Skip to content
Projects
Groups
Snippets
Help
Loading...
Sign in
Toggle navigation
J
jumpserver
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
ops
jumpserver
Commits
847e37e6
Commit
847e37e6
authored
Sep 19, 2019
by
ibuler
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
[Update] 修改一些bug
parent
b7021b5e
Hide whitespace changes
Inline
Side-by-side
Showing
14 changed files
with
106 additions
and
75 deletions
+106
-75
node.py
apps/assets/models/node.py
+6
-5
signals_handler.py
apps/assets/signals_handler.py
+5
-6
__init__.py
apps/assets/tasks/__init__.py
+1
-0
common.py
apps/assets/tasks/common.py
+14
-0
user_asset_list.html
apps/assets/templates/assets/user_asset_list.html
+1
-1
common.py
apps/common/utils/common.py
+14
-0
asset_permission.py
apps/perms/api/asset_permission.py
+4
-0
common.py
apps/perms/api/user_permission/common.py
+2
-4
mixin.py
apps/perms/api/user_permission/mixin.py
+11
-7
signals_handler.py
apps/perms/signals_handler.py
+0
-12
asset_permission.py
apps/perms/utils/asset_permission.py
+25
-25
_granted_assets.html
apps/users/templates/users/_granted_assets.html
+19
-11
user_granted_asset.html
apps/users/templates/users/user_granted_asset.html
+2
-2
user_group_granted_asset.html
apps/users/templates/users/user_group_granted_asset.html
+2
-2
No files found.
apps/assets/models/node.py
View file @
847e37e6
...
...
@@ -10,7 +10,7 @@ from django.utils.translation import ugettext_lazy as _
from
django.utils.translation
import
ugettext
from
django.core.cache
import
cache
from
common.utils
import
get_logger
from
common.utils
import
get_logger
,
timeit
from
orgs.mixins.models
import
OrgModelMixin
,
OrgManager
from
orgs.utils
import
set_current_org
,
get_current_org
,
tmp_to_org
from
orgs.models
import
Organization
...
...
@@ -298,14 +298,15 @@ class NodeAssetsMixin:
return
self
.
get_all_assets
()
.
valid
()
@classmethod
@timeit
def
get_nodes_all_assets
(
cls
,
nodes_keys
):
from
.asset
import
Asset
nodes_keys
=
cls
.
clean_children_keys
(
nodes_keys
)
pattern
=
set
()
assets_ids
=
set
()
for
key
in
nodes_keys
:
pattern
.
add
(
r'^{0}$|^{0}:'
.
format
(
key
)
)
pattern
=
'|'
.
join
(
list
(
pattern
))
return
Asset
.
objects
.
filter
(
nodes__key__regex
=
pattern
)
node_assets_ids
=
cls
.
tree
()
.
all_assets
(
key
)
assets_ids
.
update
(
set
(
node_assets_ids
))
return
Asset
.
objects
.
filter
(
id__in
=
assets_ids
)
class
SomeNodesMixin
:
...
...
apps/assets/signals_handler.py
View file @
847e37e6
...
...
@@ -7,13 +7,14 @@ from django.db.models.signals import (
from
django.db.models.aggregates
import
Count
from
django.dispatch
import
receiver
from
common.utils
import
get_logger
from
common.utils
import
get_logger
,
timeit
from
common.decorator
import
on_transaction_commit
from
.models
import
Asset
,
SystemUser
,
Node
from
.tasks
import
(
update_assets_hardware_info_util
,
test_asset_connectivity_util
,
push_system_user_to_assets
push_system_user_to_assets
,
add_nodes_assets_to_system_users
)
...
...
@@ -99,7 +100,7 @@ def on_system_user_nodes_change(sender, instance=None, action=None, model=None,
"""
if
action
!=
"post_add"
:
return
logger
.
info
(
"System user
`{}` nodes update signal recv
"
.
format
(
instance
))
logger
.
info
(
"System user
nodes update signal recv: {}
"
.
format
(
instance
))
queryset
=
model
.
objects
.
filter
(
pk__in
=
pk_set
)
if
model
==
Node
:
...
...
@@ -108,9 +109,7 @@ def on_system_user_nodes_change(sender, instance=None, action=None, model=None,
else
:
nodes_keys
=
[
instance
.
key
]
system_users
=
queryset
assets
=
Node
.
get_nodes_all_assets
(
nodes_keys
)
.
values_list
(
'id'
,
flat
=
True
)
for
system_user
in
system_users
:
system_user
.
assets
.
add
(
*
tuple
(
assets
))
add_nodes_assets_to_system_users
.
delay
(
nodes_keys
,
system_users
)
@receiver
(
m2m_changed
,
sender
=
Asset
.
nodes
.
through
)
...
...
apps/assets/tasks/__init__.py
View file @
847e37e6
# -*- coding: utf-8 -*-
#
from
.utils
import
*
from
.common
import
*
from
.admin_user_connectivity
import
*
from
.asset_connectivity
import
*
from
.asset_user_connectivity
import
*
...
...
apps/assets/tasks/common.py
0 → 100644
View file @
847e37e6
# -*- coding: utf-8 -*-
#
from
celery
import
shared_task
__all__
=
[
'add_nodes_assets_to_system_users'
]
@shared_task
def
add_nodes_assets_to_system_users
(
nodes_keys
,
system_users
):
from
..models
import
Node
assets
=
Node
.
get_nodes_all_assets
(
nodes_keys
)
.
values_list
(
'id'
,
flat
=
True
)
for
system_user
in
system_users
:
system_user
.
assets
.
add
(
*
tuple
(
assets
))
apps/assets/templates/assets/user_asset_list.html
View file @
847e37e6
...
...
@@ -24,7 +24,7 @@
var
treeUrl
=
"{% url 'api-perms:my-nodes-children-as-tree' %}?&cache_policy=1"
;
var
assetTableUrl
=
"{% url 'api-perms:my-assets' %}?cache_policy=1"
;
var
selectUrl
=
'{% url "api-perms:my-node-assets" node_id=DEFAULT_PK %}?cache_policy=1&all=1'
;
var
systemUsersUrl
=
"{% url 'api-perms:my-asset-system-users' asset_id=DEFAULT_PK %}"
;
var
systemUsersUrl
=
"{% url 'api-perms:my-asset-system-users' asset_id=DEFAULT_PK %}
?cache_policy=1
"
;
var
showAssetHref
=
false
;
// Need input default true
var
actions
=
{
targets
:
4
,
createdCell
:
function
(
td
,
cellData
)
{
...
...
apps/common/utils/common.py
View file @
847e37e6
...
...
@@ -213,3 +213,16 @@ def dict_get_any(d, keys):
if
value
:
return
value
return
None
class
lazyproperty
:
def
__init__
(
self
,
func
):
self
.
func
=
func
def
__get__
(
self
,
instance
,
cls
):
if
instance
is
None
:
return
self
else
:
value
=
self
.
func
(
instance
)
setattr
(
instance
,
self
.
func
.
__name__
,
value
)
return
value
\ No newline at end of file
apps/perms/api/asset_permission.py
View file @
847e37e6
...
...
@@ -180,6 +180,7 @@ class AssetPermissionRemoveUserApi(RetrieveUpdateAPIView):
users
=
serializer
.
validated_data
.
get
(
'users'
)
if
users
:
perm
.
users
.
remove
(
*
tuple
(
users
))
perm
.
save
()
return
Response
({
"msg"
:
"ok"
})
else
:
return
Response
({
"error"
:
serializer
.
errors
})
...
...
@@ -197,6 +198,7 @@ class AssetPermissionAddUserApi(RetrieveUpdateAPIView):
users
=
serializer
.
validated_data
.
get
(
'users'
)
if
users
:
perm
.
users
.
add
(
*
tuple
(
users
))
perm
.
save
()
return
Response
({
"msg"
:
"ok"
})
else
:
return
Response
({
"error"
:
serializer
.
errors
})
...
...
@@ -217,6 +219,7 @@ class AssetPermissionRemoveAssetApi(RetrieveUpdateAPIView):
assets
=
serializer
.
validated_data
.
get
(
'assets'
)
if
assets
:
perm
.
assets
.
remove
(
*
tuple
(
assets
))
perm
.
save
()
return
Response
({
"msg"
:
"ok"
})
else
:
return
Response
({
"error"
:
serializer
.
errors
})
...
...
@@ -234,6 +237,7 @@ class AssetPermissionAddAssetApi(RetrieveUpdateAPIView):
assets
=
serializer
.
validated_data
.
get
(
'assets'
)
if
assets
:
perm
.
assets
.
add
(
*
tuple
(
assets
))
perm
.
save
()
return
Response
({
"msg"
:
"ok"
})
else
:
return
Response
({
"error"
:
serializer
.
errors
})
...
...
apps/perms/api/user_permission/common.py
View file @
847e37e6
...
...
@@ -51,8 +51,7 @@ class GetUserAssetPermissionActionsApi(UserAssetPermissionMixin,
asset
=
get_object_or_404
(
Asset
,
id
=
asset_id
)
system_user
=
get_object_or_404
(
SystemUser
,
id
=
system_id
)
system_users_actions
=
self
.
util
.
get_asset_system_users_with_actions
(
asset
)
system_users_actions
=
self
.
util
.
get_asset_system_users_with_actions
(
asset
)
actions
=
system_users_actions
.
get
(
system_user
)
return
{
"actions"
:
actions
}
...
...
@@ -103,8 +102,7 @@ class UserGrantedAssetSystemUsersApi(UserAssetPermissionMixin, ListAPIView):
def
get_queryset
(
self
):
asset_id
=
self
.
kwargs
.
get
(
'asset_id'
)
asset
=
get_object_or_404
(
Asset
,
id
=
asset_id
)
system_users_with_actions
=
self
.
util
.
get_asset_system_users_with_actions
(
asset
)
system_users_with_actions
=
self
.
util
.
get_asset_system_users_with_actions
(
asset
)
system_users
=
[]
for
system_user
,
actions
in
system_users_with_actions
.
items
():
system_user
.
actions
=
actions
...
...
apps/perms/api/user_permission/mixin.py
View file @
847e37e6
# -*- coding: utf-8 -*-
#
from
common.utils
import
lazyproperty
from
common.tree
import
TreeNodeSerializer
from
..mixin
import
UserPermissionMixin
from
...utils
import
AssetPermissionUtilV2
,
ParserNode
from
...hands
import
Node
,
Asset
from
common.tree
import
TreeNodeSerializer
class
UserAssetPermissionMixin
(
UserPermissionMixin
):
util
=
None
tree
=
None
def
initial
(
self
,
*
args
,
**
kwargs
):
super
()
.
initial
(
*
args
,
*
kwargs
)
@lazyproperty
def
util
(
self
):
cache_policy
=
self
.
request
.
query_params
.
get
(
'cache_policy'
,
'0'
)
system_user_id
=
self
.
request
.
query_params
.
get
(
"system_user"
)
self
.
util
=
AssetPermissionUtilV2
(
self
.
obj
,
cache_policy
=
cache_policy
)
util
=
AssetPermissionUtilV2
(
self
.
obj
,
cache_policy
=
cache_policy
)
if
system_user_id
:
self
.
util
.
filter_permissions
(
system_users
=
system_user_id
)
self
.
tree
=
self
.
util
.
get_user_tree
()
util
.
filter_permissions
(
system_users
=
system_user_id
)
return
util
@lazyproperty
def
tree
(
self
):
return
self
.
util
.
get_user_tree
()
class
UserNodeTreeMixin
:
...
...
apps/perms/signals_handler.py
View file @
847e37e6
...
...
@@ -19,18 +19,6 @@ permission_m2m_senders = (
)
@on_transaction_commit
def
on_permission_m2m_change
(
sender
,
action
=
''
,
**
kwargs
):
if
not
action
.
startswith
(
'post'
):
return
logger
.
debug
(
'Asset permission m2m changed, refresh user tree cache'
)
AssetPermissionUtilV2
.
expire_all_user_tree_cache
()
for
sender
in
permission_m2m_senders
:
m2m_changed
.
connect
(
on_permission_m2m_change
,
sender
=
sender
)
@receiver
([
post_save
,
post_delete
],
sender
=
AssetPermission
)
@on_transaction_commit
def
on_permission_change
(
sender
,
action
=
''
,
**
kwargs
):
...
...
apps/perms/utils/asset_permission.py
View file @
847e37e6
# coding: utf-8
import
time
import
pickle
import
threading
from
collections
import
defaultdict
from
functools
import
reduce
from
hashlib
import
md5
...
...
@@ -12,7 +12,7 @@ from django.db.models import Q
from
django.conf
import
settings
from
orgs.utils
import
set_to_root_org
from
common.utils
import
get_logger
,
timeit
from
common.utils
import
get_logger
,
timeit
,
lazyproperty
from
common.tree
import
TreeNode
from
assets.utils
import
TreeService
from
..models
import
AssetPermission
...
...
@@ -131,18 +131,19 @@ class AssetPermissionUtilV2(AssetPermissionUtilCacheMixin):
self
.
cache_policy
=
cache_policy
self
.
obj_id
=
str
(
obj
.
id
)
if
obj
else
None
self
.
_permissions
=
None
self
.
_permissions_id
=
None
# 标记_permission的唯一值
self
.
_filter_id
=
'None'
# 当通过filter更改 permission是标记
self
.
change_org_if_need
()
self
.
_user_tree
=
None
self
.
_user_tree_filter_id
=
'None'
self
.
full_tree
=
Node
.
tree
()
self
.
mutex
=
threading
.
Lock
()
@staticmethod
def
change_org_if_need
():
set_to_root_org
()
@lazyproperty
def
full_tree
(
self
):
return
Node
.
tree
()
@property
def
permissions
(
self
):
if
self
.
_permissions
:
...
...
@@ -161,7 +162,7 @@ class AssetPermissionUtilV2(AssetPermissionUtilCacheMixin):
self
.
_permissions
=
self
.
permissions
.
filter
(
**
filters
)
self
.
_filter_id
=
md5
(
filters_json
.
encode
())
.
hexdigest
()
@property
@
lazy
property
def
user_tree
(
self
):
return
self
.
get_user_tree
()
...
...
@@ -305,27 +306,26 @@ class AssetPermissionUtilV2(AssetPermissionUtilCacheMixin):
@timeit
def
get_user_tree
(
self
):
# 使用锁,保证多次获取tree的时候顺序执行,可以使用缓存
with
self
.
mutex
:
user_tree
=
self
.
get_user_tree_from_local
()
if
user_tree
:
return
user_tree
user_tree
=
self
.
get_user_tree_from_cache_if_need
()
if
user_tree
:
self
.
set_user_tree_to_local
(
user_tree
)
return
user_tree
user_tree
=
TreeService
()
full_tree_root
=
self
.
full_tree
.
root_node
()
user_tree
.
create_node
(
tag
=
full_tree_root
.
tag
,
identifier
=
full_tree_root
.
identifier
)
self
.
add_direct_nodes_to_user_tree
(
user_tree
)
self
.
add_single_assets_node_to_user_tree
(
user_tree
)
self
.
parse_user_tree_to_full_tree
(
user_tree
)
self
.
add_empty_node_if_need
(
user_tree
)
self
.
set_user_tree_to_cache_if_need
(
user_tree
)
user_tree
=
self
.
get_user_tree_from_local
()
if
user_tree
:
return
user_tree
user_tree
=
self
.
get_user_tree_from_cache_if_need
()
if
user_tree
:
self
.
set_user_tree_to_local
(
user_tree
)
return
user_tree
user_tree
=
TreeService
()
full_tree_root
=
self
.
full_tree
.
root_node
()
user_tree
.
create_node
(
tag
=
full_tree_root
.
tag
,
identifier
=
full_tree_root
.
identifier
)
self
.
add_direct_nodes_to_user_tree
(
user_tree
)
self
.
add_single_assets_node_to_user_tree
(
user_tree
)
self
.
parse_user_tree_to_full_tree
(
user_tree
)
self
.
add_empty_node_if_need
(
user_tree
)
self
.
set_user_tree_to_cache_if_need
(
user_tree
)
self
.
set_user_tree_to_local
(
user_tree
)
return
user_tree
# Todo: 是否可以获取多个资产的系统用户
def
get_asset_system_users_with_actions
(
self
,
asset
):
...
...
apps/users/templates/users/_granted_assets.html
View file @
847e37e6
...
...
@@ -72,16 +72,10 @@ function initTable() {
$
(
td
).
html
(
cellData
);
}},
{
targets
:
3
,
createdCell
:
function
(
td
,
cellData
)
{
function
success
(
systemUsers
)
{
var
users
=
[];
$
.
each
(
systemUsers
,
function
(
id
,
data
)
{
var
name
=
htmlEscape
(
data
.
name
);
users
.
push
(
name
);
});
$
(
td
).
html
(
users
.
join
(
','
))
}
$
(
td
).
html
(
"{% trans 'Loading' %}"
);
getGrantedAssetSystemUsers
(
cellData
,
success
)
var
innerHtml
=
'<a class="btn-show-system-users" data-aid="99999999"> {% trans "Show" %} </a>'
.
replace
(
'99999999'
,
cellData
);
$
(
td
).
html
(
innerHtml
);
}},
],
ajax_url
:
assetTableUrl
,
...
...
@@ -185,5 +179,19 @@ $(document).ready(function () {
var
val
=
$
(
this
).
text
();
$
(
"#user_assets_table_filter input"
).
val
(
val
);
assetTable
.
search
(
val
).
draw
();
})
}).
on
(
'click'
,
'.btn-show-system-users'
,
function
()
{
var
$this
=
$
(
this
);
var
assetId
=
$this
.
data
(
'aid'
);
function
success
(
systemUsers
)
{
var
users
=
[];
$
.
each
(
systemUsers
,
function
(
id
,
data
)
{
var
name
=
htmlEscape
(
data
.
name
);
users
.
push
(
name
);
});
$this
.
parent
().
html
(
users
.
join
(
','
))
}
getGrantedAssetSystemUsers
(
assetId
,
success
)
})
</script>
apps/users/templates/users/user_granted_asset.html
View file @
847e37e6
...
...
@@ -33,9 +33,9 @@
{% block custom_foot_js %}
<script>
var
assetTableUrl
=
"{% url 'api-perms:user-assets' pk=object.id %}?cache_policy=1"
;
var
selectUrl
=
'{% url "api-perms:user-node-assets" pk=object.id node_id=DEFAULT_PK %}?all=1'
;
var
selectUrl
=
'{% url "api-perms:user-node-assets" pk=object.id node_id=DEFAULT_PK %}?
cache_policy=1&
all=1'
;
var
treeUrl
=
"{% url 'api-perms:user-nodes-children-as-tree' pk=object.id %}?cache_policy=1"
;
var
systemUsersUrl
=
"{% url 'api-perms:user-asset-system-users' pk=object.id asset_id=DEFAULT_PK %}"
;
var
systemUsersUrl
=
"{% url 'api-perms:user-asset-system-users' pk=object.id asset_id=DEFAULT_PK %}
?cache_policy=1
"
;
$
(
document
).
ready
(
function
()
{
initTree
();
...
...
apps/users/templates/users/user_group_granted_asset.html
View file @
847e37e6
...
...
@@ -34,9 +34,9 @@
{% block custom_foot_js %}
<script>
var
assetTableUrl
=
"{% url 'api-perms:user-group-assets' pk=object.id %}?cache_policy=1"
;
var
selectUrl
=
'{% url "api-perms:user-group-node-assets" pk=object.id node_id=DEFAULT_PK %}?all=1'
;
var
selectUrl
=
'{% url "api-perms:user-group-node-assets" pk=object.id node_id=DEFAULT_PK %}?
&cache_policy=1&
all=1'
;
var
treeUrl
=
"{% url 'api-perms:user-group-nodes-children-as-tree' pk=object.id %}?cache_policy=1"
;
var
systemUsersUrl
=
"{% url 'api-perms:user-group-asset-system-users' pk=object.id asset_id=DEFAULT_PK %}"
;
var
systemUsersUrl
=
"{% url 'api-perms:user-group-asset-system-users' pk=object.id asset_id=DEFAULT_PK %}
?cache_policy=1
"
;
var
showAssetHref
=
true
;
// Need input default true
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment