github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '1478ac18fa'
${ noResults }
jumpserver/jperm/perm_api.py

143 lines
4.6 KiB
Raw Normal View History Unescape

shouquanxiugai
9 years ago
# coding: utf-8
1. rule operations list add delete edit info page compeleted 2. rule operations list add delete edit info page compeleted
9 years ago
shouquanxiugai
9 years ago
from jumpserver.api import *
import uuid
import re
修改settings
9 years ago
from jumpserver.models import Setting
1. rule operations list add delete edit info page compeleted 2. rule operations list add delete edit info page compeleted
9 years ago
from jperm.models import PermRole
定义Command前
9 years ago
from jperm.models import PermRule
1. rule operations list add delete edit info page compeleted 2. rule operations list add delete edit info page compeleted
9 years ago
shouquanxiugai
9 years ago
用户和组查询api完成
9 years ago
def get_group_user_perm(ob):
添加授权查询api
9 years ago
"""
return:
{asset_group': {
用户和组查询api完成
9 years ago
asset_group1: {'asset': [], 'role': [role1, role2], 'rule': [rule1, rule2]},
asset_group2: {'asset: [], 'role': [role1, role2], 'rule': [rule1, rule2]},
添加授权查询api
9 years ago
}
'asset':{
asset1: {'role': [role1, role2], 'rule': [rule1, rule2]},
asset2: {'role': [role1, role2], 'rule': [rule1, rule2]},
}
]},
'rule':[rule1, rule2,]
}
"""
perm = {}
用户和组查询api完成
9 years ago
if isinstance(ob, User):
rule_all = PermRule.objects.filter(user=ob)
elif isinstance(ob, UserGroup):
rule_all = PermRule.objects.filter(user_group=ob)
else:
rule_all = []
perm['rule'] = rule_all
添加授权查询api
9 years ago
perm_asset_group = perm['asset_group'] = {}
perm_asset = perm['asset'] = {}
用户和组查询api完成
9 years ago
for rule in rule_all:
添加授权查询api
9 years ago
asset_groups = rule.asset_group.all()
assets = rule.asset.all()
用户和组查询api完成
9 years ago
# 获取一个规则用户授权的资产
添加授权查询api
9 years ago
for asset in assets:
if perm_asset.get(asset):
用户和组查询api完成
9 years ago
perm_asset[asset].get('role', set()).update(set(rule.role.all()))
perm_asset[asset].get('rule', set()).add(rule)
添加授权查询api
9 years ago
else:
用户和组查询api完成
9 years ago
perm_asset[asset] = {'role': set(rule.role.all()), 'rule': set([rule])}
添加授权查询api
9 years ago
用户和组查询api完成
9 years ago
# 获取一个规则用户授权的资产组
for asset_group in asset_groups:
asset_group_assets = asset_group.asset_set.all()
if perm_asset_group.get(asset_group):
perm_asset_group[asset_group].get('role', set()).update(set(rule.role.all()))
perm_asset_group[asset_group].get('rule', set()).add(rule)
else:
perm_asset_group[asset_group] = {'role': set(rule.role.all()), 'rule': set([rule]),
'asset': asset_group_assets}
# 将资产组中的资产添加到资产授权中
for asset in asset_group_assets:
if perm_asset.get(asset):
perm_asset[asset].get('role', set()).update(perm_asset_group[asset_group].get('role', set()))
perm_asset[asset].get('rule', set()).update(perm_asset_group[asset_group].get('rule', set()))
else:
perm_asset[asset] = {'role': perm_asset_group[asset_group].get('role', set()),
'rule': perm_asset_group[asset_group].get('rule', set())}
添加授权查询api
9 years ago
return perm
shouquanxiugai
9 years ago
def get_object_list(model, id_list):
添加组授权
9 years ago
"""根据id列表获取对象列表"""
shouquanxiugai
9 years ago
object_list = []
for object_id in id_list:
if object_id:
object_list.extend(model.objects.filter(id=int(object_id)))
return object_list
1. rule operations list add delete edit info page compeleted 2. rule operations list add delete edit info page compeleted
9 years ago
def get_role_info(role_id, type="all"):
"""
获取role对应的一些信息
:return: 返回值 均为对象列表
"""
# 获取role对应的授权规则
role_obj = PermRole.objects.get(id=role_id)
rules_obj = role_obj.perm_rule.all()
# 获取role 对应的用户 和 用户组
# 获取role 对应的主机 和主机组
users_obj = []
assets_obj = []
user_groups_obj = []
group_users_obj = []
asset_groups_obj = []
group_assets_obj = []
for rule in rules_obj:
for user in rule.user.all():
users_obj.append(user)
for asset in rule.asset.all():
assets_obj.append(asset)
for user_group in rule.user_group.all():
user_groups_obj.append(user_group)
for user in user_group.user_set.all():
group_users_obj.append(user)
for asset_group in rule.asset_group.all():
asset_groups_obj.append(asset_group)
for asset in asset_group.asset_set.all():
group_assets_obj.append(asset)
calc_users = set(users_obj) | set(group_users_obj)
calc_assets = set(assets_obj) | set(group_assets_obj)
if type == "all":
return {"rules": rules_obj,
"users": list(calc_users),
"user_groups": user_groups_obj,
"assets": list(calc_assets),
"asset_groups": asset_groups_obj,
}
elif type == "rule":
return rules_obj
elif type == "user":
return calc_users
elif type == "user_group":
return user_groups_obj
elif type == "asset":
return calc_assets
elif type == "asset_group":
return asset_groups_obj
else:
return u"不支持的查询"
perm edit
9 years ago
1. rule operations list add delete edit info page compeleted 2. rule operations list add delete edit info page compeleted
9 years ago
if __name__ == "__main__":
print get_role_info(1)
perm edit
9 years ago
修改使用新表结构
9 years ago