B f*@s:ddlmZmZddlTddlmZGdddejZdS))datetime timedelta)*) cmf_auditc seZdZdZejjdgZddZfddZe d!d d Z e ddZ e ddZ e fddZe fddZe fddZe fddZe edddddddZdd ZZS)"CmfAuditT audit_eventcOstddddS)Nu>Невозможно удалить запись Аудита!T)abort) cmf_alert)selfargskwargsr ./cmf/models/cmf_audit.pydelete szCmfAudit.deletecs,|jr|tj||StddddS)NuJНевозможно редактировать запись Аудита!T)r)Zis_new _log_ib_auditsupersaver )r r r ) __class__r rrsz CmfAudit.saveokNFrc  Cstjr dS|r(t|tr|} qH|jj} n tjr:tjjj} ntj jj} | } tj rbtj j rbtj j } |rt|tst t |tjjr|}q|jj}n| }|s|}|dr| }|dkrd}d}tjrtjd}|sg}| dkr|dkrd} d|}| dkr|dkrd } d |}| dkrPt|jd ksBt|jd krPd } d|}| r| dkrtjrtjtj krd|}d } |||| ||||||| | d }| rtjf|}t|WdQRXdStj|dS)Nz CmfAudit:ruТаблица Аудитаr) CmfPersonZuser_) ZCmfPersonGroupZCmfRoleZ CmfOrgUnitZCmfProjectRoleZCmfProjectPermSchemeRuleZCmfProjectPermSchemeZ CmfAccessListZ CmfAccessRuleZCmfSecurityLevelRuleZCmfSecurityLevelSchemeZCmfSecurityLevelZperm_)defaultZstaticZno_aclrZcfg_Zadmin_) operatecmf_model_name result_status cmf_authorparent client_ip audit_datahtml_diff_data parent_name parent_codesecurity_levelZ real_user)gZ import_mode isinstancestridvalue current_usermodelsrZ system_personZsession real_user_id issubclasstypeZcmffieldsZCmfStr startswithZrequestZ access_routecmfutilZget_model_by_nameZacl_typeZacl_default_user_policyZacl_admin_modeZcurrent_personr disable_aclrdeferred_audit_listappend)rrrrrr!r"r#r$Zcurrent_transactionr%Zcheck_is_adminZ cmf_author_idr-Z parent_idr r Zauditr r rrsv         &   zCmfAudit.audit_eventc CsttbxZtjD]P}|dd}|r>t|tr>tj|dd}|sJ|d}||d<tj f| qWWdQRXdS)NrT)Zinclude_deletedr) r2r3r&r4getr'r(Z get_obj_by_idr,rr)clsr rr r rapply_deferred_auditvs   zCmfAudit.apply_deferred_auditcCstjjddstddddS)NZIBAdmins)Z group_codeuПросматривать Аудит безопасности разрешено только Администраторам ИБ из группы IBAdminsT)r)r&r+Zin_person_groupr )r7r r r_check_perm_admin_ibszCmfAudit._check_perm_admin_ibcsJd|krg|d<|ddtj||}|rF|djdkrF||S)Nr0r%r)r5rlistr%r9)r7r r res)rr rr:sz CmfAudit.listcsJd|krg|d<|ddtj||}|rF|djdkrF||S)Nr0r%r)r5rslistr%r9)r7r r r;)rr rr<szCmfAudit.slistcsFd|krg|d<|ddtj||}|rB|jdkrB||S)Nr0r%r)r5rr6r%r9)r7r r r;)rr rr6sz CmfAudit.getcsFd|krg|d<|ddtj||}|rB|jdkrB||S)Nr0r%r)r5rsgetr%r9)r7r r r;)rr rr=sz CmfAudit.sgetu4Удаление устаревшего аудитаz@daily)Z only_once descriptionZ system_jobZschedulecCsntjjj}|sdStt|d}dd|g}x:tjj |ddgd}|sJPx|D] }| qPWt q0WdS)N)Zdayscmf_created_at 1  z operate=z id=z cmf_model_name=z result_status=z cmf_author=z obj=z client_ip=z security_level_str=z obj_name=z obj_code=z audit_data=z html_diff_data= za+uОшибка аудита: )!socketr%Z gethostnameZ gethostbynamechoicesr?r*Z isoformatr rrrrrr#r$r!r"r)replaceZconfigZ IB_AUDIT_FILEopenwriteZIB_AUDIT_RSYSLOG_HOSTZIB_AUDIT_RSYSLOG_PORTZAF_INETZ SOCK_DGRAMZsendtoencodeint Exceptionr )r rGZhostnameZ ip_addressZ vendor_nameZ product_namer%Zsecurity_level_strZdtr rrrrobjZobj_nameZobj_coder!r"r)messagefser r rrsH   (  *zCmfAudit._log_ib_audit) rNNNrNNFrT)__name__ __module__ __qualname__Z api_allowrrZ api_methodsrr staticmethodr classmethodr8r9r:r<r6r=Zcmf_deferred_jobrDr __classcell__r r )rrrs$  ]     rN)rrZ cmf.includeZ cmf.fieldsrrr r r rs