You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
jumpserver/apps/settings/api/settings.py

126 lines
4.6 KiB

# -*- coding: utf-8 -*-
#
from rest_framework import generics
from django.conf import settings
from jumpserver.conf import Config
from rbac.permissions import RBACPermission
from common.utils import get_logger
from .. import serializers
from ..models import Setting
logger = get_logger(__file__)
class SettingsApi(generics.RetrieveUpdateAPIView):
permission_classes = (RBACPermission,)
serializer_class_mapper = {
'all': serializers.SettingsSerializer,
'basic': serializers.BasicSettingSerializer,
'terminal': serializers.TerminalSettingSerializer,
'security': serializers.SecuritySettingSerializer,
'ldap': serializers.LDAPSettingSerializer,
'email': serializers.EmailSettingSerializer,
'email_content': serializers.EmailContentSettingSerializer,
'wecom': serializers.WeComSettingSerializer,
'dingtalk': serializers.DingTalkSettingSerializer,
'feishu': serializers.FeiShuSettingSerializer,
'auth': serializers.AuthSettingSerializer,
'oidc': serializers.OIDCSettingSerializer,
'keycloak': serializers.KeycloakSettingSerializer,
'radius': serializers.RadiusSettingSerializer,
'cas': serializers.CASSettingSerializer,
'sso': serializers.SSOSettingSerializer,
'saml2': serializers.SAML2SettingSerializer,
'clean': serializers.CleaningSerializer,
'other': serializers.OtherSettingSerializer,
'sms': serializers.SMSSettingSerializer,
'alibaba': serializers.AlibabaSMSSettingSerializer,
'tencent': serializers.TencentSMSSettingSerializer,
}
rbac_category_permissions = {
'basic': 'settings.view_setting',
'terminal': 'settings.change_terminal',
'security': 'settings.change_security',
'ldap': 'settings.change_auth',
'email': 'settings.change_email',
'email_content': 'settings.change_email',
'wecom': 'settings.change_auth',
'dingtalk': 'settings.change_auth',
'feishu': 'settings.change_auth',
'auth': 'settings.change_auth',
'oidc': 'settings.change_auth',
'keycloak': 'settings.change_auth',
'radius': 'settings.change_auth',
'cas': 'settings.change_auth',
'sso': 'settings.change_auth',
'saml2': 'settings.change_auth',
'clean': 'settings.change_clean',
'other': 'settings.change_other',
'sms': 'settings.change_sms',
'alibaba': 'settings.change_sms',
'tencent': 'settings.change_sms',
}
def get_queryset(self):
return Setting.objects.all()
def check_permissions(self, request):
category = request.query_params.get('category', 'basic')
perm_required = self.rbac_category_permissions.get(category)
has = self.request.user.has_perm(perm_required)
if not has:
self.permission_denied(request)
def get_serializer_class(self):
category = self.request.query_params.get('category', 'basic')
default = serializers.BasicSettingSerializer
cls = self.serializer_class_mapper.get(category, default)
return cls
def get_fields(self):
serializer = self.get_serializer_class()()
fields = serializer.get_fields()
return fields
def get_object(self):
items = self.get_fields().keys()
obj = {}
for item in items:
if hasattr(settings, item):
obj[item] = getattr(settings, item)
else:
obj[item] = Config.defaults[item]
return obj
def parse_serializer_data(self, serializer):
data = []
fields = self.get_fields()
encrypted_items = [name for name, field in fields.items() if field.write_only]
category = self.request.query_params.get('category', '')
for name, value in serializer.validated_data.items():
encrypted = name in encrypted_items
if encrypted and value in ['', None]:
continue
data.append({
'name': name, 'value': value,
'encrypted': encrypted, 'category': category
})
return data
def perform_update(self, serializer):
settings_items = self.parse_serializer_data(serializer)
serializer_data = getattr(serializer, 'data', {})
for item in settings_items:
changed, setting = Setting.update_or_create(**item)
if not changed:
continue
serializer_data[setting.name] = setting.cleaned_value
setattr(serializer, '_data', serializer_data)
if hasattr(serializer, 'post_save'):
serializer.post_save()