Merge branch 'dev' of github.com:jumpserver/jumpserver into dev

5 years ago · fbc948fd7c
16 changed files with 81 additions and 48 deletions
--- a/apps/assets/migrations/0036_auto_20190716_1535.py
+++ b/apps/assets/migrations/0036_auto_20190716_1535.py
@ -0,0 +1,18 @@
+# Generated by Django 2.1.7 on 2019-07-16 07:35
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('assets', '0035_auto_20190711_2018'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='commandfilter',
+            name='name',
+            field=models.CharField(max_length=64, unique=True, verbose_name='Name'),
+        ),
+    ]
--- a/apps/assets/models/cmd_filter.py
+++ b/apps/assets/models/cmd_filter.py
@ -17,7 +17,7 @@ __all__ = [

 class CommandFilter(OrgModelMixin):
    id = models.UUIDField(default=uuid.uuid4, primary_key=True)
-    name = models.CharField(max_length=64, verbose_name=_("Name"))
+    name = models.CharField(max_length=64, unique=True, verbose_name=_("Name"))
    is_active = models.BooleanField(default=True, verbose_name=_('Is active'))
    comment = models.TextField(blank=True, default='', verbose_name=_("Comment"))
    date_created = models.DateTimeField(auto_now_add=True)
--- a/apps/assets/serializers/asset.py
+++ b/apps/assets/serializers/asset.py
@ -112,7 +112,7 @@ class AssetSerializer(BulkOrgResourceModelSerializer):
            protocol = protocols_data[0].split('/')
            validated_data["protocol"] = protocol[0]
            validated_data["port"] = int(protocol[1])
-        if validated_data:
+        if protocols_data:
            validated_data["protocols"] = ' '.join(protocols_data)

    def create(self, validated_data):
--- a/apps/assets/serializers/base.py
+++ b/apps/assets/serializers/base.py
@ -1,7 +1,9 @@
 # -*- coding: utf-8 -*-
 #

+from django.utils.translation import ugettext as _
 from rest_framework import serializers
+
 from common.utils import ssh_pubkey_gen, validate_ssh_private_key


--- a/apps/assets/serializers/cmd_filter.py
+++ b/apps/assets/serializers/cmd_filter.py
@ -22,7 +22,7 @@ class CommandFilterSerializer(BulkOrgResourceModelSerializer):

        extra_kwargs = {
            'rules': {'read_only': True},
-            'system_users': {'read_only': True}
+            'system_users': {'required': False},
        }


