2022-12-19 08:04:58 +00:00
|
|
|
from django.db.models import QuerySet
|
|
|
|
|
2022-12-08 11:30:16 +00:00
|
|
|
from assets.models import Node, Asset
|
2024-01-02 08:11:56 +00:00
|
|
|
from common.utils import get_logger, timeit
|
2022-11-11 07:04:31 +00:00
|
|
|
from perms.models import AssetPermission
|
2017-03-09 06:55:33 +00:00
|
|
|
|
|
|
|
logger = get_logger(__file__)
|
2016-09-16 01:38:07 +00:00
|
|
|
|
2022-12-07 10:38:03 +00:00
|
|
|
__all__ = ['AssetPermissionUtil']
|
|
|
|
|
2016-09-16 01:38:07 +00:00
|
|
|
|
2022-10-18 07:21:44 +00:00
|
|
|
class AssetPermissionUtil(object):
|
|
|
|
""" 资产授权相关的方法工具 """
|
|
|
|
|
2024-01-02 08:11:56 +00:00
|
|
|
@timeit
|
2024-01-24 07:19:03 +00:00
|
|
|
def get_permissions_for_user(self, user, with_group=True, flat=False, with_expired=False):
|
2022-10-18 07:21:44 +00:00
|
|
|
""" 获取用户的授权规则 """
|
|
|
|
perm_ids = set()
|
|
|
|
# user
|
|
|
|
user_perm_ids = AssetPermission.users.through.objects.filter(user_id=user.id) \
|
|
|
|
.values_list('assetpermission_id', flat=True).distinct()
|
|
|
|
perm_ids.update(user_perm_ids)
|
|
|
|
# group
|
|
|
|
if with_group:
|
|
|
|
groups = user.groups.all()
|
|
|
|
group_perm_ids = self.get_permissions_for_user_groups(groups, flat=True)
|
|
|
|
perm_ids.update(group_perm_ids)
|
2024-01-24 07:19:03 +00:00
|
|
|
perms = self.get_permissions(ids=perm_ids, with_expired=with_expired)
|
2023-01-16 11:02:09 +00:00
|
|
|
if flat:
|
|
|
|
return perms.values_list('id', flat=True)
|
2022-10-18 07:21:44 +00:00
|
|
|
return perms
|
|
|
|
|
2022-10-27 07:47:05 +00:00
|
|
|
def get_permissions_for_user_groups(self, user_groups, flat=False):
|
2022-10-18 07:21:44 +00:00
|
|
|
""" 获取用户组的授权规则 """
|
2022-10-18 08:42:32 +00:00
|
|
|
if isinstance(user_groups, list):
|
|
|
|
group_ids = [g.id for g in user_groups]
|
|
|
|
else:
|
|
|
|
group_ids = user_groups.values_list('id', flat=True).distinct()
|
2022-12-09 05:26:29 +00:00
|
|
|
perm_ids = AssetPermission.user_groups.through.objects \
|
2022-10-27 07:47:05 +00:00
|
|
|
.filter(usergroup_id__in=group_ids) \
|
2022-10-18 07:21:44 +00:00
|
|
|
.values_list('assetpermission_id', flat=True).distinct()
|
2022-12-09 05:26:29 +00:00
|
|
|
perms = self.get_permissions(ids=perm_ids)
|
2023-01-16 11:02:09 +00:00
|
|
|
if flat:
|
|
|
|
return perms.values_list('id', flat=True)
|
2022-10-18 07:21:44 +00:00
|
|
|
return perms
|
|
|
|
|
2022-12-08 11:30:16 +00:00
|
|
|
def get_permissions_for_assets(self, assets, with_node=True, flat=False):
|
2022-10-18 07:21:44 +00:00
|
|
|
""" 获取资产的授权规则"""
|
|
|
|
perm_ids = set()
|
2022-12-09 05:26:29 +00:00
|
|
|
assets = self.convert_to_queryset_if_need(assets, Asset)
|
2022-12-08 11:30:16 +00:00
|
|
|
asset_ids = [str(a.id) for a in assets]
|
|
|
|
relations = AssetPermission.assets.through.objects.filter(asset_id__in=asset_ids)
|
|
|
|
asset_perm_ids = relations.values_list('assetpermission_id', flat=True).distinct()
|
2022-10-18 07:21:44 +00:00
|
|
|
perm_ids.update(asset_perm_ids)
|
|
|
|
if with_node:
|
2022-12-08 11:30:16 +00:00
|
|
|
nodes = Asset.get_all_nodes_for_assets(assets)
|
2022-10-18 07:21:44 +00:00
