Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
gjl2004yn
jumpserver
提交
ebecd005
J
jumpserver
项目概览
gjl2004yn
/
jumpserver
与 Fork 源项目一致
从无法访问的项目Fork
通知
2
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
J
jumpserver
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
ebecd005
编写于
10月 16, 2018
作者:
baltery
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
[Update] 修改优先级逻辑
上级
143fa060
变更
9
展开全部
显示空白变更内容
内联
并排
Showing
9 changed file
with
170 addition
and
166 deletion
+170
-166
apps/assets/api/cmd_filter.py
apps/assets/api/cmd_filter.py
+2
-2
apps/assets/forms/user.py
apps/assets/forms/user.py
+1
-1
apps/assets/models/cmd_filter.py
apps/assets/models/cmd_filter.py
+2
-2
apps/assets/models/user.py
apps/assets/models/user.py
+4
-2
apps/assets/templates/assets/asset_detail.html
apps/assets/templates/assets/asset_detail.html
+4
-0
apps/assets/templates/assets/cmd_filter_list.html
apps/assets/templates/assets/cmd_filter_list.html
+1
-1
apps/locale/zh/LC_MESSAGES/django.mo
apps/locale/zh/LC_MESSAGES/django.mo
+0
-0
apps/locale/zh/LC_MESSAGES/django.po
apps/locale/zh/LC_MESSAGES/django.po
+155
-157
apps/perms/api.py
apps/perms/api.py
+1
-1
未找到文件。
apps/assets/api/cmd_filter.py
浏览文件 @
ebecd005
...
...
@@ -26,7 +26,7 @@ class CommandFilterRuleViewSet(BulkModelViewSet):
fpk
=
self
.
kwargs
.
get
(
'filter_pk'
)
if
not
fpk
:
return
CommandFilterRule
.
objects
.
none
()
group
=
get_object_or_404
(
CommandFilter
,
pk
=
fpk
)
return
group
.
rules
.
all
().
order_by
(
'priority'
)
cmd_filter
=
get_object_or_404
(
CommandFilter
,
pk
=
fpk
)
return
cmd_filter
.
rules
.
all
(
)
apps/assets/forms/user.py
浏览文件 @
ebecd005
...
...
@@ -150,7 +150,7 @@ class SystemUserForm(OrgModelForm, PasswordAndKeyAuthForm):
'name'
:
'* required'
,
'username'
:
'* required'
,
'auto_push'
:
_
(
'Auto push system user to asset'
),
'priority'
:
_
(
'High level will be using login asset as default, '
'priority'
:
_
(
'
1-100,
High level will be using login asset as default, '
'if user was granted more than 2 system user'
),
'login_mode'
:
_
(
'If you choose manual login mode, you do not '
'need to fill in the username and password.'
)
...
...
apps/assets/models/cmd_filter.py
浏览文件 @
ebecd005
...
...
@@ -44,7 +44,7 @@ class CommandFilterRule(OrgModelMixin):
id
=
models
.
UUIDField
(
default
=
uuid
.
uuid4
,
primary_key
=
True
)
filter
=
models
.
ForeignKey
(
'CommandFilter'
,
on_delete
=
models
.
CASCADE
,
verbose_name
=
_
(
"Filter"
),
related_name
=
'rules'
)
type
=
models
.
CharField
(
max_length
=
16
,
default
=
TYPE_COMMAND
,
choices
=
TYPE_CHOICES
,
verbose_name
=
_
(
"Type"
))
priority
=
models
.
IntegerField
(
default
=
50
,
verbose_name
=
_
(
"Priority"
),
help_text
=
_
(
"1-100, the
low
er will be match first"
),
priority
=
models
.
IntegerField
(
default
=
50
,
verbose_name
=
_
(
"Priority"
),
help_text
=
_
(
"1-100, the
high
er will be match first"
),
validators
=
[
MinValueValidator
(
1
),
MaxValueValidator
(
100
)])
content
=
models
.
TextField
(
max_length
=
1024
,
verbose_name
=
_
(
"Content"
),
help_text
=
_
(
"One line one command"
))
action
=
models
.
IntegerField
(
default
=
ACTION_DENY
,
choices
=
ACTION_CHOICES
,
verbose_name
=
_
(
"Action"
))
...
...
@@ -54,7 +54,7 @@ class CommandFilterRule(OrgModelMixin):
created_by
=
models
.
CharField
(
max_length
=
128
,
blank
=
True
,
default
=
''
,
verbose_name
=
_
(
'Created by'
))
class
Meta
:
ordering
=
(
'priority'
,
'action'
)
ordering
=
(
'
-
priority'
,
'action'
)
def
__str__
(
self
):
return
'{} % {}'
.
format
(
self
.
type
,
self
.
content
)
apps/assets/models/user.py
浏览文件 @
ebecd005
...
...
@@ -7,6 +7,7 @@ import logging
from
django.core.cache
import
cache
from
django.db
import
models
from
django.utils.translation
import
ugettext_lazy
as
_
from
django.core.validators
import
MinValueValidator
,
MaxValueValidator
from
common.utils
import
get_signer
from
..const
import
SYSTEM_USER_CONN_CACHE_KEY
...
...
@@ -111,7 +112,8 @@ class SystemUser(AssetUser):
nodes
=
models
.
ManyToManyField
(
'assets.Node'
,
blank
=
True
,
verbose_name
=
_
(
"Nodes"
))
assets
=
models
.
ManyToManyField
(
'assets.Asset'
,
blank
=
True
,
verbose_name
=
_
(
"Assets"
))
priority
=
models
.
IntegerField
(
default
=
10
,
verbose_name
=
_
(
"Priority"
))
priority
=
models
.
IntegerField
(
default
=
20
,
verbose_name
=
_
(
"Priority"
),
validators
=
[
MinValueValidator
(
1
),
MaxValueValidator
(
100
)])
protocol
=
models
.
CharField
(
max_length
=
16
,
choices
=
PROTOCOL_CHOICES
,
default
=
'ssh'
,
verbose_name
=
_
(
'Protocol'
))
auto_push
=
models
.
BooleanField
(
default
=
True
,
verbose_name
=
_
(
'Auto push'
))
sudo
=
models
.
TextField
(
default
=
'/bin/whoami'
,
verbose_name
=
_
(
'Sudo'
))
...
...
@@ -168,7 +170,7 @@ class SystemUser(AssetUser):
from
.cmd_filter
import
CommandFilterRule
rules
=
CommandFilterRule
.
objects
.
filter
(
filter__in
=
self
.
cmd_filters
.
all
()
).
order_by
(
'priority'
).
distinct
()
).
distinct
()
return
rules
@
classmethod
...
...
apps/assets/templates/assets/asset_detail.html
浏览文件 @
ebecd005
...
...
@@ -69,6 +69,10 @@
<td>
{% trans 'Port' %}:
</td>
<td><b>
{{ asset.port }}
</b></td>
</tr>
<tr>
<td>
{% trans 'Protocol' %}:
</td>
<td><b>
{{ asset.protocol }}
</b></td>
</tr>
<tr>
<td>
{% trans 'Admin user' %}:
</td>
<td><b>
{{ asset.admin_user }}
</b></td>
...
...
apps/assets/templates/assets/cmd_filter_list.html
浏览文件 @
ebecd005
...
...
@@ -5,7 +5,7 @@
<div
class=
"alert alert-info help-message"
>
{% trans 'System user bound some command filter, each command filter has some rules,'%}
{% trans 'When user login asset with this system user, then run a command,' %}
{% trans 'The command will be filter by rules, higher priority
(lower number)
rule run first,' %}
{% trans 'The command will be filter by rules, higher priority rule run first,' %}
{% trans 'When a rule matched, if rule action is allow, then allow command execute,' %}
{% trans 'else if action is deny, then command with be deny,' %}
{% trans 'else match next rule, if none matched, allowed' %}
...
...
apps/locale/zh/LC_MESSAGES/django.mo
浏览文件 @
ebecd005
无法预览此类型文件
apps/locale/zh/LC_MESSAGES/django.po
浏览文件 @
ebecd005
此差异已折叠。
点击以展开。
apps/perms/api.py
浏览文件 @
ebecd005
...
...
@@ -96,7 +96,7 @@ class UserGrantedNodesApi(ListAPIView):
"""
查询用户授权的所有节点的API, 如果是超级用户或者是 app,切换到root org
"""
permission_classes
=
(
IsOrgAdmin
,)
permission_classes
=
(
IsOrgAdmin
OrAppUser
,)
serializer_class
=
NodeSerializer
def
change_org_if_need
(
self
):
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录