Skip to content

Commit

Permalink
Merge pull request #428 from TencentBlueKing/develop
Browse files Browse the repository at this point in the history
v1.5.13
  • Loading branch information
zhu327 authored Nov 23, 2021
2 parents 476dd4c + 2dcde83 commit 79fe3ca
Show file tree
Hide file tree
Showing 53 changed files with 763 additions and 176 deletions.
4 changes: 3 additions & 1 deletion frontend/src/language/lang/en.js
Original file line number Diff line number Diff line change
Expand Up @@ -406,7 +406,9 @@ export const m = {
'取消续期': 'Cancel renewal',
'根据你的需求,自动匹配到以下的用户组(包含更多可申请权限)': 'According to your requirements, automatically matched to the following user groups (including more applicable permissions)',
'你也可以继续申请独立权限': 'You can also continue to apply for independent access',
'你可以申请独立权限': 'You can apply for independent access'
'你可以申请独立权限': 'You can apply for independent access',
'你已获得该组权限,但是已过期': 'You have been granted permission for this group, but it has expired',
'去续期': 'Go to renew'
},
myApply: {
'申请列表': 'Apply List',
Expand Down
4 changes: 3 additions & 1 deletion frontend/src/language/lang/zh.js
Original file line number Diff line number Diff line change
Expand Up @@ -470,7 +470,9 @@ export const m = {
'取消续期': '取消续期',
'根据你的需求,自动匹配到以下的用户组(包含更多可申请权限)': '根据你的需求,自动匹配到以下的用户组(包含更多可申请权限)',
'你也可以继续申请独立权限': '你也可以继续申请独立权限',
'你可以申请独立权限': '你可以申请独立权限'
'你可以申请独立权限': '你可以申请独立权限',
'你已获得该组权限,但是已过期': '你已获得该组权限,但是已过期',
'去续期': '去续期'
},
myApply: {
'申请列表': '申请列表',
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -403,6 +403,7 @@
return !item.isExpiredAtDisabled
&& !item.isAggregate
&& relatedActions.includes(item.id)
&& curData.system_id === item.system_id
&& !item.related_resource_types.every(sub => sub.empty)
}))
if (relatedList.length > 0) {
Expand Down Expand Up @@ -445,7 +446,8 @@
return
}
payload.forEach(item => {
const curIndex = this.tableList.findIndex(sub => sub.id === item.id && !sub.isExpiredAtDisabled)
const curIndex = this.tableList.findIndex(sub => sub.id === item.id
&& sub.system_id === item.related_resource_types[0].system_id && !sub.isExpiredAtDisabled)
if (curIndex > -1) {
this.tableList.splice(curIndex, 1, new GradePolicy({
...item,
Expand Down
3 changes: 2 additions & 1 deletion frontend/src/views/grading-admin/detail/index.vue
Original file line number Diff line number Diff line change
Expand Up @@ -135,7 +135,8 @@
if (item.type === 'department') {
departments.push({
name: item.name,
count: item.member_count
count: item.member_count,
fullName: item.full_name
})
}
if (item.type === 'user') {
Expand Down
1 change: 1 addition & 0 deletions frontend/src/views/grading-admin/edit/index.vue
Original file line number Diff line number Diff line change
Expand Up @@ -577,6 +577,7 @@
id: Number(item.id),
type: 'depart',
name: item.name,
fullName: item.full_name,
count: item.member_count
})
}
Expand Down
3 changes: 2 additions & 1 deletion frontend/src/views/group/common/render-member-display.vue
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,8 @@
<div v-for="(item, index) in data"
:key="index"
class="member-item"
:title="isDepartment ? item.name : item.name !== '' ? `${item.username}(${item.name})` : item.username">
:title="isDepartment ? (`${item.fullName}` ? `${item.fullName}` : ` ${item.name}`) :
item.name !== '' ? `${item.username}(${item.name})` : item.username">
<span class="member-name">
{{ isDepartment ? item.name : item.username }}
</span>
Expand Down
26 changes: 24 additions & 2 deletions frontend/src/views/group/components/add-group-perm-sideslider.vue
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,20 @@
<bk-table-column type="selection" align="center" :selectable="getIsSelect"></bk-table-column>
<bk-table-column :label="$t(`m.permTemplate['模板名']`)">
<template slot-scope="{ row }">
<Icon v-if="!getIsSelect(row)" type="error-fill" class="error-icon" />
<bk-popover placement="top" :delay="[300, 0]" ext-cls="iam-tooltips-cls">
<template>
<Icon v-if="row.need_to_update" type="error-fill" class="error-icon" />
</template>
<div slot="content" class="iam-perm-apply-action-popover-content">
该模板无法选择的原因是:分级管理员缩小了授权范围,但是没有同步删除模板里的操作,如需选择请重新编辑模板或者创建新的模板。
<bk-button
text
:loading="editLoading"
@click="handleEdit(row)">
去编辑
</bk-button>
</div>
</bk-popover>
<span class="perm-template-name" :title="row.name" @click="handleViewTemplateDetail(row)">{{ row.name }}</span>
</template>
</bk-table-column>
Expand Down Expand Up @@ -506,6 +519,14 @@
handleSliderClose () {
this.$emit('update:isShow', false)
this.$emit('animation-end')
},
handleEdit (data) {
window.localStorage.setItem('iam-header-title-cache', `${this.$t(`m.nav['编辑权限模板']`)}(${data.name})`)
this.$router.push({
name: 'permTemplateEdit',
params: { id: data.id, systemId: data.system.id }
})
}
}
}
Expand Down Expand Up @@ -585,7 +606,8 @@
font-size: 14px;
color: #ffb400;
position: absolute;
left: -5px;
left: -15px;
top: -11px;
}
}
</style>
2 changes: 1 addition & 1 deletion frontend/src/views/group/components/iam-add-member.vue
Original file line number Diff line number Diff line change
Expand Up @@ -171,7 +171,7 @@
<div class="organization-content" v-if="isDepartSelectedEmpty">
<div class="organization-item" v-for="item in hasSelectedDepartments" :key="item.id">
<Icon type="file-close" class="folder-icon" />
<span class="organization-name" :title="item.name">{{ item.name }}</span><span class="user-count" v-if="item.showCount">{{ '(' + item.count + `)` }}</span>
<span class="organization-name" :title="item.fullName">{{ item.name }}</span><span class="user-count" v-if="item.showCount">{{ '(' + item.count + `)` }}</span>
<Icon bk type="close-circle-shape" class="delete-depart-icon" @click="handleDelete(item, 'organization')" />
</div>
</div>
Expand Down
6 changes: 4 additions & 2 deletions frontend/src/views/group/components/render-instance-table.vue
Original file line number Diff line number Diff line change
Expand Up @@ -765,6 +765,7 @@
const relatedList = _.cloneDeep(this.tableList.filter(item => {
return !item.isAggregate
&& relatedActions.includes(item.id)
&& curData.detail.system.id === item.detail.system.id
&& !item.related_resource_types.every(sub => sub.empty)
}))
if (relatedList.length > 0) {
Expand Down Expand Up @@ -805,9 +806,10 @@
if (payload.length < 1) {
return
}
payload.forEach(item => {
const curIndex = this.tableList.findIndex(sub => sub.id === item.id)
const curIndex = this.tableList.findIndex(sub => sub.id === item.id
&& sub.detail.system.id === item.related_resource_types[0].system_id)
if (curIndex > -1) {
const old = this.tableList[curIndex]
this.tableList.splice(curIndex, 1, new GroupPolicy(
Expand Down
8 changes: 8 additions & 0 deletions frontend/src/views/perm-apply/apply-custom-perm/index.css
Original file line number Diff line number Diff line change
Expand Up @@ -316,4 +316,12 @@
.groupPermissionQequest,
.IndependentApplication {
margin-bottom:24px
}
.error-icon {
font-size: 14px;
color: #ffb400;
}
.expired-text{
font-size: 12px;
color: #63656e;
}
23 changes: 23 additions & 0 deletions frontend/src/views/perm-apply/apply-custom-perm/index.vue
Original file line number Diff line number Diff line change
Expand Up @@ -248,6 +248,17 @@
<bk-table-column :label="$t(`m.userGroup['用户组名']`)">
<template slot-scope="{ row }">
<span class="user-group-name" :title="row.name" @click="handleView(row)">{{ row.name }}</span>
<template v-if="!setDefaultSelect(row)">
<Icon type="error-fill" class="error-icon" />
<span class="expired-text">{{$t(`m.permApply['你已获得该组权限,但是已过期']`)}}</span>
<bk-button
text
theme="primary"
style="font-size: 12px;"
@click="handleBatchRenewal">
{{ $t(`m.permApply['去续期']`) }}
</bk-button>
</template>
</template>
</bk-table-column>
<bk-table-column :label="$t(`m.userGroup['描述']`)">
Expand Down Expand Up @@ -2063,6 +2074,18 @@
this.$router.push({
name: 'applyJoinUserGroup'
})
},
/**
* 去续期
*/
handleBatchRenewal () {
this.$router.push({
name: 'permRenewal',
query: {
tab: 'custom'
}
})
}
}
}
Expand Down
29 changes: 25 additions & 4 deletions frontend/src/views/perm-template/components/render-action.vue
Original file line number Diff line number Diff line change
Expand Up @@ -36,11 +36,9 @@
<bk-popover placement="top" :delay="[300, 0]" ext-cls="iam-tooltips-cls">
<template v-if="act.disabled">
<span class="text" :class="{ 'text-through': act.tag === 'delete' && mode === 'detail' }">{{ act.name }}</span>
<Icon v-if="act.tag === 'delete'" type="error-fill" class="error-icon" />
</template>
<template v-else>
<span class="text" :class="{ 'text-through': act.tag === 'delete' && mode === 'detail' }">{{ act.name }}</span>
<Icon v-if="act.tag === 'delete'" type="error-fill" class="error-icon" />
</template>
<div slot="content" class="iam-perm-apply-action-popover-content">
<div>
Expand All @@ -55,6 +53,19 @@
</div>
</div>
</bk-popover>

