Skip to content
Projects
Groups
Snippets
Help
Loading...
Sign in
Toggle navigation
J
jumpserver
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
ops
jumpserver
Commits
c816875f
Unverified
Commit
c816875f
authored
Jul 23, 2018
by
老广
Committed by
GitHub
Jul 23, 2018
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
[Update] 修改permission (#1574)
parent
2208d6d5
Hide whitespace changes
Inline
Side-by-side
Showing
20 changed files
with
93 additions
and
156 deletions
+93
-156
admin_user.py
apps/assets/api/admin_user.py
+5
-5
asset.py
apps/assets/api/asset.py
+6
-6
domain.py
apps/assets/api/domain.py
+6
-6
label.py
apps/assets/api/label.py
+2
-2
node.py
apps/assets/api/node.py
+11
-11
system_user.py
apps/assets/api/system_user.py
+6
-5
hands.py
apps/assets/hands.py
+1
-1
api.py
apps/audits/api.py
+2
-2
api.py
apps/common/api.py
+3
-3
mixins.py
apps/common/mixins.py
+0
-1
permissions.py
apps/common/permissions.py
+9
-9
views.py
apps/common/views.py
+2
-4
settings.py
apps/jumpserver/settings.py
+1
-1
api.py
apps/ops/api.py
+6
-6
hands.py
apps/ops/hands.py
+0
-3
api.py
apps/perms/api.py
+15
-15
api.py
apps/terminal/api.py
+10
-10
hands.py
apps/terminal/hands.py
+0
-4
api.py
apps/users/api.py
+8
-10
permissions.py
apps/users/permissions.py
+0
-52
No files found.
apps/assets/api/admin_user.py
View file @
c816875f
...
@@ -20,7 +20,7 @@ from rest_framework_bulk import BulkModelViewSet
...
@@ -20,7 +20,7 @@ from rest_framework_bulk import BulkModelViewSet
from
common.mixins
import
IDInFilterMixin
from
common.mixins
import
IDInFilterMixin
from
common.utils
import
get_logger
from
common.utils
import
get_logger
from
..hands
import
Is
SuperUser
from
..hands
import
Is
OrgAdmin
from
..models
import
AdminUser
,
Asset
from
..models
import
AdminUser
,
Asset
from
..
import
serializers
from
..
import
serializers
from
..tasks
import
test_admin_user_connectability_manual
from
..tasks
import
test_admin_user_connectability_manual
...
@@ -39,19 +39,19 @@ class AdminUserViewSet(IDInFilterMixin, BulkModelViewSet):
...
@@ -39,19 +39,19 @@ class AdminUserViewSet(IDInFilterMixin, BulkModelViewSet):
"""
"""
queryset
=
AdminUser
.
objects
.
all
()
queryset
=
AdminUser
.
objects
.
all
()
serializer_class
=
serializers
.
AdminUserSerializer
serializer_class
=
serializers
.
AdminUserSerializer
permission_classes
=
(
Is
SuperUser
,)
permission_classes
=
(
Is
OrgAdmin
,)
class
AdminUserAuthApi
(
generics
.
UpdateAPIView
):
class
AdminUserAuthApi
(
generics
.
UpdateAPIView
):
queryset
=
AdminUser
.
objects
.
all
()
queryset
=
AdminUser
.
objects
.
all
()
serializer_class
=
serializers
.
AdminUserAuthSerializer
serializer_class
=
serializers
.
AdminUserAuthSerializer
permission_classes
=
(
Is
SuperUser
,)
permission_classes
=
(
Is
OrgAdmin
,)
class
ReplaceNodesAdminUserApi
(
generics
.
UpdateAPIView
):
class
ReplaceNodesAdminUserApi
(
generics
.
UpdateAPIView
):
queryset
=
AdminUser
.
objects
.
all
()
queryset
=
AdminUser
.
objects
.
all
()
serializer_class
=
serializers
.
ReplaceNodeAdminUserSerializer
serializer_class
=
serializers
.
ReplaceNodeAdminUserSerializer
permission_classes
=
(
Is
SuperUser
,)
permission_classes
=
(
Is
OrgAdmin
,)
def
update
(
self
,
request
,
*
args
,
**
kwargs
):
def
update
(
self
,
request
,
*
args
,
**
kwargs
):
admin_user
=
self
.
get_object
()
admin_user
=
self
.
get_object
()
...
@@ -75,7 +75,7 @@ class AdminUserTestConnectiveApi(generics.RetrieveAPIView):
...
@@ -75,7 +75,7 @@ class AdminUserTestConnectiveApi(generics.RetrieveAPIView):
Test asset admin user connectivity
Test asset admin user connectivity
"""
"""
queryset
=
AdminUser
.
objects
.
all
()
queryset
=
AdminUser
.
objects
.
all
()
permission_classes
=
(
Is
SuperUser
,)
permission_classes
=
(
Is
OrgAdmin
,)
def
retrieve
(
self
,
request
,
*
args
,
**
kwargs
):
def
retrieve
(
self
,
request
,
*
args
,
**
kwargs
):
admin_user
=
self
.
get_object
()
admin_user
=
self
.
get_object
()
...
...
apps/assets/api/asset.py
View file @
c816875f
...
@@ -13,7 +13,7 @@ from django.db.models import Q
...
@@ -13,7 +13,7 @@ from django.db.models import Q
from
common.mixins
import
IDInFilterMixin
from
common.mixins
import
IDInFilterMixin
from
common.utils
import
get_logger
from
common.utils
import
get_logger
from
..hands
import
IsSuperUser
,
IsValidUser
,
IsSuperUser
OrAppUser
from
common.permissions
import
IsOrgAdmin
,
IsAppUser
,
IsOrgAdmin
OrAppUser
from
..models
import
Asset
,
SystemUser
,
AdminUser
,
Node
from
..models
import
Asset
,
SystemUser
,
AdminUser
,
Node
from
..
import
serializers
from
..
import
serializers
from
..tasks
import
update_asset_hardware_info_manual
,
\
from
..tasks
import
update_asset_hardware_info_manual
,
\
...
@@ -39,7 +39,7 @@ class AssetViewSet(IDInFilterMixin, LabelFilter, BulkModelViewSet):
...
@@ -39,7 +39,7 @@ class AssetViewSet(IDInFilterMixin, LabelFilter, BulkModelViewSet):
queryset
=
Asset
.
objects
.
all
()
queryset
=
Asset
.
objects
.
all
()
serializer_class
=
serializers
.
AssetSerializer
serializer_class
=
serializers
.
AssetSerializer
pagination_class
=
LimitOffsetPagination
pagination_class
=
LimitOffsetPagination
permission_classes
=
(
Is
SuperUser
OrAppUser
,)
permission_classes
=
(
Is
OrgAdmin
OrAppUser
,)
def
get_queryset
(
self
):
def
get_queryset
(
self
):
queryset
=
super
()
.
get_queryset
()
\
queryset
=
super
()
.
get_queryset
()
\
...
@@ -79,7 +79,7 @@ class AssetListUpdateApi(IDInFilterMixin, ListBulkCreateUpdateDestroyAPIView):
...
@@ -79,7 +79,7 @@ class AssetListUpdateApi(IDInFilterMixin, ListBulkCreateUpdateDestroyAPIView):
"""
"""
queryset
=
Asset
.
objects
.
all
()
queryset
=
Asset
.
objects
.
all
()
serializer_class
=
serializers
.
AssetSerializer
serializer_class
=
serializers
.
AssetSerializer
permission_classes
=
(
Is
SuperUser
,)
permission_classes
=
(
Is
OrgAdmin
,)
class
AssetRefreshHardwareApi
(
generics
.
RetrieveAPIView
):
class
AssetRefreshHardwareApi
(
generics
.
RetrieveAPIView
):
...
@@ -88,7 +88,7 @@ class AssetRefreshHardwareApi(generics.RetrieveAPIView):
...
@@ -88,7 +88,7 @@ class AssetRefreshHardwareApi(generics.RetrieveAPIView):
"""
"""
queryset
=
Asset
.
objects
.
all
()
queryset
=
Asset
.
objects
.
all
()
serializer_class
=
serializers
.
AssetSerializer
serializer_class
=
serializers
.
AssetSerializer
permission_classes
=
(
Is
SuperUser
,)
permission_classes
=
(
Is
OrgAdmin
,)
def
retrieve
(
self
,
request
,
*
args
,
**
kwargs
):
def
retrieve
(
self
,
request
,
*
args
,
**
kwargs
):
asset_id
=
kwargs
.
get
(
'pk'
)
asset_id
=
kwargs
.
get
(
'pk'
)
...
