diff --git a/apps/perms/utils/account.py b/apps/perms/utils/account.py index 2734c1423..9db8a175f 100644 --- a/apps/perms/utils/account.py +++ b/apps/perms/utils/account.py @@ -10,9 +10,20 @@ class PermAccountUtil(object): def get_user_perm_asset_accounts(self, user, asset, with_actions=False): """ 获取授权给用户某个资产的账号 """ - aid_actions_map = defaultdict(int) perms = self.get_user_asset_permissions(user, asset) - for perm in perms: + accounts = self.get_permissions_accounts(perms, with_actions=with_actions) + return accounts + + def get_user_perm_accounts(self, user, with_actions=False): + """ 获取授权给用户的所有账号 """ + perms = self.get_user_permissions(user) + accounts = self.get_permissions_accounts(perms, with_actions=with_actions) + return accounts + + @staticmethod + def get_permissions_accounts(permissions, with_actions=False): + aid_actions_map = defaultdict(int) + for perm in permissions: account_ids = perm.get_all_accounts(flat=True) actions = perm.actions for aid in account_ids: @@ -24,28 +35,49 @@ class PermAccountUtil(object): account.actions = aid_actions_map.get(str(account.id)) return accounts - def get_user_perm_accounts(self, user): - """ 获取授权给用户的所有账号 """ - pass - # Permissions def get_user_asset_permissions(self, user, asset): """ 获取同时包含用户、资产的授权规则 """ - return AssetPermission.objects.all() + user_perm_ids = self.get_user_permissions(user, flat=True) + asset_perm_ids = self.get_asset_permissions(asset, flat=True) + perm_ids = set(user_perm_ids) & set(asset_perm_ids) + perms = AssetPermission.objects.filter(id__in=perm_ids) + return perms - def get_user_permissions(self): + def get_user_permissions(self, user, with_group=True, flat=False): """ 获取用户的授权规则 """ - pass + perm_ids = set() + # user + user_perm_ids = AssetPermission.users.through.objects.filter(user_id=user.id)\ + .values_list('assetpermission_id', flat=True).distinct() + perm_ids.update(user_perm_ids) + # group + if with_group: + groups = user.groups.all() + group_perm_ids = self.get_user_groups_permissions(groups, flat=True) + perm_ids.update(group_perm_ids) + if flat: + return perm_ids + perms = AssetPermission.objects.filter(id__in=perm_ids) + return perms - def get_asset_permissions(self): + @staticmethod + def get_user_groups_permissions(user_groups, flat=False): + """ 获取用户组的授权规则 """ + group_ids = user_groups.values_list('id', flat=True).distinct() + perm_ids = AssetPermission.user_groups.through.objects.filter(usergroup_id__in=group_ids) \ + .values_list('assetpermission_id', flat=True).distinct() + if flat: + return perm_ids + perms = AssetPermission.objects.filter(id__in=perm_ids) + return perms + + def get_asset_permissions(self, asset, flat=False): """ 获取资产的授权规则""" - pass + return AssetPermission.objects.all() def get_node_permissions(self): """ 获取节点的授权规则 """ pass - def get_user_group_permissions(self): - """ 获取用户组的授权规则 """ - pass diff --git a/apps/users/models/user.py b/apps/users/models/user.py index 659a894a9..78d5eb540 100644 --- a/apps/users/models/user.py +++ b/apps/users/models/user.py @@ -918,21 +918,6 @@ class User(AuthMixin, TokenMixin, RoleMixin, MFAMixin, AbstractUser): return True return False - def get_groups(self, flat=False): - from users.models import UserGroup - usergroup_ids = self.groups.through.objects\ - .filter(user_id=self.id)\ - .distinct()\ - .values_list('usergroup_id', flat=True) - usergroups = UserGroup.objects.filter(id__in=usergroup_ids) - if flat: - usergroup_ids = usergroups.values_list('id', flat=True) - return usergroup_ids - else: - return usergroups - - - class UserPasswordHistory(models.Model): id = models.UUIDField(default=uuid.uuid4, primary_key=True)