You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
jumpserver/apps/orgs/api.py

94 lines
2.9 KiB

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

# -*- coding: utf-8 -*-
#
from django.utils.translation import ugettext as _
from django.conf import settings
from rest_framework_bulk import BulkModelViewSet
from rest_framework.generics import RetrieveAPIView
from rest_framework.exceptions import PermissionDenied
from common.permissions import IsValidUser
from .models import Organization
from .serializers import (
OrgSerializer, CurrentOrgSerializer
)
from users.models import User, UserGroup
from assets.models import (
Asset, Domain, Label, Node,
CommandFilter, CommandFilterRule, GatheredUser
)
from perms.models import AssetPermission
from orgs.utils import current_org, tmp_to_root_org
from common.utils import get_logger
logger = get_logger(__file__)
# 部分 org 相关的 model需要清空这些数据之后才能删除该组织
org_related_models = [
User, UserGroup, Asset, Label, Domain, Node, Label,
CommandFilter, CommandFilterRule, GatheredUser,
AssetPermission,
]
class OrgViewSet(BulkModelViewSet):
filterset_fields = ('name',)
search_fields = ('name', 'comment')
queryset = Organization.objects.all()
serializer_class = OrgSerializer
ordering_fields = ('name',)
ordering = ('name', )
def get_serializer_class(self):
mapper = {
'list': OrgSerializer,
'retrieve': OrgSerializer
}
return mapper.get(self.action, super().get_serializer_class())
@tmp_to_root_org()
def get_data_from_model(self, org, model):
if model == User:
data = model.get_org_users(org=org)
elif model == Node:
# 根节点不能手动删除,所以排除检查
data = model.objects.filter(org_id=org.id).exclude(parent_key='', key__regex=r'^[0-9]+$')
else:
data = model.objects.filter(org_id=org.id)
return data
def allow_bulk_destroy(self, qs, filtered):
return False
def perform_destroy(self, instance):
if str(current_org) == str(instance):
msg = _('The current organization ({}) cannot be deleted').format(current_org)
raise PermissionDenied(detail=msg)
if str(instance.id) == settings.AUTH_LDAP_SYNC_ORG_ID:
msg = _(
'LDAP synchronization is set to the current organization. Please switch to another organization before deleting'
)
raise PermissionDenied(detail=msg)
for model in org_related_models:
data = self.get_data_from_model(instance, model)
if not data:
continue
msg = _(
'The organization have resource ({}) cannot be deleted'
).format(model._meta.verbose_name)
raise PermissionDenied(detail=msg)
super().perform_destroy(instance)
class CurrentOrgDetailApi(RetrieveAPIView):
serializer_class = CurrentOrgSerializer
permission_classes = (IsValidUser,)
def get_object(self):
return current_org