@@ -102,7 +102,7 @@ class AssetAdminUserTestApi(generics.RetrieveAPIView):
...
@@ -102,7 +102,7 @@ class AssetAdminUserTestApi(generics.RetrieveAPIView):
Test asset admin user connectivity
Test asset admin user connectivity
"""
"""
queryset
=
Asset
.
objects
.
all
()
queryset
=
Asset
.
objects
.
all
()
permission_classes
=
(
Is
SuperUser
,)
permission_classes
=
(
Is
OrgAdmin
,)
def
retrieve
(
self
,
request
,
*
args
,
**
kwargs
):
def
retrieve
(
self
,
request
,
*
args
,
**
kwargs
):
asset_id
=
kwargs
.
get
(
'pk'
)
asset_id
=
kwargs
.
get
(
'pk'
)
...
@@ -113,7 +113,7 @@ class AssetAdminUserTestApi(generics.RetrieveAPIView):
...
@@ -113,7 +113,7 @@ class AssetAdminUserTestApi(generics.RetrieveAPIView):
class
AssetGatewayApi
(
generics
.
RetrieveAPIView
):
class
AssetGatewayApi
(
generics
.
RetrieveAPIView
):
queryset
=
Asset
.
objects
.
all
()
queryset
=
Asset
.
objects
.
all
()
permission_classes
=
(
Is
SuperUser
OrAppUser
,)
permission_classes
=
(
Is
OrgAdmin
OrAppUser
,)
def
retrieve
(
self
,
request
,
*
args
,
**
kwargs
):
def
retrieve
(
self
,
request
,
*
args
,
**
kwargs
):
asset_id
=
kwargs
.
get
(
'pk'
)
asset_id
=
kwargs
.
get
(
'pk'
)
...
...
apps/assets/api/domain.py
View file @
c816875f
...
@@ -2,12 +2,12 @@
...
@@ -2,12 +2,12 @@
from
rest_framework_bulk
import
BulkModelViewSet
from
rest_framework_bulk
import
BulkModelViewSet
from
rest_framework.views
import
APIView
,
Response
from
rest_framework.views
import
APIView
,
Response
from
rest_
framework.generics
import
RetrieveAPIView
from
rest_
condition
import
Or
from
django.views.generic.detail
import
SingleObjectMixin
from
django.views.generic.detail
import
SingleObjectMixin
from
common.utils
import
get_logger
from
common.utils
import
get_logger
from
..hands
import
IsSuperUser
,
IsSuperUserOr
AppUser
from
common.permissions
import
IsOrgAdmin
,
Is
AppUser
from
..models
import
Domain
,
Gateway
from
..models
import
Domain
,
Gateway
from
..utils
import
test_gateway_connectability
from
..utils
import
test_gateway_connectability
from
..
import
serializers
from
..
import
serializers
...
@@ -19,7 +19,7 @@ __all__ = ['DomainViewSet', 'GatewayViewSet', "GatewayTestConnectionApi"]
...
@@ -19,7 +19,7 @@ __all__ = ['DomainViewSet', 'GatewayViewSet', "GatewayTestConnectionApi"]
class
DomainViewSet
(
BulkModelViewSet
):
class
DomainViewSet
(
BulkModelViewSet
):
queryset
=
Domain
.
objects
.
all
()
queryset
=
Domain
.
objects
.
all
()
permission_classes
=
(
Is
SuperUser
,)
permission_classes
=
(
Is
OrgAdmin
,)
serializer_class
=
serializers
.
DomainSerializer
serializer_class
=
serializers
.
DomainSerializer
def
get_serializer_class
(
self
):
def
get_serializer_class
(
self
):
...
@@ -29,7 +29,7 @@ class DomainViewSet(BulkModelViewSet):
...
@@ -29,7 +29,7 @@ class DomainViewSet(BulkModelViewSet):
def
get_permissions
(
self
):
def
get_permissions
(
self
):
if
self
.
request
.
query_params
.
get
(
'gateway'
):
if
self
.
request
.
query_params
.
get
(
'gateway'
):
self
.
permission_classes
=
(
Is
SuperUser
OrAppUser
,)
self
.
permission_classes
=
(
Is
OrgAdmin
OrAppUser
,)
return
super
()
.
get_permissions
()
return
super
()
.
get_permissions
()
...
@@ -37,12 +37,12 @@ class GatewayViewSet(BulkModelViewSet):
...
@@ -37,12 +37,12 @@ class GatewayViewSet(BulkModelViewSet):
filter_fields
=
(
"domain"
,)
filter_fields
=
(
"domain"
,)
search_fields
=
filter_fields
search_fields
=
filter_fields
queryset
=
Gateway
.
objects
.
all
()
queryset
=
Gateway
.
objects
.
all
()
permission_classes
=
(
Is
SuperUser
,)
permission_classes
=
(
Is
OrgAdmin
,)
serializer_class
=
serializers
.
GatewaySerializer
serializer_class
=
serializers
.
GatewaySerializer
class
GatewayTestConnectionApi
(
SingleObjectMixin
,
APIView
):
class
GatewayTestConnectionApi
(
SingleObjectMixin
,
APIView
):
permission_classes
=
(
Is
SuperUser
,)
permission_classes
=
(
Is
OrgAdmin
,)
model
=
Gateway
model
=
Gateway
object
=
None
object
=
None
...
...
apps/assets/api/label.py
View file @
c816875f
...
@@ -17,7 +17,7 @@ from rest_framework_bulk import BulkModelViewSet
...
@@ -17,7 +17,7 @@ from rest_framework_bulk import BulkModelViewSet
from
django.db.models
import
Count
from
django.db.models
import
Count
from
common.utils
import
get_logger
from
common.utils
import
get_logger
from
..hands
import
Is
SuperUser
from
..hands
import
Is
OrgAdmin
from
..models
import
Label
from
..models
import
Label
from
..
import
serializers
from
..
import
serializers
...
@@ -28,7 +28,7 @@ __all__ = ['LabelViewSet']
...
@@ -28,7 +28,7 @@ __all__ = ['LabelViewSet']
class
LabelViewSet
(
BulkModelViewSet
):
class
LabelViewSet
(
BulkModelViewSet
):
queryset
=
Label
.
objects
.
annotate
(
asset_count
=
Count
(
"assets"
))
queryset
=
Label
.
objects
.
annotate
(
asset_count
=
Count
(
"assets"
))
permission_classes
=
(
Is
SuperUser
,)
permission_classes
=
(
Is
OrgAdmin
,)
serializer_class
=
serializers
.
LabelSerializer
serializer_class
=
serializers
.
LabelSerializer
def
list
(
self
,
request
,
*
args
,
**
kwargs
):
def
list
(
self
,
request
,
*
args
,
**
kwargs
):
...
...
apps/assets/api/node.py
View file @
c816875f
...
@@ -22,7 +22,7 @@ from django.utils.translation import ugettext_lazy as _
...
@@ -22,7 +22,7 @@ from django.utils.translation import ugettext_lazy as _
from
django.shortcuts
import
get_object_or_404
from
django.shortcuts
import
get_object_or_404
from
common.utils
import
get_logger
,
get_object_or_none
from
common.utils
import
get_logger
,
get_object_or_none
from
..hands
import
Is
SuperUser
from
..hands
import
Is
OrgAdmin
from
..models
import
Node
from
..models
import
Node
from
..tasks
import
update_assets_hardware_info_util
,
test_asset_connectability_util
from
..tasks
import
update_assets_hardware_info_util
,
test_asset_connectability_util
from
..
import
serializers
from
..
import
serializers
...
@@ -39,7 +39,7 @@ __all__ = [
...
@@ -39,7 +39,7 @@ __all__ = [
class
NodeViewSet
(
viewsets
.
ModelViewSet
):
class
NodeViewSet
(
viewsets
.
ModelViewSet
):
queryset
=
Node
.
objects
.
all
()
queryset
=
Node
.
objects
.
all
()
permission_classes
=
(
Is
SuperUser
,)
permission_classes
=
(
Is
OrgAdmin
,)
serializer_class
=
serializers
.
NodeSerializer
serializer_class
=
serializers
.
NodeSerializer
def
get_queryset
(
self
):
def
get_queryset
(
self
):
...
@@ -56,7 +56,7 @@ class NodeViewSet(viewsets.ModelViewSet):
...
@@ -56,7 +56,7 @@ class NodeViewSet(viewsets.ModelViewSet):
# class NodeWithAssetsApi(generics.ListAPIView):
# class NodeWithAssetsApi(generics.ListAPIView):
# permission_classes = (Is
SuperUser
,)
# permission_classes = (Is
OrgAdmin
,)
# serializers = serializers.NodeSerializer
# serializers = serializers.NodeSerializer
#
#
# def get_node(self):
# def get_node(self):
...
@@ -85,7 +85,7 @@ class NodeViewSet(viewsets.ModelViewSet):
...
@@ -85,7 +85,7 @@ class NodeViewSet(viewsets.ModelViewSet):
class
NodeChildrenApi
(
mixins
.
ListModelMixin
,
generics
.
CreateAPIView
):
class
NodeChildrenApi
(
mixins
.
ListModelMixin
,
generics
.
CreateAPIView
):
queryset
=
Node
.
objects
.
all
()
queryset
=
Node
.
objects
.
all
()
permission_classes
=
(
Is
SuperUser
,)
permission_classes
=
(
Is
OrgAdmin
,)
serializer_class
=
serializers
.
NodeSerializer
serializer_class
=
serializers
.
NodeSerializer
instance
=
None
instance
=
None
...
@@ -157,7 +157,7 @@ class NodeChildrenApi(mixins.ListModelMixin, generics.CreateAPIView):
...
@@ -157,7 +157,7 @@ class NodeChildrenApi(mixins.ListModelMixin, generics.CreateAPIView):
class
NodeAssetsApi
(
generics
.
ListAPIView
):
class
NodeAssetsApi
(
generics
.
ListAPIView
):
permission_classes
=
(
Is
SuperUser
,)
permission_classes
=
(
Is
OrgAdmin
,)
serializer_class
=
serializers
.
AssetSerializer
serializer_class
=
serializers
.
AssetSerializer
def
get_queryset
(
self
):
def
get_queryset
(
self
):
...
@@ -172,7 +172,7 @@ class NodeAssetsApi(generics.ListAPIView):
...
@@ -172,7 +172,7 @@ class NodeAssetsApi(generics.ListAPIView):
class
NodeAddChildrenApi
(
generics
.
UpdateAPIView
):
class
NodeAddChildrenApi
(
generics
.
UpdateAPIView
):
queryset
=
Node
.
objects
.
all
()
queryset
=
Node
.
objects
.
all
()
permission_classes
=
(
Is
SuperUser
,)
permission_classes
=
(
Is
OrgAdmin
,)
serializer_class
=
serializers
.
NodeAddChildrenSerializer
serializer_class
=
serializers
.
NodeAddChildrenSerializer
instance
=
None
instance
=
None
...
@@ -190,7 +190,7 @@ class NodeAddChildrenApi(generics.UpdateAPIView):
...
@@ -190,7 +190,7 @@ class NodeAddChildrenApi(generics.UpdateAPIView):
class
NodeAddAssetsApi
(
generics
.
UpdateAPIView
):
class
NodeAddAssetsApi
(
generics
.
UpdateAPIView
):
serializer_class
=
serializers
.
NodeAssetsSerializer
serializer_class
=
serializers
.
NodeAssetsSerializer
queryset
=
Node
.
objects
.
all
()
queryset
=
Node
.
objects
.
all
()
permission_classes
=
(
Is
SuperUser
,)
permission_classes
=
(
Is
OrgAdmin
,)
instance
=
None
instance
=
None
def
perform_update
(
self
,
serializer
):
def
perform_update
(
self
,
serializer
):
...
@@ -202,7 +202,7 @@ class NodeAddAssetsApi(generics.UpdateAPIView):
...
@@ -202,7 +202,7 @@ class NodeAddAssetsApi(generics.UpdateAPIView):
class
NodeRemoveAssetsApi
(
generics
.
UpdateAPIView
):
class
NodeRemoveAssetsApi
(
generics
.
UpdateAPIView
):
serializer_class
=
serializers
.
NodeAssetsSerializer
serializer_class
=
serializers
.
NodeAssetsSerializer
queryset
=
Node
.
objects
.
all
()
queryset
=
Node
.
objects
.
all
()
permission_classes
=
(
Is
SuperUser
,)
permission_classes
=
(
Is
OrgAdmin
,)
instance
=
None
instance
=
None
def
perform_update
(
self
,
serializer
):
def
perform_update
(
self
,
serializer
):
...
@@ -218,7 +218,7 @@ class NodeRemoveAssetsApi(generics.UpdateAPIView):
...
@@ -218,7 +218,7 @@ class NodeRemoveAssetsApi(generics.UpdateAPIView):
class
NodeReplaceAssetsApi
(
generics
.
UpdateAPIView
):
class
NodeReplaceAssetsApi
(
generics
.
UpdateAPIView
):
serializer_class
=
serializers
.
NodeAssetsSerializer
serializer_class
=
serializers
.
NodeAssetsSerializer
queryset
=
Node
.
objects
.
all
()
queryset
=
Node
.
objects
.
all
()
permission_classes
=
(
Is
SuperUser
,)
permission_classes
=
(
Is
OrgAdmin
,)
instance
=
None
instance
=
None
def
perform_update
(
self
,
serializer
):
def
perform_update
(
self
,
serializer
):
...
@@ -229,7 +229,7 @@ class NodeReplaceAssetsApi(generics.UpdateAPIView):
...
@@ -229,7 +229,7 @@ class NodeReplaceAssetsApi(generics.UpdateAPIView):
class
RefreshNodeHardwareInfoApi
(
APIView
):
class
RefreshNodeHardwareInfoApi
(
APIView
):
permission_classes
=
(
Is
SuperUser
,)
permission_classes
=
(
Is
OrgAdmin
,)
model
=
Node
model
=
Node
def
get
(
self
,
request
,
*
args
,
**
kwargs
):
def
get
(
self
,
request
,
*
args
,
**
kwargs
):
...
@@ -242,7 +242,7 @@ class RefreshNodeHardwareInfoApi(APIView):
...
@@ -242,7 +242,7 @@ class RefreshNodeHardwareInfoApi(APIView):
class
TestNodeConnectiveApi
(
APIView
):
class
TestNodeConnectiveApi
(
APIView
):
permission_classes
=
(
Is
SuperUser
,)
permission_classes
=
(
Is
OrgAdmin
,)
model
=
Node
model
=
Node
def
get
(
self
,
request
,
*
args
,
**
kwargs
):
def
get
(
self
,
request
,
*
args
,
**
kwargs
):
...
...
apps/assets/api/system_user.py
View file @
c816875f
...
@@ -16,8 +16,9 @@
...
@@ -16,8 +16,9 @@
from
rest_framework
import
generics
from
rest_framework
import
generics
from
rest_framework.response
import
Response
from
rest_framework.response
import
Response
from
rest_framework_bulk
import
BulkModelViewSet
from
rest_framework_bulk
import
BulkModelViewSet
from
common.utils
import
get_logger
from
common.utils
import
get_logger
from
..hands
import
IsSuperUser
,
IsSuperUser
OrAppUser
from
common.permissions
import
IsOrgAdmin
,
IsOrgAdmin
OrAppUser
from
..models
import
SystemUser
from
..models
import
SystemUser
from
..
import
serializers
from
..
import
serializers
from
..tasks
import
push_system_user_to_assets_manual
,
\
from
..tasks
import
push_system_user_to_assets_manual
,
\
...
@@ -37,7 +38,7 @@ class SystemUserViewSet(BulkModelViewSet):
...
@@ -37,7 +38,7 @@ class SystemUserViewSet(BulkModelViewSet):
"""
"""
queryset
=
SystemUser
.
objects
.
all
()
queryset
=
SystemUser
.
objects
.
all
()
serializer_class
=
serializers
.
SystemUserSerializer
serializer_class
=
serializers
.
SystemUserSerializer
permission_classes
=
(
Is
SuperUser
OrAppUser
,)
permission_classes
=
(
Is
OrgAdmin
OrAppUser
,)
class
SystemUserAuthInfoApi
(
generics
.
RetrieveUpdateDestroyAPIView
):
class
SystemUserAuthInfoApi
(
generics
.
RetrieveUpdateDestroyAPIView
):
...
@@ -45,7 +46,7 @@ class SystemUserAuthInfoApi(generics.RetrieveUpdateDestroyAPIView):
...
@@ -45,7 +46,7 @@ class SystemUserAuthInfoApi(generics.RetrieveUpdateDestroyAPIView):
Get system user auth info
Get system user auth info
"""
"""
queryset
=
SystemUser
.
objects
.
all
()
queryset
=
SystemUser
.
objects
.
all
()
permission_classes
=
(
Is
SuperUser
OrAppUser
,)
permission_classes
=
(
Is
OrgAdmin
OrAppUser
,)
serializer_class
=
serializers
.
SystemUserAuthSerializer
serializer_class
=
serializers
.
SystemUserAuthSerializer
def
destroy
(
self
,
request
,
*
args
,
**
kwargs
):
def
destroy
(
self
,
request
,
*
args
,
**
kwargs
):
...
@@ -59,7 +60,7 @@ class SystemUserPushApi(generics.RetrieveAPIView):
...
@@ -59,7 +60,7 @@ class SystemUserPushApi(generics.RetrieveAPIView):
Push system user to cluster assets api
Push system user to cluster assets api
"""
"""
queryset
=
SystemUser
.
objects
.
all
()
queryset
=
SystemUser
.
objects
.
all
()
permission_classes
=
(
Is
SuperUser
,)
permission_classes
=
(
Is
OrgAdmin
,)
def
retrieve
(
self
,
request
,
*
args
,
**
kwargs
):
def
retrieve
(
self
,
request
,
*
args
,
**
kwargs
):
system_user
=
self
.
get_object
()
system_user
=
self
.
get_object
()
...
@@ -75,7 +76,7 @@ class SystemUserTestConnectiveApi(generics.RetrieveAPIView):
...
@@ -75,7 +76,7 @@ class SystemUserTestConnectiveApi(generics.RetrieveAPIView):
Push system user to cluster assets api
Push system user to cluster assets api
"""
"""
queryset
=
SystemUser
.
objects
.
all
()
queryset
=
SystemUser
.
objects
.
all
()
permission_classes
=
(
Is
SuperUser
,)
permission_classes
=
(
Is
OrgAdmin
,)
def
retrieve
(
self
,
request
,
*
args
,
**
kwargs
):
def
retrieve
(
self
,
request
,
*
args
,
**
kwargs
):
system_user
=
self
.
get_object
()
system_user
=
self
.
get_object
()
...
...
apps/assets/hands.py
View file @
c816875f
...
@@ -12,5 +12,5 @@
...
@@ -12,5 +12,5 @@
from
common.permissions
import
AdminUserRequiredMixin
from
common.permissions
import
AdminUserRequiredMixin
from
common.permissions
import
IsAppUser
,
Is
SuperUser
,
IsValidUser
,
IsSuperUser
OrAppUser
from
common.permissions
import
IsAppUser
,
Is
OrgAdmin
,
IsValidUser
,
IsOrgAdmin
OrAppUser
from
users.models
import
User
,
UserGroup
from
users.models
import
User
,
UserGroup
apps/audits/api.py
View file @
c816875f
...
@@ -3,7 +3,7 @@
...
@@ -3,7 +3,7 @@
from
rest_framework
import
viewsets
from
rest_framework
import
viewsets
from
common.permissions
import
Is
SuperUser
OrAppUser
from
common.permissions
import
Is
OrgAdmin
OrAppUser
from
.models
import
FTPLog
from
.models
import
FTPLog
from
.serializers
import
FTPLogSerializer
from
.serializers
import
FTPLogSerializer
...
@@ -11,4 +11,4 @@ from .serializers import FTPLogSerializer
...
@@ -11,4 +11,4 @@ from .serializers import FTPLogSerializer
class
FTPLogViewSet
(
viewsets
.
ModelViewSet
):
class
FTPLogViewSet
(
viewsets
.
ModelViewSet
):
queryset
=
FTPLog
.
objects
.
all
()
queryset
=
FTPLog
.
objects
.
all
()
serializer_class
=
FTPLogSerializer
serializer_class
=
FTPLogSerializer
permission_classes
=
(
Is
SuperUser
OrAppUser
,)
permission_classes
=
(
Is
OrgAdmin
OrAppUser
,)
apps/common/api.py
View file @
c816875f
...
@@ -8,12 +8,12 @@ from django.core.mail import get_connection, send_mail
...
@@ -8,12 +8,12 @@ from django.core.mail import get_connection, send_mail
from
django.utils.translation
import
ugettext_lazy
as
_
from
django.utils.translation
import
ugettext_lazy
as
_
from
django.conf
import
settings
from
django.conf
import
settings
from
.permissions
import
Is
SuperUser
from
.permissions
import
Is
OrgAdmin
from
.serializers
import
MailTestSerializer
,
LDAPTestSerializer
from
.serializers
import
MailTestSerializer
,
LDAPTestSerializer
class
MailTestingAPI
(
APIView
):
class
MailTestingAPI
(
APIView
):
permission_classes
=
(
Is
SuperUser
,)
permission_classes
=
(
Is
OrgAdmin
,)
serializer_class
=
MailTestSerializer
serializer_class
=
MailTestSerializer
success_message
=
_
(
"Test mail sent to {}, please check"
)
success_message
=
_
(
"Test mail sent to {}, please check"
)
...
@@ -37,7 +37,7 @@ class MailTestingAPI(APIView):
...
@@ -37,7 +37,7 @@ class MailTestingAPI(APIView):
class
LDAPTestingAPI
(
APIView
):
class
LDAPTestingAPI
(
APIView
):
permission_classes
=
(
Is
SuperUser
,)
permission_classes
=
(
Is
OrgAdmin
,)
serializer_class
=
LDAPTestSerializer
serializer_class
=
LDAPTestSerializer
success_message
=
_
(
"Test ldap success"
)
success_message
=
_
(
"Test ldap success"
)
...
...
apps/common/mixins.py
View file @
c816875f
...
@@ -6,7 +6,6 @@ from django.utils import timezone
...
@@ -6,7 +6,6 @@ from django.utils import timezone
from
django.utils.translation
import
ugettext_lazy
as
_
from
django.utils.translation
import
ugettext_lazy
as
_
class
NoDeleteQuerySet
(
models
.
query
.
QuerySet
):
class
NoDeleteQuerySet
(
models
.
query
.
QuerySet
):
def
delete
(
self
):
def
delete
(
self
):
...
...
apps/common/permissions.py
View file @
c816875f
...
@@ -23,29 +23,29 @@ class IsAppUser(IsValidUser):
...
@@ -23,29 +23,29 @@ class IsAppUser(IsValidUser):
and
request
.
user
.
is_app
and
request
.
user
.
is_app
class
Is
SuperUser
(
IsValidUser
):
class
Is
OrgAdmin
(
IsValidUser
):
"""Allows access only to superuser"""
"""Allows access only to superuser"""
def
has_permission
(
self
,
request
,
view
):
def
has_permission
(
self
,
request
,
view
):
return
super
(
Is
SuperUser
,
self
)
.
has_permission
(
request
,
view
)
\
return
super
(
Is
OrgAdmin
,
self
)
.
has_permission
(
request
,
view
)
\
and
request
.
user
.
is_superuser
and
current_org
.
can_admin_by
(
request
.
user
)
class
Is
SuperUser
OrAppUser
(
IsValidUser
):
class
Is
OrgAdmin
OrAppUser
(
IsValidUser
):
"""Allows access between superuser and app user"""
"""Allows access between superuser and app user"""
def
has_permission
(
self
,
request
,
view
):
def
has_permission
(
self
,
request
,
view
):
return
super
(
Is
SuperUser
OrAppUser
,
self
)
.
has_permission
(
request
,
view
)
\
return
super
(
Is
OrgAdmin
OrAppUser
,
self
)
.
has_permission
(
request
,
view
)
\
and
(
request
.
user
.
is_superuser
or
request
.
user
.
is_app
)
and
(
current_org
.
can_admin_by
(
request
.
user
)
or
request
.
user
.
is_app
)
class
Is
SuperUserOrAppUserOrUserReadonly
(
IsSuperUser
OrAppUser
):
class
Is
OrgAdminOrAppUserOrUserReadonly
(
IsOrgAdmin
OrAppUser
):
def
has_permission
(
self
,
request
,
view
):
def
has_permission
(
self
,
request
,
view
):
if
IsValidUser
.
has_permission
(
self
,
request
,
view
)
\
if
IsValidUser
.
has_permission
(
self
,
request
,
view
)
\
and
request
.
method
in
permissions
.
SAFE_METHODS
:
and
request
.
method
in
permissions
.
SAFE_METHODS
:
return
True
return
True
else
:
else
:
return
Is
SuperUser
OrAppUser
.
has_permission
(
self
,
request
,
view
)
return
Is
OrgAdmin
OrAppUser
.
has_permission
(
self
,
request
,
view
)
class
IsCurrentUserOrReadOnly
(
permissions
.
BasePermission
):
class
IsCurrentUserOrReadOnly
(
permissions
.
BasePermission
):
...
@@ -59,7 +59,7 @@ class AdminUserRequiredMixin(UserPassesTestMixin):
...
@@ -59,7 +59,7 @@ class AdminUserRequiredMixin(UserPassesTestMixin):
def
test_func
(
self
):
def
test_func
(
self
):
if
not
self
.
request
.
user
.
is_authenticated
:
if
not
self
.
request
.
user
.
is_authenticated
:
return
False
return
False
elif
not
self
.
request
.
user
:
elif
not
current_org
.
can_admin_by
(
self
.
request
.
user
)
:
self
.
raise_exception
=
True
self
.
raise_exception
=
True
return
False
return
False
return
True
return
True
apps/common/views.py
View file @
c816875f
from
django.views.generic
import
TemplateView
from
django.core.cache
import
cache
from
django.shortcuts
import
render
,
redirect
from
django.views.generic
import
TemplateView
,
View
,
DetailView
from
django.shortcuts
import
render
,
redirect
,
Http404
,
reverse
from
django.contrib
import
messages
from
django.contrib
import
messages
from
django.utils.translation
import
ugettext
as
_
from
django.utils.translation
import
ugettext
as
_
from
django.conf
import
settings
from
django.conf
import
settings
...
...
apps/jumpserver/settings.py
View file @
c816875f
...
@@ -291,7 +291,7 @@ REST_FRAMEWORK = {
...
@@ -291,7 +291,7 @@ REST_FRAMEWORK = {
# Use Django's standard `django.contrib.auth` permissions,
# Use Django's standard `django.contrib.auth` permissions,
# or allow read-only access for unauthenticated users.
# or allow read-only access for unauthenticated users.
'DEFAULT_PERMISSION_CLASSES'
:
(
'DEFAULT_PERMISSION_CLASSES'
:
(
'
users.permissions.IsSuperUser
'
,
'
common.permissions.IsOrgAdmin
'
,
),
),
'DEFAULT_AUTHENTICATION_CLASSES'
:
(
'DEFAULT_AUTHENTICATION_CLASSES'
:
(
'users.authentication.AccessKeyAuthentication'
,
'users.authentication.AccessKeyAuthentication'
,
...
...
apps/ops/api.py
View file @
c816875f
...
@@ -8,7 +8,7 @@ from django.utils.translation import ugettext as _
...
@@ -8,7 +8,7 @@ from django.utils.translation import ugettext as _
from
rest_framework
import
viewsets
,
generics
from
rest_framework
import
viewsets
,
generics
from
rest_framework.views
import
Response
from
rest_framework.views
import
Response
from
.hands
import
IsSuperUser
from
common.permissions
import
IsOrgAdmin
from
.models
import
Task
,
AdHoc
,
AdHocRunHistory
,
CeleryTask
from
.models
import
Task
,
AdHoc
,
AdHocRunHistory
,
CeleryTask
from
.serializers
import
TaskSerializer
,
AdHocSerializer
,
\
from
.serializers
import
TaskSerializer
,
AdHocSerializer
,
\
AdHocRunHistorySerializer
AdHocRunHistorySerializer
...
@@ -18,13 +18,13 @@ from .tasks import run_ansible_task
...
@@ -18,13 +18,13 @@ from .tasks import run_ansible_task
class
TaskViewSet
(
viewsets
.
ModelViewSet
):
class
TaskViewSet
(
viewsets
.
ModelViewSet
):
queryset
=
Task
.
objects
.
all
()
queryset
=
Task
.
objects
.
all
()
serializer_class
=
TaskSerializer
serializer_class
=
TaskSerializer
permission_classes
=
(
Is
SuperUser
,)
permission_classes
=
(
Is
OrgAdmin
,)
class
TaskRun
(
generics
.
RetrieveAPIView
):
class
TaskRun
(
generics
.
RetrieveAPIView
):
queryset
=
Task
.
objects
.
all
()
queryset
=
Task
.
objects
.
all
()
serializer_class
=
TaskViewSet
serializer_class
=
TaskViewSet
permission_classes
=
(
Is
SuperUser
,)
permission_classes
=
(
Is
OrgAdmin
,)
def
retrieve
(
self
,
request
,
*
args
,
**
kwargs
):
def
retrieve
(
self
,
request
,
*
args
,
**
kwargs
):
task
=
self
.
get_object
()
task
=
self
.
get_object
()
...
@@ -35,7 +35,7 @@ class TaskRun(generics.RetrieveAPIView):
...
@@ -35,7 +35,7 @@ class TaskRun(generics.RetrieveAPIView):
class
AdHocViewSet
(
viewsets
.
ModelViewSet
):
class
AdHocViewSet
(
viewsets
.
ModelViewSet
):
queryset
=
AdHoc
.
objects
.
all
()
queryset
=
AdHoc
.
objects
.
all
()
serializer_class
=
AdHocSerializer
serializer_class
=
AdHocSerializer
permission_classes
=
(
Is
SuperUser
,)
permission_classes
=
(
Is
OrgAdmin
,)
def
get_queryset
(
self
):
def
get_queryset
(
self
):
task_id
=
self
.
request
.
query_params
.
get
(
'task'
)
task_id
=
self
.
request
.
query_params
.
get
(
'task'
)
...
@@ -48,7 +48,7 @@ class AdHocViewSet(viewsets.ModelViewSet):
...
@@ -48,7 +48,7 @@ class AdHocViewSet(viewsets.ModelViewSet):
class
AdHocRunHistorySet
(
viewsets
.
ModelViewSet
):
class
AdHocRunHistorySet
(
viewsets
.
ModelViewSet
):
queryset
=
AdHocRunHistory
.
objects
.
all
()
queryset
=
AdHocRunHistory
.
objects
.
all
()
serializer_class
=
AdHocRunHistorySerializer
serializer_class
=
AdHocRunHistorySerializer
permission_classes
=
(
Is
SuperUser
,)
permission_classes
=
(
Is
OrgAdmin
,)
def
get_queryset
(
self
):
def
get_queryset
(
self
):
task_id
=
self
.
request
.
query_params
.
get
(
'task'
)
task_id
=
self
.
request
.
query_params
.
get
(
'task'
)
...
@@ -65,7 +65,7 @@ class AdHocRunHistorySet(viewsets.ModelViewSet):
...
@@ -65,7 +65,7 @@ class AdHocRunHistorySet(viewsets.ModelViewSet):
class
CeleryTaskLogApi
(
generics
.
RetrieveAPIView
):
class
CeleryTaskLogApi
(
generics
.
RetrieveAPIView
):
permission_classes
=
(
Is
SuperUser
,)
permission_classes
=
(
Is
OrgAdmin
,)
buff_size
=
1024
*
10
buff_size
=
1024
*
10
end
=
False
end
=
False
queryset
=
CeleryTask
.
objects
.
all
()
queryset
=
CeleryTask
.
objects
.
all
()
...
...
apps/ops/hands.py
View file @
c816875f
# ~*~ coding: utf-8 ~*~
# ~*~ coding: utf-8 ~*~
from
users.permissions
import
IsSuperUser
from
common.permissions
import
AdminUserRequiredMixin
\ No newline at end of file
apps/perms/api.py
View file @
c816875f
...
@@ -7,7 +7,7 @@ from rest_framework.generics import ListAPIView, get_object_or_404, RetrieveUpda
...
@@ -7,7 +7,7 @@ from rest_framework.generics import ListAPIView, get_object_or_404, RetrieveUpda
from
rest_framework
import
viewsets
from
rest_framework
import
viewsets
from
common.utils
import
set_or_append_attr_bulk
,
get_object_or_none
from
common.utils
import
set_or_append_attr_bulk
,
get_object_or_none
from
users.permissions
import
IsValidUser
,
IsSuperUser
,
IsSuperUser
OrAppUser
from
common.permissions
import
IsValidUser
,
IsOrgAdmin
,
IsOrgAdmin
OrAppUser
from
.utils
import
AssetPermissionUtil
from
.utils
import
AssetPermissionUtil
from
.models
import
AssetPermission
from
.models
import
AssetPermission
from
.hands
import
AssetGrantedSerializer
,
User
,
UserGroup
,
Asset
,
Node
,
\
from
.hands
import
AssetGrantedSerializer
,
User
,
UserGroup
,
Asset
,
Node
,
\
...
@@ -21,7 +21,7 @@ class AssetPermissionViewSet(viewsets.ModelViewSet):
...
@@ -21,7 +21,7 @@ class AssetPermissionViewSet(viewsets.ModelViewSet):
"""
"""
queryset
=
AssetPermission
.
objects
.
all
()
queryset
=
AssetPermission
.
objects
.
all
()
serializer_class
=
serializers
.
AssetPermissionCreateUpdateSerializer
serializer_class
=
serializers
.
AssetPermissionCreateUpdateSerializer
permission_classes
=
(
Is
SuperUser
,)
permission_classes
=
(
Is
OrgAdmin
,)
def
get_serializer_class
(
self
):
def
get_serializer_class
(
self
):
if
self
.
action
in
(
"list"
,
'retrieve'
):
if
self
.
action
in
(
"list"
,
'retrieve'
):
...
@@ -58,7 +58,7 @@ class UserGrantedAssetsApi(ListAPIView):
...
@@ -58,7 +58,7 @@ class UserGrantedAssetsApi(ListAPIView):
"""
"""
用户授权的所有资产
用户授权的所有资产
"""
"""
permission_classes
=
(
Is
SuperUser
OrAppUser
,)
permission_classes
=
(
Is
OrgAdmin
OrAppUser
,)
serializer_class
=
AssetGrantedSerializer
serializer_class
=
AssetGrantedSerializer
def
get_queryset
(
self
):
def
get_queryset
(
self
):
...
@@ -87,7 +87,7 @@ class UserGrantedAssetsApi(ListAPIView):
...
@@ -87,7 +87,7 @@ class UserGrantedAssetsApi(ListAPIView):
class
UserGrantedNodesApi
(
ListAPIView
):
class
UserGrantedNodesApi
(
ListAPIView
):
permission_classes
=
(
Is
SuperUser
,)
permission_classes
=
(
Is
OrgAdmin
,)
serializer_class
=
NodeSerializer
serializer_class
=
NodeSerializer
def
get_queryset
(
self
):
def
get_queryset
(
self
):
...
@@ -107,7 +107,7 @@ class UserGrantedNodesApi(ListAPIView):
...
@@ -107,7 +107,7 @@ class UserGrantedNodesApi(ListAPIView):
class
UserGrantedNodesWithAssetsApi
(
ListAPIView
):
class
UserGrantedNodesWithAssetsApi
(
ListAPIView
):
permission_classes
=
(
Is
SuperUser
OrAppUser
,)
permission_classes
=
(
Is
OrgAdmin
OrAppUser
,)
serializer_class
=
NodeGrantedSerializer
serializer_class
=
NodeGrantedSerializer
def
get_queryset
(
self
):
def
get_queryset
(
self
):
...
@@ -139,7 +139,7 @@ class UserGrantedNodesWithAssetsApi(ListAPIView):
...
@@ -139,7 +139,7 @@ class UserGrantedNodesWithAssetsApi(ListAPIView):
class
UserGrantedNodeAssetsApi
(
ListAPIView
):
class
UserGrantedNodeAssetsApi
(
ListAPIView
):
permission_classes
=
(
Is
SuperUser
OrAppUser
,)
permission_classes
=
(
Is
OrgAdmin
OrAppUser
,)
serializer_class
=
AssetGrantedSerializer
serializer_class
=
AssetGrantedSerializer
def
get_queryset
(
self
):
def
get_queryset
(
self
):
...
@@ -165,7 +165,7 @@ class UserGrantedNodeAssetsApi(ListAPIView):
...
@@ -165,7 +165,7 @@ class UserGrantedNodeAssetsApi(ListAPIView):
class
UserGroupGrantedAssetsApi
(
ListAPIView
):
class
UserGroupGrantedAssetsApi
(
ListAPIView
):
permission_classes
=
(
Is
SuperUser
,)
permission_classes
=
(
Is
OrgAdmin
,)
serializer_class
=
AssetGrantedSerializer
serializer_class
=
AssetGrantedSerializer
def
get_queryset
(
self
):
def
get_queryset
(
self
):
...
@@ -185,7 +185,7 @@ class UserGroupGrantedAssetsApi(ListAPIView):
...
@@ -185,7 +185,7 @@ class UserGroupGrantedAssetsApi(ListAPIView):
class
UserGroupGrantedNodesApi
(
ListAPIView
):
class
UserGroupGrantedNodesApi
(
ListAPIView
):
permission_classes
=
(
Is
SuperUser
,)
permission_classes
=
(
Is
OrgAdmin
,)
serializer_class
=
NodeSerializer
serializer_class
=
NodeSerializer
def
get_queryset
(
self
):
def
get_queryset
(
self
):
...
@@ -201,7 +201,7 @@ class UserGroupGrantedNodesApi(ListAPIView):
...
@@ -201,7 +201,7 @@ class UserGroupGrantedNodesApi(ListAPIView):
class
UserGroupGrantedNodesWithAssetsApi
(
ListAPIView
):
class
UserGroupGrantedNodesWithAssetsApi
(
ListAPIView
):
permission_classes
=
(
Is
SuperUser
,)
permission_classes
=
(
Is
OrgAdmin
,)
serializer_class
=
NodeGrantedSerializer
serializer_class
=
NodeGrantedSerializer
def
get_queryset
(
self
):
def
get_queryset
(
self
):
...
@@ -224,7 +224,7 @@ class UserGroupGrantedNodesWithAssetsApi(ListAPIView):
...
@@ -224,7 +224,7 @@ class UserGroupGrantedNodesWithAssetsApi(ListAPIView):
class
UserGroupGrantedNodeAssetsApi
(
ListAPIView
):
class
UserGroupGrantedNodeAssetsApi
(
ListAPIView
):
permission_classes
=
(
Is
SuperUser
OrAppUser
,)
permission_classes
=
(
Is
OrgAdmin
OrAppUser
,)
serializer_class
=
AssetGrantedSerializer
serializer_class
=
AssetGrantedSerializer
def
get_queryset
(
self
):
def
get_queryset
(
self
):
...
@@ -242,7 +242,7 @@ class UserGroupGrantedNodeAssetsApi(ListAPIView):
...
@@ -242,7 +242,7 @@ class UserGroupGrantedNodeAssetsApi(ListAPIView):
class
ValidateUserAssetPermissionView
(
APIView
):
class
ValidateUserAssetPermissionView
(
APIView
):
permission_classes
=
(
Is
SuperUser
OrAppUser
,)
permission_classes
=
(
Is
OrgAdmin
OrAppUser
,)
@staticmethod
@staticmethod
def
get
(
request
):
def
get
(
request
):
...
@@ -266,7 +266,7 @@ class AssetPermissionRemoveUserApi(RetrieveUpdateAPIView):
...
@@ -266,7 +266,7 @@ class AssetPermissionRemoveUserApi(RetrieveUpdateAPIView):
"""
"""
将用户从授权中移除,Detail页面会调用
将用户从授权中移除,Detail页面会调用
"""
"""
permission_classes
=
(
Is
SuperUser
,)
permission_classes
=
(
Is
OrgAdmin
,)
serializer_class
=
serializers
.
AssetPermissionUpdateUserSerializer
serializer_class
=
serializers
.
AssetPermissionUpdateUserSerializer
queryset
=
AssetPermission
.
objects
.
all
()
queryset
=
AssetPermission
.
objects
.
all
()
...
@@ -283,7 +283,7 @@ class AssetPermissionRemoveUserApi(RetrieveUpdateAPIView):
...
@@ -283,7 +283,7 @@ class AssetPermissionRemoveUserApi(RetrieveUpdateAPIView):
class
AssetPermissionAddUserApi
(
RetrieveUpdateAPIView
):
class
AssetPermissionAddUserApi
(
RetrieveUpdateAPIView
):
permission_classes
=
(
Is
SuperUser
,)
permission_classes
=
(
Is
OrgAdmin
,)
serializer_class
=
serializers
.
AssetPermissionUpdateUserSerializer
serializer_class
=
serializers
.
AssetPermissionUpdateUserSerializer
queryset
=
AssetPermission
.
objects
.
all
()
queryset
=
AssetPermission
.
objects
.
all
()
...
@@ -303,7 +303,7 @@ class AssetPermissionRemoveAssetApi(RetrieveUpdateAPIView):
...
@@ -303,7 +303,7 @@ class AssetPermissionRemoveAssetApi(RetrieveUpdateAPIView):
"""
"""
将用户从授权中移除,Detail页面会调用
将用户从授权中移除,Detail页面会调用
"""
"""
permission_classes
=
(
Is
SuperUser
,)
permission_classes
=
(
Is
OrgAdmin
,)
serializer_class
=
serializers
.
AssetPermissionUpdateAssetSerializer
serializer_class
=
serializers
.
AssetPermissionUpdateAssetSerializer
queryset
=
AssetPermission
.
objects
.
all
()
queryset
=
AssetPermission
.
objects
.
all
()
...
@@ -320,7 +320,7 @@ class AssetPermissionRemoveAssetApi(RetrieveUpdateAPIView):
...
@@ -320,7 +320,7 @@ class AssetPermissionRemoveAssetApi(RetrieveUpdateAPIView):
class
AssetPermissionAddAssetApi
(
RetrieveUpdateAPIView
):
class
AssetPermissionAddAssetApi
(
RetrieveUpdateAPIView
):
permission_classes
=
(
Is
SuperUser
,)
permission_classes
=
(
Is
OrgAdmin
,)
serializer_class
=
serializers
.
AssetPermissionUpdateAssetSerializer
serializer_class
=
serializers
.
AssetPermissionUpdateAssetSerializer
queryset
=
AssetPermission
.
objects
.
all
()
queryset
=
AssetPermission
.
objects
.
all
()
...
...
apps/terminal/api.py
View file @
c816875f
...
@@ -24,8 +24,8 @@ from common.utils import get_object_or_none
...
@@ -24,8 +24,8 @@ from common.utils import get_object_or_none
from
.models
import
Terminal
,
Status
,
Session
,
Task
from
.models
import
Terminal
,
Status
,
Session
,
Task
from
.serializers
import
TerminalSerializer
,
StatusSerializer
,
\
from
.serializers
import
TerminalSerializer
,
StatusSerializer
,
\
SessionSerializer
,
TaskSerializer
,
ReplaySerializer
SessionSerializer
,
TaskSerializer
,
ReplaySerializer
from
.hands
import
IsSuperUserOrAppUser
,
Is
AppUser
,
\
from
common.permissions
import
IsOrgAdmin
,
IsAppUser
,
IsOrgAdminOr
AppUser
,
\
Is
SuperUser
OrAppUserOrUserReadonly
Is
OrgAdmin
OrAppUserOrUserReadonly
from
.backends
import
get_command_storage
,
get_multi_command_storage
,
\
from
.backends
import
get_command_storage
,
get_multi_command_storage
,
\
SessionCommandSerializer
SessionCommandSerializer
...
@@ -35,7 +35,7 @@ logger = logging.getLogger(__file__)
...
@@ -35,7 +35,7 @@ logger = logging.getLogger(__file__)
class
TerminalViewSet
(
viewsets
.
ModelViewSet
):
class
TerminalViewSet
(
viewsets
.
ModelViewSet
):
queryset
=
Terminal
.
objects
.
filter
(
is_deleted
=
False
)
queryset
=
Terminal
.
objects
.
filter
(
is_deleted
=
False
)
serializer_class
=
TerminalSerializer
serializer_class
=
TerminalSerializer
permission_classes
=
(
Is
SuperUser
OrAppUserOrUserReadonly
,)
permission_classes
=
(
Is
OrgAdmin
OrAppUserOrUserReadonly
,)
def
create
(
self
,
request
,
*
args
,
**
kwargs
):
def
create
(
self
,
request
,
*
args
,
**
kwargs
):
name
=
request
.
data
.
get
(
'name'
)
name
=
request
.
data
.
get
(
'name'
)
...
@@ -104,7 +104,7 @@ class TerminalTokenApi(APIView):
...
@@ -104,7 +104,7 @@ class TerminalTokenApi(APIView):
class
StatusViewSet
(
viewsets
.
ModelViewSet
):
class
StatusViewSet
(
viewsets
.
ModelViewSet
):
queryset
=
Status
.
objects
.
all
()
queryset
=
Status
.
objects
.
all
()
serializer_class
=
StatusSerializer
serializer_class
=
StatusSerializer
permission_classes
=
(
Is
SuperUser
OrAppUser
,)
permission_classes
=
(
Is
OrgAdmin
OrAppUser
,)
session_serializer_class
=
SessionSerializer
session_serializer_class
=
SessionSerializer
task_serializer_class
=
TaskSerializer
task_serializer_class
=
TaskSerializer
...
@@ -176,7 +176,7 @@ class StatusViewSet(viewsets.ModelViewSet):
...
@@ -176,7 +176,7 @@ class StatusViewSet(viewsets.ModelViewSet):
class
SessionViewSet
(
viewsets
.
ModelViewSet
):
class
SessionViewSet
(
viewsets
.
ModelViewSet
):
queryset
=
Session
.
objects
.
all
()
queryset
=
Session
.
objects
.
all
()
serializer_class
=
SessionSerializer
serializer_class
=
SessionSerializer
permission_classes
=
(
Is
SuperUser
OrAppUser
,)
permission_classes
=
(
Is
OrgAdmin
OrAppUser
,)
def
get_queryset
(
self
):
def
get_queryset
(
self
):
terminal_id
=
self
.
kwargs
.
get
(
"terminal"
,
None
)
terminal_id
=
self
.
kwargs
.
get
(
"terminal"
,
None
)
...
@@ -194,11 +194,11 @@ class SessionViewSet(viewsets.ModelViewSet):
...
@@ -194,11 +194,11 @@ class SessionViewSet(viewsets.ModelViewSet):
class
TaskViewSet
(
BulkModelViewSet
):
class
TaskViewSet
(
BulkModelViewSet
):
queryset
=
Task
.
objects
.
all
()
queryset
=
Task
.
objects
.
all
()
serializer_class
=
TaskSerializer
serializer_class
=
TaskSerializer
permission_classes
=
(
Is
SuperUser
OrAppUser
,)
permission_classes
=
(
Is
OrgAdmin
OrAppUser
,)
class
KillSessionAPI
(
APIView
):
class
KillSessionAPI
(
APIView
):
permission_classes
=
(
Is
SuperUser
OrAppUser
,)
permission_classes
=
(
Is
OrgAdmin
OrAppUser
,)
model
=
Task
model
=
Task
def
post
(
self
,
request
,
*
args
,
**
kwargs
):
def
post
(
self
,
request
,
*
args
,
**
kwargs
):
...
@@ -230,7 +230,7 @@ class CommandViewSet(viewsets.ViewSet):
...
@@ -230,7 +230,7 @@ class CommandViewSet(viewsets.ViewSet):
command_store
=
get_command_storage
()
command_store
=
get_command_storage
()
multi_command_storage
=
get_multi_command_storage
()
multi_command_storage
=
get_multi_command_storage
()
serializer_class
=
SessionCommandSerializer
serializer_class
=
SessionCommandSerializer
permission_classes
=
(
Is
SuperUser
OrAppUser
,)
permission_classes
=
(
Is
OrgAdmin
OrAppUser
,)
def
get_queryset
(
self
):
def
get_queryset
(
self
):
self
.
command_store
.
filter
(
**
dict
(
self
.
request
.
query_params
))
self
.
command_store
.
filter
(
**
dict
(
self
.
request
.
query_params
))
...
@@ -256,7 +256,7 @@ class CommandViewSet(viewsets.ViewSet):
...
@@ -256,7 +256,7 @@ class CommandViewSet(viewsets.ViewSet):
class
SessionReplayViewSet
(
viewsets
.
ViewSet
):
class
SessionReplayViewSet
(
viewsets
.
ViewSet
):
serializer_class
=
ReplaySerializer
serializer_class
=
ReplaySerializer
permission_classes
=
(
Is
SuperUser
OrAppUser
,)
permission_classes
=
(
Is
OrgAdmin
OrAppUser
,)
session
=
None
session
=
None
upload_to
=
'replay'
# 仅添加到本地存储中
upload_to
=
'replay'
# 仅添加到本地存储中
...
@@ -341,7 +341,7 @@ class SessionReplayViewSet(viewsets.ViewSet):
...
@@ -341,7 +341,7 @@ class SessionReplayViewSet(viewsets.ViewSet):
class
SessionReplayV2ViewSet
(
SessionReplayViewSet
):
class
SessionReplayV2ViewSet
(
SessionReplayViewSet
):
serializer_class
=
ReplaySerializer
serializer_class
=
ReplaySerializer
permission_classes
=
(
Is
SuperUser
OrAppUser
,)
permission_classes
=
(
Is
OrgAdmin
OrAppUser
,)
session
=
None
session
=
None
def
retrieve
(
self
,
request
,
*
args
,
**
kwargs
):
def
retrieve
(
self
,
request
,
*
args
,
**
kwargs
):
...
...
apps/terminal/hands.py
View file @
c816875f
...
@@ -2,6 +2,3 @@
...
@@ -2,6 +2,3 @@
#
#
from
users.models
import
User
from
users.models
import
User
from
users.permissions
import
IsSuperUserOrAppUser
,
IsAppUser
,
\
IsSuperUserOrAppUserOrUserReadonly
from
common.permissions
import
AdminUserRequiredMixin
\ No newline at end of file
apps/users/api.py
View file @
c816875f
...
@@ -16,12 +16,10 @@ from .serializers import UserSerializer, UserGroupSerializer, \
...
@@ -16,12 +16,10 @@ from .serializers import UserSerializer, UserGroupSerializer, \
UserUpdateGroupSerializer
,
ChangeUserPasswordSerializer
UserUpdateGroupSerializer
,
ChangeUserPasswordSerializer
from
.tasks
import
write_login_log_async
from
.tasks
import
write_login_log_async
from
.models
import
User
,
UserGroup
,
LoginLog
from
.models
import
User
,
UserGroup
,
LoginLog
from
.permissions
import
IsSuperUser
,
IsValidUser
,
IsCurrentUserOrReadOnly
,
\
IsSuperUserOrAppUser
from
.utils
import
check_user_valid
,
generate_token
,
get_login_ip
,
\
from
.utils
import
check_user_valid
,
generate_token
,
get_login_ip
,
\
check_otp_code
,
set_user_login_failed_count_to_cache
,
is_block_login
check_otp_code
,
set_user_login_failed_count_to_cache
,
is_block_login
from
orgs.utils
import
current_org
from
orgs.utils
import
current_org
from
orgs.mixins
import
OrgViewGenericMixin
from
common.permissions
import
IsOrgAdmin
,
IsCurrentUserOrReadOnly
,
IsOrgAdminOrAppUser
from
common.mixins
import
IDInFilterMixin
from
common.mixins
import
IDInFilterMixin
from
common.utils
import
get_logger
from
common.utils
import
get_logger
...
@@ -32,7 +30,7 @@ logger = get_logger(__name__)
...
@@ -32,7 +30,7 @@ logger = get_logger(__name__)
class
UserViewSet
(
IDInFilterMixin
,
BulkModelViewSet
):
class
UserViewSet
(
IDInFilterMixin
,
BulkModelViewSet
):
queryset
=
User
.
objects
.
exclude
(
role
=
"App"
)
queryset
=
User
.
objects
.
exclude
(
role
=
"App"
)
serializer_class
=
UserSerializer
serializer_class
=
UserSerializer
permission_classes
=
(
Is
SuperUser
,)
permission_classes
=
(
Is
OrgAdmin
,)
filter_fields
=
(
'username'
,
'email'
,
'name'
,
'id'
)
filter_fields
=
(
'username'
,
'email'
,
'name'
,
'id'
)
def
get_queryset
(
self
):
def
get_queryset
(
self
):
...
@@ -43,12 +41,12 @@ class UserViewSet(IDInFilterMixin, BulkModelViewSet):
...
@@ -43,12 +41,12 @@ class UserViewSet(IDInFilterMixin, BulkModelViewSet):
def
get_permissions
(
self
):
def
get_permissions
(
self
):
if
self
.
action
==
"retrieve"
:
if
self
.
action
==
"retrieve"
:
self
.
permission_classes
=
(
Is
SuperUser
OrAppUser
,)
self
.
permission_classes
=
(
Is
OrgAdmin
OrAppUser
,)
return
super
()
.
get_permissions
()
return
super
()
.
get_permissions
()
class
ChangeUserPasswordApi
(
generics
.
RetrieveUpdateAPIView
):
class
ChangeUserPasswordApi
(
generics
.
RetrieveUpdateAPIView
):
permission_classes
=
(
Is
SuperUser
,)
permission_classes
=
(
Is
OrgAdmin
,)
queryset
=
User
.
objects
.
all
()
queryset
=
User
.
objects
.
all
()
serializer_class
=
ChangeUserPasswordSerializer
serializer_class
=
ChangeUserPasswordSerializer
...
@@ -61,7 +59,7 @@ class ChangeUserPasswordApi(generics.RetrieveUpdateAPIView):
...
@@ -61,7 +59,7 @@ class ChangeUserPasswordApi(generics.RetrieveUpdateAPIView):
class
UserUpdateGroupApi
(
generics
.
RetrieveUpdateAPIView
):
class
UserUpdateGroupApi
(
generics
.
RetrieveUpdateAPIView
):
queryset
=
User
.
objects
.
all
()
queryset
=
User
.
objects
.
all
()
serializer_class
=
UserUpdateGroupSerializer
serializer_class
=
UserUpdateGroupSerializer
permission_classes
=
(
Is
SuperUser
,)
permission_classes
=
(
Is
OrgAdmin
,)
class
UserResetPasswordApi
(
generics
.
UpdateAPIView
):
class
UserResetPasswordApi
(
generics
.
UpdateAPIView
):
...
@@ -106,13 +104,13 @@ class UserUpdatePKApi(generics.UpdateAPIView):
...
@@ -106,13 +104,13 @@ class UserUpdatePKApi(generics.UpdateAPIView):
class
UserGroupViewSet
(
BulkModelViewSet
):
class
UserGroupViewSet
(
BulkModelViewSet
):
queryset
=
UserGroup
.
objects
.
all
()
queryset
=
UserGroup
.
objects
.
all
()
serializer_class
=
UserGroupSerializer
serializer_class
=
UserGroupSerializer
permission_classes
=
(
Is
SuperUser
,)
permission_classes
=
(
Is
OrgAdmin
,)
class
UserGroupUpdateUserApi
(
generics
.
RetrieveUpdateAPIView
):
class
UserGroupUpdateUserApi
(
generics
.
RetrieveUpdateAPIView
):
queryset
=
UserGroup
.
objects
.
all
()
queryset
=
UserGroup
.
objects
.
all
()
serializer_class
=
UserGroupUpdateMemeberSerializer
serializer_class
=
UserGroupUpdateMemeberSerializer
permission_classes
=
(
Is
SuperUser
,)
permission_classes
=
(
Is
OrgAdmin
,)
class
UserToken
(
APIView
):
class
UserToken
(
APIView
):
...
@@ -288,7 +286,7 @@ class UserAuthApi(APIView):
...
@@ -288,7 +286,7 @@ class UserAuthApi(APIView):
class
UserConnectionTokenApi
(
APIView
):
class
UserConnectionTokenApi
(
APIView
):
permission_classes
=
(
Is
SuperUser
OrAppUser
,)
permission_classes
=
(
Is
OrgAdmin
OrAppUser
,)
def
post
(
self
,
request
):
def
post
(
self
,
request
):
user_id
=
request
.
data
.
get
(
'user'
,
''
)
user_id
=
request
.
data
.
get
(
'user'
,
''
)
...
...
apps/users/permissions.py
deleted
100644 → 0
View file @
2208d6d5
#!/usr/bin/env python
# -*- coding: utf-8 -*-
from
rest_framework
import
permissions
class
IsValidUser
(
permissions
.
IsAuthenticated
,
permissions
.
BasePermission
):
"""Allows access to valid user, is active and not expired"""
def
has_permission
(
self
,
request
,
view
):
return
super
(
IsValidUser
,
self
)
.
has_permission
(
request
,
view
)
\
and
request
.
user
.
is_valid
class
IsAppUser
(
IsValidUser
):
"""Allows access only to app user """
def
has_permission
(
self
,
request
,
view
):
return
super
(
IsAppUser
,
self
)
.
has_permission
(
request
,
view
)
\
and
request
.
user
.
is_app
class
IsSuperUser
(
IsValidUser
):
"""Allows access only to superuser"""
def
has_permission
(
self
,
request
,
view
):
return
super
(
IsSuperUser
,
self
)
.
has_permission
(
request
,
view
)
\
and
request
.
user
.
is_superuser
class
IsSuperUserOrAppUser
(
IsValidUser
):
"""Allows access between superuser and app user"""
def
has_permission
(
self
,
request
,
view
):
return
super
(
IsSuperUserOrAppUser
,
self
)
.
has_permission
(
request
,
view
)
\
and
(
request
.
user
.
is_superuser
or
request
.
user
.
is_app
)
class
IsSuperUserOrAppUserOrUserReadonly
(
IsSuperUserOrAppUser
):
def
has_permission
(
self
,
request
,
view
):
if
IsValidUser
.
has_permission
(
self
,
request
,
view
)
\
and
request
.
method
in
permissions
.
SAFE_METHODS
:
return
True
else
:
return
IsSuperUserOrAppUser
.
has_permission
(
self
,
request
,
view
)
class
IsCurrentUserOrReadOnly
(
permissions
.
BasePermission
):
def
has_object_permission
(
self
,
request
,
view
,
obj
):
if
request
.
method
in
permissions
.
SAFE_METHODS
:
return
True
return
obj
==
request
.
user
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment