jumpserver/apps/perms/api/user_permission/mixin.py

# -*- coding: utf-8 -*-
#
from django.shortcuts import get_object_or_404
from django.utils.translation import gettext_lazy as _
from django.core.cache import cache
from rest_framework.request import Request

from common.utils.http import is_true
from common.utils import lazyproperty, is_uuid
from common.exceptions import JMSObjectDoesNotExist
from rbac.permissions import RBACPermission
from users.models import User
from perms.utils import UserPermTreeRefreshUtil

__all__ = ['SelfOrPKUserMixin', 'RebuildTreeMixin']


class SelfOrPKUserMixin:
    kwargs: dict
    request: Request
    permission_classes = (RBACPermission,)

    def get_rbac_perms(self):
        if self.request_user_is_self():
            return self.self_rbac_perms
        else:
            return self.admin_rbac_perms

    @property
    def self_rbac_perms(self):
        return (
            ('list', 'perms.view_myassets'),
            ('retrieve', 'perms.view_myassets'),
            ('get_tree', 'perms.view_myassets'),
            ('GET', 'perms.view_myassets'),
            ('OPTIONS', 'perms.view_myassets'),
        )

    @property
    def admin_rbac_perms(self):
        return (
            ('list', 'perms.view_userassets'),
            ('retrieve', 'perms.view_userassets'),
            ('get_tree', 'perms.view_userassets'),
            ('GET', 'perms.view_userassets'),
            ('OPTIONS', 'perms.view_userassets'),
        )

    @property
    def user(self):
        if self.request_user_is_self():
            user = self.request.user
        elif is_uuid(self.kwargs.get('user')):
            user = get_object_or_404(User, pk=self.kwargs.get('user'))
        elif hasattr(self, 'swagger_fake_view'):
            user = self.request.user
        else:
            raise JMSObjectDoesNotExist(object_name=_('User'))
        return user

    def request_user_is_self(self):
        return self.kwargs.get('user') in ['my', 'self']


class RebuildTreeMixin:
    user: User
    request: Request

    def get(self, request, *args, **kwargs):
        UserPermTreeRefreshUtil(self.user).refresh_if_need(force=self.is_force_refresh_tree)
        return super().get(request, *args, **kwargs)

    @lazyproperty
    def is_force_refresh_tree(self):
        force = is_true(self.request.query_params.get('rebuild_tree'))
        if not force:
            force = self.compute_is_force_refresh()
        return force

    def compute_is_force_refresh(self):
        """ 5s 内连续刷新三次转为强制刷新 """
        force_timeout = 5
        force_max_count = 3
        force_cache_key = '{user_id}:{path}'.format(user_id=self.user.id, path=self.request.path)
        count = cache.get(force_cache_key, 1)
        if count >= force_max_count:
            force = True
            cache.delete(force_cache_key)
        else:
            force = False
            cache.set(force_cache_key, count + 1, force_timeout)
        return force
Bugfix (#3232) * [Update] 拆分user permission * [Update] 修改 ops command * [Update] 修改setting无法生效的问题 * [Update] 修复授权详情-授权资产或节点添加资产失败 * [Bugfix] 修复组织管理员运行命令时的问题 * [Update] 修复命令执行左侧树点击问题 2019-09-17 04:34:47 +00:00			`# -- coding: utf-8 --`
			`#`
pref: 修改 accounts 2022-11-15 08:24:53 +00:00			`from django.shortcuts import get_object_or_404`
perf: 修改支持 Django4 2023-07-24 03:52:25 +00:00			`from django.utils.translation import gettext_lazy as _`
fix: circle imported for perms-api 2025-01-08 02:20:49 +00:00			`from django.core.cache import cache`
perf: 优化用户授权 api 2022-12-02 05:15:03 +00:00			`from rest_framework.request import Request`
fix (#4680) * perf(perms): 资产授权列表关联数据改为 `prefetch_related` * perf(perms): 优化一波 * dispatch_mapping_node_tasks.delay * perf: 在做一些优化 * perf: 再优化一波 * perf(perms): 授权更改节点慢的问题 * fix: 修改一处bug * perf(perms): ungrouped 资产数量计算方式 * fix: 修复dispatch data中的bug * fix(assets): add_nodes_assets_to_system_users celery task * fix: 修复ungrouped的bug * feat(nodes): 添加 favorite 节点 * feat(node): 添加 favorite api * fix: 修复clean keys的bug Co-authored-by: xinwen <coderWen@126.com> Co-authored-by: ibuler <ibuler@qq.com> 2020-09-27 08:02:44 +00:00
fix: circle imported for perms-api 2025-01-08 02:20:49 +00:00			`from common.utils.http import is_true`
			`from common.utils import lazyproperty, is_uuid`
perf: 优化授权规则 user-permission 用户授权相关的 API; 包括 assets, nodes, tree-asset, tree-node, tree-node-with-asset; 2022-12-07 10:38:03 +00:00			`from common.exceptions import JMSObjectDoesNotExist`
perf: 修改支持 Django4 2023-07-24 03:52:25 +00:00			`from rbac.permissions import RBACPermission`
			`from users.models import User`
fix: circle imported for perms-api 2025-01-08 02:20:49 +00:00			`from perms.utils import UserPermTreeRefreshUtil`
perf(assets): 优化节点树修改树策略，做读优化，写的速度降低 2020-08-16 15:08:58 +00:00
fix: circle imported for perms-api 2025-01-08 02:20:49 +00:00			`__all__ = ['SelfOrPKUserMixin', 'RebuildTreeMixin']`
Bugfix (#3232) * [Update] 拆分user permission * [Update] 修改 ops command * [Update] 修改setting无法生效的问题 * [Update] 修复授权详情-授权资产或节点添加资产失败 * [Bugfix] 修复组织管理员运行命令时的问题 * [Update] 修复命令执行左侧树点击问题 2019-09-17 04:34:47 +00:00
[Update] 修改校验用户资产权限API不使用缓存 2019-12-25 02:29:58 +00:00
pref: 修改 accounts 2022-11-15 08:24:53 +00:00			`class SelfOrPKUserMixin:`
			`kwargs: dict`
			`request: Request`
			`permission_classes = (RBACPermission,)`

fix: 修改用户授权的资产账号 2022-11-15 09:49:28 +00:00			`def get_rbac_perms(self):`
			`if self.request_user_is_self():`
			`return self.self_rbac_perms`
			`else:`
			`return self.admin_rbac_perms`

pref: 修改 accounts 2022-11-15 08:24:53 +00:00			`@property`
			`def self_rbac_perms(self):`
			`return (`
			`('list', 'perms.view_myassets'),`
			`('retrieve', 'perms.view_myassets'),`
			`('get_tree', 'perms.view_myassets'),`
			`('GET', 'perms.view_myassets'),`
perf: 合并授权规则用户相关的 API URL，统一使用 /<str:user>/ 格式 2022-12-01 04:02:20 +00:00			`('OPTIONS', 'perms.view_myassets'),`
pref: 修改 accounts 2022-11-15 08:24:53 +00:00			`)`

			`@property`
			`def admin_rbac_perms(self):`
			`return (`
			`('list', 'perms.view_userassets'),`
			`('retrieve', 'perms.view_userassets'),`
			`('get_tree', 'perms.view_userassets'),`
			`('GET', 'perms.view_userassets'),`
perf: 合并授权规则用户相关的 API URL，统一使用 /<str:user>/ 格式 2022-12-01 04:02:20 +00:00			`('OPTIONS', 'perms.view_userassets'),`
pref: 修改 accounts 2022-11-15 08:24:53 +00:00			`)`

fix: 修改用户授权的资产账号 2022-11-15 09:49:28 +00:00			`@property`
			`def user(self):`
pref: 修改 accounts 2022-11-15 08:24:53 +00:00			`if self.request_user_is_self():`
fix: 修改用户授权的资产账号 2022-11-15 09:49:28 +00:00			`user = self.request.user`
			`elif is_uuid(self.kwargs.get('user')):`
			`user = get_object_or_404(User, pk=self.kwargs.get('user'))`
perf: 合并授权规则用户相关的 API URL，统一使用 /<str:user>/ 格式 2022-12-01 04:02:20 +00:00			`elif hasattr(self, 'swagger_fake_view'):`
			`user = self.request.user`
pref: 修改 accounts 2022-11-15 08:24:53 +00:00			`else:`
fix: 修改用户授权的资产账号 2022-11-15 09:49:28 +00:00			`raise JMSObjectDoesNotExist(object_name=_('User'))`
			`return user`
pref: 修改 accounts 2022-11-15 08:24:53 +00:00
			`def request_user_is_self(self):`
			`return self.kwargs.get('user') in ['my', 'self']`
fix: circle imported for perms-api 2025-01-08 02:20:49 +00:00

			`class RebuildTreeMixin:`
			`user: User`
			`request: Request`

			`def get(self, request, args, *kwargs):`
			`UserPermTreeRefreshUtil(self.user).refresh_if_need(force=self.is_force_refresh_tree)`
			`return super().get(request, args, *kwargs)`

			`@lazyproperty`
			`def is_force_refresh_tree(self):`
			`force = is_true(self.request.query_params.get('rebuild_tree'))`
			`if not force:`
			`force = self.compute_is_force_refresh()`
			`return force`

			`def compute_is_force_refresh(self):`
			`""" 5s 内连续刷新三次转为强制刷新 """`
			`force_timeout = 5`
			`force_max_count = 3`
			`force_cache_key = '{user_id}:{path}'.format(user_id=self.user.id, path=self.request.path)`
			`count = cache.get(force_cache_key, 1)`
			`if count >= force_max_count:`
			`force = True`
			`cache.delete(force_cache_key)`
			`else:`
			`force = False`
			`cache.set(force_cache_key, count + 1, force_timeout)`
			`return force`