Skip to content
Projects
Groups
Snippets
Help
Loading...
Sign in
Toggle navigation
J
jumpserver
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
ops
jumpserver
Commits
329f8446
Commit
329f8446
authored
Aug 05, 2019
by
BaiJiangJie
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
[Feature] 应用授权: DatabasePermission 添加Model、APIView
parent
4688ff2d
Hide whitespace changes
Inline
Side-by-side
Showing
9 changed files
with
206 additions
and
5 deletions
+206
-5
database.py
apps/applications/serializers/database.py
+17
-2
__init__.py
apps/perms/api/__init__.py
+1
-0
database_permission.py
apps/perms/api/database_permission.py
+103
-0
__init__.py
apps/perms/models/__init__.py
+1
-0
database_permission.py
apps/perms/models/database_permission.py
+27
-0
remote_app_permission.py
apps/perms/models/remote_app_permission.py
+4
-1
__init__.py
apps/perms/serializers/__init__.py
+1
-0
database_permission.py
apps/perms/serializers/database_permission.py
+40
-0
api_urls.py
apps/perms/urls/api_urls.py
+12
-2
No files found.
apps/applications/serializers/database.py
View file @
329f8446
...
...
@@ -14,8 +14,8 @@ class DatabaseSerializer(BulkOrgResourceModelSerializer):
list_serializer_class
=
AdaptedBulkListSerializer
fields
=
[
'id'
,
'name'
,
'login_mode'
,
'type'
,
'host'
,
'port'
,
'user'
,
'password'
,
'database'
,
'c
omment'
,
'c
reated_by'
,
'date_created'
,
'date_updated'
,
'password'
,
'database'
,
'created_by'
,
'date_created'
,
'date_updated'
,
'comment'
,
]
read_only_fields
=
[
...
...
@@ -24,3 +24,18 @@ class DatabaseSerializer(BulkOrgResourceModelSerializer):
extra_kwargs
=
{
'password'
:
{
'write_only'
:
True
},
}
@staticmethod
def
clean_password
(
validated_data
):
password
=
validated_data
.
get
(
'password'
)
if
not
password
:
validated_data
.
pop
(
'password'
,
None
)
def
create
(
self
,
validated_data
):
self
.
clean_password
(
validated_data
)
return
super
()
.
create
(
validated_data
)
def
update
(
self
,
instance
,
validated_data
):
self
.
clean_password
(
validated_data
)
return
super
()
.
update
(
instance
,
validated_data
)
apps/perms/api/__init__.py
View file @
329f8446
...
...
@@ -6,3 +6,4 @@ from .user_permission import *
from
.user_group_permission
import
*
from
.remote_app_permission
import
*
from
.user_remote_app_permission
import
*
from
.database_permission
import
*
apps/perms/api/database_permission.py
0 → 100644
View file @
329f8446
# coding: utf-8
#
from
rest_framework
import
viewsets
,
generics
from
rest_framework.pagination
import
LimitOffsetPagination
from
rest_framework.views
import
Response
from
common.permissions
import
IsOrgAdmin
from
..models
import
DatabasePermission
from
..serializers
import
(
DatabasePermissionSerializer
,
DatabasePermissionUpdateUserSerializer
,
DatabasePermissionUpdateDatabaseSerializer
,
)
__all__
=
[
'DatabasePermissionViewSet'
,
'DatabasePermissionRemoveUserApi'
,
'DatabasePermissionAddUserApi'
,
'DatabasePermissionRemoveDatabaseApi'
,
'DatabasePermissionAddDatabaseApi'
,
]
class
DatabasePermissionViewSet
(
viewsets
.
ModelViewSet
):
filter_fields
=
(
'name'
,
)
search_fields
=
filter_fields
queryset
=
DatabasePermission
.
objects
.
all
()
serializer_class
=
DatabasePermissionSerializer
pagination_class
=
LimitOffsetPagination
permission_classes
=
(
IsOrgAdmin
,)
class
DatabasePermissionAddUserApi
(
generics
.
RetrieveUpdateAPIView
):
permission_classes
=
(
IsOrgAdmin
,)
serializer_class
=
DatabasePermissionUpdateUserSerializer
queryset
=
DatabasePermission
.
objects
.
all
()
def
update
(
self
,
request
,
*
args
,
**
kwargs
):
perm
=
self
.
get_object
()
serializer
=
self
.
serializer_class
(
data
=
request
.
data
)
if
serializer
.
is_valid
():
users
=
serializer
.
validated_data
.
get
(
'users'
)
if
users
:
perm
.
users
.
add
(
*
tuple
(
users
))
return
Response
({
"msg"
:
"ok"
})
else
:
return
Response
({
"error"
:
serializer
.
errors
})
class
DatabasePermissionRemoveUserApi
(
generics
.
RetrieveUpdateAPIView
):
permission_classes
=
(
IsOrgAdmin
,)
serializer_class
=
DatabasePermissionUpdateUserSerializer
queryset
=
DatabasePermission
.
objects
.
all
()
def
update
(
self
,
request
,
*
args
,
**
kwargs
):
perm
=
self
.
get_object
()
serializer
=
self
.
serializer_class
(
data
=
request
.
data
)
if
serializer
.
is_valid
():
users
=
serializer
.
validated_data
.
get
(
'users'
)
if
users
:
perm
.
users
.
remove
(
*
tuple
(
users
))
return
Response
({
"msg"
:
"ok"
})
else
:
return
Response
({
"error"
:
serializer
.
errors
})
class
DatabasePermissionAddDatabaseApi
(
generics
.
RetrieveUpdateAPIView
):
permission_classes
=
(
IsOrgAdmin
,)
serializer_class
=
DatabasePermissionUpdateDatabaseSerializer
queryset
=
DatabasePermission
.
objects
.
all
()
def
update
(
self
,
request
,
*
args
,
**
kwargs
):
perm
=
self
.
get_object
()
serializer
=
self
.
serializer_class
(
data
=
request
.
data
)
if
serializer
.
is_valid
():
databases
=
serializer
.
validated_data
.
get
(
'databases'
)
if
databases
:
perm
.
databases
.
add
(
*
tuple
(
databases
))
return
Response
({
"msg"
:
"ok"
})
else
:
return
Response
({
"error"
:
serializer
.
errors
})
class
DatabasePermissionRemoveDatabaseApi
(
generics
.
RetrieveUpdateAPIView
):
permission_classes
=
(
IsOrgAdmin
,)
serializer_class
=
DatabasePermissionUpdateDatabaseSerializer
queryset
=
DatabasePermission
.
objects
.
all
()
def
update
(
self
,
request
,
*
args
,
**
kwargs
):
perm
=
self
.
get_object
()
serializer
=
self
.
serializer_class
(
data
=
request
.
data
)
if
serializer
.
is_valid
():
databases
=
serializer
.
validated_data
.
get
(
'databases'
)
if
databases
:
perm
.
databases
.
remove
(
*
tuple
(
databases
))
return
Response
({
"msg"
:
"ok"
})
else
:
return
Response
({
"error"
:
serializer
.
errors
})
apps/perms/models/__init__.py
View file @
329f8446
...
...
@@ -3,3 +3,4 @@
from
.asset_permission
import
*
from
.remote_app_permission
import
*
from
.database_permission
import
*
apps/perms/models/database_permission.py
0 → 100644
View file @
329f8446
# coding: utf-8
#
from
django.db
import
models
from
django.utils.translation
import
ugettext_lazy
as
_
from
.base
import
BasePermission
__all__
=
[
'DatabasePermission'
,
]
class
DatabasePermission
(
BasePermission
):
databases
=
models
.
ManyToManyField
(
'applications.Database'
,
related_name
=
'granted_by_permissions'
,
blank
=
True
,
verbose_name
=
_
(
"Database"
)
)
class
Meta
:
unique_together
=
[(
'org_id'
,
'name'
)]
verbose_name
=
_
(
'Database permission'
)
ordering
=
(
'name'
,)
def
get_all_databases
(
self
):
return
set
(
self
.
databases
.
all
())
apps/perms/models/remote_app_permission.py
View file @
329f8446
...
...
@@ -12,7 +12,10 @@ __all__ = [
class
RemoteAppPermission
(
BasePermission
):
remote_apps
=
models
.
ManyToManyField
(
'applications.RemoteApp'
,
related_name
=
'granted_by_permissions'
,
blank
=
True
,
verbose_name
=
_
(
"RemoteApp"
))
remote_apps
=
models
.
