Bugfix (#3065)

* [Update] 修复浏览器关闭后session不失效的问题 * [Update] 修改一些内容 * [Update] 解决命令执行找不到对象的问题 * [Update] 修改Permission判断 * [Update] 修改session * [Update] 修改创建系统用户时没有public key

Bugfix (#3065)
* [Update] 修复浏览器关闭后session不失效的问题 * [Update] 修改一些内容 * [Update] 解决命令执行找不到对象的问题 * [Update] 修改Permission判断 * [Update] 修改session * [Update] 修改创建系统用户时没有public key
42547751 · BaiJiangJie · GitHub · 44d41e86 · 42547751 · 42547751
Unverified Commit 42547751 authored Aug 01, 2019 by BaiJiangJie Committed by GitHub Aug 01, 2019
8 changed files
--- a/apps/assets/models/node.py
+++ b/apps/assets/models/node.py
@@ -212,12 +212,13 @@ class AssetsAmountMixin:
        if cached is not None:
            return cached
        assets_amount = self.get_all_assets().count()
-        cache.set(cache_key, assets_amount, self.cache_time)
        return assets_amount
    @assets_amount.setter
    def assets_amount(self, value):
        self._assets_amount = value
+        cache_key = self._assets_amount_cache_key.format(self.key)
+        cache.set(cache_key, value, self.cache_time)
    def expire_assets_amount(self):
        ancestor_keys = self.get_ancestor_keys(with_self=True)

--- a/apps/assets/serializers/base.py
+++ b/apps/assets/serializers/base.py
@@ -59,6 +59,7 @@ class AuthSerializerMixin:
            value = validated_data.get(field)
            if not value:
                validated_data.pop(field, None)
        # print(validated_data)
        # raise serializers.ValidationError(">>>>>>")

--- a/apps/assets/serializers/system_user.py
+++ b/apps/assets/serializers/system_user.py
@@ -3,6 +3,7 @@ from rest_framework import serializers
 from django.utils.translation import ugettext_lazy as _
 from common.serializers import AdaptedBulkListSerializer
+from common.utils import ssh_pubkey_gen
 from orgs.mixins import BulkOrgResourceModelSerializer
 from ..models import SystemUser
 from .base import AuthSerializer, AuthSerializerMixin
@@ -86,6 +87,13 @@ class SystemUserSerializer(AuthSerializerMixin, BulkOrgResourceModelSerializer):
                private_key, public_key = SystemUser.gen_key(username)
                attrs["private_key"] = private_key
                attrs["public_key"] = public_key
+                # 如果设置了private key，没有设置public key则生成
+        elif attrs.get("private_key", None):
+            private_key = attrs["private_key"]
+            password = attrs.get("password")
+            public_key = ssh_pubkey_gen(private_key, password=password,
+                                        username=username)
+            attrs["public_key"] = public_key
        attrs.pop("auto_generate_key", None)
        return attrs

--- a/apps/common/permissions.py
+++ b/apps/common/permissions.py
@@ -49,6 +49,8 @@ class IsOrgAdmin(IsValidUser):
    """Allows access only to superuser"""
    def has_permission(self, request, view):
+        if not current_org:
+            return False
        return super(IsOrgAdmin, self).has_permission(request, view) \
            and current_org.can_admin_by(request.user)
@@ -57,6 +59,8 @@ class IsOrgAdminOrAppUser(IsValidUser):
    """Allows access between superuser and app user"""
    def has_permission(self, request, view):
+        if not current_org:
+            return False
        return super(IsOrgAdminOrAppUser, self).has_permission(request, view) \
            and (current_org.can_admin_by(request.user) or request.user.is_app)

--- a/apps/jumpserver/middleware.py
+++ b/apps/jumpserver/middleware.py
@@ -5,6 +5,7 @@ import re
 import pytz
 from django.utils import timezone
 from django.shortcuts import HttpResponse
+from django.conf import settings
 from .utils import set_current_request
@@ -56,6 +57,7 @@ class RequestMiddleware:
    def __call__(self, request):
        set_current_request(request)
        response = self.get_response(request)
-        age = request.session.get_expiry_age()
+        if not settings.SESSION_EXPIRE_AT_BROWSER_CLOSE:
-        request.session.set_expiry(age)
+            age = request.session.get_expiry_age()
+            request.session.set_expiry(age)
        return response
--- a/apps/ops/api/command.py
+++ b/apps/ops/api/command.py
@@ -4,13 +4,14 @@ from rest_framework import viewsets
 from django.db import transaction
 from django.conf import settings
+from orgs.mixins import RootOrgViewMixin
 from common.permissions import IsValidUser
 from ..models import CommandExecution
 from ..serializers import CommandExecutionSerializer
 from ..tasks import run_command_execution
-class CommandExecutionViewSet(viewsets.ModelViewSet):
+class CommandExecutionViewSet(RootOrgViewMixin, viewsets.ModelViewSet):
    serializer_class = CommandExecutionSerializer
    permission_classes = (IsValidUser,)

--- a/apps/perms/apps.py
+++ b/apps/perms/apps.py
 from __future__ import unicode_literals
+from django.conf import settings
 from django.apps import AppConfig
@@ -8,4 +9,6 @@ class PermsConfig(AppConfig):
    def ready(self):
        from . import signals_handler
+        if not settings.XPACK_ENABLED:
+            settings.ASSETS_PERM_CACHE_ENABLE = False
        return super().ready()
--- a/apps/terminal/serializers/v1.py
+++ b/apps/terminal/serializers/v1.py
@@ -27,6 +27,7 @@ class TerminalSerializer(serializers.ModelSerializer):
 class SessionSerializer(BulkOrgResourceModelSerializer):
    command_amount = serializers.IntegerField(read_only=True)
+    org_id = serializers.CharField(allow_blank=True)
    class Meta:
        model = Session