fix: fix rbac to dev (#7636)

* feat: 添加 RBAC 应用模块 * feat: 添加 RBAC Model、API * feat: 添加 RBAC Model、API 2 * feat: 添加 RBAC Model、API 3 * feat: 添加 RBAC Model、API 4 * feat: RBAC * feat: RBAC * feat: RBAC * feat: RBAC * feat: RBAC * feat: RBAC 整理权限位 * feat: RBAC 整理权限位2 * feat: RBAC 整理权限位2 * feat: RBAC 整理权限位 * feat: RBAC 添加默认角色 * feat: RBAC 添加迁移文件；迁移用户角色->用户角色绑定 * feat: RBAC 添加迁移文件；迁移用户角色->用户角色绑定 * feat: RBAC 修改用户模块API * feat: RBAC 添加组织模块迁移文件 & 修改组织模块API * feat: RBAC 添加组织模块迁移文件 & 修改组织模块API * feat: RBAC 修改用户角色属性的使用 * feat: RBAC No.1 * xxx * perf: 暂存 * perf: ... * perf(rbac): 添加 perms 到 profile serializer 中 * stash * perf: 使用init * perf: 修改migrations * perf: rbac * stash * stash * pref: 修改rbac * stash it * stash: 先去修复其他bug * perf: 修改 role 添加 users * pref: 修改 RBAC Model * feat: 添加权限的 tree api * stash: 暂存一下 * stash: 暂存一下 * perf: 修改 model verbose name * feat: 添加model各种 verbose name * perf: 生成 migrations * perf: 优化权限位 * perf: 添加迁移脚本 * feat: 添加组织角色迁移 * perf: 添加迁移脚本 * stash * perf: 添加migrateion * perf: 暂存一下 * perf: 修改rbac * perf: stash it * fix: 迁移冲突 * fix: 迁移冲突 * perf: 暂存一下 * perf: 修改 rbac 逻辑 * stash: 暂存一下 * perf: 修改内置角色 * perf: 解决 root 组织的问题 * perf: stash it * perf: 优化 rbac * perf: 优化 rolebinding 处理 * perf: 完成用户离开组织的问题 * perf: 暂存一下 * perf: 修改翻译 * perf: 去掉了 IsSuperUser * perf: IsAppUser 去掉完成 * perf: 修改 connection token 的权限 * perf: 去掉导入的问题 * perf: perms define 格式，修改 app 用户的全新啊 * perf: 修改 permission * perf: 去掉一些 org admin * perf: 去掉部分 org admin * perf: 再去掉点 org admin role * perf: 再去掉部分 org admin * perf: user 角色搜索 * perf: 去掉很多 js * perf: 添加权限位 * perf: 修改权限 * perf: 去掉一个 todo * merge: with dev * fix: 修复冲突 Co-authored-by: Bai <bugatti_it@163.com> Co-authored-by: Michael Bai <baijiangjie@gmail.com> Co-authored-by: ibuler <ibuler@qq.com>
2025-09-15 14:58:42 +00:00 · 2022-02-17 20:13:31 +08:00
parent b088362ae3
commit e259d2a9e9
263 changed files with 3049 additions and 62465 deletions
--- a/apps/rbac/models/permission.py
+++ b/apps/rbac/models/permission.py
@@ -0,0 +1,279 @@
+import uuid
+from typing import Callable
+
+from django.db import models
+from django.db.models import F, Count, Q
+from django.apps import apps
+from django.utils.translation import ugettext_lazy as _, ugettext
+from django.contrib.auth.models import Permission as DjangoPermission
+from django.contrib.auth.models import ContentType as DjangoContentType
+
+from common.tree import TreeNode
+from .. import const
+
+Scope = const.Scope
+
+__all__ = ['Permission', 'ContentType']
+
+
+class ContentType(DjangoContentType):
+    class Meta:
+        proxy = True
+
+
+class PermissionTreeUtil:
+    get_permissions: Callable
+
+    def __init__(self, permissions, scope, check_disabled=False):
+        self.permissions = self.prefetch_permissions(permissions)
+        self.all_permissions = self.prefetch_permissions(
+            Permission.get_permissions(scope)
+        )
+        self.check_disabled = check_disabled
+
+    @staticmethod
+    def prefetch_permissions(perms):
+        return perms.select_related('content_type') \
+            .annotate(app=F('content_type__app_label')) \
+            .annotate(model=F('content_type__model'))
+
+    def _create_apps_tree_nodes(self):
+        app_counts = self.all_permissions.values('app')\
+            .order_by('app').annotate(count=Count('app'))
+        app_checked_counts = self.permissions.values('app')\
+            .order_by('app').annotate(count=Count('app'))
+        app_checked_counts_mapper = {
+            i['app']: i['count']
+            for i in app_checked_counts
+        }
+        all_apps = apps.get_app_configs()
+        apps_name_mapper = {
+            app.name: app.verbose_name
+            for app in all_apps if hasattr(app, 'verbose_name')
+        }
+        nodes = []
+        
+        for i in app_counts:
+            app = i['app']
+            total_counts = i['count']
+            check_counts = app_checked_counts_mapper.get(app, 0)
+            name = apps_name_mapper.get(app, app)
+            full_name = f'{name}({check_counts}/{total_counts})'
+
+            node = TreeNode(**{
+                'id': app,
+                'name': full_name,
+                'title': name,
+                'pId': '$ROOT$',
+                'isParent': True,
+                'open': False,
+                'chkDisabled': self.check_disabled,
+                'checked': total_counts == check_counts,
+                'iconSkin': '',
+                'meta': {
+                    'type': 'app',
+                }
+            })
+            nodes.append(node)
+        return nodes
+
+    def _create_models_tree_nodes(self):
+        content_types = ContentType.objects.all()
+
+        model_counts = self.all_permissions \
+            .values('model', 'app', 'content_type') \
+            .order_by('content_type') \
+            .annotate(count=Count('content_type'))
+        model_check_counts = self.permissions \
+            .values('content_type', 'model') \
+            .order_by('content_type') \
+            .annotate(count=Count('content_type'))
+        model_counts_mapper = {
+            i['content_type']: i['count']
+            for i in model_counts
+        }
+        model_check_counts_mapper = {
+            i['content_type']: i['count']
+            for i in model_check_counts
+        }
+
+        nodes = []
+        for ct in content_types:
+            total_counts = model_counts_mapper.get(ct.id, 0)
+            if total_counts == 0:
+                continue
+            check_counts = model_check_counts_mapper.get(ct.id, 0)
+            model_id = f'{ct.app_label}_{ct.model}'
+            name = f'{ct.name}({check_counts}/{total_counts})'
+            node = TreeNode(**{
+                'id': model_id,
+                'name': name,
+                'title': name,
+                'pId': ct.app_label,
+                'chkDisabled': self.check_disabled,
+                'isParent': True,
+                'open': False,
+                'checked': total_counts == check_counts,
+                'meta': {
+                    'type': 'model',
+                }
+            })
+            nodes.append(node)
+        return nodes
+
+    @staticmethod
+    def _get_permission_name(p, content_types_name_mapper):
+        code_name = p.codename
+        action_mapper = {
+            'add': ugettext('Create'),
+            'view': ugettext('View'),
+            'change': ugettext('Update'),
+            'delete': ugettext('Delete')
+        }
+        name = ''
+        ct = ''
+        if 'add_' in p.codename:
+            name = action_mapper['add']
+            ct = code_name.replace('add_', '')
+        elif 'view_' in p.codename:
+            name = action_mapper['view']
+            ct = code_name.replace('view_', '')
+        elif 'change_' in p.codename:
+            name = action_mapper['change']
+            ct = code_name.replace('change_', '')
+        elif 'delete' in code_name:
+            name = action_mapper['delete']
+            ct = code_name.replace('delete_', '')
+
+        if ct in content_types_name_mapper:
+            name += content_types_name_mapper[ct]
+        else:
+            name = p.name
+        return name
+
+    def _create_perms_tree_nodes(self):
+        permissions_id = self.permissions.values_list('id', flat=True)
+        nodes = []
+        content_types = ContentType.objects.all()
+        content_types_name_mapper = {ct.model: ct.name for ct in content_types}
+        for p in self.all_permissions:
+            model_id = f'{p.app}_{p.model}'
+            name = self._get_permission_name(p, content_types_name_mapper)
+
+            node = TreeNode(**{
+                'id': p.id,
