feat: 删除授权模块中关于系统用户的API

2025-07-17 16:31:28 +00:00 · 2022-09-29 17:38:27 +08:00 · 2022-09-29 17:38:27 +08:00 · 76747642c4
commit 76747642c4
parent fd0ce0d1c6
4 changed files with 2 additions and 79 deletions
--- a/apps/perms/api/user_group_permission.py
+++ b/apps/perms/api/user_group_permission.py
@ -11,7 +11,6 @@ from perms.models import AssetPermission
 from assets.models import Asset, Node
 from . import user_permission as uapi
 from perms import serializers
 from perms.utils.permission import get_asset_system_user_ids_with_actions_by_group
 from assets.api.mixin import SerializeToTreeNodeMixin
 from users.models import UserGroup
@ -19,18 +18,10 @@ __all__ = [
    'UserGroupGrantedAssetsApi', 'UserGroupGrantedNodesApi',
    'UserGroupGrantedNodeAssetsApi',
    'UserGroupGrantedNodeChildrenAsTreeApi',
    'UserGroupGrantedAssetSystemUsersApi',
    'UserGroupGrantedAssetAccountsApi',
 ]
 class UserGroupMixin:
    @lazyproperty
    def group(self):
        group_id = self.kwargs.get('pk')
        return UserGroup.objects.get(id=group_id)
 class UserGroupGrantedAssetsApi(ListAPIView):
    serializer_class = serializers.AssetGrantedSerializer
    only_fields = serializers.AssetGrantedSerializer.Meta.only_fields
@ -201,11 +192,6 @@ class UserGroupGrantedNodeChildrenAsTreeApi(SerializeToTreeNodeMixin, ListAPIVie
        return Response(data=nodes)
 class UserGroupGrantedAssetSystemUsersApi(UserGroupMixin, uapi.UserGrantedAssetSystemUsersForAdminApi):
    def get_asset_system_user_ids_with_actions(self, asset):
        return get_asset_system_user_ids_with_actions_by_group(self.group, asset)
 class UserGroupGrantedAssetAccountsApi(uapi.UserGrantedAssetAccountsApi):
    @lazyproperty
--- a/apps/perms/api/user_permission/common.py
+++ b/apps/perms/api/user_permission/common.py
@ -26,10 +26,8 @@ from perms.models import AssetPermission, Action
 logger = get_logger(__name__)
 __all__ = [
    'UserGrantedAssetSystemUsersForAdminApi',
    'ValidateUserAssetPermissionApi',
    'GetUserAssetPermissionActionsApi',
    'MyGrantedAssetSystemUsersApi',
    'UserGrantedAssetAccountsApi',
    'MyGrantedAssetAccountsApi',
    'UserGrantedAssetSpecialAccountsApi',
@ -101,50 +99,6 @@ class ValidateUserAssetPermissionApi(APIView):
        return Response(data, status=status_code)
 class UserGrantedAssetSystemUsersForAdminApi(ListAPIView):
    rbac_perms = {
        'list': 'perms.view_userassets'
    }
    @lazyproperty
    def user(self):
        user_id = self.kwargs.get('pk')
        return User.objects.get(id=user_id)
    @lazyproperty
    def system_users_with_actions(self):
        asset_id = self.kwargs.get('asset_id')
        asset = get_object_or_404(Asset, id=asset_id, is_active=True)
        return self.get_asset_system_user_ids_with_actions(asset)
    def get_asset_system_user_ids_with_actions(self, asset):
        return get_asset_system_user_ids_with_actions_by_user(self.user, asset)
    def paginate_queryset(self, queryset):
        page = super().paginate_queryset(queryset)
        if page:
            page = self.set_systemusers_action(page)
        else:
            self.set_systemusers_action(queryset)
        return page
    def set_systemusers_action(self, queryset):
        queryset_list = list(queryset)
        for system_user in queryset_list:
            actions = self.system_users_with_actions.get(system_user.id, 0)
            system_user.actions = actions
        return queryset_list
 class MyGrantedAssetSystemUsersApi(UserGrantedAssetSystemUsersForAdminApi):
    permission_classes = (IsValidUser,)
    @lazyproperty
    def user(self):
        return self.request.user
 class UserGrantedAssetAccountsApi(ListAPIView):
    serializer_class = serializers.AccountsGrantedSerializer
    rbac_perms = {
--- a/apps/perms/urls/asset_permission.py
+++ b/apps/perms/urls/asset_permission.py
@ -60,12 +60,6 @@ user_permission_urlpatterns = [
    path('nodes/favorite/assets/', api.MyFavoriteGrantedAssetsApi.as_view(), name='my-ungrouped-assets'),
    # v3 中上面的 API 基本不用动
    # Todo: v3 删除
    # Asset System users
    path('<uuid:pk>/assets/<uuid:asset_id>/system-users/', api.UserGrantedAssetSystemUsersForAdminApi.as_view(), name='user-asset-system-users'),
    path('assets/<uuid:asset_id>/system-users/', api.MyGrantedAssetSystemUsersApi.as_view(), name='my-asset-system-users'),
    # Todo: v3 增加 Done.
    # 获取所有和资产-用户关联的账号列表
    path('<uuid:pk>/assets/<uuid:asset_id>/accounts/', api.UserGrantedAssetAccountsApi.as_view(), name='user-asset-accounts'),
    path('assets/<uuid:asset_id>/accounts/', api.MyGrantedAssetAccountsApi.as_view(), name='my-asset-accounts'),
@ -82,9 +76,6 @@ user_group_permission_urlpatterns = [
    path('<uuid:pk>/nodes/children/tree/', api.UserGroupGrantedNodeChildrenAsTreeApi.as_view(), name='user-group-nodes-children-as-tree'),
    path('<uuid:pk>/nodes/<uuid:node_id>/assets/', api.UserGroupGrantedNodeAssetsApi.as_view(), name='user-group-node-assets'),
    # Todo: v3 删除
    path('<uuid:pk>/assets/<uuid:asset_id>/system-users/', api.UserGroupGrantedAssetSystemUsersApi.as_view(), name='user-group-asset-system-users'),
    # Todo: v3 增加 Done.
    # 获取所有和资产-用户组关联的账号列表
    path('<uuid:pk>/assets/<uuid:asset_id>/accounts/', api.UserGroupGrantedAssetAccountsApi.as_view(), name='user-group-asset-accounts'),
 ]
@ -95,8 +86,7 @@ permission_urlpatterns = [
    path('<uuid:pk>/users/all/', api.AssetPermissionAllUserListApi.as_view(), name='asset-permission-all-users'),
    # 验证用户是否有某个资产和系统用户的权限
-    # Todo: v3 API 需要修改，验证用户有某个账号的权限 # 先不动, v3 中可能会修改连接资产时的逻辑,
+    # Todo: v3 先不动, 可能会修改连接资产时的逻辑, 直接获取认证信息，获取不到就时没有权限，就不需要校验了
    #  直接获取认证信息，获取不到就时没有权限，就不需要校验了
    path('user/validate/', api.ValidateUserAssetPermissionApi.as_view(), name='validate-user-asset-permission'),
    path('user/actions/', api.GetUserAssetPermissionActionsApi.as_view(), name='get-user-asset-permission-actions'),
--- a/apps/perms/utils/permission.py
+++ b/apps/perms/utils/permission.py
@ -85,14 +85,7 @@ def get_asset_system_user_ids_with_actions_by_user(user: User, asset: Asset):
 def has_asset_system_permission(user: User, asset: Asset, account: str):
    systemuser_actions_mapper = get_asset_system_user_ids_with_actions_by_user(user, asset)
-    actions = systemuser_actions_mapper.get(system_user.id, 0)
+    actions = systemuser_actions_mapper.get(account, 0)
    if actions:
        return True
    return False
 def get_asset_system_user_ids_with_actions_by_group(group: UserGroup, asset: Asset):
    asset_perm_ids = AssetPermission.objects.filter(
        user_groups=group
    ).valid().values_list('id', flat=True).distinct()
    return get_asset_system_user_ids_with_actions(asset_perm_ids, asset)