fix(api): secrets

Co-authored-by: fxiang21 <fxiang21@126.com>

.gitignore

@@ -70,7 +70,6 @@ settings.py
 # UI
 cmdb-ui/node_modules
 cmdb-ui/dist
-cmdb-ui/yarn.lock
 
 # Log files
 cmdb-ui/npm-debug.log*

cmdb-api/Pipfile

@@ -6,7 +6,7 @@ name = "pypi"
 [packages]
 # Flask
 Flask = "==2.3.2"
-Werkzeug = ">=2.3.6"
+Werkzeug = "==2.3.6"
 click = ">=5.0"
 # Api
 Flask-RESTful = "==0.3.10"
@@ -21,7 +21,7 @@ Flask-Migrate = "==2.5.2"
 gunicorn = "==21.0.1"
 supervisor = "==4.0.3"
 # Auth
-Flask-Login = ">=0.6.2"
+Flask-Login = "==0.6.2"
 Flask-Bcrypt = "==1.0.1"
 Flask-Cors = ">=3.0.8"
 ldap3 = "==2.9.1"
@@ -43,7 +43,7 @@ WTForms = "==3.0.0"
 email-validator = "==1.3.1"
 treelib = "==1.6.1"
 flasgger = "==0.9.5"
-Pillow = ">=10.0.1"
+Pillow = "==9.3.0"
 # other
 six = "==1.16.0"
 bs4 = ">=0.0.1"

cmdb-api/api/commands/click_acl.py

@@ -1,8 +1,6 @@
 import click
 from flask.cli import with_appcontext
 
-from api.lib.perm.acl.user import UserCRUD
-
 
 @click.command()
 @with_appcontext
@@ -25,18 +23,50 @@ def init_acl():
                 role_rebuild.apply_async(args=(role.id, app.id), queue=ACL_QUEUE)
 
 
-@click.command()
-@with_appcontext
-def add_user():
-    """
-    create a user
-
-    is_admin: default is False
-
-    """
-
-    username = click.prompt('Enter username', confirmation_prompt=False)
-    password = click.prompt('Enter password', hide_input=True, confirmation_prompt=True)
-    email = click.prompt('Enter email   ', confirmation_prompt=False)
-
-    UserCRUD.add(username=username, password=password, email=email)
+# @click.command()
+# @with_appcontext
+# def acl_clean():
+#     from api.models.acl import Resource
+#     from api.models.acl import Permission
+#     from api.models.acl import RolePermission
+#
+#     perms = RolePermission.get_by(to_dict=False)
+#
+#     for r in perms:
+#         perm = Permission.get_by_id(r.perm_id)
+#         if perm and perm.app_id != r.app_id:
+#             resource_id = r.resource_id
+#             resource = Resource.get_by_id(resource_id)
+#             perm_name = perm.name
+#             existed = Permission.get_by(resource_type_id=resource.resource_type_id, name=perm_name, first=True,
+#                                         to_dict=False)
+#             if existed is not None:
+#                 other = RolePermission.get_by(rid=r.rid, perm_id=existed.id, resource_id=resource_id)
+#                 if not other:
+#                     r.update(perm_id=existed.id)
+#                 else:
+#                     r.soft_delete()
+#             else:
+#                 r.soft_delete()
+#
+#
+# @click.command()
+# @with_appcontext
+# def acl_has_resource_role():
+#     from api.models.acl import Role
+#     from api.models.acl import App
+#     from api.lib.perm.acl.cache import HasResourceRoleCache
+#     from api.lib.perm.acl.role import RoleCRUD
+#
+#     roles = Role.get_by(to_dict=False)
+#     apps = App.get_by(to_dict=False)
+#     for role in roles:
+#         if role.app_id:
+#             res = RoleCRUD.recursive_resources(role.id, role.app_id)
+#             if res.get('resources') or res.get('groups'):
+#                 HasResourceRoleCache.add(role.id, role.app_id)
+#         else:
+#             for app in apps:
+#                 res = RoleCRUD.recursive_resources(role.id, app.id)
+#                 if res.get('resources') or res.get('groups'):
+#                     HasResourceRoleCache.add(role.id, app.id)

cmdb-api/api/commands/click_cmdb.py

@@ -29,6 +29,7 @@ from api.lib.perm.acl.cache import AppCache
 from api.lib.perm.acl.resource import ResourceCRUD
 from api.lib.perm.acl.resource import ResourceTypeCRUD
 from api.lib.perm.acl.role import RoleCRUD
+from api.lib.perm.acl.user import UserCRUD
 from api.lib.secrets.inner import KeyManage
 from api.lib.secrets.inner import global_key_threshold
 from api.lib.secrets.secrets import InnerKVManger
@@ -127,10 +128,10 @@ def cmdb_init_acl():
 
     # 3. add resource and grant
     ci_types = CIType.get_by(to_dict=False)
-    resource_type_id = ResourceType.get_by(name=ResourceTypeEnum.CI, first=True, to_dict=False).id
+    type_id = ResourceType.get_by(name=ResourceTypeEnum.CI, first=True, to_dict=False).id
     for ci_type in ci_types:
         try:
-            ResourceCRUD.add(ci_type.name, resource_type_id, app_id)
+            ResourceCRUD.add(ci_type.name, type_id, app_id)
         except AbortException:
             pass
 
@@ -140,10 +141,10 @@ def cmdb_init_acl():
                                             [PermEnum.READ])
 
     relation_views = PreferenceRelationView.get_by(to_dict=False)
-    resource_type_id = ResourceType.get_by(name=ResourceTypeEnum.RELATION_VIEW, first=True, to_dict=False).id
+    type_id = ResourceType.get_by(name=ResourceTypeEnum.RELATION_VIEW, first=True, to_dict=False).id
     for view in relation_views:
         try:
-            ResourceCRUD.add(view.name, resource_type_id, app_id)
+            ResourceCRUD.add(view.name, type_id, app_id)
         except AbortException:
             pass
 
@@ -153,6 +154,57 @@ def cmdb_init_acl():
                                             [PermEnum.READ])
 
 
+@click.command()
+@click.option(
+    '-u',
+    '--user',
+    help='username'
+)
+@click.option(
+    '-p',
+    '--password',
+    help='password'
+)
+@click.option(
+    '-m',
+    '--mail',
+    help='mail'
+)
+@with_appcontext
+def add_user(user, password, mail):
+    """
+    create a user
+
+    is_admin: default is False
+
+    Example:  flask add-user -u <username> -p <password> -m <mail>
+    """
+    assert user is not None
+    assert password is not None
+    assert mail is not None
+    UserCRUD.add(username=user, password=password, email=mail)
+
+
+@click.command()
+@click.option(
+    '-u',
+    '--user',
+    help='username'
+)
+@with_appcontext
+def del_user(user):
+    """
+    delete a user
+
+    Example:  flask del-user -u <username>
+    """
+    assert user is not None
+    from api.models.acl import User
+
+    u = User.get_by(username=user, first=True, to_dict=False)
+    u and UserCRUD.delete(u.uid)
+
+
 @click.command()
 @with_appcontext
 def cmdb_counter():
@@ -277,6 +329,7 @@ def valid_address(address):
         }
         KeyManage.print_response(response)
         return False
+
     return True
 
