[Update] 操作日志添加新的Record Model；用户登录日志采用同步机制；修改DatabaseAppAPI权限（加入AppUser）； (#3570)

* [Update] 操作日志 Model Need Record 添加RemoteApp、DatabaseApp、DatabaseAppPermission

* [Update] 用户登录日志，采用同步机制

* [Update] 修改DatabaseApp API权限OrgAdmin和AppUser

apps/applications/api/database_app.py

@@ -2,11 +2,10 @@
 # 
 
 from orgs.mixins.api import OrgBulkModelViewSet
-from orgs.mixins import generics
 
 from .. import models
 from .. import serializers
-from ..hands import IsOrgAdmin, IsAppUser
+from ..hands import IsOrgAdminOrAppUser
 
 __all__ = [
     'DatabaseAppViewSet',
@@ -17,5 +16,5 @@ class DatabaseAppViewSet(OrgBulkModelViewSet):
     model = models.DatabaseApp
     filter_fields = ('name',)
     search_fields = filter_fields
-    permission_classes = (IsOrgAdmin,)
+    permission_classes = (IsOrgAdminOrAppUser,)
     serializer_class = serializers.DatabaseAppSerializer

apps/audits/signals_handler.py

@@ -15,8 +15,8 @@ from users.signals import post_user_change_password
 from authentication.signals import post_auth_failed, post_auth_success
 from terminal.models import Session, Command
 from common.utils.encode import model_to_json
+from .utils import write_login_log
 from . import models
-from .tasks import write_login_log_async
 
 logger = get_logger(__name__)
 sys_logger = get_syslogger(__name__)
@@ -27,7 +27,8 @@ MODELS_NEED_RECORD = (
     'User', 'UserGroup', 'Asset', 'Node', 'AdminUser', 'SystemUser',
     'Domain', 'Gateway', 'Organization', 'AssetPermission', 'CommandFilter',
     'CommandFilterRule', 'License', 'Setting', 'Account', 'SyncInstanceTask',
-    'Platform', 'RemoteAppPermission', 'ChangeAuthPlan', 'GatherUserTask',
+    'Platform', 'ChangeAuthPlan', 'GatherUserTask',
+    'RemoteApp', 'RemoteAppPermission', 'DatabaseApp', 'DatabaseAppPermission',
 )
 
 
@@ -133,7 +134,7 @@ def on_user_auth_success(sender, user, request, **kwargs):
     logger.debug('User login success: {}'.format(user.username))
     data = generate_data(user.username, request)
     data.update({'mfa': int(user.mfa_enabled), 'status': True})
-    write_login_log_async.delay(**data)
+    write_login_log(**data)
 
 
 @receiver(post_auth_failed)
@@ -141,4 +142,4 @@ def on_user_auth_failed(sender, username, request, reason, **kwargs):
     logger.debug('User login failed: {}'.format(username))
     data = generate_data(username, request)
     data.update({'reason': reason, 'status': False})
-    write_login_log_async.delay(**data)
+    write_login_log(**data)

apps/audits/tasks.py

@@ -7,7 +7,6 @@ from celery import shared_task
 
 from ops.celery.decorator import register_as_period_task
 from .models import UserLoginLog, OperateLog
-from .utils import write_login_log
 
 
 @register_as_period_task(interval=3600*24)
@@ -32,8 +31,3 @@ def clean_operation_log_period():
         days = 90
     expired_day = now - datetime.timedelta(days=days)
     OperateLog.objects.filter(datetime__lt=expired_day).delete()
-
-
-@shared_task
-def write_login_log_async(*args, **kwargs):
-    write_login_log(*args, **kwargs)

apps/users/hands.py

@@ -11,7 +11,6 @@
 """
 
 # from terminal.models import Terminal
-# from audits.tasks import write_login_log_async
 # from users.models import User
 # from perms.models import AssetPermission
 # from perms.utils import get_user_granted_assets, get_user_granted_asset_groups