diff --git a/apps/assets/serializers/asset.py b/apps/assets/serializers/asset.py index 9569b471c..f36aaa9a0 100644 --- a/apps/assets/serializers/asset.py +++ b/apps/assets/serializers/asset.py @@ -161,7 +161,7 @@ class AssetGrantedSerializer(serializers.ModelSerializer): class Meta: model = Asset fields = ( - "id", "hostname", "ip", "protocol", "port", "protocols", + "id", "hostname", "ip", "protocols", "system_users_granted", "is_active", "system_users_join", "os", 'domain', "platform", "comment", "org_id", "org_name", ) diff --git a/apps/perms/api/user_permission.py b/apps/perms/api/user_permission.py index 1b283d6fd..4092fb2f7 100644 --- a/apps/perms/api/user_permission.py +++ b/apps/perms/api/user_permission.py @@ -207,8 +207,7 @@ class UserGrantedNodesWithAssetsApi(UserPermissionCacheMixin, AssetsFilterMixin, for node, _assets in nodes.items(): assets = _assets.keys() for k, v in _assets.items(): - system_users_granted = [s for s in v if k.has_protocol(s.protocol)] - k.system_users_granted = system_users_granted + k.system_users_granted = v node.assets_granted = assets queryset.append(node) return queryset @@ -298,6 +297,7 @@ class UserGrantedNodeAssetsApi(UserPermissionCacheMixin, AssetsFilterMixin, List user = self.get_object() node_id = self.kwargs.get('node_id') util = AssetPermissionUtil(user, cache_policy=self.cache_policy) + nodes = util.get_nodes_with_assets() if str(node_id) == const.UNGROUPED_NODE_ID: node = util.tree.ungrouped_node else: @@ -305,7 +305,6 @@ class UserGrantedNodeAssetsApi(UserPermissionCacheMixin, AssetsFilterMixin, List if node == util.tree.root_node: assets = util.get_assets() else: - nodes = util.get_nodes_with_assets() assets = nodes.get(node, []) for asset, system_users in assets.items(): asset.system_users_granted = system_users diff --git a/apps/perms/urls/api_urls.py b/apps/perms/urls/api_urls.py index ed74f9510..629e6d7a5 100644 --- a/apps/perms/urls/api_urls.py +++ b/apps/perms/urls/api_urls.py @@ -13,6 +13,8 @@ router.register('remote-app-permissions', api.RemoteAppPermissionViewSet, 'remot asset_permission_urlpatterns = [ # 查询某个用户授权的资产和资产组 path('user//assets/', + api.UserGrantedAssetsApi.as_view()), + path('users//assets/', api.UserGrantedAssetsApi.as_view(), name='user-assets'), path('user/assets/', api.UserGrantedAssetsApi.as_view(), name='my-assets'), diff --git a/apps/perms/utils/asset_permission.py b/apps/perms/utils/asset_permission.py index a67717270..a3332df5e 100644 --- a/apps/perms/utils/asset_permission.py +++ b/apps/perms/utils/asset_permission.py @@ -373,6 +373,8 @@ class AssetPermissionUtil(AssetPermissionCacheMixin): "Node": get_node_permissions, "SystemUser": get_system_user_permissions, } + assets_prefetch = ('id', 'hostname', 'ip', "platform", "domain_id", + "comment", "is_active", "os", "org_id") def __init__(self, obj, cache_policy='0'): self.object = obj @@ -432,7 +434,7 @@ class AssetPermissionUtil(AssetPermissionCacheMixin): assets = defaultdict(lambda: defaultdict(int)) for perm in self.permissions: actions = [perm.actions] - _assets = perm.assets.all().prefetch_related('nodes', 'protocols') + _assets = perm.assets.all().prefetch_related(*self.assets_prefetch) system_users = perm.system_users.all() iterable = itertools.product(_assets, system_users, actions) for asset, system_user, action in iterable: @@ -456,10 +458,11 @@ class AssetPermissionUtil(AssetPermissionCacheMixin): print("Get node assets start") if pattern: assets = Asset.objects.filter(nodes__key__regex=pattern)\ - .prefetch_related('nodes', "protocols").only('id', 'hostname', 'ip').distinct() + .prefetch_related('nodes', "protocols")\ + .only(*self.assets_prefetch)\ + .distinct() else: assets = [] - assets = list(assets) print("Get node assets end, using: {}".format(time.time() - now)) self.tree.add_assets_without_system_users(assets) assets = self.tree.get_assets()