github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

fix: acl 记录操作日志 账号信息为空 (#11869) 

Co-authored-by: feng <1304903146@qq.com>
pull/11870/head
fit2bot 2023-10-17 15:01:21 +08:00 committed by GitHub
parent 73b75df524
commit e88e4438ba
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 12 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
apps/authentication/api/connection_token.py
View File

@ -300,6 +300,7 @@ class ConnectionTokenViewSet(ExtraActionApiMixin, RootOrgViewMixin, JMSModelView
'get_rdp_file': 'authentication.add_connectiontoken', 'get_rdp_file': 'authentication.add_connectiontoken',
'get_client_protocol_url': 'authentication.add_connectiontoken', 'get_client_protocol_url': 'authentication.add_connectiontoken',
} }
input_username = ''
def get_queryset(self): def get_queryset(self):
queryset = ConnectionToken.objects \ queryset = ConnectionToken.objects \
@ -335,6 +336,7 @@ class ConnectionTokenViewSet(ExtraActionApiMixin, RootOrgViewMixin, JMSModelView
self._insert_connect_options(data, user) self._insert_connect_options(data, user)
asset = data.get('asset') asset = data.get('asset')
account_name = data.get('account') account_name = data.get('account')
self.input_username = data.get('input_username', '')
_data = self._validate(user, asset, account_name) _data = self._validate(user, asset, account_name)
data.update(_data) data.update(_data)
return serializer return serializer
@ -361,10 +363,9 @@ class ConnectionTokenViewSet(ExtraActionApiMixin, RootOrgViewMixin, JMSModelView
if account.has_secret: if account.has_secret:
data['input_secret'] = '' data['input_secret'] = ''
input_username = data.get('input_username', '')
if account.username != AliasAccount.INPUT: if account.username != AliasAccount.INPUT:
data['input_username'] = '' data['input_username'] = ''
ticket = self._validate_acl(user, asset, account, input_username) ticket = self._validate_acl(user, asset, account)
if ticket: if ticket:
data['from_ticket'] = ticket data['from_ticket'] = ticket
data['is_active'] = False data['is_active'] = False
@ -382,13 +383,12 @@ class ConnectionTokenViewSet(ExtraActionApiMixin, RootOrgViewMixin, JMSModelView
raise JMSException(code='perm_expired', detail=msg) raise JMSException(code='perm_expired', detail=msg)
return account return account
@staticmethod def _record_operate_log(self, acl, asset):
def _record_operate_log(acl, asset, input_username):
from audits.handler import create_or_update_operate_log from audits.handler import create_or_update_operate_log
with tmp_to_org(asset.org_id): with tmp_to_org(asset.org_id):
after = { after = {
str(_('Assets')): str(asset), str(_('Assets')): str(asset),
str(_('Account')): input_username str(_('Account')): self.input_username
} }
object_name = acl._meta.object_name object_name = acl._meta.object_name
resource_type = acl._meta.verbose_name resource_type = acl._meta.verbose_name
@ -397,7 +397,7 @@ class ConnectionTokenViewSet(ExtraActionApiMixin, RootOrgViewMixin, JMSModelView
after=after, object_name=object_name after=after, object_name=object_name
) )
def _validate_acl(self, user, asset, account, input_username): def _validate_acl(self, user, asset, account):
from acls.models import LoginAssetACL from acls.models import LoginAssetACL
acls = LoginAssetACL.filter_queryset(user=user, asset=asset, account=account) acls = LoginAssetACL.filter_queryset(user=user, asset=asset, account=account)
ip = get_request_ip(self.request) ip = get_request_ip(self.request)
@ -405,19 +405,19 @@ class ConnectionTokenViewSet(ExtraActionApiMixin, RootOrgViewMixin, JMSModelView
if not acl: if not acl:
return return
if acl.is_action(acl.ActionChoices.accept): if acl.is_action(acl.ActionChoices.accept):
self._record_operate_log(acl, asset, input_username) self._record_operate_log(acl, asset)
return return
if acl.is_action(acl.ActionChoices.reject): if acl.is_action(acl.ActionChoices.reject):
self._record_operate_log(acl, asset, input_username) self._record_operate_log(acl, asset)
msg = _('ACL action is reject: {}({})'.format(acl.name, acl.id)) msg = _('ACL action is reject: {}({})'.format(acl.name, acl.id))
raise JMSException(code='acl_reject', detail=msg) raise JMSException(code='acl_reject', detail=msg)
if acl.is_action(acl.ActionChoices.review): if acl.is_action(acl.ActionChoices.review):
if not self.request.query_params.get('create_ticket'): if not self.request.query_params.get('create_ticket'):
msg = _('ACL action is review') msg = _('ACL action is review')
raise JMSException(code='acl_review', detail=msg) raise JMSException(code='acl_review', detail=msg)
self._record_operate_log(acl, asset, input_username) self._record_operate_log(acl, asset)
ticket = LoginAssetACL.create_login_asset_review_ticket( ticket = LoginAssetACL.create_login_asset_review_ticket(
user=user, asset=asset, account_username=input_username, user=user, asset=asset, account_username=self.input_username,
assignees=acl.reviewers.all(), org_id=asset.org_id assignees=acl.reviewers.all(), org_id=asset.org_id
) )
return ticket return ticket
@ -426,10 +426,10 @@ class ConnectionTokenViewSet(ExtraActionApiMixin, RootOrgViewMixin, JMSModelView
if not reviewers: if not reviewers:
return return
self._record_operate_log(acl, asset, input_username) self._record_operate_log(acl, asset)
for reviewer in reviewers: for reviewer in reviewers:
AssetLoginReminderMsg( AssetLoginReminderMsg(
reviewer, asset, user, input_username reviewer, asset, user, self.input_username
).publish_async() ).publish_async()
def create(self, request, *args, **kwargs): def create(self, request, *args, **kwargs):