Merge pull request #1274 from jumpserver/dev

Merge with dev

apps/assets/models/asset.py

@@ -4,7 +4,6 @@
 
 import uuid
 import logging
-import random
 
 from django.db import models
 from django.utils.translation import ugettext_lazy as _
@@ -35,6 +34,19 @@ def default_node():
         return None
 
 
+class AssetQuerySet(models.QuerySet):
+    def active(self):
+        return self.filter(is_active=True)
+
+    def valid(self):
+        return self.active()
+
+
+class AssetManager(models.Manager):
+    def get_queryset(self):
+        return AssetQuerySet(self.model, using=self._db)
+
+
 class Asset(models.Model):
     # Important
     PLATFORM_CHOICES = (
@@ -83,6 +95,8 @@ class Asset(models.Model):
     date_created = models.DateTimeField(auto_now_add=True, null=True, blank=True, verbose_name=_('Date created'))
     comment = models.TextField(max_length=128, default='', blank=True, verbose_name=_('Comment'))
 
+    objects = AssetManager()
+
     def __str__(self):
         return '{0.hostname}({0.ip})'.format(self)
 

apps/assets/models/base.py

@@ -10,6 +10,7 @@ from django.utils.translation import ugettext_lazy as _
 from django.conf import settings
 
 from common.utils import get_signer, ssh_key_string_to_obj, ssh_key_gen
+from common.validators import alphanumeric
 from .utils import private_key_validator
 
 signer = get_signer()
@@ -18,7 +19,7 @@ signer = get_signer()
 class AssetUser(models.Model):
     id = models.UUIDField(default=uuid.uuid4, primary_key=True)
     name = models.CharField(max_length=128, unique=True, verbose_name=_('Name'))
-    username = models.CharField(max_length=128, verbose_name=_('Username'))
+    username = models.CharField(max_length=32, verbose_name=_('Username'), validators=[alphanumeric])
     _password = models.CharField(max_length=256, blank=True, null=True, verbose_name=_('Password'))
     _private_key = models.TextField(max_length=4096, blank=True, null=True, verbose_name=_('SSH private key'), validators=[private_key_validator, ])
     _public_key = models.TextField(max_length=4096, blank=True, verbose_name=_('SSH public key'))

apps/assets/models/node.py

@@ -63,8 +63,8 @@ class Node(models.Model):
         assets = Asset.objects.filter(nodes__id=self.id)
         return assets
 
-    def get_active_assets(self):
-        return self.get_assets().filter(is_active=True)
+    def get_valid_assets(self):
+        return self.get_assets().valid()
 
     def get_all_assets(self):
         from .asset import Asset
@@ -78,8 +78,8 @@ class Node(models.Model):
     def has_assets(self):
         return self.get_all_assets()
 
-    def get_all_active_assets(self):
-        return self.get_all_assets().filter(is_active=True)
+    def get_all_valid_assets(self):
+        return self.get_all_assets().valid()
 
     def is_root(self):
         return self.key == '0'

apps/common/validators.py

+# -*- coding: utf-8 -*-
+#
+from django.core.validators import RegexValidator
+from django.utils.translation import ugettext_lazy as _
+
+
+alphanumeric = RegexValidator(r'^[0-9a-zA-Z_-]*$', _('Special char not allowed'))
\ No newline at end of file

apps/perms/models.py

@@ -7,13 +7,23 @@ from django.utils import timezone
 from common.utils import date_expired_default, set_or_append_attr_bulk
 
 
-class ValidManager(models.Manager):
-    def get_queryset(self):
-        return super().get_queryset().filter(is_active=True) \
-            .filter(date_start__lt=timezone.now())\
+class AssetPermissionQuerySet(models.QuerySet):
+    def active(self):
+        return self.filter(is_active=True)
+
+    def valid(self):
+        return self.active().filter(date_start__lt=timezone.now())\
             .filter(date_expired__gt=timezone.now())
 
 
+class AssetPermissionManager(models.Manager):
+    def get_queryset(self):
+        return AssetPermissionQuerySet(self.model, using=self._db)
+
+    def valid(self):
+        return self.get_queryset().valid()
+
+
 class AssetPermission(models.Model):
     id = models.UUIDField(default=uuid.uuid4, primary_key=True)
     name = models.CharField(max_length=128, unique=True, verbose_name=_('Name'))
@@ -29,8 +39,7 @@ class AssetPermission(models.Model):
     date_created = models.DateTimeField(auto_now_add=True, verbose_name=_('Date created'))
     comment = models.TextField(verbose_name=_('Comment'), blank=True)
 
-    objects = models.Manager()
-    valid = ValidManager()
+    objects = AssetPermissionManager()
 
     def __str__(self):
         return self.name

apps/perms/templates/perms/asset_permission_create_update.html

@@ -50,7 +50,7 @@
                                 </div>
                             </div>
                             <div class="form-group {% if form.date_expired.errors or form.date_start.errors %} has-error {% endif %}" id="date_5">
-                                <label for="{{ form.date_expired.id_for_label }}" class="col-sm-2 control-label">{{ form.date_expired.label }}</label>
+                                <label for="{{ form.date_expired.id_for_label }}" class="col-sm-2 control-label">{% trans 'Validity period' %}</label>
                                 <div class="col-sm-9">
                                     <div class="input-daterange input-group" id="datepicker">
                                         <span class="input-group-addon"><i class="fa fa-calendar"></i></span>

apps/perms/utils.py

@@ -16,23 +16,23 @@ class AssetPermissionUtil:
 
     @staticmethod
     def get_user_permissions(user):
-        return AssetPermission.valid.all().filter(users=user)
+        return AssetPermission.objects.all().valid().filter(users=user)
 
     @staticmethod
     def get_user_group_permissions(user_group):
-        return AssetPermission.valid.all().filter(user_groups=user_group)
+        return AssetPermission.objects.all().valid().filter(user_groups=user_group)
 
     @staticmethod
     def get_asset_permissions(asset):
-        return AssetPermission.valid.all().filter(assets=asset)
+        return AssetPermission.objects.all().valid().filter(assets=asset)
 
     @staticmethod
     def get_node_permissions(node):
-        return AssetPermission.valid.all().filter(nodes=node)
+        return AssetPermission.objects.all().valid().filter(nodes=node)
 
     @staticmethod
     def get_system_user_permissions(system_user):
-        return AssetPermission.objects.all().filter(system_users=system_user)
+        return AssetPermission.objects.valid().all().filter(system_users=system_user)
 
     @classmethod
     def get_user_group_nodes(cls, group):
@@ -51,7 +51,7 @@ class AssetPermissionUtil:
         assets = defaultdict(set)
         permissions = cls.get_user_group_permissions(group)
         for perm in permissions:
-            _assets = perm.assets.all()
+            _assets = perm.assets.all().valid()
             _system_users = perm.system_users.all()
             set_or_append_attr_bulk(_assets, 'permission', perm.id)
             for asset in _assets:
@@ -63,7 +63,7 @@ class AssetPermissionUtil:
         assets = defaultdict(set)
         nodes = cls.get_user_group_nodes(group)
         for node, _system_users in nodes.items():
-            _assets = node.get_all_assets()
+            _assets = node.get_all_valid_assets()
             set_or_append_attr_bulk(_assets, 'inherit_node', node.id)
             set_or_append_attr_bulk(_assets, 'permission', getattr(node, 'permission', None))
             for asset in _assets:
@@ -103,7 +103,7 @@ class AssetPermissionUtil:
         assets = defaultdict(set)
         permissions = list(cls.get_user_permissions(user))
         for perm in permissions:
-            _assets = perm.assets.all()
+            _assets = perm.assets.all().valid()
             _system_users = perm.system_users.all()
             set_or_append_attr_bulk(_assets, 'permission', perm.id)
             for asset in _assets:
@@ -127,7 +127,7 @@ class AssetPermissionUtil:
         assets = defaultdict(set)
         nodes = cls.get_user_nodes_direct(user)
         for node, _system_users in nodes.items():
-            _assets = node.get_all_assets()
+            _assets = node.get_all_valid_assets()
             set_or_append_attr_bulk(_assets, 'inherit_node', node.id)
             set_or_append_attr_bulk(_assets, 'permission', getattr(node, 'permission', None))
             for asset in _assets:
@@ -180,10 +180,10 @@ class AssetPermissionUtil:
         assets = set()
         permissions = cls.get_system_user_permissions(system_user)
         for perm in permissions:
-            assets.update(set(perm.assets.all()))
+            assets.update(set(perm.assets.all().valid()))
             nodes = perm.nodes.all()
             for node in nodes:
-                assets.update(set(node.get_all_assets()))
+                assets.update(set(node.get_all_valid_assets()))
         return assets
 
     @classmethod
@@ -243,7 +243,7 @@ class NodePermissionUtil:
         nodes_with_assets = dict()
         for node, system_users in nodes.items():
             nodes_with_assets[node] = {
-                'assets': node.get_active_assets(),
+                'assets': node.get_valid_assets(),
                 'system_users': system_users
             }
         return nodes_with_assets
@@ -274,7 +274,7 @@ class NodePermissionUtil:
         nodes_with_assets = dict()
         for node, system_users in nodes.items():
             nodes_with_assets[node] = {
-                'assets': node.get_active_assets(),
+                'assets': node.get_valid_assets(),
                 'system_users': system_users
             }
         return nodes_with_assets

utils/upgrade.sh

 #!/bin/bash
 
-if [ ! -d "/opt/py3" ]; then
-echo -e "\033[31m python3虚拟环境不是默认路径 \033[0m"
-ps -ef | grep jumpserver/tmp/beat.pid | grep -v grep
-if [ $? -ne 0 ]
-then
-echo -e "\033[31m jumpserver未运行，请到jumpserver目录使用 ./jms start all -d 启动 \033[0m"
-exit 0
-else 
-echo -e "\033[31m 正在计算python3虚拟环境路径 \033[0m"
-fi
-py3pid=`ps -ef | grep jumpserver/tmp/beat.pid | grep -v grep | awk '{print $2}'`
-py3file=`cat /proc/$py3pid/cmdline`
-py3even=`echo ${py3file%/bin/python3*}`
-echo -e "\033[31m python3虚拟环境路径为$py3even \033[0m"
-source $py3even/bin/activate
+if grep -q 'source ~/.autoenv/activate.sh' ~/.bashrc; then
+    echo -e "\033[31m 正在自动载入 python 环境 \033[0m"
 else
-source /opt/py3/bin/activate
+    echo -e "\033[31m 不支持自动升级，请参考 http://docs.jumpserver.org/zh/docs/upgrade.html 手动升级 \033[0m"
+    exit 0
 fi
 
+source ~/.bashrc
+
 cd `dirname $0`/ && cd .. && ./jms stop
 
 jumpserver_backup=/tmp/jumpserver_backup$(date -d "today" +"%Y%m%d_%H%M%S")
@@ -29,21 +19,20 @@ echo -e "\033[31m 是否需要备份Jumpserver数据库 \033[0m"
 stty erase ^H
 read -p "确认备份请按Y，否则按其他键跳过备份 " a
 if [ "$a" == y -o "$a" == Y ];then
-echo -e "\033[31m 正在备份数据库 \033[0m"
-echo -e "\033[31m 请手动输入数据库信息 \033[0m"
-read -p '请输入Jumpserver数据库ip:' DB_HOST
-read -p '请输入Jumpserver数据库端口:' DB_PORT
-read -p '请输入Jumpserver数据库名称:' DB_NAME
-read -p '请输入有权限导出数据库的用户:' DB_USER
-read -p '请输入该用户的密码:' DB_PASSWORD
-mysqldump -h$DB_HOST -P$DB_PORT -u$DB_USER -p$DB_PASSWORD $DB_NAME > /$jumpserver_backup/$DB_NAME$(date -d "today" +"%Y%m%d_%H%M%S").sql || {
-echo -e "\033[31m 备份数据库失败，请检查输入是否有误 \033[0m"
-exit 1
-}
-echo -e "\033[31m 备份数据库完成 \033[0m"
-
+    echo -e "\033[31m 正在备份数据库 \033[0m"
+    echo -e "\033[31m 请手动输入数据库信息 \033[0m"
+    read -p '请输入Jumpserver数据库ip:' DB_HOST
+    read -p '请输入Jumpserver数据库端口:' DB_PORT
+    read -p '请输入Jumpserver数据库名称:' DB_NAME
+    read -p '请输入有权限导出数据库的用户:' DB_USER
+    read -p '请输入该用户的密码:' DB_PASSWORD
+    mysqldump -h$DB_HOST -P$DB_PORT -u$DB_USER -p$DB_PASSWORD $DB_NAME > /$jumpserver_backup/$DB_NAME$(date -d "today" +"%Y%m%d_%H%M%S").sql || {
+        echo -e "\033[31m 备份数据库失败，请检查输入是否有误 \033[0m"
+        exit 1
+    }
+    echo -e "\033[31m 备份数据库完成 \033[0m"
 else
-echo -e "\033[31m 已取消备份数据库操作 \033[0m"
+    echo -e "\033[31m 已取消备份数据库操作 \033[0m"
 fi
 
 git pull && pip install -r requirements/requirements.txt && cd utils && sh make_migrations.sh