Merge branch 'dev' into dev_ldap_sync_timing

8081a864 · BaiJiangJie · 4b7cd796 · 1a82b858 · 8081a864 · 8081a864
Commit 8081a864 authored Sep 27, 2019 by BaiJiangJie
19 changed files
--- a/apps/assets/templates/assets/admin_user_detail.html
+++ b/apps/assets/templates/assets/admin_user_detail.html
@@ -140,8 +140,7 @@ function replaceNodeAssetsAdminUser(nodes) {
 jumpserver.nodes_selected = {};
 $(document).ready(function () {
-    var url = "{% url 'api-assets:node-list' %}";
+    nodesSelect2Init(".nodes-select2")
-    nodesSelect2Init(".nodes-select2", url)
    .on('select2:select', function(evt) {
        var data = evt.params.data;
        jumpserver.nodes_selected[data.id] = data.text;

--- a/apps/assets/templates/assets/asset_create.html
+++ b/apps/assets/templates/assets/asset_create.html
@@ -110,8 +110,7 @@ $(document).ready(function () {
    $('.select2').select2({
        allowClear: true
    });
-    var url = "{% url 'api-assets:node-list' %}";
+    nodesSelect2Init(".nodes-select2");
-    nodesSelect2Init(".nodes-select2", url);
    $(".labels").select2({
        allowClear: true,
        templateSelection: format

--- a/apps/assets/templates/assets/asset_detail.html
+++ b/apps/assets/templates/assets/asset_detail.html
@@ -287,8 +287,7 @@ function refreshAssetHardware() {
 $(document).ready(function () {
-    var url = "{% url 'api-assets:node-list' %}";
+    nodesSelect2Init(".nodes-select2")
-    nodesSelect2Init(".nodes-select2", url)
    .on('select2:select', function(evt) {
        var data = evt.params.data;
        jumpserver.nodes_selected[data.id] = data.text;

--- a/apps/assets/templates/assets/system_user_assets.html
+++ b/apps/assets/templates/assets/system_user_assets.html
@@ -153,8 +153,7 @@ jumpserver.nodes_selected = {};
 $(document).ready(function () {
 	$('.select2').select2()
-    var url = "{% url 'api-assets:node-list' %}";
+    nodesSelect2Init(".nodes-select2")
-    nodesSelect2Init(".nodes-select2", url)
 	.on('select2:select', function(evt) {
            var data = evt.params.data;
            jumpserver.nodes_selected[data.id] = data.text;

--- a/apps/authentication/templates/authentication/_access_key_modal.html
+++ b/apps/authentication/templates/authentication/_access_key_modal.html
@@ -15,7 +15,8 @@
 </style>
 <div class="alert alert-info help-message" style="margin-left: 0px; margin-right: 0px;">
-    {% trans 'Using api key sign api header, every requests header difference'%}, <a href="https://tools.ietf.org/html/draft-cavage-http-signatures-08">{% trans 'docs' %} </a>
+    {% trans 'Using api key sign api header, every requests header difference'%}
+    <a href="https://jumpserver.readthedocs.io/zh/master/api_auth.html#access-key" target="_blank">{% trans 'docs' %} </a>
 </div>
 <div class="uc pull-left m-r-0 m-t-10">
    <button class="btn btn-primary btn-sm" id="create-btn" href="#"> {% trans "Create" %} </button>

--- a/apps/jumpserver/conf.py
+++ b/apps/jumpserver/conf.py
@@ -387,6 +387,7 @@ defaults = {
    'WINDOWS_SSH_DEFAULT_SHELL': 'cmd',
    'FLOWER_URL': "127.0.0.1:5555",
    'AUTH_LDAP_SEARCH_PAGED_SIZE': 1000,
+    'DEFAULT_ORG_SHOW_ALL_USERS': True,
 }

--- a/apps/jumpserver/settings.py
+++ b/apps/jumpserver/settings.py
@@ -624,6 +624,8 @@ ASSETS_PERM_CACHE_TIME = CONFIG.ASSETS_PERM_CACHE_TIME
 # Asset user auth external backend, default AuthBook backend
 BACKEND_ASSET_USER_AUTH_VAULT = False
+DEFAULT_ORG_SHOW_ALL_USERS = CONFIG.DEFAULT_ORG_SHOW_ALL_USERS
 PERM_SINGLE_ASSET_TO_UNGROUP_NODE = CONFIG.PERM_SINGLE_ASSET_TO_UNGROUP_NODE
 WINDOWS_SSH_DEFAULT_SHELL = CONFIG.WINDOWS_SSH_DEFAULT_SHELL
 FLOWER_URL = CONFIG.FLOWER_URL

--- a/apps/locale/zh/LC_MESSAGES/django.po
+++ b/apps/locale/zh/LC_MESSAGES/django.po
@@ -6135,7 +6135,7 @@ msgstr "管理员"
 #: xpack/plugins/orgs/forms.py:42
 msgid "Select auditor"
-msgstr "选择审计员员"
+msgstr "选择审计员"
 #: xpack/plugins/orgs/meta.py:8 xpack/plugins/orgs/views.py:26
 #: xpack/plugins/orgs/views.py:43 xpack/plugins/orgs/views.py:60

--- a/apps/orgs/models.py
+++ b/apps/orgs/models.py
 import uuid
+from django.conf import settings
 from django.db import models
 from django.utils.translation import ugettext_lazy as _
@@ -75,7 +76,10 @@ class Organization(models.Model):
        from users.models import User
        if self.is_real():
            return self.users.all()
-        return User.objects.filter(role=User.ROLE_USER)
+        users = User.objects.filter(role=User.ROLE_USER)
+        if self.is_default() and not settings.DEFAULT_ORG_SHOW_ALL_USERS:
+            users = users.filter(related_user_orgs__isnull=True)
+        return users
    def get_org_admins(self):
        from users.models import User
@@ -130,7 +134,7 @@ class Organization(models.Model):
        return admin_orgs
    @classmethod
-    def get_user_user_orgs(self, user):
+    def get_user_user_orgs(cls, user):
        user_orgs = []
        if user.is_anonymous:
            return user_orgs

--- a/apps/orgs/utils.py
+++ b/apps/orgs/utils.py
@@ -11,8 +11,17 @@ def get_org_from_request(request):
    oid = request.session.get("oid")
    if not oid:
        oid = request.META.get("HTTP_X_JMS_ORG")
+    request_params_oid = request.GET.get("oid")
+    if request_params_oid:
+        oid = request.GET.get("oid")
    if not oid:
        oid = Organization.DEFAULT_ID
+    if oid.lower() == "default":
+        oid = Organization.DEFAULT_ID
+    elif oid.lower() == "root":
+        oid = Organization.ROOT_ID
    org = Organization.get_instance(oid)
    return org

--- a/apps/perms/forms/asset_permission.py
+++ b/apps/perms/forms/asset_permission.py
@@ -38,20 +38,21 @@ class AssetPermissionForm(OrgModelForm):
    def __init__(self, *args, **kwargs):
        super().__init__(*args, **kwargs)
-        users_field = self.fields.get('users')
-        users_field.queryset = current_org.get_org_members(exclude=('Auditor',))
        if self.data:
            return
        # 前端渲染优化, 防止过多资产
+        users_field = self.fields.get('users')
        assets_field = self.fields['assets']
        nodes_field = self.fields['nodes']
        if self.instance:
            assets_field.queryset = self.instance.assets.all()
            nodes_field.queryset = self.instance.nodes.all()
+            users_field.queryset = self.instance.users.all()
        else:
            assets_field.queryset = Asset.objects.none()
            nodes_field.queryset = Node.objects.none()
+            users_field.queryset = []
    def set_nodes_initial(self, nodes):
        field = self.fields['nodes']
@@ -70,7 +71,7 @@ class AssetPermissionForm(OrgModelForm):
        )
        widgets = {
            'users': forms.SelectMultiple(
-                attrs={'class': 'select2', 'data-placeholder': _("User")}
+                attrs={'class': 'users-select2', 'data-placeholder': _("User")}
            ),
            'user_groups': forms.SelectMultiple(
                attrs={'class': 'select2', 'data-placeholder': _("User group")}