--- a/apps/assets/templates/assets/asset_create.html
+++ b/apps/assets/templates/assets/asset_create.html
@ -216,6 +216,8 @@ $(document).ready(function () {
    var form = $("form");
    var protocols = {};
    var data = form.serializeObject();
+    objectAttrsIsBool(data, ['is_active']);
+    objectAttrsIsList(data, ['nodes', 'labels']);
    $.each(data, function (k, v) {
        if (k.startsWith("form")){
            delete data[k];
@ -233,12 +235,6 @@ $(document).ready(function () {
        return v.name + '/' + v.port
    });
    data["protocols"] = protocols;
-    if (typeof data.labels === "string") {
-        data["labels"] = [data["labels"]];
-    }
-    if (typeof data["nodes"] == "string") {
-        data["nodes"] = [data["nodes"]]
-    }
    var props = {
        url: the_url,
        data: data,
--- a/apps/assets/templates/assets/cmd_filter_detail.html
+++ b/apps/assets/templates/assets/cmd_filter_detail.html
@ -29,7 +29,7 @@
                                <a class="btn btn-outline btn-default" href="{% url 'assets:cmd-filter-update' pk=object.id %}"><i class="fa fa-edit"></i>{% trans 'Update' %}</a>
                            </li>
                            <li class="pull-right">
-                                <a class="btn btn-outline btn-danger btn-del">
+                                <a class="btn btn-outline btn-danger btn-del btn-delete-cmd-filter">
                                    <i class="fa fa-trash-o"></i>{% trans 'Delete' %}
                                </a>
                            </li>
@ -164,5 +164,13 @@ $(document).ready(function () {
    });
    updateCMDFilterSystemUsers(system_users)
 })
+.on('click', '.btn-delete-cmd-filter', function () {
+    var $this = $(this);
+    var name = "{{object.name }}";
+    var uid = "{{ object.id }}";
+    var the_url = '{% url "api-assets:cmd-filter-detail" pk=DEFAULT_PK %}'.replace('{{ DEFAULT_PK }}', uid);
+    var redirect_url = "{% url 'assets:cmd-filter-list' %}";
+    objectDelete($this, name, the_url, redirect_url);
+})
 </script>
 {% endblock %}
--- a/apps/assets/templates/assets/domain_detail.html
+++ b/apps/assets/templates/assets/domain_detail.html
@ -24,7 +24,7 @@
                                <a class="btn btn-outline btn-default" href="{% url 'assets:domain-update' pk=object.id %}"><i class="fa fa-edit"></i>{% trans 'Update' %}</a>
                            </li>
                            <li class="pull-right">
-                                <a class="btn btn-outline btn-danger btn-del">
+                                <a class="btn btn-outline btn-danger btn-del btn-delete-domain">
                                    <i class="fa fa-trash-o"></i>{% trans 'Delete' %}
                                </a>
                            </li>
@ -127,6 +127,15 @@ $(document).ready(function(){
    setTimeout( function () {
        $data_table.ajax.reload();
    }, 3000);
-});
+})
+.on('click', '.btn-delete-domain', function () {
+    var $this = $(this);
+    var name = "{{ object.name }}";
+    var uid = "{{ object.id }}";
+    var the_url = '{% url "api-assets:domain-detail" pk=DEFAULT_PK %}'.replace('{{ DEFAULT_PK }}', uid);
+    var redirect_url = "{% url 'assets:domain-list' %}";
+    objectDelete($this, name, the_url, redirect_url);
+})
+;
 </script>
 {% endblock %}
--- a/apps/jumpserver/const.py
+++ b/apps/jumpserver/const.py
@ -1,3 +1,3 @@
 # -*- coding: utf-8 -*-
 #
-VERSION = '1.5.1'
+VERSION = '1.5.2'
--- a/apps/locale/zh/LC_MESSAGES/django.mo
+++ b/apps/locale/zh/LC_MESSAGES/django.mo
--- a/apps/locale/zh/LC_MESSAGES/django.po
+++ b/apps/locale/zh/LC_MESSAGES/django.po
@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Jumpserver 0.3.3\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2019-07-15 14:43+0800\n"
+"POT-Creation-Date: 2019-07-16 17:04+0800\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: ibuler <ibuler@qq.com>\n"
 "Language-Team: Jumpserver team<ibuler@qq.com>\n"
@ -555,7 +555,7 @@ msgid "Connect"
 msgstr "连接"

 #: applications/views/remote_app.py:31 applications/views/remote_app.py:47
-#: applications/views/remote_app.py:69 applications/views/remote_app.py:87
+#: applications/views/remote_app.py:70 applications/views/remote_app.py:89
 #: templates/_nav.html:33
 msgid "Applications"
 msgstr "应用管理"
@ -564,15 +564,15 @@ msgstr "应用管理"
 msgid "RemoteApp list"
 msgstr "远程应用列表"

-#: applications/views/remote_app.py:70
+#: applications/views/remote_app.py:71
 msgid "Update RemoteApp"
 msgstr "更新远程应用"

-#: applications/views/remote_app.py:88
+#: applications/views/remote_app.py:90
 msgid "RemoteApp detail"
 msgstr "远程应用详情"

-#: applications/views/remote_app.py:100
+#: applications/views/remote_app.py:102
 msgid "My RemoteApp"
 msgstr "我的远程应用"

@ -695,7 +695,7 @@ msgstr "如果有多个的互相隔离的网络，设置资产属于的网域，
 msgid "Select assets"
 msgstr "选择资产"

