Merge branch 'v3' of github.com:jumpserver/jumpserver into v3

apps/perms/utils/account.py

@@ -10,9 +10,20 @@ class PermAccountUtil(object):
 
     def get_user_perm_asset_accounts(self, user, asset, with_actions=False):
         """ 获取授权给用户某个资产的账号 """
-        aid_actions_map = defaultdict(int)
         perms = self.get_user_asset_permissions(user, asset)
-        for perm in perms:
+        accounts = self.get_permissions_accounts(perms, with_actions=with_actions)
+        return accounts
+
+    def get_user_perm_accounts(self, user, with_actions=False):
+        """ 获取授权给用户的所有账号 """
+        perms = self.get_user_permissions(user)
+        accounts = self.get_permissions_accounts(perms, with_actions=with_actions)
+        return accounts
+
+    @staticmethod
+    def get_permissions_accounts(permissions, with_actions=False):
+        aid_actions_map = defaultdict(int)
+        for perm in permissions:
             account_ids = perm.get_all_accounts(flat=True)
             actions = perm.actions
             for aid in account_ids:
@@ -24,28 +35,49 @@ class PermAccountUtil(object):
                 account.actions = aid_actions_map.get(str(account.id))
         return accounts
 
-    def get_user_perm_accounts(self, user):
-        """ 获取授权给用户的所有账号 """
-        pass
-
     # Permissions
 
     def get_user_asset_permissions(self, user, asset):
         """ 获取同时包含用户、资产的授权规则 """
-        return AssetPermission.objects.all()
+        user_perm_ids = self.get_user_permissions(user, flat=True)
+        asset_perm_ids = self.get_asset_permissions(asset, flat=True)
+        perm_ids = set(user_perm_ids) & set(asset_perm_ids)
+        perms = AssetPermission.objects.filter(id__in=perm_ids)
+        return perms
 
-    def get_user_permissions(self):
+    def get_user_permissions(self, user, with_group=True, flat=False):
         """ 获取用户的授权规则 """
-        pass
+        perm_ids = set()
+        # user
+        user_perm_ids = AssetPermission.users.through.objects.filter(user_id=user.id)\
+            .values_list('assetpermission_id', flat=True).distinct()
+        perm_ids.update(user_perm_ids)
+        # group
+        if with_group:
+            groups = user.groups.all()
+            group_perm_ids = self.get_user_groups_permissions(groups, flat=True)
+            perm_ids.update(group_perm_ids)
+        if flat:
+            return perm_ids
+        perms = AssetPermission.objects.filter(id__in=perm_ids)
+        return perms
 
-    def get_asset_permissions(self):
+    @staticmethod
+    def get_user_groups_permissions(user_groups, flat=False):
+        """ 获取用户组的授权规则 """
+        group_ids = user_groups.values_list('id', flat=True).distinct()
+        perm_ids = AssetPermission.user_groups.through.objects.filter(usergroup_id__in=group_ids) \
+            .values_list('assetpermission_id', flat=True).distinct()
+        if flat:
+            return perm_ids
+        perms = AssetPermission.objects.filter(id__in=perm_ids)
+        return perms
+
+    def get_asset_permissions(self, asset, flat=False):
         """ 获取资产的授权规则"""
-        pass
+        return AssetPermission.objects.all()
 
     def get_node_permissions(self):
         """ 获取节点的授权规则 """
         pass
 
-    def get_user_group_permissions(self):
-        """ 获取用户组的授权规则 """
-        pass

apps/users/models/user.py

@@ -918,21 +918,6 @@ class User(AuthMixin, TokenMixin, RoleMixin, MFAMixin, AbstractUser):
             return True
         return False
 
-    def get_groups(self, flat=False):
-        from users.models import UserGroup
-        usergroup_ids = self.groups.through.objects\
-            .filter(user_id=self.id)\
-            .distinct()\
-            .values_list('usergroup_id', flat=True)
-        usergroups = UserGroup.objects.filter(id__in=usergroup_ids)
-        if flat:
-            usergroup_ids = usergroups.values_list('id', flat=True)
-            return usergroup_ids
-        else:
-            return usergroups
-
-
-
 
 class UserPasswordHistory(models.Model):
     id = models.UUIDField(default=uuid.uuid4, primary_key=True)