Skip to content
Projects
Groups
Snippets
Help
Loading...
Sign in
Toggle navigation
J
jumpserver
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
ops
jumpserver
Commits
ae690050
Commit
ae690050
authored
Jul 01, 2019
by
ibuler
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Stash
parent
8f699fa3
Expand all
Hide whitespace changes
Inline
Side-by-side
Showing
12 changed files
with
67 additions
and
82 deletions
+67
-82
system_user.py
apps/assets/serializers/system_user.py
+1
-6
utils.py
apps/assets/utils.py
+17
-9
asset_permission.py
apps/perms/api/asset_permission.py
+2
-1
user_permission.py
apps/perms/api/user_permission.py
+7
-2
asset_permission.py
apps/perms/forms/asset_permission.py
+2
-2
0006_auto_20190628_1921.py
apps/perms/migrations/0006_auto_20190628_1921.py
+1
-1
0007_remove_assetpermission_actions.py
apps/perms/migrations/0007_remove_assetpermission_actions.py
+5
-0
asset_permission.py
apps/perms/models/asset_permission.py
+27
-20
asset_permission.py
apps/perms/serializers/asset_permission.py
+2
-2
asset_permission_list.html
apps/perms/templates/perms/asset_permission_list.html
+3
-3
asset_permission.py
apps/perms/utils/asset_permission.py
+0
-0
test_asset_permission.py
apps/perms/utils/test_asset_permission.py
+0
-36
No files found.
apps/assets/serializers/system_user.py
View file @
ae690050
...
@@ -50,19 +50,14 @@ class AssetSystemUserSerializer(serializers.ModelSerializer):
...
@@ -50,19 +50,14 @@ class AssetSystemUserSerializer(serializers.ModelSerializer):
"""
"""
查看授权的资产系统用户的数据结构,这个和AssetSerializer不同,字段少
查看授权的资产系统用户的数据结构,这个和AssetSerializer不同,字段少
"""
"""
actions
=
serializers
.
SerializerMethodField
()
class
Meta
:
class
Meta
:
model
=
SystemUser
model
=
SystemUser
fields
=
(
fields
=
(
'id'
,
'name'
,
'username'
,
'priority'
,
'id'
,
'name'
,
'username'
,
'priority'
,
'protocol'
,
'comment'
,
'login_mode'
,
'actions'
,
'protocol'
,
'comment'
,
'login_mode'
,
)
)
@staticmethod
def
get_actions
(
obj
):
return
[
action
.
name
for
action
in
obj
.
actions
]
class
SystemUserSimpleSerializer
(
serializers
.
ModelSerializer
):
class
SystemUserSimpleSerializer
(
serializers
.
ModelSerializer
):
"""
"""
...
...
apps/assets/utils.py
View file @
ae690050
...
@@ -54,17 +54,19 @@ class NodeUtil:
...
@@ -54,17 +54,19 @@ class NodeUtil:
def
sorted_by
(
node
):
def
sorted_by
(
node
):
return
[
int
(
i
)
for
i
in
node
.
key
.
split
(
':'
)]
return
[
int
(
i
)
for
i
in
node
.
key
.
split
(
':'
)]
def
get_
all_nodes
(
self
):
def
get_
queryset
(
self
):
all_nodes
=
Node
.
objects
.
all
()
all_nodes
=
Node
.
objects
.
all
()
if
self
.
with_assets_amount
:
if
self
.
with_assets_amount
:
now
=
time
.
time
()
all_nodes
=
all_nodes
.
prefetch_related
(
all_nodes
=
all_nodes
.
prefetch_related
(
Prefetch
(
'assets'
,
queryset
=
Asset
.
objects
.
all
()
.
only
(
'id'
))
Prefetch
(
'assets'
,
queryset
=
Asset
.
objects
.
all
()
.
only
(
'id'
))
)
)
all_nodes
=
list
(
all_nodes
)
all_nodes
=
list
(
all_nodes
)
for
node
in
all_nodes
:
for
node
in
all_nodes
:
node
.
_assets
=
set
(
node
.
assets
.
all
())
node
.
_assets
=
set
(
node
.
assets
.
all
())
all_nodes
=
sorted
(
all_nodes
,
key
=
self
.
sorted_by
)
return
all_nodes
def
get_all_nodes
(
self
):
all_nodes
=
sorted
(
self
.
get_queryset
(),
key
=
self
.
sorted_by
)
guarder
=
Node
(
key
=
''
,
value
=
'Guarder'
)
guarder
=
Node
(
key
=
''
,
value
=
'Guarder'
)
guarder
.
_assets
=
[]
guarder
.
