diff --git a/apps/assets/serializers/asset.py b/apps/assets/serializers/asset.py index f36aaa9a0..b83a6067c 100644 --- a/apps/assets/serializers/asset.py +++ b/apps/assets/serializers/asset.py @@ -8,12 +8,11 @@ from django.utils.translation import ugettext_lazy as _ from orgs.mixins import BulkOrgResourceModelSerializer from common.serializers import AdaptedBulkListSerializer from ..models import Asset, Protocol -from .system_user import AssetSystemUserSerializer from .base import ConnectivitySerializer __all__ = [ - 'AssetSerializer', 'AssetGrantedSerializer', 'AssetSimpleSerializer', - 'ProtocolSerializer', + 'AssetSerializer', 'AssetSimpleSerializer', + 'ProtocolSerializer', 'ProtocolsRelatedField', ] @@ -147,30 +146,6 @@ class AssetSerializer(BulkOrgResourceModelSerializer): # fields = ['id', 'hostname', 'ip', 'platform', 'protocols'] -class AssetGrantedSerializer(serializers.ModelSerializer): - """ - 被授权资产的数据结构 - """ - protocols = ProtocolsRelatedField( - many=True, queryset=Protocol.objects.all(), label=_("Protocols") - ) - system_users_granted = AssetSystemUserSerializer(many=True, read_only=True) - system_users_join = serializers.SerializerMethodField() - # nodes = NodeTMPSerializer(many=True, read_only=True) - - class Meta: - model = Asset - fields = ( - "id", "hostname", "ip", "protocols", - "system_users_granted", "is_active", "system_users_join", "os", - 'domain', "platform", "comment", "org_id", "org_name", - ) - - @staticmethod - def get_system_users_join(obj): - system_users = [s.username for s in obj.system_users_granted] - return ', '.join(system_users) - # class MyAssetGrantedSerializer(AssetGrantedSerializer): # """ diff --git a/apps/assets/serializers/system_user.py b/apps/assets/serializers/system_user.py index 5b15f9d7b..0caffd2fc 100644 --- a/apps/assets/serializers/system_user.py +++ b/apps/assets/serializers/system_user.py @@ -46,17 +46,7 @@ class SystemUserAuthSerializer(AuthSerializer): ] -class AssetSystemUserSerializer(serializers.ModelSerializer): - """ - 查看授权的资产系统用户的数据结构,这个和AssetSerializer不同,字段少 - """ - class Meta: - model = SystemUser - fields = ( - 'id', 'name', 'username', 'priority', - 'protocol', 'comment', 'login_mode', - ) class SystemUserSimpleSerializer(serializers.ModelSerializer): diff --git a/apps/perms/api/user_group_permission.py b/apps/perms/api/user_group_permission.py index 841a82096..4d59c13a7 100644 --- a/apps/perms/api/user_group_permission.py +++ b/apps/perms/api/user_group_permission.py @@ -8,14 +8,12 @@ from rest_framework.generics import ( from common.permissions import IsOrgAdmin, IsOrgAdminOrAppUser from common.tree import TreeNodeSerializer -from orgs.utils import set_to_root_org from ..utils import ( AssetPermissionUtil, parse_asset_to_tree_node, parse_node_to_tree_node, RemoteAppPermissionUtil, ) from ..hands import ( - AssetGrantedSerializer, UserGroup, Node, NodeSerializer, - RemoteAppSerializer, + UserGroup, Node, NodeSerializer, RemoteAppSerializer, ) from .. import serializers, const @@ -30,7 +28,7 @@ __all__ = [ class UserGroupGrantedAssetsApi(ListAPIView): permission_classes = (IsOrgAdmin,) - serializer_class = AssetGrantedSerializer + serializer_class = serializers.AssetGrantedSerializer def get_queryset(self): user_group_id = self.kwargs.get('pk', '') @@ -120,7 +118,7 @@ class UserGroupGrantedNodesWithAssetsAsTreeApi(ListAPIView): class UserGroupGrantedNodeAssetsApi(ListAPIView): permission_classes = (IsOrgAdminOrAppUser,) - serializer_class = AssetGrantedSerializer + serializer_class = serializers.AssetGrantedSerializer def get_queryset(self): user_group_id = self.kwargs.get('pk', '') diff --git a/apps/perms/api/user_permission.py b/apps/perms/api/user_permission.py index 4092fb2f7..701c68327 100644 --- a/apps/perms/api/user_permission.py +++ b/apps/perms/api/user_permission.py @@ -20,7 +20,7 @@ from ..utils import ( construct_remote_apps_tree_root, parse_remote_app_to_tree_node, ) from ..hands import ( - User, Asset, Node, SystemUser, RemoteApp, AssetGrantedSerializer, + User, Asset, Node, SystemUser, RemoteApp, NodeSerializer, RemoteAppSerializer, ) from .. import serializers, const @@ -129,7 +129,7 @@ class UserGrantedAssetsApi(UserPermissionCacheMixin, AssetsFilterMixin, ListAPIV 用户授权的所有资产 """ permission_classes = (IsOrgAdminOrAppUser,) - serializer_class = AssetGrantedSerializer + serializer_class = serializers.AssetGrantedSerializer pagination_class = LimitOffsetPagination def get_object(self): @@ -146,7 +146,10 @@ class UserGrantedAssetsApi(UserPermissionCacheMixin, AssetsFilterMixin, ListAPIV util = AssetPermissionUtil(user, cache_policy=self.cache_policy) assets = util.get_assets() for k, v in assets.items(): - system_users_granted = [s for s in v if k.has_protocol(s.protocol)] + system_users_granted = [] + for system_user, actions in v.items(): + system_user.actions = actions + system_users_granted.append(system_user) k.system_users_granted = system_users_granted queryset.append(k) return queryset @@ -281,7 +284,7 @@ class UserGrantedNodeAssetsApi(UserPermissionCacheMixin, AssetsFilterMixin, List 查询用户授权的节点下的资产的api, 与上面api不同的是,只返回某个节点下的资产 """ permission_classes = (IsOrgAdminOrAppUser,) - serializer_class = AssetGrantedSerializer + serializer_class = serializers.AssetGrantedSerializer pagination_class = LimitOffsetPagination def get_object(self): diff --git a/apps/perms/hands.py b/apps/perms/hands.py index 1195abf35..bbdc01e1e 100644 --- a/apps/perms/hands.py +++ b/apps/perms/hands.py @@ -3,9 +3,7 @@ from users.models import User, UserGroup from assets.models import Asset, SystemUser, Node -from assets.serializers import ( - AssetGrantedSerializer, NodeSerializer -) +from assets.serializers import NodeSerializer from applications.serializers import RemoteAppSerializer from applications.models import RemoteApp diff --git a/apps/perms/serializers/__init__.py b/apps/perms/serializers/__init__.py index 129901afc..1d099cb33 100644 --- a/apps/perms/serializers/__init__.py +++ b/apps/perms/serializers/__init__.py @@ -2,4 +2,5 @@ # from .asset_permission import * +from .user_permission import * from .remote_app_permission import * diff --git a/apps/perms/serializers/asset_permission.py b/apps/perms/serializers/asset_permission.py index 73fe8f081..5a770b527 100644 --- a/apps/perms/serializers/asset_permission.py +++ b/apps/perms/serializers/asset_permission.py @@ -1,20 +1,16 @@ # -*- coding: utf-8 -*- # -from functools import reduce from rest_framework import serializers from common.fields import StringManyToManyField from orgs.mixins import BulkOrgResourceModelSerializer -from perms.models import AssetPermission, Action, ActionFlag -from assets.models import Node -from assets.serializers import AssetGrantedSerializer +from perms.models import AssetPermission, ActionFlag __all__ = [ 'AssetPermissionCreateUpdateSerializer', 'AssetPermissionListSerializer', 'AssetPermissionUpdateUserSerializer', 'AssetPermissionUpdateAssetSerializer', - 'AssetPermissionNodeSerializer', 'GrantedNodeSerializer', - 'NodeGrantedSerializer', + 'ActionField', ] @@ -72,87 +68,3 @@ class AssetPermissionUpdateAssetSerializer(serializers.ModelSerializer): class Meta: model = AssetPermission fields = ['id', 'assets'] - - -class AssetPermissionNodeSerializer(serializers.ModelSerializer): - asset = AssetGrantedSerializer(required=False) - assets_amount = serializers.SerializerMethodField() - - tree_id = serializers.SerializerMethodField() - tree_parent = serializers.SerializerMethodField() - - class Meta: - model = Node - fields = [ - 'id', 'key', 'value', 'asset', 'is_node', 'org_id', - 'tree_id', 'tree_parent', 'assets_amount', - ] - - @staticmethod - def get_assets_amount(obj): - return obj.assets_amount - - @staticmethod - def get_tree_id(obj): - return obj.key - - @staticmethod - def get_tree_parent(obj): - return obj.parent_key - - -class NodeGrantedSerializer(serializers.ModelSerializer): - """ - 授权资产组 - """ - assets_granted = AssetGrantedSerializer(many=True, read_only=True) - assets_amount = serializers.SerializerMethodField() - parent = serializers.SerializerMethodField() - name = serializers.SerializerMethodField() - - class Meta: - model = Node - fields = [ - 'id', 'key', 'name', 'value', 'parent', - 'assets_granted', 'assets_amount', 'org_id', - ] - - @staticmethod - def get_assets_amount(obj): - return len(obj.assets_granted) - - @staticmethod - def get_name(obj): - return obj.name - - @staticmethod - def get_parent(obj): - return obj.parent.id - - -class GrantedNodeSerializer(serializers.ModelSerializer): - class Meta: - model = Node - fields = [ - 'id', 'name', 'key', 'value', - ] - - -# class GrantedAssetSerializer(serializers.ModelSerializer): -# protocols = ProtocolSerializer(many=True) -# -# class Meta: -# model = Asset -# fields = [ -# 'id', 'hostname', 'ip', 'protocols', 'port', 'protocol', -# 'platform', 'domain', 'is_active', 'comment' -# ] - - -# class GrantedSystemUserSerializer(serializers.ModelSerializer): -# class Meta: -# model = SystemUser -# fields = [ -# 'id', 'name', 'username', 'protocol', 'priority', -# 'login_mode', 'comment' -# ] diff --git a/apps/perms/serializers/user_permission.py b/apps/perms/serializers/user_permission.py new file mode 100644 index 000000000..1653667b6 --- /dev/null +++ b/apps/perms/serializers/user_permission.py @@ -0,0 +1,113 @@ +# -*- coding: utf-8 -*- +# + +from rest_framework import serializers + +from assets.models import Node, SystemUser +from assets.serializers import AssetSerializer + +from .asset_permission import ActionField + +__all__ = [ + 'AssetPermissionNodeSerializer', 'GrantedNodeSerializer', + 'NodeGrantedSerializer', 'AssetGrantedSerializer', +] + + +class AssetSystemUserSerializer(serializers.ModelSerializer): + """ + 查看授权的资产系统用户的数据结构,这个和AssetSerializer不同,字段少 + """ + actions = ActionField(read_only=True) + + class Meta: + model = SystemUser + fields = ( + 'id', 'name', 'username', 'priority', "actions", + 'protocol', 'login_mode', + ) + + +class AssetGrantedSerializer(AssetSerializer): + """ + 被授权资产的数据结构 + """ + system_users_granted = AssetSystemUserSerializer(many=True, read_only=True) + system_users_join = serializers.SerializerMethodField() + + @staticmethod + def get_system_users_join(obj): + system_users = [s.username for s in obj.system_users_granted] + return ', '.join(system_users) + + def get_field_names(self, declared_fields, info): + fields = ( + "id", "hostname", "ip", "protocols", + "system_users_granted", "is_active", "system_users_join", "os", + 'domain', "platform", "comment", "org_id", "org_name", + ) + return fields + + +class AssetPermissionNodeSerializer(serializers.ModelSerializer): + asset = AssetGrantedSerializer(required=False) + assets_amount = serializers.SerializerMethodField() + + tree_id = serializers.SerializerMethodField() + tree_parent = serializers.SerializerMethodField() + + class Meta: + model = Node + fields = [ + 'id', 'key', 'value', 'asset', 'is_node', 'org_id', + 'tree_id', 'tree_parent', 'assets_amount', + ] + + @staticmethod + def get_assets_amount(obj): + return obj.assets_amount + + @staticmethod + def get_tree_id(obj): + return obj.key + + @staticmethod + def get_tree_parent(obj): + return obj.parent_key + + +class NodeGrantedSerializer(serializers.ModelSerializer): + """ + 授权资产组 + """ + assets_granted = AssetGrantedSerializer(many=True, read_only=True) + assets_amount = serializers.SerializerMethodField() + parent = serializers.SerializerMethodField() + name = serializers.SerializerMethodField() + + class Meta: + model = Node + fields = [ + 'id', 'key', 'name', 'value', 'parent', + 'assets_granted', 'assets_amount', 'org_id', + ] + + @staticmethod + def get_assets_amount(obj): + return len(obj.assets_granted) + + @staticmethod + def get_name(obj): + return obj.name + + @staticmethod + def get_parent(obj): + return obj.parent.id + + +class GrantedNodeSerializer(serializers.ModelSerializer): + class Meta: + model = Node + fields = [ + 'id', 'name', 'key', 'value', + ] \ No newline at end of file