refactor: 授权添加授权账号工具，实现获取授权用户某个资产账号的功能

apps/assets/models/account.py

@@ -74,11 +74,6 @@ class Account(BaseAccount):
         """ @USER 动态用户的账号(self) """
         return cls(name=cls.InnerAccount.USER.value, username=username)
 
-    @classmethod
-    def filter(cls, asset_ids, account_usernames):
-        queries = Q(asset_id__in=asset_ids) & Q(username__in=account_usernames)
-        return cls.objects.filter(queries)
-
 
 class AccountTemplate(BaseAccount):
     class Meta:

apps/perms/models/asset_permission.py

@@ -128,7 +128,7 @@ class AssetPermission(OrgModelMixin):
         assets = Asset.objects.filter(id__in=asset_ids)
         return assets
 
-    def get_all_accounts(self):
+    def get_all_accounts(self, flat=False):
         """
          :return: 返回授权的所有账号对象 Account
         """
@@ -137,7 +137,9 @@ class AssetPermission(OrgModelMixin):
         if not self.is_perm_all_accounts:
             q &= Q(username__in=self.accounts)
         accounts = Account.objects.filter(q)
-        return accounts
+        if not flat:
+            return accounts
+        return accounts.values_list('id', flat=True)
 
     @property
     def is_perm_all_accounts(self):
@@ -175,12 +177,7 @@ class AssetPermission(OrgModelMixin):
         names = [node.full_value for node in self.nodes.all()]
         return names
 
-    # Related accounts
-    def get_asset_accounts(self):
-        asset_ids = self.get_all_assets(flat=True)
-        accounts = Account.filter(asset_ids, self.accounts)
-        return accounts
-
+    # Accounts
     @classmethod
     def get_perm_asset_accounts(cls, user=None, user_group=None, asset=None, with_actions=True):
         perms = cls.filter(user=user, user_group=user_group, asset=asset)

apps/perms/utils/__init__.py

@@ -1,2 +1,3 @@
 from .permission import *
 from .user_permission import *
+from .account import *

apps/perms/utils/account.py

@@ -0,0 +1,51 @@
+from collections import defaultdict
+from assets.models import Account
+from perms.models import AssetPermission
+
+
+class PermAccountUtil(object):
+    """ 授权账号查询工具 """
+
+    # Accounts
+
+    def get_user_perm_asset_accounts(self, user, asset, with_actions=False):
+        """ 获取授权给用户某个资产的账号 """
+        aid_actions_map = defaultdict(int)
+        perms = self.get_user_asset_permissions(user, asset)
+        for perm in perms:
+            account_ids = perm.get_all_accounts(flat=True)
+            actions = perm.actions
+            for aid in account_ids:
+                aid_actions_map[str(aid)] |= actions
+        account_ids = list(aid_actions_map.keys())
+        accounts = Account.objects.filter(id__in=account_ids)
+        if with_actions:
+            for account in accounts:
+                account.actions = aid_actions_map.get(str(account.id))
+        return accounts
+
+    def get_user_perm_accounts(self, user):
+        """ 获取授权给用户的所有账号 """
+        pass
+
+    # Permissions
+
+    def get_user_asset_permissions(self, user, asset):
+        """ 获取同时包含用户、资产的授权规则 """
+        return AssetPermission.objects.all()
+
+    def get_user_permissions(self):
+        """ 获取用户的授权规则 """
+        pass
+
+    def get_asset_permissions(self):
+        """ 获取资产的授权规则"""
+        pass
+
+    def get_node_permissions(self):
+        """ 获取节点的授权规则 """
+        pass
+
+    def get_user_group_permissions(self):
+        """ 获取用户组的授权规则 """
+        pass

apps/perms/utils/permission.py

@@ -90,11 +90,3 @@ def has_asset_system_permission(user: User, asset: Asset, account: str):
         return True
     return False
 
-
-class AssetPermissionUtil(object):
-
-    def get_permed_accounts(self, user=None, asset=None):
-        pass
-
-    def get_related_permissions(self, user=None, asset=None):
-        pass