jumpserver/apps/assets/backends/internal/system_user.py

# -*- coding: utf-8 -*-
#

import itertools

from assets.models import Asset

from ..base import BaseBackend
from .utils import construct_authbook_object


class SystemUserBackend(BaseBackend):

    @classmethod
    def filter(cls, username=None, asset=None, **kwargs):
        instances = cls.construct_authbook_objects(username, asset)
        return instances

    @classmethod
    def _distinct_system_users_by_username(cls, system_users):
        system_users = sorted(
            system_users,
            key=lambda su: (su.username, su.priority, su.date_updated),
            reverse=True,
        )
        results = itertools.groupby(system_users, key=lambda su: su.username)
        system_users = [next(result[1]) for result in results]
        return system_users

    @classmethod
    def _filter_system_users_by_username(cls, system_users, username):
        _system_users = cls._distinct_system_users_by_username(system_users)
        if username is not None:
            _system_users = [su for su in _system_users if username == su.username]
        return _system_users

    @classmethod
    def _construct_authbook_objects(cls, system_users, asset):
        instances = []
        for system_user in system_users:
            instance = construct_authbook_object(system_user, asset)
            instances.append(instance)
        return instances

    @classmethod
    def _get_assets_with_system_users(cls, asset=None):
        """
        { 'asset': set(<SystemUser>, <SystemUser>, ...) }
        """
        if not asset:
            _assets = Asset.objects.all().prefetch_related('systemuser_set')
        else:
            _assets = [asset]

        assets = {asset: set(asset.systemuser_set.all()) for asset in _assets}
        return assets

    @classmethod
    def construct_authbook_objects(cls, username, asset):
        """
        :return: [<AuthBook>, <AuthBook>, ...]
        """
        instances = []
        assets = cls._get_assets_with_system_users(asset)
        for _asset, _system_users in assets.items():
            _system_users = cls._filter_system_users_by_username(_system_users, username)
            _instances = cls._construct_authbook_objects(_system_users, _asset)
            instances.extend(_instances)
        return instances

    @classmethod
    def create(cls, **kwargs):
        raise Exception("Not support create")
[Feature] 添加资产用户管理器 (#2489) * [Feature] 1. 资产用户管理器 * [Feature] 2. 资产用户管理器: 更新AuthBook * [Feature] 3. 资产用户管理器: 添加 AssetUser API * [Feature] 4. AssetUser Model: 添加方法 load_related_asset_auth * [Feature] 5. AdminUser: 更新管理用户获取认证信息时，先加载相关资产的认证 * [Feature] 6. SystemUser: 更新系统用户获取认证信息时，先加载相关资产的认证 * [Feature] 前端页面: 添加资产用户列表页面 * [Feature] 前端页面: 管理用户的资产管理页面添加按钮: 修改资产用户认证信息 * [Feature] 前端页面: 系统用户的资产管理页面添加按钮: 修改资产用户认证信息 * [Feature] 优化: 从管理用户和系统用户的backend中获取相关资产用户的逻辑 * [Update] Fix 1 * [Feature] 优化: SystemUserBackend之filter功能 * [Feature] 优化: AdminUserBackend之filter功能 * [Feature] 优化: AdminUserBackend和SystemUserBackend功能 * [Feature] 更新翻译: 资产用户管理器 * [Update] 更新资产用户列表页名称为: asset_asset_user_list.html * [Bugfix] 修改bug: SystemUserBackend 根据用户名过滤系统用户 * [Feature] 添加: 资产用户列表中可测试资产用户的连接性 * [Update] 修改: AdHoc model的run_as字段从SystemUser外键修改为username字符串 * [Feature] 添加: 获取系统用户认证信息(对应某个资产)API * [Update] 更新: API获取asset user时进行排序 * [Bugfix] 修改: 资产用户可连接性CACHE_KEY * [Update] 更新翻译信息 * [Update] 修改获取资产用户认证信息API的返回响应(200/400) * [Update] 修改BaseUser获取特定资产的方法名 * [Update] 修改logger输出，AuthBook set_version_and_latest * [Update] 修改日志输出添加exc_info参数 * [Update] 移除AuthBook迁移文件0026 * [Bugfix] 修复AdminUserBackend获取instances为空的bug 2019-03-18 02:15:33 +00:00			`# -- coding: utf-8 --`
			`#`

			`import itertools`

			`from assets.models import Asset`

			`from ..base import BaseBackend`
			`from .utils import construct_authbook_object`


			`class SystemUserBackend(BaseBackend):`

			`@classmethod`
			`def filter(cls, username=None, asset=None, **kwargs):`
			`instances = cls.construct_authbook_objects(username, asset)`
			`return instances`

			`@classmethod`
			`def _distinct_system_users_by_username(cls, system_users):`
			`system_users = sorted(`
			`system_users,`
			`key=lambda su: (su.username, su.priority, su.date_updated),`
			`reverse=True,`
			`)`
			`results = itertools.groupby(system_users, key=lambda su: su.username)`
			`system_users = [next(result[1]) for result in results]`
			`return system_users`

			`@classmethod`
			`def _filter_system_users_by_username(cls, system_users, username):`
			`_system_users = cls._distinct_system_users_by_username(system_users)`
[Bugfix] 修复AssetUserManager.get获取username为""的AuthBook对象时，返回多个结果的bug 2019-05-14 13:39:34 +00:00			`if username is not None:`
[Feature] 添加资产用户管理器 (#2489) * [Feature] 1. 资产用户管理器 * [Feature] 2. 资产用户管理器: 更新AuthBook * [Feature] 3. 资产用户管理器: 添加 AssetUser API * [Feature] 4. AssetUser Model: 添加方法 load_related_asset_auth * [Feature] 5. AdminUser: 更新管理用户获取认证信息时，先加载相关资产的认证 * [Feature] 6. SystemUser: 更新系统用户获取认证信息时，先加载相关资产的认证 * [Feature] 前端页面: 添加资产用户列表页面 * [Feature] 前端页面: 管理用户的资产管理页面添加按钮: 修改资产用户认证信息 * [Feature] 前端页面: 系统用户的资产管理页面添加按钮: 修改资产用户认证信息 * [Feature] 优化: 从管理用户和系统用户的backend中获取相关资产用户的逻辑 * [Update] Fix 1 * [Feature] 优化: SystemUserBackend之filter功能 * [Feature] 优化: AdminUserBackend之filter功能 * [Feature] 优化: AdminUserBackend和SystemUserBackend功能 * [Feature] 更新翻译: 资产用户管理器 * [Update] 更新资产用户列表页名称为: asset_asset_user_list.html * [Bugfix] 修改bug: SystemUserBackend 根据用户名过滤系统用户 * [Feature] 添加: 资产用户列表中可测试资产用户的连接性 * [Update] 修改: AdHoc model的run_as字段从SystemUser外键修改为username字符串 * [Feature] 添加: 获取系统用户认证信息(对应某个资产)API * [Update] 更新: API获取asset user时进行排序 * [Bugfix] 修改: 资产用户可连接性CACHE_KEY * [Update] 更新翻译信息 * [Update] 修改获取资产用户认证信息API的返回响应(200/400) * [Update] 修改BaseUser获取特定资产的方法名 * [Update] 修改logger输出，AuthBook set_version_and_latest * [Update] 修改日志输出添加exc_info参数 * [Update] 移除AuthBook迁移文件0026 * [Bugfix] 修复AdminUserBackend获取instances为空的bug 2019-03-18 02:15:33 +00:00			`_system_users = [su for su in _system_users if username == su.username]`
			`return _system_users`

			`@classmethod`
			`def _construct_authbook_objects(cls, system_users, asset):`
			`instances = []`
			`for system_user in system_users:`
			`instance = construct_authbook_object(system_user, asset)`
			`instances.append(instance)`
			`return instances`

			`@classmethod`
			`def _get_assets_with_system_users(cls, asset=None):`
			`"""`
			`{ 'asset': set(<SystemUser>, <SystemUser>, ...) }`
			`"""`
			`if not asset:`
			`_assets = Asset.objects.all().prefetch_related('systemuser_set')`
			`else:`
			`_assets = [asset]`

			`assets = {asset: set(asset.systemuser_set.all()) for asset in _assets}`
			`return assets`

			`@classmethod`
			`def construct_authbook_objects(cls, username, asset):`
			`"""`
			`:return: [<AuthBook>, <AuthBook>, ...]`
			`"""`
			`instances = []`
			`assets = cls._get_assets_with_system_users(asset)`
			`for _asset, _system_users in assets.items():`
			`_system_users = cls._filter_system_users_by_username(_system_users, username)`
			`_instances = cls._construct_authbook_objects(_system_users, _asset)`
			`instances.extend(_instances)`
			`return instances`

			`@classmethod`
			`def create(cls, **kwargs):`
			`raise Exception("Not support create")`