refactor(perms): 修改授权规则的目录结构（asset、application)

apps/perms/api/application/application_permission_relation.py

@@ -0,0 +1,128 @@
+# -*- coding: utf-8 -*-
+#
+from rest_framework import generics
+from django.db.models import F, Value
+from django.db.models.functions import Concat
+from django.shortcuts import get_object_or_404
+
+from applications.models import Application
+from orgs.mixins.api import OrgRelationMixin
+from orgs.mixins.api import OrgBulkModelViewSet
+from orgs.utils import current_org
+from common.permissions import IsOrgAdmin
+from perms import serializers
+from perms import models
+
+__all__ = [
+    'ApplicationPermissionUserRelationViewSet',
+    'ApplicationPermissionUserGroupRelationViewSet',
+    'ApplicationPermissionApplicationRelationViewSet',
+    'ApplicationPermissionSystemUserRelationViewSet',
+    'ApplicationPermissionAllApplicationListApi',
+    'ApplicationPermissionAllUserListApi',
+]
+
+
+class RelationMixin(OrgRelationMixin, OrgBulkModelViewSet):
+    def get_queryset(self):
+        queryset = super().get_queryset()
+        org_id = current_org.org_id()
+        if org_id is not None:
+            queryset = queryset.filter(applicationpermission__org_id=org_id)
+        queryset = queryset.annotate(applicationpermission_display=F('applicationpermission__name'))
+        return queryset
+
+
+class ApplicationPermissionUserRelationViewSet(RelationMixin):
+    serializer_class = serializers.ApplicationPermissionUserRelationSerializer
+    m2m_field = models.ApplicationPermission.users.field
+    permission_classes = (IsOrgAdmin,)
+    filter_fields = [
+        'id', "user", "applicationpermission",
+    ]
+    search_fields = ("user__name", "user__username", "applicationpermission__name")
+
+    def get_queryset(self):
+        queryset = super().get_queryset()
+        queryset = queryset.annotate(user_display=F('user__name'))
+        return queryset
+
+
+class ApplicationPermissionUserGroupRelationViewSet(RelationMixin):
+    serializer_class = serializers.ApplicationPermissionUserGroupRelationSerializer
+    m2m_field = models.ApplicationPermission.user_groups.field
+    permission_classes = (IsOrgAdmin,)
+    filter_fields = [
+        'id', "usergroup", "applicationpermission"
+    ]
+    search_fields = ["usergroup__name", "applicationpermission__name"]
+
+    def get_queryset(self):
+        queryset = super().get_queryset()
+        queryset = queryset.annotate(usergroup_display=F('usergroup__name'))
+        return queryset
+
+
+class ApplicationPermissionApplicationRelationViewSet(RelationMixin):
+    serializer_class = serializers.ApplicationPermissionApplicationRelationSerializer
+    m2m_field = models.ApplicationPermission.applications.field
+    permission_classes = (IsOrgAdmin,)
+    filter_fields = [
+        'id', 'application', 'applicationpermission',
+    ]
+    search_fields = ["id", "application__name", "applicationpermission__name"]
+
+    def get_queryset(self):
+        queryset = super().get_queryset()
+        queryset = queryset.annotate(application_display=F('application__name'))
+        return queryset
+
+
+class ApplicationPermissionSystemUserRelationViewSet(RelationMixin):
+    serializer_class = serializers.ApplicationPermissionSystemUserRelationSerializer
+    m2m_field = models.ApplicationPermission.system_users.field
+    permission_classes = (IsOrgAdmin,)
+    filter_fields = [
+        'id', 'systemuser', 'applicationpermission',
+    ]
+    search_fields = [
+        "applicactionpermission__name", "systemuser__name", "systemuser__username"
+    ]
+
+    def get_queryset(self):
+        queryset = super().get_queryset()
+        queryset = queryset \
+            .annotate(systemuser_display=Concat(
+                F('systemuser__name'), Value('('), F('systemuser__username'),
+                Value(')')
+            ))
+        return queryset
+
+
+class ApplicationPermissionAllApplicationListApi(generics.ListAPIView):
+    permission_classes = (IsOrgAdmin,)
+    serializer_class = serializers.ApplicationPermissionAllApplicationSerializer
+    only_fields = serializers.ApplicationPermissionAllApplicationSerializer.Meta.only_fields
+    filter_fields = ('name',)
+    search_fields = filter_fields
+
+    def get_queryset(self):
+        pk = self.kwargs.get('pk')
+        perm = get_object_or_404(models.ApplicationPermission, pk=pk)
+        applications = Application.objects.filter(granted_by_permissions=perm)\
+            .only(*self.only_fields).distinct()
+        return applications
+
+
+class ApplicationPermissionAllUserListApi(generics.ListAPIView):
+    permission_classes = (IsOrgAdmin,)
+    serializer_class = serializers.ApplicationPermissionAllUserSerializer
+    only_fields = serializers.ApplicationPermissionAllUserSerializer.Meta.only_fields
+    filter_fields = ('username', 'name')
+    search_fields = filter_fields
+
+    def get_queryset(self):
+        pk = self.kwargs.get('pk')
+        perm = get_object_or_404(models.ApplicationPermission, pk=pk)
+        users = perm.get_all_users().only(*self.only_fields).distinct()
+        return users