pref: 修改 accounts

apps/perms/api/user_permission/accounts.py

@@ -1,31 +1,25 @@
 from django.shortcuts import get_object_or_404
 from rest_framework.generics import ListAPIView, get_object_or_404
 
-from common.permissions import IsValidUser
 from common.utils import get_logger, lazyproperty
 from perms import serializers
-from perms.hands import User, Asset
+from perms.hands import Asset
 from perms.utils import PermAccountUtil
+from .mixin import SelfOrPKUserMixin
 
 logger = get_logger(__name__)
 
 __all__ = [
     'UserGrantedAssetAccountsApi',
-    'MyGrantedAssetAccountsApi',
 ]
 
 
-class UserGrantedAssetAccountsApi(ListAPIView):
+class UserGrantedAssetAccountsApi(SelfOrPKUserMixin, ListAPIView):
     serializer_class = serializers.AccountsGrantedSerializer
     rbac_perms = (
         ('list', 'perms.view_userassets'),
     )
 
-    @lazyproperty
-    def user(self) -> User:
-        user_id = self.kwargs.get('pk')
-        return User.objects.get(id=user_id)
-
     @lazyproperty
     def asset(self):
         asset_id = self.kwargs.get('asset_id')
@@ -37,11 +31,3 @@ class UserGrantedAssetAccountsApi(ListAPIView):
         util = PermAccountUtil()
         accounts = util.get_permed_accounts_for_user(self.user, self.asset)
         return accounts
-
-
-class MyGrantedAssetAccountsApi(UserGrantedAssetAccountsApi):
-    permission_classes = (IsValidUser,)
-
-    @lazyproperty
-    def user(self):
-        return self.request.user

apps/perms/api/user_permission/mixin.py

@@ -1,10 +1,12 @@
 # -*- coding: utf-8 -*-
 #
+from django.shortcuts import get_object_or_404
 from rest_framework.request import Request
 
 from common.http import is_true
 from common.mixins.api import RoleAdminMixin, RoleUserMixin
 from perms.utils.user_permission import UserGrantedTreeRefreshController
+from rbac.permissions import RBACPermission
 from users.models import User
 
 
@@ -34,3 +36,44 @@ class AssetRoleUserMixin(RebuildTreeMixin, RoleUserMixin):
         ('get_tree', 'perms.view_myassets'),
         ('GET', 'perms.view_myassets'),
     )
+
+
+class SelfOrPKUserMixin:
+    kwargs: dict
+    request: Request
+    permission_classes = (RBACPermission,)
+
+    @property
+    def self_rbac_perms(self):
+        return (
+            ('list', 'perms.view_myassets'),
+            ('retrieve', 'perms.view_myassets'),
+            ('get_tree', 'perms.view_myassets'),
+            ('GET', 'perms.view_myassets'),
+        )
+
+    @property
+    def admin_rbac_perms(self):
+        return (
+            ('list', 'perms.view_userassets'),
+            ('retrieve', 'perms.view_userassets'),
+            ('get_tree', 'perms.view_userassets'),
+            ('GET', 'perms.view_userassets'),
+        )
+
+    def get_rbac_perms(self):
+        if self.request_user_is_self():
+            return self.self_rbac_perms
+        else:
+            return self.admin_rbac_perms
+
+    def request_user_is_self(self):
+        print("user is: ", self.kwargs)
+        return self.kwargs.get('user') in ['my', 'self']
+
+    @property
+    def user(self):
+        if self.request_user_is_self():
+            return self.request.user
+        else:
+            return get_object_or_404(User, pk=self.kwargs.get('user'))