--- a/apps/perms/forms/remote_app_permission.py
+++ b/apps/perms/forms/remote_app_permission.py
@@ -17,9 +17,12 @@ __all__ = [
 class RemoteAppPermissionCreateUpdateForm(OrgModelForm):
    def __init__(self, *args, **kwargs):
        super().__init__(*args, **kwargs)
        users_field = self.fields.get('users')
-        if hasattr(users_field, 'queryset'):
+        if self.instance:
-            users_field.queryset = current_org.get_org_members(exclude=('Auditor',))
+            users_field.queryset = self.instance.users.all()
+        else:
+            users_field.queryset = []
    class Meta:
        model = RemoteAppPermission
@@ -28,7 +31,7 @@ class RemoteAppPermissionCreateUpdateForm(OrgModelForm):
        )
        widgets = {
            'users': forms.SelectMultiple(
-                attrs={'class': 'select2', 'data-placeholder': _('User')}
+                attrs={'class': 'users-select2', 'data-placeholder': _('User')}
            ),
            'user_groups': forms.SelectMultiple(
                attrs={'class': 'select2', 'data-placeholder': _('User group')}

--- a/apps/perms/templates/perms/asset_permission_asset.html
+++ b/apps/perms/templates/perms/asset_permission_asset.html
@@ -204,8 +204,7 @@ $(document).ready(function () {
    $('.select2').select2();
    table = initAssetTable();
-    var nodeListUrl = "{% url 'api-assets:node-list' %}";
+    nodesSelect2Init(".nodes-select2");
-    nodesSelect2Init(".nodes-select2", nodeListUrl);
    $("#id_assets").parent().find(".select2-selection").on('click', function (e) {
        if ($(e.target).attr('class') !== 'select2-selection__choice__remove'){

--- a/apps/perms/templates/perms/asset_permission_create_update.html
+++ b/apps/perms/templates/perms/asset_permission_create_update.html
@@ -116,8 +116,8 @@ $(document).ready(function () {
    $('.select2').select2({
        closeOnSelect: false
    });
-    var url = "{% url 'api-assets:node-list' %}";
+    nodesSelect2Init(".nodes-select2");
-    nodesSelect2Init(".nodes-select2", url);
+    usersSelect2Init(".users-select2");
    $('#date_start').daterangepicker(dateOptions);
    $('#date_expired').daterangepicker(dateOptions);
@@ -154,4 +154,4 @@ $(document).ready(function () {
    formSubmit(props);
 })
 </script>
 {% endblock %}
\ No newline at end of file
--- a/apps/perms/templates/perms/remote_app_permission_create_update.html
+++ b/apps/perms/templates/perms/remote_app_permission_create_update.html
@@ -114,6 +114,7 @@ $(document).ready(function () {
    $('.select2').select2({
        closeOnSelect: false
    });
+    usersSelect2Init('.users-select2');
    $('#date_start').daterangepicker(dateOptions);
    $('#date_expired').daterangepicker(dateOptions);
 })
@@ -141,4 +142,4 @@ $(document).ready(function () {
    formSubmit(props);
 })
 </script>
 {% endblock %}
\ No newline at end of file
--- a/apps/static/js/jumpserver.js
+++ b/apps/static/js/jumpserver.js
@@ -1177,6 +1177,9 @@ function readFile(ref) {
 }
 function nodesSelect2Init(selector, url) {
+    if (!url) {
+        url = '/api/v1/assets/nodes/'
+    }
    return $(selector).select2({
        closeOnSelect: false,
        ajax: {
@@ -1201,6 +1204,36 @@ function nodesSelect2Init(selector, url) {
    })
 }
+function usersSelect2Init(selector, url) {
+    if (!url) {
+        url = '/api/v1/users/users/'
+    }
+    return $(selector).select2({
+        closeOnSelect: false,
+        ajax: {
+            url: url,
+            data: function (params) {
+                var page = params.page || 1;
+                var query = {
+                    search: params.term,
+                    offset: (page - 1) * 10,
+                    limit: 10
+                };
+                return query
+            },
+            processResults: function (data) {
+                var results = $.map(data.results, function (v, i) {
+                    var display = v.name + '(' + v.username +')';
+                    return {id: v.id, text: display}
+                });
+                var more = !!data.next;
+                return {results: results, pagination: {"more": more}}
+            }
+        },
+    })
+}
 function showCeleryTaskLog(taskId) {
    var url = '/ops/celery/task/taskId/log/'.replace('taskId', taskId);
    window.open(url, '', 'width=900,height=600')

--- a/apps/users/api/user.py
+++ b/apps/users/api/user.py
@@ -12,7 +12,7 @@ from rest_framework_bulk import BulkModelViewSet
 from common.permissions import (
    IsOrgAdmin, IsCurrentUserOrReadOnly, IsOrgAdminOrAppUser,
-    CanUpdateDeleteUser,
+    CanUpdateDeleteUser, IsSuperUser
 )
 from common.mixins import CommonApiMixin
 from common.utils import get_logger
@@ -52,12 +52,15 @@ class UserViewSet(CommonApiMixin, BulkModelViewSet):
        self.send_created_signal(users)
    def get_queryset(self):
-        queryset = current_org.get_org_members().prefetch_related('groups')
+        queryset = current_org.get_org_members()\
+            .prefetch_related('groups')
        return queryset
    def get_permissions(self):
        if self.action in ["retrieve", "list"]:
            self.permission_classes = (IsOrgAdminOrAppUser,)
+        if self.request.query_params.get('all'):
+            self.permission_classes = (IsSuperUser,)
        return super().get_permissions()
    def perform_bulk_destroy(self, objects):
@@ -176,4 +179,4 @@ class UserResetOTPApi(generics.RetrieveAPIView):
            user.otp_secret_key = ''
            user.save()
            logout(request)
        return Response({"msg": "success"})
\ No newline at end of file
--- a/apps/users/forms.py
+++ b/apps/users/forms.py
@@ -308,11 +308,11 @@ class UserBulkUpdateForm(OrgModelForm):
 class UserGroupForm(OrgModelForm):
    users = forms.ModelMultipleChoiceField(
-        queryset=User.objects.all(),
+        queryset=User.objects.none(),
        label=_("User"),
        widget=forms.SelectMultiple(
            attrs={
-                'class': 'select2',
+                'class': 'users-select2',
                'data-placeholder': _('Select users')
            }
        ),
@@ -329,8 +329,10 @@ class UserGroupForm(OrgModelForm):
        if 'initial' not in kwargs:
            return
        users_field = self.fields.get('users')
-        if hasattr(users_field, 'queryset'):
+        if instance:
-            users_field.queryset = current_org.get_org_members(exclude=('Auditor',))
+            users_field.queryset = instance.users.all()
+        else:
+            users_field.queryset = User.objects.none()
    def save(self, commit=True):
        group = super().save(commit=commit)

--- a/apps/users/templates/users/user_group_create_update.html
+++ b/apps/users/templates/users/user_group_create_update.html
@@ -46,6 +46,7 @@ $(document).ready(function () {
    $('.select2').select2({
        closeOnSelect: false
    });
+    usersSelect2Init('.users-select2')
 })
 .on("submit", "form", function (evt) {
    evt.preventDefault();