+                'name': name + '({})'.format(p.app_label_codename),
+                'title': p.name,
+                'pId': model_id,
+                'isParent': False,
+                'chkDisabled': self.check_disabled,
+                'iconSkin': 'file',
+                'checked': p.id in permissions_id,
+                'open': False,
+                'meta': {
+                    'type': 'perm',
+                }
+            })
+            nodes.append(node)
+        return nodes
+
+    def _create_root_tree_node(self):
+        total_counts = self.all_permissions.count()
+        check_counts = self.permissions.count()
+        node = TreeNode(**{
+            'id': '$ROOT$',
+            'name': f'所有权限({check_counts}/{total_counts})',
+            'title': '所有权限',
+            'pId': '',
+            'chkDisabled': self.check_disabled,
+            'isParent': True,
+            'checked': total_counts == check_counts,
+            'open': True,
+            'meta': {
+                'type': 'root',
+            }
+        })
+        return node
+
+    def create_tree_nodes(self):
+        nodes = [self._create_root_tree_node()]
+        apps_nodes = self._create_apps_tree_nodes()
+        models_nodes = self._create_models_tree_nodes()
+        perms_nodes = self._create_perms_tree_nodes()
+
+        nodes += apps_nodes + models_nodes + perms_nodes
+        return nodes
+
+
+class Permission(DjangoPermission):
+    """ 权限类 """
+    class Meta:
+        proxy = True
+        verbose_name = _('Permission')
+
+    @classmethod
+    def to_perms(cls, queryset):
+        perms = queryset.values_list(
+            'content_type__app_label', 'codename'
+        )
+        perms = list(set(["%s.%s" % (ct, codename) for ct, codename in perms]))
+        return sorted(perms)
+
+    @property
+    def app_label_codename(self):
+        return '%s.%s' % (self.content_type.app_label, self.codename)
+
+    @classmethod
+    def get_define_permissions_q(cls, defines):
+        """
+        :param defines: [(app, model, codename),]
+        :return:
+        """
+        if not defines:
+            return None
+        q = Q()
+
+        for define in defines:
+            app_label, model, actions, resource, *args = list(define)
+            kwargs = {}
+            if app_label != '*':
+                kwargs['content_type__app_label'] = app_label
+            if model != '*':
+                kwargs['content_type__model'] = model
+
+            actions_list = [a.strip() for a in actions.split(',')]
+            actions_regex = '|'.join(actions_list)
+            if actions == '*' and resource == '*':
+                pass
+            elif actions == '*' and resource != '*':
+                kwargs['codename__iregex'] = r'[a-z]+_{}'.format(resource)
+            elif actions != '*' and resource == '*':
+                kwargs['codename__iregex'] = r'({})_\w+'.format(actions_regex)
+            else:
+                kwargs['codename__iregex'] = r'({})_{}'.format(actions_regex, resource)
+            q |= Q(**kwargs)
+        return q
+
+    @classmethod
+    def clean_permissions(cls, permissions, scope=Scope.system):
+        if scope == Scope.org:
+            excludes = const.org_exclude_permissions
+        else:
+            excludes = const.system_exclude_permissions
+        q = cls.get_define_permissions_q(excludes)
+        if q:
+            permissions = permissions.exclude(q)
+        return permissions
+
+    @staticmethod
+    def create_tree_nodes(permissions, scope, check_disabled=False):
+        util = PermissionTreeUtil(permissions, scope, check_disabled)
+        return util.create_tree_nodes()
+
+    @classmethod
+    def get_permissions(cls, scope):
+        permissions = cls.objects.all()
+        permissions = cls.clean_permissions(permissions, scope=scope)
+        return permissions
+
+