 
@@ -391,7 +444,6 @@ def cmdb_password_data_migrate():
 
             value_table = CIIndexValueText if attr.is_index else CIValueText
 
-            failed = False
             for i in value_table.get_by(attr_id=attr.id, to_dict=False):
                 if current_app.config.get("SECRETS_ENGINE", 'inner') == 'inner':
                     _, status = InnerCrypt().decrypt(i.value)
@@ -402,7 +454,6 @@ def cmdb_password_data_migrate():
                     if status:
                         CIValueText.create(ci_id=i.ci_id, attr_id=attr.id, value=encrypt_value)
                     else:
-                        failed = True
                         continue
                 elif current_app.config.get("SECRETS_ENGINE") == 'vault':
                     if i.value == '******':
@@ -413,48 +464,8 @@ def cmdb_password_data_migrate():
                         vault.update("/{}/{}".format(i.ci_id, i.attr_id), dict(v=i.value))
                     except Exception as e:
                         print('save password to vault failed: {}'.format(e))
-                        failed = True
                         continue
                 else:
                     continue
 
                 i.delete()
-
-                if not failed and attr.is_index:
-                    attr.update(is_index=False)
-
-
-@click.command()
-@with_appcontext
-def cmdb_agent_init():
-    """
-    Initialize the agent's permissions and obtain the key and secret
-    """
-
-    from api.models.acl import User
-
-    user = User.get_by(username="cmdb_agent", first=True, to_dict=False)
-    if user is None:
-        click.echo(
-            click.style('user cmdb_agent does not exist, please use flask add-user to create it first', fg='red'))
-        return
-
-    # grant
-    _app = AppCache.get('cmdb') or App.create(name='cmdb')
-    app_id = _app.id
-
-    ci_types = CIType.get_by(to_dict=False)
-    resource_type_id = ResourceType.get_by(name=ResourceTypeEnum.CI, first=True, to_dict=False).id
-    for ci_type in ci_types:
-        try:
-            ResourceCRUD.add(ci_type.name, resource_type_id, app_id)
-        except AbortException:
-            pass
-
-        ACLManager().grant_resource_to_role(ci_type.name,
-                                            "cmdb_agent",
-                                            ResourceTypeEnum.CI,
-                                            [PermEnum.READ, PermEnum.UPDATE, PermEnum.ADD, PermEnum.DELETE])
-
-    click.echo("Key   : {}".format(click.style(user.key, bg='red')))
-    click.echo("Secret: {}".format(click.style(user.secret, bg='red')))

cmdb-api/api/commands/click_common_setting.py

@@ -10,6 +10,9 @@ from api.models.common_setting import Employee, Department
 
 
 class InitEmployee(object):
+    """
+    初始化员工
+    """
 
     def __init__(self):
         self.log = current_app.logger
@@ -55,8 +58,7 @@ class InitEmployee(object):
                 self.log.error(ErrFormat.acl_import_user_failed.format(user['username'], str(e)))
                 self.log.error(e)
 
-    @staticmethod
-    def get_rid_by_uid(uid):
+    def get_rid_by_uid(self, uid):
         from api.models.acl import Role
         role = Role.get_by(first=True, uid=uid)
         return role['id'] if role is not None else 0
@@ -69,8 +71,7 @@ class InitDepartment(object):
     def init(self):
         self.init_wide_company()
 
-    @staticmethod
-    def hard_delete(department_id, department_name):
+    def hard_delete(self, department_id, department_name):
         existed_deleted_list = Department.query.filter(
             Department.department_name == department_name,
             Department.department_id == department_id,
@@ -79,12 +80,11 @@ class InitDepartment(object):
         for existed in existed_deleted_list:
             existed.delete()
 
-    @staticmethod
-    def get_department(department_name):
+    def get_department(self, department_name):
         return Department.query.filter(
             Department.department_name == department_name,
             Department.deleted == 0,
-        ).first()
+        ).order_by(Department.created_at.asc()).first()
 
     def run(self, department_id, department_name, department_parent_id):
         self.hard_delete(department_id, department_name)
@@ -94,7 +94,7 @@ class InitDepartment(object):
             if res.department_id == department_id:
                 return
             else:
-                res.update(
+                new_d = res.update(
                     department_id=department_id,
                     department_parent_id=department_parent_id,
                 )
@@ -108,11 +108,11 @@ class InitDepartment(object):
         new_d = self.get_department(department_name)
 
         if new_d.department_id != department_id:
-            new_d.update(
+            new_d = new_d.update(
                 department_id=department_id,
                 department_parent_id=department_parent_id,
             )
-        self.log.info(f"init {department_name} success.")
+        self.log.info(f"初始化 {department_name} 部门成功.")
 
     def run_common(self, department_id, department_name, department_parent_id):
         try:
@@ -123,14 +123,19 @@ class InitDepartment(object):
             raise Exception(e)
 
     def init_wide_company(self):
+        """
+        创建 id 0, name 全公司 的部门
+        """
         department_id = 0
         department_name = '全公司'
         department_parent_id = -1
 
         self.run_common(department_id, department_name, department_parent_id)
 
-    @staticmethod
-    def create_acl_role_with_department():
+    def create_acl_role_with_department(self):
+        """
+        当前所有部门，在ACL创建 role
+        """
         acl = ACLManager('acl')
         role_name_map = {role['name']: role for role in acl.get_all_roles()}
 
@@ -141,7 +146,7 @@ class InitDepartment(object):
                 continue
 
             role = role_name_map.get(department.department_name)
-            if not role:
+            if role is None:
                 payload = {
                     'app_id': 'acl',
                     'name': department.department_name,
@@ -203,20 +208,25 @@ class InitDepartment(object):
             if acl_rid > 0:
                 acl.grant_resource(acl_rid, resource['id'], perms)
 
-    @staticmethod
-    def check_app(app_name):
+    def check_app(self, app_name):
         acl = ACLManager(app_name)
         payload = dict(
             name=app_name,
             description=app_name
         )
-        app = acl.validate_app()
-        if not app:
-            acl.create_app(payload)
-        return acl
+        try:
+            app = acl.validate_app()
+            if not app:
+                acl.create_app(payload)
+            return acl
+        except Exception as e:
+            current_app.logger.error(e)
+            if '不存在' in str(e):
+                acl.create_app(payload)
+                return acl
+            raise Exception(e)
 
-    @staticmethod
-    def get_admin_user_rid():
+    def get_admin_user_rid(self):
         admin = Employee.get_by(first=True, username='admin', to_dict=False)
         return admin.acl_rid if admin else 0
 
@@ -251,19 +261,17 @@ def common_check_new_columns():
     from api.extensions import db
     from sqlalchemy import inspect, text
 
-    def get_model_by_table_name(_table_name):
-        registry = getattr(db.Model, 'registry', None)
-        class_registry = getattr(registry, '_class_registry', None)
-        for _model in class_registry.values():
-            if hasattr(_model, '__tablename__') and _model.__tablename__ == _table_name:
-                return _model
+    def get_model_by_table_name(table_name):
+        for model in db.Model.registry._class_registry.values():
+            if hasattr(model, '__tablename__') and model.__tablename__ == table_name:
+                return model
         return None
 
-    def add_new_column(target_table_name, new_column):
+    def add_new_column(table_name, new_column):
         column_type = new_column.type.compile(engine.dialect)
         default_value = new_column.default.arg if new_column.default else None
 
-        sql = "ALTER TABLE " + target_table_name + " ADD COLUMN " + new_column.name + " " + column_type
+        sql = f"ALTER TABLE {table_name} ADD COLUMN {new_column.name} {column_type} "
         if new_column.comment:
             sql += f" comment '{new_column.comment}'"
 
@@ -289,8 +297,7 @@ def common_check_new_columns():
         model = get_model_by_table_name(table_name)
         if model is None:
             continue
-
-        model_columns = getattr(getattr(getattr(model, '__table__'), 'columns'), '_all_columns')
+        model_columns = model.__table__.columns._all_columns
         for column in model_columns:
             if column.name not in existed_column_name_list:
                 try:

cmdb-api/api/commands/common.py

@@ -84,6 +84,66 @@ def clean():
                 os.remove(full_pathname)
 
 
+@click.command()
+@click.option("--url", default=None, help="Url to test (ex. /static/image.png)")
+@click.option(
+    "--order", default="rule", help="Property on Rule to order by (default: rule)"
+)
+@with_appcontext
+def urls(url, order):
+    """Display all of the url matching routes for the project.
+
+    Borrowed from Flask-Script, converted to use Click.
+    """
+    rows = []
+    column_headers = ("Rule", "Endpoint", "Arguments")
+
+    if url:
+        try:
+            rule, arguments = current_app.url_map.bind("localhost").match(
+                url, return_rule=True
+            )
+            rows.append((rule.rule, rule.endpoint, arguments))
+            column_length = 3
+        except (NotFound, MethodNotAllowed) as e:
+            rows.append(("<{}>".format(e), None, None))
+            column_length = 1
+    else:
+        rules = sorted(
+            current_app.url_map.iter_rules(), key=lambda rule: getattr(rule, order)
+        )
+        for rule in rules:
+            rows.append((rule.rule, rule.endpoint, None))
+        column_length = 2
+
+    str_template = ""
+    table_width = 0
+
+    if column_length >= 1:
+        max_rule_length = max(len(r[0]) for r in rows)
+        max_rule_length = max_rule_length if max_rule_length > 4 else 4
+        str_template += "{:" + str(max_rule_length) + "}"
+        table_width += max_rule_length
+
+    if column_length >= 2:
+        max_endpoint_length = max(len(str(r[1])) for r in rows)
+        max_endpoint_length = max_endpoint_length if max_endpoint_length > 8 else 8
+        str_template += "  {:" + str(max_endpoint_length) + "}"
+        table_width += 2 + max_endpoint_length
+
+    if column_length >= 3:
+        max_arguments_length = max(len(str(r[2])) for r in rows)
+        max_arguments_length = max_arguments_length if max_arguments_length > 9 else 9
+        str_template += "  {:" + str(max_arguments_length) + "}"
+        table_width += 2 + max_arguments_length
+
+    click.echo(str_template.format(*column_headers[:column_length]))
+    click.echo("-" * table_width)
+
+    for row in rows:
+        click.echo(str_template.format(*row[:column_length]))
+
+
 @click.command()
 @with_appcontext
 def db_setup():

cmdb-api/api/lib/cmdb/attribute.py

@@ -81,9 +81,8 @@ class AttributeManager(object):
         elif choice_other.get('script'):
             try:
                 x = compile(choice_other['script'], '', "exec")
-                local_ns = {}
-                exec(x, {}, local_ns)
-                res = local_ns['ChoiceValue']().values() or []
+                exec(x)
+                res = locals()['ChoiceValue']().values() or []
                 return [[i, {}] for i in res]
             except Exception as e:
                 current_app.logger.error("get choice values from script: {}".format(e))
@@ -337,6 +336,9 @@ class AttributeManager(object):
     def update(self, _id, **kwargs):
         attr = Attribute.get_by_id(_id) or abort(404, ErrFormat.attribute_not_found.format("id={}".format(_id)))
 
+        if not self._can_edit_attribute(attr):
+            return abort(403, ErrFormat.cannot_edit_attribute)
+
         if kwargs.get("name"):
             other = Attribute.get_by(name=kwargs['name'], first=True, to_dict=False)
             if other and other.id != attr.id:
@@ -377,14 +379,6 @@ class AttributeManager(object):
 
         kwargs.get('is_computed') and self.can_create_computed_attribute()
 
-        is_changed = False
-        for k in kwargs:
-            if kwargs[k] != getattr(attr, k, None):
-                is_changed = True
-
-        if is_changed and not self._can_edit_attribute(attr):
-            return abort(403, ErrFormat.cannot_edit_attribute)
-
         attr.update(flush=True, filter_none=False, **kwargs)
 
         if is_choice and choice_value:

cmdb-api/api/lib/cmdb/auto_discovery/auto_discovery.py

@@ -36,10 +36,9 @@ def parse_plugin_script(script):
     attributes = []
     try:
         x = compile(script, '', "exec")
-        local_ns = {}
-        exec(x, {}, local_ns)
-        unique_key = local_ns['AutoDiscovery']().unique_key
-        attrs = local_ns['AutoDiscovery']().attributes() or []
+        exec(x)
+        unique_key = locals()['AutoDiscovery']().unique_key
+        attrs = locals()['AutoDiscovery']().attributes() or []
     except Exception as e:
         return abort(400, str(e))
 

cmdb-api/api/lib/cmdb/ci.py

@@ -45,8 +45,8 @@ from api.lib.perm.acl.acl import is_app_admin
 from api.lib.perm.acl.acl import validate_permission
 from api.lib.secrets.inner import InnerCrypt
 from api.lib.secrets.vault import VaultClient
-from api.lib.utils import Lock
 from api.lib.utils import handle_arg_list
+from api.lib.utils import Lock
 from api.lib.webhook import webhook_request
 from api.models.cmdb import AttributeHistory
 from api.models.cmdb import AutoDiscoveryCI
@@ -639,9 +639,6 @@ class CIManager(object):
                     _fields.append(str(attr.id))
             filter_fields_sql = "WHERE A.attr_id in ({0})".format(",".join(_fields))
 
-        ci2pos = {int(_id): _pos for _pos, _id in enumerate(ci_ids)}
-        res = [None] * len(ci_ids)
-
         ci_ids = ",".join(map(str, ci_ids))
         if value_tables is None:
             value_tables = ValueTypeMap.table_name.values()
@@ -652,6 +649,7 @@ class CIManager(object):
         # current_app.logger.debug(query_sql)
         cis = db.session.execute(query_sql).fetchall()
         ci_set = set()
+        res = list()
         ci_dict = dict()
         unique_id2obj = dict()
         excludes = excludes and set(excludes)
@@ -671,7 +669,7 @@ class CIManager(object):
                 ci_dict["unique"] = unique_id2obj[ci_type.unique_id] and unique_id2obj[ci_type.unique_id].name
                 ci_dict["unique_alias"] = unique_id2obj[ci_type.unique_id] and unique_id2obj[ci_type.unique_id].alias
                 ci_set.add(ci_id)
-                res[ci2pos[ci_id]] = ci_dict
+                res.append(ci_dict)
 
             if ret_key == RetKey.NAME:
                 attr_key = attr_name

cmdb-api/api/lib/cmdb/search/ci/db/search.py

@@ -9,7 +9,6 @@ import time
 from flask import current_app
 from flask_login import current_user
 from jinja2 import Template
-from sqlalchemy import text
 
 from api.extensions import db
 from api.lib.cmdb.cache import AttributeCache
@@ -313,7 +312,7 @@ class Search(object):
         start = time.time()
         execute = db.session.execute
         # current_app.logger.debug(v_query_sql)
-        res = execute(text(v_query_sql)).fetchall()
+        res = execute(v_query_sql).fetchall()
         end_time = time.time()
         current_app.logger.debug("query ci ids time is: {0}".format(end_time - start))
 
@@ -526,7 +525,7 @@ class Search(object):
             if k:
                 table_name = TableMap(attr=attr).table_name
                 query_sql = FACET_QUERY.format(table_name, self.query_sql, attr.id)
-                result = db.session.execute(text(query_sql)).fetchall()
+                result = db.session.execute(query_sql).fetchall()
                 facet[k] = result
 
         facet_result = dict()

cmdb-api/api/lib/common_setting/acl.py

@@ -80,22 +80,20 @@ class ACLManager(object):
         return role.to_dict()
 
     @staticmethod
-    def delete_role(_id):
+    def delete_role(_id, payload):
         RoleCRUD.delete_role(_id)
         return dict(rid=_id)
 
     def get_user_info(self, username):
         from api.lib.perm.acl.acl import ACLManager as ACL
         user_info = ACL().get_user_info(username, self.app_name)
-        result = dict(
-            name=user_info.get('nickname') or username,
-            username=user_info.get('username') or username,
-            email=user_info.get('email'),
-            uid=user_info.get('uid'),
-            rid=user_info.get('rid'),
-            role=dict(permissions=user_info.get('parents')),
-            avatar=user_info.get('avatar')
-        )
+        result = dict(name=user_info.get('nickname') or username,
+                      username=user_info.get('username') or username,
+                      email=user_info.get('email'),
+                      uid=user_info.get('uid'),
+                      rid=user_info.get('rid'),
+                      role=dict(permissions=user_info.get('parents')),
+                      avatar=user_info.get('avatar'))
 
         return result
 

cmdb-api/api/lib/common_setting/department.py

@@ -1,6 +1,6 @@
 # -*- coding:utf-8 -*-
 
-from flask import abort, current_app
+from flask import abort
 from treelib import Tree
 from wtforms import Form
 from wtforms import IntegerField
@@ -9,7 +9,6 @@ from wtforms import validators
 
 from api.extensions import db
 from api.lib.common_setting.resp_format import ErrFormat
-from api.lib.common_setting.acl import ACLManager
 from api.lib.perm.acl.role import RoleCRUD
 from api.models.common_setting import Department, Employee
 
@@ -153,10 +152,6 @@ class DepartmentForm(Form):
 
 class DepartmentCRUD(object):
 
-    @staticmethod
-    def get_department_by_id(d_id, to_dict=True):
-        return Department.get_by(first=True, department_id=d_id, to_dict=to_dict)
-
     @staticmethod
     def add(**kwargs):
         DepartmentCRUD.check_department_name_unique(kwargs['department_name'])
@@ -191,11 +186,10 @@ class DepartmentCRUD(object):
             filter(lambda d: d['department_id'] == department_parent_id, allow_p_d_id_list))
         if len(target) == 0:
             try:
-                dep = Department.get_by(
+                d = Department.get_by(
                     first=True, to_dict=False, department_id=department_parent_id)
-                name = dep.department_name if dep else ErrFormat.department_id_not_found.format(department_parent_id)
+                name = d.department_name if d else ErrFormat.department_id_not_found.format(department_parent_id)
             except Exception as e:
-                current_app.logger.error(str(e))
                 name = ErrFormat.department_id_not_found.format(department_parent_id)
             abort(400, ErrFormat.cannot_to_be_parent_department.format(name))
 
@@ -259,7 +253,7 @@ class DepartmentCRUD(object):
         try:
             RoleCRUD.delete_role(existed.acl_rid)
         except Exception as e:
-            current_app.logger.error(str(e))
+            pass
 
         return existed.soft_delete()
 
@@ -274,7 +268,7 @@ class DepartmentCRUD(object):
                 try:
                     tree.remove_subtree(department_id)
                 except Exception as e:
-                    current_app.logger.error(str(e))
+                    pass
 
             [allow_d_id_list.append({'department_id': int(n.identifier), 'department_name': n.tag}) for n in
              tree.all_nodes()]
@@ -396,125 +390,6 @@ class DepartmentCRUD(object):
                 [id_list.append(int(n.identifier))
                  for n in tmp_tree.all_nodes()]
             except Exception as e:
-                current_app.logger.error(str(e))
+                pass
 
         return id_list
-
-
-class EditDepartmentInACL(object):
-
-    @staticmethod
-    def add_department_to_acl(department_id, op_uid):
-        db_department = DepartmentCRUD.get_department_by_id(department_id, to_dict=False)
-        if not db_department:
-            return
-
-        from api.models.acl import Role
-        role = Role.get_by(first=True, name=db_department.department_name, app_id=None)
-
-        acl = ACLManager('acl', str(op_uid))
-        if role is None:
-            payload = {
-                'app_id': 'acl',
-                'name': db_department.department_name,
-            }
-            role = acl.create_role(payload)
-
-        acl_rid = role.get('id') if role else 0
-
-        db_department.update(
-            acl_rid=acl_rid
-        )
-        info = f"add_department_to_acl, acl_rid: {acl_rid}"
-        current_app.logger.info(info)
-        return info
-
-    @staticmethod
-    def delete_department_from_acl(department_rids, op_uid):
-        acl = ACLManager('acl', str(op_uid))
-
-        result = []
-
-        for rid in department_rids:
-            try:
-                acl.delete_role(rid)
-            except Exception as e:
-                result.append(f"delete_department_in_acl, rid: {rid}, error: {e}")
-                continue
-
-        return result
-
-    @staticmethod
-    def edit_department_name_in_acl(d_rid: int, d_name: str, op_uid: int):
-        acl = ACLManager('acl', str(op_uid))
-        payload = {
-            'name': d_name
-        }
-        try:
-            acl.edit_role(d_rid, payload)
-        except Exception as e:
-            return f"edit_department_name_in_acl, rid: {d_rid}, error: {e}"
-
-        return f"edit_department_name_in_acl, rid: {d_rid}, success"
-
-    @staticmethod
-    def edit_employee_department_in_acl(e_list: list, new_d_id: int, op_uid: int):
-        result = []
-        new_department = DepartmentCRUD.get_department_by_id(new_d_id, False)
-        if not new_department:
-            result.append(f"{new_d_id} new_department is None")
-            return result
-
-        from api.models.acl import Role
-        new_role = Role.get_by(first=True, name=new_department.department_name, app_id=None)
-        new_d_rid_in_acl = new_role.get('id') if new_role else 0
-        if new_d_rid_in_acl == 0:
-            return
-
-        if new_d_rid_in_acl != new_department.acl_rid:
-            new_department.update(
-                acl_rid=new_d_rid_in_acl
-            )
-        new_department_acl_rid = new_department.acl_rid if new_d_rid_in_acl == new_department.acl_rid else \
-            new_d_rid_in_acl
-
-        acl = ACLManager('acl', str(op_uid))
-        for employee in e_list:
-            old_department = DepartmentCRUD.get_department_by_id(employee.get('department_id'), False)
-            if not old_department:
-                continue
-            employee_acl_rid = employee.get('e_acl_rid')
-            if employee_acl_rid == 0:
-                result.append(f"employee_acl_rid == 0")
-                continue
-
-            old_role = Role.get_by(first=True, name=old_department.department_name, app_id=None)
-            old_d_rid_in_acl = old_role.get('id') if old_role else 0
-            if old_d_rid_in_acl == 0:
-                return
-            if old_d_rid_in_acl != old_department.acl_rid:
-                old_department.update(
-                    acl_rid=old_d_rid_in_acl
-                )
-            d_acl_rid = old_department.acl_rid if old_d_rid_in_acl == old_department.acl_rid else old_d_rid_in_acl
-            payload = {
-                'app_id': 'acl',
-                'parent_id': d_acl_rid,
-            }
-            try:
-                acl.remove_user_from_role(employee_acl_rid, payload)
-            except Exception as e:
-                result.append(
-                    f"remove_user_from_role employee_acl_rid: {employee_acl_rid}, parent_id: {d_acl_rid}, err: {e}")
-
-            payload = {
-                'app_id': 'acl',
-                'child_ids': [employee_acl_rid],
-            }
-            try:
-                acl.add_user_to_role(new_department_acl_rid, payload)
-            except Exception as e:
-                result.append(
-                    f"add_user_to_role employee_acl_rid: {employee_acl_rid}, parent_id: {d_acl_rid}, err: {e}")
-
-        return result

cmdb-api/api/lib/common_setting/employee.py

@@ -178,7 +178,7 @@ class EmployeeCRUD(object):
     def edit_employee_by_uid(_uid, **kwargs):
         existed = EmployeeCRUD.get_employee_by_uid(_uid)
         try:
-            edit_acl_user(_uid, **kwargs)
+            user = edit_acl_user(_uid, **kwargs)
 
             for column in employee_pop_columns:
                 if kwargs.get(column):
@@ -190,9 +190,9 @@ class EmployeeCRUD(object):
 
     @staticmethod
     def change_password_by_uid(_uid, password):
-        EmployeeCRUD.get_employee_by_uid(_uid)
+        existed = EmployeeCRUD.get_employee_by_uid(_uid)
         try:
-            edit_acl_user(_uid, password=password)
+            user = edit_acl_user(_uid, password=password)
         except Exception as e:
             return abort(400, str(e))
 
@@ -359,11 +359,9 @@ class EmployeeCRUD(object):
 
         if value and column == "last_login":
             try:
-                return datetime.strptime(value, "%Y-%m-%d %H:%M:%S")
+                value = datetime.strptime(value, "%Y-%m-%d %H:%M:%S")
             except Exception as e:
-                err = f"{ErrFormat.datetime_format_error.format(column)}: {str(e)}"
-                abort(400, err)
-        return value
+                abort(400, ErrFormat.datetime_format_error.format(column))
 
     @staticmethod
     def get_attr_by_column(column):
@@ -384,7 +382,7 @@ class EmployeeCRUD(object):
             relation = condition.get("relation", None)
             value = condition.get("value", None)
 
-            value = EmployeeCRUD.check_condition(column, operator, value, relation)
+            EmployeeCRUD.check_condition(column, operator, value, relation)
             a, o = EmployeeCRUD.get_expr_by_condition(
                 column, operator, value, relation)
             and_list += a
@@ -567,125 +565,6 @@ class EmployeeCRUD(object):
             results.append(tmp)
         return results
 
-    @staticmethod
-    def import_employee(employee_list):
-        res = CreateEmployee().batch_create(employee_list)
-        return res
-
-    @staticmethod
-    def batch_edit_employee_department(employee_id_list, column_value):
-        err_list = []
-        employee_list = []
-        for _id in employee_id_list:
-            try:
-                existed = EmployeeCRUD.get_employee_by_id(_id)
-                employee = dict(
-                    e_acl_rid=existed.acl_rid,
-                    department_id=existed.department_id
-                )
-                employee_list.append(employee)
-                existed.update(department_id=column_value)
-
-            except Exception as e:
-                err_list.append({
-                    'employee_id': _id,
-                    'err': str(e),
-                })
-        from api.lib.common_setting.department import EditDepartmentInACL
-        EditDepartmentInACL.edit_employee_department_in_acl(
-            employee_list, column_value, current_user.uid
-        )
-        return err_list
-
-    @staticmethod
-    def batch_edit_password_or_block_column(column_name, employee_id_list, column_value, is_acl=False):
-        if column_name == 'block':
-            err_list = []
-            success_list = []
-            for _id in employee_id_list:
-                try:
-                    employee = EmployeeCRUD.edit_employee_block_column(
-                        _id, is_acl, **{column_name: column_value})
-                    success_list.append(employee)
-                except Exception as e:
-                    err_list.append({
-                        'employee_id': _id,
-                        'err': str(e),
-                    })
-            return err_list
-        else:
-            return EmployeeCRUD.batch_edit_column(column_name, employee_id_list, column_value, is_acl)
-
-    @staticmethod
-    def batch_edit_column(column_name, employee_id_list, column_value, is_acl=False):
-        err_list = []
-        for _id in employee_id_list:
-            try:
-                EmployeeCRUD.edit_employee_single_column(
-                    _id, is_acl, **{column_name: column_value})
-            except Exception as e:
-                err_list.append({
-                    'employee_id': _id,
-                    'err': str(e),
-                })
-
-        return err_list
-
-    @staticmethod
-    def edit_employee_single_column(_id, is_acl=False, **kwargs):
-        existed = EmployeeCRUD.get_employee_by_id(_id)
-        if 'direct_supervisor_id' in kwargs.keys():
-            if kwargs['direct_supervisor_id'] == existed.direct_supervisor_id:
-                raise Exception(ErrFormat.direct_supervisor_is_not_self)
-
-        if is_acl:
-            return edit_acl_user(existed.acl_uid, **kwargs)
-
-        try:
-            for column in employee_pop_columns:
-                if kwargs.get(column):
-                    kwargs.pop(column)
-
-            return existed.update(**kwargs)
-        except Exception as e:
-            return abort(400, str(e))
-
-    @staticmethod
-    def edit_employee_block_column(_id, is_acl=False, **kwargs):
-        existed = EmployeeCRUD.get_employee_by_id(_id)
-        value = get_block_value(kwargs.get('block'))
-        if value is True:
-            check_department_director_id_or_direct_supervisor_id(_id)
-            value = 1
-        else:
-            value = 0
-
-        if is_acl:
-            kwargs['block'] = value
-            edit_acl_user(existed.acl_uid, **kwargs)
-
-        existed.update(block=value)
-        data = existed.to_dict()
-        return data
-
-    @staticmethod
-    def batch_employee(column_name, column_value, employee_id_list):
-        if column_value is None:
-            abort(400, ErrFormat.value_is_required)
-        if column_name in ['password', 'block']:
-            return EmployeeCRUD.batch_edit_password_or_block_column(column_name, employee_id_list, column_value, True)
-
-        elif column_name in ['department_id']:
-            return EmployeeCRUD.batch_edit_employee_department(employee_id_list, column_value)
-
-        elif column_name in [
-            'direct_supervisor_id', 'position_name'
-        ]:
-            return EmployeeCRUD.batch_edit_column(column_name, employee_id_list, column_value, False)
-
-        else:
-            abort(400, ErrFormat.column_name_not_support)
-
 
 def get_user_map(key='uid', acl=None):
     """
@@ -762,8 +641,7 @@ class CreateEmployee(object):
             **kwargs
         )
 
-    @staticmethod
-    def get_department_by_name(d_name):
+    def get_department_by_name(self, d_name):
         return Department.get_by(first=True, department_name=d_name)
 
     def get_end_department_id(self, department_name_list, department_name_map):

cmdb-api/api/lib/common_setting/notice_config.py

@@ -162,4 +162,4 @@ class NoticeConfigUpdateForm(Form):
     info = StringField(validators=[
         validators.DataRequired(message="信息 不能为空"),
         validators.Length(max=255),
-    ])
+    ])

cmdb-api/api/lib/database.py

@@ -10,18 +10,14 @@ from api.lib.exception import CommitException
 
 class FormatMixin(object):
     def to_dict(self):
-        res = dict()
-        for k in getattr(self, "__mapper__").c.keys():
-            if k in {'password', '_password', 'secret', '_secret'}:
-                continue
+        res = dict([(k, getattr(self, k) if not isinstance(
+            getattr(self, k), (datetime.datetime, datetime.date, datetime.time)) else str(
+            getattr(self, k))) for k in getattr(self, "__mapper__").c.keys()])
+        # FIXME: getattr(cls, "__table__").columns  k.name
 
-            if k.startswith('_'):
-                k = k[1:]
-
-            if not isinstance(getattr(self, k), (datetime.datetime, datetime.date, datetime.time)):
-                res[k] = getattr(self, k)
-            else:
-                res[k] = str(getattr(self, k))
+        res.pop('password', None)
+        res.pop('_password', None)
+        res.pop('secret', None)
 
         return res
     

cmdb-api/api/lib/perm/acl/resource.py

@@ -276,6 +276,7 @@ class ResourceCRUD(object):
 
         from api.tasks.acl import apply_trigger
         triggers = TriggerCRUD.match_triggers(app_id, r.name, r.resource_type_id, uid)
+        current_app.logger.info(triggers)
         for trigger in triggers:
             # auto trigger should be no uid
             apply_trigger.apply_async(args=(trigger.id,),

cmdb-api/api/lib/secrets/inner.py

@@ -65,8 +65,7 @@ class KeyManage:
             self.backend = Backend(backend)
 
     def init_app(self, app, backend=None):
-        if (sys.argv[0].endswith("gunicorn") or
-                (len(sys.argv) > 1 and sys.argv[1] in ("run", "cmdb-password-data-migrate"))):
+        if sys.argv[0].endswith("gunicorn") or (len(sys.argv) > 1 and sys.argv[1] == "run"):
             self.trigger = app.config.get("INNER_TRIGGER_TOKEN")
             if not self.trigger:
                 return

cmdb-api/api/lib/utils.py

@@ -12,9 +12,6 @@ from Crypto.Cipher import AES
 from elasticsearch import Elasticsearch
 from flask import current_app
 
-from api.lib.secrets.inner import InnerCrypt
-from api.lib.secrets.inner import KeyManage
-
 
 class BaseEnum(object):
     _ALL_ = set()  # type: Set[str]
@@ -289,33 +286,3 @@ class AESCrypto(object):
         text_decrypted = cipher.decrypt(encode_bytes)
 
         return cls.unpad(text_decrypted).decode('utf8')
-
-
-class Crypto(AESCrypto):
-    @classmethod
-    def encrypt(cls, data):
-        from api.lib.secrets.secrets import InnerKVManger
-
-        if not KeyManage(backend=InnerKVManger()).is_seal():
-            res, status = InnerCrypt().encrypt(data)
-            if status:
-                return res
-
-        return AESCrypto().encrypt(data)
-
-    @classmethod
-    def decrypt(cls, data):
-        from api.lib.secrets.secrets import InnerKVManger
-
-        if not KeyManage(backend=InnerKVManger()).is_seal():
-            try:
-                res, status = InnerCrypt().decrypt(data)
-                if status:
-                    return res
-            except:
-                pass
-
-        try:
-            return AESCrypto().decrypt(data)
-        except:
-            return data

cmdb-api/api/models/cmdb.py

@@ -12,9 +12,7 @@ from api.lib.cmdb.const import CITypeOperateType
 from api.lib.cmdb.const import ConstraintEnum
 from api.lib.cmdb.const import OperateType
 from api.lib.cmdb.const import ValueTypeEnum
-from api.lib.database import Model
-from api.lib.database import Model2
-from api.lib.utils import Crypto
+from api.lib.database import Model, Model2
 
 
 # template
@@ -91,37 +89,13 @@ class Attribute(Model):
     compute_expr = db.Column(db.Text)
     compute_script = db.Column(db.Text)
 
-    _choice_web_hook = db.Column('choice_web_hook', db.JSON)
+    choice_web_hook = db.Column(db.JSON)
     choice_other = db.Column(db.JSON)
 
     uid = db.Column(db.Integer, index=True)
 
     option = db.Column(db.JSON)
 
-    def _get_webhook(self):
-        if self._choice_web_hook:
-            if self._choice_web_hook.get('headers') and "Cookie" in self._choice_web_hook['headers']:
-                self._choice_web_hook['headers']['Cookie'] = Crypto.decrypt(self._choice_web_hook['headers']['Cookie'])
-
-            if self._choice_web_hook.get('authorization'):
-                for k, v in self._choice_web_hook['authorization'].items():
-                    self._choice_web_hook['authorization'][k] = Crypto.decrypt(v)
-
-        return self._choice_web_hook
-
-    def _set_webhook(self, data):
-        if data:
-            if data.get('headers') and "Cookie" in data['headers']:
-                data['headers']['Cookie'] = Crypto.encrypt(data['headers']['Cookie'])
-
-            if data.get('authorization'):
-                for k, v in data['authorization'].items():
-                    data['authorization'][k] = Crypto.encrypt(v)
-
-        self._choice_web_hook = data
-
-    choice_web_hook = db.synonym("_choice_web_hook", descriptor=property(_get_webhook, _set_webhook))
-
 
 class CITypeAttribute(Model):
     __tablename__ = "c_ci_type_attributes"
@@ -156,25 +130,7 @@ class CITypeTrigger(Model):
 
     type_id = db.Column(db.Integer, db.ForeignKey('c_ci_types.id'), nullable=False)
     attr_id = db.Column(db.Integer, db.ForeignKey("c_attributes.id"))
-    _option = db.Column('notify', db.JSON)
-
-    def _get_option(self):
-        if self._option and self._option.get('webhooks'):
-            if self._option['webhooks'].get('authorization'):
-                for k, v in self._option['webhooks']['authorization'].items():
-                    self._option['webhooks']['authorization'][k] = Crypto.decrypt(v)
-
-        return self._option
-
-    def _set_option(self, data):
-        if data and data.get('webhooks'):
-            if data['webhooks'].get('authorization'):
-                for k, v in data['webhooks']['authorization'].items():
-                    data['webhooks']['authorization'][k] = Crypto.encrypt(v)
-
-        self._option = data
-
-    option = db.synonym("_option", descriptor=property(_get_option, _set_option))
+    option = db.Column('notify', db.JSON)
 
 
 class CITriggerHistory(Model):

cmdb-api/api/views/common_setting/common_data.py

@@ -24,12 +24,12 @@ class DataView(APIView):
 class DataViewWithId(APIView):
     url_prefix = (f'{prefix}/<string:data_type>/<int:_id>',)
 
-    def put(self, _id):
+    def put(self, data_type, _id):
         params = request.json
         res = CommonDataCRUD.update_data(_id, **params)
 
         return self.jsonify(res.to_dict())
 
-    def delete(self, _id):
+    def delete(self, data_type, _id):
         CommonDataCRUD.delete(_id)
         return self.jsonify({})

cmdb-api/api/views/common_setting/company_info.py

@@ -1,7 +1,9 @@
 # -*- coding:utf-8 -*-
+from flask import abort
 from flask import request
 
 from api.lib.common_setting.company_info import CompanyInfoCRUD
+from api.lib.common_setting.resp_format import ErrFormat
 from api.resource import APIView
 
 prefix = '/company'

cmdb-api/api/views/common_setting/employee.py

@@ -1,5 +1,7 @@
 # -*- coding:utf-8 -*-
-from flask import abort
+import os
+
+from flask import abort, current_app, send_from_directory
 from flask import request
 from werkzeug.datastructures import MultiDict
 

cmdb-api/api/views/common_setting/notice_config.py

@@ -47,7 +47,7 @@ class CheckEmailServer(APIView):
 
     def post(self):
         receive_address = request.args.get('receive_address')
-        info = request.values.get('info', {})
+        info = request.values.get('info')
 
         try:
 

cmdb-api/requirements.txt

@@ -12,7 +12,7 @@ Flask==2.3.2
 Flask-Bcrypt==1.0.1
 Flask-Caching==2.0.2
 Flask-Cors==4.0.0
-Flask-Login>=0.6.2
+Flask-Login==0.6.2
 Flask-Migrate==2.5.2
 Flask-RESTful==0.3.10
 Flask-SQLAlchemy==2.5.0
@@ -29,8 +29,8 @@ MarkupSafe==2.1.3
 marshmallow==2.20.2
 more-itertools==5.0.0
 msgpack-python==0.5.6
-Pillow>=10.0.1
-cryptography>=41.0.2
+Pillow==9.3.0
+cryptography==41.0.2
 PyJWT==2.4.0
 PyMySQL==1.1.0
 ldap3==2.9.1
@@ -45,7 +45,7 @@ supervisor==4.0.3
 timeout-decorator==0.5.0
 toposort==1.10
 treelib==1.6.1
-Werkzeug>=2.3.6
+Werkzeug==2.3.6
 WTForms==3.0.0
 shamir~=17.12.0
 hvac~=2.0.0

cmdb-ui/package.json

@@ -20,7 +20,7 @@
     "@wangeditor/editor": "^5.1.23",
     "@wangeditor/editor-for-vue": "^1.0.0",
     "ant-design-vue": "^1.6.5",
-    "axios": "1.6.0",
+    "axios": "0.18.0",
     "babel-eslint": "^8.2.2",
     "butterfly-dag": "^4.3.26",
     "codemirror": "^5.65.13",
@@ -63,15 +63,14 @@
   },
   "devDependencies": {
     "@ant-design/colors": "^3.2.2",
-    "@babel/core": "^7.23.2",
     "@babel/polyfill": "^7.2.5",
-    "@babel/preset-env": "^7.23.2",
     "@vue/cli-plugin-babel": "4.5.17",
     "@vue/cli-plugin-eslint": "^4.0.5",
     "@vue/cli-plugin-unit-jest": "^4.0.5",
     "@vue/cli-service": "^4.0.5",
     "@vue/eslint-config-standard": "^4.0.0",
     "@vue/test-utils": "^1.0.0-beta.30",
+    "babel-core": "7.0.0-bridge.0",
     "babel-jest": "^23.6.0",
     "babel-plugin-import": "^1.11.0",
     "babel-plugin-transform-remove-console": "^6.9.4",

docs/cmdb.sql

@@ -239,6 +239,11 @@ CREATE TABLE `acl_operation_records` (
 -- Dumping data for table `acl_operation_records`
 --
 
+LOCK TABLES `acl_operation_records` WRITE;
+/*!40000 ALTER TABLE `acl_operation_records` DISABLE KEYS */;
+INSERT INTO `acl_operation_records` VALUES (NULL,0,'2023-07-11 16:48:37',NULL,11,'backend','cmdb_agent','1','[\"resources\"]'),(NULL,0,'2023-07-11 16:49:09',NULL,12,'backend','cmdb_agent','1','[\"resources\"]'),(NULL,0,'2023-07-11 16:49:21',NULL,13,NULL,'admin','0','[\"ACL\"]'),(NULL,0,'2023-07-11 16:49:22',NULL,14,'backend','cmdb_agent','1','[\"resources\"]'),(NULL,0,'2023-07-11 16:50:38',NULL,15,NULL,'admin','0','[\"ACL\"]'),(NULL,0,'2023-07-11 16:50:38',NULL,16,'backend','cmdb_agent','1','[\"resources\"]'),(NULL,0,'2023-07-11 16:57:53',NULL,17,'backend','cmdb_agent','1','[\"resources\"]'),(NULL,0,'2023-07-11 17:08:22',NULL,18,'backend','cmdb_agent','1','[\"resources\"]'),(NULL,0,'2023-07-11 17:12:20',NULL,19,'backend','cmdb_agent','1','[\"resources\"]'),(NULL,0,'2023-07-11 17:12:24',NULL,20,'backend','cmdb_agent','1','[\"resources\"]'),(NULL,0,'2023-07-11 17:13:11',NULL,21,'backend','cmdb_agent','1','[\"resources\"]'),(NULL,0,'2023-07-11 17:15:17',NULL,22,'backend','cmdb_agent','1','[\"resources\"]'),(NULL,0,'2023-07-11 17:22:31',NULL,23,NULL,'admin','0','[\"ACL\"]'),(NULL,0,'2023-07-11 17:22:31',NULL,24,'backend','cmdb_agent','1','[\"resources\"]'),(NULL,0,'2023-07-11 17:27:19',NULL,25,'backend','cmdb_agent','1','[\"resources\"]'),(NULL,0,'2023-07-11 17:28:49',NULL,26,'backend','cmdb_agent','1','[\"resources\"]'),(NULL,0,'2023-07-11 17:36:06',NULL,27,'backend','cmdb_agent','1','[\"resources\"]'),(NULL,0,'2023-07-11 17:36:10',NULL,28,'backend','cmdb_agent','1','[\"resources\"]'),(NULL,0,'2023-07-11 17:37:06',NULL,29,'backend','cmdb_agent','1','[\"resources\"]'),(NULL,0,'2023-07-11 17:39:05',NULL,30,'backend','cmdb_agent','1','[\"resources\"]'),(NULL,0,'2023-07-11 17:39:10',NULL,31,'backend','cmdb_agent','1','[\"resources\"]'),(NULL,0,'2023-07-11 17:46:52',NULL,32,'backend','cmdb_agent','1','[\"resources\"]'),(NULL,0,'2023-07-11 17:54:00',NULL,33,'backend','cmdb_agent','1','[\"resources\"]'),(NULL,0,'2023-07-11 18:03:56',NULL,34,NULL,'admin','0','[\"ACL\"]'),(NULL,0,'2023-07-11 18:03:56',NULL,35,'backend','cmdb_agent','1','[\"resources\"]'),(NULL,0,'2023-07-11 18:03:57',NULL,36,'backend','cmdb_agent','1','[\"resources\"]');
+/*!40000 ALTER TABLE `acl_operation_records` ENABLE KEYS */;
+UNLOCK TABLES;
 
 --
 -- Table structure for table `acl_permissions`
@@ -654,6 +659,12 @@ CREATE TABLE `c_ad_ci_types` (
 -- Dumping data for table `c_ad_ci_types`
 --
 
+LOCK TABLES `c_ad_ci_types` WRITE;
+/*!40000 ALTER TABLE `c_ad_ci_types` DISABLE KEYS */;
+INSERT INTO `c_ad_ci_types` VALUES (NULL,0,'2023-07-11 17:11:52',NULL,2,4,9,NULL,NULL,0,NULL,NULL,300,NULL,NULL,1),(NULL,0,'2023-07-11 17:19:23','2023-07-11 17:19:25',3,5,10,'{}',NULL,0,'','',300,NULL,NULL,1);
+/*!40000 ALTER TABLE `c_ad_ci_types` ENABLE KEYS */;
+UNLOCK TABLES;
+
 --
 -- Table structure for table `c_ad_rules`
 --
@@ -2237,7 +2248,7 @@ CREATE TABLE `users` (
 
 LOCK TABLES `users` WRITE;
 /*!40000 ALTER TABLE `users` DISABLE KEYS */;
-INSERT INTO `users` VALUES (NULL,0,1,'admin','admin',NULL,NULL,'admin@one-ops.com',NULL,'e10adc3949ba59abbe56e057f20f883e','','',NULL,'2023-07-11 18:03:55',0,1,NULL,'0001',NULL,NULL),(NULL,0,2,'cmdb_agent','cmdb_agent',NULL,NULL,'cmdb_agent@one-ops.com',NULL,NULL,'ef086550acb543828d9930d15b21a037','U~83O&PT2Qxsd1$H9df2v#*FcsiG1l?n',NULL,NULL,0,NULL,NULL,'0002',NULL,NULL),(NULL,0,3,'worker','worker',NULL,NULL,'worker@one-ops.com',NULL,'b34cd51b4a6e2f96547e4aeb81566a83','0577dfa24e4547ad91bfb23b62951845','~0g7tkFG$@wdHKe*r2rYu2RC2v1?d8I5',NULL,NULL,0,NULL,NULL,'0003',NULL,NULL),(NULL,0,46,'demo','demo',NULL,NULL,'demo@veops.cn',NULL,'e10adc3949ba59abbe56e057f20f883e','0ec692fb318b47e4b739c241d56c12e7','JDcAc563I4L47ji2R?fah1dZ6KPb!Ty0','2023-07-10 08:19:01','2023-07-11 16:30:42',0,1,NULL,'0004',NULL,NULL);
+INSERT INTO `users` VALUES (NULL,0,1,'admin','admin',NULL,NULL,'admin@one-ops.com',NULL,'e10adc3949ba59abbe56e057f20f883e','','',NULL,'2023-07-11 18:03:55',0,1,NULL,'0000',NULL,NULL),(NULL,0,2,'cmdb_agent','cmdb_agent',NULL,NULL,'cmdb_agent@one-ops.com',NULL,NULL,'ef086550acb543828d9930d15b21a037','U~83O&PT2Qxsd1$H9df2v#*FcsiG1l?n',NULL,NULL,0,NULL,NULL,NULL,NULL,NULL),(NULL,0,3,'worker','worker',NULL,NULL,'worker@one-ops.com',NULL,'b34cd51b4a6e2f96547e4aeb81566a83','0577dfa24e4547ad91bfb23b62951845','~0g7tkFG$@wdHKe*r2rYu2RC2v1?d8I5',NULL,NULL,0,NULL,NULL,NULL,NULL,NULL),(NULL,0,46,'demo','demo',NULL,NULL,'demo@veops.cn',NULL,'e10adc3949ba59abbe56e057f20f883e','0ec692fb318b47e4b739c241d56c12e7','JDcAc563I4L47ji2R?fah1dZ6KPb!Ty0','2023-07-10 08:19:01','2023-07-11 16:30:42',0,1,NULL,'0036',NULL,NULL);
 /*!40000 ALTER TABLE `users` ENABLE KEYS */;
 UNLOCK TABLES;
 /*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */;