From 74b8ee8c10328aaba679197364135910b46e2cb3 Mon Sep 17 00:00:00 2001 From: ibuler Date: Fri, 16 Sep 2016 09:38:07 +0800 Subject: [PATCH 1/9] Pre delete action --- apps/perms/models.py | 38 ++++++++++------- apps/perms/utils.py | 99 +++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 120 insertions(+), 17 deletions(-) diff --git a/apps/perms/models.py b/apps/perms/models.py index 60e150672..d90620a69 100644 --- a/apps/perms/models.py +++ b/apps/perms/models.py @@ -39,31 +39,39 @@ class AssetPermission(models.Model): return True @staticmethod - def set_inherit(obj): + def set_inherited(obj, inherited_from=None): setattr(obj, 'inherited', True) + setattr(obj, 'inherited_from', inherited_from) + return obj + + @staticmethod + def set_non_inherited(obj): + setattr(obj, 'inherited', False) return obj def get_granted_users(self): - return list(set(self.users.all() or []) | set(self.get_granted_user_groups_member())) + users_granted_direct = map(self.set_non_inherited, self.users.all()) + return list(set(users_granted_direct) | self.get_granted_user_groups_member()) def get_granted_user_groups_member(self): - combine_users = functools.partial(combine_seq, callback=AssetPermission.set_inherit) - try: - return functools.reduce(combine_users, [user_group.users.all() - for user_group in self.user_groups.iterator()]) - except TypeError: - return [] + users = set() + for user_group in self.user_groups.all(): + for user in user_group.users.all(): + user = self.set_inherited(user, inherited_from=user_group) + users.add(user) + return users def get_granted_assets(self): - return list(set(self.assets.all() or []) | set(self.get_granted_asset_groups_member())) + assets_granted_direct = map(self.set_non_inherited, self.assets.all()) + return list(set(assets_granted_direct or []) | self.get_granted_asset_groups_member()) def get_granted_asset_groups_member(self): - combine_assets = functools.partial(combine_seq, callback=AssetPermission.set_inherit) - try: - return functools.reduce(combine_assets, [asset_group.users.all() - for asset_group in self.asset_groups.iterator()]) - except TypeError: - return [] + assets = set() + for asset_group in self.asset_groups.all(): + for asset in asset_group.assets.all(): + asset = self.set_inherited(asset, inherited_from=asset_group) + assets.add(asset) + return assets class Meta: db_table = 'asset_permission' diff --git a/apps/perms/utils.py b/apps/perms/utils.py index c84951fd7..33cc38343 100644 --- a/apps/perms/utils.py +++ b/apps/perms/utils.py @@ -1,2 +1,97 @@ -# ~*~ coding: utf-8 ~*~ -# +from __future__ import absolute_import, unicode_literals + +from .models import AssetPermission +from .hands import User, UserGroup, Asset, AssetGroup, SystemUser +from common.utils import combine_seq + + +def get_asset_groups_denied_by_user_group(user_group): + pass + + +def get_asset_groups_granted_by_user_group(user_group): + """Return asset groups granted of the user group + + :param user_group: Instance of :class: ``UserGroup`` + :return: {asset_group1: {system_user1, }, asset_group2: {system_user1, system_user2]} + """ + asset_groups = {} + + if not isinstance(user_group, UserGroup): + return asset_groups + + asset_permissions = user_group.asset_permissions.all() + for asset_permission in asset_permissions: + if not asset_permission.is_valid: + continue + for asset_group in asset_permission.asset_groups.all(): + if asset_group in asset_groups: + asset_groups[asset_group].union(set(asset_permission.system_users.all())) + else: + asset_groups[asset_group] = set(asset_permission.system_users.all()) + return asset_groups + + +def get_assets_granted_by_user_group(user_group): + """Return assets granted of the user group + + :param user_group: Instance of :class: ``UserGroup`` + :return: {asset1: {system_user1, }, asset1: {system_user1, system_user2]} + """ + assets = {} + if not isinstance(user_group, UserGroup): + return assets + + asset_permissions = user_group.asset_permissions.all() + for asset_permission in asset_permissions: + for asset in asset_permission.get_granted_assets: + if asset in assets: + pass + + +def get_asset_groups_granted_by_user(user): + """Return asset groups granted of the user + + :param user: Instance of :class: ``User`` + :return: {asset_group: {system_user1, }, asset_group2: {system_user1, system_user2]} + """ + asset_groups = {} + + if not isinstance(user, User): + return asset_groups + + asset_permissions = user.asset_permissions.all() + + for asset_permission in asset_permissions: + for asset_group in asset_permission.asset_groups.all(): + if asset_group in asset_groups: + asset_groups[asset_group].union(set(asset_permission.system_users.all())) + else: + asset_groups[asset_group] = set(asset_permission.system_users.all()) + + return asset_groups + + +def get_assets_granted_by_user(user): + """Return all assets granted of the user + + :param user: Instance of :class: ``User`` + :return: {asset1: {system_user1, system_user2}, asset2: {...}} + """ + pass + + +def get_user_groups_granted_in_asset(asset): + pass + + +def get_users_granted_in_asset(asset): + pass + + +def get_user_groups_granted_in_asset_group(asset): + pass + + +def get_users_granted_in_asset_group(asset): + pass From d9812e2bdb059badd9129277cb64dc4500be13dc Mon Sep 17 00:00:00 2001 From: ibuler Date: Fri, 16 Sep 2016 09:55:26 +0800 Subject: [PATCH 2/9] Remove action from asset permission --- apps/perms/forms.py | 2 +- apps/perms/models.py | 6 ------ .../templates/perms/asset_permission_create_update.html | 2 -- apps/perms/templates/perms/asset_permission_detail.html | 4 ---- 4 files changed, 1 insertion(+), 13 deletions(-) diff --git a/apps/perms/forms.py b/apps/perms/forms.py index 1826b4c29..8638db75b 100644 --- a/apps/perms/forms.py +++ b/apps/perms/forms.py @@ -14,7 +14,7 @@ class AssetPermissionForm(forms.ModelForm): model = AssetPermission fields = [ 'name', 'users', 'user_groups', 'assets', 'asset_groups', - 'system_users', 'action', 'is_active', 'date_expired', 'comment', + 'system_users', 'is_active', 'date_expired', 'comment', ] widgets = { 'users': forms.SelectMultiple(attrs={'class': 'select2', diff --git a/apps/perms/models.py b/apps/perms/models.py index d90620a69..e71fb15c7 100644 --- a/apps/perms/models.py +++ b/apps/perms/models.py @@ -11,18 +11,12 @@ from common.utils import date_expired_default, combine_seq class AssetPermission(models.Model): - ACTION_CHOICE = ( - ('1', 'Allow'), - ('0', 'Deny'), - ) - name = models.CharField(max_length=128, verbose_name=_('Name')) users = models.ManyToManyField(User, related_name='asset_permissions', blank=True) user_groups = models.ManyToManyField(UserGroup, related_name='asset_permissions', blank=True) assets = models.ManyToManyField(Asset, related_name='granted_by_permissions', blank=True) asset_groups = models.ManyToManyField(AssetGroup, related_name='granted_by_permissions', blank=True) system_users = models.ManyToManyField(SystemUser, related_name='granted_by_permissions') - action = models.CharField(choices=ACTION_CHOICE, max_length=8, default='1') is_active = models.BooleanField(default=True, verbose_name=_('Active')) date_expired = models.DateTimeField(default=date_expired_default, verbose_name=_('Date expired')) created_by = models.CharField(max_length=128, blank=True, verbose_name=_('Created by')) diff --git a/apps/perms/templates/perms/asset_permission_create_update.html b/apps/perms/templates/perms/asset_permission_create_update.html index 68c023d59..15325f6f1 100644 --- a/apps/perms/templates/perms/asset_permission_create_update.html +++ b/apps/perms/templates/perms/asset_permission_create_update.html @@ -43,8 +43,6 @@ {{ form.system_users |bootstrap_horizontal }}

{% trans 'Other' %}

- {{ form.action|bootstrap_horizontal }} -
diff --git a/apps/perms/templates/perms/asset_permission_detail.html b/apps/perms/templates/perms/asset_permission_detail.html index ee4d1fab3..73e60acc8 100644 --- a/apps/perms/templates/perms/asset_permission_detail.html +++ b/apps/perms/templates/perms/asset_permission_detail.html @@ -80,10 +80,6 @@ {% trans 'Action' %}: {{ asset_permission.get_action_display }} - - {% trans 'Is active' %}: - {{ asset_permission.is_active|yesno:'Yes, No, Unkown' }} - {% trans 'Date expired' %}: {{ asset_permission.date_expired }} From a0910367443665bb6ba39447ae23041d92ac8b9f Mon Sep 17 00:00:00 2001 From: ibuler Date: Fri, 16 Sep 2016 16:09:11 +0800 Subject: [PATCH 3/9] Add user permission select --- apps/assets/models.py | 10 ++- apps/perms/models.py | 2 +- apps/perms/utils.py | 148 ++++++++++++++++++++++++++++++++++-------- 3 files changed, 128 insertions(+), 32 deletions(-) diff --git a/apps/assets/models.py b/apps/assets/models.py index 71a076d02..8c48eb373 100644 --- a/apps/assets/models.py +++ b/apps/assets/models.py @@ -266,7 +266,7 @@ class Asset(models.Model): password = models.CharField(max_length=256, null=True, blank=True, verbose_name=_("Admin password")) admin_user = models.ForeignKey(AdminUser, null=True, related_name='assets', on_delete=models.SET_NULL, verbose_name=_("Admin user")) - system_user = models.ManyToManyField(SystemUser, blank=True, related_name='assets', verbose_name=_("System User")) + system_users = models.ManyToManyField(SystemUser, blank=True, related_name='assets', verbose_name=_("System User")) idc = models.ForeignKey(IDC, null=True, related_name='assets', on_delete=models.SET_NULL, verbose_name=_('IDC')) mac_address = models.CharField(max_length=20, null=True, blank=True, verbose_name=_("Mac address")) brand = models.CharField(max_length=64, null=True, blank=True, verbose_name=_('Brand')) @@ -298,7 +298,7 @@ class Asset(models.Model): @classmethod def generate_fake(cls, count=100): - from random import seed + from random import seed, choice import forgery_py from django.db import IntegrityError @@ -306,10 +306,14 @@ class Asset(models.Model): for i in range(count): asset = cls(ip='%s.%s.%s.%s' % tuple([forgery_py.forgery.basic.text(length=3, digits=True) for i in range(0, 4)]), + admin_user=choice(AdminUser.objects.all()), + idc=choice(IDC.objects.all()), port=22, created_by='Fake') try: asset.save() + asset.system_users = [choice(SystemUser.objects.all()) for i in range(3)] + asset.groups = [choice(AssetGroup.objects.all()) for i in range(3)] logger.debug('Generate fake asset : %s' % asset.ip) except IntegrityError: print('Error continue') @@ -332,5 +336,5 @@ class Label(models.Model): def generate_fake(): - for cls in (Asset, AssetGroup, IDC): + for cls in (AssetGroup, IDC, AdminUser, SystemUser, Asset): cls.generate_fake() diff --git a/apps/perms/models.py b/apps/perms/models.py index e71fb15c7..25ac3640d 100644 --- a/apps/perms/models.py +++ b/apps/perms/models.py @@ -24,7 +24,7 @@ class AssetPermission(models.Model): comment = models.TextField(verbose_name=_('Comment'), blank=True) def __unicode__(self): - return '%(name)s: %(action)s' % {'name': self.name, 'action': self.action} + return self.name @property def is_valid(self): diff --git a/apps/perms/utils.py b/apps/perms/utils.py index 33cc38343..3f5830e5f 100644 --- a/apps/perms/utils.py +++ b/apps/perms/utils.py @@ -1,56 +1,73 @@ from __future__ import absolute_import, unicode_literals -from .models import AssetPermission from .hands import User, UserGroup, Asset, AssetGroup, SystemUser -from common.utils import combine_seq -def get_asset_groups_denied_by_user_group(user_group): - pass - - -def get_asset_groups_granted_by_user_group(user_group): +def get_user_group_granted_asset_groups(user_group): """Return asset groups granted of the user group - :param user_group: Instance of :class: ``UserGroup`` - :return: {asset_group1: {system_user1, }, asset_group2: {system_user1, system_user2]} + :param user_group: Instance of :class: ``UserGroup`` + :return: {asset_group1: {system_user1, }, asset_group2: {system_user1, system_user2]} """ asset_groups = {} - - if not isinstance(user_group, UserGroup): - return asset_groups - asset_permissions = user_group.asset_permissions.all() + for asset_permission in asset_permissions: if not asset_permission.is_valid: continue for asset_group in asset_permission.asset_groups.all(): if asset_group in asset_groups: - asset_groups[asset_group].union(set(asset_permission.system_users.all())) + asset_groups[asset_group] |= set(asset_permission.system_users.all()) else: asset_groups[asset_group] = set(asset_permission.system_users.all()) + return asset_groups -def get_assets_granted_by_user_group(user_group): +def get_user_group_granted_assets(user_group): """Return assets granted of the user group - :param user_group: Instance of :class: ``UserGroup`` - :return: {asset1: {system_user1, }, asset1: {system_user1, system_user2]} + :param user_group: Instance of :class: ``UserGroup`` + :return: {asset1: {system_user1, }, asset1: {system_user1, system_user2]} """ assets = {} - if not isinstance(user_group, UserGroup): - return assets - asset_permissions = user_group.asset_permissions.all() + for asset_permission in asset_permissions: - for asset in asset_permission.get_granted_assets: + if not asset_permission.is_valid: + continue + for asset in asset_permission.get_granted_assets(): if asset in assets: - pass + assets[asset] |= set(asset_permission.system_users.all()) + else: + assets[asset] = set(asset_permission.system_users.all()) + + return assets -def get_asset_groups_granted_by_user(user): - """Return asset groups granted of the user +def get_user_granted_asset_groups_direct(user): + """Return asset groups granted of the user direct nor inherit from user group + + :param user: Instance of :class: ``User`` + :return: {asset_group: {system_user1, }, asset_group2: {system_user1, system_user2]} + """ + asset_groups = {} + asset_permissions_direct = user.asset_permissions.all() + + for asset_permission in asset_permissions_direct: + if not asset_permission.is_valid: + continue + for asset_group in asset_permission.asset_groups.all(): + if asset_group in asset_groups: + asset_groups[asset_group] |= set(asset_permission.system_users.all()) + else: + asset_groups[asset_group] = set(asset_permission.system_users.all()) + + return asset_groups + + +def get_user_granted_asset_groups_inherit_from_user_groups(user): + """Return asset groups granted of the user and inherit from user group :param user: Instance of :class: ``User`` :return: {asset_group: {system_user1, }, asset_group2: {system_user1, system_user2]} @@ -60,25 +77,100 @@ def get_asset_groups_granted_by_user(user): if not isinstance(user, User): return asset_groups - asset_permissions = user.asset_permissions.all() + user_groups = user.groups.all() + asset_permissions = set() + # Get asset permission list of user groups for this user + for user_group in user_groups: + asset_permissions |= set(user_group.asset_permissions.all()) + + # Get asset groups granted from user groups for asset_permission in asset_permissions: + if not asset_permission.is_valid: + continue for asset_group in asset_permission.asset_groups.all(): if asset_group in asset_groups: - asset_groups[asset_group].union(set(asset_permission.system_users.all())) + asset_groups[asset_group] |= set(asset_permission.system_users.all()) else: asset_groups[asset_group] = set(asset_permission.system_users.all()) return asset_groups -def get_assets_granted_by_user(user): +def get_user_granted_asset_groups(user): + """Get user granted asset groups all, include direct and inherit from user group + + :param user: Instance of :class: ``User`` + :return: {asset1: {system_user1, system_user2}, asset2: {...}} + """ + + asset_groups_inherit_from_user_groups = get_user_granted_asset_groups_inherit_from_user_groups(user) + asset_groups_direct = get_user_granted_asset_groups_direct(user) + asset_groups = asset_groups_inherit_from_user_groups + + # Merge direct granted and inherit from user group + for asset_group, system_users in asset_groups_direct.items(): + if asset_group in asset_groups: + asset_groups[asset_group] |= asset_groups_direct[asset_group] + else: + asset_groups[asset_group] = asset_groups_direct[asset_group] + + return asset_groups + + +def get_user_granted_assets_direct(user): + """Return assets granted of the user directly + + :param user: Instance of :class: ``User`` + :return: {asset1: {system_user1, system_user2}, asset2: {...}} + """ + assets = {} + asset_permissions_direct = user.asset_permissions.all() + + for asset_permission in asset_permissions_direct: + if not asset_permission.is_valid: + continue + for asset in asset_permission.get_granted_assets(): + if asset in assets: + assets[asset] |= set(asset_permission.system_users.all()) + else: + assets[asset] = set(asset_permission.system_users.all()) + + return assets + + +def get_user_granted_assets_inherit_from_user_groups(user): """Return all assets granted of the user :param user: Instance of :class: ``User`` :return: {asset1: {system_user1, system_user2}, asset2: {...}} """ - pass + assets = {} + user_groups = user.groups.all() + + for user_group in user_groups: + assets_inherited = get_user_group_granted_assets(user_group) + for asset in assets_inherited: + if asset in assets: + assets[asset] |= assets_inherited[asset] + else: + assets[asset] = assets_inherited[asset] + + return assets + + +def get_user_granted_assets(user): + assets_direct = get_user_granted_assets_direct(user) + assets_inherited = get_user_granted_assets_inherit_from_user_groups(user) + assets = assets_inherited + + for asset in assets_direct: + if asset in assets: + assets[asset] |= assets_direct[asset] + else: + assets[asset] = assets_direct[asset] + + return assets def get_user_groups_granted_in_asset(asset): From 06b2c623cb17ee601210243ce43f227e56a303e6 Mon Sep 17 00:00:00 2001 From: ibuler Date: Fri, 16 Sep 2016 17:23:47 +0800 Subject: [PATCH 4/9] Modify some bug --- apps/perms/models.py | 25 ++++++------------- .../perms/asset_permission_asset_list.html | 4 +-- .../perms/asset_permission_detail.html | 6 +---- .../perms/asset_permission_user_list.html | 4 +-- apps/perms/utils.py | 11 ++++---- apps/users/templates/users/user_detail.html | 8 +++--- 6 files changed, 24 insertions(+), 34 deletions(-) diff --git a/apps/perms/models.py b/apps/perms/models.py index 25ac3640d..ac0257af4 100644 --- a/apps/perms/models.py +++ b/apps/perms/models.py @@ -32,38 +32,29 @@ class AssetPermission(models.Model): return True return True - @staticmethod - def set_inherited(obj, inherited_from=None): - setattr(obj, 'inherited', True) - setattr(obj, 'inherited_from', inherited_from) - return obj - - @staticmethod - def set_non_inherited(obj): - setattr(obj, 'inherited', False) - return obj - def get_granted_users(self): - users_granted_direct = map(self.set_non_inherited, self.users.all()) - return list(set(users_granted_direct) | self.get_granted_user_groups_member()) + return list(set(self.users.all()) | self.get_granted_user_groups_member()) def get_granted_user_groups_member(self): users = set() for user_group in self.user_groups.all(): for user in user_group.users.all(): - user = self.set_inherited(user, inherited_from=user_group) + setattr(user, 'is_inherit_from_user_groups', True) + setattr(user, 'inherit_from_user_groups', + getattr(user, b'inherit_from_user_groups', set()).add(user_group)) users.add(user) return users def get_granted_assets(self): - assets_granted_direct = map(self.set_non_inherited, self.assets.all()) - return list(set(assets_granted_direct or []) | self.get_granted_asset_groups_member()) + return list(set(self.assets.all()) | self.get_granted_asset_groups_member()) def get_granted_asset_groups_member(self): assets = set() for asset_group in self.asset_groups.all(): for asset in asset_group.assets.all(): - asset = self.set_inherited(asset, inherited_from=asset_group) + setattr(asset, 'is_inherit_from_asset_groups', True) + setattr(asset, 'inherit_from_asset_groups', + getattr(asset, b'inherit_from_user_groups', set()).add(asset_group)) assets.add(asset) return assets diff --git a/apps/perms/templates/perms/asset_permission_asset_list.html b/apps/perms/templates/perms/asset_permission_asset_list.html index baad101d1..b6c0cfb00 100644 --- a/apps/perms/templates/perms/asset_permission_asset_list.html +++ b/apps/perms/templates/perms/asset_permission_asset_list.html @@ -26,7 +26,7 @@
  • - {% trans 'Assets and asset gruops' %} + {% trans 'Assets and asset groups' %}