mirror of https://github.com/jumpserver/jumpserver
refactor: 删除资产授权Model中不使用的方法
Jiangjie.Bai
parent
d52baf0af5
commit
0f8668fee9
|
|
@ -54,27 +54,30 @@ class AssetPermissionManager(OrgManager):
|
||||||
class AssetPermission(OrgModelMixin):
|
class AssetPermission(OrgModelMixin):
|
||||||
id = models.UUIDField(default=uuid.uuid4, primary_key=True)
|
id = models.UUIDField(default=uuid.uuid4, primary_key=True)
|
||||||
name = models.CharField(max_length=128, verbose_name=_('Name'))
|
name = models.CharField(max_length=128, verbose_name=_('Name'))
|
||||||
users = models.ManyToManyField('users.User', blank=True, verbose_name=_("User"),
|
users = models.ManyToManyField(
|
||||||
related_name='%(class)ss')
|
'users.User', related_name='%(class)ss', blank=True, verbose_name=_("User")
|
||||||
user_groups = models.ManyToManyField('users.UserGroup', blank=True,
|
)
|
||||||
verbose_name=_("User group"), related_name='%(class)ss')
|
user_groups = models.ManyToManyField(
|
||||||
assets = models.ManyToManyField('assets.Asset', related_name='granted_by_permissions',
|
'users.UserGroup', related_name='%(class)ss', blank=True, verbose_name=_("User group")
|
||||||
blank=True, verbose_name=_("Asset"))
|
)
|
||||||
nodes = models.ManyToManyField('assets.Node', related_name='granted_by_permissions', blank=True,
|
assets = models.ManyToManyField(
|
||||||
verbose_name=_("Nodes"))
|
'assets.Asset', related_name='granted_by_permissions', blank=True, verbose_name=_("Asset")
|
||||||
# 只保存 @ALL (@INPUT @USER 默认包含,将来在全局设置中进行控制)
|
)
|
||||||
# 特殊的账号描述
|
nodes = models.ManyToManyField(
|
||||||
# ['@ALL',]
|
'assets.Node', related_name='granted_by_permissions', blank=True, verbose_name=_("Nodes")
|
||||||
# 指定账号授权
|
)
|
||||||
# ['web', 'root',]
|
# 特殊的账号: @ALL, @INPUT @USER 默认包含,将来在全局设置中进行控制.
|
||||||
accounts = models.JSONField(default=list, verbose_name=_("Accounts"))
|
accounts = models.JSONField(default=list, verbose_name=_("Accounts"))
|
||||||
actions = models.IntegerField(choices=Action.DB_CHOICES, default=Action.ALL,
|
actions = models.IntegerField(
|
||||||
verbose_name=_("Actions"))
|
choices=Action.DB_CHOICES, default=Action.ALL, verbose_name=_("Actions")
|
||||||
|
)
|
||||||
is_active = models.BooleanField(default=True, verbose_name=_('Active'))
|
is_active = models.BooleanField(default=True, verbose_name=_('Active'))
|
||||||
date_start = models.DateTimeField(default=timezone.now, db_index=True,
|
date_start = models.DateTimeField(
|
||||||
verbose_name=_("Date start"))
|
default=timezone.now, db_index=True, verbose_name=_("Date start")
|
||||||
date_expired = models.DateTimeField(default=date_expired_default, db_index=True,
|
)
|
||||||
verbose_name=_('Date expired'))
|
date_expired = models.DateTimeField(
|
||||||
|
default=date_expired_default, db_index=True, verbose_name=_('Date expired')
|
||||||
|
)
|
||||||
created_by = models.CharField(max_length=128, blank=True, verbose_name=_('Created by'))
|
created_by = models.CharField(max_length=128, blank=True, verbose_name=_('Created by'))
|
||||||
date_created = models.DateTimeField(auto_now_add=True, verbose_name=_('Date created'))
|
date_created = models.DateTimeField(auto_now_add=True, verbose_name=_('Date created'))
|
||||||
from_ticket = models.BooleanField(default=False, verbose_name=_('From ticket'))
|
from_ticket = models.BooleanField(default=False, verbose_name=_('From ticket'))
|
||||||
|
|
@ -91,10 +94,6 @@ class AssetPermission(OrgModelMixin):
|
||||||
def __str__(self):
|
def __str__(self):
|
||||||
return self.name
|
return self.name
|
||||||
|
|
||||||
@property
|
|
||||||
def id_str(self):
|
|
||||||
return str(self.id)
|
|
||||||
|
|
||||||
@property
|
@property
|
||||||
def is_expired(self):
|
def is_expired(self):
|
||||||
if self.date_expired > timezone.now() > self.date_start:
|
if self.date_expired > timezone.now() > self.date_start:
|
||||||
|
|
@ -107,15 +106,6 @@ class AssetPermission(OrgModelMixin):
|
||||||
return True
|
return True
|
||||||
return False
|
return False
|
||||||
