Merge pull request #3054 from jumpserver/dev

获取子节点资产时 使用 in

.dockerignore

@@ -4,4 +4,6 @@ data/*
 .github
 tmp/*
 django.db
-celerybeat.pid
\ No newline at end of file
+celerybeat.pid
+### Vagrant ###
+.vagrant/
\ No newline at end of file

.gitignore

@@ -34,3 +34,5 @@ data/static
 docs/_build/
 xpack
 logs/*
+### Vagrant ###
+.vagrant/
\ No newline at end of file

Vagrantfile

+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+Vagrant.configure("2") do |config|
+  # The most common configuration options are documented and commented below.
+  # For a complete reference, please see the online documentation at
+  # https://docs.vagrantup.com.
+
+  # Every Vagrant development environment requires a box. You can search for
+  # boxes at https://vagrantcloud.com/search.
+  config.vm.box_check_update = false
+  config.vm.box = "centos/7"
+  config.vm.hostname = "jumpserver"
+  config.vm.network "private_network", ip: "172.17.8.101"
+  config.vm.provider "virtualbox" do |vb|
+    vb.memory = "4096"
+    vb.cpus = 2
+    vb.name = "jumpserver"
+  end
+
+  config.vm.synced_folder ".", "/vagrant", type: "rsync",
+    rsync__verbose: true,
+    rsync__exclude: ['.git*', 'node_modules*','*.log','*.box','Vagrantfile']
+
+  config.vm.provision "shell", inline: <<-SHELL
+## 设置yum的阿里云源
+sudo curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
+sudo sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo
+sudo curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
+sudo yum makecache
+
+## 安装依赖包
+sudo yum install -y python36 python36-devel python36-pip \
+		 libtiff-devel libjpeg-devel libzip-devel freetype-devel \
+     lcms2-devel libwebp-devel tcl-devel tk-devel sshpass \
+     openldap-devel mariadb-devel mysql-devel libffi-devel \
+     openssh-clients telnet openldap-clients gcc
+
+## 配置pip阿里云源
+mkdir /home/vagrant/.pip
+cat << EOF | sudo tee -a /home/vagrant/.pip/pip.conf
+[global]
+timeout = 6000
+index-url = https://mirrors.aliyun.com/pypi/simple/
+
+[install]
+use-mirrors = true
+mirrors = https://mirrors.aliyun.com/pypi/simple/
+trusted-host=mirrors.aliyun.com
+EOF
+
+python3.6 -m venv /home/vagrant/venv
+source /home/vagrant/venv/bin/activate
+echo 'source /home/vagrant/venv/bin/activate' >> /home/vagrant/.bash_profile
+  SHELL
+end

apps/assets/api/asset_user.py

@@ -81,7 +81,7 @@ class AssetUserViewSet(IDInCacheFilterMixin, BulkModelViewSet):
         manager = AssetUserManager()
         if system_user_id:
             system_user = get_object_or_404(SystemUser, id=system_user_id)
-            assets = system_user.assets.all()
+            assets = system_user.get_all_assets()
             username = system_user.username
         elif admin_user_id:
             admin_user = get_object_or_404(AdminUser, id=admin_user_id)

apps/assets/models/asset.py

@@ -12,7 +12,6 @@ from django.core.cache import cache
 from django.db import models
 from django.utils.translation import ugettext_lazy as _
 
-from .user import AdminUser, SystemUser
 from .utils import Connectivity
 from orgs.mixins import OrgModelMixin, OrgManager
 
@@ -320,6 +319,7 @@ class Asset(ProtocolsMixin, NodesRelationMixin, OrgModelMixin):
 
     @classmethod
     def generate_fake(cls, count=100):
+        from .user import AdminUser, SystemUser
         from random import seed, choice
         from django.db import IntegrityError
         from .node import Node

apps/assets/models/user.py

@@ -4,12 +4,15 @@
 
 import logging
 
+from functools import reduce
 from django.db import models
+from django.db.models import Q
 from django.utils.translation import ugettext_lazy as _
 from django.core.validators import MinValueValidator, MaxValueValidator
 
 from common.utils import get_signer
 from .base import AssetUser
+from .asset import Asset
 
 
 __all__ = ['AdminUser', 'SystemUser']
@@ -144,6 +147,19 @@ class SystemUser(AssetUser):
                 return False, matched_cmd
         return True, None
 
+    def get_all_assets(self):
+        args = [Q(systemuser=self)]
+        pattern = set()
+        nodes_keys = self.nodes.all().values_list('key', flat=True)
+        for key in nodes_keys:
+            pattern.add(r'^{0}$|^{0}:'.format(key))
+        pattern = '|'.join(list(pattern))
+        if pattern:
+            args.append(Q(nodes__key__regex=pattern))
+        args = reduce(lambda x, y: x | y, args)
+        assets = Asset.objects.filter(args).distinct()
+        return assets
+
     class Meta:
         ordering = ['name']
         unique_together = [('name', 'org_id')]

apps/assets/signals_handler.py

@@ -57,16 +57,16 @@ def on_system_user_update(sender, instance=None, created=True, **kwargs):
         push_system_user_to_assets.delay(instance, assets)
 
 
-@receiver(m2m_changed, sender=SystemUser.nodes.through)
-def on_system_user_nodes_change(sender, instance=None, **kwargs):
-    if instance and kwargs["action"] == "post_add":
-        logger.info("System user `{}` nodes update signal received".format(instance))
-        assets = set()
-        nodes = kwargs['model'].objects.filter(pk__in=kwargs['pk_set'])
-        for node in nodes:
-            assets.update(set(node.get_all_assets()))
-        instance.assets.add(*tuple(assets))
-
+# @receiver(m2m_changed, sender=SystemUser.nodes.through)
+# def on_system_user_nodes_change(sender, instance=None, **kwargs):
+#     if instance and kwargs["action"] == "post_add":
+#         logger.info("System user `{}` nodes update signal received".format(instance))
+#         assets = set()
+#         nodes = kwargs['model'].objects.filter(pk__in=kwargs['pk_set'])
+#         for node in nodes:
+#             assets.update(set(node.get_all_assets()))
+#         instance.assets.add(*tuple(assets))
+#
 
 @receiver(m2m_changed, sender=SystemUser.assets.through)
 def on_system_user_assets_change(sender, instance=None, **kwargs):

apps/assets/tasks.py

@@ -347,7 +347,7 @@ def test_system_user_connectivity_util(system_user, assets, task_name):
 @shared_task
 def test_system_user_connectivity_manual(system_user):
     task_name = _("Test system user connectivity: {}").format(system_user)
-    assets = system_user.get_related_assets()
+    assets = system_user.get_all_assets()
     return test_system_user_connectivity_util(system_user, assets, task_name)
 
 
@@ -367,17 +367,43 @@ def test_system_user_connectivity_period():
     system_users = SystemUser.objects.all()
     for system_user in system_users:
         task_name = _("Test system user connectivity period: {}").format(system_user)
-        assets = system_user.get_related_assets()
+        assets = system_user.get_all_assets()
         test_system_user_connectivity_util(system_user, assets, task_name)
 
 
 ####  Push system user tasks ####
 
 def get_push_linux_system_user_tasks(system_user):
-    tasks = []
+    tasks = [
+        {
+            'name': 'Add user {}'.format(system_user.username),
+            'action': {
+                'module': 'user',
+                'args': 'name={} shell={} state=present'.format(
+                    system_user.username, system_user.shell,
+                ),
+            }
+        },
+        {
+            'name': 'Check home dir exists',
+            'action': {
+                'module': 'stat',
+                'args': 'path=/home/{}'.format(system_user.username)
+            },
+            'register': 'home_existed'
+        },
+        {
+            'name': "Set home dir permission",
+            'action': {
+                'module': 'file',
+                'args': "path=/home/{0} owner={0} group={0} mode=700".format(system_user.username)
+            },
+            'when': 'home_existed.stat.exists == true'
+        }
+    ]
     if system_user.password:
         tasks.append({
-            'name': 'Add user {}'.format(system_user.username),
+            'name': 'Set {} password'.format(system_user.username),
             'action': {
                 'module': 'user',
                 'args': 'name={} shell={} state=present password={}'.format(
@@ -386,24 +412,6 @@ def get_push_linux_system_user_tasks(system_user):
                 ),
             }
         })
-        tasks.extend([
-            {
-                'name': 'Check home dir exists',
-                'action': {
-                    'module': 'stat',
-                    'args': 'path=/home/{}'.format(system_user.username)
-                },
-                'register': 'home_existed'
-            },
-            {
-                'name': "Set home dir permission",
-                'action': {
-                    'module': 'file',
-                    'args': "path=/home/{0} owner={0} group={0} mode=700".format(system_user.username)
-                },
-                'when': 'home_existed.stat.exists == true'
-            }
-        ])
     if system_user.public_key:
         tasks.append({
             'name': 'Set {} authorized key'.format(system_user.username),
@@ -513,7 +521,7 @@ def push_system_user_util(system_user, assets, task_name):
 
 @shared_task
 def push_system_user_to_assets_manual(system_user):
-    assets = system_user.get_related_assets()
+    assets = system_user.get_all_assets()
     task_name = _("Push system users to assets: {}").format(system_user.name)
     return push_system_user_util(system_user, assets, task_name=task_name)
 

apps/assets/utils.py

@@ -213,10 +213,10 @@ class NodeUtil:
             children.add(node)
         return list(children)
 
-    def get_children(self, node, with_self=True):
+    def get_all_children(self, node, with_self=True):
         return self.get_all_children_by_key(node.key, with_self=with_self)
 
-    def get_children_keys_by_key(self, key, with_self=True):
+    def get_all_children_keys_by_key(self, key, with_self=True):
         nodes = self.get_all_children_by_key(key, with_self=with_self)
         return [n.key for n in nodes]
 

apps/perms/templates/perms/asset_permission_list.html

@@ -174,10 +174,11 @@ function initTable() {
 				}
             }},
             {targets: 8, createdCell: function (td, cellData, rowData) {
+                var name = htmlEscape(rowData.name);
                 var update_btn = '<a href="{% url "perms:asset-permission-update" pk=DEFAULT_PK %}" class="btn btn-xs m-l-xs btn-info">{% trans "Update" %}</a>'.replace('{{ DEFAULT_PK }}', cellData);
                 var del_btn = '<a class="btn btn-xs btn-danger m-l-xs btn-del" data-uid="{{ DEFAULT_PK }}" mark=1 data-name="99991938">{% trans "Delete" %}</a>'
                     .replace('{{ DEFAULT_PK }}', cellData)
-                    .replace('99991938', rowData.name);
+                    .replace('99991938', name);
                 if (rowData.inherit) {
                     del_btn = del_btn.replace("mark", "disabled")
                 }

apps/perms/utils/asset_permission.py

@@ -449,6 +449,8 @@ class AssetPermissionUtil(AssetPermissionCacheMixin):
         self._nodes = None
         self._assets_direct = None
         self._nodes_direct = None
+        self.node_util = NodeUtil()
+        self.tree._node_util = self.node_util
 
     @staticmethod
     def change_org_if_need():
@@ -491,13 +493,14 @@ class AssetPermissionUtil(AssetPermissionCacheMixin):
 
         self.tree.add_nodes(nodes_keys)
 
-        pattern = set()
+        all_nodes_keys = set()
         for key in nodes_keys:
-            pattern.add(r'^{0}$|^{0}:'.format(key))
-        pattern = '|'.join(list(pattern))
-        if pattern:
+            children_keys = self.node_util.get_all_children_keys_by_key(key)
+            all_nodes_keys.update(set(children_keys))
+
+        if all_nodes_keys:
             assets_ids = Asset.objects.filter(
-                nodes__key__regex=pattern
+                nodes__key__in=all_nodes_keys
             ).valid().values_list("id", flat=True).distinct()
         else:
             assets_ids = []

apps/terminal/templates/terminal/terminal_list.html

@@ -69,16 +69,17 @@ function initTable() {
                 }
             }},
             {targets: 6, createdCell: function (td, cellData, rowData) {
+                var name = htmlEscape(rowData.name);
                 var update_btn = '<a href="{% url "terminal:terminal-update" pk=DEFAULT_PK %}" class="btn btn-xs btn-info">{% trans "Update" %}</a>'
                         .replace('{{ DEFAULT_PK }}', cellData);
                 var delete_btn = '<a class="btn btn-xs btn-danger m-l-xs btn-del" data-id="{{ DEFAULT_PK }}" data-name="99991938">{% trans "Delete" %}</a>'
                         .replace('{{ DEFAULT_PK }}', cellData)
-                        .replace('99991938', rowData.name);
+                        .replace('99991938', name);
                 var accept_btn = '<a class="btn btn-xs btn-primary btn-accept" data-id="{{ DEFAULT_PK }}">{% trans "Accept" %}</a> '
                         .replace('{{ DEFAULT_PK }}', cellData);
                 var reject_btn = '<a class="btn btn-xs btn-danger m-l-xs btn-del" data-id="{{ DEFAULT_PK }}" data-name="99991938">{% trans "Reject" %}</a>'
                         .replace('{{ DEFAULT_PK }}', cellData)
-                        .replace('99991938', rowData.name);
+                        .replace('99991938', name);
                 if (rowData.is_accepted) {
                     $(td).html(update_btn + delete_btn);
                 } else {

apps/users/models/user.py

@@ -111,7 +111,7 @@ class AuthMixin:
 
     @property
     def password_will_expired(self):
-        if self.is_local and self.password_expired_remain_days < 5:
+        if self.is_local and 0 <= self.password_expired_remain_days < 5:
             return True
         return False
 

apps/users/tasks.py

@@ -20,13 +20,13 @@ logger = get_logger(__file__)
 def check_password_expired():
     users = User.objects.exclude(role=User.ROLE_APP)
     for user in users:
+        if not user.is_valid:
+            continue
         if not user.password_will_expired:
             continue
-
         send_password_expiration_reminder_mail(user)
-        logger.info("The user {} password expires in {} days".format(
-            user, user.password_expired_remain_days)
-        )
+        msg = "The user {} password expires in {} days"
+        logger.info(msg.format(user, user.password_expired_remain_days))
 
 
 @shared_task

apps/users/templates/users/_granted_assets.html

@@ -156,7 +156,7 @@ function loadLabels() {
 }
 
 $(document).ready(function () {
-    loadLabels()
+    {#loadLabels()#}
 }).on('click', '.labels-menu li', function () {
     var val = $(this).text();
     $("#user_assets_table_filter input").val(val);

apps/users/templates/users/user_group_list.html

@@ -67,11 +67,12 @@ function initTable() {
                 $(td).html('<span href="javascript:void(0);" data-toggle="tooltip" title="' + cellData + '">' + innerHtml + '</span>');
              }},
             {targets: 4, createdCell: function (td, cellData, rowData) {
+                var name = htmlEscape(rowData.name);
                 var update_btn = '<a href="{% url "users:user-group-update" pk=DEFAULT_PK %}" class="btn btn-xs btn-info">{% trans "Update" %}</a>'
                         .replace('{{ DEFAULT_PK }}', cellData);
                 var del_btn = '<a class="btn btn-xs btn-danger m-l-xs btn_delete_user_group" data-gid="{{ DEFAULT_PK }}" data-name="99991938">{% trans "Delete" %}</a>'
                         .replace('{{ DEFAULT_PK }}', cellData)
-                        .replace('99991938', rowData.name);
+                        .replace('99991938', name);
                 if (rowData.id === 1) {
                     $(td).html(update_btn)
                 } else {

apps/users/templates/users/user_list.html

@@ -97,6 +97,7 @@ function initTable() {
                 }
              }},
             {targets: 7, createdCell: function (td, cellData, rowData) {
+                var name = htmlEscape(rowData.name);
                 var update_btn = "";
                 if (rowData.role === 'Admin' && ('{{ request.user.role }}' !== 'Admin')) {
                     update_btn = '<a class="btn btn-xs disabled btn-info">{% trans "Update" %}</a>';
@@ -109,11 +110,11 @@ function initTable() {
                 if (rowData.id === 1 || rowData.username === "admin" || rowData.username === "{{ request.user.username }}" || (rowData.role === 'Admin' && ('{{ request.user.role }}' !== 'Admin'))) {
                     del_btn = '<a class="btn btn-xs btn-danger m-l-xs" disabled>{% trans "Delete" %}</a>'
                             .replace('{{ DEFAULT_PK }}', cellData)
-                            .replace('99991938', rowData.name);
+                            .replace('99991938', name);
                 } else {
                     del_btn = '<a class="btn btn-xs btn-danger m-l-xs btn_user_delete" data-uid="{{ DEFAULT_PK }}" data-name="99991938">{% trans "Delete" %}</a>'
                             .replace('{{ DEFAULT_PK }}', cellData)
-                            .replace('99991938', rowData.name);
+                            .replace('99991938', name);
                 }
                 $(td).html(update_btn + del_btn)
              }}],

jms

@@ -81,7 +81,7 @@ def make_migrations():
 def collect_static():
     print("Collect static files")
     os.chdir(os.path.join(BASE_DIR, 'apps'))
-    subprocess.call('python3 manage.py collectstatic --no-input', shell=True)
+    subprocess.call('python3 manage.py collectstatic --no-input -c &> /dev/null && echo "Collect static file done"', shell=True)
 
 
 def prepare():