mirror of https://github.com/jumpserver/jumpserver
69 lines
2.5 KiB
Python
69 lines
2.5 KiB
Python
from django_filters import rest_framework as drf_filters
|
|
from rest_framework.decorators import action
|
|
from rest_framework.response import Response
|
|
|
|
from accounts import serializers
|
|
from accounts.models import AccountTemplate
|
|
from assets.const import Protocol
|
|
from common.drf.filters import BaseFilterSet
|
|
from common.permissions import UserConfirmation, ConfirmType
|
|
from common.views.mixins import RecordViewLogMixin
|
|
from orgs.mixins.api import OrgBulkModelViewSet
|
|
from rbac.permissions import RBACPermission
|
|
|
|
|
|
class AccountTemplateFilterSet(BaseFilterSet):
|
|
protocols = drf_filters.CharFilter(method='filter_protocols')
|
|
|
|
class Meta:
|
|
model = AccountTemplate
|
|
fields = ('username', 'name')
|
|
|
|
@staticmethod
|
|
def filter_protocols(queryset, name, value):
|
|
secret_types = set()
|
|
protocols = value.split(',')
|
|
protocol_secret_type_map = Protocol.settings()
|
|
for p in protocols:
|
|
if p not in protocol_secret_type_map:
|
|
continue
|
|
_st = protocol_secret_type_map[p].get('secret_types', [])
|
|
secret_types.update(_st)
|
|
if not secret_types:
|
|
secret_types = ['password']
|
|
queryset = queryset.filter(secret_type__in=secret_types)
|
|
return queryset
|
|
|
|
|
|
class AccountTemplateViewSet(OrgBulkModelViewSet):
|
|
model = AccountTemplate
|
|
filterset_class = AccountTemplateFilterSet
|
|
search_fields = ('username', 'name')
|
|
serializer_classes = {
|
|
'default': serializers.AccountTemplateSerializer,
|
|
}
|
|
rbac_perms = {
|
|
'su_from_account_templates': 'accounts.view_accounttemplate',
|
|
}
|
|
|
|
@action(methods=['get'], detail=False, url_path='su-from-account-templates')
|
|
def su_from_account_templates(self, request, *args, **kwargs):
|
|
pk = request.query_params.get('template_id')
|
|
template = AccountTemplate.objects.filter(pk=pk).first()
|
|
templates = AccountTemplate.get_su_from_account_templates(template)
|
|
templates = self.filter_queryset(templates)
|
|
serializer = self.get_serializer(templates, many=True)
|
|
return Response(data=serializer.data)
|
|
|
|
|
|
class AccountTemplateSecretsViewSet(RecordViewLogMixin, AccountTemplateViewSet):
|
|
serializer_classes = {
|
|
'default': serializers.AccountTemplateSecretSerializer,
|
|
}
|
|
http_method_names = ['get', 'options']
|
|
permission_classes = [RBACPermission, UserConfirmation.require(ConfirmType.MFA)]
|
|
rbac_perms = {
|
|
'list': 'accounts.view_accounttemplatesecret',
|
|
'retrieve': 'accounts.view_accounttemplatesecret',
|
|
}
|