jumpserver/apps/perms/api/user_permission.py

# -*- coding: utf-8 -*-
#
import time
import traceback
from hashlib import md5
from django.core.cache import cache
from django.conf import settings
from django.shortcuts import get_object_or_404
from rest_framework.views import APIView, Response
from rest_framework.generics import (
    ListAPIView, get_object_or_404, GenericAPIView, RetrieveAPIView
)
from rest_framework.pagination import LimitOffsetPagination

from common.permissions import IsValidUser, IsOrgAdminOrAppUser
from common.tree import TreeNodeSerializer
from common.utils import get_logger
from ..utils import (
    AssetPermissionUtil, parse_asset_to_tree_node, parse_node_to_tree_node,
    check_system_user_action,
)
from ..hands import User, Asset, Node, SystemUser, NodeSerializer
from .. import serializers, const
from ..mixins import (
    AssetsFilterMixin,
)
from ..models import Action

logger = get_logger(__name__)

__all__ = [
    'UserGrantedAssetsApi', 'UserGrantedNodesApi',
    'UserGrantedNodesWithAssetsApi', 'UserGrantedNodeAssetsApi',
    'ValidateUserAssetPermissionApi', 'UserGrantedNodeChildrenApi',
    'UserGrantedNodesWithAssetsAsTreeApi', 'GetUserAssetPermissionActionsApi',
]


class UserPermissionCacheMixin:
    cache_policy = '0'
    RESP_CACHE_KEY = '_PERMISSION_RESPONSE_CACHE_{}'
    CACHE_TIME = settings.ASSETS_PERM_CACHE_TIME
    _object = None

    def get_object(self):
        return None

    # 内部使用可控制缓存
    def _get_object(self):
        if not self._object:
            self._object = self.get_object()
        return self._object

    def get_object_id(self):
        obj = self._get_object()
        if obj:
            return str(obj.id)
        return None

    def get_request_md5(self):
        path = self.request.path
        query = {k: v for k, v in self.request.GET.items()}
        query.pop("_", None)
        query = "&".join(["{}={}".format(k, v) for k, v in query.items()])
        full_path = "{}?{}".format(path, query)
        return md5(full_path.encode()).hexdigest()

    def get_meta_cache_id(self):
        obj = self._get_object()
        util = AssetPermissionUtil(obj, cache_policy=self.cache_policy)
        meta_cache_id = util.cache_meta.get('id')
        return meta_cache_id

    def get_response_cache_id(self):
        obj_id = self.get_object_id()
        request_md5 = self.get_request_md5()
        meta_cache_id = self.get_meta_cache_id()
        resp_cache_id = '{}_{}_{}'.format(obj_id, request_md5, meta_cache_id)
        resp_cache_id = md5(resp_cache_id.encode()).hexdigest()
        return resp_cache_id

    def get_response_from_cache(self):
        # 没有数据缓冲
        meta_cache_id = self.get_meta_cache_id()
        if not meta_cache_id:
            logger.debug("Not get meta id: {}".format(meta_cache_id))
            return None
        # 从响应缓冲里获取响应
        key = self.get_response_key()
        data = cache.get(key)
        if not data:
            logger.debug("Not get response from cache: {}".format(key))
            return None
        logger.debug("Get user permission from cache: {}".format(self.get_object()))
        response = Response(data)
        return response

    def expire_response_cache(self):
        obj_id = self.get_object_id()
        expire_cache_id = '{}_{}'.format(obj_id, '*')
        key = self.RESP_CACHE_KEY.format(expire_cache_id)
        cache.delete_pattern(key)

    def get_response_key(self):
        resp_cache_id = self.get_response_cache_id()
        key = self.RESP_CACHE_KEY.format(resp_cache_id)
        return key

    def set_response_to_cache(self, response):
        key = self.get_response_key()
        cache.set(key, response.data, self.CACHE_TIME)
        logger.debug("Set response to cache: {}".format(key))

    def get(self, request, *args, **kwargs):
        self.cache_policy = request.GET.get('cache_policy', '0')

        obj = self._get_object()
        if obj is None:
            logger.debug("Not get response from cache: obj is none")
            return super().get(request, *args, **kwargs)

        if AssetPermissionUtil.is_not_using_cache(self.cache_policy):
            logger.debug("Not get resp from cache: {}".format(self.cache_policy))
            return super().get(request, *args, **kwargs)
        elif AssetPermissionUtil.is_refresh_cache(self.cache_policy):
            logger.debug("Not get resp from cache: {}".format(self.cache_policy))
            self.expire_response_cache()

        logger.debug("Try get response from cache")
        resp = self.get_response_from_cache()
        if not resp:
            resp = super().get(request, *args, **kwargs)
            self.set_response_to_cache(resp)
        return resp


class UserGrantedAssetsApi(UserPermissionCacheMixin, AssetsFilterMixin, ListAPIView):
    """
    用户授权的所有资产
    """
    permission_classes = (IsOrgAdminOrAppUser,)
    serializer_class = serializers.AssetGrantedSerializer
    pagination_class = LimitOffsetPagination

    def get_object(self):
        user_id = self.kwargs.get('pk', '')
        if user_id:
            user = get_object_or_404(User, id=user_id)
        else:
            user = self.request.user
        return user

    def get_queryset(self):
        queryset = []
        user = self.get_object()
        util = AssetPermissionUtil(user, cache_policy=self.cache_policy)
        assets = util.get_assets()
        for k, v in assets.items():
            system_users_granted = []
            for system_user, actions in v.items():
                system_user.actions = actions
                system_users_granted.append(system_user)
            k.system_users_granted = system_users_granted
            queryset.append(k)
        return queryset

    def get_permissions(self):
        if self.kwargs.get('pk') is None:
            self.permission_classes = (IsValidUser,)
        return super().get_permissions()


class UserGrantedNodesApi(UserPermissionCacheMixin, ListAPIView):
    """
    查询用户授权的所有节点的API, 如果是超级用户或者是 app，切换到root org
    """
    permission_classes = (IsOrgAdminOrAppUser,)
    serializer_class = NodeSerializer

    def get_object(self):
        user_id = self.kwargs.get('pk', '')
        if user_id:
            user = get_object_or_404(User, id=user_id)
        else:
            user = self.request.user
        return user

    def get_queryset(self):
        user = self.get_object()
        util = AssetPermissionUtil(user, cache_policy=self.cache_policy)
        nodes = util.get_nodes_with_assets()
        return nodes.keys()

    def get_permissions(self):
        if self.kwargs.get('pk') is None:
            self.permission_classes = (IsValidUser,)
        return super().get_permissions()


class UserGrantedNodesWithAssetsApi(UserPermissionCacheMixin, AssetsFilterMixin, ListAPIView):
    """
    用户授权的节点并带着节点下资产的api
    """
    permission_classes = (IsOrgAdminOrAppUser,)
    serializer_class = serializers.NodeGrantedSerializer

    def get_object(self):
        user_id = self.kwargs.get('pk', '')
        if not user_id:
            user = self.request.user
        else:
            user = get_object_or_404(User, id=user_id)
        return user

    def get_queryset(self):
        queryset = []
        user = self.get_object()
        util = AssetPermissionUtil(user, cache_policy=self.cache_policy)
        nodes = util.get_nodes_with_assets()
        for node, _assets in nodes.items():
            assets = _assets.keys()
            for k, v in _assets.items():
                k.system_users_granted = v
            node.assets_granted = assets
            queryset.append(node)
        return queryset

    def sort_assets(self, queryset):
        for node in queryset:
            node.assets_granted = super().sort_assets(node.assets_granted)
        return queryset

    def get_permissions(self):
        if self.kwargs.get('pk') is None:
            self.permission_classes = (IsValidUser,)
        return super().get_permissions()


class UserGrantedNodesWithAssetsAsTreeApi(UserPermissionCacheMixin, ListAPIView):
    serializer_class = TreeNodeSerializer
    permission_classes = (IsOrgAdminOrAppUser,)
    show_assets = True
    system_user_id = None

    def get_permissions(self):
        if self.kwargs.get('pk') is None:
            self.permission_classes = (IsValidUser,)
        return super().get_permissions()

    def get_object(self):
        user_id = self.kwargs.get('pk', '')
        if not user_id:
            user = self.request.user
        else:
            user = get_object_or_404(User, id=user_id)
        return user

    def get_queryset(self):
        queryset = []
        self.show_assets = self.request.query_params.get('show_assets', '1') == '1'
        self.system_user_id = self.request.query_params.get('system_user')
        user = self.get_object()
        util = AssetPermissionUtil(user, cache_policy=self.cache_policy)
        if self.system_user_id:
            util.filter_permissions(
                system_users=self.system_user_id
            )
        nodes = util.get_nodes_with_assets()
        for node, assets in nodes.items():
            data = parse_node_to_tree_node(node)
            queryset.append(data)
            if not self.show_assets:
                continue
            for asset, system_users in assets.items():
                data = parse_asset_to_tree_node(node, asset, system_users)
                queryset.append(data)
        return queryset


class UserGrantedNodeAssetsApi(UserPermissionCacheMixin, AssetsFilterMixin, ListAPIView):
    """
    查询用户授权的节点下的资产的api, 与上面api不同的是，只返回某个节点下的资产
    """
    permission_classes = (IsOrgAdminOrAppUser,)
    serializer_class = serializers.AssetGrantedSerializer
    pagination_class = LimitOffsetPagination

    def get_object(self):
        user_id = self.kwargs.get('pk', '')

        if user_id:
            user = get_object_or_404(User, id=user_id)
        else:
            user = self.request.user
        return user

    def get_queryset(self):
        user = self.get_object()
        node_id = self.kwargs.get('node_id')
        util = AssetPermissionUtil(user, cache_policy=self.cache_policy)
        nodes = util.get_nodes_with_assets()
        if str(node_id) == const.UNGROUPED_NODE_ID:
            node = util.tree.ungrouped_node
        else:
            node = get_object_or_404(Node, id=node_id)
        if node == util.tree.root_node:
            assets = util.get_assets()
        else:
            assets = nodes.get(node, [])
        for asset, system_users in assets.items():
            asset.system_users_granted = system_users

        assets = list(assets.keys())
        return assets

    def get_permissions(self):
        if self.kwargs.get('pk') is None:
            self.permission_classes = (IsValidUser,)
        return super().get_permissions()


class UserGrantedNodeChildrenApi(UserPermissionCacheMixin, ListAPIView):
    """
    获取用户自己授权节点下子节点的api
    """
    permission_classes = (IsValidUser,)
    serializer_class = serializers.AssetPermissionNodeSerializer

    def get_object(self):
        return self.request.user

    def get_children_queryset(self):
        user = self.get_object()
        util = AssetPermissionUtil(user, cache_policy=self.cache_policy)
        node_id = self.request.query_params.get('id')
        nodes_granted = util.get_nodes_with_assets()
        if not nodes_granted:
            return []
        root_nodes = [node for node in nodes_granted.keys() if node.is_root()]

        queryset = []
        if node_id and node_id in [str(node.id) for node in nodes_granted]:
            node = [node for node in nodes_granted if str(node.id) == node_id][0]
        elif len(root_nodes) == 1:
            node = root_nodes[0]
            node.assets_amount = len(nodes_granted[node])
            queryset.append(node)
        else:
            for node in root_nodes:
                node.assets_amount = len(nodes_granted[node])
                queryset.append(node)
            return queryset

        children = []
        for child in node.get_children():
            if child in nodes_granted:
                child.assets_amount = len(nodes_granted[node])
                children.append(child)
        children = sorted(children, key=lambda x: x.value)
        queryset.extend(children)
        fake_nodes = []
        for asset, system_users in nodes_granted[node].items():
            fake_node = asset.as_node()
            fake_node.assets_amount = 0
            system_users = [s for s in system_users if asset.has_protocol(s.protocol)]
            fake_node.asset.system_users_granted = system_users
            fake_node.key = node.key + ':0'
            fake_nodes.append(fake_node)
        fake_nodes = sorted(fake_nodes, key=lambda x: x.value)
        queryset.extend(fake_nodes)
        return queryset

    def get_search_queryset(self, keyword):
        user = self.get_object()
        util = AssetPermissionUtil(user, cache_policy=self.cache_policy)
        nodes_granted = util.get_nodes_with_assets()
        queryset = []
        for node, assets in nodes_granted.items():
            matched_assets = []
            node_matched = node.value.lower().find(keyword.lower()) >= 0
            asset_has_matched = False
            for asset, system_users in assets.items():
                asset_matched = (asset.hostname.lower().find(keyword.lower()) >= 0) \
                                or (asset.ip.find(keyword.lower()) >= 0)
                if node_matched or asset_matched:
                    asset_has_matched = True
                    fake_node = asset.as_node()
                    fake_node.assets_amount = 0
                    system_users = [s for s in system_users if
                                    asset.has_protocol(s.protocol)]
                    fake_node.asset.system_users_granted = system_users
                    fake_node.key = node.key + ':0'
                    matched_assets.append(fake_node)
            if asset_has_matched:
                node.assets_amount = len(matched_assets)
                queryset.append(node)
                queryset.extend(sorted(matched_assets, key=lambda x: x.value))
        return queryset

    def get_queryset(self):
        keyword = self.request.query_params.get('search')
        if keyword:
            return self.get_search_queryset(keyword)
        else:
            return self.get_children_queryset()


class ValidateUserAssetPermissionApi(UserPermissionCacheMixin, APIView):
    permission_classes = (IsOrgAdminOrAppUser,)

    def get(self, request, *args, **kwargs):
        user_id = request.query_params.get('user_id', '')
        asset_id = request.query_params.get('asset_id', '')
        system_id = request.query_params.get('system_user_id', '')
        action_name = request.query_params.get('action_name', '')

        user = get_object_or_404(User, id=user_id)
        asset = get_object_or_404(Asset, id=asset_id)
        su = get_object_or_404(SystemUser, id=system_id)
        action = get_object_or_404(Action, name=action_name)

        util = AssetPermissionUtil(user, cache_policy=self.cache_policy)
        granted_assets = util.get_assets()
        granted_system_users = granted_assets.get(asset, [])

        if su not in granted_system_users:
            return Response({'msg': False}, status=403)

