|
|
|
|
# Generated by Django 2.2.13 on 2020-10-28 02:19
|
|
|
|
|
|
|
|
|
|
import common.utils.django
|
|
|
|
|
from django.conf import settings
|
|
|
|
|
from django.db import migrations, models
|
|
|
|
|
import django.utils.timezone
|
|
|
|
|
import uuid
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def old_perm_to_application_permission_json(old_perm, category, _type):
|
|
|
|
|
return {
|
|
|
|
|
'id': old_perm.id,
|
|
|
|
|
'name': old_perm.name,
|
|
|
|
|
'category': category,
|
|
|
|
|
'type': _type,
|
|
|
|
|
'is_active': old_perm.is_active,
|
|
|
|
|
'date_start': old_perm.date_start,
|
|
|
|
|
'date_expired': old_perm.date_expired,
|
|
|
|
|
'created_by': old_perm.created_by,
|
|
|
|
|
'comment': old_perm.comment,
|
|
|
|
|
'org_id': old_perm.org_id
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def common_old_perm_relation_to_application_permission_json(old_perm_relation, data_json):
|
|
|
|
|
return {
|
|
|
|
|
'applicationpermission_id': getattr(old_perm_relation, data_json['relation_app_perm_id']),
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def old_perm_relation_app_to_application_permission_json(old_perm_relation_app, data_json):
|
|
|
|
|
data = common_old_perm_relation_to_application_permission_json(old_perm_relation_app, data_json)
|
|
|
|
|
data.update({
|
|
|
|
|
'application_id': getattr(old_perm_relation_app, data_json['relation_app_id'])
|
|
|
|
|
})
|
|
|
|
|
return data
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def old_perm_relation_system_user_to_application_permission_json(old_perm_relation_system_user, data_json):
|
|
|
|
|
data = common_old_perm_relation_to_application_permission_json(old_perm_relation_system_user, data_json)
|
|
|
|
|
data.update({
|
|
|
|
|
'systemuser_id': old_perm_relation_system_user.systemuser_id,
|
|
|
|
|
})
|
|
|
|
|
return data
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def old_perm_relation_user_group_to_application_permission_json(old_perm_relation_user_group, data_json):
|
|
|
|
|
data = common_old_perm_relation_to_application_permission_json(old_perm_relation_user_group, data_json)
|
|
|
|
|
data.update({
|
|
|
|
|
'usergroup_id': old_perm_relation_user_group.usergroup_id,
|
|
|
|
|
})
|
|
|
|
|
return data
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def old_perm_relation_user_to_application_permission_json(old_perm_relation_user, data_json):
|
|
|
|
|
data = common_old_perm_relation_to_application_permission_json(old_perm_relation_user, data_json)
|
|
|
|
|
data.update({
|
|
|
|
|
'user_id': old_perm_relation_user.user_id,
|
|
|
|
|
})
|
|
|
|
|
return data
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
CATEGORY_DB = 'db'
|
|
|
|
|
CATEGORY_REMOTE = 'remote_app'
|
|
|
|
|
CATEGORY_CLOUD = 'cloud'
|
|
|
|
|
|
|
|
|
|
TYPE_DB_MYSQL = 'mysql'
|
|
|
|
|
TYPE_CLOUD_K8S = 'k8s'
|
|
|
|
|
TYPE_REMOTE_CHROME = 'chrome'
|
|
|
|
|
TYPE_REMOTE_MYSQL_WORKBENCH = 'mysql_workbench'
|
|
|
|
|
TYPE_REMOTE_VMWARE_CLIENT = 'vmware_client'
|
|
|
|
|
TYPE_REMOTE_CUSTOM = 'custom'
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
OLD_PERM_MODELS_NAME_MAP_DATA_JSON = {
|
|
|
|
|
'DatabaseAppPermission': {
|
|
|
|
|
'app_m2m_fields': 'database_apps',
|
|
|
|
|
'relation_app_perm_id': 'databaseapppermission_id',
|
|
|
|
|
'relation_app_id': 'databaseapp_id',
|
|
|
|
|
'category': CATEGORY_DB,
|
|
|
|
|
'type': TYPE_DB_MYSQL,
|
|
|
|
|
},
|
|
|
|
|
'RemoteAppPermission': {
|
|
|
|
|
'app_m2m_fields': 'remote_apps',
|
|
|
|
|
'relation_app_perm_id': 'remoteapppermission_id',
|
|
|
|
|
'relation_app_id': 'remoteapp_id',
|
|
|
|
|
'category': CATEGORY_REMOTE,
|
|
|
|
|
'type': None,
|
|
|
|
|
},
|
|
|
|
|
'K8sAppPermission': {
|
|
|
|
|
'app_m2m_fields': 'k8s_apps',
|
|
|
|
|
'relation_app_perm_id': 'k8sapppermission_id',
|
|
|
|
|
'relation_app_id': 'k8sapp_id',
|
|
|
|
|
'category': CATEGORY_CLOUD,
|
|
|
|
|
'type': TYPE_CLOUD_K8S,
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def migrate_and_integrate_application_permissions(apps, schema_editor):
|
|
|
|
|
db_alias = schema_editor.connection.alias
|
|
|
|
|
|
|
|
|
|
new_app_perms_json = []
|
|
|
|
|
new_app_perms_relation_apps_json = []
|
|
|
|
|
new_app_perms_relation_system_users_json = []
|
|
|
|
|
new_app_perms_relation_user_groups_json = []
|
|
|
|
|
new_app_perms_relation_users_json = []
|
|
|
|
|
|
|
|
|
|
for old_perm_model_name, data_json in OLD_PERM_MODELS_NAME_MAP_DATA_JSON.items():
|
|
|
|
|
|
|
|
|
|
# model
|
|
|
|
|
old_perm_model = apps.get_model("perms", old_perm_model_name)
|
|
|
|
|
|
|
|
|
|
# instances
|
|
|
|
|
old_perms = old_perm_model.objects.using(db_alias).all()
|
|
|
|
|
old_perms_relation_apps = getattr(old_perm_model, data_json['app_m2m_fields']).through.objects.using(db_alias).all()
|
|
|
|
|
old_perms_relation_system_users = old_perm_model.system_users.through.objects.using(db_alias).all()
|
|
|
|
|
old_perms_relation_user_groups = old_perm_model.user_groups.through.objects.using(db_alias).all()
|
|
|
|
|
old_perms_relation_users = old_perm_model.users.through.objects.using(db_alias).all()
|
|
|
|
|
|
|
|
|
|
# json
|
|
|
|
|
perms_json = []
|
|
|
|
|
category = data_json['category']
|
|
|
|
|
for old_perm in old_perms:
|
|
|
|
|
if category == CATEGORY_REMOTE:
|
|
|
|
|
type_list = list(old_perm.remote_apps.values_list('type', flat=True))
|
|
|
|
|
if len(type_list) == 0:
|
|
|
|
|
_type = TYPE_REMOTE_CHROME
|
|
|
|
|
else:
|
|
|
|
|
_type = max(type_list, key=type_list.count)
|
|
|
|
|
else:
|
|
|
|
|
_type = data_json['type']
|
|
|
|
|
perm_json = old_perm_to_application_permission_json(old_perm, category, _type)
|
|
|
|
|
perms_json.append(perm_json)
|
|
|
|
|
|
|
|
|
|
perms_relation_apps_json = [
|
|
|
|
|
old_perm_relation_app_to_application_permission_json(old_perm_relation_app, data_json)
|
|
|
|
|
for old_perm_relation_app in old_perms_relation_apps
|
|
|
|
|
]
|
|
|
|
|
perms_relation_system_users_json = [
|
|
|
|
|
old_perm_relation_system_user_to_application_permission_json(old_perm_relation_system_user, data_json)
|
|
|
|
|
for old_perm_relation_system_user in old_perms_relation_system_users
|
|
|
|
|
]
|
|
|
|
|
perms_relation_user_groups_json = [
|
|
|
|
|
old_perm_relation_user_group_to_application_permission_json(old_perm_relation_user_group, data_json)
|
|
|
|
|
for old_perm_relation_user_group in old_perms_relation_user_groups
|
|
|
|
|
]
|
|
|
|
|
perms_relation_users_json = [
|
|
|
|
|
old_perm_relation_user_to_application_permission_json(old_perm_relation_user, data_json)
|
|
|
|
|
for old_perm_relation_user in old_perms_relation_users
|
|
|
|
|
]
|
|
|
|
|
|
|
|
|
|
new_app_perms_json.extend(perms_json)
|
|
|
|
|
new_app_perms_relation_apps_json.extend(perms_relation_apps_json)
|
|
|
|
|
new_app_perms_relation_system_users_json.extend(perms_relation_system_users_json)
|
|
|
|
|
new_app_perms_relation_user_groups_json.extend(perms_relation_user_groups_json)
|
|
|
|
|
new_app_perms_relation_users_json.extend(perms_relation_users_json)
|
|
|
|
|
|
|
|
|
|
# model
|
|
|
|
|
new_app_perm_model = apps.get_model("perms", "ApplicationPermission")
|
|
|
|
|
new_app_perm_relation_app_model = new_app_perm_model.applications.through
|
|
|
|
|
new_app_perm_relation_system_user_model = new_app_perm_model.system_users.through
|
|
|
|
|
new_app_perm_relation_user_group_model = new_app_perm_model.user_groups.through
|
|
|
|
|
new_app_perm_relation_user_model = new_app_perm_model.users.through
|
|
|
|
|
|
|
|
|
|
# instances
|
|
|
|
|
new_app_perm_objects = [
|
|
|
|
|
new_app_perm_model(**data)
|
|
|
|
|
for data in new_app_perms_json
|
|
|
|
|
]
|
|
|
|
|
new_app_perm_relation_app_objects = [
|
|
|
|
|
new_app_perm_relation_app_model(**data)
|
|
|
|
|
for data in new_app_perms_relation_apps_json
|
|
|
|
|
]
|
|
|
|
|
new_app_perm_relation_system_user_objects = [
|
|
|
|
|
new_app_perm_relation_system_user_model(**data)
|
|
|
|
|
for data in new_app_perms_relation_system_users_json
|
|
|
|
|
]
|
|
|
|
|
new_app_perm_relation_user_group_objects = [
|
|
|
|
|
new_app_perm_relation_user_group_model(**data)
|
|
|
|
|
for data in new_app_perms_relation_user_groups_json
|
|
|
|
|
]
|
|
|
|
|
new_app_perm_relation_user_objects = [
|
|
|
|
|
new_app_perm_relation_user_model(**data)
|
|
|
|
|
for data in new_app_perms_relation_users_json
|
|
|
|
|
]
|
|
|
|
|
|
|
|
|
|
# create
|
|
|
|
|
for new_app_perm_object in new_app_perm_objects:
|
|
|
|
|
if new_app_perm_model.objects.using(db_alias).filter(name=new_app_perm_object.name).exists():
|
|
|
|
|
new_app_perm_object.name = '{}-{}'.format(new_app_perm_object.name, str(new_app_perm_object.id)[:4])
|
|
|
|
|
new_app_perm_object.save()
|
|
|
|
|
new_app_perm_relation_app_model.objects.using(db_alias).bulk_create(new_app_perm_relation_app_objects)
|
|
|
|
|
new_app_perm_relation_system_user_model.objects.using(db_alias).bulk_create(new_app_perm_relation_system_user_objects)
|
|
|
|
|
new_app_perm_relation_user_group_model.objects.using(db_alias).bulk_create(new_app_perm_relation_user_group_objects)
|
|
|
|
|
new_app_perm_relation_user_model.objects.using(db_alias).bulk_create(new_app_perm_relation_user_objects)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class Migration(migrations.Migration):
|
|
|
|
|
|
|
|
|
|
dependencies = [
|
|
|
|
|
('users', '0030_auto_20200819_2041'),
|
|
|
|
|
('assets', '0059_auto_20201027_1905'),
|
|
|
|
|
('applications', '0006_application'),
|
|
|
|
|
migrations.swappable_dependency(settings.AUTH_USER_MODEL),
|
|
|
|
|
('perms', '0015_auto_20200929_1728'),
|
|
|
|
|
]
|
|
|
|
|
|
|
|
|
|
operations = [
|
|
|
|
|
migrations.CreateModel(
|
|
|
|
|
name='ApplicationPermission',
|
|
|
|
|
fields=[
|
|
|
|
|
('org_id', models.CharField(blank=True, db_index=True, default='', max_length=36, verbose_name='Organization')),
|
|
|
|
|
('id', models.UUIDField(default=uuid.uuid4, primary_key=True, serialize=False)),
|
|
|
|
|
('name', models.CharField(max_length=128, verbose_name='Name')),
|
|
|
|
|
('is_active', models.BooleanField(default=True, verbose_name='Active')),
|
|
|
|
|
('date_start', models.DateTimeField(db_index=True, default=django.utils.timezone.now, verbose_name='Date start')),
|
|
|
|
|
('date_expired', models.DateTimeField(db_index=True, default=common.utils.django.date_expired_default, verbose_name='Date expired')),
|
|
|
|
|
('created_by', models.CharField(blank=True, max_length=128, verbose_name='Created by')),
|
|
|
|
|
('date_created', models.DateTimeField(auto_now_add=True, verbose_name='Date created')),
|
|
|
|
|
('comment', models.TextField(blank=True, verbose_name='Comment')),
|
|
|
|
|
('category', models.CharField(choices=[('db', 'Database'), ('remote_app', 'Remote app'), ('cloud', 'Cloud')], max_length=16, verbose_name='Category')),
|
|
|
|
|
('type', models.CharField(choices=[('mysql', 'MySQL'), ('oracle', 'Oracle'), ('postgresql', 'PostgreSQL'), ('mariadb', 'MariaDB'), ('chrome', 'Chrome'), ('mysql_workbench', 'MySQL Workbench'), ('vmware_client', 'vSphere Client'), ('custom', 'Custom'), ('k8s', 'Kubernetes')], max_length=16, verbose_name='Type')),
|
|
|
|
|
('applications', models.ManyToManyField(blank=True, related_name='granted_by_permissions', to='applications.Application', verbose_name='Application')),
|
|
|
|
|
('system_users', models.ManyToManyField(related_name='granted_by_application_permissions', to='assets.SystemUser', verbose_name='System user')),
|
|
|
|
|
('user_groups', models.ManyToManyField(blank=True, related_name='applicationpermissions', to='users.UserGroup', verbose_name='User group')),
|
|
|
|
|
('users', models.ManyToManyField(blank=True, related_name='applicationpermissions', to=settings.AUTH_USER_MODEL, verbose_name='User')),
|
|
|
|
|
],
|
|
|
|
|
options={
|
|
|
|
|
'verbose_name': 'Application permission',
|
|
|
|
|
'ordering': ('name',),
|
|
|
|
|
'unique_together': {('org_id', 'name')},
|
|
|
|
|
},
|
|
|
|
|
),
|
|
|
|
|
migrations.RunPython(migrate_and_integrate_application_permissions),
|
|
|
|
|
]
|
