github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity
Browse Source

refactor: 删除资产授权Model中不使用的方法

pull/8970/head
Jiangjie.Bai 2 years ago
parent
d52baf0af5
commit
0f8668fee9
2 changed files with 46 additions and 55 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 88
      apps/perms/models/asset_permission.py
  2. 13
      apps/perms/utils/permission.py

88
apps/perms/models/asset_permission.py
Unescape View File

@ -54,27 +54,30 @@ class AssetPermissionManager(OrgManager):
class AssetPermission(OrgModelMixin):
id = models.UUIDField(default=uuid.uuid4, primary_key=True)
name = models.CharField(max_length=128, verbose_name=_('Name'))
users = models.ManyToManyField('users.User', blank=True, verbose_name=_("User"),
related_name='%(class)ss')
user_groups = models.ManyToManyField('users.UserGroup', blank=True,
verbose_name=_("User group"), related_name='%(class)ss')
assets = models.ManyToManyField('assets.Asset', related_name='granted_by_permissions',
blank=True, verbose_name=_("Asset"))
nodes = models.ManyToManyField('assets.Node', related_name='granted_by_permissions', blank=True,
verbose_name=_("Nodes"))
# 只保存 @ALL (@INPUT @USER 默认包含,将来在全局设置中进行控制)
# 特殊的账号描述
# ['@ALL',]
# 指定账号授权
# ['web', 'root',]
users = models.ManyToManyField(
'users.User', related_name='%(class)ss', blank=True, verbose_name=_("User")
)
user_groups = models.ManyToManyField(
'users.UserGroup', related_name='%(class)ss', blank=True, verbose_name=_("User group")
)
assets = models.ManyToManyField(
'assets.Asset', related_name='granted_by_permissions', blank=True, verbose_name=_("Asset")
)
nodes = models.ManyToManyField(
'assets.Node', related_name='granted_by_permissions', blank=True, verbose_name=_("Nodes")
)
# 特殊的账号: @ALL, @INPUT @USER 默认包含,将来在全局设置中进行控制.
accounts = models.JSONField(default=list, verbose_name=_("Accounts"))
actions = models.IntegerField(choices=Action.DB_CHOICES, default=Action.ALL,
verbose_name=_("Actions"))
actions = models.IntegerField(
choices=Action.DB_CHOICES, default=Action.ALL, verbose_name=_("Actions")
)
is_active = models.BooleanField(default=True, verbose_name=_('Active'))
date_start = models.DateTimeField(default=timezone.now, db_index=True,
verbose_name=_("Date start"))
date_expired = models.DateTimeField(default=date_expired_default, db_index=True,
verbose_name=_('Date expired'))
date_start = models.DateTimeField(
default=timezone.now, db_index=True, verbose_name=_("Date start")
)
date_expired = models.DateTimeField(
default=date_expired_default, db_index=True, verbose_name=_('Date expired')
)
created_by = models.CharField(max_length=128, blank=True, verbose_name=_('Created by'))
date_created = models.DateTimeField(auto_now_add=True, verbose_name=_('Date created'))
from_ticket = models.BooleanField(default=False, verbose_name=_('From ticket'))
@ -91,10 +94,6 @@ class AssetPermission(OrgModelMixin):
def __str__(self):
return self.name
@property
def id_str(self):
return str(self.id)
@property
def is_expired(self):
if self.date_expired > timezone.now() > self.date_start:
@ -107,15 +106,6 @@ class AssetPermission(OrgModelMixin):
return True
return False
@property
def all_users(self):
from users.models import User
users_query = self._meta.get_field('users').related_query_name()
user_groups_query = self._meta.get_field('user_groups').related_query_name()
users_q = Q(**{f'{users_query}': self})
user_groups_q = Q(**{f'groups__{user_groups_query}': self})
return User.objects.filter(users_q | user_groups_q).distinct()
def get_all_users(self):
from users.models import User
user_ids = self.users.all().values_list('id', flat=True)
@ -127,6 +117,21 @@ class AssetPermission(OrgModelMixin):
qs = UnionQuerySet(qs1, qs2)
return qs
def get_all_assets(self, flat=False):
from assets.models import Node
nodes_keys = self.nodes.all().values_list('key', flat=True)
asset_ids = set(self.assets.all().values_list('id', flat=True))
nodes_asset_ids = Node.get_nodes_all_asset_ids_by_keys(nodes_keys)
asset_ids.update(nodes_asset_ids)
if flat:
return asset_ids
assets = Asset.objects.filter(id__in=asset_ids)
return assets
def get_all_accounts(self):
""" TODO: 获取所有账号 (Account 对象) """
pass
@lazyproperty
def users_amount(self):
return self.users.count()
@ -143,25 +148,6 @@ class AssetPermission(OrgModelMixin):
def nodes_amount(self):
return self.nodes.count()
@classmethod
def get_queryset_with_prefetch(cls):
return cls.objects.all().valid().prefetch_related(
models.Prefetch('nodes', queryset=Node.objects.all().only('key')),
models.Prefetch('assets', queryset=Asset.objects.all().only('id')),
).order_by()
def get_all_assets(self, flat=False):
from assets.models import Node
nodes_keys = self.nodes.all().values_list('key', flat=True)
asset_ids = set(self.assets.all().values_list('id', flat=True))
nodes_asset_ids = Node.get_nodes_all_asset_ids_by_keys(nodes_keys)
asset_ids.update(nodes_asset_ids)
if flat:
return asset_ids
else:
assets = Asset.objects.filter(id__in=asset_ids)
return assets
def users_display(self):
names = [user.username for user in self.users.all()]
return names

13
apps/perms/utils/permission.py
Unescape View File

@ -11,10 +11,6 @@ from perms.utils.user_permission import get_user_all_asset_perm_ids
logger = get_logger(__file__)
class AssetPermissionUtil(object):
pass
def validate_permission(user, asset, account, action='connect'):
asset_perm_ids = get_user_all_asset_perm_ids(user)
@ -93,3 +89,12 @@ def has_asset_system_permission(user: User, asset: Asset, account: str):
if actions:
return True
return False
class AssetPermissionUtil(object):
def get_permed_accounts(self, user=None, asset=None):
pass
def get_related_permissions(self, user=None, asset=None):
pass

Write Preview
Loading…
Cancel
Save