-#: assets/forms/cmd_filter.py:37 assets/serializers/cmd_filter.py:40
+#: assets/forms/cmd_filter.py:38 assets/serializers/cmd_filter.py:43
 msgid "Content should not be contain: {}"
 msgstr "内容不能包含: {}"

@ -1249,86 +1249,86 @@ msgstr "自动登录模式，必须填写用户名"
 msgid "Password or private key required"
 msgstr "密码或密钥密码需要一个"

-#: assets/tasks.py:33
+#: assets/tasks.py:34
 msgid "Asset has been disabled, skipped: {}"
 msgstr "资产或许不支持ansible, 跳过: {}"

-#: assets/tasks.py:37
+#: assets/tasks.py:38
 msgid "Asset may not be support ansible, skipped: {}"
 msgstr "资产或许不支持ansible, 跳过: {}"

-#: assets/tasks.py:50
+#: assets/tasks.py:51
 msgid "No assets matched, stop task"
 msgstr "没有匹配到资产，结束任务"

-#: assets/tasks.py:60
+#: assets/tasks.py:61
 msgid "No assets matched related system user protocol, stop task"
 msgstr "没有匹配到与系统用户协议相关的资产，结束任务"

-#: assets/tasks.py:86
+#: assets/tasks.py:87
 msgid "Get asset info failed: {}"
 msgstr "获取资产信息失败：{}"

-#: assets/tasks.py:136
+#: assets/tasks.py:137
 msgid "Update some assets hardware info"
 msgstr "更新资产硬件信息"

-#: assets/tasks.py:153
+#: assets/tasks.py:154
 msgid "Update asset hardware info: {}"
 msgstr "更新资产硬件信息: {}"

-#: assets/tasks.py:178
+#: assets/tasks.py:179
 msgid "Test assets connectivity"
 msgstr "测试资产可连接性"

-#: assets/tasks.py:232
+#: assets/tasks.py:233
 msgid "Test assets connectivity: {}"
 msgstr "测试资产可连接性: {}"

-#: assets/tasks.py:274
+#: assets/tasks.py:275
 msgid "Test admin user connectivity period: {}"
 msgstr "定期测试管理账号可连接性: {}"

-#: assets/tasks.py:281
+#: assets/tasks.py:282
 msgid "Test admin user connectivity: {}"
 msgstr "测试管理行号可连接性: {}"

-#: assets/tasks.py:349
+#: assets/tasks.py:350
 msgid "Test system user connectivity: {}"
 msgstr "测试系统用户可连接性: {}"

-#: assets/tasks.py:356
+#: assets/tasks.py:357
 msgid "Test system user connectivity: {} => {}"
 msgstr "测试系统用户可连接性: {} => {}"

-#: assets/tasks.py:369
+#: assets/tasks.py:370
 msgid "Test system user connectivity period: {}"
 msgstr "定期测试系统用户可连接性: {}"

-#: assets/tasks.py:470 assets/tasks.py:556
+#: assets/tasks.py:471 assets/tasks.py:557
 #: xpack/plugins/change_auth_plan/models.py:522
 msgid "The asset {} system platform {} does not support run Ansible tasks"
 msgstr "资产 {} 系统平台 {} 不支持运行 Ansible 任务"

-#: assets/tasks.py:482
+#: assets/tasks.py:483
 msgid ""
 "Push system user task skip, auto push not enable or protocol is not ssh or "
 "rdp: {}"
 msgstr "推送系统用户任务跳过，自动推送没有打开，或协议不是ssh或rdp: {}"

-#: assets/tasks.py:489
+#: assets/tasks.py:490
 msgid "For security, do not push user {}"
 msgstr "为了安全，禁止推送用户 {}"

-#: assets/tasks.py:517 assets/tasks.py:531
+#: assets/tasks.py:518 assets/tasks.py:532
 msgid "Push system users to assets: {}"
 msgstr "推送系统用户到入资产: {}"

-#: assets/tasks.py:523
+#: assets/tasks.py:524
 msgid "Push system users to asset: {} => {}"
 msgstr "推送系统用户到入资产: {} => {}"

