From 76474387921c30e7f6606a545f0846fd0b771b12 Mon Sep 17 00:00:00 2001 From: fit2bot <68588906+fit2bot@users.noreply.github.com> Date: Wed, 20 Apr 2022 11:18:50 +0800 Subject: [PATCH 1/9] =?UTF-8?q?perf:=20=E8=B4=A6=E5=8F=B7=E5=A4=87?= =?UTF-8?q?=E4=BB=BDlog=20(#8106)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: feng626 <1304903146@qq.com> --- apps/assets/task_handlers/backup/handlers.py | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/apps/assets/task_handlers/backup/handlers.py b/apps/assets/task_handlers/backup/handlers.py index a73bced59..600f8a2da 100644 --- a/apps/assets/task_handlers/backup/handlers.py +++ b/apps/assets/task_handlers/backup/handlers.py @@ -156,10 +156,7 @@ class AccountBackupHandler: logger.info('步骤完成: 用时 {}s'.format(timedelta)) return files - def send_backup_mail(self, files): - recipients = self.execution.plan_snapshot.get('recipients') - if not recipients: - return + def send_backup_mail(self, files, recipients): if not files: return recipients = User.objects.filter(id__in=list(recipients)) @@ -198,8 +195,16 @@ class AccountBackupHandler: is_success = False error = '-' try: - files = self.create_excel() - self.send_backup_mail(files) + recipients = self.execution.plan_snapshot.get('recipients') + if not recipients: + logger.info( + '\n' + '\033[32m>>> 该备份任务未分配收件人\033[0m' + '' + ) + else: + files = self.create_excel() + self.send_backup_mail(files, recipients) except Exception as e: self.is_frozen = True logger.error('任务执行被异常中断') From f1bd4ea91fbfdedf5e795202b76bb081cf25cbf2 Mon Sep 17 00:00:00 2001 From: ibuler Date: Wed, 20 Apr 2022 11:19:37 +0800 Subject: [PATCH 2/9] =?UTF-8?q?perf:=20=E4=BF=AE=E6=94=B9=20=E7=B3=BB?= =?UTF-8?q?=E7=BB=9F=E7=BA=A7=E5=88=AB=E7=94=A8=E6=88=B7=E8=A7=92=E8=89=B2?= =?UTF-8?q?=E7=9A=84=20perms?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/rbac/builtin.py | 17 ++++++++--------- apps/rbac/models/rolebinding.py | 5 +++-- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/apps/rbac/builtin.py b/apps/rbac/builtin.py index c99181d4e..179889111 100644 --- a/apps/rbac/builtin.py +++ b/apps/rbac/builtin.py @@ -2,15 +2,6 @@ from django.utils.translation import ugettext_noop from .const import Scope, system_exclude_permissions, org_exclude_permissions -system_user_perms = ( - ('authentication', 'connectiontoken', 'add', 'connectiontoken'), - ('authentication', 'temptoken', 'add,change,view', 'temptoken'), - ('authentication', 'accesskey', '*', '*'), - ('tickets', 'ticket', 'view', 'ticket'), - ('orgs', 'organization', 'view', 'rootorg'), -) - -# Todo: 获取应该区分 系统用户,和组织用户的权限 # 工作台也区分组织后再考虑 user_perms = ( ('rbac', 'menupermission', 'view', 'workbench'), @@ -25,6 +16,14 @@ user_perms = ( ('ops', 'commandexecution', 'add', 'commandexecution'), ) +system_user_perms = ( + ('authentication', 'connectiontoken', 'add', 'connectiontoken'), + ('authentication', 'temptoken', 'add,change,view', 'temptoken'), + ('authentication', 'accesskey', '*', '*'), + ('tickets', 'ticket', 'view', 'ticket'), + ('orgs', 'organization', 'view', 'rootorg'), +) + user_perms + auditor_perms = user_perms + ( ('rbac', 'menupermission', 'view', 'audit'), ('audits', '*', '*', '*'), diff --git a/apps/rbac/models/rolebinding.py b/apps/rbac/models/rolebinding.py index 643e38207..dc09f75d2 100644 --- a/apps/rbac/models/rolebinding.py +++ b/apps/rbac/models/rolebinding.py @@ -6,7 +6,7 @@ from rest_framework.serializers import ValidationError from common.db.models import JMSModel from common.utils import lazyproperty -from orgs.utils import current_org +from orgs.utils import current_org, tmp_to_root_org from .role import Role from ..const import Scope @@ -105,7 +105,8 @@ class RoleBinding(JMSModel): from orgs.models import Organization roles = Role.get_roles_by_perm(perm) - bindings = list(cls.objects.root_all().filter(role__in=roles, user=user)) + with tmp_to_root_org(): + bindings = list(cls.objects.root_all().filter(role__in=roles, user=user)) system_bindings = [b for b in bindings if b.scope == Role.Scope.system.value] if perm == 'rbac.view_workbench': From d2dd487e2c6d8f0c8a7f3b042c373132ac0378eb Mon Sep 17 00:00:00 2001 From: fit2bot <68588906+fit2bot@users.noreply.github.com> Date: Wed, 20 Apr 2022 16:05:33 +0800 Subject: [PATCH 3/9] =?UTF-8?q?feat:=20=E4=BF=AE=E6=94=B9LDAP=E5=AF=BC?= =?UTF-8?q?=E5=85=A5=E7=BB=84=E7=BB=87=E9=97=AE=E9=A2=98=20(#8111)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jiangjie.Bai Co-authored-by: BaiJiangJie --- apps/settings/utils/ldap.py | 4 +++- apps/users/tasks.py | 10 ++++++++-- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/apps/settings/utils/ldap.py b/apps/settings/utils/ldap.py index 22f4c2b19..5175d7a31 100644 --- a/apps/settings/utils/ldap.py +++ b/apps/settings/utils/ldap.py @@ -376,7 +376,9 @@ class LDAPImportUtil(object): except Exception as e: errors.append({user['username']: str(e)}) logger.error(e) - if org and org.is_root(): + if not org: + return + if org.is_root(): return for obj in objs: org.add_member(obj) diff --git a/apps/users/tasks.py b/apps/users/tasks.py index 0f93fa6c3..eb3ec8b9f 100644 --- a/apps/users/tasks.py +++ b/apps/users/tasks.py @@ -81,8 +81,14 @@ def import_ldap_user(): util_server = LDAPServerUtil() util_import = LDAPImportUtil() users = util_server.search() - org_id = settings.AUTH_LDAP_SYNC_ORG_ID - org = Organization.get_instance(org_id) + if settings.XPACK_ENABLED: + org_id = settings.AUTH_LDAP_SYNC_ORG_ID + default_org = None + else: + # 社区版默认导入Default组织 + org_id = Organization.DEFAULT_ID + default_org = Organization.default() + org = Organization.get_instance(org_id, default=default_org) errors = util_import.perform_import(users, org) if errors: logger.error("Imported LDAP users errors: {}".format(errors)) From c29d1337769b40fe55cb0dae7ab59001d69a6959 Mon Sep 17 00:00:00 2001 From: "Jiangjie.Bai" Date: Wed, 20 Apr 2022 16:30:41 +0800 Subject: [PATCH 4/9] =?UTF-8?q?feat:=20=E4=BF=AE=E6=94=B9LDAP=E5=AF=BC?= =?UTF-8?q?=E5=85=A5=E5=AE=9A=E6=97=B6=E4=BB=BB=E5=8A=A1interval/crontab?= =?UTF-8?q?=E4=BC=98=E5=85=88=E7=BA=A7?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jiangjie.Bai --- apps/users/tasks.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/apps/users/tasks.py b/apps/users/tasks.py index eb3ec8b9f..6d9bac660 100644 --- a/apps/users/tasks.py +++ b/apps/users/tasks.py @@ -112,6 +112,9 @@ def import_ldap_user_periodic(): else: interval = None crontab = settings.AUTH_LDAP_SYNC_CRONTAB + if crontab: + # 优先使用 crontab + interval = None tasks = { task_name: { 'task': import_ldap_user.name, From 415521a0034ca12a7aee983c2e27a2bc02e6926b Mon Sep 17 00:00:00 2001 From: fit2bot <68588906+fit2bot@users.noreply.github.com> Date: Wed, 20 Apr 2022 16:32:33 +0800 Subject: [PATCH 5/9] =?UTF-8?q?fix:=20=E5=88=A0=E9=99=A4=E7=BB=84=E7=BB=87?= =?UTF-8?q?=E6=97=B6=E6=A3=80=E6=B5=8Bldap=E5=90=8C=E6=AD=A5=E7=BB=84?= =?UTF-8?q?=E7=BB=87=20(#8112)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: feng626 <1304903146@qq.com> --- apps/locale/ja/LC_MESSAGES/django.mo | 4 +- apps/locale/ja/LC_MESSAGES/django.po | 57 ++++++++++++++++------------ apps/locale/zh/LC_MESSAGES/django.mo | 4 +- apps/locale/zh/LC_MESSAGES/django.po | 55 +++++++++++++++------------ apps/orgs/api.py | 6 +++ 5 files changed, 73 insertions(+), 53 deletions(-) diff --git a/apps/locale/ja/LC_MESSAGES/django.mo b/apps/locale/ja/LC_MESSAGES/django.mo index e13ed4cfb..d94d92000 100644 --- a/apps/locale/ja/LC_MESSAGES/django.mo +++ b/apps/locale/ja/LC_MESSAGES/django.mo @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:4e6962699271d0f5402223321e65211f1c7ad0b7a9b43524f3a0fac7ea2541d9 -size 125623 +oid sha256:c756a62144f20cbfa767a8afa63cfe3e01f65041e0ebd121533ad1411a034623 +size 125910 diff --git a/apps/locale/ja/LC_MESSAGES/django.po b/apps/locale/ja/LC_MESSAGES/django.po index 8c5147c50..690aa7d3f 100644 --- a/apps/locale/ja/LC_MESSAGES/django.po +++ b/apps/locale/ja/LC_MESSAGES/django.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2022-04-19 15:57+0800\n" +"POT-Creation-Date: 2022-04-20 16:23+0800\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" @@ -29,7 +29,7 @@ msgstr "Acls" #: assets/models/group.py:20 assets/models/label.py:18 ops/mixin.py:24 #: orgs/models.py:65 perms/models/base.py:83 rbac/models/role.py:29 #: settings/models.py:29 settings/serializers/sms.py:6 -#: terminal/models/endpoint.py:10 terminal/models/endpoint.py:55 +#: terminal/models/endpoint.py:10 terminal/models/endpoint.py:58 #: terminal/models/storage.py:23 terminal/models/task.py:16 #: terminal/models/terminal.py:100 users/forms/profile.py:32 #: users/models/group.py:15 users/models/user.py:661 @@ -38,12 +38,12 @@ msgid "Name" msgstr "名前" #: acls/models/base.py:27 assets/models/cmd_filter.py:84 -#: assets/models/user.py:247 terminal/models/endpoint.py:58 +#: assets/models/user.py:247 terminal/models/endpoint.py:61 msgid "Priority" msgstr "優先順位" #: acls/models/base.py:28 assets/models/cmd_filter.py:84 -#: assets/models/user.py:247 terminal/models/endpoint.py:59 +#: assets/models/user.py:247 terminal/models/endpoint.py:62 msgid "1-100, the lower the value will be match first" msgstr "1-100、低い値は最初に一致します" @@ -61,7 +61,7 @@ msgstr "アクティブ" #: assets/models/domain.py:64 assets/models/group.py:23 #: assets/models/label.py:23 ops/models/adhoc.py:38 orgs/models.py:68 #: perms/models/base.py:93 rbac/models/role.py:37 settings/models.py:34 -#: terminal/models/endpoint.py:20 terminal/models/endpoint.py:65 +#: terminal/models/endpoint.py:20 terminal/models/endpoint.py:68 #: terminal/models/storage.py:26 terminal/models/terminal.py:114 #: tickets/models/comment.py:24 tickets/models/ticket.py:154 #: users/models/group.py:16 users/models/user.py:698 @@ -1360,7 +1360,7 @@ msgstr "監査" #: audits/models.py:27 audits/models.py:57 #: authentication/templates/authentication/_access_key_modal.html:65 -#: rbac/tree.py:166 +#: rbac/tree.py:168 msgid "Delete" msgstr "削除" @@ -1413,11 +1413,11 @@ msgstr "ファイル転送ログ" #: audits/models.py:55 #: authentication/templates/authentication/_access_key_modal.html:22 -#: rbac/tree.py:163 +#: rbac/tree.py:165 msgid "Create" msgstr "作成" -#: audits/models.py:56 rbac/tree.py:165 templates/_csv_import_export.html:18 +#: audits/models.py:56 rbac/tree.py:167 templates/_csv_import_export.html:18 #: templates/_csv_update_modal.html:6 msgid "Update" msgstr "更新" @@ -2886,15 +2886,22 @@ msgstr "タスクログ" msgid "Update task content: {}" msgstr "タスク内容の更新: {}" -#: orgs/api.py:68 +#: orgs/api.py:69 msgid "The current organization ({}) cannot be deleted" msgstr "現在の組織 ({}) は削除できません" -#: orgs/api.py:76 +#: orgs/api.py:77 msgid "The organization have resource ({}) cannot be deleted" msgstr "組織のリソース ({}) は削除できません" -#: orgs/apps.py:7 rbac/tree.py:112 +#: orgs/api.py:83 +msgid "" +"LDAP synchronization is set to the current organization. Please switch to " +"another organization before deleting" +msgstr "" +"LDAP同期は現在の組織に設定されます。削除する前に別の組織に切り替えてください" + +#: orgs/apps.py:7 rbac/tree.py:114 msgid "App organizations" msgstr "アプリ組織" @@ -3202,18 +3209,18 @@ msgstr "組織の役割" msgid "Role binding" msgstr "ロールバインディング" -#: rbac/models/rolebinding.py:150 +#: rbac/models/rolebinding.py:151 msgid "" "User last role in org, can not be delete, you can remove user from org " "instead" msgstr "" "ユーザーの最後のロールは削除できません。ユーザーを組織から削除できます。" -#: rbac/models/rolebinding.py:157 +#: rbac/models/rolebinding.py:158 msgid "Organization role binding" msgstr "組織の役割バインディング" -#: rbac/models/rolebinding.py:172 +#: rbac/models/rolebinding.py:173 msgid "System role binding" msgstr "システムロールバインディング" @@ -3301,27 +3308,27 @@ msgstr "私の資産" msgid "My apps" msgstr "マイアプリ" -#: rbac/tree.py:113 +#: rbac/tree.py:115 msgid "Ticket comment" msgstr "チケットコメント" -#: rbac/tree.py:114 tickets/models/ticket.py:163 +#: rbac/tree.py:116 tickets/models/ticket.py:163 msgid "Ticket" msgstr "チケット" -#: rbac/tree.py:115 +#: rbac/tree.py:117 msgid "Common setting" msgstr "共通設定" -#: rbac/tree.py:116 +#: rbac/tree.py:118 msgid "View permission tree" msgstr "権限ツリーの表示" -#: rbac/tree.py:117 +#: rbac/tree.py:119 msgid "Execute batch command" msgstr "バッチ実行コマンド" -#: rbac/tree.py:164 +#: rbac/tree.py:166 msgid "View" msgstr "表示" @@ -4228,8 +4235,8 @@ msgid "" "Tips: The login success message varies with devices. if you cannot log in to " "the device through Telnet, set this parameter" msgstr "" -"ヒント: ログイン成功メッセージはデバイスによって異なります。Telnet経由でデバイスにロ" -"グインできない場合は、このパラメーターを設定します。" +"ヒント: ログイン成功メッセージはデバイスによって異なります。Telnet経由でデバ" +"イスにログインできない場合は、このパラメーターを設定します。" #: settings/serializers/terminal.py:36 msgid "Enable database proxy" @@ -4725,18 +4732,18 @@ msgstr "MariaDB ポート" msgid "PostgreSQL Port" msgstr "PostgreSQL ポート" -#: terminal/models/endpoint.py:25 terminal/models/endpoint.py:63 +#: terminal/models/endpoint.py:25 terminal/models/endpoint.py:66 #: terminal/serializers/endpoint.py:40 terminal/serializers/storage.py:37 #: terminal/serializers/storage.py:49 terminal/serializers/storage.py:79 #: terminal/serializers/storage.py:89 terminal/serializers/storage.py:97 msgid "Endpoint" msgstr "エンドポイント" -#: terminal/models/endpoint.py:56 +#: terminal/models/endpoint.py:59 msgid "IP group" msgstr "IP グループ" -#: terminal/models/endpoint.py:68 +#: terminal/models/endpoint.py:71 msgid "Endpoint rule" msgstr "エンドポイントルール" diff --git a/apps/locale/zh/LC_MESSAGES/django.mo b/apps/locale/zh/LC_MESSAGES/django.mo index c73d42f67..4d43bfac0 100644 --- a/apps/locale/zh/LC_MESSAGES/django.mo +++ b/apps/locale/zh/LC_MESSAGES/django.mo @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:3462a9a3eef8f372bf341f2066a33d85e1f01aca5a8fe506528a1cd0a37e98b4 -size 103951 +oid sha256:529a9646db39920766ffbe95b0de79bf0539df9f5807b5e36294031d8c4c7842 +size 104164 diff --git a/apps/locale/zh/LC_MESSAGES/django.po b/apps/locale/zh/LC_MESSAGES/django.po index 5160cbfcf..37d3e85e0 100644 --- a/apps/locale/zh/LC_MESSAGES/django.po +++ b/apps/locale/zh/LC_MESSAGES/django.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: JumpServer 0.3.3\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2022-04-19 15:57+0800\n" +"POT-Creation-Date: 2022-04-20 16:23+0800\n" "PO-Revision-Date: 2021-05-20 10:54+0800\n" "Last-Translator: ibuler \n" "Language-Team: JumpServer team\n" @@ -28,7 +28,7 @@ msgstr "访问控制" #: assets/models/group.py:20 assets/models/label.py:18 ops/mixin.py:24 #: orgs/models.py:65 perms/models/base.py:83 rbac/models/role.py:29 #: settings/models.py:29 settings/serializers/sms.py:6 -#: terminal/models/endpoint.py:10 terminal/models/endpoint.py:55 +#: terminal/models/endpoint.py:10 terminal/models/endpoint.py:58 #: terminal/models/storage.py:23 terminal/models/task.py:16 #: terminal/models/terminal.py:100 users/forms/profile.py:32 #: users/models/group.py:15 users/models/user.py:661 @@ -37,12 +37,12 @@ msgid "Name" msgstr "名称" #: acls/models/base.py:27 assets/models/cmd_filter.py:84 -#: assets/models/user.py:247 terminal/models/endpoint.py:58 +#: assets/models/user.py:247 terminal/models/endpoint.py:61 msgid "Priority" msgstr "优先级" #: acls/models/base.py:28 assets/models/cmd_filter.py:84 -#: assets/models/user.py:247 terminal/models/endpoint.py:59 +#: assets/models/user.py:247 terminal/models/endpoint.py:62 msgid "1-100, the lower the value will be match first" msgstr "优先级可选范围为 1-100 (数值越小越优先)" @@ -60,7 +60,7 @@ msgstr "激活中" #: assets/models/domain.py:64 assets/models/group.py:23 #: assets/models/label.py:23 ops/models/adhoc.py:38 orgs/models.py:68 #: perms/models/base.py:93 rbac/models/role.py:37 settings/models.py:34 -#: terminal/models/endpoint.py:20 terminal/models/endpoint.py:65 +#: terminal/models/endpoint.py:20 terminal/models/endpoint.py:68 #: terminal/models/storage.py:26 terminal/models/terminal.py:114 #: tickets/models/comment.py:24 tickets/models/ticket.py:154 #: users/models/group.py:16 users/models/user.py:698 @@ -1348,7 +1348,7 @@ msgstr "日志审计" #: audits/models.py:27 audits/models.py:57 #: authentication/templates/authentication/_access_key_modal.html:65 -#: rbac/tree.py:166 +#: rbac/tree.py:168 msgid "Delete" msgstr "删除" @@ -1401,11 +1401,11 @@ msgstr "文件管理" #: audits/models.py:55 #: authentication/templates/authentication/_access_key_modal.html:22 -#: rbac/tree.py:163 +#: rbac/tree.py:165 msgid "Create" msgstr "创建" -#: audits/models.py:56 rbac/tree.py:165 templates/_csv_import_export.html:18 +#: audits/models.py:56 rbac/tree.py:167 templates/_csv_import_export.html:18 #: templates/_csv_update_modal.html:6 msgid "Update" msgstr "更新" @@ -2851,15 +2851,21 @@ msgstr "任务列表" msgid "Update task content: {}" msgstr "更新任务内容: {}" -#: orgs/api.py:68 +#: orgs/api.py:69 msgid "The current organization ({}) cannot be deleted" msgstr "当前组织 ({}) 不能被删除" -#: orgs/api.py:76 +#: orgs/api.py:77 msgid "The organization have resource ({}) cannot be deleted" msgstr "组织存在资源 ({}) 不能被删除" -#: orgs/apps.py:7 rbac/tree.py:112 +#: orgs/api.py:83 +msgid "" +"LDAP synchronization is set to the current organization. Please switch to " +"another organization before deleting" +msgstr "LDAP同步设置组织为当前组织,请切换其他组织后再进行删除操作" + +#: orgs/apps.py:7 rbac/tree.py:114 msgid "App organizations" msgstr "组织管理" @@ -3165,17 +3171,17 @@ msgstr "组织角色" msgid "Role binding" msgstr "角色绑定" -#: rbac/models/rolebinding.py:150 +#: rbac/models/rolebinding.py:151 msgid "" "User last role in org, can not be delete, you can remove user from org " "instead" msgstr "用户最后一个角色,不能删除,你可以将用户从组织移除" -#: rbac/models/rolebinding.py:157 +#: rbac/models/rolebinding.py:158 msgid "Organization role binding" msgstr "组织角色绑定" -#: rbac/models/rolebinding.py:172 +#: rbac/models/rolebinding.py:173 msgid "System role binding" msgstr "系统角色绑定" @@ -3263,27 +3269,27 @@ msgstr "我的资产" msgid "My apps" msgstr "我的应用" -#: rbac/tree.py:113 +#: rbac/tree.py:115 msgid "Ticket comment" msgstr "工单评论" -#: rbac/tree.py:114 tickets/models/ticket.py:163 +#: rbac/tree.py:116 tickets/models/ticket.py:163 msgid "Ticket" msgstr "工单管理" -#: rbac/tree.py:115 +#: rbac/tree.py:117 msgid "Common setting" msgstr "一般设置" -#: rbac/tree.py:116 +#: rbac/tree.py:118 msgid "View permission tree" msgstr "查看授权树" -#: rbac/tree.py:117 +#: rbac/tree.py:119 msgid "Execute batch command" msgstr "执行批量命令" -#: rbac/tree.py:164 +#: rbac/tree.py:166 msgid "View" msgstr "查看" @@ -4167,7 +4173,8 @@ msgstr "Telnet 成功正则表达式" msgid "" "Tips: The login success message varies with devices. if you cannot log in to " "the device through Telnet, set this parameter" -msgstr "提示: 不同设备登录成功提示不一样,所以如果 telnet 不能正常登录,可以这里设置" +msgstr "" +"提示: 不同设备登录成功提示不一样,所以如果 telnet 不能正常登录,可以这里设置" #: settings/serializers/terminal.py:36 msgid "Enable database proxy" @@ -4651,18 +4658,18 @@ msgstr "MariaDB 端口" msgid "PostgreSQL Port" msgstr "PostgreSQL 端口" -#: terminal/models/endpoint.py:25 terminal/models/endpoint.py:63 +#: terminal/models/endpoint.py:25 terminal/models/endpoint.py:66 #: terminal/serializers/endpoint.py:40 terminal/serializers/storage.py:37 #: terminal/serializers/storage.py:49 terminal/serializers/storage.py:79 #: terminal/serializers/storage.py:89 terminal/serializers/storage.py:97 msgid "Endpoint" msgstr "端点" -#: terminal/models/endpoint.py:56 +#: terminal/models/endpoint.py:59 msgid "IP group" msgstr "IP 组" -#: terminal/models/endpoint.py:68 +#: terminal/models/endpoint.py:71 msgid "Endpoint rule" msgstr "端点规则" diff --git a/apps/orgs/api.py b/apps/orgs/api.py index e1a41a29f..0723790cd 100644 --- a/apps/orgs/api.py +++ b/apps/orgs/api.py @@ -2,6 +2,7 @@ # from django.utils.translation import ugettext as _ +from django.conf import settings from rest_framework_bulk import BulkModelViewSet from rest_framework.generics import RetrieveAPIView from rest_framework.exceptions import PermissionDenied @@ -76,6 +77,11 @@ class OrgViewSet(BulkModelViewSet): 'The organization have resource ({}) cannot be deleted' ).format(model._meta.verbose_name) raise PermissionDenied(detail=msg) + if str(instance.id) == settings.AUTH_LDAP_SYNC_ORG_ID: + msg = _( + 'LDAP synchronization is set to the current organization. Please switch to another organization before deleting' + ) + raise PermissionDenied(detail=msg) super().perform_destroy(instance) From b0b379e5a95bbf4c97af7040f555815bddcbf983 Mon Sep 17 00:00:00 2001 From: fit2bot <68588906+fit2bot@users.noreply.github.com> Date: Wed, 20 Apr 2022 16:38:42 +0800 Subject: [PATCH 6/9] fix: del org check ldap (#8114) Co-authored-by: feng626 <1304903146@qq.com> --- apps/locale/ja/LC_MESSAGES/django.mo | 4 +- apps/locale/ja/LC_MESSAGES/django.po | 66 ++++++++++++++-------------- apps/locale/zh/LC_MESSAGES/django.mo | 4 +- apps/locale/zh/LC_MESSAGES/django.po | 66 ++++++++++++++-------------- apps/orgs/api.py | 11 ++--- 5 files changed, 76 insertions(+), 75 deletions(-) diff --git a/apps/locale/ja/LC_MESSAGES/django.mo b/apps/locale/ja/LC_MESSAGES/django.mo index d94d92000..52b16b3bd 100644 --- a/apps/locale/ja/LC_MESSAGES/django.mo +++ b/apps/locale/ja/LC_MESSAGES/django.mo @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:c756a62144f20cbfa767a8afa63cfe3e01f65041e0ebd121533ad1411a034623 -size 125910 +oid sha256:f2c88ade4bfae213bdcdafad656af73f764e3b1b3f2b0c59aa39626e967730ca +size 125911 diff --git a/apps/locale/ja/LC_MESSAGES/django.po b/apps/locale/ja/LC_MESSAGES/django.po index 690aa7d3f..8aa00bb46 100644 --- a/apps/locale/ja/LC_MESSAGES/django.po +++ b/apps/locale/ja/LC_MESSAGES/django.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2022-04-20 16:23+0800\n" +"POT-Creation-Date: 2022-04-20 16:35+0800\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" @@ -2890,16 +2890,16 @@ msgstr "タスク内容の更新: {}" msgid "The current organization ({}) cannot be deleted" msgstr "現在の組織 ({}) は削除できません" -#: orgs/api.py:77 -msgid "The organization have resource ({}) cannot be deleted" -msgstr "組織のリソース ({}) は削除できません" - -#: orgs/api.py:83 +#: orgs/api.py:74 msgid "" "LDAP synchronization is set to the current organization. Please switch to " "another organization before deleting" msgstr "" -"LDAP同期は現在の組織に設定されます。削除する前に別の組織に切り替えてください" +"LDAP 同期は現在の組織に設定されます。