|
|
||||||
@property
|
|
||||||
def all_users(self):
|
|
||||||
from users.models import User
|
|
||||||
users_query = self._meta.get_field('users').related_query_name()
|
|
||||||
user_groups_query = self._meta.get_field('user_groups').related_query_name()
|
|
||||||
users_q = Q(**{f'{users_query}': self})
|
|
||||||
user_groups_q = Q(**{f'groups__{user_groups_query}': self})
|
|
||||||
return User.objects.filter(users_q | user_groups_q).distinct()
|
|
||||||
|
|
||||||
def get_all_users(self):
|
def get_all_users(self):
|
||||||
from users.models import User
|
from users.models import User
|
||||||
user_ids = self.users.all().values_list('id', flat=True)
|
user_ids = self.users.all().values_list('id', flat=True)
|
||||||
|
|
@ -127,6 +117,21 @@ class AssetPermission(OrgModelMixin):
|
||||||
qs = UnionQuerySet(qs1, qs2)
|
qs = UnionQuerySet(qs1, qs2)
|
||||||
return qs
|
return qs
|
||||||
|
|
||||||
|
def get_all_assets(self, flat=False):
|
||||||
|
from assets.models import Node
|
||||||
|
nodes_keys = self.nodes.all().values_list('key', flat=True)
|
||||||
|
asset_ids = set(self.assets.all().values_list('id', flat=True))
|
||||||
|
nodes_asset_ids = Node.get_nodes_all_asset_ids_by_keys(nodes_keys)
|
||||||
|
asset_ids.update(nodes_asset_ids)
|
||||||
|
if flat:
|
||||||
|
return asset_ids
|
||||||
|
assets = Asset.objects.filter(id__in=asset_ids)
|
||||||
|
return assets
|
||||||
|
|
||||||
|
def get_all_accounts(self):
|
||||||
|
""" TODO: 获取所有账号 (Account 对象) """
|
||||||
|
pass
|
||||||
|
|
||||||
@lazyproperty
|
@lazyproperty
|
||||||
def users_amount(self):
|
def users_amount(self):
|
||||||
return self.users.count()
|
return self.users.count()
|
||||||
|
|
@ -143,25 +148,6 @@ class AssetPermission(OrgModelMixin):
|
||||||
def nodes_amount(self):
|
def nodes_amount(self):
|
||||||
return self.nodes.count()
|
return self.nodes.count()
|
||||||
|
|
||||||
@classmethod
|
|
||||||
def get_queryset_with_prefetch(cls):
|
|
||||||
return cls.objects.all().valid().prefetch_related(
|
|
||||||
models.Prefetch('nodes', queryset=Node.objects.all().only('key')),
|
|
||||||
models.Prefetch('assets', queryset=Asset.objects.all().only('id')),
|
|
||||||
).order_by()
|
|
||||||
|
|
||||||
def get_all_assets(self, flat=False):
|
|
||||||
from assets.models import Node
|
|
||||||
nodes_keys = self.nodes.all().values_list('key', flat=True)
|
|
||||||
asset_ids = set(self.assets.all().values_list('id', flat=True))
|
|
||||||
nodes_asset_ids = Node.get_nodes_all_asset_ids_by_keys(nodes_keys)
|
|
||||||
asset_ids.update(nodes_asset_ids)
|
|
||||||
if flat:
|
|
||||||
return asset_ids
|
|
||||||
else:
|
|
||||||
assets = Asset.objects.filter(id__in=asset_ids)
|
|
||||||
return assets
|
|
||||||
|
|
||||||
def users_display(self):
|
def users_display(self):
|
||||||
names = [user.username for user in self.users.all()]
|
names = [user.username for user in self.users.all()]
|
||||||
return names
|
return names
|
||||||
|
|
|
||||||
|
|
@ -11,10 +11,6 @@ from perms.utils.user_permission import get_user_all_asset_perm_ids
|
||||||
logger = get_logger(__file__)
|
logger = get_logger(__file__)
|
||||||
|
|
||||||
|
|
||||||
class AssetPermissionUtil(object):
|
|
||||||
pass
|
|
||||||
|
|
||||||
|
|
||||||
def validate_permission(user, asset, account, action='connect'):
|
def validate_permission(user, asset, account, action='connect'):
|
||||||
asset_perm_ids = get_user_all_asset_perm_ids(user)
|
asset_perm_ids = get_user_all_asset_perm_ids(user)
|
||||||
|
|
||||||
|
|
@ -93,3 +89,12 @@ def has_asset_system_permission(user: User, asset: Asset, account: str):
|
||||||
if actions:
|
if actions:
|
||||||
return True
|
return True
|
||||||
return False
|
return False
|
||||||
|
|
||||||
|
|
||||||
|
class AssetPermissionUtil(object):
|
||||||
|
|
||||||
|
def get_permed_accounts(self, user=None, asset=None):
|
||||||
|
pass
|
||||||
|
|
||||||
|
def get_related_permissions(self, user=None, asset=None):
|
||||||
|
pass
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue