From dafc416783d4a08eee07d95e7022088f969e15ee Mon Sep 17 00:00:00 2001
From: fit2bot <68588906+fit2bot@users.noreply.github.com>
Date: Wed, 2 Mar 2022 20:48:43 +0800
Subject: [PATCH] Fix rbac (#7728)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
* perf: 重命名 signal handlers
* fix: 修复 ticket processor 问题
* perf: 修改 ticket 处理人api
* fix: 修复创建系统账号bug
* fix: 升级celery_beat==2.2.1和flower==1.0.0;修改celery进程启动参数先后顺序
* perf: 修改 authentication token
* fix: 修复上传权限bug
* fix: 登录页面增加i18n切换;
* fix: 系统角色删除限制
* perf: 修改一下 permissions tree
* perf: 生成 i18n
* perf: 修改一点点
Co-authored-by: ibuler <ibuler@qq.com>
Co-authored-by: feng626 <1304903146@qq.com>
Co-authored-by: Jiangjie.Bai <bugatti_it@163.com>
---
apps/assets/api/cmd_filter.py | 2 +-
apps/assets/apps.py | 4 +-
apps/assets/models/asset.py | 4 +-
.../__init__.py | 0
.../asset.py | 0
.../authbook.py | 0
.../common.py | 0
.../node_assets_amount.py | 0
.../node_assets_mapping.py | 0
.../system_user.py | 0
apps/audits/apps.py | 2 +-
...{signals_handler.py => signal_handlers.py} | 0
apps/authentication/api/connection_token.py | 16 +-
apps/authentication/apps.py | 2 +-
.../migrations/0007_connectiontoken.py | 12 +-
.../migrations/0008_auto_20220217_2135.py | 21 -
.../migrations/0008_superconnectiontoken.py | 25 +
apps/authentication/models.py | 11 +-
apps/authentication/serializers.py | 14 +-
...signals_handlers.py => signal_handlers.py} | 0
.../templates/authentication/login.html | 27 +
.../management/commands/expire_caches.py | 2 +-
.../management/commands/services/command.py | 2 +-
.../commands/services/services/celery_base.py | 5 +-
.../commands/services/services/flower.py | 3 +-
apps/jumpserver/context_processor.py | 2 +-
apps/jumpserver/urls.py | 3 +-
apps/locale/zh/LC_MESSAGES/django.mo | 4 +-
apps/locale/zh/LC_MESSAGES/django.po | 582 ++++++++++--------
apps/notifications/apps.py | 2 +-
...{signals_handler.py => signal_handlers.py} | 0
apps/notifications/ws.py | 2 +-
apps/ops/apps.py | 4 +-
apps/ops/notifications.py | 2 +-
...{signals_handler.py => signal_handlers.py} | 0
apps/orgs/apps.py | 4 +-
.../__init__.py | 0
.../cache.py | 0
.../common.py | 0
apps/perms/apps.py | 4 +-
.../serializers/application/permission.py | 2 +-
.../__init__.py | 0
.../app_permission.py | 0
.../asset_permission.py | 0
.../refresh_perms.py | 0
apps/rbac/api/rolebinding.py | 16 +-
apps/rbac/const.py | 10 +-
apps/rbac/models/permission.py | 193 +-----
apps/rbac/permissions.py | 1 +
apps/rbac/tree.py | 387 ++++++++++++
apps/settings/apps.py | 2 +-
...{signals_handler.py => signal_handlers.py} | 0
apps/terminal/apps.py | 2 +-
.../migrations/0047_auto_20220302_1951.py | 17 +
apps/terminal/models/replay.py | 1 +
...{signals_handler.py => signal_handlers.py} | 0
apps/tickets/api/super_ticket.py | 11 +-
apps/tickets/apps.py | 2 +-
apps/tickets/models/ticket.py | 7 +-
apps/tickets/serializers/super_ticket.py | 13 +-
.../__init__.py | 0
.../comment.py | 0
.../ticket.py | 0
apps/users/apps.py | 2 +-
apps/users/serializers/user.py | 4 +-
...{signals_handler.py => signal_handlers.py} | 0
jms | 10 +-
requirements/requirements.txt | 4 +-
utils/start_celery_beat.py | 3 +-
69 files changed, 929 insertions(+), 519 deletions(-)
rename apps/assets/{signals_handler => signal_handlers}/__init__.py (100%)
rename apps/assets/{signals_handler => signal_handlers}/asset.py (100%)
rename apps/assets/{signals_handler => signal_handlers}/authbook.py (100%)
rename apps/assets/{signals_handler => signal_handlers}/common.py (100%)
rename apps/assets/{signals_handler => signal_handlers}/node_assets_amount.py (100%)
rename apps/assets/{signals_handler => signal_handlers}/node_assets_mapping.py (100%)
rename apps/assets/{signals_handler => signal_handlers}/system_user.py (100%)
rename apps/audits/{signals_handler.py => signal_handlers.py} (100%)
delete mode 100644 apps/authentication/migrations/0008_auto_20220217_2135.py
create mode 100644 apps/authentication/migrations/0008_superconnectiontoken.py
rename apps/authentication/{signals_handlers.py => signal_handlers.py} (100%)
rename apps/notifications/{signals_handler.py => signal_handlers.py} (100%)
rename apps/ops/{signals_handler.py => signal_handlers.py} (100%)
rename apps/orgs/{signals_handler => signal_handlers}/__init__.py (100%)
rename apps/orgs/{signals_handler => signal_handlers}/cache.py (100%)
rename apps/orgs/{signals_handler => signal_handlers}/common.py (100%)
rename apps/perms/{signals_handler => signal_handlers}/__init__.py (100%)
rename apps/perms/{signals_handler => signal_handlers}/app_permission.py (100%)
rename apps/perms/{signals_handler => signal_handlers}/asset_permission.py (100%)
rename apps/perms/{signals_handler => signal_handlers}/refresh_perms.py (100%)
create mode 100644 apps/rbac/tree.py
rename apps/settings/{signals_handler.py => signal_handlers.py} (100%)
create mode 100644 apps/terminal/migrations/0047_auto_20220302_1951.py
rename apps/terminal/{signals_handler.py => signal_handlers.py} (100%)
rename apps/tickets/{signals_handler => signal_handlers}/__init__.py (100%)
rename apps/tickets/{signals_handler => signal_handlers}/comment.py (100%)
rename apps/tickets/{signals_handler => signal_handlers}/ticket.py (100%)
rename apps/users/{signals_handler.py => signal_handlers.py} (100%)
diff --git a/apps/assets/api/cmd_filter.py b/apps/assets/api/cmd_filter.py
index c9fad91a0..dcb2d77c9 100644
--- a/apps/assets/api/cmd_filter.py
+++ b/apps/assets/api/cmd_filter.py
@@ -53,7 +53,7 @@ class CommandConfirmAPI(CreateAPIView):
run_command=self.serializer.data.get('run_command'),
session=self.serializer.session,
cmd_filter_rule=self.serializer.cmd_filter_rule,
- org_id=self.serializer.org.id
+ org_id=self.serializer.org.id,
)
return ticket
diff --git a/apps/assets/apps.py b/apps/assets/apps.py
index 5b44e2e92..e1bb43544 100644
--- a/apps/assets/apps.py
+++ b/apps/assets/apps.py
@@ -6,11 +6,11 @@ from django.apps import AppConfig
class AssetsConfig(AppConfig):
name = 'assets'
- verbose_name = _('Assets')
+ verbose_name = _('App assets')
def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs)
def ready(self):
super().ready()
- from . import signals_handler
+ from . import signal_handlers
diff --git a/apps/assets/models/asset.py b/apps/assets/models/asset.py
index 905b70aa5..b0872ad0d 100644
--- a/apps/assets/models/asset.py
+++ b/apps/assets/models/asset.py
@@ -355,6 +355,6 @@ class Asset(AbsConnectivity, AbsHardwareInfo, ProtocolsMixin, NodesRelationMixin
verbose_name = _("Asset")
ordering = ["hostname", ]
permissions = [
- ('test_assetconnectivity', 'Can test asset connectivity'),
- ('push_assetsystemuser', 'Can push system user to asset'),
+ ('test_assetconnectivity', _('Can test asset connectivity')),
+ ('push_assetsystemuser', _('Can push system user to asset')),
]
diff --git a/apps/assets/signals_handler/__init__.py b/apps/assets/signal_handlers/__init__.py
similarity index 100%
rename from apps/assets/signals_handler/__init__.py
rename to apps/assets/signal_handlers/__init__.py
diff --git a/apps/assets/signals_handler/asset.py b/apps/assets/signal_handlers/asset.py
similarity index 100%
rename from apps/assets/signals_handler/asset.py
rename to apps/assets/signal_handlers/asset.py
diff --git a/apps/assets/signals_handler/authbook.py b/apps/assets/signal_handlers/authbook.py
similarity index 100%
rename from apps/assets/signals_handler/authbook.py
rename to apps/assets/signal_handlers/authbook.py
diff --git a/apps/assets/signals_handler/common.py b/apps/assets/signal_handlers/common.py
similarity index 100%
rename from apps/assets/signals_handler/common.py
rename to apps/assets/signal_handlers/common.py
diff --git a/apps/assets/signals_handler/node_assets_amount.py b/apps/assets/signal_handlers/node_assets_amount.py
similarity index 100%
rename from apps/assets/signals_handler/node_assets_amount.py
rename to apps/assets/signal_handlers/node_assets_amount.py
diff --git a/apps/assets/signals_handler/node_assets_mapping.py b/apps/assets/signal_handlers/node_assets_mapping.py
similarity index 100%
rename from apps/assets/signals_handler/node_assets_mapping.py
rename to apps/assets/signal_handlers/node_assets_mapping.py
diff --git a/apps/assets/signals_handler/system_user.py b/apps/assets/signal_handlers/system_user.py
similarity index 100%
rename from apps/assets/signals_handler/system_user.py
rename to apps/assets/signal_handlers/system_user.py
diff --git a/apps/audits/apps.py b/apps/audits/apps.py
index e66faa467..904739ec7 100644
--- a/apps/audits/apps.py
+++ b/apps/audits/apps.py
@@ -9,6 +9,6 @@ class AuditsConfig(AppConfig):
verbose_name = _('Audits')
def ready(self):
- from . import signals_handler
+ from . import signal_handlers
if settings.SYSLOG_ENABLE:
post_save.connect(signals_handler.on_audits_log_create)
diff --git a/apps/audits/signals_handler.py b/apps/audits/signal_handlers.py
similarity index 100%
rename from apps/audits/signals_handler.py
rename to apps/audits/signal_handlers.py
diff --git a/apps/authentication/api/connection_token.py b/apps/authentication/api/connection_token.py
index 3712bdf51..47ce04ece 100644
--- a/apps/authentication/api/connection_token.py
+++ b/apps/authentication/api/connection_token.py
@@ -302,16 +302,26 @@ class SecretDetailMixin:
user=user, system_user=system_user,
expired_at=expired_at, actions=actions
)
+ cmd_filter_kwargs = {
+ 'system_user_id': system_user.id,
+ 'user_id': user.id,
+ }
if asset:
asset_detail = self._get_asset_secret_detail(asset)
system_user.load_asset_more_auth(asset.id, user.username, user.id)
data['type'] = 'asset'
data.update(asset_detail)
+ cmd_filter_kwargs['asset_id'] = asset.id
else:
app_detail = self._get_application_secret_detail(app)
system_user.load_app_more_auth(app.id, user.username, user.id)
data['type'] = 'application'
data.update(app_detail)
+ cmd_filter_kwargs['application_id'] = app.id
+
+ from assets.models import CommandFilterRule
+ cmd_filter_rules = CommandFilterRule.get_queryset(**cmd_filter_kwargs)
+ data['cmd_filter_rules'] = cmd_filter_rules
serializer = self.get_serializer(data)
return Response(data=serializer.data, status=200)
@@ -350,8 +360,10 @@ class UserConnectionTokenViewSet(
return True
def create_token(self, user, asset, application, system_user, ttl=5 * 60):
- if not self.request.user.is_superuser and user != self.request.user:
- raise PermissionDenied('Only super user can create user token')
+ # 再次强调一下权限
+ perm_required = 'authentication.add_superconnectiontoken'
+ if user != self.request.user and not self.request.user.has_perm(perm_required):
+ raise PermissionDenied('Only can create user token')
self.check_resource_permission(user, asset, application, system_user)
token = random_string(36)
secret = random_string(16)
diff --git a/apps/authentication/apps.py b/apps/authentication/apps.py
index 527c54871..6516ed70e 100644
--- a/apps/authentication/apps.py
+++ b/apps/authentication/apps.py
@@ -7,7 +7,7 @@ class AuthenticationConfig(AppConfig):
verbose_name = _('Authentication')
def ready(self):
- from . import signals_handlers
+ from . import signal_handlers
from . import notifications
super().ready()
diff --git a/apps/authentication/migrations/0007_connectiontoken.py b/apps/authentication/migrations/0007_connectiontoken.py
index c017c5d76..86341ff5b 100644
--- a/apps/authentication/migrations/0007_connectiontoken.py
+++ b/apps/authentication/migrations/0007_connectiontoken.py
@@ -19,8 +19,14 @@ class Migration(migrations.Migration):
('date_created', models.DateTimeField(auto_now_add=True, null=True, verbose_name='Date created')),
('date_updated', models.DateTimeField(auto_now=True, verbose_name='Date updated')),
],
- options={
- 'permissions': [('add_superconnectiontoken', 'Can add super connection token'), ('view_connectiontokensecret', 'Can view connect token secret')],
- },
+ options={'verbose_name': 'Connection token'},
+ ),
+ migrations.AlterModelOptions(
+ name='accesskey',
+ options={'verbose_name': 'Access key'},
+ ),
+ migrations.AlterModelOptions(
+ name='ssotoken',
+ options={'verbose_name': 'SSO token'},
),
]
diff --git a/apps/authentication/migrations/0008_auto_20220217_2135.py b/apps/authentication/migrations/0008_auto_20220217_2135.py
deleted file mode 100644
index 3f6b55248..000000000
--- a/apps/authentication/migrations/0008_auto_20220217_2135.py
+++ /dev/null
@@ -1,21 +0,0 @@
-# Generated by Django 3.1.13 on 2022-02-17 13:35
-
-from django.db import migrations
-
-
-class Migration(migrations.Migration):
-
- dependencies = [
- ('authentication', '0007_connectiontoken'),
- ]
-
- operations = [
- migrations.AlterModelOptions(
- name='accesskey',
- options={'verbose_name': 'Access key'},
- ),
- migrations.AlterModelOptions(
- name='ssotoken',
- options={'verbose_name': 'SSO token'},
- ),
- ]
diff --git a/apps/authentication/migrations/0008_superconnectiontoken.py b/apps/authentication/migrations/0008_superconnectiontoken.py
new file mode 100644
index 000000000..82e956a24
--- /dev/null
+++ b/apps/authentication/migrations/0008_superconnectiontoken.py
@@ -0,0 +1,25 @@
+# Generated by Django 3.1.14 on 2022-03-02 11:53
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+ dependencies = [
+ ('authentication', '0007_connectiontoken'),
+ ]
+
+ operations = [
+ migrations.CreateModel(
+ name='SuperConnectionToken',
+ fields=[
+ ],
+ options={
+ 'verbose_name': 'Super connection token',
+ 'proxy': True,
+ 'indexes': [],
+ 'constraints': [],
+ },
+ bases=('authentication.connectiontoken',),
+ ),
+ ]
diff --git a/apps/authentication/models.py b/apps/authentication/models.py
index f263973fa..7e407a1dd 100644
--- a/apps/authentication/models.py
+++ b/apps/authentication/models.py
@@ -58,7 +58,10 @@ class ConnectionToken(models.JMSBaseModel):
# Todo: add connection token 可能要授权给 普通用户, 或者放开就行
class Meta:
- permissions = [
- ('add_superconnectiontoken', _('Can add super connection token')),
- ('view_connectiontokensecret', _('Can view connect token secret'))
- ]
+ verbose_name = _('Connection token')
+
+
+class SuperConnectionToken(ConnectionToken):
+ class Meta:
+ proxy = True
+ verbose_name = _("Super connection token")
diff --git a/apps/authentication/serializers.py b/apps/authentication/serializers.py
index 678b7763b..f6661ba38 100644
--- a/apps/authentication/serializers.py
+++ b/apps/authentication/serializers.py
@@ -5,7 +5,7 @@ from rest_framework import serializers
from common.utils import get_object_or_none
from users.models import User
-from assets.models import Asset, SystemUser, Gateway, Domain
+from assets.models import Asset, SystemUser, Gateway, Domain, CommandFilterRule
from applications.models import Application
from users.serializers import UserProfileSerializer
from assets.serializers import ProtocolsField
@@ -200,6 +200,17 @@ class ConnectionTokenDomainSerializer(serializers.ModelSerializer):
fields = ['id', 'name', 'gateways']
+class ConnectionTokenFilterRuleSerializer(serializers.ModelSerializer):
+
+ class Meta:
+ model = CommandFilterRule
+ fields = [
+ 'id', 'type', 'content', 'ignore_case', 'pattern',
+ 'priority', 'action',
+ 'date_created',
+ ]
+
+
class ConnectionTokenSecretSerializer(serializers.Serializer):
id = serializers.CharField(read_only=True)
secret = serializers.CharField(read_only=True)
@@ -209,6 +220,7 @@ class ConnectionTokenSecretSerializer(serializers.Serializer):
remote_app = ConnectionTokenRemoteAppSerializer(read_only=True)
application = ConnectionTokenApplicationSerializer(read_only=True)
system_user = ConnectionTokenSystemUserSerializer(read_only=True)
+ cmd_filter_rules = ConnectionTokenFilterRuleSerializer(many=True)
domain = ConnectionTokenDomainSerializer(read_only=True)
gateway = ConnectionTokenGatewaySerializer(read_only=True)
actions = ActionsField()
diff --git a/apps/authentication/signals_handlers.py b/apps/authentication/signal_handlers.py
similarity index 100%
rename from apps/authentication/signals_handlers.py
rename to apps/authentication/signal_handlers.py
diff --git a/apps/authentication/templates/authentication/login.html b/apps/authentication/templates/authentication/login.html
index b74217cee..3e24aa610 100644
--- a/apps/authentication/templates/authentication/login.html
+++ b/apps/authentication/templates/authentication/login.html
@@ -115,10 +115,21 @@
.mfa-div {
width: 100%;
}
+
+ .login-page-language {
+ margin-right: -11px !important;
+ padding-top: 12px !important;
+ padding-left: 0 !important;
+ padding-bottom: 8px !important;
+ color: #666 !important;
+ font-weight: 350 !important;
+ min-height: auto !important;
+ }
</style>
</head>
<body>
+
<div class="login-content">
<div class="right-image-box">
<a href="{% if not XPACK_ENABLED %}https://github.com/jumpserver/jumpserver{% endif %}">
@@ -127,6 +138,22 @@
</div>
<div class="left-form-box {% if not form.challenge and not form.captcha %} no-captcha-challenge {% endif %}">
<div style="background-color: white">
+ <ul class="nav navbar-top-links navbar-right">
+ <li class="dropdown">
+ <a class="dropdown-toggle login-page-language" data-toggle="dropdown" href="#" target="_blank">
+ <i class="fa fa-globe fa-lg" style="margin-right: 2px"></i>
+ {% ifequal request.COOKIES.django_language 'en' %}
+ <span>English<b class="caret"></b></span>
+ {% else %}
+ <span>中文(简体)<b class="caret"></b></span>
+ {% endifequal %}
+ </a>
+ <ul class="dropdown-menu profile-dropdown dropdown-menu-right">
+ <li> <a id="switch_cn" href="{% url 'i18n-switch' lang='zh-hans' %}"> <span>中文(简体)</span> </a> </li>
+ <li> <a id="switch_en" href="{% url 'i18n-switch' lang='en' %}"> <span>English</span> </a> </li>
+ </ul>
+ </li>
+ </ul>
<div class="jms-title">
<span style="font-size: 21px;font-weight:400;color: #151515;letter-spacing: 0;">{{ JMS_TITLE }}</span>
</div>
diff --git a/apps/common/management/commands/expire_caches.py b/apps/common/management/commands/expire_caches.py
index 37fe7605b..bc20a3cf5 100644
--- a/apps/common/management/commands/expire_caches.py
+++ b/apps/common/management/commands/expire_caches.py
@@ -1,6 +1,6 @@
from django.core.management.base import BaseCommand
-from assets.signals_handler.node_assets_mapping import expire_node_assets_mapping_for_memory
+from assets.signal_handlers.node_assets_mapping import expire_node_assets_mapping_for_memory
from orgs.caches import OrgResourceStatisticsCache
from orgs.models import Organization
diff --git a/apps/common/management/commands/services/command.py b/apps/common/management/commands/services/command.py
index 170eb69ae..dd2cd9cdb 100644
--- a/apps/common/management/commands/services/command.py
+++ b/apps/common/management/commands/services/command.py
@@ -52,7 +52,7 @@ class Services(TextChoices):
@classmethod
def export_services_values(cls):
- return [cls.all.value, cls.web.value, cls.task.value]
+ return [cls.all.value, cls.web.value, cls.task.value] + [s.value for s in cls.all_services()]
@classmethod
def get_service_objects(cls, service_names, **kwargs):
diff --git a/apps/common/management/commands/services/services/celery_base.py b/apps/common/management/commands/services/services/celery_base.py
index 5542fd72f..435e4ebe2 100644
--- a/apps/common/management/commands/services/services/celery_base.py
+++ b/apps/common/management/commands/services/services/celery_base.py
@@ -23,9 +23,10 @@ class CeleryBaseService(BaseService):
server_hostname = '%h'
cmd = [
- 'celery', 'worker',
- '-P', 'threads',
+ 'celery',
'-A', 'ops',
+ 'worker',
+ '-P', 'threads',
'-l', 'INFO',
'-c', str(self.num),
'-Q', self.queue,
diff --git a/apps/common/management/commands/services/services/flower.py b/apps/common/management/commands/services/services/flower.py
index df2230776..402e9f37d 100644
--- a/apps/common/management/commands/services/services/flower.py
+++ b/apps/common/management/commands/services/services/flower.py
@@ -16,8 +16,9 @@ class FlowerService(BaseService):
if os.getuid() == 0:
os.environ.setdefault('C_FORCE_ROOT', '1')
cmd = [
- 'celery', 'flower',
+ 'celery',
'-A', 'ops',
+ 'flower',
'-l', 'INFO',
'--url_prefix=/core/flower',
'--auto_refresh=False',
diff --git a/apps/jumpserver/context_processor.py b/apps/jumpserver/context_processor.py
index f714759f0..54a7b856e 100644
--- a/apps/jumpserver/context_processor.py
+++ b/apps/jumpserver/context_processor.py
@@ -2,7 +2,7 @@
#
from django.templatetags.static import static
from django.conf import settings
-from django.utils.translation import ugettext as _
+from django.utils.translation import ugettext_lazy as _
default_context = {
'DEFAULT_PK': '00000000-0000-0000-0000-000000000000',
diff --git a/apps/jumpserver/urls.py b/apps/jumpserver/urls.py
index 80948f9f6..6a9ae69a9 100644
--- a/apps/jumpserver/urls.py
+++ b/apps/jumpserver/urls.py
@@ -33,7 +33,8 @@ app_view_patterns = [
path('ops/', include('ops.urls.view_urls'), name='ops'),
path('common/', include('common.urls.view_urls'), name='common'),
re_path(r'flower/(?P<path>.*)', views.celery_flower_view, name='flower-view'),
- path('download/', views.ResourceDownload.as_view(), name='download')
+ path('download/', views.ResourceDownload.as_view(), name='download'),
+ path('i18n/<str:lang>/', views.I18NView.as_view(), name='i18n-switch'),
]
if settings.XPACK_ENABLED:
diff --git a/apps/locale/zh/LC_MESSAGES/django.mo b/apps/locale/zh/LC_MESSAGES/django.mo
index 7a5c32de9..7c0f80e7b 100644
--- a/apps/locale/zh/LC_MESSAGES/django.mo
+++ b/apps/locale/zh/LC_MESSAGES/django.mo
@@ -1,3 +1,3 @@
version https://git-lfs.github.com/spec/v1
-oid sha256:6144c6aa78bcaf3c282ee63f9e48b11fb8c327192aa8ea8f1ff1c2080084304f
-size 100589
+oid sha256:8bd2394fc5d9bb9254965db4273a09d4ddabd8051b4855b9642476ff9cab836b
+size 101898
diff --git a/apps/locale/zh/LC_MESSAGES/django.po b/apps/locale/zh/LC_MESSAGES/django.po
index d93918379..4924dda74 100644
--- a/apps/locale/zh/LC_MESSAGES/django.po
+++ b/apps/locale/zh/LC_MESSAGES/django.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: JumpServer 0.3.3\n"
"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2022-02-22 19:38+0800\n"
+"POT-Creation-Date: 2022-03-02 19:46+0800\n"
"PO-Revision-Date: 2021-05-20 10:54+0800\n"
"Last-Translator: ibuler <ibuler@qq.com>\n"
"Language-Team: JumpServer team<ibuler@qq.com>\n"
@@ -19,7 +19,7 @@ msgstr ""
#: acls/apps.py:7
msgid "Acls"
-msgstr ""
+msgstr "访问控制"
#: acls/models/base.py:25 acls/serializers/login_asset_acl.py:47
#: applications/models/application.py:202 assets/models/asset.py:138
@@ -30,7 +30,7 @@ msgstr ""
#: settings/models.py:29 settings/serializers/sms.py:6
#: terminal/models/storage.py:23 terminal/models/task.py:16
#: terminal/models/terminal.py:100 users/forms/profile.py:32
-#: users/models/group.py:15 users/models/user.py:537
+#: users/models/group.py:15 users/models/user.py:550
#: users/templates/users/_select_user_modal.html:13
#: users/templates/users/user_asset_permission.html:37
#: users/templates/users/user_asset_permission.html:154
@@ -65,8 +65,8 @@ msgstr "激活中"
#: assets/models/label.py:23 ops/models/adhoc.py:38 orgs/models.py:15
#: perms/models/base.py:93 rbac/models/role.py:37 settings/models.py:34
#: terminal/models/storage.py:26 terminal/models/terminal.py:114
-#: tickets/models/comment.py:24 tickets/models/ticket.py:78
-#: users/models/group.py:16 users/models/user.py:574
+#: tickets/models/comment.py:24 tickets/models/ticket.py:154
+#: users/models/group.py:16 users/models/user.py:587
#: xpack/plugins/change_auth_plan/models/base.py:44
#: xpack/plugins/cloud/models.py:35 xpack/plugins/cloud/models.py:113
#: xpack/plugins/gathered_user/models.py:26
@@ -90,12 +90,12 @@ msgstr "登录复核"
#: assets/models/cmd_filter.py:30 assets/models/label.py:15 audits/models.py:37
#: audits/models.py:60 audits/models.py:85 audits/serializers.py:100
#: authentication/models.py:50 orgs/models.py:196 perms/models/base.py:84
-#: rbac/builtin.py:87 rbac/models/rolebinding.py:33 templates/index.html:78
+#: rbac/builtin.py:89 rbac/models/rolebinding.py:33 templates/index.html:78
#: terminal/backends/command/models.py:19
-#: terminal/backends/command/serializers.py:12 terminal/models/session.py:41
+#: terminal/backends/command/serializers.py:12 terminal/models/session.py:42
#: terminal/notifications.py:88 terminal/notifications.py:136
-#: tickets/models/comment.py:17 users/const.py:14 users/models/user.py:757
-#: users/models/user.py:788 users/serializers/group.py:19
+#: tickets/models/comment.py:17 users/const.py:14 users/models/user.py:769
+#: users/models/user.py:800 users/serializers/group.py:19
#: users/templates/users/user_asset_permission.html:38
#: users/templates/users/user_asset_permission.html:64
#: users/templates/users/user_database_app_permission.html:37
@@ -140,7 +140,7 @@ msgstr "系统用户"
#: assets/models/gathered_user.py:14 assets/serializers/system_user.py:264
#: audits/models.py:39 perms/models/asset_permission.py:23
#: templates/index.html:82 terminal/backends/command/models.py:20
-#: terminal/backends/command/serializers.py:13 terminal/models/session.py:43
+#: terminal/backends/command/serializers.py:13 terminal/models/session.py:44
#: terminal/notifications.py:87
#: users/templates/users/user_asset_permission.html:40
#: users/templates/users/user_asset_permission.html:70
@@ -168,7 +168,7 @@ msgstr "格式为逗号分隔的字符串, * 表示匹配所有. "
#: authentication/forms.py:15 authentication/forms.py:17
#: authentication/templates/authentication/_msg_different_city.html:9
#: authentication/templates/authentication/_msg_oauth_bind.html:9
-#: ops/models/adhoc.py:159 users/forms/profile.py:31 users/models/user.py:535
+#: ops/models/adhoc.py:159 users/forms/profile.py:31 users/models/user.py:548
#: users/templates/users/_msg_user_created.html:12
#: users/templates/users/_select_user_modal.html:14
#: xpack/plugins/change_auth_plan/models/asset.py:34
@@ -283,7 +283,7 @@ msgstr "应用程序"
#: assets/models/cmd_filter.py:42 assets/models/user.py:325 audits/models.py:40
#: perms/models/application_permission.py:32
#: perms/models/asset_permission.py:25 terminal/backends/command/models.py:21
-#: terminal/backends/command/serializers.py:14 terminal/models/session.py:45
+#: terminal/backends/command/serializers.py:14 terminal/models/session.py:46
#: users/templates/users/_granted_assets.html:27
#: users/templates/users/user_asset_permission.html:42
#: users/templates/users/user_asset_permission.html:76
@@ -303,7 +303,7 @@ msgstr "版本"
#: applications/models/account.py:23
msgid "Application account"
-msgstr "应用数量"
+msgstr "应用账号"
#: applications/models/account.py:26 applications/models/account.py:27
msgid "Can view application account secret"
@@ -324,7 +324,7 @@ msgstr "类别"
#: perms/models/application_permission.py:23
#: perms/serializers/application/user_permission.py:34
#: terminal/models/storage.py:55 terminal/models/storage.py:119
-#: tickets/models/flow.py:56 tickets/models/ticket.py:55
+#: tickets/models/flow.py:56 tickets/models/ticket.py:131
#: tickets/serializers/ticket/meta/ticket_type/apply_application.py:29
#: xpack/plugins/change_auth_plan/models/app.py:28
#: xpack/plugins/change_auth_plan/models/app.py:153
@@ -368,7 +368,7 @@ msgstr "类型名称"
#: assets/serializers/account.py:18 common/db/models.py:113
#: common/mixins/models.py:50 ops/models/adhoc.py:39 ops/models/command.py:30
#: orgs/models.py:14 orgs/models.py:199 perms/models/base.py:92
-#: users/models/group.py:18 users/models/user.py:789
+#: users/models/group.py:18 users/models/user.py:801
#: xpack/plugins/cloud/models.py:122
msgid "Date created"
msgstr "创建日期"
@@ -493,11 +493,9 @@ msgstr "不能删除根节点 ({})"
msgid "Deletion failed and the node contains assets"
msgstr "删除失败,节点包含资产"
-#: assets/apps.py:9 assets/models/user.py:227 assets/serializers/domain.py:29
-#: terminal/templates/terminal/_msg_command_execute_alert.html:16
-#: xpack/plugins/change_auth_plan/models/asset.py:39
-msgid "Assets"
-msgstr "资产"
+#: assets/apps.py:9
+msgid "App assets"
+msgstr "资产管理"
#: assets/models/asset.py:139
msgid "Base"
@@ -508,7 +506,7 @@ msgid "Charset"
msgstr "编码"
#: assets/models/asset.py:141 assets/serializers/asset.py:176
-#: tickets/models/ticket.py:57
+#: tickets/models/ticket.py:133
msgid "Meta"
msgstr "元数据"
@@ -530,7 +528,7 @@ msgstr "制造商"
msgid "Model"
msgstr "型号"
-#: assets/models/asset.py:170 tickets/models/ticket.py:83
+#: assets/models/asset.py:170 tickets/models/ticket.py:159
msgid "Serial number"
msgstr "序列号"
@@ -617,24 +615,32 @@ msgstr "标签管理"
#: assets/models/cluster.py:28 assets/models/cmd_filter.py:52
#: assets/models/cmd_filter.py:99 assets/models/group.py:21
#: common/db/models.py:111 common/mixins/models.py:49 orgs/models.py:13
-#: orgs/models.py:201 perms/models/base.py:91 users/models/user.py:582
+#: orgs/models.py:201 perms/models/base.py:91 users/models/user.py:595
#: users/serializers/group.py:33
#: xpack/plugins/change_auth_plan/models/base.py:48
#: xpack/plugins/cloud/models.py:119 xpack/plugins/gathered_user/models.py:30
msgid "Created by"
msgstr "创建者"
+#: assets/models/asset.py:358
+msgid "Can test asset connectivity"
+msgstr "可以测试资产连接性"
+
+#: assets/models/asset.py:359
+msgid "Can push system user to asset"
+msgstr "可以推送系统用户到资产"
+
#: assets/models/authbook.py:27
msgid "AuthBook"
-msgstr "账号"
+msgstr "资产账号"
#: assets/models/authbook.py:30
msgid "Can view asset account secret"
-msgstr ""
+msgstr "可以查看资产账号密码"
#: assets/models/authbook.py:31
msgid "Can change asset account secret"
-msgstr ""
+msgstr "可以更改资产账号密码"
#: assets/models/backup.py:30 perms/models/base.py:54
#: settings/serializers/terminal.py:12
@@ -650,7 +656,7 @@ msgstr "收件人"
#: assets/models/backup.py:62 assets/models/backup.py:124
msgid "Account backup plan"
-msgstr "账户备份计划"
+msgstr "账号备份计划"
#: assets/models/backup.py:100
#: xpack/plugins/change_auth_plan/models/base.py:107
@@ -663,7 +669,7 @@ msgid "Timing trigger"
msgstr "定时触发"
#: assets/models/backup.py:105 audits/models.py:44 ops/models/command.py:31
-#: perms/models/base.py:89 terminal/models/session.py:55
+#: perms/models/base.py:89 terminal/models/session.py:56
#: tickets/serializers/ticket/meta/ticket_type/apply_application.py:55
#: tickets/serializers/ticket/meta/ticket_type/apply_asset.py:57
#: xpack/plugins/change_auth_plan/models/base.py:112
@@ -736,7 +742,7 @@ msgstr "可连接性"
msgid "Date verified"
msgstr "校验日期"
-#: assets/models/base.py:177 audits/signals_handler.py:68
+#: assets/models/base.py:177 audits/signal_handlers.py:68
#: authentication/forms.py:22
#: authentication/templates/authentication/login.html:151
#: settings/serializers/auth/ldap.py:44 users/forms/profile.py:21
@@ -770,7 +776,7 @@ msgstr "带宽"
msgid "Contact"
msgstr "联系人"
-#: assets/models/cluster.py:22 users/models/user.py:557
+#: assets/models/cluster.py:22 users/models/user.py:570
msgid "Phone"
msgstr "手机"
@@ -796,7 +802,7 @@ msgid "Default"
msgstr "默认"
#: assets/models/cluster.py:36 assets/models/label.py:14 rbac/const.py:6
-#: users/models/user.py:774
+#: users/models/user.py:786
msgid "System"
msgstr "系统"
@@ -805,7 +811,7 @@ msgid "Default Cluster"
msgstr "默认Cluster"
#: assets/models/cmd_filter.py:34 perms/models/base.py:86
-#: users/models/group.py:31 users/models/user.py:543
+#: users/models/group.py:31 users/models/user.py:556
#: users/templates/users/_select_user_modal.html:16
#: users/templates/users/user_asset_permission.html:39
#: users/templates/users/user_asset_permission.html:67
@@ -823,7 +829,7 @@ msgid "Regex"
msgstr "正则表达式"
#: assets/models/cmd_filter.py:68 ops/models/command.py:26
-#: terminal/backends/command/serializers.py:15 terminal/models/session.py:52
+#: terminal/backends/command/serializers.py:15 terminal/models/session.py:53
#: terminal/templates/terminal/_msg_command_alert.html:12
#: terminal/templates/terminal/_msg_command_execute_alert.html:10
msgid "Command"
@@ -959,6 +965,12 @@ msgstr "普通用户"
msgid "Username same with user"
msgstr "用户名与用户相同"
+#: assets/models/user.py:227 assets/serializers/domain.py:29
+#: terminal/templates/terminal/_msg_command_execute_alert.html:16
+#: xpack/plugins/change_auth_plan/models/asset.py:39
+msgid "Assets"
+msgstr "资产"
+
#: assets/models/user.py:231 users/apps.py:9
msgid "Users"
msgstr "用户管理"
@@ -1101,7 +1113,6 @@ msgid "Assets amount"
msgstr "资产数量"
#: assets/serializers/domain.py:14
-#: perms/serializers/application/permission.py:46
msgid "Applications amount"
msgstr "应用数量"
@@ -1126,6 +1137,7 @@ msgid "SSH key fingerprint"
msgstr "密钥指纹"
#: assets/serializers/system_user.py:30
+#: perms/serializers/application/permission.py:46
msgid "Apps amount"
msgstr "应用数量"
@@ -1315,8 +1327,7 @@ msgstr "日志审计"
#: audits/models.py:27 audits/models.py:57
#: authentication/templates/authentication/_access_key_modal.html:65
-#: rbac/models/permission.py:129
-#: users/templates/users/user_asset_permission.html:128
+#: rbac/tree.py:254 users/templates/users/user_asset_permission.html:128
#: users/templates/users/user_database_app_permission.html:111
msgid "Delete"
msgstr "删除"
@@ -1346,7 +1357,7 @@ msgid "Symlink"
msgstr "建立软链接"
#: audits/models.py:38 audits/models.py:64 audits/models.py:87
-#: terminal/models/session.py:48 terminal/models/sharing.py:82
+#: terminal/models/session.py:49 terminal/models/sharing.py:82
msgid "Remote addr"
msgstr "远端地址"
@@ -1370,12 +1381,12 @@ msgstr "文件管理"
#: audits/models.py:55
#: authentication/templates/authentication/_access_key_modal.html:22
-#: rbac/models/permission.py:126
+#: rbac/tree.py:251
msgid "Create"
msgstr "创建"
-#: audits/models.py:56 rbac/models/permission.py:128
-#: templates/_csv_import_export.html:18 templates/_csv_update_modal.html:6
+#: audits/models.py:56 rbac/tree.py:253 templates/_csv_import_export.html:18
+#: templates/_csv_update_modal.html:6
#: users/templates/users/user_asset_permission.html:127
#: users/templates/users/user_database_app_permission.html:110
msgid "Update"
@@ -1438,13 +1449,13 @@ msgstr "用户代理"
#: audits/models.py:124
#: authentication/templates/authentication/_mfa_confirm_modal.html:14
-#: users/forms/profile.py:64 users/models/user.py:560
+#: users/forms/profile.py:64 users/models/user.py:573
#: users/serializers/profile.py:121
msgid "MFA"
msgstr "MFA"
#: audits/models.py:126 terminal/models/status.py:33
-#: tickets/models/ticket.py:64 xpack/plugins/cloud/models.py:172
+#: tickets/models/ticket.py:140 xpack/plugins/cloud/models.py:172
#: xpack/plugins/cloud/models.py:224
msgid "Status"
msgstr "状态"
@@ -1486,7 +1497,7 @@ msgstr "主机名称"
msgid "Result"
msgstr "结果"
-#: audits/serializers.py:98 terminal/serializers/storage.py:151
+#: audits/serializers.py:98 terminal/serializers/storage.py:161
msgid "Hosts"
msgstr "主机"
@@ -1502,195 +1513,195 @@ msgstr "运行用户名称"
msgid "User display"
msgstr "用户名称"
-#: audits/signals_handler.py:67
+#: audits/signal_handlers.py:67
msgid "SSH Key"
msgstr "SSH 密钥"
-#: audits/signals_handler.py:69
+#: audits/signal_handlers.py:69
msgid "SSO"
msgstr ""
-#: audits/signals_handler.py:70
+#: audits/signal_handlers.py:70
msgid "Auth Token"
msgstr "认证令牌"
-#: audits/signals_handler.py:71 authentication/notifications.py:73
+#: audits/signal_handlers.py:71 authentication/notifications.py:73
#: authentication/views/login.py:164 authentication/views/wecom.py:158
-#: notifications/backends/__init__.py:11 users/models/user.py:596
+#: notifications/backends/__init__.py:11 users/models/user.py:609
msgid "WeCom"
msgstr "企业微信"
-#: audits/signals_handler.py:72 authentication/views/dingtalk.py:160
+#: audits/signal_handlers.py:72 authentication/views/dingtalk.py:160
#: authentication/views/login.py:170 notifications/backends/__init__.py:12
-#: users/models/user.py:597
+#: users/models/user.py:610
msgid "DingTalk"
msgstr "钉钉"
-#: audits/signals_handler.py:106
+#: audits/signal_handlers.py:106
msgid "User and Group"
msgstr "用户与用户组"
-#: audits/signals_handler.py:107
+#: audits/signal_handlers.py:107
#, python-brace-format
msgid "{User} JOINED {UserGroup}"
msgstr "{User} 加入 {UserGroup}"
-#: audits/signals_handler.py:108
+#: audits/signal_handlers.py:108
#, python-brace-format
msgid "{User} LEFT {UserGroup}"
msgstr "{User} 离开 {UserGroup}"
-#: audits/signals_handler.py:111
+#: audits/signal_handlers.py:111
msgid "Asset and SystemUser"
msgstr "资产与系统用户"
-#: audits/signals_handler.py:112
+#: audits/signal_handlers.py:112
#, python-brace-format
msgid "{Asset} ADD {SystemUser}"
msgstr "{Asset} 添加 {SystemUser}"
-#: audits/signals_handler.py:113
+#: audits/signal_handlers.py:113
#, python-brace-format
msgid "{Asset} REMOVE {SystemUser}"
msgstr "{Asset} 移除 {SystemUser}"
-#: audits/signals_handler.py:116
+#: audits/signal_handlers.py:116
msgid "Node and Asset"
msgstr "节点与资产"
-#: audits/signals_handler.py:117
+#: audits/signal_handlers.py:117
#, python-brace-format
msgid "{Node} ADD {Asset}"
msgstr "{Node} 添加 {Asset}"
-#: audits/signals_handler.py:118
+#: audits/signal_handlers.py:118
#, python-brace-format
msgid "{Node} REMOVE {Asset}"
msgstr "{Node} 移除 {Asset}"
-#: audits/signals_handler.py:121
+#: audits/signal_handlers.py:121
msgid "User asset permissions"
msgstr "用户资产授权"
-#: audits/signals_handler.py:122
+#: audits/signal_handlers.py:122
#, python-brace-format
msgid "{AssetPermission} ADD {User}"
msgstr "{AssetPermission} 添加 {User}"
-#: audits/signals_handler.py:123
+#: audits/signal_handlers.py:123
#, python-brace-format
msgid "{AssetPermission} REMOVE {User}"
msgstr "{AssetPermission} 移除 {User}"
-#: audits/signals_handler.py:126
+#: audits/signal_handlers.py:126
msgid "User group asset permissions"
msgstr "用户组资产授权"
-#: audits/signals_handler.py:127
+#: audits/signal_handlers.py:127
#, python-brace-format
msgid "{AssetPermission} ADD {UserGroup}"
msgstr "{AssetPermission} 添加 {UserGroup}"
-#: audits/signals_handler.py:128
+#: audits/signal_handlers.py:128
#, python-brace-format
msgid "{AssetPermission} REMOVE {UserGroup}"
msgstr "{AssetPermission} 移除 {UserGroup}"
-#: audits/signals_handler.py:131 perms/models/asset_permission.py:29
+#: audits/signal_handlers.py:131 perms/models/asset_permission.py:29
#: users/templates/users/_user_detail_nav_header.html:31
msgid "Asset permission"
msgstr "资产授权"
-#: audits/signals_handler.py:132
+#: audits/signal_handlers.py:132
#, python-brace-format
msgid "{AssetPermission} ADD {Asset}"
msgstr "{AssetPermission} 添加 {Asset}"
-#: audits/signals_handler.py:133
+#: audits/signal_handlers.py:133
#, python-brace-format
msgid "{AssetPermission} REMOVE {Asset}"
msgstr "{AssetPermission} 移除 {Asset}"
-#: audits/signals_handler.py:136
+#: audits/signal_handlers.py:136
msgid "Node permission"
msgstr "节点授权"
-#: audits/signals_handler.py:137
+#: audits/signal_handlers.py:137
#, python-brace-format
msgid "{AssetPermission} ADD {Node}"
msgstr "{AssetPermission} 添加 {Node}"
-#: audits/signals_handler.py:138
+#: audits/signal_handlers.py:138
#, python-brace-format
msgid "{AssetPermission} REMOVE {Node}"
msgstr "{AssetPermission} 移除 {Node}"
-#: audits/signals_handler.py:141
+#: audits/signal_handlers.py:141
msgid "Asset permission and SystemUser"
msgstr "资产授权与系统用户"
-#: audits/signals_handler.py:142
+#: audits/signal_handlers.py:142
#, python-brace-format
msgid "{AssetPermission} ADD {SystemUser}"
msgstr "{AssetPermission} 添加 {SystemUser}"
-#: audits/signals_handler.py:143
+#: audits/signal_handlers.py:143
#, python-brace-format
msgid "{AssetPermission} REMOVE {SystemUser}"
msgstr "{AssetPermission} 移除 {SystemUser}"
-#: audits/signals_handler.py:146
+#: audits/signal_handlers.py:146
msgid "User application permissions"
msgstr "用户应用授权"
-#: audits/signals_handler.py:147
+#: audits/signal_handlers.py:147
#, python-brace-format
msgid "{ApplicationPermission} ADD {User}"
msgstr "{ApplicationPermission} 添加 {User}"
-#: audits/signals_handler.py:148
+#: audits/signal_handlers.py:148
#, python-brace-format
msgid "{ApplicationPermission} REMOVE {User}"
msgstr "{ApplicationPermission} 移除 {User}"
-#: audits/signals_handler.py:151
+#: audits/signal_handlers.py:151
msgid "User group application permissions"
msgstr "用户组应用授权"
-#: audits/signals_handler.py:152
+#: audits/signal_handlers.py:152
#, python-brace-format
msgid "{ApplicationPermission} ADD {UserGroup}"
msgstr "{ApplicationPermission} 添加 {UserGroup}"
-#: audits/signals_handler.py:153
+#: audits/signal_handlers.py:153
#, python-brace-format
msgid "{ApplicationPermission} REMOVE {UserGroup}"
msgstr "{ApplicationPermission} 移除 {UserGroup}"
-#: audits/signals_handler.py:156 perms/models/application_permission.py:37
+#: audits/signal_handlers.py:156 perms/models/application_permission.py:37
msgid "Application permission"
msgstr "应用授权"
-#: audits/signals_handler.py:157
+#: audits/signal_handlers.py:157
#, python-brace-format
msgid "{ApplicationPermission} ADD {Application}"
msgstr "{ApplicationPermission} 添加 {Application}"
-#: audits/signals_handler.py:158
+#: audits/signal_handlers.py:158
#, python-brace-format
msgid "{ApplicationPermission} REMOVE {Application}"
msgstr "{ApplicationPermission} 移除 {Application}"
-#: audits/signals_handler.py:161
+#: audits/signal_handlers.py:161
msgid "Application permission and SystemUser"
msgstr "应用授权与系统用户"
-#: audits/signals_handler.py:162
+#: audits/signal_handlers.py:162
#, python-brace-format
msgid "{ApplicationPermission} ADD {SystemUser}"
msgstr "{ApplicationPermission} 添加 {SystemUser}"
-#: audits/signals_handler.py:163
+#: audits/signal_handlers.py:163
#, python-brace-format
msgid "{ApplicationPermission} REMOVE {SystemUser}"
msgstr "{ApplicationPermission} 移除 {SystemUser}"
@@ -1711,54 +1722,54 @@ msgstr "验证码无效: {}"
msgid "Authentication"
msgstr "认证"
-#: authentication/backends/api.py:70
+#: authentication/backends/drf.py:56
msgid "Invalid signature header. No credentials provided."
msgstr ""
-#: authentication/backends/api.py:73
+#: authentication/backends/drf.py:59
msgid "Invalid signature header. Signature string should not contain spaces."
msgstr ""
-#: authentication/backends/api.py:80
+#: authentication/backends/drf.py:66
msgid "Invalid signature header. Format like AccessKeyId:Signature"
msgstr ""
-#: authentication/backends/api.py:84
+#: authentication/backends/drf.py:70
msgid ""
"Invalid signature header. Signature string should not contain invalid "
"characters."
msgstr ""
-#: authentication/backends/api.py:104 authentication/backends/api.py:120
+#: authentication/backends/drf.py:90 authentication/backends/drf.py:106
msgid "Invalid signature."
msgstr ""
-#: authentication/backends/api.py:111
+#: authentication/backends/drf.py:97
msgid "HTTP header: Date not provide or not %a, %d %b %Y %H:%M:%S GMT"
msgstr ""
-#: authentication/backends/api.py:116
+#: authentication/backends/drf.py:102
msgid "Expired, more than 15 minutes"
msgstr ""
-#: authentication/backends/api.py:123
+#: authentication/backends/drf.py:109
msgid "User disabled."
msgstr "用户已禁用"
-#: authentication/backends/api.py:141
+#: authentication/backends/drf.py:127
msgid "Invalid token header. No credentials provided."
msgstr ""
-#: authentication/backends/api.py:144
+#: authentication/backends/drf.py:130
msgid "Invalid token header. Sign string should not contain spaces."
msgstr ""
-#: authentication/backends/api.py:151
+#: authentication/backends/drf.py:137
msgid ""
"Invalid token header. Sign string should not contain invalid characters."
msgstr ""
-#: authentication/backends/api.py:162
+#: authentication/backends/drf.py:148
msgid "Invalid token or cache refreshed."
msgstr ""
@@ -1792,11 +1803,11 @@ msgstr "禁用或失效"
#: authentication/errors.py:33
msgid "This account is inactive."
-msgstr "此账户已禁用"
+msgstr "此账号已禁用"
#: authentication/errors.py:34
msgid "This account is expired"
-msgstr "此账户已过期"
+msgstr "此账号已过期"
#: authentication/errors.py:35
msgid "Auth backend not match"
@@ -1876,15 +1887,15 @@ msgstr "该 时间段 不被允许登录"
msgid "SSO auth closed"
msgstr "SSO 认证关闭了"
-#: authentication/errors.py:300 authentication/mixins.py:364
+#: authentication/errors.py:300 authentication/mixins.py:372
msgid "Your password is too simple, please change it for security"
msgstr "你的密码过于简单,为了安全,请修改"
-#: authentication/errors.py:309 authentication/mixins.py:371
+#: authentication/errors.py:309 authentication/mixins.py:379
msgid "You should to change your password before login"
msgstr "登录完成前,请先修改密码"
-#: authentication/errors.py:318 authentication/mixins.py:378
+#: authentication/errors.py:318 authentication/mixins.py:386
msgid "Your password has expired, please reset before logging in"
msgstr "您的密码已过期,先修改再登录"
@@ -1976,11 +1987,11 @@ msgstr "设置手机号码启用"
msgid "Clear phone number to disable"
msgstr "清空手机号码禁用"
-#: authentication/mixins.py:314
+#: authentication/mixins.py:322
msgid "The MFA type ({}) is not enabled"
msgstr "该 MFA ({}) 方式没有启用"
-#: authentication/mixins.py:354
+#: authentication/mixins.py:362
msgid "Please change your password"
msgstr "请修改密码"
@@ -2000,11 +2011,15 @@ msgstr "过期时间"
msgid "SSO token"
msgstr ""
-#: authentication/models.py:62
+#: authentication/models.py:61
+msgid "Connection token"
+msgstr ""
+
+#: authentication/models.py:63
msgid "Can add super connection token"
msgstr "可以添加 超级连接Token"
-#: authentication/models.py:63
+#: authentication/models.py:64
msgid "Can view connect token secret"
msgstr "可以查看 连接Token 密文"
@@ -2305,7 +2320,7 @@ msgid "The FeiShu is already bound to another user"
msgstr "该飞书已经绑定其他用户"
#: authentication/views/feishu.py:148 authentication/views/login.py:176
-#: notifications/backends/__init__.py:14 users/models/user.py:598
+#: notifications/backends/__init__.py:14 users/models/user.py:611
msgid "FeiShu"
msgstr "飞书"
@@ -2337,7 +2352,7 @@ msgstr "正在跳转到 {} 认证"
msgid "Please enable cookies and try again."
msgstr "设置你的浏览器支持cookie"
-#: authentication/views/login.py:265
+#: authentication/views/login.py:263
msgid ""
"Wait for <b>{}</b> confirm, You also can copy link to her/him <br/>\n"
" Don't close this page"
@@ -2345,15 +2360,15 @@ msgstr ""
"等待 <b>{}</b> 确认, 你也可以复制链接发给他/她 <br/>\n"
" 不要关闭本页面"
-#: authentication/views/login.py:270
+#: authentication/views/login.py:268
msgid "No ticket found"
msgstr "没有发现工单"
-#: authentication/views/login.py:304
+#: authentication/views/login.py:302
msgid "Logout success"
msgstr "退出登录成功"
-#: authentication/views/login.py:305
+#: authentication/views/login.py:303
msgid "Logout success, return login page"
msgstr "退出登录成功,返回到登录页面"
@@ -2480,7 +2495,7 @@ msgstr "编码数据为 text"
msgid "Encrypt field using Secret Key"
msgstr "加密的字段"
-#: common/mixins/api/action.py:53
+#: common/mixins/api/action.py:52
msgid "Request file format may be wrong"
msgstr "上传的文件格式错误 或 其它类型资源的文件"
@@ -2492,6 +2507,10 @@ msgstr "忽略的"
msgid "discard time"
msgstr "忽略时间"
+#: common/models.py:8
+msgid "Can view resource statistics"
+msgstr "可以查看资源统计"
+
#: common/sdk/im/exceptions.py:23
msgid "Network error, please contact system administrator"
msgstr "网络错误,请联系系统管理员"
@@ -2558,11 +2577,11 @@ msgstr "手机号格式不正确"
#: jumpserver/conf.py:292
msgid "Create account successfully"
-msgstr "创建账户成功"
+msgstr "创建账号成功"
#: jumpserver/conf.py:294
msgid "Your account has been created successfully"
-msgstr "你的账户已创建成功"
+msgstr "你的账号已创建成功"
#: jumpserver/context_processor.py:17
msgid "JumpServer Open Source Bastion Host"
@@ -2600,7 +2619,7 @@ msgid "Notifications"
msgstr "通知"
#: notifications/backends/__init__.py:10 users/forms/profile.py:101
-#: users/models/user.py:539
+#: users/models/user.py:552
msgid "Email"
msgstr "邮件"
@@ -2617,8 +2636,8 @@ msgid "Not has host {} permission"
msgstr "没有该主机 {} 权限"
#: ops/apps.py:9 ops/notifications.py:16
-msgid "Operations"
-msgstr "运维"
+msgid "App ops"
+msgstr "作业中心"
#: ops/mixin.py:29 ops/mixin.py:92 ops/mixin.py:162
#: settings/serializers/auth/ldap.py:66
@@ -2808,8 +2827,8 @@ msgid "The organization have resource ({}) cannot be deleted"
msgstr "组织存在资源 ({}) 不能被删除"
#: orgs/apps.py:7
-msgid "Organizations"
-msgstr "组织"
+msgid "App organizations"
+msgstr "组织管理"
#: orgs/mixins/models.py:46 orgs/mixins/serializers.py:25 orgs/models.py:27
#: orgs/models.py:193 rbac/const.py:7 rbac/models/rolebinding.py:40
@@ -2823,16 +2842,16 @@ msgstr "全局组织"
#: orgs/models.py:29
msgid "Can view root org"
-msgstr ""
+msgstr "可以查看全局组织"
#: orgs/models.py:198 rbac/models/role.py:46 rbac/models/rolebinding.py:36
-#: users/models/user.py:547 users/templates/users/_select_user_modal.html:15
+#: users/models/user.py:560 users/templates/users/_select_user_modal.html:15
msgid "Role"
msgstr "角色"
-#: perms/apps.py:9 rbac/models/role.py:34
-msgid "Permissions"
-msgstr "授权"
+#: perms/apps.py:9
+msgid "App permissions"
+msgstr "授权管理"
#: perms/exceptions.py:9
msgid "The administrator is modifying permissions. Please wait"
@@ -2913,7 +2932,7 @@ msgstr "剪贴板复制粘贴"
#: perms/models/base.py:90
#: tickets/serializers/ticket/meta/ticket_type/apply_application.py:58
#: tickets/serializers/ticket/meta/ticket_type/apply_asset.py:60
-#: users/models/user.py:579
+#: users/models/user.py:592
msgid "Date expired"
msgstr "失效日期"
@@ -2956,15 +2975,15 @@ msgstr "组织 ({}) 的应用授权"
#: perms/serializers/application/permission.py:20
#: perms/serializers/application/permission.py:41
#: perms/serializers/asset/permission.py:19
-#: perms/serializers/asset/permission.py:45 users/serializers/user.py:134
+#: perms/serializers/asset/permission.py:45 users/serializers/user.py:133
msgid "Is valid"
-msgstr "账户是否有效"
+msgstr "账号是否有效"
#: perms/serializers/application/permission.py:21
#: perms/serializers/application/permission.py:40
#: perms/serializers/asset/permission.py:20
-#: perms/serializers/asset/permission.py:44 users/serializers/user.py:83
-#: users/serializers/user.py:136
+#: perms/serializers/asset/permission.py:44 users/serializers/user.py:82
+#: users/serializers/user.py:135
msgid "Is expired"
msgstr "已过期"
@@ -3034,31 +3053,35 @@ msgstr ""
msgid "Internal role, can't be update"
msgstr ""
+#: rbac/api/rolebinding.py:46
+msgid "{} at least one system role"
+msgstr "{} 至少有一个系统角色"
+
#: rbac/apps.py:7
msgid "RBAC"
msgstr "RBAC"
-#: rbac/builtin.py:78
+#: rbac/builtin.py:80
msgid "SystemAdmin"
msgstr "系统管理员"
-#: rbac/builtin.py:81
+#: rbac/builtin.py:83
msgid "SystemAuditor"
msgstr "系统审计员"
-#: rbac/builtin.py:84
+#: rbac/builtin.py:86
msgid "SystemComponent"
msgstr "系统组件"
-#: rbac/builtin.py:90
+#: rbac/builtin.py:92
msgid "OrgAdmin"
msgstr "组织管理员"
-#: rbac/builtin.py:93
+#: rbac/builtin.py:95
msgid "OrgAuditor"
msgstr "组织审计员"
-#: rbac/builtin.py:96
+#: rbac/builtin.py:98
msgid "OrgUser"
msgstr "组织用户"
@@ -3067,22 +3090,18 @@ msgid "Menu permission"
msgstr "菜单授权"
#: rbac/models/menu.py:15
-msgid "Console view"
-msgstr "控制台"
+msgid "view console view"
+msgstr "查看控制台"
#: rbac/models/menu.py:16
-msgid "Audit view"
-msgstr "安全审计"
+msgid "view audit view"
+msgstr "查看安全审计"
#: rbac/models/menu.py:17
-msgid "Workspace view"
-msgstr "控制台"
+msgid "view workspace view"
+msgstr "查看工作台"
-#: rbac/models/permission.py:127
-msgid "View"
-msgstr "视图"
-
-#: rbac/models/permission.py:210
+#: rbac/models/permission.py:22
msgid "Permission"
msgstr "授权"
@@ -3090,6 +3109,10 @@ msgstr "授权"
msgid "Scope"
msgstr "范围"
+#: rbac/models/role.py:34
+msgid "Permissions"
+msgstr "授权"
+
#: rbac/models/role.py:36
msgid "Built-in"
msgstr "内置"
@@ -3116,7 +3139,7 @@ msgstr "用户最后一个角色,不能删除,你可以将用户从组织移
msgid "Organization role binding"
msgstr "组织角色绑定"
-#: rbac/models/rolebinding.py:133
+#: rbac/models/rolebinding.py:132
msgid "System role binding"
msgstr "系统角色绑定"
@@ -3140,6 +3163,62 @@ msgstr "角色显示"
msgid "Has bound this role"
msgstr "已经绑定"
+#: rbac/tree.py:16 rbac/tree.py:17
+msgid "All permissions"
+msgstr "所有权限"
+
+#: rbac/tree.py:24
+msgid "Console view"
+msgstr "控制台"
+
+#: rbac/tree.py:28
+msgid "Workspace view"
+msgstr "工作台"
+
+#: rbac/tree.py:32
+msgid "Audit view"
+msgstr "安全审计"
+
+#: rbac/tree.py:36 settings/models.py:140
+msgid "System setting"
+msgstr "系统设置"
+
+#: rbac/tree.py:40
+msgid "Other"
+msgstr ""
+
+#: rbac/tree.py:59
+msgid "Accounts"
+msgstr "账号管理"
+
+#: rbac/tree.py:76
+msgid "Session audits"
+msgstr "会话审计"
+
+#: rbac/tree.py:104
+msgid "Cloud import"
+msgstr "云同步"
+
+#: rbac/tree.py:109
+msgid "Backup account"
+msgstr "备份账号"
+
+#: rbac/tree.py:114
+msgid "Gather account"
+msgstr "收集账号"
+
+#: rbac/tree.py:119
+msgid "App change auth"
+msgstr "应用改密"
+
+#: rbac/tree.py:124
+msgid "Asset change auth"
+msgstr "资产改密"
+
+#: rbac/tree.py:252
+msgid "View"
+msgstr "查看"
+
#: settings/api/alibaba_sms.py:31 settings/api/tencent_sms.py:35
msgid "test_phone is required"
msgstr "测试手机号 该字段是必填项。"
@@ -3178,10 +3257,6 @@ msgstr "成功导入 {} 个用户 ( 组织: {} )"
msgid "Settings"
msgstr "系统设置"
-#: settings/models.py:196
-msgid "System setting"
-msgstr "系统设置"
-
#: settings/serializers/auth/base.py:10
msgid "CAS Auth"
msgstr "CAS 认证"
@@ -4179,11 +4254,11 @@ msgid ""
" "
msgstr ""
"\n"
-" 您的账户已经过期,请联系管理员。 "
+" 您的账号已经过期,请联系管理员。 "
#: templates/_message.html:13
msgid "Your account will at"
-msgstr "您的账户将于"
+msgstr "您的账号将于"
#: templates/_message.html:13 templates/_message.html:30
msgid "expired. "
@@ -4465,19 +4540,19 @@ msgstr "Jmservisor 是在 windows 远程应用发布服务器中用来拉起远
msgid "Filters"
msgstr "过滤"
-#: terminal/api/session.py:250
+#: terminal/api/session.py:211
msgid "Session does not exist: {}"
msgstr "会话不存在: {}"
-#: terminal/api/session.py:253
+#: terminal/api/session.py:214
msgid "Session is finished or the protocol not supported"
msgstr "会话已经完成或协议不支持"
-#: terminal/api/session.py:258
+#: terminal/api/session.py:219
msgid "User does not exist: {}"
msgstr "用户不存在: {}"
-#: terminal/api/session.py:266
+#: terminal/api/session.py:227
msgid "User does not have permission"
msgstr "用户没有权限"
@@ -4511,7 +4586,7 @@ msgstr "测试成功"
#: terminal/api/storage.py:125
msgid "Test failure: Account invalid"
-msgstr "测试失败: 账户无效"
+msgstr "测试失败: 账号无效"
#: terminal/api/terminal.py:39
msgid "Have online sessions"
@@ -4569,20 +4644,20 @@ msgstr "时间戳"
msgid "Remote Address"
msgstr "远端地址"
-#: terminal/const.py:32
+#: terminal/const.py:33
msgid "Critical"
msgstr "严重"
-#: terminal/const.py:33
+#: terminal/const.py:34
msgid "High"
msgstr "较高"
-#: terminal/const.py:34 users/templates/users/reset_password.html:50
+#: terminal/const.py:35 users/templates/users/reset_password.html:50
#: users/templates/users/user_password_update.html:104
msgid "Normal"
msgstr "正常"
-#: terminal/const.py:35
+#: terminal/const.py:36
msgid "Offline"
msgstr "离线"
@@ -4598,43 +4673,47 @@ msgstr "存储无效"
msgid "Command record"
msgstr "命令记录"
-#: terminal/models/replay.py:13
+#: terminal/models/replay.py:12
+msgid "Session replay"
+msgstr "会话录像"
+
+#: terminal/models/replay.py:14
msgid "Can upload session replay"
msgstr "可以上传会话录像"
-#: terminal/models/replay.py:14
+#: terminal/models/replay.py:15
msgid "Can download session replay"
msgstr "可以下载会话录像"
-#: terminal/models/session.py:47 terminal/models/sharing.py:87
+#: terminal/models/session.py:48 terminal/models/sharing.py:87
msgid "Login from"
msgstr "登录来源"
-#: terminal/models/session.py:51
+#: terminal/models/session.py:52
msgid "Replay"
msgstr "回放"
-#: terminal/models/session.py:56
+#: terminal/models/session.py:57
msgid "Date end"
msgstr "结束日期"
-#: terminal/models/session.py:241
+#: terminal/models/session.py:242
msgid "Session record"
msgstr "会话"
-#: terminal/models/session.py:243
+#: terminal/models/session.py:244
msgid "Can monitor session"
msgstr "可以监控会话"
-#: terminal/models/session.py:244
+#: terminal/models/session.py:245
msgid "Can share session"
msgstr "可以分享会话"
-#: terminal/models/session.py:245
+#: terminal/models/session.py:246
msgid "Can terminate session"
msgstr "可以中断会话"
-#: terminal/models/session.py:246
+#: terminal/models/session.py:247
msgid "Can validate session action perm"
msgstr "可以验证会话动作权限"
@@ -4811,12 +4890,13 @@ msgstr "端点无效: 移除路径 `{}`"
msgid "Bucket"
msgstr "桶名称"
-#: terminal/serializers/storage.py:34 users/models/user.py:571
+#: terminal/serializers/storage.py:34 users/models/user.py:584
msgid "Secret key"
msgstr "密钥"
#: terminal/serializers/storage.py:39 terminal/serializers/storage.py:51
#: terminal/serializers/storage.py:81 terminal/serializers/storage.py:91
+#: terminal/serializers/storage.py:99
msgid "Endpoint"
msgstr "端点"
@@ -4824,43 +4904,43 @@ msgstr "端点"
msgid "Region"
msgstr "地域"
-#: terminal/serializers/storage.py:101
+#: terminal/serializers/storage.py:110
msgid "Container name"
msgstr "容器名称"
-#: terminal/serializers/storage.py:103
+#: terminal/serializers/storage.py:112
msgid "Account name"
-msgstr "账户名称"
+msgstr "账号名称"
-#: terminal/serializers/storage.py:104
+#: terminal/serializers/storage.py:113
msgid "Account key"
-msgstr "账户密钥"
+msgstr "账号密钥"
-#: terminal/serializers/storage.py:107
+#: terminal/serializers/storage.py:116
msgid "Endpoint suffix"
msgstr "端点后缀"
-#: terminal/serializers/storage.py:128
+#: terminal/serializers/storage.py:138
msgid "The address format is incorrect"
msgstr "地址格式不正确"
-#: terminal/serializers/storage.py:135
+#: terminal/serializers/storage.py:145
msgid "Host invalid"
msgstr "主机无效"
-#: terminal/serializers/storage.py:138
+#: terminal/serializers/storage.py:148
msgid "Port invalid"
msgstr "端口无效"
-#: terminal/serializers/storage.py:154
+#: terminal/serializers/storage.py:164
msgid "Index"
msgstr "索引"
-#: terminal/serializers/storage.py:156
+#: terminal/serializers/storage.py:166
msgid "Doc type"
msgstr "文档类型"
-#: terminal/serializers/storage.py:158
+#: terminal/serializers/storage.py:168
msgid "Ignore Certificate Verification"
msgstr "忽略证书认证"
@@ -5087,7 +5167,7 @@ msgid "Body"
msgstr "内容"
#: tickets/models/flow.py:19 tickets/models/flow.py:61
-#: tickets/models/ticket.py:29
+#: tickets/models/ticket.py:30
msgid "Approve level"
msgstr "审批级别"
@@ -5107,50 +5187,54 @@ msgstr "工单批准信息"
msgid "Ticket flow"
msgstr "工单流程"
-#: tickets/models/ticket.py:34
+#: tickets/models/ticket.py:35
msgid "Ticket step"
msgstr "工单步骤"
-#: tickets/models/ticket.py:45
+#: tickets/models/ticket.py:46
msgid "Ticket assignee"
msgstr "工单受理人"
-#: tickets/models/ticket.py:52
+#: tickets/models/ticket.py:128
msgid "Title"
msgstr "标题"
-#: tickets/models/ticket.py:60
+#: tickets/models/ticket.py:136
msgid "State"
msgstr "状态"
-#: tickets/models/ticket.py:68
+#: tickets/models/ticket.py:144
msgid "Approval step"
msgstr "审批步骤"
-#: tickets/models/ticket.py:73
+#: tickets/models/ticket.py:149
msgid "Applicant"
msgstr "申请人"
-#: tickets/models/ticket.py:75
+#: tickets/models/ticket.py:151
msgid "Applicant display"
msgstr "申请人名称"
-#: tickets/models/ticket.py:76
+#: tickets/models/ticket.py:152
msgid "Process"
msgstr "流程"
-#: tickets/models/ticket.py:81
+#: tickets/models/ticket.py:157
msgid "TicketFlow"
msgstr "工单流程"
-#: tickets/models/ticket.py:87
+#: tickets/models/ticket.py:163
msgid "Ticket"
msgstr "工单管理"
-#: tickets/models/ticket.py:301
+#: tickets/models/ticket.py:311
msgid "Please try again"
msgstr "请再次尝试"
+#: tickets/models/ticket.py:319
+msgid "Super ticket"
+msgstr "超级工单"
+
#: tickets/notifications.py:57
msgid "Your has a new ticket, applicant - {}"
msgstr "你有一个新的工单, 申请人 - {}"
@@ -5167,6 +5251,10 @@ msgstr "你的工单已被处理, 处理人 - {}"
msgid "Ticket has processed - {} ({})"
msgstr "你的工单已被处理, 处理人 - {} ({})"
+#: tickets/serializers/super_ticket.py:11
+msgid "Processor"
+msgstr "处理人"
+
#: tickets/serializers/ticket/meta/ticket_type/apply_application.py:18
#: tickets/serializers/ticket/meta/ticket_type/apply_asset.py:19
msgid "Apply name"
@@ -5298,7 +5386,7 @@ msgstr "当前组织已存在该类型"
msgid "Click here to review"
msgstr "点击查看"
-#: users/api/user.py:179
+#: users/api/user.py:175
msgid "Could not reset self otp, use profile reset instead"
msgstr "不能在该页面重置 MFA 多因子认证, 请去个人信息页面重置"
@@ -5353,7 +5441,7 @@ msgid ""
"and key sensitive information properly. (for example: setting complex "
"password, enabling MFA)"
msgstr ""
-"为了保护您和公司的安全,请妥善保管您的账户、密码和密钥等重要敏感信息;(如:"
+"为了保护您和公司的安全,请妥善保管您的账号、密码和密钥等重要敏感信息;(如:"
"设置复杂密码,并启用 MFA 多因子认证)"
#: users/forms/profile.py:76
@@ -5405,7 +5493,7 @@ msgstr "不能和原来的密钥相同"
msgid "Not a valid ssh public key"
msgstr "SSH密钥不合法"
-#: users/forms/profile.py:160 users/models/user.py:568
+#: users/forms/profile.py:160 users/models/user.py:581
#: users/templates/users/user_password_update.html:48
msgid "Public key"
msgstr "SSH公钥"
@@ -5418,55 +5506,55 @@ msgstr "强制启用"
msgid "Local"
msgstr "数据库"
-#: users/models/user.py:549 users/serializers/user.py:135
+#: users/models/user.py:562 users/serializers/user.py:134
msgid "Is service account"
msgstr "服务账号"
-#: users/models/user.py:551
+#: users/models/user.py:564
msgid "Avatar"
msgstr "头像"
-#: users/models/user.py:554
+#: users/models/user.py:567
msgid "Wechat"
msgstr "微信"
-#: users/models/user.py:565
+#: users/models/user.py:578
msgid "Private key"
msgstr "ssh私钥"
-#: users/models/user.py:587
+#: users/models/user.py:600
msgid "Source"
msgstr "来源"
-#: users/models/user.py:591
+#: users/models/user.py:604
msgid "Date password last updated"
msgstr "最后更新密码日期"
-#: users/models/user.py:594
+#: users/models/user.py:607
msgid "Need update password"
msgstr "需要更新密码"
-#: users/models/user.py:759
+#: users/models/user.py:771
msgid "Can invite user"
msgstr "可以邀请用户"
-#: users/models/user.py:760
+#: users/models/user.py:772
msgid "Can remove user"
msgstr "可以移除用户"
-#: users/models/user.py:761
+#: users/models/user.py:773
msgid "Can match user"
msgstr "可以匹配用户"
-#: users/models/user.py:770
+#: users/models/user.py:782
msgid "Administrator"
msgstr "管理员"
-#: users/models/user.py:773
+#: users/models/user.py:785
msgid "Administrator is the super user of system"
msgstr "Administrator是初始的超级管理员"
-#: users/models/user.py:798
+#: users/models/user.py:810
msgid "User password history"
msgstr "用户密码历史"
@@ -5517,97 +5605,97 @@ msgstr "新密码不能是最近 {} 次的密码"
msgid "The newly set password is inconsistent"
msgstr "两次密码不一致"
-#: users/serializers/profile.py:141 users/serializers/user.py:133
+#: users/serializers/profile.py:141 users/serializers/user.py:132
msgid "Is first login"
msgstr "首次登录"
-#: users/serializers/user.py:25 users/serializers/user.py:31
+#: users/serializers/user.py:24 users/serializers/user.py:30
msgid "System roles"
msgstr "系统角色"
-#: users/serializers/user.py:29 users/serializers/user.py:32
+#: users/serializers/user.py:28 users/serializers/user.py:31
msgid "Org roles"
msgstr "组织角色"
-#: users/serializers/user.py:75
+#: users/serializers/user.py:74
#: xpack/plugins/change_auth_plan/models/base.py:35
#: xpack/plugins/change_auth_plan/serializers/base.py:22
msgid "Password strategy"
msgstr "密码策略"
-#: users/serializers/user.py:77
+#: users/serializers/user.py:76
msgid "MFA enabled"
msgstr "MFA"
-#: users/serializers/user.py:78
+#: users/serializers/user.py:77
msgid "MFA force enabled"
msgstr "强制 MFA"
-#: users/serializers/user.py:80
+#: users/serializers/user.py:79
msgid "MFA level display"
msgstr "MFA 等级名称"
-#: users/serializers/user.py:82
+#: users/serializers/user.py:81
msgid "Login blocked"
msgstr "登录被阻塞"
-#: users/serializers/user.py:85
+#: users/serializers/user.py:84
msgid "Can public key authentication"
msgstr "能否公钥认证"
-#: users/serializers/user.py:137
+#: users/serializers/user.py:136
msgid "Avatar url"
msgstr "头像路径"
-#: users/serializers/user.py:139
+#: users/serializers/user.py:138
msgid "Groups name"
msgstr "用户组名"
-#: users/serializers/user.py:140
+#: users/serializers/user.py:139
msgid "Source name"
msgstr "用户来源名"
-#: users/serializers/user.py:141
+#: users/serializers/user.py:140
msgid "Organization role name"
msgstr "组织角色名称"
-#: users/serializers/user.py:142
+#: users/serializers/user.py:141
msgid "Super role name"
msgstr "超级角色名称"
-#: users/serializers/user.py:143
+#: users/serializers/user.py:142
msgid "Total role name"
msgstr "汇总角色名称"
-#: users/serializers/user.py:145
+#: users/serializers/user.py:144
msgid "Is wecom bound"
msgstr "是否绑定了企业微信"
-#: users/serializers/user.py:146
+#: users/serializers/user.py:145
msgid "Is dingtalk bound"
msgstr "是否绑定了钉钉"
-#: users/serializers/user.py:147
+#: users/serializers/user.py:146
msgid "Is feishu bound"
msgstr "是否绑定了飞书"
-#: users/serializers/user.py:148
+#: users/serializers/user.py:147
msgid "Is OTP bound"
msgstr "是否绑定了虚拟 MFA"
-#: users/serializers/user.py:150
+#: users/serializers/user.py:149
msgid "System role name"
msgstr "系统角色名称"
-#: users/serializers/user.py:246
+#: users/serializers/user.py:235
msgid "Select users"
msgstr "选择用户"
-#: users/serializers/user.py:247
+#: users/serializers/user.py:236
msgid "For security, only list several users"
msgstr "为了安全,仅列出几个用户"
-#: users/serializers/user.py:280
+#: users/serializers/user.py:269
msgid "name not unique"
msgstr "名称重复"
@@ -5976,7 +6064,7 @@ msgstr "应用"
#: xpack/plugins/change_auth_plan/models/app.py:156
msgid "Application change auth plan task"
-msgstr "用用改密计划任务"
+msgstr "应用改密计划任务"
#: xpack/plugins/change_auth_plan/models/app.py:180
#: xpack/plugins/change_auth_plan/models/asset.py:263
@@ -6220,13 +6308,10 @@ msgstr "云管中心"
msgid "Provider"
msgstr "云服务商"
-#: xpack/plugins/cloud/models.py:39
-msgid "Cloud account"
-msgstr "云账号"
-
-#: xpack/plugins/cloud/models.py:82 xpack/plugins/cloud/serializers/task.py:66
+#: xpack/plugins/cloud/models.py:39 xpack/plugins/cloud/models.py:82
+#: xpack/plugins/cloud/serializers/task.py:66
msgid "Account"
-msgstr "账户"
+msgstr "账号"
#: xpack/plugins/cloud/models.py:85 xpack/plugins/cloud/serializers/task.py:37
msgid "Regions"
@@ -6483,7 +6568,7 @@ msgstr "用户域"
#: xpack/plugins/cloud/serializers/account_attrs.py:113
msgid "Service account key"
-msgstr "账户密钥"
+msgstr "服务账号密钥"
#: xpack/plugins/cloud/serializers/account_attrs.py:114
msgid "The file is in JSON format"
@@ -6517,7 +6602,7 @@ msgstr "定时执行"
#: xpack/plugins/cloud/utils.py:68
msgid "Account unavailable"
-msgstr "账户无效"
+msgstr "账号无效"
#: xpack/plugins/gathered_user/meta.py:11
msgid "Gathered user"
@@ -6603,6 +6688,9 @@ msgstr "旗舰版"
msgid "Community edition"
msgstr "社区版"
+#~ msgid "AppAsset"
+#~ msgstr "资产管理"
+
#~ msgid "User and Organization"
#~ msgstr "用户与组织"
@@ -6660,7 +6748,7 @@ msgstr "社区版"
#~ msgstr "XPack"
#~ msgid "Account list"
-#~ msgstr "账户列表"
+#~ msgstr "账号列表"
#~ msgid "Sync instance"
#~ msgstr "同步实例"
diff --git a/apps/notifications/apps.py b/apps/notifications/apps.py
index 1c64497a1..306f2b55b 100644
--- a/apps/notifications/apps.py
+++ b/apps/notifications/apps.py
@@ -7,6 +7,6 @@ class NotificationsConfig(AppConfig):
verbose_name = _('Notifications')
def ready(self):
- from . import signals_handler
+ from . import signal_handlers
from . import notifications
super().ready()
diff --git a/apps/notifications/signals_handler.py b/apps/notifications/signal_handlers.py
similarity index 100%
rename from apps/notifications/signals_handler.py
rename to apps/notifications/signal_handlers.py
diff --git a/apps/notifications/ws.py b/apps/notifications/ws.py
index e3d48f79d..391bb659d 100644
--- a/apps/notifications/ws.py
+++ b/apps/notifications/ws.py
@@ -5,7 +5,7 @@ from channels.generic.websocket import JsonWebsocketConsumer
from common.utils import get_logger
from common.db.utils import safe_db_connection
from .site_msg import SiteMessageUtil
-from .signals_handler import new_site_msg_chan
+from .signal_handlers import new_site_msg_chan
logger = get_logger(__name__)
diff --git a/apps/ops/apps.py b/apps/ops/apps.py
index 43496ebf2..819a23002 100644
--- a/apps/ops/apps.py
+++ b/apps/ops/apps.py
@@ -6,13 +6,13 @@ from django.apps import AppConfig
class OpsConfig(AppConfig):
name = 'ops'
- verbose_name = _('Operations')
+ verbose_name = _('App ops')
def ready(self):
from orgs.models import Organization
from orgs.utils import set_current_org
set_current_org(Organization.root())
from .celery import signal_handler
- from . import signals_handler
+ from . import signal_handlers
from . import notifications
super().ready()
diff --git a/apps/ops/notifications.py b/apps/ops/notifications.py
index e76c2037d..86c7ab188 100644
--- a/apps/ops/notifications.py
+++ b/apps/ops/notifications.py
@@ -13,7 +13,7 @@ __all__ = ('ServerPerformanceMessage', 'ServerPerformanceCheckUtil')
class ServerPerformanceMessage(SystemMessage):
category = 'Operations'
- category_label = _('Operations')
+ category_label = _('App ops')
message_type_label = _('Server performance')
def __init__(self, terms_with_errors):
diff --git a/apps/ops/signals_handler.py b/apps/ops/signal_handlers.py
similarity index 100%
rename from apps/ops/signals_handler.py
rename to apps/ops/signal_handlers.py
diff --git a/apps/orgs/apps.py b/apps/orgs/apps.py
index 872fb8eb4..14a48203c 100644
--- a/apps/orgs/apps.py
+++ b/apps/orgs/apps.py
@@ -4,7 +4,7 @@ from django.utils.translation import ugettext_lazy as _
class OrgsConfig(AppConfig):
name = 'orgs'
- verbose_name = _('Organizations')
+ verbose_name = _('App organizations')
def ready(self):
- from . import signals_handler
+ from . import signal_handlers
diff --git a/apps/orgs/signals_handler/__init__.py b/apps/orgs/signal_handlers/__init__.py
similarity index 100%
rename from apps/orgs/signals_handler/__init__.py
rename to apps/orgs/signal_handlers/__init__.py
diff --git a/apps/orgs/signals_handler/cache.py b/apps/orgs/signal_handlers/cache.py
similarity index 100%
rename from apps/orgs/signals_handler/cache.py
rename to apps/orgs/signal_handlers/cache.py
diff --git a/apps/orgs/signals_handler/common.py b/apps/orgs/signal_handlers/common.py
similarity index 100%
rename from apps/orgs/signals_handler/common.py
rename to apps/orgs/signal_handlers/common.py
diff --git a/apps/perms/apps.py b/apps/perms/apps.py
index 664765029..432c194cd 100644
--- a/apps/perms/apps.py
+++ b/apps/perms/apps.py
@@ -6,9 +6,9 @@ from django.utils.translation import ugettext_lazy as _
class PermsConfig(AppConfig):
name = 'perms'
- verbose_name = _('Permissions')
+ verbose_name = _('App permissions')
def ready(self):
super().ready()
- from . import signals_handler
+ from . import signal_handlers
from . import notifications
diff --git a/apps/perms/serializers/application/permission.py b/apps/perms/serializers/application/permission.py
index f3e6443a0..c7ebdf769 100644
--- a/apps/perms/serializers/application/permission.py
+++ b/apps/perms/serializers/application/permission.py
@@ -43,7 +43,7 @@ class ApplicationPermissionSerializer(BasePermissionSerializer):
'users_amount': {'label': _('Users amount')},
'user_groups_amount': {'label': _('User groups amount')},
'system_users_amount': {'label': _('System users amount')},
- 'applications_amount': {'label': _('Applications amount')},
+ 'applications_amount': {'label': _('Apps amount')},
}
def _filter_actions_choices(self, choices):
diff --git a/apps/perms/signals_handler/__init__.py b/apps/perms/signal_handlers/__init__.py
similarity index 100%
rename from apps/perms/signals_handler/__init__.py
rename to apps/perms/signal_handlers/__init__.py
diff --git a/apps/perms/signals_handler/app_permission.py b/apps/perms/signal_handlers/app_permission.py
similarity index 100%
rename from apps/perms/signals_handler/app_permission.py
rename to apps/perms/signal_handlers/app_permission.py
diff --git a/apps/perms/signals_handler/asset_permission.py b/apps/perms/signal_handlers/asset_permission.py
similarity index 100%
rename from apps/perms/signals_handler/asset_permission.py
rename to apps/perms/signal_handlers/asset_permission.py
diff --git a/apps/perms/signals_handler/refresh_perms.py b/apps/perms/signal_handlers/refresh_perms.py
similarity index 100%
rename from apps/perms/signals_handler/refresh_perms.py
rename to apps/perms/signal_handlers/refresh_perms.py
diff --git a/apps/rbac/api/rolebinding.py b/apps/rbac/api/rolebinding.py
index 7d31d6415..3e9165323 100644
--- a/apps/rbac/api/rolebinding.py
+++ b/apps/rbac/api/rolebinding.py
@@ -1,9 +1,10 @@
-
+from django.utils.translation import ugettext as _
from django.db.models import F, Value
from django.db.models.functions import Concat
from orgs.mixins.api import OrgBulkModelViewSet
from orgs.utils import current_org
+from common.exceptions import JMSException
from .. import serializers
from ..models import RoleBinding, SystemRoleBinding, OrgRoleBinding
@@ -22,7 +23,7 @@ class RoleBindingViewSet(OrgBulkModelViewSet):
]
def get_queryset(self):
- queryset = super().get_queryset()\
+ queryset = super().get_queryset() \
.prefetch_related('user', 'role') \
.annotate(
user_display=Concat(
@@ -38,6 +39,17 @@ class SystemRoleBindingViewSet(RoleBindingViewSet):
model = SystemRoleBinding
serializer_class = serializers.SystemRoleBindingSerializer
+ def perform_destroy(self, instance):
+ user = instance.user
+ role_qs = self.model.objects.filter(user=user)
+ if role_qs.count() == 1:
+ msg = _('{} at least one system role').format(user)
+ raise JMSException(
+ code='system_role_delete_error',
+ detail=msg
+ )
+ super().perform_destroy(instance)
+
class OrgRoleBindingViewSet(RoleBindingViewSet):
model = OrgRoleBinding
diff --git a/apps/rbac/const.py b/apps/rbac/const.py
index b7c76a261..084b82cf1 100644
--- a/apps/rbac/const.py
+++ b/apps/rbac/const.py
@@ -16,10 +16,12 @@ exclude_permissions = (
('contenttypes', '*', '*', '*'),
('django_cas_ng', '*', '*', '*'),
('django_celery_beat', '*', '*', '*'),
+ ('jms_oidc_rp', '*', '*', '*'),
('admin', '*', '*', '*'),
('sessions', '*', '*', '*'),
('notifications', '*', '*', '*'),
+ ('applications', 'applicationuser', '*', '*'),
('applications', 'historicalaccount', '*', '*'),
('applications', 'databaseapp', '*', '*'),
('applications', 'k8sapp', '*', '*'),
@@ -51,9 +53,15 @@ exclude_permissions = (
('audits', 'userloginlog', 'change,delete,change', 'userloginlog'),
('audits', 'ftplog', 'change,delete', 'ftplog'),
('terminal', 'session', 'delete', 'session'),
+ ('terminal', 'session', 'delete,change', 'command'),
('tickets', 'ticket', '*', '*'),
('users', 'userpasswordhistory', '*', '*'),
- ('xpack', 'interface', 'add,delete', 'interface'),
+ ('xpack', 'interface', '*', '*'),
+ ('xpack', 'license', '*', '*'),
+ ('common', 'permission', 'add,delete,view,change', 'permission'),
+ ('terminal', 'command', 'delete,change', 'command'),
+ ('terminal', 'sessionjoinrecord', 'delete', 'sessionjoinrecord'),
+ ('terminal', 'sessionreplay', 'delete', 'sessionreplay'),
)
diff --git a/apps/rbac/models/permission.py b/apps/rbac/models/permission.py
index 0ba84f315..4b506168b 100644
--- a/apps/rbac/models/permission.py
+++ b/apps/rbac/models/permission.py
@@ -1,12 +1,8 @@
-from typing import Callable
-
-from django.db.models import F, Count, Q
-from django.apps import apps
-from django.utils.translation import ugettext_lazy as _, ugettext
+from django.db.models import Q
+from django.utils.translation import ugettext_lazy as _
from django.contrib.auth.models import Permission as DjangoPermission
from django.contrib.auth.models import ContentType as DjangoContentType
-from common.tree import TreeNode
from .. import const
Scope = const.Scope
@@ -19,190 +15,6 @@ class ContentType(DjangoContentType):
proxy = True
-class PermissionTreeUtil:
- get_permissions: Callable
-
- def __init__(self, permissions, scope, check_disabled=False):
- self.permissions = self.prefetch_permissions(permissions)
- self.all_permissions = self.prefetch_permissions(
- Permission.get_permissions(scope)
- )
- self.check_disabled = check_disabled
-
- @staticmethod
- def prefetch_permissions(perms):
- return perms.select_related('content_type') \
- .annotate(app=F('content_type__app_label')) \
- .annotate(model=F('content_type__model'))
-
- def _create_apps_tree_nodes(self):
- app_counts = self.all_permissions.values('app')\
- .order_by('app').annotate(count=Count('app'))
- app_checked_counts = self.permissions.values('app')\
- .order_by('app').annotate(count=Count('app'))
- app_checked_counts_mapper = {
- i['app']: i['count']
- for i in app_checked_counts
- }
- all_apps = apps.get_app_configs()
- apps_name_mapper = {
- app.name: app.verbose_name
- for app in all_apps if hasattr(app, 'verbose_name')
- }
- nodes = []
-
- for i in app_counts:
- app = i['app']
- total_counts = i['count']
- check_counts = app_checked_counts_mapper.get(app, 0)
- name = apps_name_mapper.get(app, app)
- full_name = f'{name}({check_counts}/{total_counts})'
-
- node = TreeNode(**{
- 'id': app,
- 'name': full_name,
- 'title': name,
- 'pId': '$ROOT$',
- 'isParent': True,
- 'open': False,
- 'chkDisabled': self.check_disabled,
- 'checked': total_counts == check_counts,
- 'iconSkin': '',
- 'meta': {
- 'type': 'app',
- }
- })
- nodes.append(node)
- return nodes
-
- def _create_models_tree_nodes(self):
- content_types = ContentType.objects.all()
-
- model_counts = self.all_permissions \
- .values('model', 'app', 'content_type') \
- .order_by('content_type') \
- .annotate(count=Count('content_type'))
- model_check_counts = self.permissions \
- .values('content_type', 'model') \
- .order_by('content_type') \
- .annotate(count=Count('content_type'))
- model_counts_mapper = {
- i['content_type']: i['count']
- for i in model_counts
- }
- model_check_counts_mapper = {
- i['content_type']: i['count']
- for i in model_check_counts
- }
-
- nodes = []
- for ct in content_types:
- total_counts = model_counts_mapper.get(ct.id, 0)
- if total_counts == 0:
- continue
- check_counts = model_check_counts_mapper.get(ct.id, 0)
- model_id = f'{ct.app_label}_{ct.model}'
- name = f'{ct.name}({check_counts}/{total_counts})'
- node = TreeNode(**{
- 'id': model_id,
- 'name': name,
- 'title': name,
- 'pId': ct.app_label,
- 'chkDisabled': self.check_disabled,
- 'isParent': True,
- 'open': False,
- 'checked': total_counts == check_counts,
- 'meta': {
- 'type': 'model',
- }
- })
- nodes.append(node)
- return nodes
-
- @staticmethod
- def _get_permission_name(p, content_types_name_mapper):
- code_name = p.codename
- action_mapper = {
- 'add': ugettext('Create'),
- 'view': ugettext('View'),
- 'change': ugettext('Update'),
- 'delete': ugettext('Delete')
- }
- name = ''
- ct = ''
- if 'add_' in p.codename:
- name = action_mapper['add']
- ct = code_name.replace('add_', '')
- elif 'view_' in p.codename:
- name = action_mapper['view']
- ct = code_name.replace('view_', '')
- elif 'change_' in p.codename:
- name = action_mapper['change']
- ct = code_name.replace('change_', '')
- elif 'delete' in code_name:
- name = action_mapper['delete']
- ct = code_name.replace('delete_', '')
-
- if ct in content_types_name_mapper:
- name += content_types_name_mapper[ct]
- else:
- name = p.name
- return name
-
- def _create_perms_tree_nodes(self):
- permissions_id = self.permissions.values_list('id', flat=True)
- nodes = []
- content_types = ContentType.objects.all()
- content_types_name_mapper = {ct.model: ct.name for ct in content_types}
- for p in self.all_permissions:
- model_id = f'{p.app}_{p.model}'
- name = self._get_permission_name(p, content_types_name_mapper)
-
- node = TreeNode(**{
- 'id': p.id,
- 'name': name + '({})'.format(p.app_label_codename),
- 'title': p.name,
- 'pId': model_id,
- 'isParent': False,
- 'chkDisabled': self.check_disabled,
- 'iconSkin': 'file',
- 'checked': p.id in permissions_id,
- 'open': False,
- 'meta': {
- 'type': 'perm',
- }
- })
- nodes.append(node)
- return nodes
-
- def _create_root_tree_node(self):
- total_counts = self.all_permissions.count()
- check_counts = self.permissions.count()
- node = TreeNode(**{
- 'id': '$ROOT$',
- 'name': f'所有权限({check_counts}/{total_counts})',
- 'title': '所有权限',
- 'pId': '',
- 'chkDisabled': self.check_disabled,
- 'isParent': True,
- 'checked': total_counts == check_counts,
- 'open': True,
- 'meta': {
- 'type': 'root',
- }
- })
- return node
-
- def create_tree_nodes(self):
- nodes = [self._create_root_tree_node()]
- apps_nodes = self._create_apps_tree_nodes()
- models_nodes = self._create_models_tree_nodes()
- perms_nodes = self._create_perms_tree_nodes()
-
- nodes += apps_nodes + models_nodes + perms_nodes
- return nodes
-
-
class Permission(DjangoPermission):
""" 权限类 """
class Meta:
@@ -265,6 +77,7 @@ class Permission(DjangoPermission):
@staticmethod
def create_tree_nodes(permissions, scope, check_disabled=False):
+ from ..tree import PermissionTreeUtil
util = PermissionTreeUtil(permissions, scope, check_disabled)
return util.create_tree_nodes()
diff --git a/apps/rbac/permissions.py b/apps/rbac/permissions.py
index 717f79848..43210818f 100644
--- a/apps/rbac/permissions.py
+++ b/apps/rbac/permissions.py
@@ -16,6 +16,7 @@ class RBACPermission(permissions.DjangoModelPermissions):
('bulk_update', '%(app_label)s.change_%(model_name)s'),
('partial_bulk_update', '%(app_label)s.change_%(model_name)s'),
('bulk_destroy', '%(app_label)s.delete_%(model_name)s'),
+ ('render_to_json', '%(app_label)s.add_%(model_name)s'),
('metadata', ''),
('GET', '%(app_label)s.view_%(model_name)s'),
('OPTIONS', ''),
diff --git a/apps/rbac/tree.py b/apps/rbac/tree.py
new file mode 100644
index 000000000..c5cdfde32
--- /dev/null
+++ b/apps/rbac/tree.py
@@ -0,0 +1,387 @@
+#!/usr/bin/python
+from collections import defaultdict
+from typing import Callable
+
+from django.utils.translation import gettext_lazy as _, gettext
+from django.conf import settings
+from django.apps import apps
+from django.db.models import F, Count
+from django.utils.translation import ugettext
+
+from .models import Permission, ContentType
+from common.tree import TreeNode
+
+root_node_data = {
+ 'id': '$ROOT$',
+ 'name': _('All permissions'),
+ 'title': _('All permissions'),
+ 'pId': '',
+}
+
+view_nodes_data = [
+ {
+ 'id': 'view_console',
+ 'name': _('Console view'),
+ },
+ {
+ 'id': 'view_workspace',
+ 'name': _('Workspace view'),
+ },
+ {
+ 'id': 'view_audit',
+ 'name': _('Audit view'),
+ },
+ {
+ 'id': 'view_setting',
+ 'name': _('System setting'),
+ },
+ {
+ 'id': 'view_other',
+ 'name': _('Other'),
+ }
+]
+
+app_nodes_data = [
+ {
+ 'id': 'users',
+ 'view': 'view_console',
+ },
+ {
+ 'id': 'assets',
+ 'view': 'view_console',
+ },
+ {
+ 'id': 'applications',
+ 'view': 'view_console',
+ },
+ {
+ 'id': 'accounts',
+ 'name': _('Accounts'),
+ 'view': 'view_console',
+ },
+ {
+ 'id': 'perms',
+ 'view': 'view_console',
+ },
+ {
+ 'id': 'acls',
+ 'view': 'view_console',
+ },
+ {
+ 'id': 'ops',
+ 'view': 'view_console',
+ },
+ {
+ 'id': 'terminal',
+ 'name': _('Session audits'),
+ 'view': 'view_audit',
+ },
+ {
+ 'id': 'audits',
+ 'view': 'view_audit',
+ },
+ {
+ 'id': 'rbac',
+ 'view': 'view_console'
+ },
+ {
+ 'id': 'settings',
+ 'view': 'view_setting'
+ },
+ {
+ 'id': 'tickets',
+ 'view': 'view_other',
+ },
+ {
+ 'id': 'authentication',
+ 'view': 'view_other'
+ }
+]
+
+extra_nodes_data = [
+ {
+ "id": "cloud_import",
+ "name": _("Cloud import"),
+ "pId": "assets",
+ },
+ {
+ "id": "backup_account_node",
+ "name": _("Backup account"),
+ "pId": "accounts"
+ },
+ {
+ "id": "gather_account_node",
+ "name": _("Gather account"),
+ "pId": "accounts",
+ },
+ {
+ "id": "app_change_plan_node",
+ "name": _("App change auth"),
+ "pId": "accounts"
+ },
+ {
+ "id": "asset_change_plan_node",
+ "name": _("Asset change auth"),
+ "pId": "accounts"
+ },
+ {
+ "id": "terminal_node",
+ "name": _("Terminal"),
+ "pId": "view_setting"
+ }
+]
+
+special_pid_mapper = {
+ 'common.permission': 'view_other',
+ "assets.authbook": "accounts",
+ "applications.account": "accounts",
+ 'xpack.account': 'cloud_import',
+ 'xpack.syncinstancedetail': 'cloud_import',
+ 'xpack.syncinstancetask': 'cloud_import',
+ 'xpack.syncinstancetaskexecution': 'cloud_import',
+ 'assets.accountbackupplan': "backup_account_node",
+ 'assets.accountbackupplanexecution': "backup_account_node",
+ 'xpack.applicationchangeauthplan': 'app_change_plan_node',
+ 'xpack.applicationchangeauthplanexecution': 'app_change_plan_node',
+ 'xpack.applicationchangeauthplantask': 'app_change_plan_node',
+ 'xpack.changeauthplan': 'asset_change_plan_node',
+ 'xpack.changeauthplanexecution': 'asset_change_plan_node',
+ 'xpack.changeauthplantask': 'asset_change_plan_node',
+ "assets.gathereduser": "gather_account_node",
+ 'xpack.gatherusertask': 'gather_account_node',
+ 'xpack.gatherusertaskexecution': 'gather_account_node',
+ 'orgs.organization': 'view_setting',
+ 'settings.setting': 'view_setting',
+ 'terminal.terminal': 'terminal_node',
+ 'terminal.commandstorage': 'terminal_node',
+ 'terminal.replaystorage': 'terminal_node',
+ 'terminal.status': 'terminal_node',
+ 'terminal.task': 'terminal_node',
+}
+
+
+class PermissionTreeUtil:
+ get_permissions: Callable
+
+ def __init__(self, permissions, scope, check_disabled=False):
+ self.permissions = self.prefetch_permissions(permissions)
+ self.all_permissions = self.prefetch_permissions(
+ Permission.get_permissions(scope)
+ )
+ self.check_disabled = check_disabled
+ self.total_counts = defaultdict(int)
+ self.checked_counts = defaultdict(int)
+
+ @staticmethod
+ def prefetch_permissions(perms):
+ return perms.select_related('content_type') \
+ .annotate(app=F('content_type__app_label')) \
+ .annotate(model=F('content_type__model'))
+
+ def create_apps_nodes(self):
+ all_apps = apps.get_app_configs()
+ apps_name_mapper = {
+ app.name: app.verbose_name
+ for app in all_apps if hasattr(app, 'verbose_name')
+ }
+ nodes = []
+
+ for i in app_nodes_data:
+ app = i['id']
+ name = i.get('name') or apps_name_mapper.get(app, app)
+ view = i.get('view', 'other')
+
+ app_data = {
+ 'id': app,
+ 'name': name,
+ 'pId': view,
+ }
+ total_count = self.total_counts[app]
+ checked_count = self.checked_counts[app]
+ self.total_counts[view] += total_count
+ self.checked_counts[view] += checked_count
+ node = self._create_node(
+ app_data, total_count, checked_count,
+ 'app', is_open=False
+ )
+ nodes.append(node)
+ return nodes
+
+ def _get_model_counts_mapper(self):
+ model_counts = self.all_permissions \
+ .values('model', 'app', 'content_type') \
+ .order_by('content_type') \
+ .annotate(count=Count('content_type'))
+ model_check_counts = self.permissions \
+ .values('content_type', 'model') \
+ .order_by('content_type') \
+ .annotate(count=Count('content_type'))
+ model_counts_mapper = {
+ i['content_type']: i['count']
+ for i in model_counts
+ }
+ model_check_counts_mapper = {
+ i['content_type']: i['count']
+ for i in model_check_counts
+ }
+ return model_counts_mapper, model_check_counts_mapper
+
+ def _create_models_nodes(self):
+ content_types = ContentType.objects.all()
+ total_counts_mapper, checked_counts_mapper = self._get_model_counts_mapper()
+
+ nodes = []
+ for ct in content_types:
+ total_count = total_counts_mapper.get(ct.id, 0)
+ checked_count = checked_counts_mapper.get(ct.id, 0)
+ if total_count == 0:
+ continue
+
+ model_id = '{}.{}'.format(ct.app_label, ct.model)
+ app = ct.app_label
+ if special_pid_mapper.get(model_id):
+ app = special_pid_mapper[model_id]
+
+ self.total_counts[app] += total_count
+ self.checked_counts[app] += checked_count
+
+ name = f'{ct.name}'
+ node = self._create_node({
+ 'id': model_id,
+ 'name': name,
+ 'pId': app,
+ }, total_count, checked_count, 'model', is_open=False)
+ nodes.append(node)
+ return nodes
+
+ @staticmethod
+ def _get_permission_name(p, content_types_name_mapper):
+ code_name = p.codename
+ action_mapper = {
+ 'add': ugettext('Create'),
+ 'view': ugettext('View'),
+ 'change': ugettext('Update'),
+ 'delete': ugettext('Delete')
+ }
+ name = ''
+ ct = ''
+ if 'add_' in p.codename:
+ name = action_mapper['add']
+ ct = code_name.replace('add_', '')
+ elif 'view_' in p.codename:
+ name = action_mapper['view']
+ ct = code_name.replace('view_', '')
+ elif 'change_' in p.codename:
+ name = action_mapper['change']
+ ct = code_name.replace('change_', '')
+ elif 'delete' in code_name:
+ name = action_mapper['delete']
+ ct = code_name.replace('delete_', '')
+
+ if ct in content_types_name_mapper:
+ name += content_types_name_mapper[ct]
+ else:
+ name = gettext(p.name)
+ name = name.replace('Can ', '').replace('可以', '')
+ return name
+
+ def _create_perms_nodes(self):
+ permissions_id = self.permissions.values_list('id', flat=True)
+ nodes = []
+ content_types = ContentType.objects.all()
+ content_types_name_mapper = {ct.model: ct.name for ct in content_types}
+
+ for p in self.all_permissions:
+ model_id = f'{p.app}.{p.model}'
+ name = self._get_permission_name(p, content_types_name_mapper)
+ if settings.DEBUG:
+ name += '({})'.format(p.app_label_codename)
+
+ node = TreeNode(**{
+ 'id': p.id,
+ 'name': name,
+ 'title': p.name,
+ 'pId': model_id,
+ 'isParent': False,
+ 'chkDisabled': self.check_disabled,
+ 'iconSkin': 'file',
+ 'checked': p.id in permissions_id,
+ 'open': False,
+ 'meta': {
+ 'type': 'perm',
+ }
+ })
+ nodes.append(node)
+ return nodes
+
+ def _create_node(self, data, total_count, checked_count, tp,
+ is_parent=True, is_open=True, icon='', checked=None):
+ assert data.get('id')
+ assert data.get('name')
+ assert data.get('pId') is not None
+ if checked is None:
+ checked = total_count == checked_count
+ node_data = {
+ 'isParent': is_parent,
+ 'iconSkin': icon,
+ 'open': is_open,
+ 'chkDisabled': self.check_disabled,
+ 'checked': checked,
+ 'meta': {
+ 'type': tp,
+ },
+ **data
+ }
+ if not node_data.get('title'):
+ node_data['title'] = node_data['name']
+ node = TreeNode(**node_data)
+ node.name += f'({checked_count}/{total_count})'
+ return node
+
+ def _create_root_tree_node(self):
+ total_count = self.all_permissions.count()
+ checked_count = self.permissions.count()
+ node = self._create_node(root_node_data, total_count, checked_count, 'root')
+ return node
+
+ def _create_views_node(self):
+ nodes = []
+ for view_data in view_nodes_data:
+ view = view_data['id']
+ data = {
+ **view_data,
+ 'pId': '$ROOT$',
+ }
+ total_count = self.total_counts[view]
+ checked_count = self.checked_counts[view]
+ node = self._create_node(data, total_count, checked_count, 'view')
+ nodes.append(node)
+ return nodes
+
+ def _create_extra_nodes(self):
+ nodes = []
+ for data in extra_nodes_data:
+ i = data['id']
+ pid = data['pId']
+ checked_count = self.checked_counts[i]
+ total_count = self.total_counts[i]
+ self.total_counts[pid] += total_count
+ self.checked_counts[pid] += checked_count
+ node = self._create_node(
+ data, total_count, checked_count,
+ 'extra', is_open=False
+ )
+ nodes.append(node)
+
+ return nodes
+
+ def create_tree_nodes(self):
+ nodes = [self._create_root_tree_node()]
+ perms_nodes = self._create_perms_nodes()
+ models_nodes = self._create_models_nodes()
+ apps_nodes = self.create_apps_nodes()
+ views_nodes = self._create_views_node()
+ extra_nodes = self._create_extra_nodes()
+
+ nodes += views_nodes + apps_nodes + models_nodes + perms_nodes + extra_nodes
+ return nodes
diff --git a/apps/settings/apps.py b/apps/settings/apps.py
index bcb1b7693..8bef81db3 100644
--- a/apps/settings/apps.py
+++ b/apps/settings/apps.py
@@ -7,4 +7,4 @@ class SettingsConfig(AppConfig):
verbose_name = _('Settings')
def ready(self):
- from . import signals_handler
+ from . import signal_handlers
diff --git a/apps/settings/signals_handler.py b/apps/settings/signal_handlers.py
similarity index 100%
rename from apps/settings/signals_handler.py
rename to apps/settings/signal_handlers.py
diff --git a/apps/terminal/apps.py b/apps/terminal/apps.py
index ca67ab296..fa46ca9e2 100644
--- a/apps/terminal/apps.py
+++ b/apps/terminal/apps.py
@@ -9,6 +9,6 @@ class TerminalConfig(AppConfig):
verbose_name = _('Terminals')
def ready(self):
- from . import signals_handler
+ from . import signal_handlers
from . import notifications
return super().ready()
diff --git a/apps/terminal/migrations/0047_auto_20220302_1951.py b/apps/terminal/migrations/0047_auto_20220302_1951.py
new file mode 100644
index 000000000..a67b260b8
--- /dev/null
+++ b/apps/terminal/migrations/0047_auto_20220302_1951.py
@@ -0,0 +1,17 @@
+# Generated by Django 3.1.14 on 2022-03-02 11:51
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+ dependencies = [
+ ('terminal', '0046_auto_20220228_1744'),
+ ]
+
+ operations = [
+ migrations.AlterModelOptions(
+ name='sessionreplay',
+ options={'permissions': [('upload_sessionreplay', 'Can upload session replay'), ('download_sessionreplay', 'Can download session replay')], 'verbose_name': 'Session replay'},
+ ),
+ ]
diff --git a/apps/terminal/models/replay.py b/apps/terminal/models/replay.py
index adba14948..5f3e372af 100644
--- a/apps/terminal/models/replay.py
+++ b/apps/terminal/models/replay.py
@@ -9,6 +9,7 @@ class SessionReplay(CommonModelMixin):
session = models.ForeignKey(Session, on_delete=models.CASCADE, verbose_name=_("Session"))
class Meta:
+ verbose_name = _("Session replay")
permissions = [
('upload_sessionreplay', _("Can upload session replay")),
('download_sessionreplay', _("Can download session replay")),
diff --git a/apps/terminal/signals_handler.py b/apps/terminal/signal_handlers.py
similarity index 100%
rename from apps/terminal/signals_handler.py
rename to apps/terminal/signal_handlers.py
diff --git a/apps/tickets/api/super_ticket.py b/apps/tickets/api/super_ticket.py
index bf96a6cc9..ea186bd1b 100644
--- a/apps/tickets/api/super_ticket.py
+++ b/apps/tickets/api/super_ticket.py
@@ -2,7 +2,7 @@ from rest_framework.generics import RetrieveDestroyAPIView
from orgs.utils import tmp_to_root_org
from ..serializers import SuperTicketSerializer
-from ..models import SuperTicket
+from ..models import Ticket
__all__ = ['SuperTicketStatusAPI']
@@ -10,11 +10,14 @@ __all__ = ['SuperTicketStatusAPI']
class SuperTicketStatusAPI(RetrieveDestroyAPIView):
serializer_class = SuperTicketSerializer
+ rbac_perms = {
+ 'GET': 'tickets.view_superticket',
+ 'DELETE': 'tickets.change_superticket'
+ }
def get_queryset(self):
with tmp_to_root_org():
- return SuperTicket.objects.all()
+ return Ticket.objects.all()
def perform_destroy(self, instance):
- ticket = self.get_object()
- ticket.close(processor=ticket.applicant)
+ instance.close(processor=instance.applicant)
diff --git a/apps/tickets/apps.py b/apps/tickets/apps.py
index 8dd08d109..317ac592e 100644
--- a/apps/tickets/apps.py
+++ b/apps/tickets/apps.py
@@ -7,6 +7,6 @@ class TicketsConfig(AppConfig):
verbose_name = _('Tickets')
def ready(self):
- from . import signals_handler
+ from . import signal_handlers
from . import notifications
return super().ready()
diff --git a/apps/tickets/models/ticket.py b/apps/tickets/models/ticket.py
index d3ee162bd..aa536584d 100644
--- a/apps/tickets/models/ticket.py
+++ b/apps/tickets/models/ticket.py
@@ -1,9 +1,10 @@
# -*- coding: utf-8 -*-
#
+from typing import Callable
+
from django.db import models
from django.db.models import Q
from django.utils.translation import ugettext_lazy as _
-from datetime import timedelta
from django.db.utils import IntegrityError
from common.exceptions import JMSException
@@ -53,6 +54,7 @@ class StatusMixin:
status: str
applicant: models.ForeignKey
current_node: models.Manager
+ save: Callable
def set_state_approve(self):
self.state = TicketState.approved
@@ -182,7 +184,8 @@ class Ticket(CommonModelMixin, StatusMixin, OrgModelMixin):
@property
def processor(self):
- processor = self.current_node.first().ticket_assignees.exclude(state=ProcessStatus.notified).first()
+ processor = self.current_node.first().ticket_assignees\
+ .exclude(state=ProcessStatus.notified).first()
return processor.assignee if processor else None
def create_related_node(self):
diff --git a/apps/tickets/serializers/super_ticket.py b/apps/tickets/serializers/super_ticket.py
index a59bc51fb..9d84728e4 100644
--- a/apps/tickets/serializers/super_ticket.py
+++ b/apps/tickets/serializers/super_ticket.py
@@ -1,4 +1,5 @@
-from rest_framework.serializers import ModelSerializer
+from rest_framework import serializers
+from django.utils.translation import gettext_lazy as _
from ..models import SuperTicket
@@ -6,7 +7,15 @@ from ..models import SuperTicket
__all__ = ['SuperTicketSerializer']
-class SuperTicketSerializer(ModelSerializer):
+class SuperTicketSerializer(serializers.ModelSerializer):
+ processor = serializers.SerializerMethodField(label=_("Processor"))
+
class Meta:
model = SuperTicket
fields = ['id', 'status', 'state', 'processor']
+
+ @staticmethod
+ def get_processor(ticket):
+ if not ticket.processor:
+ return ''
+ return str(ticket.processor)
diff --git a/apps/tickets/signals_handler/__init__.py b/apps/tickets/signal_handlers/__init__.py
similarity index 100%
rename from apps/tickets/signals_handler/__init__.py
rename to apps/tickets/signal_handlers/__init__.py
diff --git a/apps/tickets/signals_handler/comment.py b/apps/tickets/signal_handlers/comment.py
similarity index 100%
rename from apps/tickets/signals_handler/comment.py
rename to apps/tickets/signal_handlers/comment.py
diff --git a/apps/tickets/signals_handler/ticket.py b/apps/tickets/signal_handlers/ticket.py
similarity index 100%
rename from apps/tickets/signals_handler/ticket.py
rename to apps/tickets/signal_handlers/ticket.py
diff --git a/apps/users/apps.py b/apps/users/apps.py
index 2c37f4e42..bd569c9fe 100644
--- a/apps/users/apps.py
+++ b/apps/users/apps.py
@@ -9,6 +9,6 @@ class UsersConfig(AppConfig):
verbose_name = _('Users')
def ready(self):
- from . import signals_handler
+ from . import signal_handlers
from . import notifications
super().ready()
diff --git a/apps/users/serializers/user.py b/apps/users/serializers/user.py
index 293e3c89a..c89a01d21 100644
--- a/apps/users/serializers/user.py
+++ b/apps/users/serializers/user.py
@@ -131,7 +131,7 @@ class UserSerializer(RolesSerializerMixin, CommonBulkSerializerMixin, serializer
'public_key': {'write_only': True},
'is_first_login': {'label': _('Is first login'), 'read_only': True},
'is_valid': {'label': _('Is valid')},
- 'is_service_account': {'label': _('Is service account')},
+ 'is_service_account': {'label': _('Is service account')},
'is_expired': {'label': _('Is expired')},
'avatar_url': {'label': _('Avatar url')},
'created_by': {'read_only': True, 'allow_blank': True},
@@ -243,7 +243,7 @@ class InviteSerializer(RolesSerializerMixin, serializers.Serializer):
class ServiceAccountSerializer(serializers.ModelSerializer):
class Meta:
model = User
- fields = ['id', 'name', 'access_key']
+ fields = ['id', 'name', 'access_key', 'comment']
read_only_fields = ['access_key']
def __init__(self, *args, **kwargs):
diff --git a/apps/users/signals_handler.py b/apps/users/signal_handlers.py
similarity index 100%
rename from apps/users/signals_handler.py
rename to apps/users/signal_handlers.py
diff --git a/jms b/jms
index b4eeb7e8a..517fb0602 100755
--- a/jms
+++ b/jms
@@ -63,8 +63,8 @@ def check_database_connection():
return
except OperationalError:
logging.info('Database not setup, retry')
- except Exception as e:
- logging.error('Unexpect error occur: {}'.format(str(e)))
+ except Exception as exc:
+ logging.error('Unexpect error occur: {}'.format(str(exc)))
time.sleep(1)
logging.error("Connection database failed, exit")
sys.exit(10)
@@ -96,7 +96,7 @@ def collect_static():
pass
-def compile_i81n_file():
+def compile_i18n_file():
django_mo_file = os.path.join(BASE_DIR, 'apps', 'locale', 'zh', 'LC_MESSAGES', 'django.mo')
if os.path.exists(django_mo_file):
return
@@ -134,8 +134,8 @@ def start_services():
except KeyboardInterrupt:
logging.info('Cancel ...')
time.sleep(2)
- except Exception as e:
- logging.error("Start service error {}: {}".format(services, e))
+ except Exception as exc:
+ logging.error("Start service error {}: {}".format(services, exc))
time.sleep(2)
diff --git a/requirements/requirements.txt b/requirements/requirements.txt
index aea4e3184..a29be5520 100644
--- a/requirements/requirements.txt
+++ b/requirements/requirements.txt
@@ -17,7 +17,7 @@ decorator==4.1.2
Django==3.1.14
django-auth-ldap==2.2.0
django-bootstrap3==14.2.0
-django-celery-beat==2.0
+django-celery-beat==2.2.1
django-filter==2.4.0
django-formtools==2.2
django-ranged-response==0.2.0
@@ -84,7 +84,7 @@ python-daemon==2.2.3
httpsig==1.3.0
treelib==1.5.3
django-proxy==1.2.1
-flower==0.9.3
+flower==1.0.0
channels-redis==3.2.0
channels==2.4.0
daphne==2.4.1
diff --git a/utils/start_celery_beat.py b/utils/start_celery_beat.py
index 34887fb4d..236a61ba8 100644
--- a/utils/start_celery_beat.py
+++ b/utils/start_celery_beat.py
@@ -22,8 +22,9 @@ redis = Redis(host=CONFIG.REDIS_HOST, port=CONFIG.REDIS_PORT, password=CONFIG.RE
scheduler = "django_celery_beat.schedulers:DatabaseScheduler"
cmd = [
- 'celery', 'beat',
+ 'celery',
'-A', 'ops',
+ 'beat',
'-l', 'INFO',
'--scheduler', scheduler,
'--max-interval', '60'