IsSuperUser, IsSuperUserOrAppUser +from common.permissions import IsOrgAdmin, IsOrgAdminOrAppUser from ..models import SystemUser from .. import serializers from ..tasks import push_system_user_to_assets_manual, \ @@ -37,7 +38,7 @@ class SystemUserViewSet(BulkModelViewSet): """ queryset = SystemUser.objects.all() serializer_class = serializers.SystemUserSerializer - permission_classes = (IsSuperUserOrAppUser,) + permission_classes = (IsOrgAdminOrAppUser,) class SystemUserAuthInfoApi(generics.RetrieveUpdateDestroyAPIView): @@ -45,7 +46,7 @@ class SystemUserAuthInfoApi(generics.RetrieveUpdateDestroyAPIView): Get system user auth info """ queryset = SystemUser.objects.all() - permission_classes = (IsSuperUserOrAppUser,) + permission_classes = (IsOrgAdminOrAppUser,) serializer_class = serializers.SystemUserAuthSerializer def destroy(self, request, *args, **kwargs): @@ -59,7 +60,7 @@ class SystemUserPushApi(generics.RetrieveAPIView): Push system user to cluster assets api """ queryset = SystemUser.objects.all() - permission_classes = (IsSuperUser,) + permission_classes = (IsOrgAdmin,) def retrieve(self, request, *args, **kwargs): system_user = self.get_object() @@ -75,7 +76,7 @@ class SystemUserTestConnectiveApi(generics.RetrieveAPIView): Push system user to cluster assets api """ queryset = SystemUser.objects.all() - permission_classes = (IsSuperUser,) + permission_classes = (IsOrgAdmin,) def retrieve(self, request, *args, **kwargs): system_user = self.get_object() diff --git a/apps/assets/forms/asset.py b/apps/assets/forms/asset.py index 5e52e3ac9..8b132b350 100644 --- a/apps/assets/forms/asset.py +++ b/apps/assets/forms/asset.py @@ -3,14 +3,17 @@ from django import forms from django.utils.translation import gettext_lazy as _ -from ..models import Asset, AdminUser from common.utils import get_logger +from orgs.mixins import OrgModelForm + +from ..models import Asset, AdminUser + logger = get_logger(__file__) __all__ = ['AssetCreateForm', 'AssetUpdateForm', 'AssetBulkUpdateForm'] -class AssetCreateForm(forms.ModelForm): +class AssetCreateForm(OrgModelForm): class Meta: model = Asset fields = [ @@ -50,7 +53,7 @@ class AssetCreateForm(forms.ModelForm): } -class AssetUpdateForm(forms.ModelForm): +class AssetUpdateForm(OrgModelForm): class Meta: model = Asset fields = [ @@ -90,7 +93,7 @@ class AssetUpdateForm(forms.ModelForm): } -class AssetBulkUpdateForm(forms.ModelForm): +class AssetBulkUpdateForm(OrgModelForm): assets = forms.ModelMultipleChoiceField( required=True, help_text='* required', label=_('Select assets'), queryset=Asset.objects.all(), @@ -105,7 +108,7 @@ class AssetBulkUpdateForm(forms.ModelForm): label=_('Port'), required=False, min_value=1, max_value=65535, ) admin_user = forms.ModelChoiceField( - required=False, queryset=AdminUser.objects.all(), + required=False, queryset=AdminUser.objects, label=_("Admin user"), widget=forms.Select( attrs={ diff --git a/apps/assets/forms/domain.py b/apps/assets/forms/domain.py index ec3af8f2e..1b005ec2f 100644 --- a/apps/assets/forms/domain.py +++ b/apps/assets/forms/domain.py @@ -3,6 +3,7 @@ from django import forms from django.utils.translation import gettext_lazy as _ +from orgs.mixins import OrgModelForm from ..models import Domain, Asset, Gateway from .user import PasswordAndKeyAuthForm @@ -34,7 +35,7 @@ class DomainForm(forms.ModelForm): return instance -class GatewayForm(PasswordAndKeyAuthForm): +class GatewayForm(PasswordAndKeyAuthForm, OrgModelForm): def save(self, commit=True): # Because we define custom field, so we need rewrite :method: `save` diff --git a/apps/assets/hands.py b/apps/assets/hands.py