mirror of https://github.com/jumpserver/jumpserver
131 lines
5.7 KiB
Python
131 lines
5.7 KiB
Python
from .base import BaseHandler
|
|
from django.utils.translation import ugettext as _
|
|
|
|
from perms.models import AssetPermission, Action
|
|
from assets.models import Asset, SystemUser
|
|
from orgs.utils import tmp_to_org, tmp_to_root_org
|
|
|
|
|
|
class Handler(BaseHandler):
|
|
|
|
def _on_approve(self):
|
|
super()._on_approve()
|
|
self._create_asset_permission()
|
|
|
|
# display
|
|
def _construct_meta_display_of_open(self):
|
|
meta_display_fields = ['apply_actions_display']
|
|
apply_actions = self.ticket.meta.get('apply_actions', Action.NONE)
|
|
apply_actions_display = Action.value_to_choices_display(apply_actions)
|
|
meta_display_values = [apply_actions_display]
|
|
meta_display = dict(zip(meta_display_fields, meta_display_values))
|
|
return meta_display
|
|
|
|
def _construct_meta_display_of_approve(self):
|
|
meta_display_fields = [
|
|
'approve_actions_display', 'approve_assets_display', 'approve_system_users_display'
|
|
]
|
|
approve_actions = self.ticket.meta.get('approve_actions', Action.NONE)
|
|
approve_actions_display = Action.value_to_choices_display(approve_actions)
|
|
approve_asset_ids = self.ticket.meta.get('approve_assets', [])
|
|
approve_system_user_ids = self.ticket.meta.get('approve_system_users', [])
|
|
with tmp_to_org(self.ticket.org_id):
|
|
assets = Asset.objects.filter(id__in=approve_asset_ids)
|
|
system_users = SystemUser.objects.filter(id__in=approve_system_user_ids)
|
|
approve_assets_display = [str(asset) for asset in assets]
|
|
approve_system_users_display = [str(system_user) for system_user in system_users]
|
|
meta_display_values = [
|
|
approve_actions_display, approve_assets_display, approve_system_users_display
|
|
]
|
|
meta_display = dict(zip(meta_display_fields, meta_display_values))
|
|
return meta_display
|
|
|
|
# body
|
|
def _construct_meta_body_of_open(self):
|
|
apply_ip_group = self.ticket.meta.get('apply_ip_group', [])
|
|
apply_hostname_group = self.ticket.meta.get('apply_hostname_group', [])
|
|
apply_system_user_group = self.ticket.meta.get('apply_system_user_group', [])
|
|
apply_actions_display = self.ticket.meta.get('apply_actions_display', [])
|
|
apply_date_start = self.ticket.meta.get('apply_date_start')
|
|
apply_date_expired = self.ticket.meta.get('apply_date_expired')
|
|
applied_body = '''{}: {},
|
|
{}: {},
|
|
{}: {},
|
|
{}: {},
|
|
{}: {}
|
|
'''.format(
|
|
_('Applied IP group'), apply_ip_group,
|
|
_("Applied hostname group"), apply_hostname_group,
|
|
_("Applied system user group"), apply_system_user_group,
|
|
_("Applied actions"), apply_actions_display,
|
|
_('Applied date start'), apply_date_start,
|
|
_('Applied date expired'), apply_date_expired,
|
|
)
|
|
return applied_body
|
|
|
|
def _construct_meta_body_of_approve(self):
|
|
approve_assets_display = self.ticket.meta.get('approve_assets_display', [])
|
|
approve_system_users_display = self.ticket.meta.get('approve_system_users_display', [])
|
|
approve_actions_display = self.ticket.meta.get('approve_actions_display', [])
|
|
approve_date_start = self.ticket.meta.get('approve_date_start')
|
|
approve_date_expired = self.ticket.meta.get('approve_date_expired')
|
|
approved_body = '''{}: {},
|
|
{}: {},
|
|
{}: {},
|
|
{}: {},
|
|
{}: {}
|
|
'''.format(
|
|
_('Approved assets'), approve_assets_display,
|
|
_('Approved system users'), approve_system_users_display,
|
|
_('Approved actions'), ', '.join(approve_actions_display),
|
|
_('Approved date start'), approve_date_start,
|
|
_('Approved date expired'), approve_date_expired,
|
|
)
|
|
return approved_body
|
|
|
|
# permission
|
|
def _create_asset_permission(self):
|
|
with tmp_to_root_org():
|
|
asset_permission = AssetPermission.objects.filter(id=self.ticket.id).first()
|
|
if asset_permission:
|
|
return asset_permission
|
|
|
|
approve_permission_name = self.ticket.meta.get('approve_permission_name', )
|
|
approve_asset_ids = self.ticket.meta.get('approve_assets', [])
|
|
approve_system_user_ids = self.ticket.meta.get('approve_system_users', [])
|
|
approve_actions = self.ticket.meta.get('approve_actions', Action.NONE)
|
|
approve_date_start = self.ticket.meta.get('approve_date_start')
|
|
approve_date_expired = self.ticket.meta.get('approve_date_expired')
|
|
permission_created_by = '{}:{}'.format(
|
|
str(self.ticket.__class__.__name__), str(self.ticket.id)
|
|
)
|
|
permission_comment = _(
|
|
'Created by the ticket, '
|
|
'ticket title: {}, '
|
|
'ticket applicant: {}, '
|
|
'ticket processor: {}, '
|
|
'ticket ID: {}'
|
|
).format(
|
|
self.ticket.title,
|
|
self.ticket.applicant_display,
|
|
self.ticket.processor_display,
|
|
str(self.ticket.id)
|
|
)
|
|
|
|
permission_data = {
|
|
'id': self.ticket.id,
|
|
'name': approve_permission_name,
|
|
'comment': str(permission_comment),
|
|
'created_by': permission_created_by,
|
|
'actions': approve_actions,
|
|
'date_start': approve_date_start,
|
|
'date_expired': approve_date_expired,
|
|
}
|
|
with tmp_to_org(self.ticket.org_id):
|
|
asset_permission = AssetPermission.objects.create(**permission_data)
|
|
asset_permission.users.add(self.ticket.applicant)
|
|
asset_permission.assets.set(approve_asset_ids)
|
|
asset_permission.system_users.set(approve_system_user_ids)
|
|
|
|
return asset_permission
|