_assets
=
[]
...
@@ -119,11 +121,11 @@ class NodeUtil:
...
@@ -119,11 +121,11 @@ class NodeUtil:
def
get_nodes_by_queryset
(
self
,
queryset
):
def
get_nodes_by_queryset
(
self
,
queryset
):
nodes
=
[]
nodes
=
[]
for
n
in
queryset
:
for
n
in
queryset
:
node
=
self
.
_nodes
.
get
(
n
.
key
)
node
=
self
.
get_node_by_key
(
n
.
key
)
if
not
node
:
if
not
node
:
continue
continue
nodes
.
append
(
node
s
)
nodes
.
append
(
node
)
return
[
self
]
return
nodes
def
get_node_by_key
(
self
,
key
):
def
get_node_by_key
(
self
,
key
):
return
self
.
_nodes
.
get
(
key
)
return
self
.
_nodes
.
get
(
key
)
...
@@ -156,11 +158,17 @@ class NodeUtil:
...
@@ -156,11 +158,17 @@ class NodeUtil:
tree_nodes
.
add
(
node
)
tree_nodes
.
add
(
node
)
if
with_children
:
if
with_children
:
tree_nodes
.
update
(
node
.
_children
)
tree_nodes
.
update
(
node
.
_children
)
for
n
in
tree_nodes
:
delattr
(
n
,
'_children'
)
delattr
(
n
,
'_parents'
)
return
list
(
tree_nodes
)
return
list
(
tree_nodes
)
def
get_nodes_parents
(
self
,
nodes
,
with_self
=
True
):
parents
=
set
()
for
n
in
nodes
:
node
=
self
.
get_node_by_key
(
n
.
key
)
parents
.
update
(
set
(
node
.
_parents
))
if
with_self
:
parents
.
add
(
node
)
return
parents
def
test_node_tree
():
def
test_node_tree
():
tree
=
NodeUtil
()
tree
=
NodeUtil
()
...
...
apps/perms/api/asset_permission.py
View file @
ae690050
...
@@ -35,7 +35,8 @@ class AssetPermissionViewSet(viewsets.ModelViewSet):
...
@@ -35,7 +35,8 @@ class AssetPermissionViewSet(viewsets.ModelViewSet):
permission_classes
=
(
IsOrgAdmin
,)
permission_classes
=
(
IsOrgAdmin
,)
def
get_serializer_class
(
self
):
def
get_serializer_class
(
self
):
if
self
.
action
in
(
"list"
,
'retrieve'
):
if
self
.
action
in
(
"list"
,
'retrieve'
)
and
\
self
.
request
.
query_params
.
get
(
"display"
):
return
serializers
.
AssetPermissionListSerializer
return
serializers
.
AssetPermissionListSerializer
return
self
.
serializer_class
return
self
.
serializer_class
...
...
apps/perms/api/user_permission.py
View file @
ae690050
# -*- coding: utf-8 -*-
# -*- coding: utf-8 -*-
#
#
import
time
from
hashlib
import
md5
from
hashlib
import
md5
from
django.core.cache
import
cache
from
django.core.cache
import
cache
from
django.conf
import
settings
from
django.conf
import
settings
...
@@ -261,14 +261,19 @@ class UserGrantedNodesWithAssetsAsTreeApi(UserPermissionCacheMixin, ListAPIView)
...
@@ -261,14 +261,19 @@ class UserGrantedNodesWithAssetsAsTreeApi(UserPermissionCacheMixin, ListAPIView)
nodes
=
util
.
get_nodes_with_assets
()
nodes
=
util
.
get_nodes_with_assets
()
print
(
"22222222222222"
)
print
(
"22222222222222"
)
for
node
,
assets
in
nodes
.
items
():
for
node
,
assets
in
nodes
.
items
():
now
=
time
.
time
()
print
(
"Parse to node"
)
data
=
parse_node_to_tree_node
(
node
)
data
=
parse_node_to_tree_node
(
node
)
print
(
"parse to node end, using: {0:.2f}"
.
format
(
time
.
time
()
-
now
))
queryset
.
append
(
data
)
queryset
.
append
(
data
)
if
not
self
.
show_assets
:
if
not
self
.
show_assets
:
continue
continue
for
asset
,
system_users
in
assets
.
items
():
for
asset
,
system_users
in
assets
.
items
():
now1
=
time
.
time
()
print
(
"parse to asset"
)
data
=
parse_asset_to_tree_node
(
node
,
asset
,
system_users
)
data
=
parse_asset_to_tree_node
(
node
,
asset
,
system_users
)
print
(
"parse to asset end, using: {0:.2f}"
.
format
(
time
.
time
()
-
now1
))
queryset
.
append
(
data
)
queryset
.
append
(
data
)
queryset
=
sorted
(
queryset
)
return
queryset
return
queryset
...