        _su = next((s for s in granted_system_users if s.id == su.id), None)
        if not check_system_user_action(_su, action):
            return Response({'msg': False}, status=403)

        return Response({'msg': True}, status=200)


class GetUserAssetPermissionActionsApi(UserPermissionCacheMixin, RetrieveAPIView):
    permission_classes = (IsOrgAdminOrAppUser,)
    serializers_class = serializers.ActionsSerializer

    def get_object(self):
        user_id = self.request.query_params.get('user_id', '')
        asset_id = self.request.query_params.get('asset_id', '')
        system_id = self.request.query_params.get('system_user_id', '')

        user = get_object_or_404(User, id=user_id)
        asset = get_object_or_404(Asset, id=asset_id)
        su = get_object_or_404(SystemUser, id=system_id)

        util = AssetPermissionUtil(user, cache_policy=self.cache_policy)
        granted_assets = util.get_assets()
        granted_system_users = granted_assets.get(asset, {})

        if su not in granted_system_users:
            return {"actions": 0}
        return granted_system_users[su]
-												[Update] 用户资产添加缓存

											
										
										
											6 years ago
+								# -*- coding: utf-8 -*-
 								#
-												Stash

											
										
										
											6 years ago
+								import time
-												[Update] Debug cache

											
										
										
											6 years ago
+								import traceback
-												[Update] 用户权限增加cache

											
										
										
											6 years ago
+								from hashlib import md5
 								from django.core.cache import cache
 								from django.conf import settings
-												[Update] 用户资产添加缓存

											
										
										
											6 years ago
+								from django.shortcuts import get_object_or_404
 								from rest_framework.views import APIView, Response
 								from rest_framework.generics import (
-												ipython

											
										
										
											6 years ago
+								    ListAPIView, get_object_or_404, GenericAPIView, RetrieveAPIView
-												[Update] 用户资产添加缓存

											
										
										
											6 years ago
+								)
 								from rest_framework.pagination import LimitOffsetPagination
 								from common.permissions import IsValidUser, IsOrgAdminOrAppUser
 								from common.tree import TreeNodeSerializer
-												[Update] 用户权限增加cache

											
										
										
											6 years ago
+								from common.utils import get_logger
-												[Update] 用户资产添加缓存

											
										
										
											6 years ago
+								from ..utils import (
-												[Feature] 授权规则添加 actions 选项，控制用户对资产的操作行为 (#2610)

* [Feature] 1. perms actions - 添加 Action Model

* [Feature] 2. perms actions - 添加 Action API

* [Feature] 3. perms actions - 授权规则: 添加actions字段

* [Feature] 4. perms actions - 授权规则创建页面: 设置 actions 默认 all

* [Feature] 5. perms actions - 资产授权工具: 动态给system_user设置actions属性; 修改授权相关的API-serializer类: 添加actions字段值

* [Feature] 6. perms actions - 更新API(用户使用系统用户连接资产时权限校验): 添加actions校验

* [Feature] 7. perms actions - 迁移文件中为已经存在的perms添加默认的action

* [Feature] 8. perms actions - 创建授权规则时设置默认action(如果actions字段值为空)

* [Feature] 9. check actions - 修改校验用户资产权限API逻辑(添加actions校验)

* [Feature] 10. check actions - 修改注释

* [Feature] 11. check actions - 添加API: 获取用户指定资产和系统用户被授权的actions

* [Feature] 12. check actions - 添加翻译信息

											
										
										
											6 years ago
+								    AssetPermissionUtil, parse_asset_to_tree_node, parse_node_to_tree_node,
-												[Update] Debug cache

											
										
										
											6 years ago
+								    check_system_user_action,
-												[Update] 用户资产添加缓存

											
										
										
											6 years ago
+								)
-												[Update] Debug cache

											
										
										
											6 years ago
+								from ..hands import User, Asset, Node, SystemUser, NodeSerializer
-												[Update] 修改授权节点显示

											
										
										
											6 years ago
+								from .. import serializers, const
-												[Update] 用户授权相关API，如果需要切换到root org (#2803)

* [Update] 用户授权相关API，如果需要切换到root org

* [Update] 优化小问题

											
										
										
											6 years ago
+								from ..mixins import (
-												[Update] Debug cache

											
										
										
											6 years ago
+								    AssetsFilterMixin,
-												[Update] 用户授权相关API，如果需要切换到root org (#2803)

* [Update] 用户授权相关API，如果需要切换到root org

* [Update] 优化小问题

											
										
										
											6 years ago
+								)
-												[Feature] 授权规则添加 actions 选项，控制用户对资产的操作行为 (#2610)

* [Feature] 1. perms actions - 添加 Action Model

* [Feature] 2. perms actions - 添加 Action API

* [Feature] 3. perms actions - 授权规则: 添加actions字段

* [Feature] 4. perms actions - 授权规则创建页面: 设置 actions 默认 all

* [Feature] 5. perms actions - 资产授权工具: 动态给system_user设置actions属性; 修改授权相关的API-serializer类: 添加actions字段值

* [Feature] 6. perms actions - 更新API(用户使用系统用户连接资产时权限校验): 添加actions校验

* [Feature] 7. perms actions - 迁移文件中为已经存在的perms添加默认的action

* [Feature] 8. perms actions - 创建授权规则时设置默认action(如果actions字段值为空)

* [Feature] 9. check actions - 修改校验用户资产权限API逻辑(添加actions校验)

* [Feature] 10. check actions - 修改注释

* [Feature] 11. check actions - 添加API: 获取用户指定资产和系统用户被授权的actions

* [Feature] 12. check actions - 添加翻译信息

											
										
										
											6 years ago
+								from ..models import Action
-												[Update] 用户资产添加缓存

											
										
										
											6 years ago
-												[Update] 用户权限增加cache

											
										
										
											6 years ago
+								logger = get_logger(__name__)
-												[Update] 用户资产添加缓存

											
										
										
											6 years ago
 								__all__ = [
 								    'UserGrantedAssetsApi', 'UserGrantedNodesApi',
 								    'UserGrantedNodesWithAssetsApi', 'UserGrantedNodeAssetsApi',
 								    'ValidateUserAssetPermissionApi', 'UserGrantedNodeChildrenApi',
-												[Feature] 授权规则添加 actions 选项，控制用户对资产的操作行为 (#2610)

* [Feature] 1. perms actions - 添加 Action Model

* [Feature] 2. perms actions - 添加 Action API

* [Feature] 3. perms actions - 授权规则: 添加actions字段

* [Feature] 4. perms actions - 授权规则创建页面: 设置 actions 默认 all

* [Feature] 5. perms actions - 资产授权工具: 动态给system_user设置actions属性; 修改授权相关的API-serializer类: 添加actions字段值

* [Feature] 6. perms actions - 更新API(用户使用系统用户连接资产时权限校验): 添加actions校验

* [Feature] 7. perms actions - 迁移文件中为已经存在的perms添加默认的action

* [Feature] 8. perms actions - 创建授权规则时设置默认action(如果actions字段值为空)

* [Feature] 9. check actions - 修改校验用户资产权限API逻辑(添加actions校验)

* [Feature] 10. check actions - 修改注释

* [Feature] 11. check actions - 添加API: 获取用户指定资产和系统用户被授权的actions

* [Feature] 12. check actions - 添加翻译信息

											
										
										
											6 years ago
+								    'UserGrantedNodesWithAssetsAsTreeApi', 'GetUserAssetPermissionActionsApi',
-												[Update] 用户资产添加缓存

											
										
										
											6 years ago
+								]
-												[Update] 更新缓存机制

											
										
										
											6 years ago
+								class UserPermissionCacheMixin:
-												[Update] 用户资产添加缓存

											
										
										
											6 years ago
+								    cache_policy = '0'
-												[Update] 用户权限增加cache

											
										
										
											6 years ago
+								    RESP_CACHE_KEY = '_PERMISSION_RESPONSE_CACHE_{}'
 								    CACHE_TIME = settings.ASSETS_PERM_CACHE_TIME
-												[Update] 更新缓存机制

											
										
										
											6 years ago
+								    _object = None
-												[Update] 用户资产添加缓存

											
										
										
											6 years ago
-												[Update] 完成

											
										
										
											6 years ago
+								    def get_object(self):
-												[Update] 用户权限增加cache

											
										
										
											6 years ago
+								        return None
-												[Update] 更新缓存机制

											
										
										
											6 years ago
+								    # 内部使用可控制缓存
 								    def _get_object(self):
 								        if not self._object:
 								            self._object = self.get_object()
 								        return self._object
-												[Update] 完成

											
										
										
											6 years ago
-												[Update] 更新缓存机制

											
										
										
											6 years ago
+								    def get_object_id(self):
 								        obj = self._get_object()
 								        if obj:
 								            return str(obj.id)
 								        return None
 								    def get_request_md5(self):
-												[Bugfix] 修复用户页面不走cache的bug

											
										
										
											6 years ago
+								        path = self.request.path
 								        query = {k: v for k, v in self.request.GET.items()}
 								        query.pop("_", None)
 								        query = "&".join(["{}={}".format(k, v) for k, v in query.items()])
 								        full_path = "{}?{}".format(path, query)
-												[Update] 更新缓存机制

											
										
										
											6 years ago
+								        return md5(full_path.encode()).hexdigest()
-												[Update] 完成

											
										
										
											6 years ago
-												[Update] 更新缓存机制

											
										
										
											6 years ago
+								    def get_meta_cache_id(self):
 								        obj = self._get_object()
-												[Update] 用户权限增加cache

											
										
										
											6 years ago
+								        util = AssetPermissionUtil(obj, cache_policy=self.cache_policy)
-												[Update] 完成

											
										
										
											6 years ago
+								        meta_cache_id = util.cache_meta.get('id')
-												[Update] 更新缓存机制

											
										
										
											6 years ago
+								        return meta_cache_id
 								    def get_response_cache_id(self):
 								        obj_id = self.get_object_id()
 								        request_md5 = self.get_request_md5()
 								        meta_cache_id = self.get_meta_cache_id()
 								        resp_cache_id = '{}_{}_{}'.format(obj_id, request_md5, meta_cache_id)
-												[Update] Debug cache

											
										
										
											6 years ago
+								        resp_cache_id = md5(resp_cache_id.encode()).hexdigest()
-												[Update] 更新缓存机制

											
										
										
											6 years ago
+								        return resp_cache_id
 								    def get_response_from_cache(self):
-												[Update] 完成

											
										
										
											6 years ago
+								        # 没有数据缓冲
-												[Update] 更新缓存机制

											
										
										
											6 years ago
+								        meta_cache_id = self.get_meta_cache_id()
-												[Update] 完成

											
										
										
											6 years ago
+								        if not meta_cache_id:
-												[Update] Debug cache

											
										
										
											6 years ago
+								            logger.debug("Not get meta id: {}".format(meta_cache_id))
-												[Update] 用户权限增加cache

											
										
										
											6 years ago
+								            return None
-												[Update] 更新缓存机制

											
										
										
											6 years ago
+								        # 从响应缓冲里获取响应
-												[Update] Debug cache

											
										
										
											6 years ago
+								        key = self.get_response_key()
-												[Update] 用户权限增加cache

											
										
										
											6 years ago
+								        data = cache.get(key)
 								        if not data:
-												[Update] Debug cache

											
										
										
											6 years ago
+								            logger.debug("Not get response from cache: {}".format(key))
-												[Update] 用户权限增加cache

											
										
										
											6 years ago
+								            return None
-												[Update] 更新缓存机制

											
										
										
											6 years ago
+								        logger.debug("Get user permission from cache: {}".format(self.get_object()))
 								        response = Response(data)
 								        return response
-												[Update] 用户权限增加cache

											
										
										
											6 years ago
-												[Update] 更新缓存机制

											
										
										
											6 years ago
+								    def expire_response_cache(self):
 								        obj_id = self.get_object_id()
 								        expire_cache_id = '{}_{}'.format(obj_id, '*')
 								        key = self.RESP_CACHE_KEY.format(expire_cache_id)
 								        cache.delete_pattern(key)
-												[Update] 用户权限增加cache

											
										
										
											6 years ago
-												[Update] Debug cache

											
										
										
											6 years ago
+								    def get_response_key(self):
-												[Update] 更新缓存机制

											
										
										
											6 years ago
+								        resp_cache_id = self.get_response_cache_id()
 								        key = self.RESP_CACHE_KEY.format(resp_cache_id)
-												[Update] Debug cache

											
										
										
											6 years ago
+								        return key
 								    def set_response_to_cache(self, response):
 								        key = self.get_response_key()
-												[Update] 用户权限增加cache

											
										
										
											6 years ago
+								        cache.set(key, response.data, self.CACHE_TIME)
-												[Update] Debug cache

											
										
										
											6 years ago
+								        logger.debug("Set response to cache: {}".format(key))
-												[Update] 用户资产添加缓存

											
										
										
											6 years ago
-												[Update] 更新缓存机制

											
										
										
											6 years ago
+								    def get(self, request, *args, **kwargs):
 								        self.cache_policy = request.GET.get('cache_policy', '0')
 								        obj = self._get_object()
 								        if obj is None:
-												[Update] Debug cache

											
										
										
											6 years ago
+								            logger.debug("Not get response from cache: obj is none")
-												[Update] 更新缓存机制

											
										
										
											6 years ago
+								            return super().get(request, *args, **kwargs)
 								        if AssetPermissionUtil.is_not_using_cache(self.cache_policy):
-												[Update] Debug cache

											
										
										
											6 years ago
+								            logger.debug("Not get resp from cache: {}".format(self.cache_policy))
-												[Update] 更新缓存机制

											
										
										
											6 years ago
+								            return super().get(request, *args, **kwargs)
 								        elif AssetPermissionUtil.is_refresh_cache(self.cache_policy):
-												[Update] Debug cache

											
										
										
											6 years ago
+								            logger.debug("Not get resp from cache: {}".format(self.cache_policy))
-												[Update] 更新缓存机制

											
										
										
											6 years ago
+								            self.expire_response_cache()
-												[Update] Debug cache

											
										
										
											6 years ago
+								        logger.debug("Try get response from cache")
-												[Update] 更新缓存机制

											
										
										
											6 years ago
+								        resp = self.get_response_from_cache()
 								        if not resp:
 								            resp = super().get(request, *args, **kwargs)
 								            self.set_response_to_cache(resp)
 								        return resp
-												[Update] 用户资产添加缓存

											
										
										
											6 years ago
-												[Update] 更新缓存机制

											
										
										
											6 years ago
 								class UserGrantedAssetsApi(UserPermissionCacheMixin, AssetsFilterMixin, ListAPIView):
-												[Update] 用户资产添加缓存

											
										
										
											6 years ago
+								    """
 								    用户授权的所有资产
 								    """
 								    permission_classes = (IsOrgAdminOrAppUser,)
-												[Update] 修改用户有权限的资产

											
										
										
											6 years ago
+								    serializer_class = serializers.AssetGrantedSerializer
-												[Update] 用户资产添加缓存

											
										
										
											6 years ago
+								    pagination_class = LimitOffsetPagination
-												[Update] 用户权限增加cache

											
										
										
											6 years ago
+								    def get_object(self):
-												[Update] 用户资产添加缓存

											
										
										
											6 years ago
+								        user_id = self.kwargs.get('pk', '')
 								        if user_id:
 								            user = get_object_or_404(User, id=user_id)
 								        else:
 								            user = self.request.user
-												[Update] 用户权限增加cache

											
										
										
											6 years ago
+								        return user
-												[Update] 用户资产添加缓存

											
										
										
											6 years ago
-												[Update] 用户权限增加cache

											
										
										
											6 years ago
+								    def get_queryset(self):
 								        queryset = []
 								        user = self.get_object()
-												[Update] 用户资产添加缓存

											
										
										
											6 years ago
+								        util = AssetPermissionUtil(user, cache_policy=self.cache_policy)
 								        assets = util.get_assets()
 								        for k, v in assets.items():
-												[Update] 修改用户有权限的资产

											
										
										
											6 years ago
+								            system_users_granted = []
 								            for system_user, actions in v.items():
 								                system_user.actions = actions
 								                system_users_granted.append(system_user)
-												[Update] 用户资产添加缓存

											
										
										
											6 years ago
+								            k.system_users_granted = system_users_granted
 								            queryset.append(k)
 								        return queryset
 								    def get_permissions(self):
 								        if self.kwargs.get('pk') is None:
 								            self.permission_classes = (IsValidUser,)
 								        return super().get_permissions()
-												[Update] 更新缓存机制

											
										
										
											6 years ago
+								class UserGrantedNodesApi(UserPermissionCacheMixin, ListAPIView):
-												[Update] 用户资产添加缓存

											
										
										
											6 years ago
+								    """
 								    查询用户授权的所有节点的API, 如果是超级用户或者是 app，切换到root org
 								    """
 								    permission_classes = (IsOrgAdminOrAppUser,)
 								    serializer_class = NodeSerializer
-												[Update] 用户权限增加cache

											
										
										
											6 years ago
+								    def get_object(self):
-												[Update] 用户资产添加缓存

											
										
										
											6 years ago
+								        user_id = self.kwargs.get('pk', '')
 								        if user_id:
 								            user = get_object_or_404(User, id=user_id)
 								        else:
 								            user = self.request.user
-												[Update] 用户权限增加cache

											
										
										
											6 years ago
+								        return user
 								    def get_queryset(self):
 								        user = self.get_object()
-												[Update] 用户资产添加缓存

											
										
										
											6 years ago
+								        util = AssetPermissionUtil(user, cache_policy=self.cache_policy)
 								        nodes = util.get_nodes_with_assets()
 								        return nodes.keys()
 								    def get_permissions(self):
 								        if self.kwargs.get('pk') is None:
 								            self.permission_classes = (IsValidUser,)
 								        return super().get_permissions()
-												[Update] 更新缓存机制

											
										
										
											6 years ago
+								class UserGrantedNodesWithAssetsApi(UserPermissionCacheMixin, AssetsFilterMixin, ListAPIView):
-												[Update] 用户资产添加缓存

											
										
										
											6 years ago
+								    """
 								    用户授权的节点并带着节点下资产的api
 								    """
 								    permission_classes = (IsOrgAdminOrAppUser,)
 								    serializer_class = serializers.NodeGrantedSerializer
-												[Update] 用户权限增加cache

											
										
										
											6 years ago
+								    def get_object(self):
-												[Update] 用户资产添加缓存

											
										
										
											6 years ago
+								        user_id = self.kwargs.get('pk', '')
 								        if not user_id:
 								            user = self.request.user
 								        else:
 								            user = get_object_or_404(User, id=user_id)
-												[Update] 用户权限增加cache

											
										
										
											6 years ago
+								        return user
-												[Update] 用户资产添加缓存

											
										
										
											6 years ago
-												[Update] 用户权限增加cache

											
										
										
											6 years ago
+								    def get_queryset(self):
 								        queryset = []
 								        user = self.get_object()
-												[Update] 用户资产添加缓存

											
										
										
											6 years ago
+								        util = AssetPermissionUtil(user, cache_policy=self.cache_policy)
 								        nodes = util.get_nodes_with_assets()
 								        for node, _assets in nodes.items():
 								            assets = _assets.keys()
 								            for k, v in _assets.items():
-												[Update] 修改serializer

											
										
										
											6 years ago
+								                k.system_users_granted = v
-												[Update] 用户资产添加缓存

											
										
										
											6 years ago
+								            node.assets_granted = assets
 								            queryset.append(node)
 								        return queryset
 								    def sort_assets(self, queryset):
 								        for node in queryset:
 								            node.assets_granted = super().sort_assets(node.assets_granted)
 								        return queryset
 								    def get_permissions(self):
 								        if self.kwargs.get('pk') is None:
 								            self.permission_classes = (IsValidUser,)
 								        return super().get_permissions()
-												[Update] 更新缓存机制

											
										
										
											6 years ago
+								class UserGrantedNodesWithAssetsAsTreeApi(UserPermissionCacheMixin, ListAPIView):
-												[Update] 用户资产添加缓存

											
										
										
											6 years ago
+								    serializer_class = TreeNodeSerializer
 								    permission_classes = (IsOrgAdminOrAppUser,)
 								    show_assets = True
 								    system_user_id = None
 								    def get_permissions(self):
 								        if self.kwargs.get('pk') is None:
 								            self.permission_classes = (IsValidUser,)
 								        return super().get_permissions()
-												[Update] 用户权限增加cache

											
										
										
											6 years ago
+								    def get_object(self):
-												[Update] 用户资产添加缓存

											
										
										
											6 years ago
+								        user_id = self.kwargs.get('pk', '')
 								        if not user_id:
 								            user = self.request.user
 								        else:
 								            user = get_object_or_404(User, id=user_id)
-												[Update] 用户权限增加cache

											
										
										
											6 years ago
+								        return user
 								    def get_queryset(self):
 								        queryset = []
-												[Update] 更新缓存机制

											
										
										
											6 years ago
+								        self.show_assets = self.request.query_params.get('show_assets', '1') == '1'
 								        self.system_user_id = self.request.query_params.get('system_user')
-												[Update] 用户权限增加cache

											
										
										
											6 years ago
+								        user = self.get_object()
-												[Update] 用户资产添加缓存

											
										
										
											6 years ago
+								        util = AssetPermissionUtil(user, cache_policy=self.cache_policy)
 								        if self.system_user_id:
-												[Update] 更新缓存机制

											
										
										
											6 years ago
+								            util.filter_permissions(
 								                system_users=self.system_user_id
-												[Update] 用户权限增加cache

											
										
										
											6 years ago
+								            )
-												[Update] 用户资产添加缓存

											
										
										
											6 years ago
+								        nodes = util.get_nodes_with_assets()
 								        for node, assets in nodes.items():
 								            data = parse_node_to_tree_node(node)
 								            queryset.append(data)
 								            if not self.show_assets:
 								                continue
 								            for asset, system_users in assets.items():
 								                data = parse_asset_to_tree_node(node, asset, system_users)
 								                queryset.append(data)
 								        return queryset
-												[Update] 更新缓存机制

											
										
										
											6 years ago
+								class UserGrantedNodeAssetsApi(UserPermissionCacheMixin, AssetsFilterMixin, ListAPIView):
-												[Update] 用户资产添加缓存

											
										
										
											6 years ago
+								    """
 								    查询用户授权的节点下的资产的api, 与上面api不同的是，只返回某个节点下的资产
 								    """
 								    permission_classes = (IsOrgAdminOrAppUser,)
-												[Update] 修改用户有权限的资产

											
										
										
											6 years ago
+								    serializer_class = serializers.AssetGrantedSerializer
-												[Update] 用户资产添加缓存

											
										
										
											6 years ago
+								    pagination_class = LimitOffsetPagination
-												[Update] 用户权限增加cache

											
										
										
											6 years ago
+								    def get_object(self):
-												[Update] 用户资产添加缓存

											
										
										
											6 years ago
+								        user_id = self.kwargs.get('pk', '')
 								        if user_id:
 								            user = get_object_or_404(User, id=user_id)
 								        else:
 								            user = self.request.user
-												[Update] 用户权限增加cache

											
										
										
											6 years ago
+								        return user
 								    def get_queryset(self):
 								        user = self.get_object()
 								        node_id = self.kwargs.get('node_id')
-												[Update] 用户资产添加缓存

											
										
										
											6 years ago
+								        util = AssetPermissionUtil(user, cache_policy=self.cache_policy)
-												[Update] 修改serializer

											
										
										
											6 years ago
+								        nodes = util.get_nodes_with_assets()
-												[Update] 修改授权节点显示

											
										
										
											6 years ago
+								        if str(node_id) == const.UNGROUPED_NODE_ID:
 								            node = util.tree.ungrouped_node
 								        else:
 								            node = get_object_or_404(Node, id=node_id)
 								        if node == util.tree.root_node:
 								            assets = util.get_assets()
 								        else:
 								            assets = nodes.get(node, [])
-												[Update] 用户资产添加缓存

											
										
										
											6 years ago
+								        for asset, system_users in assets.items():
 								            asset.system_users_granted = system_users
 								        assets = list(assets.keys())
 								        return assets
 								    def get_permissions(self):
 								        if self.kwargs.get('pk') is None:
 								            self.permission_classes = (IsValidUser,)
 								        return super().get_permissions()
-												[Update] 更新缓存机制

											
										
										
											6 years ago
+								class UserGrantedNodeChildrenApi(UserPermissionCacheMixin, ListAPIView):
-												[Update] 用户资产添加缓存

											
										
										
											6 years ago
+								    """
 								    获取用户自己授权节点下子节点的api
 								    """
 								    permission_classes = (IsValidUser,)
 								    serializer_class = serializers.AssetPermissionNodeSerializer
-												[Update] 用户权限增加cache

											
										
										
											6 years ago
+								    def get_object(self):
 								        return self.request.user
-												[Update] 用户资产添加缓存

											
										
										
											6 years ago
+								    def get_children_queryset(self):
-												[Update] 用户权限增加cache

											
										
										
											6 years ago
+								        user = self.get_object()
 								        util = AssetPermissionUtil(user, cache_policy=self.cache_policy)
-												[Update] 用户资产添加缓存

											
										
										
											6 years ago
+								        node_id = self.request.query_params.get('id')
 								        nodes_granted = util.get_nodes_with_assets()
 								        if not nodes_granted:
 								            return []
 								        root_nodes = [node for node in nodes_granted.keys() if node.is_root()]
 								        queryset = []
 								        if node_id and node_id in [str(node.id) for node in nodes_granted]:
 								            node = [node for node in nodes_granted if str(node.id) == node_id][0]
 								        elif len(root_nodes) == 1:
 								            node = root_nodes[0]
 								            node.assets_amount = len(nodes_granted[node])
 								            queryset.append(node)
 								        else:
 								            for node in root_nodes:
 								                node.assets_amount = len(nodes_granted[node])
 								                queryset.append(node)
 								            return queryset
 								        children = []
 								        for child in node.get_children():
 								            if child in nodes_granted:
 								                child.assets_amount = len(nodes_granted[node])
 								                children.append(child)
 								        children = sorted(children, key=lambda x: x.value)
 								        queryset.extend(children)
 								        fake_nodes = []
 								        for asset, system_users in nodes_granted[node].items():
 								            fake_node = asset.as_node()
 								            fake_node.assets_amount = 0
-												Dev ansible windows 2 (#2783)

* [Update] 改密支持windows

* [Update] 修改asset表结构

* [Feature] Windows支持批量改密、测试可连接性等功能

* [Update] 处理创建资产时labels的问题

* [Update] 优化测试管理系统、系统用户可连接性任务执行逻辑

* [Update] 优化ansible任务逻辑；添加自动推送rdp系统用户功能

* [Update] 添加翻译

* [Update] 优化ansible任务逻辑(测试系统用户可连接性, 通过协议过滤资产)

* [Update] 更新翻译

* [Update] 更新翻译

* [Update] 推送windows系统用户，默认添加到Users、Remote Desktop Users组中

* [Update] 优化小细节

* [Update] 更新翻译，删除多余代码

* [Update] 更新翻译信息

											
										
										
											6 years ago
+								            system_users = [s for s in system_users if asset.has_protocol(s.protocol)]
-												[Update] 用户资产添加缓存

											
										
										
											6 years ago
+								            fake_node.asset.system_users_granted = system_users
 								            fake_node.key = node.key + ':0'
 								            fake_nodes.append(fake_node)
 								        fake_nodes = sorted(fake_nodes, key=lambda x: x.value)
 								        queryset.extend(fake_nodes)
 								        return queryset
 								    def get_search_queryset(self, keyword):
-												[Update] 用户权限增加cache

											
										
										
											6 years ago
+								        user = self.get_object()
 								        util = AssetPermissionUtil(user, cache_policy=self.cache_policy)
-												[Update] 用户资产添加缓存

											
										
										
											6 years ago
+								        nodes_granted = util.get_nodes_with_assets()
 								        queryset = []
 								        for node, assets in nodes_granted.items():
 								            matched_assets = []
 								            node_matched = node.value.lower().find(keyword.lower()) >= 0
 								            asset_has_matched = False
 								            for asset, system_users in assets.items():
 								                asset_matched = (asset.hostname.lower().find(keyword.lower()) >= 0) \
 								                                or (asset.ip.find(keyword.lower()) >= 0)
 								                if node_matched or asset_matched:
 								                    asset_has_matched = True
 								                    fake_node = asset.as_node()
 								                    fake_node.assets_amount = 0
 								                    system_users = [s for s in system_users if
-												Dev ansible windows 2 (#2783)