index a1a376135..ffe1e35c5 100644 --- a/apps/assets/hands.py +++ b/apps/assets/hands.py @@ -11,6 +11,6 @@ """ -from common.mixins import AdminUserRequiredMixin -from common.permissions import IsAppUser, IsSuperUser, IsValidUser, IsSuperUserOrAppUser +from common.permissions import AdminUserRequiredMixin +from common.permissions import IsAppUser, IsOrgAdmin, IsValidUser, IsOrgAdminOrAppUser from users.models import User, UserGroup diff --git a/apps/assets/models/asset.py b/apps/assets/models/asset.py index b26c50216..97bcd4b47 100644 --- a/apps/assets/models/asset.py +++ b/apps/assets/models/asset.py @@ -13,6 +13,7 @@ from django.core.cache import cache from ..const import ASSET_ADMIN_CONN_CACHE_KEY from .user import AdminUser, SystemUser +from orgs.mixins import OrgModelMixin,OrgManager __all__ = ['Asset'] logger = logging.getLogger(__name__) @@ -44,12 +45,7 @@ class AssetQuerySet(models.QuerySet): return self.active() -class AssetManager(models.Manager): - def get_queryset(self): - return AssetQuerySet(self.model, using=self._db) - - -class Asset(models.Model): +class Asset(OrgModelMixin): # Important PLATFORM_CHOICES = ( ('Linux', 'Linux'), @@ -71,16 +67,11 @@ class Asset(models.Model): ) id = models.UUIDField(default=uuid.uuid4, primary_key=True) - ip = models.GenericIPAddressField(max_length=32, verbose_name=_('IP'), - db_index=True) - hostname = models.CharField(max_length=128, unique=True, - verbose_name=_('Hostname')) - protocol = models.CharField(max_length=128, default=SSH_PROTOCOL, - choices=PROTOCOL_CHOICES, - verbose_name=_('Protocol')) + ip = models.GenericIPAddressField(max_length=32, verbose_name=_('IP'), db_index=True) + hostname = models.CharField(max_length=128, verbose_name=_('Hostname')) + protocol = models.CharField(max_length=128, default=SSH_PROTOCOL, choices=PROTOCOL_CHOICES, verbose_name=_('Protocol')) port = models.IntegerField(default=22, verbose_name=_('Port')) - platform = models.CharField(max_length=128, choices=PLATFORM_CHOICES, - default='Linux', verbose_name=_('Platform')) + platform = models.CharField(max_length=128, choices=PLATFORM_CHOICES, default='Linux', verbose_name=_('Platform')) domain = models.ForeignKey("assets.Domain", null=True, blank=True, related_name='assets', verbose_name=_("Domain"), on_delete=models.SET_NULL) @@ -94,11 +85,8 @@ class Asset(models.Model): null=True, verbose_name=_("Admin user")) # Some information - public_ip = models.GenericIPAddressField(max_length=32, blank=True, - null=True, - verbose_name=_('Public IP')) - number = models.CharField(max_length=32, null=True, blank=True, - verbose_name=_('Asset number')) + public_ip = models.GenericIPAddressField(max_length=32, blank=True, null=True, verbose_name=_('Public IP')) + number = models.CharField(max_length=32, null=True, blank=True, verbose_name=_('Asset number')) # Collect vendor = models.CharField(max_length=64, null=True, blank=True, @@ -139,7 +127,7 @@ class Asset(models.Model): comment = models.TextField(max_length=128, default='', blank=True, verbose_name=_('Comment')) - objects = AssetManager() + objects = OrgManager.from_queryset(AssetQuerySet)() def __str__(self): return '{0.hostname}({0.ip})'.format(self) @@ -173,6 +161,12 @@ class Asset(models.Model): nodes = list(reduce(lambda x, y: set(x) | set(y), nodes)) return nodes + @property + def org_name(self): + from orgs.models import Organization + org = Organization.get_instance(self.org_id) + return org.name + @property def hardware_info(self): if self.cpu_count: @@ -233,7 +227,7 @@ class Asset(models.Model): return data class Meta: - unique_together = ('ip', 'port') + unique_together = [('org_id', 'hostname')] verbose_name = _("Asset") @classmethod diff --git a/apps/assets/models/base.py b/apps/assets/models/base.py index 908e6b647..b03010905 100644 --- a/apps/assets/models/base.py +++ b/apps/assets/models/base.py @@ -11,14 +11,15 @@ from django.conf import settings from common.utils import get_signer, ssh_key_string_to_obj, ssh_key_gen from common.validators import alphanumeric +from orgs.mixins import OrgModelMixin from .utils import private_key_validator signer = get_signer() -class AssetUser(models.Model): +class AssetUser(OrgModelMixin): id = models.UUIDField(default=uuid.uuid4, primary_key=True) - name = models.CharField(max_length=128, unique=True, verbose_name=_('Name')) + name = models.CharField(max_length=128, verbose_name=_('Name')) username = models.CharField(max_length=32, blank=True, verbose_name=_('Username'), validators=[alphanumeric]) _password = models.CharField(max_length=256, blank=True, null=True, verbose_name=_('Password')) _private_key = models.TextField(max_length=4096, blank=True, null=True, verbose_name=_('SSH private key'), validators=[private_key_validator, ]) diff --git a/apps/assets/models/domain.py b/apps/assets/models/domain.py index 61c3bcc1f..80b7ae596 100644 --- a/apps/assets/models/domain.py +++ b/apps/assets/models/domain.py @@ -7,12 +7,13 @@ import random from django.db import models from django.utils.translation import ugettext_lazy as _ +from orgs.mixins import OrgModelMixin from .base import AssetUser __all__ = ['Domain', 'Gateway'] -class Domain(models.Model): +class Domain(OrgModelMixin): id = models.UUIDField(default=uuid.uuid4, primary_key=True) name = models.CharField(max_length=128, unique=True, verbose_name=_('Name')) comment = models.TextField(blank=True, verbose_name=_('Comment')) @@ -43,10 +44,12 @@ class Gateway(AssetUser): ip = models.GenericIPAddressField(max_length=32, verbose_name=_('IP'), db_index=True) port = models.IntegerField(default=22, verbose_name=_('Port')) protocol = models.CharField(choices=PROTOCOL_CHOICES, max_length=16, default=SSH_PROTOCOL, verbose_name=_("Protocol")) - domain = models.ForeignKey(Domain, verbose_name=_("Domain"), on_delete=models.CASCADE) + domain = models.ForeignKey(Domain, on_delete=models.CASCADE, verbose_name=_("Domain")) comment = models.CharField(max_length=128, blank=True, null=True, verbose_name=_("Comment")) is_active = models.BooleanField(default=True, verbose_name=_("Is active")) def __str__(self): return self.name + class Meta: + unique_together = [('name', 'org_id')] diff --git a/apps/assets/models/label.py b/apps/assets/models/label.py index 990a71ca8..7f1d08fa1 100644 --- a/apps/assets/models/label.py +++ b/apps/assets/models/label.py @@ -4,9 +4,10 @@ import uuid from django.db import models from django.utils.translation import ugettext_lazy as _ +from orgs.mixins import OrgModelMixin -class Label(models.Model): +class Label(OrgModelMixin): SYSTEM_CATEGORY = "S" USER_CATEGORY = "U" CATEGORY_CHOICES = ( @@ -34,4 +35,4 @@ class Label(models.Model): class Meta: db_table = "assets_label" - unique_together = ('name', 'value') + unique_together = [('name', 'value')] diff --git a/apps/assets/models/node.py b/apps/assets/models/node.py index 4f4f9ad8b..8d006a40e 100644 --- a/apps/assets/models/node.py +++ b/apps/assets/models/node.py @@ -5,12 +5,15 @@ import uuid from django.db import models, transaction from django.db.models import Q from django.utils.translation import ugettext_lazy as _ -from common.utils import with_cache + +from orgs.mixins import OrgModelMixin +from orgs.utils import current_org, set_current_org, get_current_org +from