From a27aeca2fd2203ef382d8ed570932cbce9706191 Mon Sep 17 00:00:00 2001 From: "Jiangjie.Bai" Date: Wed, 7 Sep 2022 17:35:23 +0800 Subject: [PATCH] =?UTF-8?q?refactor:=20=E4=BF=AE=E6=94=B9=E6=8E=88?= =?UTF-8?q?=E6=9D=83=E7=9B=B8=E5=85=B3Model,Serializer,API=E7=BB=93?= =?UTF-8?q?=E6=9E=84?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../serializers/connection_token.py | 2 +- apps/jumpserver/settings/_xpack.py | 3 +- apps/perms/exceptions.py | 14 ----- apps/perms/filters.py | 11 +--- apps/perms/models/asset_permission.py | 5 ++ apps/perms/serializers/__init__.py | 5 +- apps/perms/serializers/asset/__init__.py | 3 - apps/perms/serializers/base.py | 56 ----------------- .../serializers/{asset => }/permission.py | 63 +++++++++++++++---- .../{asset => }/permission_relation.py | 0 .../{asset => }/user_permission.py | 2 +- .../serializers/ticket/apply_application.py | 2 +- .../tickets/serializers/ticket/apply_asset.py | 2 +- 13 files changed, 67 insertions(+), 101 deletions(-) delete mode 100644 apps/perms/exceptions.py delete mode 100644 apps/perms/serializers/asset/__init__.py delete mode 100644 apps/perms/serializers/base.py rename apps/perms/serializers/{asset => }/permission.py (65%) rename apps/perms/serializers/{asset => }/permission_relation.py (100%) rename apps/perms/serializers/{asset => }/user_permission.py (95%) diff --git a/apps/authentication/serializers/connection_token.py b/apps/authentication/serializers/connection_token.py index 4a5b91e5b..0905d5c60 100644 --- a/apps/authentication/serializers/connection_token.py +++ b/apps/authentication/serializers/connection_token.py @@ -7,7 +7,7 @@ from common.utils import pretty_string from common.utils.random import random_string from assets.models import Asset, Gateway, Domain, CommandFilterRule from users.models import User -from perms.serializers.base import ActionsField +from perms.serializers.permission import ActionsField __all__ = [ diff --git a/apps/jumpserver/settings/_xpack.py b/apps/jumpserver/settings/_xpack.py index 9f4319a35..2650e30b9 100644 --- a/apps/jumpserver/settings/_xpack.py +++ b/apps/jumpserver/settings/_xpack.py @@ -6,7 +6,8 @@ from .. import const from .base import INSTALLED_APPS, TEMPLATES XPACK_DIR = os.path.join(const.BASE_DIR, 'xpack') -XPACK_ENABLED = os.path.isdir(XPACK_DIR) +# XPACK_ENABLED = os.path.isdir(XPACK_DIR) +XPACK_ENABLED = False XPACK_TEMPLATES_DIR = [] XPACK_CONTEXT_PROCESSOR = [] diff --git a/apps/perms/exceptions.py b/apps/perms/exceptions.py deleted file mode 100644 index 684a5da88..000000000 --- a/apps/perms/exceptions.py +++ /dev/null @@ -1,14 +0,0 @@ -from rest_framework import status -from django.utils.translation import gettext_lazy as _ - -from common.exceptions import JMSException - - -class AdminIsModifyingPerm(JMSException): - status_code = status.HTTP_409_CONFLICT - default_detail = _('The administrator is modifying permissions. Please wait') - - -class CanNotRemoveAssetPermNow(JMSException): - status_code = status.HTTP_409_CONFLICT - default_detail = _('The authorization cannot be revoked for the time being') diff --git a/apps/perms/filters.py b/apps/perms/filters.py index c890dbcba..ee3c03e91 100644 --- a/apps/perms/filters.py +++ b/apps/perms/filters.py @@ -183,22 +183,15 @@ class AssetPermissionFilter(PermissionBaseFilter): if is_effective: have_user_q = Q(users__isnull=False) | Q(user_groups__isnull=False) have_asset_q = Q(assets__isnull=False) | Q(nodes__isnull=False) - have_system_user_q = Q(system_users__isnull=False) have_action_q = Q(actions__gt=0) - queryset = queryset.filter( - have_user_q & have_asset_q & have_system_user_q & have_action_q - ) + queryset = queryset.filter(have_user_q & have_asset_q & have_action_q) queryset &= AssetPermission.objects.valid() else: not_have_user_q = Q(users__isnull=True) & Q(user_groups__isnull=True) not_have_asset_q = Q(assets__isnull=True) & Q(nodes__isnull=True) - not_have_system_user_q = Q(system_users__isnull=True) not_have_action_q = Q(actions=0) - queryset = queryset.filter( - not_have_user_q | not_have_asset_q | not_have_system_user_q | - not_have_action_q - ) + queryset = queryset.filter(not_have_user_q | not_have_asset_q | not_have_action_q) queryset |= AssetPermission.objects.invalid() return queryset diff --git a/apps/perms/models/asset_permission.py b/apps/perms/models/asset_permission.py index bf70e9b6f..04b90c0ca 100644 --- a/apps/perms/models/asset_permission.py +++ b/apps/perms/models/asset_permission.py @@ -89,6 +89,11 @@ class AssetPermission(OrgModelMixin): user_groups = models.ManyToManyField('users.UserGroup', blank=True, verbose_name=_("User group"), related_name='%(class)ss') assets = models.ManyToManyField('assets.Asset', related_name='granted_by_permissions', blank=True, verbose_name=_("Asset")) nodes = models.ManyToManyField('assets.Node', related_name='granted_by_permissions', blank=True, verbose_name=_("Nodes")) + # 只保存 @ALL (@INPUT @USER 默认包含,将来在全局设置中进行控制) + # 特殊的账号描述 + # ['@ALL',] + # 指定账号授权 + # ['web', 'root',] accounts = models.JSONField(default=list, verbose_name=_("Accounts")) actions = models.IntegerField(choices=Action.DB_CHOICES, default=Action.ALL, verbose_name=_("Actions")) is_active = models.BooleanField(default=True, verbose_name=_('Active')) diff --git a/apps/perms/serializers/__init__.py b/apps/perms/serializers/__init__.py index 39f7912a3..a28be49ec 100644 --- a/apps/perms/serializers/__init__.py +++ b/apps/perms/serializers/__init__.py @@ -1,4 +1,5 @@ # coding: utf-8 # -from .base import * -from .asset import * +from .permission import * +from .permission_relation import * +from .user_permission import * diff --git a/apps/perms/serializers/asset/__init__.py b/apps/perms/serializers/asset/__init__.py deleted file mode 100644 index 5fb99849f..000000000 --- a/apps/perms/serializers/asset/__init__.py +++ /dev/null @@ -1,3 +0,0 @@ -from .permission import * -from .permission_relation import * -from .user_permission import * diff --git a/apps/perms/serializers/base.py b/apps/perms/serializers/base.py deleted file mode 100644 index cbed4a2f8..000000000 --- a/apps/perms/serializers/base.py +++ /dev/null @@ -1,56 +0,0 @@ -from rest_framework import serializers -from perms.models import Action -from orgs.mixins.serializers import BulkOrgResourceModelSerializer -from rest_framework.fields import empty - -__all__ = ['ActionsDisplayField', 'ActionsField', 'BasePermissionSerializer'] - - -class ActionsField(serializers.MultipleChoiceField): - def __init__(self, *args, **kwargs): - kwargs['choices'] = Action.CHOICES - super().__init__(*args, **kwargs) - - def run_validation(self, data=empty): - data = super(ActionsField, self).run_validation(data) - if isinstance(data, list): - data = Action.choices_to_value(value=data) - return data - - def to_representation(self, value): - return Action.value_to_choices(value) - - def to_internal_value(self, data): - if not self.allow_empty and not data: - self.fail('empty') - - if not data: - return data - - return Action.choices_to_value(data) - - -class ActionsDisplayField(ActionsField): - def to_representation(self, value): - values = super().to_representation(value) - choices = dict(Action.CHOICES) - return [choices.get(i) for i in values] - - -class BasePermissionSerializer(BulkOrgResourceModelSerializer): - - def __init__(self, *args, **kwargs): - super().__init__(*args, **kwargs) - self.set_actions_field() - - def set_actions_field(self): - actions = self.fields.get('actions') - if not actions: - return - choices = actions._choices - choices = self._filter_actions_choices(choices) - actions._choices = choices - actions.default = list(choices.keys()) - - def _filter_actions_choices(self, choices): - return choices diff --git a/apps/perms/serializers/asset/permission.py b/apps/perms/serializers/permission.py similarity index 65% rename from apps/perms/serializers/asset/permission.py rename to apps/perms/serializers/permission.py index 490b9e57a..5a4bf5105 100644 --- a/apps/perms/serializers/asset/permission.py +++ b/apps/perms/serializers/permission.py @@ -2,50 +2,89 @@ # from rest_framework import serializers +from rest_framework.fields import empty from django.utils.translation import ugettext_lazy as _ from django.db.models import Q -from perms.models import AssetPermission, Action from assets.models import Asset, Node from users.models import User, UserGroup -from ..base import ActionsField, BasePermissionSerializer +from perms.models import AssetPermission, Action +from orgs.mixins.serializers import BulkOrgResourceModelSerializer -__all__ = ['AssetPermissionSerializer'] +__all__ = ['AssetPermissionSerializer', 'ActionsField'] -class AssetPermissionSerializer(BasePermissionSerializer): +class ActionsField(serializers.MultipleChoiceField): + def __init__(self, **kwargs): + kwargs['choices'] = Action.CHOICES + super().__init__(**kwargs) + + def run_validation(self, data=empty): + data = super(ActionsField, self).run_validation(data) + if isinstance(data, list): + data = Action.choices_to_value(value=data) + return data + + def to_representation(self, value): + return Action.value_to_choices(value) + + def to_internal_value(self, data): + if not self.allow_empty and not data: + self.fail('empty') + if not data: + return data + return Action.choices_to_value(data) + + +class ActionsDisplayField(ActionsField): + def to_representation(self, value): + values = super().to_representation(value) + choices = dict(Action.CHOICES) + return [choices.get(i) for i in values] + + +class AssetPermissionSerializer(BulkOrgResourceModelSerializer): + users_display = serializers.ListField( + child=serializers.CharField(), label=_('Users display'), required=False + ) + user_groups_display = serializers.ListField( + child=serializers.CharField(), label=_('User groups display'), required=False + ) + assets_display = serializers.ListField( + child=serializers.CharField(), label=_('Assets display'), required=False + ) + nodes_display = serializers.ListField( + child=serializers.CharField(), label=_('Nodes display'), required=False + ) actions = ActionsField(required=False, allow_null=True, label=_("Actions")) is_valid = serializers.BooleanField(read_only=True, label=_("Is valid")) is_expired = serializers.BooleanField(read_only=True, label=_('Is expired')) - users_display = serializers.ListField(child=serializers.CharField(), label=_('Users display'), required=False) - user_groups_display = serializers.ListField(child=serializers.CharField(), label=_('User groups display'), required=False) - assets_display = serializers.ListField(child=serializers.CharField(), label=_('Assets display'), required=False) - nodes_display = serializers.ListField(child=serializers.CharField(), label=_('Nodes display'), required=False) class Meta: model = AssetPermission fields_mini = ['id', 'name'] fields_small = fields_mini + [ 'is_active', 'is_expired', 'is_valid', 'actions', + 'accounts', 'created_by', 'date_created', 'date_expired', 'date_start', 'comment', 'from_ticket' ] fields_m2m = [ 'users', 'users_display', 'user_groups', 'user_groups_display', 'assets', - 'assets_display', 'nodes', 'nodes_display', 'accounts', + 'assets_display', 'nodes', 'nodes_display', 'users_amount', 'user_groups_amount', 'assets_amount', 'nodes_amount', ] fields = fields_small + fields_m2m read_only_fields = ['created_by', 'date_created', 'from_ticket'] extra_kwargs = { - 'is_expired': {'label': _('Is expired')}, - 'is_valid': {'label': _('Is valid')}, - 'actions': {'label': _('Actions')}, 'users_amount': {'label': _('Users amount')}, 'user_groups_amount': {'label': _('User groups amount')}, 'assets_amount': {'label': _('Assets amount')}, 'nodes_amount': {'label': _('Nodes amount')}, + 'actions': {'label': _('Actions')}, + 'is_expired': {'label': _('Is expired')}, + 'is_valid': {'label': _('Is valid')}, } @classmethod diff --git a/apps/perms/serializers/asset/permission_relation.py b/apps/perms/serializers/permission_relation.py similarity index 100% rename from apps/perms/serializers/asset/permission_relation.py rename to apps/perms/serializers/permission_relation.py diff --git a/apps/perms/serializers/asset/user_permission.py b/apps/perms/serializers/user_permission.py similarity index 95% rename from apps/perms/serializers/asset/user_permission.py rename to apps/perms/serializers/user_permission.py index c0d9b4c74..f7f541e7a 100644 --- a/apps/perms/serializers/asset/user_permission.py +++ b/apps/perms/serializers/user_permission.py @@ -5,7 +5,7 @@ from rest_framework import serializers from django.utils.translation import ugettext_lazy as _ from assets.models import Node, Asset, Platform -from perms.serializers.base import ActionsField +from perms.serializers.permission import ActionsField __all__ = [ 'NodeGrantedSerializer', diff --git a/apps/tickets/serializers/ticket/apply_application.py b/apps/tickets/serializers/ticket/apply_application.py index 12b3f230d..d70e850a5 100644 --- a/apps/tickets/serializers/ticket/apply_application.py +++ b/apps/tickets/serializers/ticket/apply_application.py @@ -2,7 +2,7 @@ from django.utils.translation import ugettext as _ from rest_framework import serializers from perms.models import ApplicationPermission -from perms.serializers.base import ActionsField +from perms.serializers.permission import ActionsField from orgs.utils import tmp_to_org from applications.models import Application from tickets.models import ApplyApplicationTicket diff --git a/apps/tickets/serializers/ticket/apply_asset.py b/apps/tickets/serializers/ticket/apply_asset.py index 93a4026c1..f2ed156ad 100644 --- a/apps/tickets/serializers/ticket/apply_asset.py +++ b/apps/tickets/serializers/ticket/apply_asset.py @@ -1,7 +1,7 @@ from django.utils.translation import ugettext_lazy as _ from rest_framework import serializers -from perms.serializers.base import ActionsField +from perms.serializers.permission import ActionsField from perms.models import AssetPermission from orgs.utils import tmp_to_org from assets.models import Asset, Node