* [Update] 改密支持windows

* [Update] 修改asset表结构

* [Feature] Windows支持批量改密、测试可连接性等功能

* [Update] 处理创建资产时labels的问题

* [Update] 优化测试管理系统、系统用户可连接性任务执行逻辑

* [Update] 优化ansible任务逻辑；添加自动推送rdp系统用户功能

* [Update] 添加翻译

* [Update] 优化ansible任务逻辑(测试系统用户可连接性, 通过协议过滤资产)

* [Update] 更新翻译

* [Update] 更新翻译

* [Update] 推送windows系统用户，默认添加到Users、Remote Desktop Users组中

* [Update] 优化小细节

* [Update] 更新翻译，删除多余代码

* [Update] 更新翻译信息

											
										
										
											6 years ago
+								                                    asset.has_protocol(s.protocol)]
-												[Update] 用户资产添加缓存

											
										
										
											6 years ago
+								                    fake_node.asset.system_users_granted = system_users
 								                    fake_node.key = node.key + ':0'
 								                    matched_assets.append(fake_node)
 								            if asset_has_matched:
 								                node.assets_amount = len(matched_assets)
 								                queryset.append(node)
 								                queryset.extend(sorted(matched_assets, key=lambda x: x.value))
 								        return queryset
 								    def get_queryset(self):
 								        keyword = self.request.query_params.get('search')
 								        if keyword:
 								            return self.get_search_queryset(keyword)
 								        else:
 								            return self.get_children_queryset()
-												[Update] 更新缓存机制

											
										
										
											6 years ago
+								class ValidateUserAssetPermissionApi(UserPermissionCacheMixin, APIView):
-												[Update] 用户资产添加缓存

											
										
										
											6 years ago
+								    permission_classes = (IsOrgAdminOrAppUser,)
-												[Update] 用户权限增加cache

											
										
										
											6 years ago
+								    def get(self, request, *args, **kwargs):
-												[Update] 用户资产添加缓存

											
										
										
											6 years ago
+								        user_id = request.query_params.get('user_id', '')
 								        asset_id = request.query_params.get('asset_id', '')
 								        system_id = request.query_params.get('system_user_id', '')
-												[Feature] 授权规则添加 actions 选项，控制用户对资产的操作行为 (#2610)

* [Feature] 1. perms actions - 添加 Action Model

* [Feature] 2. perms actions - 添加 Action API

* [Feature] 3. perms actions - 授权规则: 添加actions字段

* [Feature] 4. perms actions - 授权规则创建页面: 设置 actions 默认 all

* [Feature] 5. perms actions - 资产授权工具: 动态给system_user设置actions属性; 修改授权相关的API-serializer类: 添加actions字段值

* [Feature] 6. perms actions - 更新API(用户使用系统用户连接资产时权限校验): 添加actions校验

* [Feature] 7. perms actions - 迁移文件中为已经存在的perms添加默认的action

* [Feature] 8. perms actions - 创建授权规则时设置默认action(如果actions字段值为空)

* [Feature] 9. check actions - 修改校验用户资产权限API逻辑(添加actions校验)

* [Feature] 10. check actions - 修改注释

* [Feature] 11. check actions - 添加API: 获取用户指定资产和系统用户被授权的actions

* [Feature] 12. check actions - 添加翻译信息

											
										
										
											6 years ago
+								        action_name = request.query_params.get('action_name', '')
-												[Update] 用户资产添加缓存

											
										
										
											6 years ago
 								        user = get_object_or_404(User, id=user_id)
 								        asset = get_object_or_404(Asset, id=asset_id)
-												[Feature] 授权规则添加 actions 选项，控制用户对资产的操作行为 (#2610)

* [Feature] 1. perms actions - 添加 Action Model

* [Feature] 2. perms actions - 添加 Action API

* [Feature] 3. perms actions - 授权规则: 添加actions字段

* [Feature] 4. perms actions - 授权规则创建页面: 设置 actions 默认 all

* [Feature] 5. perms actions - 资产授权工具: 动态给system_user设置actions属性; 修改授权相关的API-serializer类: 添加actions字段值

* [Feature] 6. perms actions - 更新API(用户使用系统用户连接资产时权限校验): 添加actions校验

* [Feature] 7. perms actions - 迁移文件中为已经存在的perms添加默认的action

* [Feature] 8. perms actions - 创建授权规则时设置默认action(如果actions字段值为空)

* [Feature] 9. check actions - 修改校验用户资产权限API逻辑(添加actions校验)

* [Feature] 10. check actions - 修改注释

* [Feature] 11. check actions - 添加API: 获取用户指定资产和系统用户被授权的actions

* [Feature] 12. check actions - 添加翻译信息

											
										
										
											6 years ago
+								        su = get_object_or_404(SystemUser, id=system_id)
 								        action = get_object_or_404(Action, name=action_name)
-												[Update] 用户资产添加缓存

											
										
										
											6 years ago
 								        util = AssetPermissionUtil(user, cache_policy=self.cache_policy)
-												[Feature] 授权规则添加 actions 选项，控制用户对资产的操作行为 (#2610)

* [Feature] 1. perms actions - 添加 Action Model

* [Feature] 2. perms actions - 添加 Action API

* [Feature] 3. perms actions - 授权规则: 添加actions字段

* [Feature] 4. perms actions - 授权规则创建页面: 设置 actions 默认 all

* [Feature] 5. perms actions - 资产授权工具: 动态给system_user设置actions属性; 修改授权相关的API-serializer类: 添加actions字段值

* [Feature] 6. perms actions - 更新API(用户使用系统用户连接资产时权限校验): 添加actions校验

* [Feature] 7. perms actions - 迁移文件中为已经存在的perms添加默认的action

* [Feature] 8. perms actions - 创建授权规则时设置默认action(如果actions字段值为空)

* [Feature] 9. check actions - 修改校验用户资产权限API逻辑(添加actions校验)

* [Feature] 10. check actions - 修改注释

* [Feature] 11. check actions - 添加API: 获取用户指定资产和系统用户被授权的actions

* [Feature] 12. check actions - 添加翻译信息

											
										
										
											6 years ago
+								        granted_assets = util.get_assets()
 								        granted_system_users = granted_assets.get(asset, [])
 								        if su not in granted_system_users:
 								            return Response({'msg': False}, status=403)
 								        _su = next((s for s in granted_system_users if s.id == su.id), None)
 								        if not check_system_user_action(_su, action):
-												[Update] 用户资产添加缓存

											
										
										
											6 years ago
+								            return Response({'msg': False}, status=403)
-												[Feature] 授权规则添加 actions 选项，控制用户对资产的操作行为 (#2610)

* [Feature] 1. perms actions - 添加 Action Model

* [Feature] 2. perms actions - 添加 Action API

* [Feature] 3. perms actions - 授权规则: 添加actions字段

* [Feature] 4. perms actions - 授权规则创建页面: 设置 actions 默认 all

* [Feature] 5. perms actions - 资产授权工具: 动态给system_user设置actions属性; 修改授权相关的API-serializer类: 添加actions字段值

* [Feature] 6. perms actions - 更新API(用户使用系统用户连接资产时权限校验): 添加actions校验

* [Feature] 7. perms actions - 迁移文件中为已经存在的perms添加默认的action

* [Feature] 8. perms actions - 创建授权规则时设置默认action(如果actions字段值为空)

* [Feature] 9. check actions - 修改校验用户资产权限API逻辑(添加actions校验)

* [Feature] 10. check actions - 修改注释

* [Feature] 11. check actions - 添加API: 获取用户指定资产和系统用户被授权的actions

* [Feature] 12. check actions - 添加翻译信息

											
										
										
											6 years ago
+								        return Response({'msg': True}, status=200)
-												ipython

											
										
										
											6 years ago
+								class GetUserAssetPermissionActionsApi(UserPermissionCacheMixin, RetrieveAPIView):
-												[Feature] 授权规则添加 actions 选项，控制用户对资产的操作行为 (#2610)

* [Feature] 1. perms actions - 添加 Action Model

* [Feature] 2. perms actions - 添加 Action API

* [Feature] 3. perms actions - 授权规则: 添加actions字段

* [Feature] 4. perms actions - 授权规则创建页面: 设置 actions 默认 all

* [Feature] 5. perms actions - 资产授权工具: 动态给system_user设置actions属性; 修改授权相关的API-serializer类: 添加actions字段值

* [Feature] 6. perms actions - 更新API(用户使用系统用户连接资产时权限校验): 添加actions校验

* [Feature] 7. perms actions - 迁移文件中为已经存在的perms添加默认的action

* [Feature] 8. perms actions - 创建授权规则时设置默认action(如果actions字段值为空)

* [Feature] 9. check actions - 修改校验用户资产权限API逻辑(添加actions校验)

* [Feature] 10. check actions - 修改注释

* [Feature] 11. check actions - 添加API: 获取用户指定资产和系统用户被授权的actions

* [Feature] 12. check actions - 添加翻译信息

											
										
										
											6 years ago
+								    permission_classes = (IsOrgAdminOrAppUser,)
-												ipython

											
										
										
											6 years ago
+								    serializers_class = serializers.ActionsSerializer
-												[Feature] 授权规则添加 actions 选项，控制用户对资产的操作行为 (#2610)

* [Feature] 1. perms actions - 添加 Action Model

* [Feature] 2. perms actions - 添加 Action API

* [Feature] 3. perms actions - 授权规则: 添加actions字段

* [Feature] 4. perms actions - 授权规则创建页面: 设置 actions 默认 all

* [Feature] 5. perms actions - 资产授权工具: 动态给system_user设置actions属性; 修改授权相关的API-serializer类: 添加actions字段值

* [Feature] 6. perms actions - 更新API(用户使用系统用户连接资产时权限校验): 添加actions校验

* [Feature] 7. perms actions - 迁移文件中为已经存在的perms添加默认的action

* [Feature] 8. perms actions - 创建授权规则时设置默认action(如果actions字段值为空)

* [Feature] 9. check actions - 修改校验用户资产权限API逻辑(添加actions校验)

* [Feature] 10. check actions - 修改注释

* [Feature] 11. check actions - 添加API: 获取用户指定资产和系统用户被授权的actions

* [Feature] 12. check actions - 添加翻译信息

											
										
										
											6 years ago
-												ipython

											
										
										
											6 years ago
+								    def get_object(self):
 								        user_id = self.request.query_params.get('user_id', '')
 								        asset_id = self.request.query_params.get('asset_id', '')
 								        system_id = self.request.query_params.get('system_user_id', '')
-												[Update] 用户资产添加缓存

											
										
										
											6 years ago
-												[Feature] 授权规则添加 actions 选项，控制用户对资产的操作行为 (#2610)

* [Feature] 1. perms actions - 添加 Action Model

* [Feature] 2. perms actions - 添加 Action API

* [Feature] 3. perms actions - 授权规则: 添加actions字段

* [Feature] 4. perms actions - 授权规则创建页面: 设置 actions 默认 all

* [Feature] 5. perms actions - 资产授权工具: 动态给system_user设置actions属性; 修改授权相关的API-serializer类: 添加actions字段值

* [Feature] 6. perms actions - 更新API(用户使用系统用户连接资产时权限校验): 添加actions校验

* [Feature] 7. perms actions - 迁移文件中为已经存在的perms添加默认的action

* [Feature] 8. perms actions - 创建授权规则时设置默认action(如果actions字段值为空)

* [Feature] 9. check actions - 修改校验用户资产权限API逻辑(添加actions校验)

* [Feature] 10. check actions - 修改注释

* [Feature] 11. check actions - 添加API: 获取用户指定资产和系统用户被授权的actions

* [Feature] 12. check actions - 添加翻译信息

											
										
										
											6 years ago
+								        user = get_object_or_404(User, id=user_id)
 								        asset = get_object_or_404(Asset, id=asset_id)
 								        su = get_object_or_404(SystemUser, id=system_id)
 								        util = AssetPermissionUtil(user, cache_policy=self.cache_policy)
 								        granted_assets = util.get_assets()
-												ipython

											
										
										
											6 years ago
+								        granted_system_users = granted_assets.get(asset, {})
-												[Feature] 添加功能 RemoteApp (#2706)

* [Feature] RemoteApp添加Model

* [Feature] RemoteApp添加ViewSet API

* [Feature] RemoteApp添加获取connection-info API

* [Feature] Perms模块修改目录结构

* [Feature] RemoteAppPermission添加Model

* [Feature] RemoteAppPermission添加ViewSet API

* [Feature] RemoteAppPermission添加用户/用户组获取被授权的RemoteApp API

* [Feature] RemoteAppPermission添加校验用户对RemoteApp的权限 API

* [Feature] RemoteAppPermission添加获取用户授权的RemoteApp树 API

* [Feature] RemoteAppPermission添加<添加/移除>所授权的<用户/RemoteApp> API

* [Feature] RemoteApp添加创建、更新、详情、删除、用户RemoteApp等页面

* [Feature] RemoteAppPermission添加创建、更新、详情、删除、授权用户、授权RemoteApp等页面

* [Feature] RemoteApp从assets模块迁移到新添加的applications模块

* [Feature] RemoteApp/RemoteAppPermission添加迁移文件

* [Feature] RemoteApp/RemoteAppPermission修改小细节

* [Feature] RemoteApp/RemoteAppPermission修改小细节2

* [Feature] RemoteApp/RemoteAppPermission修改小细节3

* [Feature] RemoteApp更新迁移文件

* [Feature] RemoteApp/RemoteAppPermission添加翻译信息

* [Feature] RemoteApp/RemoteAppPermission删除迁移文件

* [Feature] RemoteApp/RemoteAppPermission添加迁移文件

* [Feature] RemoteApp/RemoteAppPermission修改代码风格

											
										
										
											6 years ago
-												ipython

											
										
										
											6 years ago
+								        if su not in granted_system_users:
 								            return {"actions": 0}
 								        return granted_system_users[su]