jumpserver/apps/acls/models/login_acl.py

from django.db import models
from django.utils.translation import ugettext_lazy as _

from common.utils import get_request_ip, get_ip_city
from common.utils.ip import contains_ip
from common.utils.time_period import contains_time_period
from common.utils.timezone import local_now_display
from .base import BaseACL


class LoginACL(BaseACL):
    user = models.ForeignKey(
        'users.User', on_delete=models.CASCADE, related_name='login_acls', verbose_name=_('User')
    )
    # 规则, ip_group, time_period
    rules = models.JSONField(default=dict, verbose_name=_('Rule'))

    class Meta(BaseACL.Meta):
        verbose_name = _('Login acl')
        abstract = False

    def __str__(self):
        return self.name

    def is_action(self, action):
        return self.action == action

    @classmethod
    def filter_acl(cls, user):
        return user.login_acls.all().valid().distinct()

    @staticmethod
    def match(user, ip):
        acl_qs = LoginACL.filter_acl(user)
        if not acl_qs:
            return

        for acl in acl_qs:
            if acl.is_action(LoginACL.ActionChoices.review) and \
                    not acl.reviewers.exists():
                continue
            ip_group = acl.rules.get('ip_group')
            time_periods = acl.rules.get('time_period')
            is_contain_ip = contains_ip(ip, ip_group)
            is_contain_time_period = contains_time_period(time_periods)
            if is_contain_ip and is_contain_time_period:
                # 满足条件，则返回
                return acl

    def create_confirm_ticket(self, request):
        from tickets import const
        from tickets.models import ApplyLoginTicket
        from orgs.models import Organization
        title = _('Login confirm') + ' {}'.format(self.user)
        login_ip = get_request_ip(request) if request else ''
        login_ip = login_ip or '0.0.0.0'
        login_city = get_ip_city(login_ip)
        login_datetime = local_now_display()
        data = {
            'title': title,
            'applicant': self.user,
            'apply_login_ip': login_ip,
            'org_id': Organization.ROOT_ID,
            'apply_login_city': login_city,
            'apply_login_datetime': login_datetime,
            'type': const.TicketType.login_confirm,
        }
        ticket = ApplyLoginTicket.objects.create(**data)
        assignees = self.reviewers.all()
        ticket.open_by_system(assignees)
        return ticket