ManyToManyField
(
'applications.RemoteApp'
,
related_name
=
'granted_by_permissions'
,
blank
=
True
,
verbose_name
=
_
(
"RemoteApp"
)
)
class
Meta
:
unique_together
=
[(
'org_id'
,
'name'
)]
...
...
apps/perms/serializers/__init__.py
View file @
329f8446
...
...
@@ -4,3 +4,4 @@
from
.asset_permission
import
*
from
.user_permission
import
*
from
.remote_app_permission
import
*
from
.database_permission
import
*
apps/perms/serializers/database_permission.py
0 → 100644
View file @
329f8446
# coding: utf-8
#
from
rest_framework
import
serializers
from
common.serializers
import
AdaptedBulkListSerializer
from
orgs.mixins
import
BulkOrgResourceModelSerializer
from
..models
import
DatabasePermission
__all__
=
[
'DatabasePermissionSerializer'
,
'DatabasePermissionUpdateUserSerializer'
,
'DatabasePermissionUpdateDatabaseSerializer'
]
class
DatabasePermissionSerializer
(
BulkOrgResourceModelSerializer
):
class
Meta
:
model
=
DatabasePermission
list_serializer_class
=
AdaptedBulkListSerializer
fields
=
[
'id'
,
'name'
,
'users'
,
'user_groups'
,
'databases'
,
'comment'
,
'is_active'
,
'date_start'
,
'date_expired'
,
'is_valid'
,
'created_by'
,
'date_created'
,
]
read_only_fields
=
[
'created_by'
,
'date_created'
]
class
DatabasePermissionUpdateUserSerializer
(
serializers
.
ModelSerializer
):
class
Meta
:
model
=
DatabasePermission
fields
=
[
'id'
,
'users'
]
class
DatabasePermissionUpdateDatabaseSerializer
(
serializers
.
ModelSerializer
):
class
Meta
:
model
=
DatabasePermission
fields
=
[
'id'
,
'databases'
]
apps/perms/urls/api_urls.py
View file @
329f8446
...
...
@@ -10,6 +10,7 @@ app_name = 'perms'
router
=
routers
.
DefaultRouter
()
router
.
register
(
'asset-permissions'
,
api
.
AssetPermissionViewSet
,
'asset-permission'
)
router
.
register
(
'remote-app-permissions'
,
api
.
RemoteAppPermissionViewSet
,
'remote-app-permission'
)
router
.
register
(
'database-permissions'
,
api
.
DatabasePermissionViewSet
,
'database-permission'
)
asset_permission_urlpatterns
=
[
...
...
@@ -85,11 +86,20 @@ remote_app_permission_urlpatterns = [
path
(
'remote-app-permissions/<uuid:pk>/remote-app/add/'
,
api
.
RemoteAppPermissionAddRemoteAppApi
.
as_view
(),
name
=
'remote-app-permission-add-remote-app'
),
]
database_permission_urlpatterns
=
[
# 用户和Database变更
path
(
'database-permissions/<uuid:pk>/user/add/'
,
api
.
DatabasePermissionAddUserApi
.
as_view
(),
name
=
'database-permission-add-user'
),
path
(
'database-permissions/<uuid:pk>/user/remove/'
,
api
.
DatabasePermissionRemoveUserApi
.
as_view
(),
name
=
'database-permission-remove-user'
),
path
(
'database-permissions/<uuid:pk>/database/remove/'
,
api
.
DatabasePermissionRemoveDatabaseApi
.
as_view
(),
name
=
'database-permission-remove-database'
),
path
(
'database-permissions/<uuid:pk>/database/add/'
,
api
.
DatabasePermissionAddDatabaseApi
.
as_view
(),
name
=
'database-permission-add-database'
),
]
old_version_urlpatterns
=
[
re_path
(
'(?P<resource>user|user-group|asset-permission|remote-app-permission)/.*'
,
capi
.
redirect_plural_name_api
)
re_path
(
'(?P<resource>user|user-group|asset-permission|remote-app-permission
|database-permission
)/.*'
,
capi
.
redirect_plural_name_api
)
]
urlpatterns
=
asset_permission_urlpatterns
+
remote_app_permission_urlpatterns
+
old_version_urlpatterns
urlpatterns
=
asset_permission_urlpatterns
+
remote_app_permission_urlpatterns
+
database_permission_urlpatterns
+
old_version_urlpatterns
urlpatterns
+=
router
.
urls
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment