Merge pull request #3094 from jumpserver/dev

Dev

README.md

 ## Jumpserver 多云环境下更好用的堡垒机
 
+![Total visitor](https://visitor-count-badge.herokuapp.com/total.svg?repo_id=jumpserver)
+![Visitors in today](https://visitor-count-badge.herokuapp.com/today.svg?repo_id=jumpserver)
 [![Python3](https://img.shields.io/badge/python-3.6-green.svg?style=plastic)](https://www.python.org/)
 [![Django](https://img.shields.io/badge/django-2.1-brightgreen.svg?style=plastic)](https://www.djangoproject.com/)
 [![Ansible](https://img.shields.io/badge/ansible-2.4.2.0-blue.svg?style=plastic)](https://www.ansible.com/)

README_EN.md

 ## Jumpserver 
 
+![Total visitor](https://visitor-count-badge.herokuapp.com/total.svg?repo_id=jumpserver)
+![Visitors in today](https://visitor-count-badge.herokuapp.com/today.svg?repo_id=jumpserver)
 [![Python3](https://img.shields.io/badge/python-3.6-green.svg?style=plastic)](https://www.python.org/)
 [![Django](https://img.shields.io/badge/django-2.1-brightgreen.svg?style=plastic)](https://www.djangoproject.com/)
 [![Ansible](https://img.shields.io/badge/ansible-2.4.2.0-blue.svg?style=plastic)](https://www.ansible.com/)

apps/authentication/utils.py

@@ -7,7 +7,7 @@ from common.utils import get_ip_city, validate_ip
 def write_login_log(*args, **kwargs):
     from audits.models import UserLoginLog
     default_city = _("Unknown")
-    ip = kwargs.get('ip', '')
+    ip = kwargs.get('ip') or ''
     if not (ip and validate_ip(ip)):
         ip = ip[:15]
         city = default_city

apps/jumpserver/conf.py

@@ -379,6 +379,7 @@ defaults = {
     'ASSETS_PERM_CACHE_TIME': 3600*24,
     'SECURITY_MFA_VERIFY_TTL': 3600,
     'ASSETS_PERM_CACHE_ENABLE': False,
+    'PERM_SINGLE_ASSET_TO_UNGROUP_NODE': False,
 }
 
 

apps/jumpserver/settings.py

@@ -615,3 +615,5 @@ ASSETS_PERM_CACHE_TIME = CONFIG.ASSETS_PERM_CACHE_TIME
 
 # Asset user auth external backend, default AuthBook backend
 BACKEND_ASSET_USER_AUTH_VAULT = False
+
+PERM_SINGLE_ASSET_TO_UNGROUP_NODE = CONFIG.PERM_SINGLE_ASSET_TO_UNGROUP_NODE

apps/perms/utils/asset_permission.py

@@ -180,6 +180,19 @@ class GenerateTree:
             assets.append({"id": asset_id, "system_users": system_users})
         return assets
 
+    def set_ungrouped_assets_nodes_if_need(self):
+        if settings.PERM_SINGLE_ASSET_TO_UNGROUP_NODE:
+            return
+        ungrouped_assets_ids = self.nodes[self.ungrouped_key]["assets"]
+        for asset_id in ungrouped_assets_ids:
+            in_nodes = self.all_assets_nodes_keys.get(asset_id, [])
+            for node_key in in_nodes:
+                parents_keys = self.node_util.get_nodes_parents_keys_by_key(node_key, with_self=False)
+                for parent_key in parents_keys:
+                    n = self.nodes[parent_key]
+                self.nodes[node_key]["assets"].add(asset_id)
+        self.nodes.pop(self.ungrouped_key, None)
+
     @timeit
     def get_nodes_with_assets(self):
         """
@@ -198,6 +211,7 @@ class GenerateTree:
         """
         if self._nodes_with_assets:
             return self._nodes_with_assets
+        self.set_ungrouped_assets_nodes_if_need()
         util = PermAssetsAmountUtil()
         nodes_with_assets_amount = util.compute_nodes_assets_amount(self.nodes)
         nodes = []
@@ -219,6 +233,7 @@ class GenerateTree:
         return nodes
 
     def get_nodes(self):
+        self.set_ungrouped_assets_nodes_if_need()
         nodes = list(self.nodes.keys())
         if not nodes:
             nodes.append(const.EMPTY_NODE_KEY)

config_example.yml

@@ -76,3 +76,7 @@ REDIS_PORT: 6379
 # OTP/MFA 配置
 # OTP_VALID_WINDOW: 0
 # OTP_ISSUER_NAME: Jumpserver
+
+# Perm show single asset to ungrouped node
+# 是否把未授权节点资产放入到 未分组 节点中
+# PERM_SINGLE_ASSET_TO_UNGROUP_NODE: false