Merge pull request #6745 from jumpserver/pr@dev@add_authorization_rule

feat: 授权规则分类管理

apps/perms/const.py

@@ -0,0 +1,9 @@
+# -*- coding: utf-8 -*-
+#
+from django.db.models import TextChoices
+from django.utils.translation import ugettext_lazy as _
+
+
+class AuthorizationRules(TextChoices):
+    manual = 'manual', _('Manual authorization')
+    ticket = 'ticket', _('Ticket authorization')

apps/perms/migrations/0019_auto_20210831_1150.py

@@ -0,0 +1,23 @@
+# Generated by Django 3.1.12 on 2021-08-31 03:50
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('perms', '0018_auto_20210208_1515'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='applicationpermission',
+            name='authorization_rules',
+            field=models.CharField(choices=[('manual', 'Manual authorization'), ('ticket', 'Ticket authorization')], default='manual', max_length=64, verbose_name='Authorization rules'),
+        ),
+        migrations.AddField(
+            model_name='assetpermission',
+            name='authorization_rules',
+            field=models.CharField(choices=[('manual', 'Manual authorization'), ('ticket', 'Ticket authorization')], default='manual', max_length=64, verbose_name='Authorization rules'),
+        ),
+    ]

apps/perms/models/base.py

@@ -11,7 +11,7 @@ from orgs.mixins.models import OrgModelMixin
 from common.db.models import UnionQuerySet
 from common.utils import date_expired_default, lazyproperty
 from orgs.mixins.models import OrgManager
-
+from ..const import AuthorizationRules
 
 __all__ = [
     'BasePermission', 'BasePermissionQuerySet'
@@ -31,11 +31,7 @@ class BasePermissionQuerySet(models.QuerySet):
 
     def invalid(self):
         now = timezone.now()
-        q = (
+        q = (Q(is_active=False) | Q(date_start__gt=now) | Q(date_expired__lt=now))
-            Q(is_active=False) |
-            Q(date_start__gt=now) |
-            Q(date_expired__lt=now)
-        )
         return self.filter(q)
 
 
@@ -48,13 +44,17 @@ class BasePermission(OrgModelMixin):
     id = models.UUIDField(default=uuid.uuid4, primary_key=True)
     name = models.CharField(max_length=128, verbose_name=_('Name'))
     users = models.ManyToManyField('users.User', blank=True, verbose_name=_("User"), related_name='%(class)ss')
-    user_groups = models.ManyToManyField('users.UserGroup', blank=True, verbose_name=_("User group"), related_name='%(class)ss')
+    user_groups = models.ManyToManyField(
+        'users.UserGroup', blank=True, verbose_name=_("User group"), related_name='%(class)ss')
     is_active = models.BooleanField(default=True, verbose_name=_('Active'))
     date_start = models.DateTimeField(default=timezone.now, db_index=True, verbose_name=_("Date start"))
     date_expired = models.DateTimeField(default=date_expired_default, db_index=True, verbose_name=_('Date expired'))
     created_by = models.CharField(max_length=128, blank=True, verbose_name=_('Created by'))
     date_created = models.DateTimeField(auto_now_add=True, verbose_name=_('Date created'))
     comment = models.TextField(verbose_name=_('Comment'), blank=True)
+    authorization_rules = models.CharField(
+        max_length=64, default=AuthorizationRules.manual, choices=AuthorizationRules.choices,
+        verbose_name=_('Authorization rules'))
 
     objects = BasePermissionManager.from_queryset(BasePermissionQuerySet)()
 

