Merge pull request #233 from jumpserver/dev_bai

[Bugfix] 命令过滤异常添加warning日志；优化sftp action校验

coco/models.py

@@ -261,6 +261,15 @@ class BaseServer(object):
                 msg = _("Command `{}` is forbidden ........").format(cmd)
                 data = self.command_forbidden(msg)
                 break
+            elif action == rule.ERROR:
+                msg = "Command filter check exceptions " \
+                      "(for safety, check for consistency of rule type " \
+                      "and content in command filter)"
+                logger.warning(msg)
+                _filter = "Command filter rule: {}".format(
+                    rule.content.replace('\r\n', ' ')
+                )
+                logger.warning(_filter)
         return data
 
     def command_forbidden(self, msg):

coco/sftp.py

@@ -13,7 +13,6 @@ from .service import app_service
 from .connection import SSHConnection
 from .const import (
     PERMS_ACTION_NAME_DOWNLOAD_FILE, PERMS_ACTION_NAME_UPLOAD_FILE,
-    PERMS_ACTION_NAME_ALL,
 )
 
 CURRENT_DIR = os.path.dirname(__file__)
@@ -267,7 +266,7 @@ class SFTPServer(paramiko.SFTPServerInterface):
 
     @staticmethod
     def validate_permission(system_user, action):
-        check_actions = [PERMS_ACTION_NAME_ALL, action]
+        check_actions = [action]
         granted_actions = getattr(system_user, 'actions', [])
         actions = list(set(granted_actions).intersection(set(check_actions)))
         return bool(actions)