orgs.models import Organization __all__ = ['Node'] -class Node(models.Model): +class Node(OrgModelMixin): id = models.UUIDField(default=uuid.uuid4, primary_key=True) key = models.CharField(unique=True, max_length=64, verbose_name=_("Key")) # '1:1:1:1' value = models.CharField(max_length=128, verbose_name=_("Value")) @@ -20,7 +23,8 @@ class Node(models.Model): is_node = True def __str__(self): - return self.full_value + return self.value + # return self.full_value def __eq__(self, other): return self.key == other.key @@ -93,12 +97,10 @@ class Node(models.Model): def get_assets(self): from .asset import Asset - if self.is_root(): - assets = Asset.objects.filter( - Q(nodes__id=self.id) | Q(nodes__isnull=True) - ) + if self.is_default_node(): + assets = Asset.objects.filter(nodes__isnull=True) else: - assets = self.assets.all() + assets = Asset.objects.filter(nodes__id=self.id) return assets def get_valid_assets(self): @@ -106,49 +108,61 @@ class Node(models.Model): def get_all_assets(self): from .asset import Asset - if self.is_root(): - assets = Asset.objects.all() + pattern = r'^{0}$|^{0}:'.format(self.key) + args = [] + kwargs = {} + if self.is_default_node(): + args.append(Q(nodes__key__regex=pattern) | Q(nodes=None)) else: - pattern = r'^{0}$|^{0}:'.format(self.key) - assets = Asset.objects.filter(nodes__key__regex=pattern) + kwargs['nodes__key__regex'] = pattern + assets = Asset.objects.filter(*args, **kwargs) return assets def get_all_valid_assets(self): return self.get_all_assets().valid() + def is_default_node(self): + return self.is_root() and self.key == '0' + def is_root(self): - return self.key == '0' + if self.key.isdigit(): + return True + else: + return False + + @property + def parent_key(self): + parent_key = ":".join(self.key.split(":")[:-1]) + return parent_key @property def parent(self): - if self.key == "0" or not self.key.startswith("0"): - return self.__class__.root() - parent_key = ":".join(self.key.split(":")[:-1]) + if self.is_root(): + return self try: - parent = self.__class__.objects.get(key=parent_key) + parent = self.__class__.objects.get(key=self.parent_key) return parent except Node.DoesNotExist: return self.__class__.root() @parent.setter def parent(self, parent): - if self.is_node: - children = self.get_all_children() - old_key = self.key - with transaction.atomic(): - self.key = parent.get_next_child_key() - for child in children: - child.key = child.key.replace(old_key, self.key, 1) - child.save() - self.save() - else: - self.key = parent.key+':fake' + if not self.is_node: + self.key = parent.key + ':fake' + return + children = self.get_all_children() + old_key = self.key + with transaction.atomic(): + self.key = parent.get_next_child_key() + for child in children: + child.key = child.key.replace(old_key, self.key, 1) + child.save() + self.save() def get_ancestor(self, with_self=False): if self.is_root(): - ancestor = self.__class__.objects.filter(key='0') - return ancestor - + root = self.__class__.root() + return [root] _key = self.key.split(':') if not with_self: _key.pop() @@ -162,10 +176,35 @@ class Node(models.Model): return ancestor @classmethod - def root(cls): - obj, created = cls.objects.get_or_create( - key='0', defaults={"key": '0', 'value': "ROOT"} - ) - print(obj) - return obj + def create_root_node(cls): + # 如果使用current_org 在set_current_org时会死循环 + _current_org = get_current_org() + with transaction.atomic(): + if _current_org.is_default(): + key = '0' + else: + set_current_org(Organization.root()) + org_nodes_roots = cls.objects.filter(key__regex=r'^[0-9]+$') + org_nodes_roots_keys = org_nodes_roots.values_list('key', flat=True) + key = max([int(k) for k in org_nodes_roots_keys]) + 1 + set_current_org(_current_org) + root = cls.objects.create(key=key, value=_current_org.name) + return root + + @classmethod + def root(cls): + root = cls.objects.filter(key__regex=r'^[0-9]+$') + if root: + return root[0] + else: + return cls.create_root_node() + + @classmethod + def generate_fake(cls, count=100): + import random + for i in range(count): + node = random.choice(cls.objects.all()) + node.create_child('Node {}'.format(i)) + + diff --git a/apps/assets/models/user.py b/apps/assets/models/user.py index 21b7c9a41..646b7204f 100644 --- a/apps/assets/models/user.py +++ b/apps/assets/models/user.py @@ -69,6 +69,7 @@ class AdminUser(AssetUser): class Meta: ordering = ['name'] + unique_together = [('name', 'org_id')] verbose_name = _("Admin user") @classmethod @@ -176,6 +177,7 @@ class SystemUser(AssetUser): class Meta: ordering = ['name'] + unique_together = [('name', 'org_id')] verbose_name = _("System user") @classmethod diff --git a/apps/assets/serializers/admin_user.py b/apps/assets/serializers/admin_user.py index dbd0d1b39..e1ecdf1c3 100644 --- a/apps/assets/serializers/admin_user.py +++ b/apps/assets/serializers/admin_user.py @@ -58,7 +58,7 @@ class ReplaceNodeAdminUserSerializer(serializers.ModelSerializer): 管理用户更新关联到的集群 """ nodes = serializers.PrimaryKeyRelatedField( - many=True, queryset=Node.objects.all() + many=True, queryset = Node.objects.all() ) class Meta: diff --git a/apps/assets/serializers/asset.py b/apps/assets/serializers/asset.py index e63735794..36639a17e 100644 --- a/apps/assets/serializers/asset.py +++ b/apps/assets/serializers/asset.py @@ -20,12 +20,12 @@ class AssetSerializer(BulkSerializerMixin, serializers.ModelSerializer): model = Asset list_serializer_class = BulkListSerializer fields = '__all__' - validators = [] # If not set to [], partial bulk update will be error + # validators = [] # If not set to [], partial bulk update will be error def get_field_names(self, declared_fields, info): fields = super().get_field_names(declared_fields, info) fields.extend([ - 'hardware_info', 'is_connective', + 'hardware_info', 'is_connective', 'org_name' ]) return fields @@ -43,7 +43,7 @@ class AssetGrantedSerializer(serializers.ModelSerializer): fields = ( "id", "hostname", "ip", "port", "system_users_granted", "is_active", "system_users_join", "os", 'domain', - "platform", "comment", "protocol", + "platform", "comment", "protocol", "org_id", "org_name", ) @staticmethod @@ -61,6 +61,6 @@ class MyAssetGrantedSerializer(AssetGrantedSerializer): model = Asset fields = ( "id", "hostname", "system_users_granted", - "is_active", "system_users_join", - "os", "platform", "comment", + "is_active", "system_users_join", "org_name", + "os", "platform", "comment", "org_id", "protocol" ) diff --git a/apps/assets/serializers/node.py b/apps/assets/serializers/node.py index 56e01f742..4f7031065 100644 --- a/apps/assets/serializers/node.py +++ b/apps/assets/serializers/node.py @@ -26,7 +26,7 @@ class NodeGrantedSerializer(BulkSerializerMixin, serializers.ModelSerializer): model = Node fields = [ 'id', 'key', 'name', 'value', 'parent', - 'assets_granted', 'assets_amount', + 'assets_granted', 'assets_amount', 'org_id', ] @staticmethod @@ -43,12 +43,16 @@ class NodeGrantedSerializer(BulkSerializerMixin, serializers.ModelSerializer): class NodeSerializer(serializers.ModelSerializer): - parent = serializers.SerializerMethodField() assets_amount = serializers.SerializerMethodField() + tree_id = serializers.SerializerMethodField() + tree_parent = serializers.SerializerMethodField() class