-#: assets/tasks.py:603
+#: assets/tasks.py:604
 msgid "Test asset user connectivity: {}"
 msgstr "测试资产用户可连接性: {}"

@ -5307,8 +5307,6 @@ msgstr "密码长度"

 #: xpack/plugins/change_auth_plan/forms.py:45
 #: xpack/plugins/change_auth_plan/models.py:213
-#, fuzzy
-#| msgid "For security, do not change {} user's password"
 msgid "* For security, do not change {} user's password"
 msgstr "* 为了安全，禁止更改 {} 用户的密码"

@ -5934,9 +5932,6 @@ msgstr "密码匣子"
 msgid "vault create"
 msgstr "创建"

-#~ msgid "* For security, please do not change root user's password"
-#~ msgstr "* 为了安全，请不要更改root用户的密码"
-
 #~ msgid "Interface"
 #~ msgstr "界面"

--- a/apps/perms/api/mixin.py
+++ b/apps/perms/api/mixin.py
@ -174,6 +174,8 @@ class GrantAssetsMixin(LabelFilterMixin):
                system_user = system_users_map.get(sid)
                if not system_user:
                    continue
+                if not asset.has_protocol(system_user.protocol):
+                    continue
                system_user.actions = action
                system_users_granted.append(system_user)
            asset.system_users_granted = system_users_granted
--- a/apps/perms/api/user_permission.py
+++ b/apps/perms/api/user_permission.py
@ -256,6 +256,8 @@ class UserGrantedNodesWithAssetsApi(UserPermissionCacheMixin, NodesWithUngroupMi
                    system_user = _system_users_map.get(system_user_id)
                    if not system_user:
                        continue
+                    if not asset.has_protocol(system_user.protocol):
+                        continue
                    system_user.actions = action
                    system_user_granted.append(system_user)
                asset.system_users_granted = system_user_granted
--- a/apps/perms/templates/perms/asset_permission_detail.html
+++ b/apps/perms/templates/perms/asset_permission_detail.html
@ -206,7 +206,7 @@ $(document).ready(function () {
 })
 .on('click', '.btn-delete-perm', function () {
    var $this = $(this);
-    var name = "{{ asset_permission.name }}";
+    var name = "{{ object.name }}";
    var uid = "{{ object.id }}";
    var the_url = '{% url "api-perms:asset-permission-detail" pk=DEFAULT_PK %}'.replace('{{ DEFAULT_PK }}', uid);
    var redirect_url = "{% url 'perms:asset-permission-list' %}";
--- a/apps/perms/utils/asset_permission.py
+++ b/apps/perms/utils/asset_permission.py
@ -499,7 +499,7 @@ class AssetPermissionUtil(AssetPermissionCacheMixin):
        if pattern:
            assets_ids = Asset.objects.filter(
                nodes__key__regex=pattern
-            ).values_list("id", flat=True).distinct()
+            ).valid().values_list("id", flat=True).distinct()
        else:
            assets_ids = []
        self.tree.add_assets_without_system_users(assets_ids)
@ -523,8 +523,8 @@ class AssetPermissionUtil(AssetPermissionCacheMixin):
        assets_ids = defaultdict(lambda: defaultdict(int))
        for perm in self.permissions:
            actions = [perm.actions]
-            _assets_ids = [a.id for a in perm.assets.all()]
-            system_users_ids = [s.id for s in perm.system_users.all()]
+            _assets_ids = perm.assets.valid().values_list("id", flat=True)
+            system_users_ids = perm.system_users.values_list("id", flat=True)
            iterable = itertools.product(_assets_ids, system_users_ids, actions)
            for asset_id, sys_id, action in iterable:
                assets_ids[asset_id][sys_id] |= action
--- a/apps/static/js/jumpserver.js
+++ b/apps/static/js/jumpserver.js
@ -1110,6 +1110,7 @@ function objectAttrsIsBool(obj, attrs) {
 }

 function cleanDate(d) {
+    if (typeof d === 'number'){return d}
    for (var i=0; i<2; i++) {
        if (isNaN(Date.parse(d))) {
            d = d.split('+')[0].trimRight();