Skip to content

J
jumpserver
Switch branch/tag
Find file
BlameHistoryPermalink
  • BaiJiangJie's avatar
    [Feature] 添加功能:数据库应用 (#3551) · 16f727c6
    BaiJiangJie authored 
    * [Update] 添加数据库应用Model

* [Update] 添加数据库应用ViewSet

* [Update] 添加数据库应用HTML

* [Update] 更新数据库应用迁移文件

* [Update] 添加数据库应用授权Model

* [Update] 添加数据库应用授权ViewSet(待续)

* [Update] 添加数据库应用授权ViewSet(完结)

* [Update] 添加数据库应用授权View(待续)

* [Update] 添加数据库应用授权View(待续2)

* [Update] 修改远程应用授权View(小问题)

* [Update] 添加数据库应用授权View(待续3)

* [Update] 添加数据库应用授权View(完结)

* [Update] 添加数据库应用授权相关API

* [Update] 添加数据库应用View(用户页面)

* [Update] 修改数据库应用授权Model/View/API(系统用户)

* [Update] 修改系统用户Model/View(添加mysql协议)

* [Update] 修改用户页面(我的应用)

* [Update] 添加迁移文件

* [Update] 添加迁移文件2

* [Update] 续添加迁移文件2(Model更改)

* [Update] 修改系统用户序列类(mysql协议自动生成密码问题)

* [Update] 修改数据库应用/资产等授权序列类

* [Update] 修改命令列表/会话详情命令溢出

* [Update] 修改授权详情中添加系统用户的过滤

* [Update] 修改列表动作的宽度
    16f727c6
user_database_app_permission.py 4.38 KB
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 
# coding: utf-8
#

import uuid
from django.shortcuts import get_object_or_404
from rest_framework.views import APIView, Response
from common.permissions import IsOrgAdminOrAppUser, IsValidUser
from common.tree import TreeNodeSerializer
from orgs.mixins import generics
from users.models import User, UserGroup
from applications.serializers import DatabaseAppSerializer
from applications.models import DatabaseApp
from assets.models import SystemUser
from .. import utils, serializers
from .mixin import UserPermissionMixin

__all__ = [
    'UserGrantedDatabaseAppsApi',
    'UserGrantedDatabaseAppsAsTreeApi',
    'UserGroupGrantedDatabaseAppsApi',
    'ValidateUserDatabaseAppPermissionApi',
    'UserGrantedDatabaseAppSystemUsersApi',
]


class UserGrantedDatabaseAppsApi(generics.ListAPIView):
    permission_classes = (IsOrgAdminOrAppUser,)
    serializer_class = DatabaseAppSerializer
    filter_fields = ['id', 'name']
    search_fields = ['name']

    def get_object(self):
        user_id = self.kwargs.get('pk', '')
        if user_id:
            user = get_object_or_404(User, id=user_id)
        else:
            user = self.request.user
        return user

    def get_queryset(self):
        util = utils.DatabaseAppPermissionUtil(self.get_object())
        queryset = util.get_database_apps()
        return queryset

    def get_permissions(self):
        if self.kwargs.get('pk') is None:
            self.permission_classes = (IsValidUser,)
        return super().get_permissions()


class UserGrantedDatabaseAppsAsTreeApi(UserGrantedDatabaseAppsApi):
    serializer_class = TreeNodeSerializer
    permission_classes = (IsOrgAdminOrAppUser,)

    def get_serializer(self, database_apps, *args, **kwargs):
        if database_apps is None:
            database_apps = []
        only_database_app = self.request.query_params.get('only', '0') == '1'
        tree_root = None
        data = []
        if not only_database_app:
            tree_root = utils.construct_database_apps_tree_root()
            data.append(tree_root)
        for database_app in database_apps:
            node = utils.parse_database_app_to_tree_node(tree_root, database_app)
            data.append(node)
        data.sort()
        return super().get_serializer(data, many=True)


class UserGrantedDatabaseAppSystemUsersApi(UserPermissionMixin, generics.ListAPIView):
    permission_classes = (IsOrgAdminOrAppUser,)
    serializer_class = serializers.DatabaseAppSystemUserSerializer
    only_fields = serializers.DatabaseAppSystemUserSerializer.Meta.only_fields

    def get_queryset(self):
        util = utils.DatabaseAppPermissionUtil(self.obj)
        database_app_id = self.kwargs.get('database_app_id')
        database_app = get_object_or_404(DatabaseApp, id=database_app_id)
        system_users = util.get_database_app_system_users(database_app)
        return system_users


# Validate

class ValidateUserDatabaseAppPermissionApi(APIView):
    permission_classes = (IsOrgAdminOrAppUser,)

    def get(self, request, *args, **kwargs):
        user_id = request.query_params.get('user_id', '')
        database_app_id = request.query_params.get('database_app_id', '')
        system_user_id = request.query_params.get('system_user_id', '')

        try:
            user_id = uuid.UUID(user_id)
            database_app_id = uuid.UUID(database_app_id)
            system_user_id = uuid.UUID(system_user_id)
        except ValueError:
            return Response({'msg': False}, status=403)

        user = get_object_or_404(User, id=user_id)
        database_app = get_object_or_404(DatabaseApp, id=database_app_id)
        system_user = get_object_or_404(SystemUser, id=system_user_id)

        util = utils.DatabaseAppPermissionUtil(user)
        system_users = util.get_database_app_system_users(database_app)
        if system_user in system_users:
            return Response({'msg': True}, status=200)

        return Response({'msg': False}, status=403)


# UserGroup

class UserGroupGrantedDatabaseAppsApi(generics.ListAPIView):
    permission_classes = (IsOrgAdminOrAppUser,)
    serializer_class = DatabaseAppSerializer

    def get_queryset(self):
        queryset = []
        user_group_id = self.kwargs.get('pk')
        if not user_group_id:
            return queryset
        user_group = get_object_or_404(UserGroup, id=user_group_id)
        util = utils.DatabaseAppPermissionUtil(user_group)
        queryset = util.get_database_apps()
        return queryset