mirror of
https://github.com/jumpserver/jumpserver.git
synced 2025-04-28 11:25:42 +00:00
7cf6e54f01
* Bai reactor tree ( 重构获取完整资产树中节点下资产总数的逻辑) (#5548) * tree: v0.1 * tree: v0.2 * tree: v0.3 * tree: v0.4 * tree: 添加并发锁未请求到时的debug日志 * 以空间换时间的方式优化资产树 * Reactor tree togther v2 (#5576) * Bai reactor tree ( 重构获取完整资产树中节点下资产总数的逻辑) (#5548) * tree: v0.1 * tree: v0.2 * tree: v0.3 * tree: v0.4 * tree: 添加并发锁未请求到时的debug日志 * 以空间换时间的方式优化资产树 * 修改授权适配新方案 * 添加树处理工具 * 完成新的用户授权树计算以及修改一些信号 * 重构了获取资产的一些 api * 重构了一些节点的api * 整理了一些代码 * 完成了api 的重构 * 重构检查节点数量功能 * 完成重构授权树工具类 * api 添加强制刷新参数 * 整理一些信号 * 处理一些信号的问题 * 完成了信号的处理 * 重构了资产树相关的锁机制 * RebuildUserTreeTask 还得添加回来 * 优化下不能在root组织的检查函数 * 优化资产树变化时锁的使用 * 修改一些算法的小工具 * 资产树锁不再校验是否在具体组织里 * 整理了一些信号的位置 * 修复资产与节点关系维护的bug * 去掉一些调试代码 * 修复资产授权过期检查刷新授权树的 bug * 添加了可重入锁 * 添加一些计时,优化一些sql * 增加 union 查询的支持 * 尝试用 sql 解决节点资产数量问题 * 开始优化计算授权树节点资产数量不用冗余表 * 新代码能跑起来了,修复一下bug * 去掉 UserGrantedMappingNode 换成 UserAssetGrantedTreeNodeRelation * 修了些bug,做了些优化 * 优化QuerySetStage 执行逻辑 * 与小白的内存结合了 * 删掉老的表,迁移新的 assets_amount 字段 * 优化用户授权页面资产列表 count 慢 * 修复批量命令数量不对 * 修改获取非直接授权节点的 children 的逻辑 * 获取整棵树的节点 * 回退锁 * 整理迁移脚本 * 改变更新树策略 * perf: 修改一波缩进 * fix: 修改handler名称 * 修复授权树获取资产sql 泛滥 * 修复授权规则有效bug * 修复一些bug * 修复一些bug * 又修了一些小bug * 去掉了老的 get_nodes_all_assets * 修改一些写法 * Reactor tree togther b2 (#5570) * fix: 修改handler名称 * perf: 优化生成树 * perf: 去掉注释 * 优化了一些 * 重新生成迁移脚本 * 去掉周期检查节点资产数量的任务 * Pr@reactor tree togther guang@perf mapping (#5573) * fix: 修改handler名称 * perf: mapping 拆分出来 * 修改名称 * perf: 修改锁名 * perf: 去掉检查节点任务 * perf: 修改一下名称 * perf: 优化一波 Co-authored-by: Jiangjie.Bai <32935519+BaiJiangJie@users.noreply.github.com> Co-authored-by: Bai <bugatti_it@163.com> Co-authored-by: xinwen <coderWen@126.com> Co-authored-by: xinwen <coderWen@126.com> Co-authored-by: 老广 <ibuler@qq.com>
217 lines
7.2 KiB
Python
217 lines
7.2 KiB
Python
# -*- coding: utf-8 -*-
|
|
#
|
|
from django.db.models.signals import m2m_changed
|
|
from django.dispatch import receiver
|
|
|
|
from users.models import User, UserGroup
|
|
from assets.models import SystemUser
|
|
from applications.models import Application
|
|
from common.utils import get_logger
|
|
from common.exceptions import M2MReverseNotAllowed
|
|
from common.const.signals import POST_ADD
|
|
from perms.models import AssetPermission, ApplicationPermission
|
|
|
|
|
|
logger = get_logger(__file__)
|
|
|
|
|
|
@receiver(m2m_changed, sender=User.groups.through)
|
|
def on_user_groups_change(sender, instance, action, reverse, pk_set, **kwargs):
|
|
"""
|
|
UserGroup 增加 User 时,增加的 User 需要与 UserGroup 关联的动态系统用户相关联
|
|
"""
|
|
user: User
|
|
|
|
if action != POST_ADD:
|
|
return
|
|
|
|
if not reverse:
|
|
# 一个用户添加了多个用户组
|
|
users_id = [instance.id]
|
|
system_users = SystemUser.objects.filter(groups__id__in=pk_set).distinct()
|
|
else:
|
|
# 一个用户组添加了多个用户
|
|
users_id = pk_set
|
|
system_users = SystemUser.objects.filter(groups__id=instance.pk).distinct()
|
|
|
|
for system_user in system_users:
|
|
system_user.users.add(*users_id)
|
|
|
|
|
|
@receiver(m2m_changed, sender=AssetPermission.nodes.through)
|
|
def on_permission_nodes_changed(instance, action, reverse, pk_set, model, **kwargs):
|
|
if reverse:
|
|
raise M2MReverseNotAllowed
|
|
|
|
if action != POST_ADD:
|
|
return
|
|
logger.debug("Asset permission nodes change signal received")
|
|
nodes = model.objects.filter(pk__in=pk_set)
|
|
system_users = instance.system_users.all()
|
|
|
|
# TODO 待优化
|
|
for system_user in system_users:
|
|
system_user.nodes.add(*nodes)
|
|
|
|
|
|
@receiver(m2m_changed, sender=AssetPermission.assets.through)
|
|
def on_permission_assets_changed(instance, action, reverse, pk_set, model, **kwargs):
|
|
if reverse:
|
|
raise M2MReverseNotAllowed
|
|
|
|
if action != POST_ADD:
|
|
return
|
|
logger.debug("Asset permission assets change signal received")
|
|
assets = model.objects.filter(pk__in=pk_set)
|
|
|
|
# TODO 待优化
|
|
system_users = instance.system_users.all()
|
|
for system_user in system_users:
|
|
system_user.assets.add(*tuple(assets))
|
|
|
|
|
|
@receiver(m2m_changed, sender=AssetPermission.system_users.through)
|
|
def on_asset_permission_system_users_changed(instance, action, reverse, **kwargs):
|
|
if reverse:
|
|
raise M2MReverseNotAllowed
|
|
|
|
if action != POST_ADD:
|
|
return
|
|
logger.debug("Asset permission system_users change signal received")
|
|
system_users = kwargs['model'].objects.filter(pk__in=kwargs['pk_set'])
|
|
assets = instance.assets.all().values_list('id', flat=True)
|
|
nodes = instance.nodes.all().values_list('id', flat=True)
|
|
users = instance.users.all().values_list('id', flat=True)
|
|
groups = instance.user_groups.all().values_list('id', flat=True)
|
|
for system_user in system_users:
|
|
system_user.nodes.add(*tuple(nodes))
|
|
system_user.assets.add(*tuple(assets))
|
|
if system_user.username_same_with_user:
|
|
system_user.groups.add(*tuple(groups))
|
|
system_user.users.add(*tuple(users))
|
|
|
|
|
|
@receiver(m2m_changed, sender=AssetPermission.users.through)
|
|
def on_asset_permission_users_changed(instance, action, reverse, pk_set, model, **kwargs):
|
|
if reverse:
|
|
raise M2MReverseNotAllowed
|
|
|
|
if action != POST_ADD:
|
|
return
|
|
logger.debug("Asset permission users change signal received")
|
|
users = model.objects.filter(pk__in=pk_set)
|
|
system_users = instance.system_users.all()
|
|
|
|
# TODO 待优化
|
|
for system_user in system_users:
|
|
if system_user.username_same_with_user:
|
|
system_user.users.add(*tuple(users))
|
|
|
|
|
|
@receiver(m2m_changed, sender=AssetPermission.user_groups.through)
|
|
def on_asset_permission_user_groups_changed(instance, action, pk_set, model,
|
|
reverse, **kwargs):
|
|
if reverse:
|
|
raise M2MReverseNotAllowed
|
|
|
|
if action != POST_ADD:
|
|
return
|
|
logger.debug("Asset permission user groups change signal received")
|
|
groups = model.objects.filter(pk__in=pk_set)
|
|
system_users = instance.system_users.all()
|
|
|
|
# TODO 待优化
|
|
for system_user in system_users:
|
|
if system_user.username_same_with_user:
|
|
system_user.groups.add(*tuple(groups))
|
|
|
|
|
|
@receiver(m2m_changed, sender=ApplicationPermission.system_users.through)
|
|
def on_application_permission_system_users_changed(sender, instance: ApplicationPermission, action, reverse, pk_set, **kwargs):
|
|
if not instance.category_remote_app:
|
|
return
|
|
|
|
if reverse:
|
|
raise M2MReverseNotAllowed
|
|
|
|
if action != POST_ADD:
|
|
return
|
|
|
|
system_users = SystemUser.objects.filter(pk__in=pk_set)
|
|
logger.debug("Application permission system_users change signal received")
|
|
attrs = instance.applications.all().values_list('attrs', flat=True)
|
|
|
|
assets_id = [attr['asset'] for attr in attrs if attr.get('asset')]
|
|
if not assets_id:
|
|
return
|
|
|
|
for system_user in system_users:
|
|
system_user.assets.add(*assets_id)
|
|
if system_user.username_same_with_user:
|
|
users_id = instance.users.all().values_list('id', flat=True)
|
|
groups_id = instance.user_groups.all().values_list('id', flat=True)
|
|
system_user.groups.add(*groups_id)
|
|
system_user.users.add(*users_id)
|
|
|
|
|
|
@receiver(m2m_changed, sender=ApplicationPermission.users.through)
|
|
def on_application_permission_users_changed(sender, instance, action, reverse, pk_set, **kwargs):
|
|
if not instance.category_remote_app:
|
|
return
|
|
|
|
if reverse:
|
|
raise M2MReverseNotAllowed
|
|
|
|
if action != POST_ADD:
|
|
return
|
|
|
|
logger.debug("Application permission users change signal received")
|
|
users_id = User.objects.filter(pk__in=pk_set).values_list('id', flat=True)
|
|
system_users = instance.system_users.all()
|
|
|
|
for system_user in system_users:
|
|
if system_user.username_same_with_user:
|
|
system_user.users.add(*users_id)
|
|
|
|
|
|
@receiver(m2m_changed, sender=ApplicationPermission.user_groups.through)
|
|
def on_application_permission_user_groups_changed(sender, instance, action, reverse, pk_set, **kwargs):
|
|
if not instance.category_remote_app:
|
|
return
|
|
|
|
if reverse:
|
|
raise M2MReverseNotAllowed
|
|
|
|
if action != POST_ADD:
|
|
return
|
|
|
|
logger.debug("Application permission user groups change signal received")
|
|
groups_id = UserGroup.objects.filter(pk__in=pk_set).values_list('id', flat=True)
|
|
system_users = instance.system_users.all()
|
|
|
|
for system_user in system_users:
|
|
if system_user.username_same_with_user:
|
|
system_user.groups.add(*groups_id)
|
|
|
|
|
|
@receiver(m2m_changed, sender=ApplicationPermission.applications.through)
|
|
def on_application_permission_applications_changed(sender, instance, action, reverse, pk_set, **kwargs):
|
|
if not instance.category_remote_app:
|
|
return
|
|
|
|
if reverse:
|
|
raise M2MReverseNotAllowed
|
|
|
|
if action != POST_ADD:
|
|
return
|
|
|
|
attrs = Application.objects.filter(id__in=pk_set).values_list('attrs', flat=True)
|
|
assets_id = [attr['asset'] for attr in attrs if attr.get('asset')]
|
|
if not assets_id:
|
|
return
|
|
|
|
system_users = instance.system_users.all()
|
|
|
|
for system_user in system_users:
|
|
system_user.assets.add(*assets_id)
|