refactor: 重构资产授权工具、资产授权账号工具类

apps/perms/utils/account.py

@@ -1,22 +1,20 @@
 from collections import defaultdict
 from assets.models import Account
-from perms.models import AssetPermission
+from .permission import AssetPermissionUtil
 
 
-class PermAccountUtil(object):
+class PermAccountUtil(AssetPermissionUtil):
-    """ 授权账号查询工具 """
+    """ 资产授权账号相关的工具 """
-
-    # Accounts
 
     def get_user_perm_asset_accounts(self, user, asset, with_actions=False):
         """ 获取授权给用户某个资产的账号 """
-        perms = self.get_user_asset_permissions(user, asset)
+        perms = self.get_permissions_for_user_asset(user, asset)
         accounts = self.get_permissions_accounts(perms, with_actions=with_actions)
         return accounts
 
     def get_user_perm_accounts(self, user, with_actions=False):
         """ 获取授权给用户的所有账号 """
-        perms = self.get_user_permissions(user)
+        perms = self.get_permissions_for_user(user)
         accounts = self.get_permissions_accounts(perms, with_actions=with_actions)
         return accounts
 
@@ -35,49 +33,3 @@ class PermAccountUtil(object):
                 account.actions = aid_actions_map.get(str(account.id))
         return accounts
 
-    # Permissions
-
-    def get_user_asset_permissions(self, user, asset):
-        """ 获取同时包含用户、资产的授权规则 """
-        user_perm_ids = self.get_user_permissions(user, flat=True)
-        asset_perm_ids = self.get_asset_permissions(asset, flat=True)
-        perm_ids = set(user_perm_ids) & set(asset_perm_ids)
-        perms = AssetPermission.objects.filter(id__in=perm_ids)
-        return perms
-
-    def get_user_permissions(self, user, with_group=True, flat=False):
-        """ 获取用户的授权规则 """
-        perm_ids = set()
-        # user
-        user_perm_ids = AssetPermission.users.through.objects.filter(user_id=user.id)\
-            .values_list('assetpermission_id', flat=True).distinct()
-        perm_ids.update(user_perm_ids)
-        # group
-        if with_group:
-            groups = user.groups.all()
-            group_perm_ids = self.get_user_groups_permissions(groups, flat=True)
-            perm_ids.update(group_perm_ids)
-        if flat:
-            return perm_ids
-        perms = AssetPermission.objects.filter(id__in=perm_ids)
-        return perms
-
-    @staticmethod
-    def get_user_groups_permissions(user_groups, flat=False):
-        """ 获取用户组的授权规则 """
-        group_ids = user_groups.values_list('id', flat=True).distinct()
-        perm_ids = AssetPermission.user_groups.through.objects.filter(usergroup_id__in=group_ids) \
-            .values_list('assetpermission_id', flat=True).distinct()
-        if flat:
-            return perm_ids
-        perms = AssetPermission.objects.filter(id__in=perm_ids)
-        return perms
-
-    def get_asset_permissions(self, asset, flat=False):
-        """ 获取资产的授权规则"""
-        return AssetPermission.objects.all()
-
-    def get_node_permissions(self):
-        """ 获取节点的授权规则 """
-        pass
-

apps/perms/utils/permission.py

@@ -11,6 +11,75 @@ from perms.utils.user_permission import get_user_all_asset_perm_ids
 logger = get_logger(__file__)
 
 
+class AssetPermissionUtil(object):
+    """ 资产授权相关的方法工具 """
+
+    def get_permissions_for_user_asset(self, user, asset):
+        """ 获取同时包含用户、资产的授权规则 """
+        user_perm_ids = self.get_permissions_for_user(user, flat=True)
+        asset_perm_ids = self.get_permissions_for_asset(asset, flat=True)
+        perm_ids = set(user_perm_ids) & set(asset_perm_ids)
+        perms = AssetPermission.objects.filter(id__in=perm_ids)
+        return perms
+
+    def get_permissions_for_user(self, user, with_group=True, flat=False):
+        """ 获取用户的授权规则 """
+        perm_ids = set()
+        # user
+        user_perm_ids = AssetPermission.users.through.objects.filter(user_id=user.id) \
+            .values_list('assetpermission_id', flat=True).distinct()
+        perm_ids.update(user_perm_ids)
+        # group
+        if with_group:
+            groups = user.groups.all()
+            group_perm_ids = self.get_permissions_for_user_groups(groups, flat=True)
+            perm_ids.update(group_perm_ids)
+        if flat:
+            return perm_ids
+        perms = AssetPermission.objects.filter(id__in=perm_ids)
+        return perms
+
+    @staticmethod
+    def get_permissions_for_user_groups(user_groups, flat=False):
+        """ 获取用户组的授权规则 """
+        group_ids = user_groups.values_list('id', flat=True).distinct()
+        group_perm_ids = AssetPermission.user_groups.through.objects.filter(usergroup_id__in=group_ids) \
+            .values_list('assetpermission_id', flat=True).distinct()
+        if flat:
+            return group_perm_ids
+        perms = AssetPermission.objects.filter(id__in=group_perm_ids)
+        return perms
+
+    def get_permissions_for_asset(self, asset, with_node=True, flat=False):
+        """ 获取资产的授权规则"""
+        perm_ids = set()
+        asset_perm_ids = AssetPermission.assets.through.objects.filter(asset_id=asset.id) \
+            .values_list('assetpermission_id', flat=True).distinct()
+        perm_ids.update(asset_perm_ids)
+        if with_node:
+            nodes = asset.get_all_nodes(flat=True)
+            node_perm_ids = self.get_permissions_for_nodes(nodes, flat=True)
+            perm_ids.update(node_perm_ids)
+        if flat:
+            return perm_ids
+        perms = AssetPermission.objects.filter(id__in=perm_ids)
+        return perms
+
+    @staticmethod
+    def get_permissions_for_nodes(nodes, flat=False):
+        """ 获取节点的授权规则 """
+        node_ids = nodes.values_list('id', flat=True).distinct()
+        node_perm_ids = AssetPermission.nodes.through.objects.filter(node_id__in=node_ids) \
+            .values_list('assetpermission_id', flat=True).distinct()
+        if flat:
+            return node_perm_ids
+        perms = AssetPermission.objects.filter(id__in=node_perm_ids)
+        return perms
+
+
+# TODO: 下面的方法放到类中进行实现
+
+
 def validate_permission(user, asset, account, action='connect'):
     asset_perm_ids = get_user_all_asset_perm_ids(user)