Meta: model = Node - fields = ['id', 'key', 'value', 'parent', 'assets_amount', 'is_node'] + fields = [ + 'id', 'key', 'value', 'assets_amount', + 'is_node', 'org_id', 'tree_id', 'tree_parent', + ] list_serializer_class = BulkListSerializer def validate(self, data): @@ -63,12 +67,16 @@ class NodeSerializer(serializers.ModelSerializer): return data @staticmethod - def get_parent(obj): - return obj.parent.id if obj.is_node else obj.parent_id + def get_assets_amount(obj): + return obj.assets__count if hasattr(obj, 'assets__count') else 0 @staticmethod - def get_assets_amount(obj): - return obj.get_all_assets().count() if obj.is_node else 0 + def get_tree_id(obj): + return obj.key + + @staticmethod + def get_tree_parent(obj): + return obj.parent_key def get_fields(self): fields = super().get_fields() @@ -78,7 +86,7 @@ class NodeSerializer(serializers.ModelSerializer): class NodeAssetsSerializer(serializers.ModelSerializer): - assets = serializers.PrimaryKeyRelatedField(many=True, queryset=Asset.objects.all()) + assets = serializers.PrimaryKeyRelatedField(many=True, queryset = Asset.objects.all()) class Meta: model = Node diff --git a/apps/assets/templates/assets/_asset_list_modal.html b/apps/assets/templates/assets/_asset_list_modal.html index faf569137..ea8d59e49 100644 --- a/apps/assets/templates/assets/_asset_list_modal.html +++ b/apps/assets/templates/assets/_asset_list_modal.html @@ -71,7 +71,7 @@ function initTable2() { function onSelected2(event, treeNode) { var url = asset_table2.ajax.url(); - url = setUrlParam(url, "node_id", treeNode.id); + url = setUrlParam(url, "node_id", treeNode.node_id); setCookie('node_selected', treeNode.id); asset_table2.ajax.url(url); asset_table2.ajax.reload(); @@ -97,17 +97,20 @@ function initTree2() { var zNodes = []; $.get("{% url 'api-assets:node-list' %}", function(data, status){ $.each(data, function (index, value) { - value["pId"] = value["parent"]; + value["node_id"] = value["id"]; + value["id"] = value["tree_id"]; + value["pId"] = value["tree_parent"]; {#value["open"] = true;#} if (value["key"] === "0") { value["open"] = true; } value["name"] = value["value"] + ' (' + value['assets_amount'] + ')'; - value['value'] = value['value']; }); zNodes = data; $.fn.zTree.init($("#assetTree2"), setting, zNodes); zTree2 = $.fn.zTree.getZTreeObj("assetTree2"); + var root = zTree2.getNodes()[0]; + zTree2.expandNode(root); }); } diff --git a/apps/assets/templates/assets/_user_asset_detail_modal.html b/apps/assets/templates/assets/_user_asset_detail_modal.html new file mode 100644 index 000000000..ca2b8f252 --- /dev/null +++ b/apps/assets/templates/assets/_user_asset_detail_modal.html @@ -0,0 +1,24 @@ +{% extends '_modal.html' %} +{% load i18n %} +{% load static %} + +{% block modal_id %}user_asset_detail_modal{% endblock %} + +{% block modal_title %}{% trans "Asset detail" %}{% endblock %} + +{% block modal_body %} +
+ + + +
+
+{% endblock %} + +{% block modal_button %} + +{% endblock %} diff --git a/apps/assets/templates/assets/asset_detail.html b/apps/assets/templates/assets/asset_detail.html index b07a7c348..2f36688be 100644 --- a/apps/assets/templates/assets/asset_detail.html +++ b/apps/assets/templates/assets/asset_detail.html @@ -130,7 +130,7 @@ - {% if user.is_superuser %} + {% if user.is_superuser or user.is_org_admin %}
diff --git a/apps/assets/templates/assets/asset_list.html b/apps/assets/templates/assets/asset_list.html index b5e53aaba..4986bb959 100644 --- a/apps/assets/templates/assets/asset_list.html +++ b/apps/assets/templates/assets/asset_list.html @@ -10,6 +10,7 @@ {% block custom_head_css_js %} +{# #}