mirror of https://github.com/jumpserver/jumpserver
168 lines
6.0 KiB
Python
168 lines
6.0 KiB
Python
# -*- coding: utf-8 -*-
|
||
#
|
||
|
||
from django.utils.translation import ugettext as _
|
||
from rest_framework import status
|
||
from rest_framework.views import Response
|
||
from rest_framework_bulk import BulkModelViewSet
|
||
from rest_framework.generics import RetrieveAPIView
|
||
from rest_framework.exceptions import PermissionDenied
|
||
|
||
from common.permissions import IsSuperUserOrAppUser, IsValidUser, UserCanAnyPermCurrentOrg
|
||
from common.drf.api import JMSBulkRelationModelViewSet
|
||
from .models import Organization, ROLE
|
||
from .serializers import (
|
||
OrgSerializer, OrgReadSerializer,
|
||
OrgRetrieveSerializer, OrgMemberSerializer,
|
||
OrgMemberAdminSerializer, OrgMemberUserSerializer,
|
||
CurrentOrgSerializer
|
||
)
|
||
from users.models import User, UserGroup
|
||
from assets.models import (
|
||
Asset, Domain, AdminUser, SystemUser, Label, Node, Gateway,
|
||
CommandFilter, CommandFilterRule, GatheredUser
|
||
)
|
||
from applications.models import Application
|
||
from perms.models import AssetPermission, ApplicationPermission
|
||
from orgs.utils import current_org, tmp_to_root_org
|
||
from common.utils import get_logger
|
||
from .filters import OrgMemberRelationFilterSet
|
||
from .models import OrganizationMember
|
||
|
||
|
||
logger = get_logger(__file__)
|
||
|
||
|
||
# 部分 org 相关的 model,需要清空这些数据之后才能删除该组织
|
||
org_related_models = [
|
||
User, UserGroup, Asset, Label, Domain, Gateway, Node, AdminUser, SystemUser, Label,
|
||
CommandFilter, CommandFilterRule, GatheredUser,
|
||
AssetPermission, ApplicationPermission,
|
||
Application,
|
||
]
|
||
|
||
|
||
class OrgViewSet(BulkModelViewSet):
|
||
filterset_fields = ('name',)
|
||
search_fields = ('name', 'comment')
|
||
queryset = Organization.objects.all()
|
||
serializer_class = OrgSerializer
|
||
permission_classes = (IsSuperUserOrAppUser,)
|
||
ordering_fields = ('name',)
|
||
ordering = ('name', )
|
||
|
||
def get_serializer_class(self):
|
||
mapper = {
|
||
'list': OrgReadSerializer,
|
||
'retrieve': OrgRetrieveSerializer
|
||
}
|
||
return mapper.get(self.action, super().get_serializer_class())
|
||
|
||
@tmp_to_root_org()
|
||
def get_data_from_model(self, org, model):
|
||
if model == User:
|
||
data = model.objects.filter(
|
||
orgs__id=org.id, m2m_org_members__role__in=[ROLE.USER, ROLE.ADMIN, ROLE.AUDITOR]
|
||
)
|
||
elif model == Node:
|
||
# 根节点不能手动删除,所以排除检查
|
||
data = model.objects.filter(org_id=org.id).exclude(parent_key='', key__regex=r'^[0-9]+$')
|
||
else:
|
||
data = model.objects.filter(org_id=org.id)
|
||
return data
|
||
|
||
def allow_bulk_destroy(self, qs, filtered):
|
||
return False
|
||
|
||
def perform_destroy(self, instance):
|
||
if str(current_org) == str(instance):
|
||
msg = _('The current organization ({}) cannot be deleted').format(current_org)
|
||
raise PermissionDenied(detail=msg)
|
||
|
||
for model in org_related_models:
|
||
data = self.get_data_from_model(instance, model)
|
||
if not data:
|
||
continue
|
||
msg = _(
|
||
'The organization have resource ({}) cannot be deleted'
|
||
).format(model._meta.verbose_name)
|
||
raise PermissionDenied(detail=msg)
|
||
|
||
super().perform_destroy(instance)
|
||
|
||
|
||
class OrgMemberRelationBulkViewSet(JMSBulkRelationModelViewSet):
|
||
permission_classes = (IsSuperUserOrAppUser,)
|
||
m2m_field = Organization.members.field
|
||
serializer_class = OrgMemberSerializer
|
||
filterset_class = OrgMemberRelationFilterSet
|
||
search_fields = ('user__name', 'user__username', 'org__name')
|
||
|
||
def get_queryset(self):
|
||
queryset = super().get_queryset()
|
||
queryset = queryset.exclude(user__role=User.ROLE.APP)
|
||
return queryset
|
||
|
||
def perform_bulk_destroy(self, queryset):
|
||
objs = list(queryset.all().prefetch_related('user', 'org'))
|
||
queryset.delete()
|
||
self.send_m2m_changed_signal(objs, action='post_remove')
|
||
|
||
|
||
class OrgMemberAdminRelationBulkViewSet(JMSBulkRelationModelViewSet):
|
||
permission_classes = (IsSuperUserOrAppUser,)
|
||
m2m_field = Organization.members.field
|
||
serializer_class = OrgMemberAdminSerializer
|
||
filterset_class = OrgMemberRelationFilterSet
|
||
search_fields = ('user__name', 'user__username', 'org__name')
|
||
lookup_field = 'user_id'
|
||
|
||
def get_queryset(self):
|
||
queryset = super().get_queryset()
|
||
org_id = self.kwargs.get('org_id')
|
||
queryset = queryset.filter(org_id=org_id, role=ROLE.ADMIN)
|
||
return queryset
|
||
|
||
def perform_bulk_create(self, serializer):
|
||
data = serializer.validated_data
|
||
relations = [OrganizationMember(**i) for i in data]
|
||
OrganizationMember.objects.bulk_create(relations, ignore_conflicts=True)
|
||
|
||
def perform_bulk_destroy(self, queryset):
|
||
objs = list(queryset.all().prefetch_related('user', 'org'))
|
||
queryset.delete()
|
||
self.send_m2m_changed_signal(objs, action='post_remove')
|
||
|
||
|
||
class OrgMemberUserRelationBulkViewSet(JMSBulkRelationModelViewSet):
|
||
permission_classes = (IsSuperUserOrAppUser,)
|
||
m2m_field = Organization.members.field
|
||
serializer_class = OrgMemberUserSerializer
|
||
filterset_class = OrgMemberRelationFilterSet
|
||
search_fields = ('user__name', 'user__username', 'org__name')
|
||
lookup_field = 'user_id'
|
||
|
||
def get_queryset(self):
|
||
queryset = super().get_queryset()
|
||
org_id = self.kwargs.get('org_id')
|
||
queryset = queryset.filter(org_id=org_id, role=ROLE.USER)
|
||
return queryset
|
||
|
||
def perform_bulk_create(self, serializer):
|
||
data = serializer.validated_data
|
||
relations = [OrganizationMember(**i) for i in data]
|
||
OrganizationMember.objects.bulk_create(relations, ignore_conflicts=True)
|
||
|
||
def perform_bulk_destroy(self, queryset):
|
||
objs = list(queryset.all().prefetch_related('user', 'org'))
|
||
queryset.delete()
|
||
self.send_m2m_changed_signal(objs, action='post_remove')
|
||
|
||
|
||
class CurrentOrgDetailApi(RetrieveAPIView):
|
||
serializer_class = CurrentOrgSerializer
|
||
permission_classes = (IsValidUser, UserCanAnyPermCurrentOrg)
|
||
|
||
def get_object(self):
|
||
return current_org
|