From 6a32ac4699206fd1b7a4ba78dad47fa63fee023d Mon Sep 17 00:00:00 2001 From: "Jiangjie.Bai" Date: Fri, 14 Oct 2022 17:53:54 +0800 Subject: [PATCH] =?UTF-8?q?refactor:=20=E7=BB=A7=E7=BB=AD=E6=8E=88?= =?UTF-8?q?=E6=9D=83=E6=B7=BB=E5=8A=A0=E6=8E=88=E6=9D=83=E8=B4=A6=E5=8F=B7?= =?UTF-8?q?=E5=B7=A5=E5=85=B7?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/perms/utils/account.py | 60 ++++++++++++++++++++++++++++--------- apps/users/models/user.py | 15 ---------- 2 files changed, 46 insertions(+), 29 deletions(-) diff --git a/apps/perms/utils/account.py b/apps/perms/utils/account.py index 2734c1423..9db8a175f 100644 --- a/apps/perms/utils/account.py +++ b/apps/perms/utils/account.py @@ -10,9 +10,20 @@ class PermAccountUtil(object): def get_user_perm_asset_accounts(self, user, asset, with_actions=False): """ 获取授权给用户某个资产的账号 """ - aid_actions_map = defaultdict(int) perms = self.get_user_asset_permissions(user, asset) - for perm in perms: + accounts = self.get_permissions_accounts(perms, with_actions=with_actions) + return accounts + + def get_user_perm_accounts(self, user, with_actions=False): + """ 获取授权给用户的所有账号 """ + perms = self.get_user_permissions(user) + accounts = self.get_permissions_accounts(perms, with_actions=with_actions) + return accounts + + @staticmethod + def get_permissions_accounts(permissions, with_actions=False): + aid_actions_map = defaultdict(int) + for perm in permissions: account_ids = perm.get_all_accounts(flat=True) actions = perm.actions for aid in account_ids: @@ -24,28 +35,49 @@ class PermAccountUtil(object): account.actions = aid_actions_map.get(str(account.id)) return accounts - def get_user_perm_accounts(self, user): - """ 获取授权给用户的所有账号 """ - pass - # Permissions def get_user_asset_permissions(self, user, asset): """ 获取同时包含用户、资产的授权规则 """ - return AssetPermission.objects.all() + user_perm_ids = self.get_user_permissions(user, flat=True) + asset_perm_ids = self.get_asset_permissions(asset, flat=True) + perm_ids = set(user_perm_ids) & set(asset_perm_ids) + perms = AssetPermission.objects.filter(id__in=perm_ids) + return perms - def get_user_permissions(self): + def get_user_permissions(self, user, with_group=True, flat=False): """ 获取用户的授权规则 """ - pass + perm_ids = set() + # user + user_perm_ids = AssetPermission.users.through.objects.filter(user_id=user.id)\ + .values_list('assetpermission_id', flat=True).distinct() + perm_ids.update(user_perm_ids) + # group + if with_group: + groups = user.groups.all() + group_perm_ids = self.get_user_groups_permissions(groups, flat=True) + perm_ids.update(group_perm_ids) + if flat: + return perm_ids + perms = AssetPermission.objects.filter(id__in=perm_ids) + return perms - def get_asset_permissions(self): + @staticmethod + def get_user_groups_permissions(user_groups, flat=False): + """ 获取用户组的授权规则 """ + group_ids = user_groups.values_list('id', flat=True).distinct() + perm_ids = AssetPermission.user_groups.through.objects.filter(usergroup_id__in=group_ids) \ + .values_list('assetpermission_id', flat=True).distinct() + if flat: + return perm_ids + perms = AssetPermission.objects.filter(id__in=perm_ids) + return perms + + def get_asset_permissions(self, asset, flat=False): """ 获取资产的授权规则""" - pass + return AssetPermission.objects.all() def get_node_permissions(self): """ 获取节点的授权规则 """ pass - def get_user_group_permissions(self): - """ 获取用户组的授权规则 """ - pass diff --git a/apps/users/models/user.py b/apps/users/models/user.py index 659a894a9..78d5eb540 100644 --- a/apps/users/models/user.py +++ b/apps/users/models/user.py @@ -918,21 +918,6 @@ class User(AuthMixin, TokenMixin, RoleMixin, MFAMixin, AbstractUser): return True return False - def get_groups(self, flat=False): - from users.models import UserGroup - usergroup_ids = self.groups.through.objects\ - .filter(user_id=self.id)\ - .distinct()\ - .values_list('usergroup_id', flat=True) - usergroups = UserGroup.objects.filter(id__in=usergroup_ids) - if flat: - usergroup_ids = usergroups.values_list('id', flat=True) - return usergroup_ids - else: - return usergroups - - - class UserPasswordHistory(models.Model): id = models.UUIDField(default=uuid.uuid4, primary_key=True)