From 0f8668fee9d198831fd9a5a4b61d7c1a45d20c70 Mon Sep 17 00:00:00 2001
From: "Jiangjie.Bai" <bugatti_it@163.com>
Date: Thu, 13 Oct 2022 20:14:04 +0800
Subject: [PATCH] =?UTF-8?q?refactor:=20=E5=88=A0=E9=99=A4=E8=B5=84?=
 =?UTF-8?q?=E4=BA=A7=E6=8E=88=E6=9D=83Model=E4=B8=AD=E4=B8=8D=E4=BD=BF?=
 =?UTF-8?q?=E7=94=A8=E7=9A=84=E6=96=B9=E6=B3=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 apps/perms/models/asset_permission.py | 88 +++++++++++----------------
 apps/perms/utils/permission.py        | 13 ++--
 2 files changed, 46 insertions(+), 55 deletions(-)

diff --git a/apps/perms/models/asset_permission.py b/apps/perms/models/asset_permission.py
index 91b894105..7f6bf02ef 100644
--- a/apps/perms/models/asset_permission.py
+++ b/apps/perms/models/asset_permission.py
@@ -54,27 +54,30 @@ class AssetPermissionManager(OrgManager):
 class AssetPermission(OrgModelMixin):
     id = models.UUIDField(default=uuid.uuid4, primary_key=True)
     name = models.CharField(max_length=128, verbose_name=_('Name'))
-    users = models.ManyToManyField('users.User', blank=True, verbose_name=_("User"),
-                                   related_name='%(class)ss')
-    user_groups = models.ManyToManyField('users.UserGroup', blank=True,
-                                         verbose_name=_("User group"), related_name='%(class)ss')
-    assets = models.ManyToManyField('assets.Asset', related_name='granted_by_permissions',
-                                    blank=True, verbose_name=_("Asset"))
-    nodes = models.ManyToManyField('assets.Node', related_name='granted_by_permissions', blank=True,
-                                   verbose_name=_("Nodes"))
-    # 只保存 @ALL (@INPUT @USER 默认包含，将来在全局设置中进行控制)
-    # 特殊的账号描述
-    # ['@ALL',]
-    # 指定账号授权
-    # ['web', 'root',]
+    users = models.ManyToManyField(
+        'users.User', related_name='%(class)ss', blank=True, verbose_name=_("User")
+    )
+    user_groups = models.ManyToManyField(
+        'users.UserGroup', related_name='%(class)ss', blank=True, verbose_name=_("User group")
+    )
+    assets = models.ManyToManyField(
+        'assets.Asset', related_name='granted_by_permissions', blank=True, verbose_name=_("Asset")
+    )
+    nodes = models.ManyToManyField(
+        'assets.Node', related_name='granted_by_permissions', blank=True, verbose_name=_("Nodes")
+    )
+    # 特殊的账号: @ALL, @INPUT @USER 默认包含，将来在全局设置中进行控制.
     accounts = models.JSONField(default=list, verbose_name=_("Accounts"))
-    actions = models.IntegerField(choices=Action.DB_CHOICES, default=Action.ALL,
-                                  verbose_name=_("Actions"))
+    actions = models.IntegerField(
+        choices=Action.DB_CHOICES, default=Action.ALL, verbose_name=_("Actions")
+    )
     is_active = models.BooleanField(default=True, verbose_name=_('Active'))
-    date_start = models.DateTimeField(default=timezone.now, db_index=True,
-                                      verbose_name=_("Date start"))
-    date_expired = models.DateTimeField(default=date_expired_default, db_index=True,
-                                        verbose_name=_('Date expired'))
+    date_start = models.DateTimeField(
+        default=timezone.now, db_index=True, verbose_name=_("Date start")
+    )
+    date_expired = models.DateTimeField(
+        default=date_expired_default, db_index=True, verbose_name=_('Date expired')
+    )
     created_by = models.CharField(max_length=128, blank=True, verbose_name=_('Created by'))
     date_created = models.DateTimeField(auto_now_add=True, verbose_name=_('Date created'))
     from_ticket = models.BooleanField(default=False, verbose_name=_('From ticket'))
@@ -91,10 +94,6 @@ class AssetPermission(OrgModelMixin):
     def __str__(self):
         return self.name
 
-    @property
-    def id_str(self):
-        return str(self.id)
-
     @property
     def is_expired(self):
         if self.date_expired > timezone.now() > self.date_start:
@@ -107,15 +106,6 @@ class AssetPermission(OrgModelMixin):
             return True
         return False
 
-    @property
-    def all_users(self):
-        from users.models import User
-        users_query = self._meta.get_field('users').related_query_name()
-        user_groups_query = self._meta.get_field('user_groups').related_query_name()
-        users_q = Q(**{f'{users_query}': self})
-        user_groups_q = Q(**{f'groups__{user_groups_query}': self})
-        return User.objects.filter(users_q | user_groups_q).distinct()
-
     def get_all_users(self):
         from users.models import User
         user_ids = self.users.all().values_list('id', flat=True)
@@ -127,6 +117,21 @@ class AssetPermission(OrgModelMixin):
         qs = UnionQuerySet(qs1, qs2)
         return qs
 
+    def get_all_assets(self, flat=False):
+        from assets.models import Node
+        nodes_keys = self.nodes.all().values_list('key', flat=True)
+        asset_ids = set(self.assets.all().values_list('id', flat=True))
+        nodes_asset_ids = Node.get_nodes_all_asset_ids_by_keys(nodes_keys)
+        asset_ids.update(nodes_asset_ids)
+        if flat:
+            return asset_ids
+        assets = Asset.objects.filter(id__in=asset_ids)
+        return assets
+
+    def get_all_accounts(self):
+        """ TODO: 获取所有账号 (Account 对象) """
+        pass
+
     @lazyproperty
     def users_amount(self):
         return self.users.count()
@@ -143,25 +148,6 @@ class AssetPermission(OrgModelMixin):
     def nodes_amount(self):
         return self.nodes.count()
 
-    @classmethod
-    def get_queryset_with_prefetch(cls):
-        return cls.objects.all().valid().prefetch_related(
-            models.Prefetch('nodes', queryset=Node.objects.all().only('key')),
-            models.Prefetch('assets', queryset=Asset.objects.all().only('id')),
-        ).order_by()
-
-    def get_all_assets(self, flat=False):
-        from assets.models import Node
-        nodes_keys = self.nodes.all().values_list('key', flat=True)
-        asset_ids = set(self.assets.all().values_list('id', flat=True))
-        nodes_asset_ids = Node.get_nodes_all_asset_ids_by_keys(nodes_keys)
-        asset_ids.update(nodes_asset_ids)
-        if flat:
-            return asset_ids
-        else:
-            assets = Asset.objects.filter(id__in=asset_ids)
-            return assets
-
     def users_display(self):
         names = [user.username for user in self.users.all()]
         return names
diff --git a/apps/perms/utils/permission.py b/apps/perms/utils/permission.py
index 908c6016f..8b9067613 100644
--- a/apps/perms/utils/permission.py
+++ b/apps/perms/utils/permission.py
@@ -11,10 +11,6 @@ from perms.utils.user_permission import get_user_all_asset_perm_ids
 logger = get_logger(__file__)
 
 
-class AssetPermissionUtil(object):
-    pass
-
-
 def validate_permission(user, asset, account, action='connect'):
     asset_perm_ids = get_user_all_asset_perm_ids(user)
 
@@ -93,3 +89,12 @@ def has_asset_system_permission(user: User, asset: Asset, account: str):
     if actions:
         return True
     return False
+
+
+class AssetPermissionUtil(object):
+
+    def get_permed_accounts(self, user=None, asset=None):
+        pass
+
+    def get_related_permissions(self, user=None, asset=None):
+        pass