merge v3

apps/perms/api/application/application_permission.py

@@ -0,0 +1,67 @@
+# -*- coding: utf-8 -*-
+#
+from rest_framework.response import Response
+from rest_framework.generics import RetrieveAPIView
+
+from perms import serializers
+from perms.models import ApplicationPermission
+from applications.models import Application
+from common.permissions import IsValidUser
+from ..base import BasePermissionViewSet
+
+
+class ApplicationPermissionViewSet(BasePermissionViewSet):
+    """
+    应用授权列表的增删改查API
+    """
+    model = ApplicationPermission
+    serializer_class = serializers.ApplicationPermissionSerializer
+    filterset_fields = {
+        'name': ['exact'],
+        'category': ['exact'],
+        'type': ['exact', 'in'],
+        'from_ticket': ['exact']
+    }
+    search_fields = ['name', 'category', 'type']
+    custom_filter_fields = BasePermissionViewSet.custom_filter_fields + [
+        'application_id', 'application', 'app', 'app_name'
+    ]
+    ordering_fields = ('name',)
+    ordering = ('name',)
+
+    def get_queryset(self):
+        queryset = super().get_queryset().prefetch_related(
+            "applications", "users", "user_groups", "system_users"
+        )
+        return queryset
+
+    def filter_application(self, queryset):
+        app_id = self.request.query_params.get('application_id') or \
+                 self.request.query_params.get('app')
+        app_name = self.request.query_params.get('application') or \
+                   self.request.query_params.get('app_name')
+
+        if app_id:
+            applications = Application.objects.filter(pk=app_id)
+        elif app_name:
+            applications = Application.objects.filter(name=app_name)
+        else:
+            return queryset
+        if not applications:
+            return queryset.none()
+        queryset = queryset.filter(applications__in=applications)
+        return queryset
+
+    def filter_queryset(self, queryset):
+        queryset = super().filter_queryset(queryset)
+        queryset = self.filter_application(queryset)
+        return queryset
+
+
+class ApplicationPermissionActionsApi(RetrieveAPIView):
+    permission_classes = (IsValidUser,)
+
+    def retrieve(self, request, *args, **kwargs):
+        category = request.GET.get('category')
+        actions = ApplicationPermission.get_include_actions_choices(category=category)
+        return Response(data=actions)

apps/perms/api/user_permission/assets/mixin.py

@@ -33,7 +33,9 @@ class UserAllGrantedAssetsQuerysetMixin:
     only_fields = serializers.AssetGrantedSerializer.Meta.only_fields
     pagination_class = AllGrantedAssetPagination
     user: User
-
+    ordering_fields = ("hostname", "ip", "port", "cpu_cores")
+    ordering = ('hostname', )
+    
     def get_queryset(self):
         if getattr(self, 'swagger_fake_view', False):
             return Asset.objects.none()

apps/perms/notifications.py

@@ -1,4 +1,7 @@
+<<<<<<< HEAD
 
+=======
+>>>>>>> origin
 from django.utils.translation import ugettext as _
 from django.template.loader import render_to_string
 
@@ -10,7 +13,7 @@ class PermedAssetsWillExpireUserMsg(UserMessage):
     def __init__(self, user, assets, day_count=0):
         super().__init__(user)
         self.assets = assets
-        self.day_count = day_count
+        self.day_count = _('today') if day_count == 0 else day_count
 
     def get_html_msg(self) -> dict:
         subject = _("You permed assets is about to expire")
@@ -42,7 +45,7 @@ class AssetPermsWillExpireForOrgAdminMsg(UserMessage):
         super().__init__(user)
         self.perms = perms
         self.org = org
-        self.day_count = day_count
+        self.day_count = _('today') if day_count == 0 else day_count
 
     def get_items_with_url(self):
         items_with_url = []
@@ -50,7 +53,7 @@ class AssetPermsWillExpireForOrgAdminMsg(UserMessage):
             url = js_reverse(
                 'perms:asset-permission-detail',
                 kwargs={'pk': perm.id}, external=True,
-                api_to_ui=True
+                api_to_ui=True, is_console=True
             ) + f'?oid={perm.org_id}'
             items_with_url.append([perm.name, url])
         return items_with_url
@@ -60,7 +63,7 @@ class AssetPermsWillExpireForOrgAdminMsg(UserMessage):
         subject = _("Asset permissions is about to expire")
         context = {
             'name': self.user.name,
-            'count': self.day_count,
+            'count': str(self.day_count),
             'items_with_url': items_with_url,
             'item_type': _('asset permissions of organization {}').format(self.org)
         }
@@ -80,3 +83,81 @@ class AssetPermsWillExpireForOrgAdminMsg(UserMessage):
         perms = AssetPermission.objects.all()[:10]
         org = Organization.objects.first()
         return cls(user, perms, org)
+<<<<<<< HEAD
+=======
+
+
+class PermedAppsWillExpireUserMsg(UserMessage):
+    def __init__(self, user, apps, day_count=0):
+        super().__init__(user)
+        self.apps = apps
+        self.day_count = _('today') if day_count == 0 else day_count
+
+    def get_html_msg(self) -> dict:
+        subject = _("Your permed applications is about to expire")
+        context = {
+            'name': self.user.name,
+            'count': str(self.day_count),
+            'item_type': _('permed applications'),
+            'items': [str(app) for app in self.apps]
+        }
+        message = render_to_string('perms/_msg_permed_items_expire.html', context)
+        return {
+            'subject': subject,
+            'message': message
+        }
+
+    @classmethod
+    def gen_test_msg(cls):
+        from users.models import User
+        from applications.models import Application
+
+        user = User.objects.first()
+        apps = Application.objects.all()[:10]
+        return cls(user, apps)
+
+
+class AppPermsWillExpireForOrgAdminMsg(UserMessage):
+    def __init__(self, user, perms, org, day_count=0):
+        super().__init__(user)
+        self.perms = perms
+        self.org = org
+        self.day_count = _('today') if day_count == 0 else day_count
+
+    def get_items_with_url(self):
+        items_with_url = []
+        for perm in self.perms:
+            url = js_reverse(
+                'perms:application-permission-detail',
+                kwargs={'pk': perm.id}, external=True,
+                api_to_ui=True, is_console=True
+            ) + f'?oid={perm.org_id}'
+            items_with_url.append([perm.name, url])
+        return items_with_url
+
+    def get_html_msg(self) -> dict:
+        items = self.get_items_with_url()
+        subject = _('Application permissions is about to expire')
+        context = {
+            'name': self.user.name,
+            'count': str(self.day_count),
+            'item_type': _('application permissions of organization {}').format(self.org),
+            'items_with_url': items
+        }
+        message = render_to_string('perms/_msg_item_permissions_expire.html', context)
+        return {
+            'subject': subject,
+            'message': message
+        }
+
+    @classmethod
+    def gen_test_msg(cls):
+        from users.models import User
+        from perms.models import ApplicationPermission
+        from orgs.models import Organization
+
+        user = User.objects.first()
+        perms = ApplicationPermission.objects.all()[:10]
+        org = Organization.objects.first()
+        return cls(user, perms, org)
+>>>>>>> origin

apps/perms/tasks.py

@@ -72,7 +72,7 @@ def check_asset_permission_will_expired():
 
     for asset_perm in asset_perms:
         date_expired = dt_parser(asset_perm.date_expired)
-        remain_days = (end - date_expired).days
+        remain_days = (date_expired - start).days
 
         org = asset_perm.org
         # 资产授权按照组织分类
@@ -100,3 +100,51 @@ def check_asset_permission_will_expired():
             org_admins = org.admins.all()
             for org_admin in org_admins:
                 AssetPermsWillExpireForOrgAdminMsg(org_admin, perms, org, day_count).publish_async()
+<<<<<<< HEAD
+=======
+
+
+@register_as_period_task(crontab='0 10 * * *')
+@shared_task()
+@atomic()
+@tmp_to_root_org()
+def check_app_permission_will_expired():
+    start = local_now()
+    end = start + timedelta(days=3)
+
+    app_perms = ApplicationPermission.objects.filter(
+        date_expired__gte=start,
+        date_expired__lte=end
+    ).distinct()
+
+    user_app_remain_day_mapper = defaultdict(dict)
+    org_perm_remain_day_mapper = defaultdict(dict)
+
+    for app_perm in app_perms:
+        date_expired = dt_parser(app_perm.date_expired)
+        remain_days = (date_expired - start).days
+
+        org = app_perm.org
+        if org in org_perm_remain_day_mapper[remain_days]:
+            org_perm_remain_day_mapper[remain_days][org].add(app_perm)
+        else:
+            org_perm_remain_day_mapper[remain_days][org] = {app_perm, }
+
+        users = app_perm.get_all_users()
+        apps = app_perm.applications.all()
+        for u in users:
+            if u in user_app_remain_day_mapper[remain_days]:
+                user_app_remain_day_mapper[remain_days][u].update(apps)
+            else:
+                user_app_remain_day_mapper[remain_days][u] = set(apps)
+
+    for day_count, user_app_mapper in user_app_remain_day_mapper.items():
+        for user, apps in user_app_mapper.items():
+            PermedAppsWillExpireUserMsg(user, apps, day_count).publish_async()
+
+    for day_count, org_perm_mapper in org_perm_remain_day_mapper.items():
+        for org, perms in org_perm_mapper.items():
+            org_admins = org.admins.all()
+            for org_admin in org_admins:
+                AppPermsWillExpireForOrgAdminMsg(org_admin, perms, org, day_count).publish_async()
+>>>>>>> origin

apps/perms/urls/application_permission.py

@@ -0,0 +1,50 @@
+# coding: utf-8
+#
+
+from django.urls import path, include
+from rest_framework_bulk.routes import BulkRouter
+from .. import api
+
+
+router = BulkRouter()
+router.register('application-permissions', api.ApplicationPermissionViewSet, 'application-permission')
+router.register('application-permissions-users-relations', api.ApplicationPermissionUserRelationViewSet, 'application-permissions-users-relation')
+router.register('application-permissions-user-groups-relations', api.ApplicationPermissionUserGroupRelationViewSet, 'application-permissions-user-groups-relation')
+router.register('application-permissions-applications-relations', api.ApplicationPermissionApplicationRelationViewSet, 'application-permissions-application-relation')
+router.register('application-permissions-system-users-relations', api.ApplicationPermissionSystemUserRelationViewSet, 'application-permissions-system-users-relation')
+
+user_permission_urlpatterns = [
+    path('<uuid:pk>/applications/', api.UserAllGrantedApplicationsApi.as_view(), name='user-applications'),
+    path('applications/', api.MyAllGrantedApplicationsApi.as_view(), name='my-applications'),
+
+    # Application As Tree
+    path('<uuid:pk>/applications/tree/', api.UserAllGrantedApplicationsAsTreeApi.as_view(), name='user-applications-as-tree'),
+    path('applications/tree/', api.MyAllGrantedApplicationsAsTreeApi.as_view(), name='my-applications-as-tree'),
+
+    # Application System Users
+    path('<uuid:pk>/applications/<uuid:application_id>/system-users/', api.UserGrantedApplicationSystemUsersApi.as_view(), name='user-application-system-users'),
+    path('applications/<uuid:application_id>/system-users/', api.MyGrantedApplicationSystemUsersApi.as_view(), name='my-application-system-users'),
+]
+
+user_group_permission_urlpatterns = [
+    path('<uuid:pk>/applications/', api.UserGroupGrantedApplicationsApi.as_view(), name='user-group-applications'),
+]
+
+permission_urlpatterns = [
+    # 授权规则中授权的用户和应用
+    path('<uuid:pk>/applications/all/', api.ApplicationPermissionAllApplicationListApi.as_view(), name='application-permission-all-applications'),
+    path('<uuid:pk>/users/all/', api.ApplicationPermissionAllUserListApi.as_view(), name='application-permission-all-users'),
+
+    # 验证用户是否有某个应用的权限
+    path('user/validate/', api.ValidateUserApplicationPermissionApi.as_view(), name='validate-user-application-permission'),
+
+    path('applications/actions/', api.ApplicationPermissionActionsApi.as_view(), name='application-actions'),
+]
+
+application_permission_urlpatterns = [
+    path('users/', include(user_permission_urlpatterns)),
+    path('user-groups/', include(user_group_permission_urlpatterns)),
+    path('application-permissions/', include(permission_urlpatterns))
+]
+
+application_permission_urlpatterns += router.urls