mirror of https://github.com/jumpserver/jumpserver
[Update] 用户创建支持修改source
ibuler
parent
bae4387068
commit
eedaaddbf5
|
|
@ -25,7 +25,7 @@
|
||||||
|
|
||||||
<div class="wrapper wrapper-content">
|
<div class="wrapper wrapper-content">
|
||||||
<div class="row">
|
<div class="row">
|
||||||
<div class="col-lg-3" id="split-left" style="padding-left: 3px">
|
<div class="col-lg-3" id="split-left" style="padding-left: 3px;overflow: auto;max-height: 500px">
|
||||||
<div class="ibox float-e-margins">
|
<div class="ibox float-e-margins">
|
||||||
<div class="ibox-content mailbox-content" style="padding-top: 0;padding-left: 1px">
|
<div class="ibox-content mailbox-content" style="padding-top: 0;padding-left: 1px">
|
||||||
<div class="file-manager ">
|
<div class="file-manager ">
|
||||||
|
|
|
||||||
|
|
@ -395,6 +395,7 @@ defaults = {
|
||||||
'FLOWER_URL': "127.0.0.1:5555",
|
'FLOWER_URL': "127.0.0.1:5555",
|
||||||
'DEFAULT_ORG_SHOW_ALL_USERS': True,
|
'DEFAULT_ORG_SHOW_ALL_USERS': True,
|
||||||
'PERIOD_TASK_ENABLED': True,
|
'PERIOD_TASK_ENABLED': True,
|
||||||
|
'WINDOWS_SKIP_ALL_MANUAL_PASSWORD': True,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -12,11 +12,14 @@ from django.conf import settings
|
||||||
from django.core.mail import send_mail
|
from django.core.mail import send_mail
|
||||||
from django.utils.translation import ugettext_lazy as _
|
from django.utils.translation import ugettext_lazy as _
|
||||||
|
|
||||||
from .models import Setting
|
|
||||||
from .utils import LDAPUtil
|
|
||||||
from common.permissions import IsOrgAdmin, IsSuperUser
|
from common.permissions import IsOrgAdmin, IsSuperUser
|
||||||
from common.utils import get_logger
|
from common.utils import get_logger
|
||||||
from .serializers import MailTestSerializer, LDAPTestSerializer, LDAPUserSerializer
|
from .models import Setting
|
||||||
|
from .utils import LDAPUtil
|
||||||
|
from .serializers import (
|
||||||
|
MailTestSerializer, LDAPTestSerializer, LDAPUserSerializer,
|
||||||
|
PublicSettingSerializer,
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
logger = get_logger(__file__)
|
logger = get_logger(__file__)
|
||||||
|
|
@ -245,3 +248,19 @@ class CommandStorageDeleteAPI(APIView):
|
||||||
storage_name = str(request.data.get('name'))
|
storage_name = str(request.data.get('name'))
|
||||||
Setting.delete_storage('TERMINAL_COMMAND_STORAGE', storage_name)
|
Setting.delete_storage('TERMINAL_COMMAND_STORAGE', storage_name)
|
||||||
return Response({"msg": _('Delete succeed')}, status=200)
|
return Response({"msg": _('Delete succeed')}, status=200)
|
||||||
|
|
||||||
|
|
||||||
|
class PublicSettingApi(generics.RetrieveAPIView):
|
||||||
|
permission_classes = ()
|
||||||
|
serializer_class = PublicSettingSerializer
|
||||||
|
|
||||||
|
def get_object(self):
|
||||||
|
c = settings.CONFIG
|
||||||
|
instance = {
|
||||||
|
"data": {
|
||||||
|
"WINDOWS_SKIP_ALL_MANUAL_PASSWORD": c.WINDOWS_SKIP_ALL_MANUAL_PASSWORD
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return instance
|
||||||
|
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -28,3 +28,6 @@ class LDAPUserSerializer(serializers.Serializer):
|
||||||
email = serializers.CharField()
|
email = serializers.CharField()
|
||||||
existing = serializers.BooleanField(read_only=True)
|
existing = serializers.BooleanField(read_only=True)
|
||||||
|
|
||||||
|
|
||||||
|
class PublicSettingSerializer(serializers.Serializer):
|
||||||
|
data = serializers.DictField(read_only=True)
|
||||||
|
|
|
||||||
|
|
@ -15,4 +15,5 @@ urlpatterns = [
|
||||||
path('terminal/replay-storage/delete/', api.ReplayStorageDeleteAPI.as_view(), name='replay-storage-delete'),
|
path('terminal/replay-storage/delete/', api.ReplayStorageDeleteAPI.as_view(), name='replay-storage-delete'),
