feat: 为rdp 添加一个api

apps/perms/api/application/user_permission/common.py

@@ -11,6 +11,7 @@ from rest_framework.generics import (
 from orgs.utils import tmp_to_root_org
 from applications.models import Application
 from perms.utils.application.permission import (
+    has_application_system_permission,
     get_application_system_users_id
 )
 from perms.api.asset.user_permission.mixin import RoleAdminMixin, RoleUserMixin
@@ -71,8 +72,7 @@ class ValidateUserApplicationPermissionApi(APIView):
         application = get_object_or_404(Application, id=application_id)
         system_user = get_object_or_404(SystemUser, id=system_user_id)
 
-        system_users_id = get_application_system_users_id(user, application)
-        if system_user.id in system_users_id:
+        if has_application_system_permission(user, application, system_user):
             return Response({'msg': True}, status=200)
 
         return Response({'msg': False}, status=403)

apps/perms/signals_handler/common.py

@@ -128,12 +128,10 @@ def on_asset_permission_user_groups_changed(instance, action, pk_set, model,
 
 @receiver(m2m_changed, sender=ApplicationPermission.system_users.through)
 def on_application_permission_system_users_changed(sender, instance: ApplicationPermission, action, reverse, pk_set, **kwargs):
-    if not instance.category_remote_app:
-        return
-
     if reverse:
         raise M2MReverseNotAllowed
-
+    if not instance.category_remote_app:
+        return
     if action != POST_ADD:
         return
 
@@ -156,12 +154,12 @@ def on_application_permission_system_users_changed(sender, instance: Application
 
 @receiver(m2m_changed, sender=ApplicationPermission.users.through)
 def on_application_permission_users_changed(sender, instance, action, reverse, pk_set, **kwargs):
-    if not instance.category_remote_app:
-        return
-
     if reverse:
         raise M2MReverseNotAllowed
 
+    if not instance.category_remote_app:
+        return
+
     if action != POST_ADD:
         return
 
@@ -176,12 +174,10 @@ def on_application_permission_users_changed(sender, instance, action, reverse, p
 
 @receiver(m2m_changed, sender=ApplicationPermission.user_groups.through)
 def on_application_permission_user_groups_changed(sender, instance, action, reverse, pk_set, **kwargs):
-    if not instance.category_remote_app:
-        return
-
     if reverse:
         raise M2MReverseNotAllowed
-
+    if not instance.category_remote_app:
+        return
     if action != POST_ADD:
         return
 
@@ -196,12 +192,12 @@ def on_application_permission_user_groups_changed(sender, instance, action, reve
 
 @receiver(m2m_changed, sender=ApplicationPermission.applications.through)
 def on_application_permission_applications_changed(sender, instance, action, reverse, pk_set, **kwargs):
-    if not instance.category_remote_app:
-        return
-
     if reverse:
         raise M2MReverseNotAllowed
 
+    if not instance.category_remote_app:
+        return
+
     if action != POST_ADD:
         return
 

apps/perms/utils/application/permission.py

@@ -7,8 +7,14 @@ logger = get_logger(__file__)
 
 
 def get_application_system_users_id(user, application):
-    queryset = ApplicationPermission.objects\
-        .filter(Q(users=user) | Q(user_groups__users=user), Q(applications=application))\
-        .valid()\
-        .values_list('system_users', flat=True)
+    queryset = ApplicationPermission.objects.valid()\
+        .filter(
+            Q(users=user) | Q(user_groups__users=user),
+            Q(applications=application)
+        ).values_list('system_users', flat=True)
     return queryset
+
+
+def has_application_system_permission(user, application, system_user):
+    system_users_id = get_application_system_users_id(user, application)
+    return system_user.id in system_users_id

apps/perms/utils/asset/permission.py

@@ -4,7 +4,7 @@ from django.db.models import Q
 
 from common.utils import get_logger
 from perms.models import AssetPermission
-from perms.hands import Asset, User, UserGroup
+from perms.hands import Asset, User, UserGroup, SystemUser
 from perms.models.base import BasePermissionQuerySet
 
 logger = get_logger(__file__)
@@ -19,10 +19,8 @@ def get_asset_system_users_id_with_actions(asset_perm_queryset: BasePermissionQu
         ancestor_keys = node.get_ancestor_keys(with_self=True)
         node_keys.update(ancestor_keys)
 
-    queryset = AssetPermission.objects.filter(id__in=asset_perms_id).filter(
-        Q(assets=asset) |
-        Q(nodes__key__in=node_keys)
-    )
+    queryset = AssetPermission.objects.filter(id__in=asset_perms_id)\
+        .filter(Q(assets=asset) | Q(nodes__key__in=node_keys))
 
     asset_protocols = asset.protocols_as_dict.keys()
     values = queryset.filter(
@@ -44,8 +42,14 @@ def get_asset_system_users_id_with_actions_by_user(user: User, asset: Asset):
     return get_asset_system_users_id_with_actions(queryset, asset)
 
 
+def has_asset_system_permission(user: User, asset: Asset, system_user: SystemUser):
+    systemuser_actions_mapper = get_asset_system_users_id_with_actions_by_user(user, asset)
+    actions = systemuser_actions_mapper.get(system_user.id, [])
+    if actions:
+        return True
+    return False
+
+
 def get_asset_system_users_id_with_actions_by_group(group: UserGroup, asset: Asset):
-    queryset = AssetPermission.objects.filter(
-        user_groups=group
-    ).valid()
+    queryset = AssetPermission.objects.filter(user_groups=group).valid()
     return get_asset_system_users_id_with_actions(queryset, asset)