diff --git a/apps/ops/models/job.py b/apps/ops/models/job.py index d3647bdc3..6431780a3 100644 --- a/apps/ops/models/job.py +++ b/apps/ops/models/job.py @@ -396,29 +396,29 @@ class JobExecution(JMSOrgBaseModel): CommandExecutionAlert({ "assets": self.current_job.assets.all(), "input": self.material, - "risk_level": 5, + "risk_level": RiskLevelChoices.reject, "user": self.creator, }).publish_async() raise Exception("command is rejected by ACL") elif acl.is_action(CommandFilterACL.ActionChoices.warning): - user = self.creator command = { 'input': self.material, - 'user': user.name, - '_user_id': user.id, + 'user': self.creator.name, 'asset': asset.name, + 'cmd_filter_acl': str(acl.id), + 'cmd_group': str(cg.id), + 'risk_level': RiskLevelChoices.warning, + 'org_id': self.org_id, + '_user_id': self.creator.id, '_asset_id': asset.id, '_account': self.current_job.runas, '_cmd_filter_acl': acl, '_cmd_group': cg, - 'session': '', - '_risk_level': RiskLevelChoices.warning.label, - 'org_id': self.org.id, - '_org_name': self.org.name or self.org.id, + '_org_name': self.org_name, } - CommandWarningMessage(user, command).publish_async() + for reviewer in acl.reviewers.all(): + CommandWarningMessage(reviewer, command).publish_async() return True - return False def check_command_acl(self): diff --git a/apps/terminal/api/session/command.py b/apps/terminal/api/session/command.py index c933a12ad..f95155fd1 100644 --- a/apps/terminal/api/session/command.py +++ b/apps/terminal/api/session/command.py @@ -216,31 +216,29 @@ class InsecureCommandAlertAPI(generics.CreateAPIView): cmd_groups = CommandGroup.objects.filter(id__in=cmd_group_ids).only('id', 'name') cmd_group_mapper = {str(i.id): i for i in cmd_groups} - lang = request.stream.COOKIES.get('django_language', 'zh') - with translation.override(lang): - for command in commands: - cmd_acl = acl_mapper.get(command['cmd_filter_acl']) - command['_cmd_filter_acl'] = cmd_acl - cmd_group = cmd_group_mapper.get(command['cmd_group']) - command['_cmd_group'] = cmd_group - session = session_mapper.get(command['session']) - risk_level = command.get('risk_level') - if session: - command.update({ - '_user_id': session.user_id, - '_asset_id': session.asset_id, - '_account': session.account, - '_account_id': session.account_id, - '_org_name': session.org.name, - '_risk_level': RiskLevelChoices.get_risk_level_str(risk_level), - }) + for command in commands: + cmd_acl = acl_mapper.get(command['cmd_filter_acl']) + command['_cmd_filter_acl'] = cmd_acl + cmd_group = cmd_group_mapper.get(command['cmd_group']) + command['_cmd_group'] = cmd_group + session = session_mapper.get(command['session']) + risk_level = command.get('risk_level') - if risk_level in [RiskLevelChoices.reject, RiskLevelChoices.review_reject]: - CommandAlertMessage(command).publish_async() - elif risk_level in [RiskLevelChoices.warning]: - for reviewer in cmd_acl.reviewers.all(): - CommandWarningMessage(reviewer, command).publish_async() - else: - logger.info(f'Risk level ignore: {risk_level}') + if session: + command.update({ + '_user_id': session.user_id, + '_asset_id': session.asset_id, + '_account': session.account, + '_account_id': session.account_id, + '_org_name': session.org.name, + }) + + if risk_level in [RiskLevelChoices.reject, RiskLevelChoices.review_reject]: + CommandAlertMessage(command).publish_async() + elif risk_level in [RiskLevelChoices.warning]: + for reviewer in cmd_acl.reviewers.all(): + CommandWarningMessage(reviewer, command).publish_async() + else: + logger.info(f'Risk level ignore: {RiskLevelChoices.get_label(risk_level)}({risk_level})') return Response({'msg': 'ok'}) diff --git a/apps/terminal/backends/command/models.py b/apps/terminal/backends/command/models.py index f588a177d..801b3cdf1 100644 --- a/apps/terminal/backends/command/models.py +++ b/apps/terminal/backends/command/models.py @@ -42,11 +42,6 @@ class AbstractSessionCommand(OrgModelMixin): else: return '' - @classmethod - def get_risk_level_str(cls, risk_level): - risk_mapper = dict(RiskLevelChoices.choices) - return risk_mapper.get(risk_level) - def to_dict(self): d = {} for field in self._meta.fields: diff --git a/apps/terminal/const.py b/apps/terminal/const.py index 7b2284b8e..f34233e3a 100644 --- a/apps/terminal/const.py +++ b/apps/terminal/const.py @@ -14,9 +14,9 @@ class RiskLevelChoices(IntegerChoices): review_cancel = 8, _('Review & Cancel') @classmethod - def get_risk_level_str(cls, risk_level): - risk_mapper = dict(cls.choices) - return risk_mapper.get(risk_level) + def get_label(cls, level): + label = dict(cls.choices).get(level) + return label class ReplayStorageType(TextChoices): diff --git a/apps/terminal/notifications.py b/apps/terminal/notifications.py index 753845de1..6d49946dd 100644 --- a/apps/terminal/notifications.py +++ b/apps/terminal/notifications.py @@ -12,6 +12,7 @@ from notifications.models import SystemMsgSubscription from notifications.notifications import SystemMessage, UserMessage from terminal.models import Session, Command from users.models import User +from terminal.const import RiskLevelChoices logger = get_logger(__name__) @@ -86,8 +87,8 @@ class CommandWarningMessage(CommandAlertMixin, UserMessage): account_id = command.get('_account_id', '') cmd_acl = command.get('_cmd_filter_acl') cmd_group = command.get('_cmd_group') - session_id = command['session'] - risk_level = command['_risk_level'] + session_id = command.get('session', '') + risk_level = command['risk_level'] org_id = command['org_id'] org_name = command.get('_org_name') or org_id @@ -137,7 +138,7 @@ class CommandWarningMessage(CommandAlertMixin, UserMessage): 'cmd_group': cmd_group_name, 'cmd_group_url': cmd_group_url, 'session_url': session_url, - 'risk_level': risk_level, + 'risk_level': RiskLevelChoices.get_label(risk_level), 'org': org_name, } @@ -174,7 +175,7 @@ class CommandAlertMessage(CommandAlertMixin, SystemMessage): session_detail_url = session_detail_url.replace( '/terminal/sessions/', '/audit/sessions/sessions/' ) - level = Command.get_risk_level_str(command['risk_level']) + level = RiskLevelChoices.get_label(command['risk_level']) items = { _("Asset"): command['asset'], _("User"): command['user'], @@ -223,7 +224,8 @@ class CommandExecutionAlert(CommandAlertMixin, SystemMessage): ) + '?oid={}'.format(asset.org_id) assets_with_url.append([asset, url]) - level = Command.get_risk_level_str(command['risk_level']) + level = RiskLevelChoices.get_label(command['risk_level']) + items = { _("User"): command['user'], _("Level"): level, diff --git a/apps/terminal/templates/terminal/_msg_command_warning.html b/apps/terminal/templates/terminal/_msg_command_warning.html index 814947278..23469e3a4 100644 --- a/apps/terminal/templates/terminal/_msg_command_warning.html +++ b/apps/terminal/templates/terminal/_msg_command_warning.html @@ -1,100 +1,23 @@ {% load i18n %}
- - - - {% trans 'User' %}: {{ user }}
- {% trans 'Asset' %}: {{ asset }}
- {% trans 'Account' %}: - {% if account_url %} - {{ account }} - {% else %} - {{ account }} - {% endif %} + {% trans 'Asset' %}: {{ asset }}
+ {% trans 'User' %}: {{ user }}
+ {% trans 'Account' %}: + {% if account_url %} + {{ account }} + {% else %} + {{ account }} + {% endif %}
- {% trans 'Command' %}: {{ command }}
{% trans 'Risk level' %}: {{ risk_level }}
- {% trans 'Command acl' %}: {{ user }}
- {% trans 'Command acl group' %}: {{ user }}
+ {% trans 'Command acl' %}: {{ user }}
+ {% trans 'Command acl group' %}: {{ user }}
{% if session_url %} - {% trans 'Session' %}: - {% trans 'View' %}
+ {% trans 'Session' %}: + {% trans 'View' %}
{% endif %} - {% trans 'Organization' %}: {{ org }}
+ {% trans 'Organization' %}: {{ org }}
+ {% trans 'Command' %}: {{ command }}