feat: 授权规则分类管理

apps/perms/const.py

@@ -0,0 +1,9 @@
+# -*- coding: utf-8 -*-
+#
+from django.db.models import TextChoices
+from django.utils.translation import ugettext_lazy as _
+
+
+class AuthorizationRules(TextChoices):
+    manual = 'manual', _('Manual authorization')
+    ticket = 'ticket', _('Ticket authorization')

apps/perms/migrations/0019_auto_20210831_1150.py

@@ -0,0 +1,23 @@
+# Generated by Django 3.1.12 on 2021-08-31 03:50
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('perms', '0018_auto_20210208_1515'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='applicationpermission',
+            name='authorization_rules',
+            field=models.CharField(choices=[('manual', 'Manual authorization'), ('ticket', 'Ticket authorization')], default='manual', max_length=64, verbose_name='Authorization rules'),
+        ),
+        migrations.AddField(
+            model_name='assetpermission',
+            name='authorization_rules',
+            field=models.CharField(choices=[('manual', 'Manual authorization'), ('ticket', 'Ticket authorization')], default='manual', max_length=64, verbose_name='Authorization rules'),
+        ),
+    ]

apps/perms/models/base.py

@@ -11,7 +11,7 @@ from orgs.mixins.models import OrgModelMixin
 from common.db.models import UnionQuerySet
 from common.utils import date_expired_default, lazyproperty
 from orgs.mixins.models import OrgManager
-
+from ..const import AuthorizationRules
 
 __all__ = [
     'BasePermission', 'BasePermissionQuerySet'
@@ -31,11 +31,7 @@ class BasePermissionQuerySet(models.QuerySet):
 
     def invalid(self):
         now = timezone.now()
-        q = (
-            Q(is_active=False) |
-            Q(date_start__gt=now) |
-            Q(date_expired__lt=now)
-        )
+        q = (Q(is_active=False) | Q(date_start__gt=now) | Q(date_expired__lt=now))
         return self.filter(q)
 
 
@@ -48,13 +44,17 @@ class BasePermission(OrgModelMixin):
     id = models.UUIDField(default=uuid.uuid4, primary_key=True)
     name = models.CharField(max_length=128, verbose_name=_('Name'))
     users = models.ManyToManyField('users.User', blank=True, verbose_name=_("User"), related_name='%(class)ss')
-    user_groups = models.ManyToManyField('users.UserGroup', blank=True, verbose_name=_("User group"), related_name='%(class)ss')
+    user_groups = models.ManyToManyField(
+        'users.UserGroup', blank=True, verbose_name=_("User group"), related_name='%(class)ss')
     is_active = models.BooleanField(default=True, verbose_name=_('Active'))
     date_start = models.DateTimeField(default=timezone.now, db_index=True, verbose_name=_("Date start"))
     date_expired = models.DateTimeField(default=date_expired_default, db_index=True, verbose_name=_('Date expired'))
     created_by = models.CharField(max_length=128, blank=True, verbose_name=_('Created by'))
     date_created = models.DateTimeField(auto_now_add=True, verbose_name=_('Date created'))
     comment = models.TextField(verbose_name=_('Comment'), blank=True)
+    authorization_rules = models.CharField(
+        max_length=64, default=AuthorizationRules.manual, choices=AuthorizationRules.choices,
+        verbose_name=_('Authorization rules'))
 
     objects = BasePermissionManager.from_queryset(BasePermissionQuerySet)()
 

apps/perms/serializers/application/permission.py

@@ -13,6 +13,8 @@ __all__ = [
 
 
 class ApplicationPermissionSerializer(BulkOrgResourceModelSerializer):
+    authorization_rules_display = serializers.ReadOnlyField(
+        source='get_authorization_rules_display', label=_('Authorization rules'))
     category_display = serializers.ReadOnlyField(source='get_category_display', label=_('Category display'))
     type_display = serializers.ReadOnlyField(source='get_type_display', label=_('Type display'))
     is_valid = serializers.BooleanField(read_only=True, label=_('Is valid'))
@@ -24,7 +26,7 @@ class ApplicationPermissionSerializer(BulkOrgResourceModelSerializer):
         fields_small = fields_mini + [
             'category', 'category_display', 'type', 'type_display',
             'is_active', 'is_expired', 'is_valid',
-            'created_by', 'date_created', 'date_expired', 'date_start', 'comment'
+            'created_by', 'date_created', 'date_expired', 'date_start', 'comment', 'authorization_rules_display'
         ]
         fields_m2m = [
             'users', 'user_groups', 'applications', 'system_users',

apps/perms/serializers/asset/permission.py

@@ -39,6 +39,8 @@ class ActionsDisplayField(ActionsField):
 
 class AssetPermissionSerializer(BulkOrgResourceModelSerializer):
     actions = ActionsField(required=False, allow_null=True, label=_("Actions"))
+    authorization_rules_display = serializers.ReadOnlyField(
+        source='get_authorization_rules_display', label=_('Authorization rules'))
     is_valid = serializers.BooleanField(read_only=True, label=_("Is valid"))
     is_expired = serializers.BooleanField(read_only=True, label=_('Is expired'))
     users_display = serializers.ListField(child=serializers.CharField(), label=_('Users display'), required=False)
@@ -53,7 +55,7 @@ class AssetPermissionSerializer(BulkOrgResourceModelSerializer):
         fields_small = fields_mini + [
             'is_active', 'is_expired', 'is_valid', 'actions',
             'created_by', 'date_created', 'date_expired',
-            'date_start', 'comment'
+            'date_start', 'comment', 'authorization_rules_display'
         ]
         fields_m2m = [
             'users', 'users_display', 'user_groups', 'user_groups_display', 'assets',