<bk-popover placement="top" :delay="[300, 0]" ext-cls="iam-tooltips-cls">
<template v-if="act.tag === 'delete'">
<Icon type="error-fill" class="error-icon" />
</template>
<div slot="content" class="iam-perm-apply-action-popover-content">
<div>

由于分级管理员的授权范围没有包含此操作,<br>
如需使用该模板进行新的授权必须先删除该操作。
</div>
</div>
</bk-popover>
<template v-if="isCompare && act.hasOwnProperty('flag') && ['added', 'cancel'].includes(act.flag)">
<bk-tag :theme="act.flag === 'added' ? 'success' : 'danger'">
{{ act.flag === 'added' ? $t(`m.common['新增']`) : $t(`m.common['移除']`) }}
Expand Down Expand Up @@ -92,11 +103,9 @@
<bk-popover placement="top" :delay="[300, 0]" ext-cls="iam-tooltips-cls">
<template v-if="act.disabled">
<span class="text" :class="{ 'text-through': act.tag === 'delete' && mode === 'detail' }">{{ act.name }}</span>
<Icon v-if="act.tag === 'delete'" type="error-fill" class="error-icon" />
</template>
<template v-else>
<span class="text" :class="{ 'text-through': act.tag === 'delete' && mode === 'detail' }">{{ act.name }}</span>
<Icon v-if="act.tag === 'delete'" type="error-fill" class="error-icon" />
</template>
<div slot="content" class="iam-perm-apply-action-popover-content">
<div>
Expand All @@ -111,6 +120,18 @@
</div>
</div>
</bk-popover>
<bk-popover placement="top" :delay="[300, 0]" ext-cls="iam-tooltips-cls">
<template v-if="act.tag === 'delete'">
<Icon type="error-fill" class="error-icon" />
</template>
<div slot="content" class="iam-perm-apply-action-popover-content">
<div>

由于分级管理员的授权范围没有包含此操作,<br>
如需使用该模板进行新的授权必须先删除该操作。
</div>
</div>
</bk-popover>
<template v-if="isCompare && act.hasOwnProperty('flag') && ['added', 'cancel'].includes(act.flag)">
<bk-tag :theme="act.flag === 'added' ? 'success' : 'danger'">
{{ act.flag === 'added' ? $t(`m.common['新增']`) : $t(`m.common['移除']`) }}
Expand Down
8 changes: 4 additions & 4 deletions frontend/src/views/user/components/record-list.vue
Original file line number Diff line number Diff line change
Expand Up @@ -76,8 +76,8 @@
</div>
<div class="msg-content">
<div v-if="exceptionMsg || tracebackMsg">
<div>{{exceptionMsg}}</div>
<div>{{tracebackMsg}}</div>
<div v-html="exceptionMsg"></div>
<div v-html="tracebackMsg"></div>
</div>
<div v-else>暂无日志详情</div>
</div>
Expand Down Expand Up @@ -224,8 +224,8 @@
this.logDetailLoading = true
try {
const res = await this.$store.dispatch('organization/getRecordsLog', data.id)
this.exceptionMsg = res.data.exception_msg
this.tracebackMsg = res.data.traceback_msg
this.exceptionMsg = res.data.exception_msg.replaceAll('\n', '<br>')
this.tracebackMsg = res.data.traceback_msg.replaceAll('\n', '<br>')
} catch (e) {
console.error(e)
this.bkMessageInstance = this.$bkMessage({
Expand Down
25 changes: 25 additions & 0 deletions release.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,28 @@
# V1.5.13

### 新增功能
* 授权API白名单支持前缀匹配规则
* 自动更新策略里的重命名的资源实例

### 功能优化
* 组织名称tips显示完整路径
* 组织架构同步记录中的日志详情添加换行
* 接入系统管理类API对于创建分级管理员和用户组授权接口支持无限制资源实例的授权

### 缺陷修复
* 修复分级管理员用户组模板授权报错
* 修复无权限跳转推荐的用户组权限已过期的bug
* 后台任务清理用户组过期成员的审计异常
* 修复Action模型删除事件处理异常问题
* 解决migrate时依赖esb的问题
* 修复project_view问题导致系统授权报错

# V1.5.12

### 功能优化
* 增加用户同步记录
* 分级管理员修改操作范围后, 范围不一致的模板不能授权

# V1.5.11

### 功能优化
Expand Down
2 changes: 1 addition & 1 deletion saas/VERSION
Original file line number Diff line number Diff line change
@@ -1 +1 @@
1.5.12
1.5.13
8 changes: 8 additions & 0 deletions saas/backend/api/authorization/constants.py
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,14 @@ class AuthorizationAPIEnum(ChoicesEnum, LowerStrEnum):
_choices_labels = skip(((AUTHORIZATION_INSTANCE, "实例授权"), (CREATOR_AUTHORIZATION_INSTANCE, "新建关联实例授权")))


class AllowListMatchOperationEnum(ChoicesEnum, LowerStrEnum):
EQ = auto()
STARTS_WITH = auto()


AllowListObjectOperationSep = ":"


class VerifyAPIParamLocationEnum(ChoicesEnum, LowerStrEnum):
SYSTEM_IN_BODY = auto()
RESOURCE_TYPE_IN_BODY = auto()
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
# Generated by Django 2.2.24 on 2021-11-17 02:32

from django.db import migrations

from backend.api.authorization.constants import (
AllowListMatchOperationEnum,
AllowListObjectOperationSep,
AuthorizationAPIEnum,
)


def add_allow_list(apps, schema_editor):
"""初始化授权API白名单"""
AuthAPIAllowListConfig = apps.get_model("authorization", "AuthAPIAllowListConfig")
# 查询已存在白名单,避免重复
all_allow_list = AuthAPIAllowListConfig.objects.all()
allow_set = set([(a.type, a.system_id, a.object_id) for a in all_allow_list])
# 实例授权API 白名单
system_actions = {
"bk_cmdb": [
"".join([AllowListMatchOperationEnum.STARTS_WITH.value, AllowListObjectOperationSep, "create_comobj"]),
"".join([AllowListMatchOperationEnum.STARTS_WITH.value, AllowListObjectOperationSep, "edit_comobj"]),
"".join([AllowListMatchOperationEnum.STARTS_WITH.value, AllowListObjectOperationSep, "delete_comobj"]),
],
}
auth_api_allow_list_config = []
for system_id, object_ids in system_actions.items():
for object_id in object_ids:
# 已存在,则直接忽略
if (AuthorizationAPIEnum.AUTHORIZATION_INSTANCE.value, system_id, object_id) in allow_set:
continue
auth_api_allow_list_config.append(
AuthAPIAllowListConfig(
type=AuthorizationAPIEnum.AUTHORIZATION_INSTANCE.value,
system_id=system_id,
object_id=object_id
)
)
if len(auth_api_allow_list_config) != 0:
AuthAPIAllowListConfig.objects.bulk_create(auth_api_allow_list_config)


class Migration(migrations.Migration):

dependencies = [
('authorization', '0006_auto_20210826_1642'),
]

operations = [
migrations.RunPython(add_allow_list)
]
Loading

0 comments on commit 79fe3ca

Please sign in to comment.