削除する前に別の組織に切り替えてください" + +#: orgs/api.py:83 +msgid "The organization have resource ({}) cannot be deleted" +msgstr "組織のリソース ({}) は削除できません" #: orgs/apps.py:7 rbac/tree.py:114 msgid "App organizations" @@ -4250,104 +4250,104 @@ msgstr "XRDPの有効化" msgid "Enable KoKo SSH" msgstr "KoKo SSHの有効化" -#: settings/utils/ldap.py:417 +#: settings/utils/ldap.py:419 msgid "ldap:// or ldaps:// protocol is used." msgstr "ldap:// または ldaps:// プロトコルが使用されます。" -#: settings/utils/ldap.py:428 +#: settings/utils/ldap.py:430 msgid "Host or port is disconnected: {}" msgstr "ホストまたはポートが切断されました: {}" -#: settings/utils/ldap.py:430 +#: settings/utils/ldap.py:432 msgid "The port is not the port of the LDAP service: {}" msgstr "ポートはLDAPサービスのポートではありません: {}" -#: settings/utils/ldap.py:432 +#: settings/utils/ldap.py:434 msgid "Please add certificate: {}" msgstr "証明書を追加してください: {}" -#: settings/utils/ldap.py:436 settings/utils/ldap.py:463 -#: settings/utils/ldap.py:493 settings/utils/ldap.py:521 +#: settings/utils/ldap.py:438 settings/utils/ldap.py:465 +#: settings/utils/ldap.py:495 settings/utils/ldap.py:523 msgid "Unknown error: {}" msgstr "不明なエラー: {}" -#: settings/utils/ldap.py:450 +#: settings/utils/ldap.py:452 msgid "Bind DN or Password incorrect" msgstr "DNまたはパスワードのバインドが正しくありません" -#: settings/utils/ldap.py:457 +#: settings/utils/ldap.py:459 msgid "Please enter Bind DN: {}" msgstr "バインドDN: {} を入力してください" -#: settings/utils/ldap.py:459 +#: settings/utils/ldap.py:461 msgid "Please enter Password: {}" msgstr "パスワードを入力してください: {}" -#: settings/utils/ldap.py:461 +#: settings/utils/ldap.py:463 msgid "Please enter correct Bind DN and Password: {}" msgstr "正しいバインドDNとパスワードを入力してください: {}" -#: settings/utils/ldap.py:479 +#: settings/utils/ldap.py:481 msgid "Invalid User OU or User search filter: {}" msgstr "無効なユーザー OU またはユーザー検索フィルター: {}" -#: settings/utils/ldap.py:510 +#: settings/utils/ldap.py:512 msgid "LDAP User attr map not include: {}" msgstr "LDAP ユーザーattrマップは含まれません: {}" -#: settings/utils/ldap.py:517 +#: settings/utils/ldap.py:519 msgid "LDAP User attr map is not dict" msgstr "LDAPユーザーattrマップはdictではありません" -#: settings/utils/ldap.py:536 +#: settings/utils/ldap.py:538 msgid "LDAP authentication is not enabled" msgstr "LDAP 認証が有効になっていない" -#: settings/utils/ldap.py:554 +#: settings/utils/ldap.py:556 msgid "Error (Invalid LDAP server): {}" msgstr "エラー (LDAPサーバーが無効): {}" -#: settings/utils/ldap.py:556 +#: settings/utils/ldap.py:558 msgid "Error (Invalid Bind DN): {}" msgstr "エラー (DNのバインドが無効): {}" -#: settings/utils/ldap.py:558 +#: settings/utils/ldap.py:560 msgid "Error (Invalid LDAP User attr map): {}" msgstr "エラー (LDAPユーザーattrマップが無効): {}" -#: settings/utils/ldap.py:560 +#: settings/utils/ldap.py:562 msgid "Error (Invalid User OU or User search filter): {}" msgstr "エラー (ユーザーOUまたはユーザー検索フィルターが無効): {}" -#: settings/utils/ldap.py:562 +#: settings/utils/ldap.py:564 msgid "Error (Not enabled LDAP authentication): {}" msgstr "エラー (LDAP認証が有効化されていません): {}" -#: settings/utils/ldap.py:564 +#: settings/utils/ldap.py:566 msgid "Error (Unknown): {}" msgstr "エラー (不明): {}" -#: settings/utils/ldap.py:567 +#: settings/utils/ldap.py:569 msgid "Succeed: Match {} s user" msgstr "成功: {} 人のユーザーに一致" -#: settings/utils/ldap.py:600 +#: settings/utils/ldap.py:602 msgid "Authentication failed (configuration incorrect): {}" msgstr "認証に失敗しました (設定が正しくありません): {}" -#: settings/utils/ldap.py:602 +#: settings/utils/ldap.py:604 msgid "Authentication failed (before login check failed): {}" msgstr "認証に失敗しました (ログインチェックが失敗する前): {}" -#: settings/utils/ldap.py:604 +#: settings/utils/ldap.py:606 msgid "Authentication failed (username or password incorrect): {}" msgstr "認証に失敗しました (ユーザー名またはパスワードが正しくありません): {}" -#: settings/utils/ldap.py:606 +#: settings/utils/ldap.py:608 msgid "Authentication failed (Unknown): {}" msgstr "認証に失敗しました (不明): {}" -#: settings/utils/ldap.py:609 +#: settings/utils/ldap.py:611 msgid "Authentication success: {}" msgstr "認証成功: {}" diff --git a/apps/locale/zh/LC_MESSAGES/django.mo b/apps/locale/zh/LC_MESSAGES/django.mo index 4d43bfac0..915796d03 100644 --- a/apps/locale/zh/LC_MESSAGES/django.mo +++ b/apps/locale/zh/LC_MESSAGES/django.mo @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:529a9646db39920766ffbe95b0de79bf0539df9f5807b5e36294031d8c4c7842 -size 104164 +oid sha256:c75e0a1f2a047dac1374916c630bc0e8ef5ad5eea7518ffc21e93f747fc1235e +size 104165 diff --git a/apps/locale/zh/LC_MESSAGES/django.po b/apps/locale/zh/LC_MESSAGES/django.po index 37d3e85e0..79cb6c940 100644 --- a/apps/locale/zh/LC_MESSAGES/django.po +++ b/apps/locale/zh/LC_MESSAGES/django.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: JumpServer 0.3.3\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2022-04-20 16:23+0800\n" +"POT-Creation-Date: 2022-04-20 16:35+0800\n" "PO-Revision-Date: 2021-05-20 10:54+0800\n" "Last-Translator: ibuler \n" "Language-Team: JumpServer team\n" @@ -2855,15 +2855,15 @@ msgstr "更新任务内容: {}" msgid "The current organization ({}) cannot be deleted" msgstr "当前组织 ({}) 不能被删除" -#: orgs/api.py:77 -msgid "The organization have resource ({}) cannot be deleted" -msgstr "组织存在资源 ({}) 不能被删除" - -#: orgs/api.py:83 +#: orgs/api.py:74 msgid "" "LDAP synchronization is set to the current organization. Please switch to " "another organization before deleting" -msgstr "LDAP同步设置组织为当前组织,请切换其他组织后再进行删除操作" +msgstr "LDAP 同步设置组织为当前组织,请切换其他组织后再进行删除操作" + +#: orgs/api.py:83 +msgid "The organization have resource ({}) cannot be deleted" +msgstr "组织存在资源 ({}) 不能被删除" #: orgs/apps.py:7 rbac/tree.py:114 msgid "App organizations" @@ -4188,104 +4188,104 @@ msgstr "启用 XRDP 服务" msgid "Enable KoKo SSH" msgstr "启用 KoKo SSH" -#: settings/utils/ldap.py:417 +#: settings/utils/ldap.py:419 msgid "ldap:// or ldaps:// protocol is used." msgstr "使用 ldap:// 或 ldaps:// 协议" -#: settings/utils/ldap.py:428 +#: settings/utils/ldap.py:430 msgid "Host or port is disconnected: {}" msgstr "主机或端口不可连接: {}" -#: settings/utils/ldap.py:430 +#: settings/utils/ldap.py:432 msgid "The port is not the port of the LDAP service: {}" msgstr "端口不是LDAP服务端口: {}" -#: settings/utils/ldap.py:432 +#: settings/utils/ldap.py:434 msgid "Please add certificate: {}" msgstr "请添加证书" -#: settings/utils/ldap.py:436 settings/utils/ldap.py:463 -#: settings/utils/ldap.py:493 settings/utils/ldap.py:521 +#: settings/utils/ldap.py:438 settings/utils/ldap.py:465 +#: settings/utils/ldap.py:495 settings/utils/ldap.py:523 msgid "Unknown error: {}" msgstr "未知错误: {}" -#: settings/utils/ldap.py:450 +#: settings/utils/ldap.py:452 msgid "Bind DN or Password incorrect" msgstr "绑定DN或密码错误" -#: settings/utils/ldap.py:457 +#: settings/utils/ldap.py:459 msgid "Please enter Bind DN: {}" msgstr "请输入绑定DN: {}" -#: settings/utils/ldap.py:459 +#: settings/utils/ldap.py:461 msgid "Please enter Password: {}" msgstr "请输入密码: {}" -#: settings/utils/ldap.py:461 +#: settings/utils/ldap.py:463 msgid "Please enter correct Bind DN and Password: {}" msgstr "请输入正确的绑定DN和密码: {}" -#: settings/utils/ldap.py:479 +#: settings/utils/ldap.py:481 msgid "Invalid User OU or User search filter: {}" msgstr "不合法的用户OU或用户过滤器: {}" -#: settings/utils/ldap.py:510 +#: settings/utils/ldap.py:512 msgid "LDAP User attr map not include: {}" msgstr "LDAP属性映射没有包含: {}" -#: settings/utils/ldap.py:517 +#: settings/utils/ldap.py:519 msgid "LDAP User attr map is not dict" msgstr "LDAP属性映射不合法" -#: settings/utils/ldap.py:536 +#: settings/utils/ldap.py:538 msgid "LDAP authentication is not enabled" msgstr "LDAP认证没有启用" -#: settings/utils/ldap.py:554 +#: settings/utils/ldap.py:556 msgid "Error (Invalid LDAP server): {}" msgstr "错误 (不合法的LDAP服务器地址): {}" -#: settings/utils/ldap.py:556 +#: settings/utils/ldap.py:558 msgid "Error (Invalid Bind DN): {}" msgstr "错误(不合法的绑定DN): {}" -#: settings/utils/ldap.py:558 +#: settings/utils/ldap.py:560 msgid "Error (Invalid LDAP User attr map): {}" msgstr "错误(不合法的LDAP属性映射): {}" -#: settings/utils/ldap.py:560 +#: settings/utils/ldap.py:562 msgid "Error (Invalid User OU or User search filter): {}" msgstr "错误(不合法的用户OU或用户过滤器): {}" -#: settings/utils/ldap.py:562 +#: settings/utils/ldap.py:564 msgid "Error (Not enabled LDAP authentication): {}" msgstr "错误(没有启用LDAP认证): {}" -#: settings/utils/ldap.py:564 +#: settings/utils/ldap.py:566 msgid "Error (Unknown): {}" msgstr "错误(未知): {}" -#: settings/utils/ldap.py:567 +#: settings/utils/ldap.py:569 msgid "Succeed: Match {} s user" msgstr "成功匹配 {} 个用户" -#: settings/utils/ldap.py:600 +#: settings/utils/ldap.py:602 msgid "Authentication failed (configuration incorrect): {}" msgstr "认证失败(配置错误): {}" -#: settings/utils/ldap.py:602 +#: settings/utils/ldap.py:604 msgid "Authentication failed (before login check failed): {}" msgstr "认证失败(登录前检查失败): {}" -#: settings/utils/ldap.py:604 +#: settings/utils/ldap.py:606 msgid "Authentication failed (username or password incorrect): {}" msgstr "认证失败 (用户名或密码不正确): {}" -#: settings/utils/ldap.py:606 +#: settings/utils/ldap.py:608 msgid "Authentication failed (Unknown): {}" msgstr "认证失败: (未知): {}" -#: settings/utils/ldap.py:609 +#: settings/utils/ldap.py:611 msgid "Authentication success: {}" msgstr "认证成功: {}" diff --git a/apps/orgs/api.py b/apps/orgs/api.py index 0723790cd..7a3271c50 100644 --- a/apps/orgs/api.py +++ b/apps/orgs/api.py @@ -69,6 +69,12 @@ class OrgViewSet(BulkModelViewSet): msg = _('The current organization ({}) cannot be deleted').format(current_org) raise PermissionDenied(detail=msg) + if str(instance.id) == settings.AUTH_LDAP_SYNC_ORG_ID: + msg = _( + 'LDAP synchronization is set to the current organization. Please switch to another organization before deleting' + ) + raise PermissionDenied(detail=msg) + for model in org_related_models: data = self.get_data_from_model(instance, model) if not data: @@ -77,11 +83,6 @@ class OrgViewSet(BulkModelViewSet): 'The organization have resource ({}) cannot be deleted' ).format(model._meta.verbose_name) raise PermissionDenied(detail=msg) - if str(instance.id) == settings.AUTH_LDAP_SYNC_ORG_ID: - msg = _( - 'LDAP synchronization is set to the current organization. Please switch to another organization before deleting' - ) - raise PermissionDenied(detail=msg) super().perform_destroy(instance) From e61bae5ee4140d4fe5bbd4f3ca688bcd0d6e8a87 Mon Sep 17 00:00:00 2001 From: fit2bot <68588906+fit2bot@users.noreply.github.com> Date: Wed, 20 Apr 2022 18:50:53 +0800 Subject: [PATCH 7/9] =?UTF-8?q?perf:=20=E4=BC=98=E5=8C=96=E6=9D=83?= =?UTF-8?q?=E9=99=90=E4=BD=8D=20(#8110)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * perf: 优化权限位 * perf: 优化返回的组织 * perf: 保证结果是 ok * perf: 去掉 distinct * perf: tree count Co-authored-by: ibuler --- apps/rbac/builtin.py | 16 ++- apps/rbac/const.py | 3 + apps/rbac/models/rolebinding.py | 8 +- apps/rbac/tree.py | 167 +++++++++++++++++++------------- 4 files changed, 120 insertions(+), 74 deletions(-) diff --git a/apps/rbac/builtin.py b/apps/rbac/builtin.py index 179889111..b736ba226 100644 --- a/apps/rbac/builtin.py +++ b/apps/rbac/builtin.py @@ -2,6 +2,10 @@ from django.utils.translation import ugettext_noop from .const import Scope, system_exclude_permissions, org_exclude_permissions +_view_root_perms = ( + ('orgs', 'organization', 'view', 'rootorg'), +) + # 工作台也区分组织后再考虑 user_perms = ( ('rbac', 'menupermission', 'view', 'workbench'), @@ -21,19 +25,23 @@ system_user_perms = ( ('authentication', 'temptoken', 'add,change,view', 'temptoken'), ('authentication', 'accesskey', '*', '*'), ('tickets', 'ticket', 'view', 'ticket'), - ('orgs', 'organization', 'view', 'rootorg'), ) + user_perms -auditor_perms = user_perms + ( +_auditor_perms = ( ('rbac', 'menupermission', 'view', 'audit'), ('audits', '*', '*', '*'), ('terminal', 'commandstorage', 'view', 'commandstorage'), ('terminal', 'sessionreplay', 'view,download', 'sessionreplay'), ('terminal', 