apps/perms/serializers/application/permission.py

@@ -13,6 +13,8 @@ __all__ = [
 
 
 class ApplicationPermissionSerializer(BulkOrgResourceModelSerializer):
+    authorization_rules_display = serializers.ReadOnlyField(
+        source='get_authorization_rules_display', label=_('Authorization rules'))
     category_display = serializers.ReadOnlyField(source='get_category_display', label=_('Category display'))
     type_display = serializers.ReadOnlyField(source='get_type_display', label=_('Type display'))
     is_valid = serializers.BooleanField(read_only=True, label=_('Is valid'))
@@ -24,7 +26,7 @@ class ApplicationPermissionSerializer(BulkOrgResourceModelSerializer):
         fields_small = fields_mini + [
             'category', 'category_display', 'type', 'type_display',
             'is_active', 'is_expired', 'is_valid',
-            'created_by', 'date_created', 'date_expired', 'date_start', 'comment'
+            'created_by', 'date_created', 'date_expired', 'date_start', 'comment', 'authorization_rules_display'
         ]
         fields_m2m = [
             'users', 'user_groups', 'applications', 'system_users',

apps/perms/serializers/asset/permission.py

@@ -39,6 +39,8 @@ class ActionsDisplayField(ActionsField):
 
 class AssetPermissionSerializer(BulkOrgResourceModelSerializer):
     actions = ActionsField(required=False, allow_null=True, label=_("Actions"))
+    authorization_rules_display = serializers.ReadOnlyField(
+        source='get_authorization_rules_display', label=_('Authorization rules'))
     is_valid = serializers.BooleanField(read_only=True, label=_("Is valid"))
     is_expired = serializers.BooleanField(read_only=True, label=_('Is expired'))
     users_display = serializers.ListField(child=serializers.CharField(), label=_('Users display'), required=False)
@@ -53,7 +55,7 @@ class AssetPermissionSerializer(BulkOrgResourceModelSerializer):
         fields_small = fields_mini + [
             'is_active', 'is_expired', 'is_valid', 'actions',
             'created_by', 'date_created', 'date_expired',
-            'date_start', 'comment'
+            'date_start', 'comment', 'authorization_rules_display'
         ]
         fields_m2m = [
             'users', 'users_display', 'user_groups', 'user_groups_display', 'assets',

apps/tickets/handler/apply_application.py

@@ -3,6 +3,7 @@ from orgs.utils import tmp_to_org, tmp_to_root_org
 from applications.const import AppCategory, AppType
 from applications.models import Application
 from perms.models import ApplicationPermission
+from perms.const import AuthorizationRules
 from assets.models import SystemUser
 
 from .base import BaseHandler
@@ -89,6 +90,7 @@ class Handler(BaseHandler):
         permissions_data = {
             'id': self.ticket.id,
             'name': apply_permission_name,
+            'authorization_rules': AuthorizationRules.ticket,
             'category': apply_category,
             'type': apply_type,
             'comment': str(permission_comment),

apps/tickets/handler/apply_asset.py

@@ -5,6 +5,7 @@ from .base import BaseHandler
 from django.utils.translation import ugettext as _
 
 from perms.models import AssetPermission, Action
+from perms.const import AuthorizationRules
 from orgs.utils import tmp_to_org, tmp_to_root_org
 
 
@@ -83,6 +84,7 @@ class Handler(BaseHandler):
         permission_data = {
             'id': self.ticket.id,
             'name': apply_permission_name,
+            'authorization_rules': AuthorizationRules.ticket,
             'comment': str(permission_comment),
             'created_by': permission_created_by,
             'actions': apply_actions,

apps/tickets/migrations/0010_auto_20210812_1618.py

@@ -108,7 +108,7 @@ class Migration(migrations.Migration):
                 ('strategy', models.CharField(
                     choices=[('super_admin', 'Super admin'), ('org_admin', 'Org admin'), ('super_org_admin', 'Super admin and org admin'),
                              ('custom_user', 'Custom user')],
-                    default='super', max_length=64, verbose_name='Approve strategy')),
+                    default='super_admin', max_length=64, verbose_name='Approve strategy')),
                 ('assignees_display', models.JSONField(default=list, encoder=common.db.encoder.ModelJSONFieldEncoder,
                                                        verbose_name='Assignees display')),
                 ('assignees',