|
||||||
path('terminal/command-storage/create/', api.CommandStorageCreateAPI.as_view(), name='command-storage-create'),
|
path('terminal/command-storage/create/', api.CommandStorageCreateAPI.as_view(), name='command-storage-create'),
|
||||||
path('terminal/command-storage/delete/', api.CommandStorageDeleteAPI.as_view(), name='command-storage-delete'),
|
path('terminal/command-storage/delete/', api.CommandStorageDeleteAPI.as_view(), name='command-storage-delete'),
|
||||||
|
path('public/', api.PublicSettingApi.as_view(), name='public-setting'),
|
||||||
]
|
]
|
||||||
|
|
|
||||||
|
|
@ -2,6 +2,7 @@
|
||||||
|
|
||||||
from django import forms
|
from django import forms
|
||||||
from django.utils.translation import gettext_lazy as _
|
from django.utils.translation import gettext_lazy as _
|
||||||
|
from django.conf import settings
|
||||||
|
|
||||||
from common.utils import validate_ssh_public_key
|
from common.utils import validate_ssh_public_key
|
||||||
from orgs.mixins.forms import OrgModelForm
|
from orgs.mixins.forms import OrgModelForm
|
||||||
|
|
@ -21,6 +22,20 @@ class UserCheckOtpCodeForm(forms.Form):
|
||||||
otp_code = forms.CharField(label=_('MFA code'), max_length=6)
|
otp_code = forms.CharField(label=_('MFA code'), max_length=6)
|
||||||
|
|
||||||
|
|
||||||
|
def get_source_choices():
|
||||||
|
choices_all = dict(User.SOURCE_CHOICES)
|
||||||
|
choices = [
|
||||||
|
(User.SOURCE_LOCAL, choices_all[User.SOURCE_LOCAL]),
|
||||||
|
]
|
||||||
|
if settings.AUTH_LDAP:
|
||||||
|
choices.append((User.SOURCE_LDAP, choices_all[User.SOURCE_LDAP]))
|
||||||
|
if settings.AUTH_OPENID:
|
||||||
|
choices.append((User.SOURCE_OPENID, choices_all[User.SOURCE_OPENID]))
|
||||||
|
if settings.AUTH_RADIUS:
|
||||||
|
choices.append((User.SOURCE_RADIUS, choices_all[User.SOURCE_RADIUS]))
|
||||||
|
return choices
|
||||||
|
|
||||||
|
|
||||||
class UserCreateUpdateFormMixin(OrgModelForm):
|
class UserCreateUpdateFormMixin(OrgModelForm):
|
||||||
role_choices = ((i, n) for i, n in User.ROLE_CHOICES if i != User.ROLE_APP)
|
role_choices = ((i, n) for i, n in User.ROLE_CHOICES if i != User.ROLE_APP)
|
||||||
password = forms.CharField(
|
password = forms.CharField(
|
||||||
|
|
@ -31,6 +46,10 @@ class UserCreateUpdateFormMixin(OrgModelForm):
|
||||||
choices=role_choices, required=True,
|
choices=role_choices, required=True,
|
||||||
initial=User.ROLE_USER, label=_("Role")
|
initial=User.ROLE_USER, label=_("Role")
|
||||||
)
|
)
|
||||||
|
source = forms.ChoiceField(
|
||||||
|
choices=get_source_choices, required=True,
|
||||||
|
initial=User.SOURCE_LOCAL, label=_("Source")
|
||||||
|
)
|
||||||
public_key = forms.CharField(
|
public_key = forms.CharField(
|
||||||
label=_('ssh public key'), max_length=5000, required=False,
|
label=_('ssh public key'), max_length=5000, required=False,
|
||||||
widget=forms.Textarea(attrs={'placeholder': _('ssh-rsa AAAA...')}),
|
widget=forms.Textarea(attrs={'placeholder': _('ssh-rsa AAAA...')}),
|
||||||
|
|
@ -41,7 +60,8 @@ class UserCreateUpdateFormMixin(OrgModelForm):
|
||||||
model = User
|
model = User
|
||||||
fields = [
|
fields = [
|
||||||
'username', 'name', 'email', 'groups', 'wechat',
|
'username', 'name', 'email', 'groups', 'wechat',
|
||||||
'phone', 'role', 'date_expired', 'comment', 'otp_level'
|
'source', 'phone', 'role', 'date_expired',
|
||||||
|
'comment', 'otp_level'
|
||||||
]
|
]
|
||||||
widgets = {
|
widgets = {
|
||||||
'otp_level': forms.RadioSelect(),
|
'otp_level': forms.RadioSelect(),
|
||||||
|
|
|
||||||
|
|
@ -1,3 +1,4 @@
|
||||||
# -*- coding: utf-8 -*-
|
# -*- coding: utf-8 -*-
|
||||||
#
|
#
|
||||||
from .v1 import *
|
from .user import *
|
||||||
|
from .group import *
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,69 @@
|
||||||
|
# -*- coding: utf-8 -*-
|
||||||
|
#
|
||||||
|
from django.utils.translation import ugettext_lazy as _
|
||||||
|
from rest_framework import serializers
|
||||||
|
|
||||||
|
from common.fields import StringManyToManyField
|
||||||
|
from common.serializers import AdaptedBulkListSerializer
|
||||||
|
from orgs.mixins.serializers import BulkOrgResourceModelSerializer
|
||||||
|
from ..models import User, UserGroup
|
||||||
|
from .. import utils
|
||||||
|
|
||||||
|
|
||||||
|
__all__ = [
|
||||||
|
'UserGroupSerializer', 'UserGroupListSerializer',
|
||||||
|
'UserGroupUpdateMemberSerializer'
|
||||||
|
]
|
||||||
|
|
||||||
|
|
||||||
|
class UserGroupSerializer(BulkOrgResourceModelSerializer):
|
||||||
|
users = serializers.PrimaryKeyRelatedField(
|
||||||
|
required=False, many=True, queryset=User.objects, label=_('User')
|
||||||
|
)
|
||||||
|
|
||||||
|
class Meta:
|
||||||
|
model = UserGroup
|
||||||
|
list_serializer_class = AdaptedBulkListSerializer
|
||||||
|
fields = [
|
||||||
|
'id', 'name', 'users', 'comment', 'date_created',
|
||||||
|
'created_by',
|
||||||
|
]
|
||||||
|
extra_kwargs = {
|
||||||
|
'created_by': {'label': _('Created by'), 'read_only': True}
|
||||||
|
}
|
||||||
|
|
||||||
|
def __init__(self, *args, **kwargs):
|
||||||
|
super().__init__(*args, **kwargs)
|
||||||
|
self.set_fields_queryset()
|
||||||
|
|
||||||
|
def set_fields_queryset(self):
|
||||||
|
users_field = self.fields['users']
|
||||||
|
users_field.child_relation.queryset = utils.get_current_org_members()
|
||||||
|
|
||||||
|
def validate_users(self, users):
|
||||||
|
for user in users:
|
||||||
|
if user.is_super_auditor:
|
||||||
|
msg = _('Auditors cannot be join in the user group')
|
||||||
|
raise serializers.ValidationError(msg)
|
||||||
|
return users
|
||||||
|
|
||||||
|
|
||||||
|
class UserGroupListSerializer(UserGroupSerializer):
|
||||||
|
users = StringManyToManyField(many=True, read_only=True)
|
||||||
|
|
||||||
|
|
||||||
|
class UserGroupUpdateMemberSerializer(serializers.ModelSerializer):
|
||||||
|
users = serializers.PrimaryKeyRelatedField(many=True, queryset=User.objects)
|
||||||
|
|
||||||
|
class Meta:
|
||||||
|
model = UserGroup
|
||||||
|
fields = ['id', 'users']
|
||||||
|
|
||||||
|
def __init__(self, *args, **kwargs):
|
||||||
|
super().__init__(*args, **kwargs)
|
||||||
|
self.set_fields_queryset()
|
||||||
|
|
||||||
|
def set_fields_queryset(self):
|
||||||
|
users_field = self.fields['users']
|
||||||
|
users_field.child_relation.queryset = utils.get_current_org_members()
|
||||||
|
|
||||||
|
|
@ -6,19 +6,14 @@ from rest_framework import serializers
|
||||||
|
|
||||||
from common.utils import validate_ssh_public_key
|
from common.utils import validate_ssh_public_key
|
||||||
from common.mixins import BulkSerializerMixin
|
from common.mixins import BulkSerializerMixin
|
||||||
from common.fields import StringManyToManyField
|
|
||||||
from common.serializers import AdaptedBulkListSerializer
|
from common.serializers import AdaptedBulkListSerializer
|
||||||
from common.permissions import CanUpdateDeleteUser
|
from common.permissions import CanUpdateDeleteUser
|
||||||
from orgs.mixins.serializers import BulkOrgResourceModelSerializer
|
|
||||||
from ..models import User, UserGroup
|
from ..models import User, UserGroup
|
||||||
from .. import utils
|
|
||||||
|
|
||||||
|
|
||||||
__all__ = [
|
__all__ = [
|
||||||
'UserSerializer', 'UserPKUpdateSerializer', 'UserUpdateGroupSerializer',
|
'UserSerializer', 'UserPKUpdateSerializer', 'UserUpdateGroupSerializer',
|
||||||
'UserGroupSerializer', 'UserGroupListSerializer',
|
'ChangeUserPasswordSerializer', 'ResetOTPSerializer',
|
||||||