|
|
|
node_perm_ids = self.get_permissions_for_nodes(nodes, flat=True)
|
|
|
|
perm_ids.update(node_perm_ids)
|
2022-10-27 07:47:05 +00:00
|
|
|
perms = self.get_permissions(ids=perm_ids)
|
2023-01-16 11:02:09 +00:00
|
|
|
if flat:
|
|
|
|
return perms.values_list('id', flat=True)
|
2022-10-18 07:21:44 +00:00
|
|
|
return perms
|
|
|
|
|
2022-10-27 07:47:05 +00:00
|
|
|
def get_permissions_for_nodes(self, nodes, with_ancestor=False, flat=False):
|
2022-10-18 07:21:44 +00:00
|
|
|
""" 获取节点的授权规则 """
|
2022-12-09 05:26:29 +00:00
|
|
|
nodes = self.convert_to_queryset_if_need(nodes, Node)
|
2022-10-18 08:04:45 +00:00
|
|
|
if with_ancestor:
|
2022-12-08 11:30:16 +00:00
|
|
|
nodes = Node.get_ancestor_queryset(nodes)
|
|
|
|
node_ids = nodes.values_list('id', flat=True).distinct()
|
|
|
|
relations = AssetPermission.nodes.through.objects.filter(node_id__in=node_ids)
|
|
|
|
perm_ids = relations.values_list('assetpermission_id', flat=True).distinct()
|
2022-10-27 07:47:05 +00:00
|
|
|
perms = self.get_permissions(ids=perm_ids)
|
2023-01-16 11:02:09 +00:00
|
|
|
if flat:
|
|
|
|
return perms.values_list('id', flat=True)
|
2022-10-18 07:21:44 +00:00
|
|
|
return perms
|
|
|
|
|
2022-10-27 07:47:05 +00:00
|
|
|
def get_permissions_for_user_asset(self, user, asset):
|
|
|
|
""" 获取同时包含用户、资产的授权规则 """
|
|
|
|
user_perm_ids = self.get_permissions_for_user(user, flat=True)
|
2022-12-08 11:30:16 +00:00
|
|
|
asset_perm_ids = self.get_permissions_for_assets([asset], flat=True)
|
2022-10-27 07:47:05 +00:00
|
|
|
perm_ids = set(user_perm_ids) & set(asset_perm_ids)
|
|
|
|
perms = self.get_permissions(ids=perm_ids)
|
|
|
|
return perms
|
2022-10-18 07:21:44 +00:00
|
|
|
|
2022-10-27 07:47:05 +00:00
|
|
|
def get_permissions_for_user_group_asset(self, user_group, asset):
|
|
|
|
user_perm_ids = self.get_permissions_for_user_groups([user_group], flat=True)
|
2022-12-08 11:30:16 +00:00
|
|
|
asset_perm_ids = self.get_permissions_for_assets([asset], flat=True)
|
2022-10-27 07:47:05 +00:00
|
|
|
perm_ids = set(user_perm_ids) & set(asset_perm_ids)
|
|
|
|
perms = self.get_permissions(ids=perm_ids)
|
|
|
|
return perms
|
2022-10-13 12:14:04 +00:00
|
|
|
|
2022-12-08 11:30:16 +00:00
|
|
|
@staticmethod
|
2022-12-09 05:26:29 +00:00
|
|
|
def convert_to_queryset_if_need(objs_or_ids, model):
|
2022-12-08 11:30:16 +00:00
|
|
|
if not objs_or_ids:
|
2023-03-28 03:37:04 +00:00
|
|
|
return model.objects.none()
|
2022-12-09 05:26:29 +00:00
|
|
|
if isinstance(objs_or_ids, QuerySet) and isinstance(objs_or_ids.first(), model):
|
2022-12-08 11:30:16 +00:00
|
|
|
return objs_or_ids
|
2022-12-09 05:26:29 +00:00
|
|
|
ids = [
|
|
|
|
str(i.id) if isinstance(i, model) else i
|
|
|
|
for i in objs_or_ids
|
|
|
|
]
|
2022-12-08 11:30:16 +00:00
|
|
|
return model.objects.filter(id__in=ids)
|
|
|
|
|
2022-12-19 08:04:58 +00:00
|
|
|
@staticmethod
|
2024-01-24 07:19:03 +00:00
|
|
|
def get_permissions(ids, with_expired=False):
|
|
|
|
perms = AssetPermission.objects.filter(id__in=ids)
|
|
|
|
if not with_expired:
|
|
|
|
perms = perms.valid()
|
|
|
|
return perms.order_by('-date_expired')
|