github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge branch 'v3' of github.com:jumpserver/jumpserver into v3

pull/8970/head
ibuler 2022-10-14 19:01:15 +08:00
parent 75ec9d4173 6a32ac4699
commit 10c0cc7abf
2 changed files with 46 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
apps/perms/utils/account.py
View File

@ -10,9 +10,20 @@ class PermAccountUtil(object):
def get_user_perm_asset_accounts(self, user, asset, with_actions=False):
""" 获取授权给用户某个资产的账号 """
aid_actions_map = defaultdict(int)
perms = self.get_user_asset_permissions(user, asset)
for perm in perms:
accounts = self.get_permissions_accounts(perms, with_actions=with_actions)
return accounts
def get_user_perm_accounts(self, user, with_actions=False):
""" 获取授权给用户的所有账号 """
perms = self.get_user_permissions(user)
accounts = self.get_permissions_accounts(perms, with_actions=with_actions)
return accounts
@staticmethod
def get_permissions_accounts(permissions, with_actions=False):
aid_actions_map = defaultdict(int)
for perm in permissions:
account_ids = perm.get_all_accounts(flat=True)
actions = perm.actions
for aid in account_ids:
@ -24,28 +35,49 @@ class PermAccountUtil(object):
account.actions = aid_actions_map.get(str(account.id))
return accounts
def get_user_perm_accounts(self, user):
""" 获取授权给用户的所有账号 """
pass
# Permissions
def get_user_asset_permissions(self, user, asset):
""" 获取同时包含用户、资产的授权规则 """
return AssetPermission.objects.all()
user_perm_ids = self.get_user_permissions(user, flat=True)
asset_perm_ids = self.get_asset_permissions(asset, flat=True)
perm_ids = set(user_perm_ids) & set(asset_perm_ids)
perms = AssetPermission.objects.filter(id__in=perm_ids)
return perms
def get_user_permissions(self):
def get_user_permissions(self, user, with_group=True, flat=False):
""" 获取用户的授权规则 """
pass
perm_ids = set()
# user
user_perm_ids = AssetPermission.users.through.objects.filter(user_id=user.id)\
.values_list('assetpermission_id', flat=True).distinct()
perm_ids.update(user_perm_ids)
# group
if with_group:
groups = user.groups.all()
group_perm_ids = self.get_user_groups_permissions(groups, flat=True)
perm_ids.update(group_perm_ids)
if flat:
return perm_ids
perms = AssetPermission.objects.filter(id__in=perm_ids)
return perms
def get_asset_permissions(self):
@staticmethod
def get_user_groups_permissions(user_groups, flat=False):
""" 获取用户组的授权规则 """
group_ids = user_groups.values_list('id', flat=True).distinct()
perm_ids = AssetPermission.user_groups.through.objects.filter(usergroup_id__in=group_ids) \
.values_list('assetpermission_id', flat=True).distinct()
if flat:
return perm_ids
perms = AssetPermission.objects.filter(id__in=perm_ids)
return perms
def get_asset_permissions(self, asset, flat=False):
""" 获取资产的授权规则"""
pass
return AssetPermission.objects.all()
def get_node_permissions(self):
""" 获取节点的授权规则 """
pass
def get_user_group_permissions(self):
""" 获取用户组的授权规则 """
pass

15
apps/users/models/user.py
View File

@ -918,21 +918,6 @@ class User(AuthMixin, TokenMixin, RoleMixin, MFAMixin, AbstractUser):
return True
return False
def get_groups(self, flat=False):
from users.models import UserGroup
usergroup_ids = self.groups.through.objects\
.filter(user_id=self.id)\
.distinct()\
.values_list('usergroup_id', flat=True)
usergroups = UserGroup.objects.filter(id__in=usergroup_ids)
if flat:
usergroup_ids = usergroups.values_list('id', flat=True)
return usergroup_ids
else:
return usergroups
class UserPasswordHistory(models.Model):
id = models.UUIDField(default=uuid.uuid4, primary_key=True)