...
apps/perms/forms/asset_permission.py
View file @
ae690050
...
@@ -74,13 +74,13 @@ class AssetPermissionForm(OrgModelForm):
...
@@ -74,13 +74,13 @@ class AssetPermissionForm(OrgModelForm):
'system_users'
:
forms
.
SelectMultiple
(
'system_users'
:
forms
.
SelectMultiple
(
attrs
=
{
'class'
:
'select2'
,
'data-placeholder'
:
_
(
'System user'
)}
attrs
=
{
'class'
:
'select2'
,
'data-placeholder'
:
_
(
'System user'
)}
),
),
'action'
:
forms
.
CheckboxSelectMultiple
()
'action
s
'
:
forms
.
CheckboxSelectMultiple
()
}
}
labels
=
{
labels
=
{
'nodes'
:
_
(
"Node"
),
'nodes'
:
_
(
"Node"
),
}
}
help_texts
=
{
help_texts
=
{
'action'
:
_
(
'Tips: The RDP protocol does not support separate '
'action
s
'
:
_
(
'Tips: The RDP protocol does not support separate '
'controls for uploading or downloading files'
)
'controls for uploading or downloading files'
)
}
}
...
...
apps/perms/migrations/0006_auto_20190628_1921.py
View file @
ae690050
...
@@ -36,7 +36,7 @@ class Migration(migrations.Migration):
...
@@ -36,7 +36,7 @@ class Migration(migrations.Migration):
migrations
.
AddField
(
migrations
.
AddField
(
model_name
=
'assetpermission'
,
model_name
=
'assetpermission'
,
name
=
'action'
,
name
=
'action'
,
field
=
models
.
IntegerField
(
choices
=
[(
255
,
'All'
),
(
1
,
'Connect'
),
(
2
,
'Upload file'
),
(
5
,
'Upload download'
),
(
4
,
'Download file'
)],
default
=
255
,
verbose_name
=
'Action
'
),
field
=
models
.
IntegerField
(
choices
=
[(
255
,
'All'
),
(
1
,
'Connect'
),
(
2
,
'Upload file'
),
(
4
,
'Download file'
),
(
6
,
'Upload download'
)],
default
=
255
,
verbose_name
=
'Actions
'
),
),
),
migrations
.
RunPython
(
migrate_old_actions
),
migrations
.
RunPython
(
migrate_old_actions
),
]
]
apps/perms/migrations/0007_remove_assetpermission_actions.py
View file @
ae690050
...
@@ -14,4 +14,9 @@ class Migration(migrations.Migration):
...
@@ -14,4 +14,9 @@ class Migration(migrations.Migration):
model_name
=
'assetpermission'
,
model_name
=
'assetpermission'
,
name
=
'actions'
,
name
=
'actions'
,
),
),
migrations
.
RenameField
(
model_name
=
'assetpermission'
,
old_name
=
'action'
,
new_name
=
'actions'
,
),
]
]
apps/perms/models/asset_permission.py
View file @
ae690050
...
@@ -39,39 +39,46 @@ class ActionFlag:
...
@@ -39,39 +39,46 @@ class ActionFlag:
UPLOAD
=
0
b00000010
UPLOAD
=
0
b00000010
DOWNLOAD
=
0
b00000100
DOWNLOAD
=
0
b00000100
UPDOWNLOAD
=
UPLOAD
|
DOWNLOAD
UPDOWNLOAD
=
UPLOAD
|
DOWNLOAD
CONNECT_UPLOADOWN
=
CONNECT
|
UPDOWNLOAD
ALL
=
0
b11111111
ALL
=
0
b11111111
NAME_MAP
=
{
"connect"
:
CONNECT
,
"upload"
:
UPLOAD
,
"download"
:
DOWNLOAD
,
"updownload"
:
UPDOWNLOAD
,
"all"
:
ALL
,
}
CHOICES
=
(
DB_
CHOICES
=
(
(
ALL
,
_
(
'All'
)),
(
ALL
,
_
(
'All'
)),
(
CONNECT
,
_
(
'Connect'
)),
(
CONNECT
,
_
(
'Connect'
)),
(
UPDOWNLOAD
,
_
(
"Upload download"
)),
(
UPLOAD
,
_
(
'Upload file'
)),
(
UPLOAD
,
_
(
'Upload file'
)),
(
DOWNLOAD
,
_
(
'Download file'
)),
(
DOWNLOAD
,
_
(
'Download file'
)),
(
UPDOWNLOAD
,
_
(
"Upload download"
)),
)
)
NAME_MAP
=
{
ALL
:
"all"
,
CONNECT
:
"connect"
,
UPLOAD
:
"upload_file"
,
DOWNLOAD
:
"download_file"
,
UPDOWNLOAD
:
"updownload"
,
}
NAME_MAP_REVERSE
=
dict
({
v
:
k
for
k
,
v
in
NAME_MAP
.
