From 5447ee6c395dd82d89310db38bcbdcdb4a08d5fb Mon Sep 17 00:00:00 2001 From: "Jiangjie.Bai" Date: Fri, 4 Nov 2022 18:46:49 +0800 Subject: [PATCH] =?UTF-8?q?feat:=20=E4=BF=AE=E6=94=B9=E8=8E=B7=E5=8F=96?= =?UTF-8?q?=E7=94=A8=E6=88=B7-=E8=B5=84=E4=BA=A7=E6=8E=88=E6=9D=83?= =?UTF-8?q?=E7=9A=84=E8=B4=A6=E5=8F=B7=E5=88=97=E8=A1=A8=E7=9B=AE=E5=BD=95?= =?UTF-8?q?=E7=BB=93=E6=9E=84;?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/perms/api/user_permission/__init__.py | 1 - apps/perms/api/user_permission/accounts.py | 82 +++++++++++++++++++-- apps/perms/api/user_permission/common.py | 84 ---------------------- apps/perms/utils/account.py | 4 +- apps/perms/utils/permission.py | 2 +- 5 files changed, 81 insertions(+), 92 deletions(-) delete mode 100644 apps/perms/api/user_permission/common.py diff --git a/apps/perms/api/user_permission/__init__.py b/apps/perms/api/user_permission/__init__.py index b0db20ee0..55bc108b4 100644 --- a/apps/perms/api/user_permission/__init__.py +++ b/apps/perms/api/user_permission/__init__.py @@ -1,6 +1,5 @@ # -*- coding: utf-8 -*- # -from .common import * from .nodes import * from .assets import * from .nodes_with_assets import * diff --git a/apps/perms/api/user_permission/accounts.py b/apps/perms/api/user_permission/accounts.py index d504ac8f9..70973d988 100644 --- a/apps/perms/api/user_permission/accounts.py +++ b/apps/perms/api/user_permission/accounts.py @@ -1,13 +1,29 @@ -from rest_framework import generics +from django.shortcuts import get_object_or_404 +from rest_framework.generics import ListAPIView, get_object_or_404 + +from common.permissions import IsValidUser +from common.utils import get_logger, lazyproperty from assets.serializers import AccountSerializer -from perms.utils.account import PermAccountUtil +from perms.hands import User, Asset, Account +from perms import serializers +from perms.models import Action +from perms.utils import PermAccountUtil from .mixin import RoleAdminMixin, RoleUserMixin - -__all__ = ['UserAllGrantedAccountsApi', 'MyAllGrantedAccountsApi'] +logger = get_logger(__name__) -class UserAllGrantedAccountsApi(RoleAdminMixin, generics.ListAPIView): +__all__ = [ + 'UserAllGrantedAccountsApi', + 'MyAllGrantedAccountsApi', + 'UserGrantedAssetAccountsApi', + 'MyGrantedAssetAccountsApi', + 'UserGrantedAssetSpecialAccountsApi', + 'MyGrantedAssetSpecialAccountsApi', +] + + +class UserAllGrantedAccountsApi(RoleAdminMixin, ListAPIView): """ 授权给用户的所有账号列表 """ serializer_class = AccountSerializer filterset_fields = ("name", "username", "privileged", "version") @@ -22,3 +38,59 @@ class UserAllGrantedAccountsApi(RoleAdminMixin, generics.ListAPIView): class MyAllGrantedAccountsApi(RoleUserMixin, UserAllGrantedAccountsApi): """ 授权给我的所有账号列表 """ pass + + +class UserGrantedAssetAccountsApi(ListAPIView): + serializer_class = serializers.AccountsGrantedSerializer + + @lazyproperty + def user(self) -> User: + user_id = self.kwargs.get('pk') + return User.objects.get(id=user_id) + + @lazyproperty + def asset(self): + asset_id = self.kwargs.get('asset_id') + kwargs = {'id': asset_id, 'is_active': True} + asset = get_object_or_404(Asset, **kwargs) + return asset + + def get_queryset(self): + accounts = PermAccountUtil().get_perm_accounts_for_user_asset( + self.user, self.asset, with_actions=True + ) + return accounts + + +class MyGrantedAssetAccountsApi(UserGrantedAssetAccountsApi): + permission_classes = (IsValidUser,) + + @lazyproperty + def user(self): + return self.request.user + + +class UserGrantedAssetSpecialAccountsApi(ListAPIView): + serializer_class = serializers.AccountsGrantedSerializer + + @lazyproperty + def user(self): + return self.request.user + + def get_queryset(self): + # 构造默认包含的账号,如: @INPUT @USER + accounts = [ + Account.get_input_account(), + Account.get_user_account(self.user.username) + ] + for account in accounts: + account.actions = Action.ALL + return accounts + + +class MyGrantedAssetSpecialAccountsApi(UserGrantedAssetSpecialAccountsApi): + permission_classes = (IsValidUser,) + + @lazyproperty + def user(self): + return self.request.user diff --git a/apps/perms/api/user_permission/common.py b/apps/perms/api/user_permission/common.py deleted file mode 100644 index 927ec7443..000000000 --- a/apps/perms/api/user_permission/common.py +++ /dev/null @@ -1,84 +0,0 @@ -# -*- coding: utf-8 -*- -# -from django.shortcuts import get_object_or_404 -from rest_framework.generics import ( - ListAPIView, get_object_or_404 -) -from common.permissions import IsValidUser -from common.utils import get_logger, lazyproperty - -from perms.hands import User, Asset, Account -from perms import serializers -from perms.models import Action -from perms.utils import PermAccountUtil - -logger = get_logger(__name__) - -__all__ = [ - 'UserGrantedAssetAccountsApi', - 'MyGrantedAssetAccountsApi', - 'UserGrantedAssetSpecialAccountsApi', - 'MyGrantedAssetSpecialAccountsApi', -] - - -class UserGrantedAssetAccountsApi(ListAPIView): - serializer_class = serializers.AccountsGrantedSerializer - rbac_perms = { - 'list': 'perms.view_userassets' - } - - @lazyproperty - def user(self) -> User: - user_id = self.kwargs.get('pk') - return User.objects.get(id=user_id) - - @lazyproperty - def asset(self): - asset_id = self.kwargs.get('asset_id') - kwargs = {'id': asset_id, 'is_active': True} - asset = get_object_or_404(Asset, **kwargs) - return asset - - def get_queryset(self): - accounts = PermAccountUtil().get_perm_accounts_for_user_asset( - self.user, self.asset, with_actions=True - ) - return accounts - - -class MyGrantedAssetAccountsApi(UserGrantedAssetAccountsApi): - permission_classes = (IsValidUser,) - - @lazyproperty - def user(self): - return self.request.user - - -class UserGrantedAssetSpecialAccountsApi(ListAPIView): - serializer_class = serializers.AccountsGrantedSerializer - rbac_perms = { - 'list': 'perms.view_userassets' - } - - @lazyproperty - def user(self): - return self.request.user - - def get_queryset(self): - # 构造默认包含的账号,如: @INPUT @USER - accounts = [ - Account.get_input_account(), - Account.get_user_account(self.user.username) - ] - for account in accounts: - account.actions = Action.ALL - return accounts - - -class MyGrantedAssetSpecialAccountsApi(UserGrantedAssetSpecialAccountsApi): - permission_classes = (IsValidUser,) - - @lazyproperty - def user(self): - return self.request.user diff --git a/apps/perms/utils/account.py b/apps/perms/utils/account.py index 63bfcc723..3963e113c 100644 --- a/apps/perms/utils/account.py +++ b/apps/perms/utils/account.py @@ -39,7 +39,9 @@ class PermAccountUtil(AssetPermissionUtil): for aid in account_ids: aid_actions_map[str(aid)] |= actions account_ids = list(aid_actions_map.keys()) - accounts = Account.objects.filter(id__in=account_ids) + accounts = Account.objects.filter(id__in=account_ids).order_by( + 'asset__name', 'name', 'username' + ) if with_actions: for account in accounts: account.actions = aid_actions_map.get(str(account.id)) diff --git a/apps/perms/utils/permission.py b/apps/perms/utils/permission.py index e7d88e06d..fd0ea593b 100644 --- a/apps/perms/utils/permission.py +++ b/apps/perms/utils/permission.py @@ -52,7 +52,7 @@ class AssetPermissionUtil(object): .values_list('assetpermission_id', flat=True).distinct() perm_ids.update(asset_perm_ids) if with_node: - nodes = asset.get_all_nodes(flat=True) + nodes = asset.get_all_nodes() node_perm_ids = self.get_permissions_for_nodes(nodes, flat=True) perm_ids.update(node_perm_ids) if flat: