github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

refactor: 删除资产授权Model中不使用的方法

pull/8970/head
Jiangjie.Bai 2022-10-13 20:14:04 +08:00
parent d52baf0af5
commit 0f8668fee9
2 changed files with 46 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

88
apps/perms/models/asset_permission.py
View File

@ -54,27 +54,30 @@ class AssetPermissionManager(OrgManager):
class AssetPermission(OrgModelMixin):
id = models.UUIDField(default=uuid.uuid4, primary_key=True)
name = models.CharField(max_length=128, verbose_name=_('Name'))
users = models.ManyToManyField('users.User', blank=True, verbose_name=_("User"),
related_name='%(class)ss')
user_groups = models.ManyToManyField('users.UserGroup', blank=True,
verbose_name=_("User group"), related_name='%(class)ss')
assets = models.ManyToManyField('assets.Asset', related_name='granted_by_permissions',
blank=True, verbose_name=_("Asset"))
nodes = models.ManyToManyField('assets.Node', related_name='granted_by_permissions', blank=True,
verbose_name=_("Nodes"))
# 只保存 @ALL (@INPUT @USER 默认包含,将来在全局设置中进行控制)
# 特殊的账号描述
# ['@ALL',]
# 指定账号授权
# ['web', 'root',]
users = models.ManyToManyField(
'users.User', related_name='%(class)ss', blank=True, verbose_name=_("User")
)
user_groups = models.ManyToManyField(
'users.UserGroup', related_name='%(class)ss', blank=True, verbose_name=_("User group")
)
assets = models.ManyToManyField(
'assets.Asset', related_name='granted_by_permissions', blank=True, verbose_name=_("Asset")
)
nodes = models.ManyToManyField(
'assets.Node', related_name='granted_by_permissions', blank=True, verbose_name=_("Nodes")
)
# 特殊的账号: @ALL, @INPUT @USER 默认包含,将来在全局设置中进行控制.
accounts = models.JSONField(default=list, verbose_name=_("Accounts"))
actions = models.IntegerField(choices=Action.DB_CHOICES, default=Action.ALL,
verbose_name=_("Actions"))
actions = models.IntegerField(
choices=Action.DB_CHOICES, default=Action.ALL, verbose_name=_("Actions")
)
is_active = models.BooleanField(default=True, verbose_name=_('Active'))
date_start = models.DateTimeField(default=timezone.now, db_index=True,
verbose_name=_("Date start"))
date_expired = models.DateTimeField(default=date_expired_default, db_index=True,
verbose_name=_('Date expired'))
date_start = models.DateTimeField(
default=timezone.now, db_index=True, verbose_name=_("Date start")
)
date_expired = models.DateTimeField(
default=date_expired_default, db_index=True, verbose_name=_('Date expired')
)
created_by = models.CharField(max_length=128, blank=True, verbose_name=_('Created by'))
date_created = models.DateTimeField(auto_now_add=True, verbose_name=_('Date created'))
from_ticket = models.BooleanField(default=False, verbose_name=_('From ticket'))
@ -91,10 +94,6 @@ class AssetPermission(OrgModelMixin):
def __str__(self):
return self.name
@property
def id_str(self):
return str(self.id)
@property
def is_expired(self):
if self.date_expired > timezone.now() > self.date_start:
@ -107,15 +106,6 @@ class AssetPermission(OrgModelMixin):
return True
return False
@property
def all_users(self):
from users.models import User
users_query = self._meta.get_field('users').related_query_name()
user_groups_query = self._meta.get_field('user_groups').related_query_name()
users_q = Q(**{f'{users_query}': self})
user_groups_q = Q(**{f'groups__{user_groups_query}': self})
return User.objects.filter(users_q | user_groups_q).distinct()
def get_all_users(self):
from users.models import User
user_ids = self.users.all().values_list('id', flat=True)
@ -127,6 +117,21 @@ class AssetPermission(OrgModelMixin):
qs = UnionQuerySet(qs1, qs2)
return qs
def get_all_assets(self, flat=False):
from assets.models import Node
nodes_keys = self.nodes.all().values_list('key', flat=True)
asset_ids = set(self.assets.all().values_list('id', flat=True))
nodes_asset_ids = Node.get_nodes_all_asset_ids_by_keys(nodes_keys)
asset_ids.update(nodes_asset_ids)
if flat:
return asset_ids
assets = Asset.objects.filter(id__in=asset_ids)
return assets
def get_all_accounts(self):
""" TODO: 获取所有账号 (Account 对象) """
pass
@lazyproperty
def users_amount(self):
return self.users.count()
@ -143,25 +148,6 @@ class AssetPermission(OrgModelMixin):
def nodes_amount(self):
return self.nodes.count()
@classmethod
def get_queryset_with_prefetch(cls):
return cls.objects.all().valid().prefetch_related(
models.Prefetch('nodes', queryset=Node.objects.all().only('key')),
models.Prefetch('assets', queryset=Asset.objects.all().only('id')),
).order_by()
def get_all_assets(self, flat=False):
from assets.models import Node
nodes_keys = self.nodes.all().values_list('key', flat=True)
asset_ids = set(self.assets.all().values_list('id', flat=True))
nodes_asset_ids = Node.get_nodes_all_asset_ids_by_keys(nodes_keys)
asset_ids.update(nodes_asset_ids)
if flat:
return asset_ids
else:
assets = Asset.objects.filter(id__in=asset_ids)
return assets
def users_display(self):
names = [user.username for user in self.users.all()]
return names

13
apps/perms/utils/permission.py
View File

@ -11,10 +11,6 @@ from perms.utils.user_permission import get_user_all_asset_perm_ids
logger = get_logger(__file__)
class AssetPermissionUtil(object):
pass
def validate_permission(user, asset, account, action='connect'):
asset_perm_ids = get_user_all_asset_perm_ids(user)
@ -93,3 +89,12 @@ def has_asset_system_permission(user: User, asset: Asset, account: str):
if actions:
return True
return False
class AssetPermissionUtil(object):
def get_permed_accounts(self, user=None, asset=None):
pass
def get_related_permissions(self, user=None, asset=None):
pass