Add user permission select

apps/perms/models.py

@@ -24,7 +24,7 @@ class AssetPermission(models.Model):
     comment = models.TextField(verbose_name=_('Comment'), blank=True)
 
     def __unicode__(self):
-        return '%(name)s: %(action)s' % {'name': self.name, 'action': self.action}
+        return self.name
 
     @property
     def is_valid(self):

apps/perms/utils.py

@@ -1,56 +1,73 @@
 from __future__ import absolute_import, unicode_literals
 
-from .models import AssetPermission
 from .hands import User, UserGroup, Asset, AssetGroup, SystemUser
-from common.utils import combine_seq
 
 
-def get_asset_groups_denied_by_user_group(user_group):
-    pass
-
-
-def get_asset_groups_granted_by_user_group(user_group):
+def get_user_group_granted_asset_groups(user_group):
     """Return asset groups granted of the user group
 
-        :param user_group: Instance of :class: ``UserGroup``
-        :return: {asset_group1: {system_user1, }, asset_group2: {system_user1, system_user2]}
+     :param user_group: Instance of :class: ``UserGroup``
+     :return: {asset_group1: {system_user1, }, asset_group2: {system_user1, system_user2]}
     """
     asset_groups = {}
-
-    if not isinstance(user_group, UserGroup):
-        return asset_groups
-
     asset_permissions = user_group.asset_permissions.all()
+
     for asset_permission in asset_permissions:
         if not asset_permission.is_valid:
             continue
         for asset_group in asset_permission.asset_groups.all():
             if asset_group in asset_groups:
-                asset_groups[asset_group].union(set(asset_permission.system_users.all()))
+                asset_groups[asset_group] |= set(asset_permission.system_users.all())
             else:
                 asset_groups[asset_group] = set(asset_permission.system_users.all())
+
     return asset_groups
 
 
-def get_assets_granted_by_user_group(user_group):
+def get_user_group_granted_assets(user_group):
     """Return assets granted of the user group
 
-        :param user_group: Instance of :class: ``UserGroup``
-        :return: {asset1: {system_user1, }, asset1: {system_user1, system_user2]}
+    :param user_group: Instance of :class: ``UserGroup``
+    :return: {asset1: {system_user1, }, asset1: {system_user1, system_user2]}
     """
     assets = {}
-    if not isinstance(user_group, UserGroup):
-        return assets
-
     asset_permissions = user_group.asset_permissions.all()
+
     for asset_permission in asset_permissions:
-        for asset in asset_permission.get_granted_assets:
+        if not asset_permission.is_valid:
+            continue
+        for asset in asset_permission.get_granted_assets():
             if asset in assets:
-                pass
+                assets[asset] |= set(asset_permission.system_users.all())
+            else:
+                assets[asset] = set(asset_permission.system_users.all())
+
+    return assets
 
 
-def get_asset_groups_granted_by_user(user):
-    """Return asset groups granted of the user
+def get_user_granted_asset_groups_direct(user):
+    """Return asset groups granted of the user direct nor inherit from user group
+
+        :param user: Instance of :class: ``User``
+        :return: {asset_group: {system_user1, }, asset_group2: {system_user1, system_user2]}
+        """
+    asset_groups = {}
+    asset_permissions_direct = user.asset_permissions.all()
+
+    for asset_permission in asset_permissions_direct:
+        if not asset_permission.is_valid:
+            continue
+        for asset_group in asset_permission.asset_groups.all():
+            if asset_group in asset_groups:
+                asset_groups[asset_group] |= set(asset_permission.system_users.all())
+            else:
+                asset_groups[asset_group] = set(asset_permission.system_users.all())
+
+    return asset_groups
+
+
+def get_user_granted_asset_groups_inherit_from_user_groups(user):
+    """Return asset groups granted of the user and inherit from user group
 
     :param user: Instance of :class: ``User``
     :return: {asset_group: {system_user1, }, asset_group2: {system_user1, system_user2]}
@@ -60,25 +77,100 @@ def get_asset_groups_granted_by_user(user):
     if not isinstance(user, User):
         return asset_groups
 
-    asset_permissions = user.asset_permissions.all()
+    user_groups = user.groups.all()
+    asset_permissions = set()
 
+    # Get asset permission list of user groups for this user
+    for user_group in user_groups:
+        asset_permissions |= set(user_group.asset_permissions.all())
+
+    # Get asset groups granted from user groups
     for asset_permission in asset_permissions:
+        if not asset_permission.is_valid:
+            continue
         for asset_group in asset_permission.asset_groups.all():
             if asset_group in asset_groups:
-                asset_groups[asset_group].union(set(asset_permission.system_users.all()))
+                asset_groups[asset_group] |= set(asset_permission.system_users.all())
             else:
                 asset_groups[asset_group] = set(asset_permission.system_users.all())
 
     return asset_groups
 
 
-def get_assets_granted_by_user(user):
+def get_user_granted_asset_groups(user):
+    """Get user granted asset groups all, include direct and inherit from user group
+
+    :param user: Instance of :class: ``User``
+    :return: {asset1: {system_user1, system_user2}, asset2: {...}}
+    """
+
+    asset_groups_inherit_from_user_groups = get_user_granted_asset_groups_inherit_from_user_groups(user)
+    asset_groups_direct = get_user_granted_asset_groups_direct(user)
+    asset_groups = asset_groups_inherit_from_user_groups
+
+    # Merge direct granted and inherit from user group
+    for asset_group, system_users in asset_groups_direct.items():
+        if asset_group in asset_groups:
+            asset_groups[asset_group] |= asset_groups_direct[asset_group]
+        else:
+            asset_groups[asset_group] = asset_groups_direct[asset_group]
+
+    return asset_groups
+
+
+def get_user_granted_assets_direct(user):
+    """Return assets granted of the user directly
+
+     :param user: Instance of :class: ``User``
+     :return: {asset1: {system_user1, system_user2}, asset2: {...}}
+    """
+    assets = {}
+    asset_permissions_direct = user.asset_permissions.all()
+
+    for asset_permission in asset_permissions_direct:
+        if not asset_permission.is_valid:
+            continue
+        for asset in asset_permission.get_granted_assets():
+            if asset in assets:
+                assets[asset] |= set(asset_permission.system_users.all())
+            else:
+                assets[asset] = set(asset_permission.system_users.all())
+
+    return assets
+
+
+def get_user_granted_assets_inherit_from_user_groups(user):
     """Return all assets granted of the user
 
     :param user: Instance of :class: ``User``
     :return: {asset1: {system_user1, system_user2}, asset2: {...}}
     """
-    pass
+    assets = {}
+    user_groups = user.groups.all()
+
+    for user_group in user_groups:
+        assets_inherited = get_user_group_granted_assets(user_group)
+        for asset in assets_inherited:
+            if asset in assets:
+                assets[asset] |= assets_inherited[asset]
+            else:
+                assets[asset] = assets_inherited[asset]
+
+    return assets
+
+
+def get_user_granted_assets(user):
+    assets_direct = get_user_granted_assets_direct(user)
+    assets_inherited = get_user_granted_assets_inherit_from_user_groups(user)
+    assets = assets_inherited
+
+    for asset in assets_direct:
+        if asset in assets:
+            assets[asset] |= assets_direct[asset]
+        else:
+            assets[asset] = assets_direct[asset]
+
+    return assets
 
 
 def get_user_groups_granted_in_asset(asset):