'session', '*', '*'), ('terminal', 'command', '*', '*'), - ('ops', 'commandexecution', 'view', 'commandexecution') + ('ops', 'commandexecution', 'view', 'commandexecution'), ) +auditor_perms = user_perms + _auditor_perms + +system_auditor_perms = system_user_perms + _auditor_perms + _view_root_perms + + app_exclude_perms = [ ('users', 'user', 'add,delete', 'user'), ('orgs', 'org', 'add,delete,change', 'org'), @@ -101,7 +109,7 @@ class BuiltinRole: '1', ugettext_noop('SystemAdmin'), Scope.system, [] ) system_auditor = PredefineRole( - '2', ugettext_noop('SystemAuditor'), Scope.system, auditor_perms + '2', ugettext_noop('SystemAuditor'), Scope.system, system_auditor_perms ) system_component = PredefineRole( '4', ugettext_noop('SystemComponent'), Scope.system, app_exclude_perms, 'exclude' diff --git a/apps/rbac/const.py b/apps/rbac/const.py index d9b80b78a..b84b7c69e 100644 --- a/apps/rbac/const.py +++ b/apps/rbac/const.py @@ -108,8 +108,11 @@ only_system_permissions = ( ('terminal', 'replaystorage', '*', '*'), ('terminal', 'status', '*', '*'), ('terminal', 'task', '*', '*'), + ('terminal', 'endpoint', '*', '*'), + ('terminal', 'endpointrule', '*', '*'), ('authentication', '*', '*', '*'), ('tickets', '*', '*', '*'), + ('orgs', 'organization', 'view', 'rootorg'), ) only_org_permissions = ( diff --git a/apps/rbac/models/rolebinding.py b/apps/rbac/models/rolebinding.py index dc09f75d2..c0ac806ef 100644 --- a/apps/rbac/models/rolebinding.py +++ b/apps/rbac/models/rolebinding.py @@ -107,19 +107,23 @@ class RoleBinding(JMSModel): roles = Role.get_roles_by_perm(perm) with tmp_to_root_org(): bindings = list(cls.objects.root_all().filter(role__in=roles, user=user)) - system_bindings = [b for b in bindings if b.scope == Role.Scope.system.value] + system_bindings = [b for b in bindings if b.scope == Role.Scope.system.value] + # 工作台仅限于自己加入的组织 if perm == 'rbac.view_workbench': all_orgs = user.orgs.all() else: all_orgs = Organization.objects.all() + # 有系统级别的绑定,就代表在所有组织有这个权限 if system_bindings: orgs = all_orgs else: org_ids = [b.org.id for b in bindings if b.org] orgs = all_orgs.filter(id__in=org_ids) - if orgs and user.has_perm('orgs.view_rootorg'): + + # 全局组织 + if orgs and perm != 'rbac.view_workbench' and user.has_perm('orgs.view_rootorg'): orgs = [Organization.root(), *list(orgs)] return orgs diff --git a/apps/rbac/tree.py b/apps/rbac/tree.py index a585bdf5c..bae0b930e 100644 --- a/apps/rbac/tree.py +++ b/apps/rbac/tree.py @@ -1,7 +1,8 @@ #!/usr/bin/python import os -from collections import defaultdict from typing import Callable +from treelib import Tree +from treelib.exceptions import NodeIDAbsentError from django.utils.translation import gettext_lazy as _, gettext, get_language from django.conf import settings @@ -159,6 +160,65 @@ def sort_nodes(node): return value +class CounterTree(Tree): + def get_total_count(self, node): + count = getattr(node, '_total_count', None) + if count is not None: + return count + + if not node.data.isParent: + return 1 + + count = 0 + children = self.children(node.identifier) + for child in children: + if child.data.isParent: + count += self.get_total_count(child) + else: + count += 1 + node._total_count = count + return count + + def get_checked_count(self, node): + count = getattr(node, '_checked_count', None) + if count is not None: + return count + + if not node.data.isParent: + if node.data.checked: + return 1 + else: + return 0 + + count = 0 + children = self.children(node.identifier) + for child in children: + if child.data.isParent: + count += self.get_checked_count(child) + else: + if child.data.checked: + count += 1 + node._checked_count = count + return count + + def add_nodes_to_tree(self, ztree_nodes, retry=0): + failed = [] + for node in ztree_nodes: + pid = node.pId + if retry == 2: + pid = '$ROOT$' + + try: + self.create_node(node.name, node.id, pid, data=node) + except NodeIDAbsentError: + failed.append(node) + if retry > 2: + return + if failed: + retry += 1 + return self.add_nodes_to_tree(failed, retry) + + class PermissionTreeUtil: get_permissions: Callable action_mapper = { @@ -183,8 +243,6 @@ class PermissionTreeUtil: Permission.get_permissions(scope) ) self.check_disabled = check_disabled - self.total_counts = defaultdict(int) - self.checked_counts = defaultdict(int) self.lang = get_language() @staticmethod @@ -211,38 +269,10 @@ class PermissionTreeUtil: 'name': name, 'pId': view, } - total_count = self.total_counts[app] - checked_count = self.checked_counts[app] - if total_count == 0: - continue - self.total_counts[view] += total_count - self.checked_counts[view] += checked_count - node = self._create_node( - app_data, total_count, checked_count, - 'app', is_open=False - ) + node = self._create_node(app_data, 'app', is_open=False) nodes.append(node) return nodes - def _get_model_counts_mapper(self): - model_counts = self.all_permissions \ - .values('model', 'app', 'content_type') \ - .order_by('content_type') \ - .annotate(count=Count('content_type')) - model_check_counts = self.permissions \ - .values('content_type', 'model') \ - .order_by('content_type') \ - .annotate(count=Count('content_type')) - model_counts_mapper = { - i['content_type']: i['count'] - for i in model_counts - } - model_check_counts_mapper = { - i['content_type']: i['count'] - for i in model_check_counts - } - return model_counts_mapper, model_check_counts_mapper - @staticmethod def _check_model_xpack(model_id): app, model = model_id.split('.', 2) @@ -263,17 +293,10 @@ class PermissionTreeUtil: if not self._check_model_xpack(model_id): continue - total_count = self.total_counts[model_id] - checked_count = self.checked_counts[model_id] - if total_count == 0: - continue - # 获取 pid app = ct.app_label if model_id in special_pid_mapper: app = special_pid_mapper[model_id] - self.total_counts[app] += total_count - self.checked_counts[app] += checked_count # 获取 name name = f'{ct.name}' @@ -284,7 +307,7 @@ class PermissionTreeUtil: 'id': model_id, 'name': name, 'pId': app, - }, total_count, checked_count, 'model', is_open=False) + }, 'model', is_open=False) nodes.append(node) return nodes @@ -334,10 +357,7 @@ class PermissionTreeUtil: if title in special_pid_mapper: pid = special_pid_mapper[title] - self.total_counts[pid] += 1 checked = p.id in permissions_id - if checked: - self.checked_counts[pid] += 1 node = TreeNode(**{ 'id': p.id, @@ -347,7 +367,7 @@ class PermissionTreeUtil: 'isParent': False, 'chkDisabled': self.check_disabled, 'iconSkin': icon, - 'checked': p.id in permissions_id, + 'checked': checked, 'open': False, 'meta': { 'type': 'perm', @@ -356,13 +376,11 @@ class PermissionTreeUtil: nodes.append(node) return nodes - def _create_node(self, data, total_count, checked_count, tp, - is_parent=True, is_open=True, icon='', checked=None): + def _create_node(self, data, tp, is_parent=True, is_open=True, icon='', checked=None): assert data.get('id') assert data.get('name') assert data.get('pId') is not None - if checked is None: - checked = total_count == checked_count + node_data = { 'isParent': is_parent, 'iconSkin': icon, @@ -380,46 +398,58 @@ class PermissionTreeUtil: node.name += ('[' + node.id + ']') if DEBUG_DB: node.name += ('-' + node.id) - node.name += f'({checked_count}/{total_count})' return node def _create_root_tree_node(self): - total_count = self.all_permissions.count() - checked_count = self.permissions.count() - node = self._create_node(root_node_data, total_count, checked_count, 'root') + node = self._create_node(root_node_data, 'root') return node def _create_views_node(self): nodes = [] for view_data in view_nodes_data: - view = view_data['id'] data = { **view_data, 'pId': '$ROOT$', } - total_count = self.total_counts[view] - checked_count = self.checked_counts[view] - if total_count == 0: - continue - node = self._create_node(data, total_count, checked_count, 'view', is_open=True) + node = self._create_node(data, 'view', is_open=True) nodes.append(node) return nodes def _create_extra_nodes(self): nodes = [] for data in extra_nodes_data: - i = data['id'] - pid = data['pId'] - checked_count = self.checked_counts[i] - total_count = self.total_counts[i] + node = self._create_node(data, 'extra', is_open=False) + nodes.append(node) + return nodes + + @staticmethod + def compute_nodes_count(ztree_nodes): + tree = CounterTree() + reverse_nodes = ztree_nodes[::-1] + root = reverse_nodes[0] + tree.create_node(root.name, root.id, data=root) + tree.add_nodes_to_tree(reverse_nodes[1:]) + counter_nodes = tree.all_nodes() + + node_counts = {} + for n in counter_nodes: + if not n: + continue + total_count = tree.get_total_count(n) + checked_count = tree.get_checked_count(n) + node_counts[n.identifier] = [checked_count, total_count] + + nodes = [] + for node in ztree_nodes: + counter = node_counts[node.id] + if not counter: + counter = [0, 0] + checked_count, total_count = counter if total_count == 0: continue - self.total_counts[pid] += total_count - self.checked_counts[pid] += checked_count - node = self._create_node( - data, total_count, checked_count, - 'extra', is_open=False - ) + node.name += '({}/{})'.format(checked_count, total_count) + if checked_count != 0: + node.checked = True nodes.append(node) return nodes @@ -431,5 +461,6 @@ class PermissionTreeUtil: nodes += self._create_views_node() nodes += [self._create_root_tree_node()] + nodes = self.compute_nodes_count(nodes) nodes.sort(key=sort_nodes) return nodes From 74f88d842d11211f9f4a7122b3572189dc53e2a7 Mon Sep 17 00:00:00 2001 From: feng626 <1304903146@qq.com> Date: Wed, 20 Apr 2022 19:12:55 +0800 Subject: [PATCH 8/9] =?UTF-8?q?fix:=20=E4=BF=AE=E6=94=B9replay=20download?= =?UTF-8?q?=20perm?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/terminal/api/session.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/terminal/api/session.py b/apps/terminal/api/session.py index 3193956e5..6ba0477b9 100644 --- a/apps/terminal/api/session.py +++ b/apps/terminal/api/session.py @@ -63,7 +63,7 @@ class SessionViewSet(OrgBulkModelViewSet): ] extra_filter_backends = [DatetimeRangeFilter] rbac_perms = { - 'download': ['terminal.download_sessionreplay|terminal.view_sessionreplay'] + 'download': ['terminal.download_sessionreplay'] } @staticmethod From 63ee2dd8fb1a1a893ea8da6883e9e93eb2d0e75e Mon Sep 17 00:00:00 2001 From: "Jiangjie.Bai" Date: Wed, 20 Apr 2022 19:58:39 +0800 Subject: [PATCH 9/9] =?UTF-8?q?fix:=20=E4=BF=AE=E5=A4=8D=E8=8E=B7=E5=8F=96?= =?UTF-8?q?=E6=9D=83=E9=99=90=E6=A0=91=E6=9D=83=E9=99=90=E6=8E=A7=E5=88=B6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/rbac/api/role.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/apps/rbac/api/role.py b/apps/rbac/api/role.py index ceb2e9c19..f077964a6 100644 --- a/apps/rbac/api/role.py +++ b/apps/rbac/api/role.py @@ -90,7 +90,7 @@ class SystemRolePermissionsViewSet(BaseRolePermissionsViewSet): role_pk = 'system_role_pk' model = SystemRole rbac_perms = ( - ('get_tree', 'rbac.view_systemrole'), + ('get_tree', 'rbac.view_permission'), ) @@ -99,6 +99,6 @@ class OrgRolePermissionsViewSet(BaseRolePermissionsViewSet): role_pk = 'org_role_pk' model = OrgRole rbac_perms = ( - ('get_tree', 'rbac.view_orgrole'), + ('get_tree', 'rbac.view_permission'), )