From e9b174f342195268b5dbd8c5e9e27b64db13ac2a Mon Sep 17 00:00:00 2001
From: Bai <bugatti_it@163.com>
Date: Mon, 26 Apr 2021 15:33:51 +0800
Subject: [PATCH] =?UTF-8?q?feat:=20=E4=BF=AE=E6=94=B9=E5=91=BD=E4=BB=A4?=
 =?UTF-8?q?=E8=BF=87=E6=BB=A4=E8=A7=84=E5=88=99Model:=20=E6=B7=BB=E5=8A=A0?=
 =?UTF-8?q?Action-reconfirm;=20=E6=B7=BB=E5=8A=A0field-reviewers?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../migrations/0070_auto_20210426_1515.py     | 25 +++++++++++++++++++
 apps/assets/models/cmd_filter.py              | 25 ++++++++++++-------
 apps/assets/models/user.py                    |  4 +--
 apps/assets/serializers/cmd_filter.py         |  2 +-
 4 files changed, 44 insertions(+), 12 deletions(-)
 create mode 100644 apps/assets/migrations/0070_auto_20210426_1515.py

diff --git a/apps/assets/migrations/0070_auto_20210426_1515.py b/apps/assets/migrations/0070_auto_20210426_1515.py
new file mode 100644
index 000000000..ca6ff4273
--- /dev/null
+++ b/apps/assets/migrations/0070_auto_20210426_1515.py
@@ -0,0 +1,25 @@
+# Generated by Django 3.1 on 2021-04-26 07:15
+
+from django.conf import settings
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+        ('assets', '0069_change_node_key0_to_key1'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='commandfilterrule',
+            name='reviewers',
+            field=models.ManyToManyField(blank=True, related_name='review_cmd_filter_rules', to=settings.AUTH_USER_MODEL, verbose_name='Reviewers'),
+        ),
+        migrations.AlterField(
+            model_name='commandfilterrule',
+            name='action',
+            field=models.IntegerField(choices=[(0, 'Deny'), (1, 'Allow'), (2, 'Reconfirm')], default=0, verbose_name='Action'),
+        ),
+    ]
diff --git a/apps/assets/models/cmd_filter.py b/apps/assets/models/cmd_filter.py
index c1242fd7e..e0826da5d 100644
--- a/apps/assets/models/cmd_filter.py
+++ b/apps/assets/models/cmd_filter.py
@@ -41,11 +41,12 @@ class CommandFilterRule(OrgModelMixin):
         (TYPE_COMMAND, _('Command')),
     )
 
-    ACTION_DENY, ACTION_ALLOW, ACTION_UNKNOWN = range(3)
-    ACTION_CHOICES = (
-        (ACTION_DENY, _('Deny')),
-        (ACTION_ALLOW, _('Allow')),
-    )
+    ACTION_UNKNOWN = 10
+
+    class ActionChoices(models.IntegerChoices):
+        deny = 0, _('Deny')
+        allow = 1, _('Allow')
+        confirm = 2, _('Reconfirm')
 
     id = models.UUIDField(default=uuid.uuid4, primary_key=True)
     filter = models.ForeignKey('CommandFilter', on_delete=models.CASCADE, verbose_name=_("Filter"), related_name='rules')
@@ -53,7 +54,13 @@ class CommandFilterRule(OrgModelMixin):
     priority = models.IntegerField(default=50, verbose_name=_("Priority"), help_text=_("1-100, the lower the value will be match first"),
                                    validators=[MinValueValidator(1), MaxValueValidator(100)])
     content = models.TextField(verbose_name=_("Content"), help_text=_("One line one command"))
-    action = models.IntegerField(default=ACTION_DENY, choices=ACTION_CHOICES, verbose_name=_("Action"))
+    action = models.IntegerField(default=ActionChoices.deny, choices=ActionChoices.choices, verbose_name=_("Action"))
+    # 动作: 附加字段
+    # - confirm: 命令复核人
+    reviewers = models.ManyToManyField(
+        'users.User', related_name='review_cmd_filter_rules', blank=True,
+        verbose_name=_("Reviewers")
+    )
     comment = models.CharField(max_length=64, blank=True, default='', verbose_name=_("Comment"))
     date_created = models.DateTimeField(auto_now_add=True)
     date_updated = models.DateTimeField(auto_now=True)
@@ -89,10 +96,10 @@ class CommandFilterRule(OrgModelMixin):
         if not found:
             return self.ACTION_UNKNOWN, ''
 
-        if self.action == self.ACTION_ALLOW:
-            return self.ACTION_ALLOW, found.group()
+        if self.action == self.ActionChoices.allow:
+            return self.ActionChoices.allow, found.group()
         else:
-            return self.ACTION_DENY, found.group()
+            return self.ActionChoices.deny, found.group()
 
     def __str__(self):
         return '{} % {}'.format(self.type, self.content)
diff --git a/apps/assets/models/user.py b/apps/assets/models/user.py
index 1640c7f32..37af8ea86 100644
--- a/apps/assets/models/user.py
+++ b/apps/assets/models/user.py
@@ -196,9 +196,9 @@ class SystemUser(BaseUser):
     def is_command_can_run(self, command):
         for rule in self.cmd_filter_rules:
             action, matched_cmd = rule.match(command)
-            if action == rule.ACTION_ALLOW:
+            if action == rule.ActionChoices.allow:
                 return True, None
-            elif action == rule.ACTION_DENY:
+            elif action == rule.ActionChoices.deny:
                 return False, matched_cmd
         return True, None
 
diff --git a/apps/assets/serializers/cmd_filter.py b/apps/assets/serializers/cmd_filter.py
index 0c8eca3d4..e7059d04a 100644
--- a/apps/assets/serializers/cmd_filter.py
+++ b/apps/assets/serializers/cmd_filter.py
@@ -34,7 +34,7 @@ class CommandFilterRuleSerializer(BulkOrgResourceModelSerializer):
         fields_mini = ['id']
         fields_small = fields_mini + [
            'type', 'type_display', 'content', 'priority',
-           'action', 'action_display',
+           'action', 'action_display', 'reviewers',
            'comment', 'created_by', 'date_created', 'date_updated'
         ]
         fields_fk = ['filter']