'UserGroupUpdateMemberSerializer', 'ChangeUserPasswordSerializer',
|
|
||||||
'ResetOTPSerializer',
|
|
||||||
]
|
]
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -49,7 +44,6 @@ class UserSerializer(BulkSerializerMixin, serializers.ModelSerializer):
|
||||||
'is_valid': {'label': _('Is valid')},
|
'is_valid': {'label': _('Is valid')},
|
||||||
'is_expired': {'label': _('Is expired')},
|
'is_expired': {'label': _('Is expired')},
|
||||||
'avatar_url': {'label': _('Avatar url')},
|
'avatar_url': {'label': _('Avatar url')},
|
||||||
'source': {'read_only': True},
|
|
||||||
'created_by': {'read_only': True, 'allow_blank': True},
|
'created_by': {'read_only': True, 'allow_blank': True},
|
||||||
'can_update': {'read_only': True},
|
'can_update': {'read_only': True},
|
||||||
'can_delete': {'read_only': True},
|
'can_delete': {'read_only': True},
|
||||||
|
|
@ -127,58 +121,6 @@ class UserUpdateGroupSerializer(serializers.ModelSerializer):
|
||||||
fields = ['id', 'groups']
|
fields = ['id', 'groups']
|
||||||
|
|
||||||
|
|
||||||
class UserGroupSerializer(BulkOrgResourceModelSerializer):
|
|
||||||
users = serializers.PrimaryKeyRelatedField(
|
|
||||||
required=False, many=True, queryset=User.objects, label=_('User')
|
|
||||||
)
|
|
||||||
|
|
||||||
class Meta:
|
|
||||||
model = UserGroup
|
|
||||||
list_serializer_class = AdaptedBulkListSerializer
|
|
||||||
fields = [
|
|
||||||
'id', 'name', 'users', 'comment', 'date_created',
|
|
||||||
'created_by',
|
|
||||||
]
|
|
||||||
extra_kwargs = {
|
|
||||||
'created_by': {'label': _('Created by'), 'read_only': True}
|
|
||||||
}
|
|
||||||
|
|
||||||
def __init__(self, *args, **kwargs):
|
|
||||||
super().__init__(*args, **kwargs)
|
|
||||||
self.set_fields_queryset()
|
|
||||||
|
|
||||||
def set_fields_queryset(self):
|
|
||||||
users_field = self.fields['users']
|
|
||||||
users_field.child_relation.queryset = utils.get_current_org_members()
|
|
||||||
|
|
||||||
def validate_users(self, users):
|
|
||||||
for user in users:
|
|
||||||
if user.is_super_auditor:
|
|
||||||
msg = _('Auditors cannot be join in the user group')
|
|
||||||
raise serializers.ValidationError(msg)
|
|
||||||
return users
|
|
||||||
|
|
||||||
|
|
||||||
class UserGroupListSerializer(UserGroupSerializer):
|
|
||||||
users = StringManyToManyField(many=True, read_only=True)
|
|
||||||
|
|
||||||
|
|
||||||
class UserGroupUpdateMemberSerializer(serializers.ModelSerializer):
|
|
||||||
users = serializers.PrimaryKeyRelatedField(many=True, queryset=User.objects)
|
|
||||||
|
|
||||||
class Meta:
|
|
||||||
model = UserGroup
|
|
||||||
fields = ['id', 'users']
|
|
||||||
|
|
||||||
def __init__(self, *args, **kwargs):
|
|
||||||
super().__init__(*args, **kwargs)
|
|
||||||
self.set_fields_queryset()
|
|
||||||
|
|
||||||
def set_fields_queryset(self):
|
|
||||||
users_field = self.fields['users']
|
|
||||||
users_field.child_relation.queryset = utils.get_current_org_members()
|
|
||||||
|
|
||||||
|
|
||||||
class ChangeUserPasswordSerializer(serializers.ModelSerializer):
|
class ChangeUserPasswordSerializer(serializers.ModelSerializer):
|
||||||
|
|
||||||
class Meta:
|
class Meta:
|
||||||
|
|
@ -21,6 +21,7 @@
|
||||||
<h3>{% trans 'Auth' %}</h3>
|
<h3>{% trans 'Auth' %}</h3>
|
||||||
{% block password %}{% endblock %}
|
{% block password %}{% endblock %}
|
||||||
{% bootstrap_field form.otp_level layout="horizontal" %}
|
{% bootstrap_field form.otp_level layout="horizontal" %}
|
||||||
|
{% bootstrap_field form.source layout="horizontal" %}
|
||||||
|
|
||||||
<div class="hr-line-dashed"></div>
|
<div class="hr-line-dashed"></div>
|
||||||
<h3>{% trans 'Security and Role' %}</h3>
|
<h3>{% trans 'Security and Role' %}</h3>
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue