[Update] 超级管理员创建超级审计员或组织审计员

70bf9d17 · jym503558564 · 9b371557 · 70bf9d17 · 70bf9d17 · 70bf9d17
Commit 70bf9d17 authored Aug 08, 2019 by jym503558564
13 changed files
--- a/apps/audits/views.py
+++ b/apps/audits/views.py
@@ -119,7 +119,7 @@ class OperateLogListView(PermissionsMixin, DatetimeSearchMixin, ListView):
    def get_context_data(self, **kwargs):
        context = {
-            'user_list': current_org.get_org_users(),
+            'user_list': current_org.get_org_users_and_auditors(),
            'actions': self.actions_dict,
            'resource_type_list': get_resource_type_list(),
            'date_from': self.date_from,
@@ -142,7 +142,7 @@ class PasswordChangeLogList(PermissionsMixin, DatetimeSearchMixin, ListView):
    permission_classes = [IsOrgAdmin | IsAuditor]
    def get_queryset(self):
-        users = current_org.get_org_users()
+        users = current_org.get_org_users_and_auditors()
        self.queryset = super().get_queryset().filter(
            user__in=[user.__str__() for user in users]
        )
@@ -159,7 +159,7 @@ class PasswordChangeLogList(PermissionsMixin, DatetimeSearchMixin, ListView):
    def get_context_data(self, **kwargs):
        context = {
-            'user_list': current_org.get_org_users(),
+            'user_list': current_org.get_org_users_and_auditors(),
            'date_from': self.date_from,
            'date_to': self.date_to,
            'user': self.user,
@@ -180,7 +180,7 @@ class LoginLogListView(PermissionsMixin, DatetimeSearchMixin, ListView):
    @staticmethod
    def get_org_users():
-        users = current_org.get_org_users().values_list('username', flat=True)
+        users = current_org.get_org_users_and_auditors().values_list('username', flat=True)
        return users
    def get_queryset(self):
@@ -234,7 +234,7 @@ class CommandExecutionListView(UserCommandExecutionListView):
        return queryset
    def get_user_list(self):
-        users = current_org.get_org_users()
+        users = current_org.get_org_users_exclude_auditors()
        return users
    def get_context_data(self, **kwargs):

--- a/apps/jumpserver/views.py
+++ b/apps/jumpserver/views.py
@@ -45,7 +45,7 @@ class IndexView(PermissionsMixin, TemplateView):
    @staticmethod
    def get_user_count():
-        return current_org.get_org_users().count()
+        return current_org.get_org_users_and_auditors().count()
    @staticmethod
    def get_asset_count():
@@ -100,7 +100,7 @@ class IndexView(PermissionsMixin, TemplateView):
        return self.session_month.values('user').distinct().count()
    def get_month_inactive_user_total(self):
-        count = current_org.get_org_users().count() - self.get_month_active_user_total()
+        count = current_org.get_org_users_and_auditors().count() - self.get_month_active_user_total()
        if count < 0:
            count = 0
        return count
@@ -116,7 +116,7 @@ class IndexView(PermissionsMixin, TemplateView):
    @staticmethod
    def get_user_disabled_total():
-        return current_org.get_org_users().filter(is_active=False).count()
+        return current_org.get_org_users_and_auditors().filter(is_active=False).count()
    @staticmethod
    def get_asset_disabled_total():

--- a/apps/orgs/models.py
+++ b/apps/orgs/models.py
@@ -68,6 +68,16 @@ class Organization(models.Model):
        return org
    def get_org_users(self, include_app=False):
+        from users.models import User
+        if self.is_real():
+            users = self.users.all()
+        else:
+            users = User.objects.all()
+        if not include_app:
+            users = users.exclude(role=User.ROLE_APP)
+        return users
+    def get_org_users_and_auditors(self, include_app=False):
        from users.models import User
        if self.is_real():
            users = self.users.all() | self.auditors.all()
@@ -77,6 +87,16 @@ class Organization(models.Model):
            users = users.exclude(role=User.ROLE_APP)
        return users
+    def get_org_users_exclude_auditors(self, include_app=False):
+        from users.models import User
+        if self.is_real():
+            users = self.users.all()
+        else:
+            users = User.objects.exclude(role=User.ROLE_AUDITOR)
+        if not include_app:
+            users = users.exclude(role=User.ROLE_APP)
+        return users
    def get_org_admins(self):
        if self.is_real():
            return self.admins.all()
@@ -115,7 +135,8 @@ class Organization(models.Model):
        elif user.is_auditor:
            admin_orgs = user.audit_orgs.all()
            if not admin_orgs:
-                admin_orgs = [cls.default()]
+                admin_orgs = list(cls.objects.all())
+                admin_orgs.append(cls.default())
        return admin_orgs
    @classmethod

--- a/apps/perms/forms/asset_permission.py
+++ b/apps/perms/forms/asset_permission.py
@@ -39,7 +39,7 @@ class AssetPermissionForm(OrgModelForm):
    def __init__(self, *args, **kwargs):
        super().__init__(*args, **kwargs)
        users_field = self.fields.get('users')
-        users_field.queryset = current_org.get_org_users()
+        users_field.queryset = current_org.get_org_users_exclude_auditors()
        nodes_field = self.fields['nodes']
        nodes_field.choices = ((n.id, n.full_value) for n in Node.get_queryset())

--- a/apps/perms/forms/remote_app_permission.py
+++ b/apps/perms/forms/remote_app_permission.py
@@ -19,7 +19,7 @@ class RemoteAppPermissionCreateUpdateForm(OrgModelForm):
        super().__init__(*args, **kwargs)
        users_field = self.fields.get('users')
        if hasattr(users_field, 'queryset'):
-            users_field.queryset = current_org.get_org_users()
+            users_field.queryset = current_org.get_org_users_exclude_auditors()
    class Meta:
        model = RemoteAppPermission

--- a/apps/perms/views/asset_permission.py
+++ b/apps/perms/views/asset_permission.py
@@ -135,7 +135,7 @@ class AssetPermissionUserView(PermissionsMixin,
        context = {
            'app': _('Perms'),
            'action': _('Asset permission user list'),
-            'users_remain': current_org.get_org_users().exclude(
+            'users_remain': current_org.get_org_users_exclude_auditors().exclude(
                assetpermission=self.object
            ),
            'user_groups_remain': UserGroup.objects.exclude(

--- a/apps/perms/views/remote_app_permission.py
+++ b/apps/perms/views/remote_app_permission.py
@@ -107,7 +107,7 @@ class RemoteAppPermissionUserView(PermissionsMixin,
        context = {
            'app': _('Perms'),
            'action': _('RemoteApp permission user list'),
-            'users_remain': current_org.get_org_users().exclude(
+            'users_remain': current_org.get_org_users_exclude_auditors().exclude(
                remoteapppermission=self.object
            ),
            'user_groups_remain': UserGroup.objects.exclude(

--- a/apps/users/api/user.py
+++ b/apps/users/api/user.py
@@ -60,7 +60,7 @@ class UserViewSet(IDInCacheFilterMixin, BulkModelViewSet):
        self.send_created_signal(users)
    def get_queryset(self):
-        queryset = current_org.get_org_users().prefetch_related('groups')
+        queryset = current_org.get_org_users_and_auditors().prefetch_related('groups')
        return queryset
    def get_permissions(self):

--- a/apps/users/forms.py
+++ b/apps/users/forms.py
@@ -67,8 +67,14 @@ class UserCreateUpdateFormMixin(OrgModelForm):
        # Org admin user
        else:
-            roles.append((User.ROLE_USER, dict(User.ROLE_CHOICES).get(User.ROLE_USER)))
+            user = kwargs.get('instance')
-            roles.append((User.ROLE_AUDITOR, dict(User.ROLE_CHOICES).get(User.ROLE_AUDITOR)))
+            # Update
+            if user:
+                role = kwargs.get('instance').role
+                roles.append((role, dict(User.ROLE_CHOICES).get(role)))
+            # Create
+            else:
+                roles.append((User.ROLE_USER, dict(User.ROLE_CHOICES).get(User.ROLE_USER)))
        field = self.fields['role']
        field.choices = set(roles)
@@ -329,7 +335,7 @@ class UserGroupForm(OrgModelForm):
            return
        users_field = self.fields.get('users')
        if hasattr(users_field, 'queryset'):
-            users_field.queryset = current_org.get_org_users()
+            users_field.queryset = current_org.get_org_users_exclude_auditors()
    def save(self, commit=True):
        group = super().save(commit=commit)

--- a/apps/users/serializers/v1.py
+++ b/apps/users/serializers/v1.py
@@ -50,7 +50,7 @@ class UserSerializer(BulkSerializerMixin, serializers.ModelSerializer):
    def validate_role(self, value):
        request = self.context.get('request')
-        if not request.user.is_org_admin and value != User.ROLE_USER:
+        if not request.user.is_superuser and value != User.ROLE_USER:
            role_display = dict(User.ROLE_CHOICES)[User.ROLE_USER]
            msg = _("Role limit to {}".format(role_display))
            raise serializers.ValidationError(msg)

--- a/apps/users/templates/users/user_detail.html
+++ b/apps/users/templates/users/user_detail.html
@@ -211,45 +211,46 @@
                                    </table>
                                </div>
                            </div>
+                            {% if not user_object.is_auditor %}
+                                <div class="panel panel-info">
+                                    <div class="panel-heading">
+                                        <i class="fa fa-info-circle"></i> {% trans 'User group' %}
+                                    </div>
+                                    <div class="panel-body">
+                                        <table class="table group_edit">
+                                            <tbody>
+                                                <form>
+                                                    <tr>
+                                                        <td colspan="2" class="no-borders">
+                                                            <select data-placeholder="{% trans 'Join user groups' %}" id="groups_selected" class="select2" style="width: 100%" multiple="" tabindex="4">
+                                                                {% for group in groups %}
+                                                                    <option value="{{ group.id }}" id="opt_{{ group.id }}" >{{ group.name }}</option>
+                                                                {% endfor %}
+                                                            </select>
+                                                        </td>
+                                                    </tr>
+                                                    <tr>
+                                                        <td colspan="2" class="no-borders">
+                                                            <button type="button" class="btn btn-info btn-small" id="btn_join_group">{% trans 'Join' %}</button>
+                                                        </td>
+                                                    </tr>
+                                                </form>
-                            <div class="panel panel-info">
+                                                {% for group in user_object.groups.all %}
-                                <div class="panel-heading">
+                                                    <tr>
-                                    <i class="fa fa-info-circle"></i> {% trans 'User group' %}
+                                                        <td >
-                                </div>
+                                                            <b class="bdg_group" data-gid={{ group.id }}>{{ group.name }}</b>
-                                <div class="panel-body">
+                                                        </td>
-                                    <table class="table group_edit">
+                                                        <td>
-                                        <tbody>
+                                                            <button class="btn btn-danger pull-right btn-xs btn_leave_group" type="button"><i class="fa fa-minus"></i></button>
-                                        <form>
+                                                        </td>
-                                            <tr>
+                                                    </tr>
-                                                <td colspan="2" class="no-borders">
+                                                {% endfor %}
-                                                    <select data-placeholder="{% trans 'Join user groups' %}" id="groups_selected" class="select2" style="width: 100%" multiple="" tabindex="4">
+                                            </tbody>
-                                                        {% for group in groups %}
+                                        </table>
-                                                        <option value="{{ group.id }}" id="opt_{{ group.id }}" >{{ group.name }}</option>
+                                    </div>
-                                                        {% endfor %}
-                                                    </select>
-                                                </td>
-                                            </tr>
-                                            <tr>
-                                                <td colspan="2" class="no-borders">
-                                                    <button type="button" class="btn btn-info btn-small" id="btn_join_group">{% trans 'Join' %}</button>
-                                                </td>
-                                            </tr>
-                                        </form>
-                                        {% for group in user_object.groups.all %}
-                                        <tr>
-                                          <td >
-                                              <b class="bdg_group" data-gid={{ group.id }}>{{ group.name }}</b>
-                                          </td>
-                                          <td>
-                                              <button class="btn btn-danger pull-right btn-xs btn_leave_group" type="button"><i class="fa fa-minus"></i></button>
-                                          </td>
-                                        </tr>
-                                        {% endfor %}
-                                        </tbody>
-                                    </table>
                                </div>
-                            </div>
+                            {% endif %}
                        </div>
                    </div>
                </div>

--- a/apps/users/views/group.py
+++ b/apps/users/views/group.py
@@ -76,7 +76,7 @@ class UserGroupDetailView(PermissionsMixin, DetailView):
    permission_classes = [IsOrgAdmin]
    def get_context_data(self, **kwargs):
-        users = current_org.get_org_users().exclude(id__in=self.object.users.all())
+        users = current_org.get_org_users_exclude_auditors().exclude(id__in=self.object.users.all())
        context = {
            'app': _('Users'),
            'action': _('User group detail'),

--- a/apps/users/views/user.py
+++ b/apps/users/views/user.py
@@ -195,7 +195,7 @@ class UserDetailView(PermissionsMixin, DetailView):
    def get_queryset(self):
        queryset = super().get_queryset()
-        org_users = current_org.get_org_users().values_list('id', flat=True)
+        org_users = current_org.get_org_users_and_auditors().values_list('id', flat=True)
        queryset = queryset.filter(id__in=org_users)
        return queryset