items
()})
CHOICES
=
[]
for
i
,
j
in
DB_CHOICES
:
CHOICES
.
append
((
NAME_MAP
[
i
],
j
))
@classmethod
@classmethod
def
value_to_choices
(
cls
,
value
):
def
value_to_choices
(
cls
,
value
):
value
=
int
(
value
)
value
=
int
(
value
)
if
value
==
cls
.
ALL
:
choices
=
[
cls
.
NAME_MAP
[
i
]
for
i
,
j
in
cls
.
DB_CHOICES
if
value
&
i
==
i
]
return
[
cls
.
ALL
]
return
choices
elif
value
==
cls
.
UPDOWNLOAD
:
return
[
cls
.
UPDOWNLOAD
]
elif
value
==
cls
.
CONNECT_UPLOADOWN
:
return
[
cls
.
CONNECT
,
cls
.
UPDOWNLOAD
]
else
:
return
[
i
for
i
in
dict
(
cls
.
CHOICES
)
if
i
==
i
&
int
(
value
)]
@classmethod
@classmethod
def
choices_to_value
(
cls
,
value
):
def
choices_to_value
(
cls
,
value
):
return
reduce
(
lambda
x
,
y
:
int
(
x
)
|
int
(
y
),
value
)
def
to_choices
(
x
,
y
):
x
=
cls
.
NAME_MAP_REVERSE
.
get
(
x
,
0
)
y
=
cls
.
NAME_MAP_REVERSE
.
get
(
y
,
0
)
return
x
|
y
return
reduce
(
to_choices
,
value
)
@classmethod
def
choices
(
cls
):
return
[(
cls
.
NAME_MAP
[
i
],
j
)
for
i
,
j
in
cls
.
DB_CHOICES
]
class
AssetPermission
(
BasePermission
):
class
AssetPermission
(
BasePermission
):
...
@@ -79,7 +86,7 @@ class AssetPermission(BasePermission):
...
@@ -79,7 +86,7 @@ class AssetPermission(BasePermission):
nodes
=
models
.
ManyToManyField
(
'assets.Node'
,
related_name
=
'granted_by_permissions'
,
blank
=
True
,
verbose_name
=
_
(
"Nodes"
))
nodes
=
models
.
ManyToManyField
(
'assets.Node'
,
related_name
=
'granted_by_permissions'
,
blank
=
True
,
verbose_name
=
_
(
"Nodes"
))
system_users
=
models
.
ManyToManyField
(
'assets.SystemUser'
,
related_name
=
'granted_by_permissions'
,
verbose_name
=
_
(
"System user"
))
system_users
=
models
.
ManyToManyField
(
'assets.SystemUser'
,
related_name
=
'granted_by_permissions'
,
verbose_name
=
_
(
"System user"
))
# actions = models.ManyToManyField(Action, related_name='permissions', blank=True, verbose_name=_('Action'))
# actions = models.ManyToManyField(Action, related_name='permissions', blank=True, verbose_name=_('Action'))
action
=
models
.
IntegerField
(
choices
=
ActionFlag
.
CHOICES
,
default
=
ActionFlag
.
ALL
,
verbose_name
=
_
(
"Action
"
))
action
s
=
models
.
IntegerField
(
choices
=
ActionFlag
.
DB_CHOICES
,
default
=
ActionFlag
.
ALL
,
verbose_name
=
_
(
"Actions
"
))
class
Meta
:
class
Meta
:
unique_together
=
[(
'org_id'
,
'name'
)]
unique_together
=
[(
'org_id'
,
'name'
)]
...
...
apps/perms/serializers/asset_permission.py
View file @
ae690050
...
@@ -38,7 +38,7 @@ class ActionDisplayField(ActionField):
...
@@ -38,7 +38,7 @@ class ActionDisplayField(ActionField):
class
AssetPermissionCreateUpdateSerializer
(
BulkOrgResourceModelSerializer
):
class
AssetPermissionCreateUpdateSerializer
(
BulkOrgResourceModelSerializer
):
action
=
ActionField
()
action
s
=
ActionField
()
class
Meta
:
class
Meta
:
model
=
AssetPermission
model
=
AssetPermission
...
@@ -51,7 +51,7 @@ class AssetPermissionListSerializer(BulkOrgResourceModelSerializer):
...
@@ -51,7 +51,7 @@ class AssetPermissionListSerializer(BulkOrgResourceModelSerializer):
assets
=
StringManyToManyField
(
many
=
True
,
read_only
=
True
)
assets
=
StringManyToManyField
(
many
=
True
,
read_only
=
True
)
nodes
=
StringManyToManyField
(
many
=
True
,
read_only
=
True
)
nodes
=
StringManyToManyField
(
many
=
True
,
read_only
=
True
)
system_users
=
StringManyToManyField
(
many
=
True
,
read_only
=
True
)
system_users
=
StringManyToManyField
(
many
=
True
,
read_only
=
True
)
action
=
ActionDisplayField
()
action
s
=
ActionDisplayField
()
is_valid
=
serializers
.
BooleanField
()
is_valid
=
serializers
.
BooleanField
()
is_expired
=
serializers
.
BooleanField
()
is_expired
=
serializers
.
BooleanField
()
...
...
apps/perms/templates/perms/asset_permission_list.html
View file @
ae690050
...
@@ -122,8 +122,8 @@ function format(d) {
...
@@ -122,8 +122,8 @@ function format(d) {
if
(
d
.
system_users
.
length
>
0
)
{
if
(
d
.
system_users
.
length
>
0
)
{
data
+=
makeLabel
([
"{% trans 'System user' %}"
,
d
.
system_users
.
join
(
", "
)])
data
+=
makeLabel
([
"{% trans 'System user' %}"
,
d
.
system_users
.
join
(
", "
)])
}
}
if
(
d
.
action
.
length
>
0
)
{
if
(
d
.
action
s
.
length
>
0
)
{
data
+=
makeLabel
([
"{% trans 'Action' %}"
,
d
.
action
.
join
(
", "
)])
data
+=
makeLabel
([
"{% trans 'Action' %}"
,
d
.
action
s
.
join
(
", "
)])
}
}
return
data
return
data
}
}
...
@@ -180,7 +180,7 @@ function initTable() {
...
@@ -180,7 +180,7 @@ function initTable() {
$
(
td
).
html
(
update_btn
+
del_btn
);
$
(
td
).
html
(
update_btn
+
del_btn
);
}}
}}
],
],
ajax_url
:
'{% url "api-perms:asset-permission-list" %}'
,
ajax_url
:
'{% url "api-perms:asset-permission-list" %}
?display=1
'
,
columns
:
[
columns
:
[
{
data
:
"id"
},
{
data
:
"name"
},
{
data
:
"users"
},
{
data
:
"id"
},
{
data
:
"name"
},
{
data
:
"users"
},
{
data
:
"user_groups"
},
{
data
:
"assets"
},
{
data
:
"user_groups"
},
{
data
:
"assets"
},
...
...
apps/perms/utils/asset_permission.py
View file @
ae690050
This diff is collapsed.
Click to expand it.
apps/perms/utils/test_asset_permission.py
deleted
100644 → 0
View file @
8f699fa3
# -*- coding: utf-8 -*-
#
from
django.test
import
TestCase
from
assets.models
import
Node
,
SystemUser
from
.asset_permission
import
FlatPermission
from
..models
import
ActionFlag
class
TestFlatPermissionEqual
(
TestCase
):
def
setUp
(
self
):
node1
=
Node
(
value
=
"parent"
,
key
=
"1:1"
)
node2
=
Node
(
value
=
"child"
,
key
=
"1:1:1"
)
system_user1
=
SystemUser
(
username
=
"name1"
,
name
=
"name1"
,
priority
=
20
)
system_user2
=
SystemUser
(
username
=
"name2"
,
name
=
"name2"
,
priority
=
10
)
action1
=
ActionFlag
.
ALL
action2
=
ActionFlag
.
CONNECT
action3
=
ActionFlag
.
UPDOWNLOAD
perm1
=
FlatPermission
(
node1
,
system_user1
,
action1
)
perm2
=
FlatPermission
(
node2
,
system_user1
,
action1
)
perm3
=
FlatPermission
(
node2
,
system_user2
,
action1
)
self
.
groups
=
(
(
perm1
,
perm2
,
True
),
(
perm1
,
perm3
,
True
),
)
def
test_equal
(
self
):
for
k
,
k2
,
wanted
in
self
.
groups
:
if
(
k
==
k2
)
!=
wanted
:
print
(
"Not equal {} {}"
,
k
,
k2
)
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment