jumpserver/apps/perms/serializers/permission.py

# -*- coding: utf-8 -*-
#

from django.db.models import Q
from django.utils.translation import ugettext_lazy as _
from rest_framework import serializers

from assets.models import Asset, Node
from common.drf.fields import BitChoicesField, ObjectRelatedField
from orgs.mixins.serializers import BulkOrgResourceModelSerializer
from perms.models import ActionChoices, AssetPermission
from users.models import User, UserGroup

__all__ = ["AssetPermissionSerializer", "ActionChoicesField"]


class ActionChoicesField(BitChoicesField):
    def __init__(self, **kwargs):
        super().__init__(ActionChoices, **kwargs)


class AssetPermissionSerializer(BulkOrgResourceModelSerializer):
    users = ObjectRelatedField(queryset=User.objects, many=True, required=False)
    user_groups = ObjectRelatedField(
        queryset=UserGroup.objects, many=True, required=False
    )
    assets = ObjectRelatedField(queryset=Asset.objects, many=True, required=False)
    nodes = ObjectRelatedField(queryset=Node.objects, many=True, required=False)
    actions = ActionChoicesField(required=False, allow_null=True, label=_("Actions"))
    is_valid = serializers.BooleanField(read_only=True, label=_("Is valid"))
    is_expired = serializers.BooleanField(read_only=True, label=_("Is expired"))
    accounts = serializers.ListField(label=_("Accounts"), required=False)

    class Meta:
        model = AssetPermission
        fields_mini = ["id", "name"]
        fields_small = fields_mini + [
            "accounts",
            "is_active",
            "is_expired",
            "is_valid",
            "actions",
            "created_by",
            "date_created",
            "date_expired",
            "date_start",
            "comment",
            "from_ticket",
        ]
        fields_m2m = [
            "users",
            "user_groups",
            "assets",
            "nodes",
        ]
        fields = fields_small + fields_m2m
        read_only_fields = ["created_by", "date_created", "from_ticket"]
        extra_kwargs = {
            "actions": {"label": _("Actions")},
            "is_expired": {"label": _("Is expired")},
            "is_valid": {"label": _("Is valid")},
        }

    def __init__(self, *args, **kwargs):
        super().__init__(*args, **kwargs)
        self.set_actions_field()

    def set_actions_field(self):
        actions = self.fields.get("actions")
        if not actions:
            return
        choices = actions._choices
        actions._choices = choices
        actions.default = list(choices.keys())

    @classmethod
    def setup_eager_loading(cls, queryset):
        """Perform necessary eager loading of data."""
        queryset = queryset.prefetch_related(
            "users",
            "user_groups",
            "assets",
            "nodes",
        )
        return queryset

    @staticmethod
    def perform_display_create(instance, **kwargs):
        # 用户
        users_to_set = User.objects.filter(
            Q(name__in=kwargs.get("users_display"))
            | Q(username__in=kwargs.get("users_display"))
        ).distinct()
        instance.users.add(*users_to_set)
        # 用户组
        user_groups_to_set = UserGroup.objects.filter(
            name__in=kwargs.get("user_groups_display")
        ).distinct()
        instance.user_groups.add(*user_groups_to_set)
        # 资产
        assets_to_set = Asset.objects.filter(
            Q(address__in=kwargs.get("assets_display"))
            | Q(name__in=kwargs.get("assets_display"))
        ).distinct()
        instance.assets.add(*assets_to_set)
        # 节点
        nodes_to_set = Node.objects.filter(
            full_value__in=kwargs.get("nodes_display")
        ).distinct()
        instance.nodes.add(*nodes_to_set)

    def create(self, validated_data):
        display = {
            "users_display": validated_data.pop("users_display", ""),
            "user_groups_display": validated_data.pop("user_groups_display", ""),
            "assets_display": validated_data.pop("assets_display", ""),
            "nodes_display": validated_data.pop("nodes_display", ""),
        }
        instance = super().create(validated_data)
        self.perform_display_create(instance, **display)
        return instance
Update api 2016-10-19 11:30:55 +00:00			`# -- coding: utf-8 --`
			`#`

perf: 优化i18n 2021-07-30 11:13:47 +00:00			`from django.db.models import Q`
pref: 修改 asset permission 2022-11-11 07:04:31 +00:00			`from django.utils.translation import ugettext_lazy as _`
			`from rest_framework import serializers`
serializer优化&&授权导入优化 2021-04-29 11:10:45 +00:00
perf: remove system user 2022-08-17 03:54:18 +00:00			`from assets.models import Asset, Node`
pref: 修改 asset permission 2022-11-11 07:04:31 +00:00			`from common.drf.fields import BitChoicesField, ObjectRelatedField`
			`from orgs.mixins.serializers import BulkOrgResourceModelSerializer`
			`from perms.models import ActionChoices, AssetPermission`
perf: 优化用户详情页授权列表加载速度&添加可重入锁 2021-02-08 06:59:20 +00:00			`from users.models import User, UserGroup`
refactor: 修改授权相关Model,Serializer,API结构 2022-09-07 09:35:23 +00:00
pref: 修改 asset permission 2022-11-11 07:04:31 +00:00			`__all__ = ["AssetPermissionSerializer", "ActionChoicesField"]`
refactor: 修改授权相关Model,Serializer,API结构 2022-09-07 09:35:23 +00:00

pref: 修改 asset permission 2022-11-11 07:04:31 +00:00			`class ActionChoicesField(BitChoicesField):`
refactor: 修改授权相关Model,Serializer,API结构 2022-09-07 09:35:23 +00:00			`def __init__(self, **kwargs):`
pref: 修改 asset permission 2022-11-11 07:04:31 +00:00			`super().__init__(ActionChoices, **kwargs)`
[Update] 修改Permission 2019-06-30 12:10:34 +00:00
refactor: 修改授权相关Model,Serializer,API结构 2022-09-07 09:35:23 +00:00
			`class AssetPermissionSerializer(BulkOrgResourceModelSerializer):`
pref: 优化授权 api 返回字段 2022-11-09 03:43:55 +00:00			`users = ObjectRelatedField(queryset=User.objects, many=True, required=False)`
pref: 修改 asset permission 2022-11-11 07:04:31 +00:00			`user_groups = ObjectRelatedField(`
			`queryset=UserGroup.objects, many=True, required=False`
			`)`
pref: 优化授权 api 返回字段 2022-11-09 03:43:55 +00:00			`assets = ObjectRelatedField(queryset=Asset.objects, many=True, required=False)`
			`nodes = ObjectRelatedField(queryset=Node.objects, many=True, required=False)`
pref: 修改 asset permission 2022-11-11 07:04:31 +00:00			`actions = ActionChoicesField(required=False, allow_null=True, label=_("Actions"))`
perf: 优化i18n 2021-07-30 11:13:47 +00:00			`is_valid = serializers.BooleanField(read_only=True, label=_("Is valid"))`
pref: 修改 asset permission 2022-11-11 07:04:31 +00:00			`is_expired = serializers.BooleanField(read_only=True, label=_("Is expired"))`
			`accounts = serializers.ListField(label=_("Accounts"), required=False)`
[Update] 修改Permr认证 2018-04-10 12:29:06 +00:00
[Abandon] ... 2018-02-01 09:14:15 +00:00			`class Meta:`
[Update] 修改api和view 2018-04-08 12:02:40 +00:00			`model = AssetPermission`
pref: 修改 asset permission 2022-11-11 07:04:31 +00:00			`fields_mini = ["id", "name"]`
授权导入优化 (#6057) * 授权导入优化，支持使用用户名，资产名，ip，节点路径，系统用户名称导入 * Update permission.py * 授权导入优化 * 授权导入优化 * 授权导入优化 * 授权导入优化 Co-authored-by: fghbng@qq.com <fghbng@qq.com> 2021-04-28 08:42:54 +00:00			`fields_small = fields_mini + [`
pref: 修改 asset permission 2022-11-11 07:04:31 +00:00			`"accounts",`
			`"is_active",`
			`"is_expired",`
			`"is_valid",`
			`"actions",`
			`"created_by",`
			`"date_created",`
			`"date_expired",`
			`"date_start",`
			`"comment",`
			`"from_ticket",`
[Update] 修改remote app api 2020-05-09 06:51:19 +00:00			`]`
授权导入优化 (#6057) * 授权导入优化，支持使用用户名，资产名，ip，节点路径，系统用户名称导入 * Update permission.py * 授权导入优化 * 授权导入优化 * 授权导入优化 * 授权导入优化 Co-authored-by: fghbng@qq.com <fghbng@qq.com> 2021-04-28 08:42:54 +00:00			`fields_m2m = [`
pref: 修改 asset permission 2022-11-11 07:04:31 +00:00			`"users",`
			`"user_groups",`
			`"assets",`
			`"nodes",`
[Update] 修改remote app api 2020-05-09 06:51:19 +00:00			`]`
授权导入优化 (#6057) * 授权导入优化，支持使用用户名，资产名，ip，节点路径，系统用户名称导入 * Update permission.py * 授权导入优化 * 授权导入优化 * 授权导入优化 * 授权导入优化 Co-authored-by: fghbng@qq.com <fghbng@qq.com> 2021-04-28 08:42:54 +00:00			`fields = fields_small + fields_m2m`
pref: 修改 asset permission 2022-11-11 07:04:31 +00:00			`read_only_fields = ["created_by", "date_created", "from_ticket"]`
fix(trans): 完善翻译 2020-11-11 02:27:18 +00:00			`extra_kwargs = {`
pref: 修改 asset permission 2022-11-11 07:04:31 +00:00			`"actions": {"label": _("Actions")},`
			`"is_expired": {"label": _("Is expired")},`
			`"is_valid": {"label": _("Is valid")},`
fix(trans): 完善翻译 2020-11-11 02:27:18 +00:00			`}`
[Update] 修改remote app api 2020-05-09 06:51:19 +00:00
feat: 授权规则创建 2022-09-29 12:41:40 +00:00			`def __init__(self, args, *kwargs):`
			`super().__init__(args, *kwargs)`
			`self.set_actions_field()`

			`def set_actions_field(self):`
pref: 修改 asset permission 2022-11-11 07:04:31 +00:00			`actions = self.fields.get("actions")`
feat: 授权规则创建 2022-09-29 12:41:40 +00:00			`if not actions:`
			`return`
			`choices = actions._choices`
			`actions._choices = choices`
			`actions.default = list(choices.keys())`

[Update] 修改remote app api 2020-05-09 06:51:19 +00:00			`@classmethod`
			`def setup_eager_loading(cls, queryset):`
pref: 修改 asset permission 2022-11-11 07:04:31 +00:00			`"""Perform necessary eager loading of data."""`
perf: 优化i18n 2021-07-30 11:13:47 +00:00			`queryset = queryset.prefetch_related(`
pref: 修改 asset permission 2022-11-11 07:04:31 +00:00			`"users",`
			`"user_groups",`
			`"assets",`
			`"nodes",`
perf: 优化i18n 2021-07-30 11:13:47 +00:00			`)`
[Update] 修改remote app api 2020-05-09 06:51:19 +00:00			`return queryset`
授权导入优化 (#6057) * 授权导入优化，支持使用用户名，资产名，ip，节点路径，系统用户名称导入 * Update permission.py * 授权导入优化 * 授权导入优化 * 授权导入优化 * 授权导入优化 Co-authored-by: fghbng@qq.com <fghbng@qq.com> 2021-04-28 08:42:54 +00:00
perf: 优化i18n 2021-07-30 11:13:47 +00:00			`@staticmethod`
			`def perform_display_create(instance, **kwargs):`
授权导入优化 (#6057) * 授权导入优化，支持使用用户名，资产名，ip，节点路径，系统用户名称导入 * Update permission.py * 授权导入优化 * 授权导入优化 * 授权导入优化 * 授权导入优化 Co-authored-by: fghbng@qq.com <fghbng@qq.com> 2021-04-28 08:42:54 +00:00			`# 用户`
			`users_to_set = User.objects.filter(`
pref: 修改 asset permission 2022-11-11 07:04:31 +00:00			`Q(name__in=kwargs.get("users_display"))`
			`\| Q(username__in=kwargs.get("users_display"))`
授权导入优化 (#6057) * 授权导入优化，支持使用用户名，资产名，ip，节点路径，系统用户名称导入 * Update permission.py * 授权导入优化 * 授权导入优化 * 授权导入优化 * 授权导入优化 Co-authored-by: fghbng@qq.com <fghbng@qq.com> 2021-04-28 08:42:54 +00:00			`).distinct()`
serializer优化&&资产授权导入优化 2021-04-30 03:32:33 +00:00			`instance.users.add(*users_to_set)`
授权导入优化 (#6057) * 授权导入优化，支持使用用户名，资产名，ip，节点路径，系统用户名称导入 * Update permission.py * 授权导入优化 * 授权导入优化 * 授权导入优化 * 授权导入优化 Co-authored-by: fghbng@qq.com <fghbng@qq.com> 2021-04-28 08:42:54 +00:00			`# 用户组`
perf: 优化i18n 2021-07-30 11:13:47 +00:00			`user_groups_to_set = UserGroup.objects.filter(`
pref: 修改 asset permission 2022-11-11 07:04:31 +00:00			`name__in=kwargs.get("user_groups_display")`
perf: 优化i18n 2021-07-30 11:13:47 +00:00			`).distinct()`
serializer优化&&资产授权导入优化 2021-04-30 03:32:33 +00:00			`instance.user_groups.add(*user_groups_to_set)`
授权导入优化 (#6057) * 授权导入优化，支持使用用户名，资产名，ip，节点路径，系统用户名称导入 * Update permission.py * 授权导入优化 * 授权导入优化 * 授权导入优化 * 授权导入优化 Co-authored-by: fghbng@qq.com <fghbng@qq.com> 2021-04-28 08:42:54 +00:00			`# 资产`
			`assets_to_set = Asset.objects.filter(`
pref: 修改 asset permission 2022-11-11 07:04:31 +00:00			`Q(address__in=kwargs.get("assets_display"))`
			`\| Q(name__in=kwargs.get("assets_display"))`
授权导入优化 (#6057) * 授权导入优化，支持使用用户名，资产名，ip，节点路径，系统用户名称导入 * Update permission.py * 授权导入优化 * 授权导入优化 * 授权导入优化 * 授权导入优化 Co-authored-by: fghbng@qq.com <fghbng@qq.com> 2021-04-28 08:42:54 +00:00			`).distinct()`
serializer优化&&资产授权导入优化 2021-04-30 03:32:33 +00:00			`instance.assets.add(*assets_to_set)`
授权导入优化 (#6057) * 授权导入优化，支持使用用户名，资产名，ip，节点路径，系统用户名称导入 * Update permission.py * 授权导入优化 * 授权导入优化 * 授权导入优化 * 授权导入优化 Co-authored-by: fghbng@qq.com <fghbng@qq.com> 2021-04-28 08:42:54 +00:00			`# 节点`
perf: 优化i18n 2021-07-30 11:13:47 +00:00			`nodes_to_set = Node.objects.filter(`
pref: 修改 asset permission 2022-11-11 07:04:31 +00:00			`full_value__in=kwargs.get("nodes_display")`
perf: 优化i18n 2021-07-30 11:13:47 +00:00			`).distinct()`
serializer优化&&资产授权导入优化 2021-04-30 03:32:33 +00:00			`instance.nodes.add(*nodes_to_set)`
授权导入优化 (#6057) * 授权导入优化，支持使用用户名，资产名，ip，节点路径，系统用户名称导入 * Update permission.py * 授权导入优化 * 授权导入优化 * 授权导入优化 * 授权导入优化 Co-authored-by: fghbng@qq.com <fghbng@qq.com> 2021-04-28 08:42:54 +00:00
			`def create(self, validated_data):`
			`display = {`
pref: 修改 asset permission 2022-11-11 07:04:31 +00:00			`"users_display": validated_data.pop("users_display", ""),`
			`"user_groups_display": validated_data.pop("user_groups_display", ""),`
			`"assets_display": validated_data.pop("assets_display", ""),`
			`"nodes_display": validated_data.pop("nodes_display", ""),`
授权导入优化 (#6057) * 授权导入优化，支持使用用户名，资产名，ip，节点路径，系统用户名称导入 * Update permission.py * 授权导入优化 * 授权导入优化 * 授权导入优化 * 授权导入优化 Co-authored-by: fghbng@qq.com <fghbng@qq.com> 2021-04-28 08:42:54 +00:00			`}`
			`instance = super().create(validated_data)`
			`self.perform_display_create(instance, **display)`
			`return instance`