refactor: 重构资产授权工具、资产授权账号工具类;删除Model中的处理逻辑;增加用户组、资产授权账号的获取方式

2 years ago · 152749c872
5 changed files with 30 additions and 119 deletions
--- a/apps/perms/api/user_group_permission.py
+++ b/apps/perms/api/user_group_permission.py
@ -11,6 +11,7 @@ from perms.models import AssetPermission
 from assets.models import Asset, Node
 from . import user_permission as uapi
 from perms import serializers
+from perms.utils import PermAccountUtil
 from assets.api.mixin import SerializeToTreeNodeMixin
 from users.models import UserGroup

@ -200,7 +201,7 @@ class UserGroupGrantedAssetAccountsApi(uapi.UserGrantedAssetAccountsApi):
        return UserGroup.objects.get(id=group_id)

    def get_queryset(self):
-        accounts = AssetPermission.get_perm_asset_accounts(
-            user_group=self.user_group, asset=self.asset
+        accounts = PermAccountUtil().get_perm_accounts_for_user_group_asset(
+            self.user_group, self.asset, with_actions=True
        )
        return accounts
--- a/apps/perms/api/user_permission/common.py
+++ b/apps/perms/api/user_permission/common.py
@ -22,6 +22,7 @@ from common.utils import get_logger, lazyproperty
 from perms.hands import User, Asset, Account
 from perms import serializers
 from perms.models import AssetPermission, Action
+from perms.utils import PermAccountUtil

 logger = get_logger(__name__)

@ -118,7 +119,9 @@ class UserGrantedAssetAccountsApi(ListAPIView):
        return asset

    def get_queryset(self):
-        accounts = AssetPermission.get_perm_asset_accounts(user=self.user, asset=self.asset)
+        accounts = PermAccountUtil().get_perm_accounts_for_user_asset(
+            self.user, self.asset, with_actions=True
+        )
        return accounts


--- a/apps/perms/models/asset_permission.py
+++ b/apps/perms/models/asset_permission.py
@ -177,116 +177,6 @@ class AssetPermission(OrgModelMixin):
        names = [node.full_value for node in self.nodes.all()]
        return names

-    # Accounts
-    @classmethod
-    def get_perm_asset_accounts(cls, user=None, user_group=None, asset=None, with_actions=True):
-        perms = cls.filter(user=user, user_group=user_group, asset=asset)
-        account_names = cls.retrieve_account_names(perms)
-        accounts = asset.filter_accounts(account_names)
-        if with_actions:
-            cls.set_accounts_actions(accounts, perms=perms)
-        return accounts
-
-    @classmethod
-    def set_accounts_actions(cls, accounts, perms):
-        account_names_actions_map = cls.get_account_names_actions_map(accounts, perms)
-        for account in accounts:
-            account.actions = account_names_actions_map.get(account.username)
-        return accounts
-
-    @classmethod
-    def get_account_names_actions_map(cls, accounts, perms):
-        account_names_actions_map = defaultdict(int)
-        account_names = accounts.values_list('username', flat=True)
-        perms = perms.filter_by_accounts(account_names)
-        account_names_actions = perms.values_list('accounts', 'actions')
-        for account_names, actions in account_names_actions:
-            for account_name in account_names:
-                account_names_actions_map[account_name] |= actions
-        return account_names_actions_map
-
-    @classmethod
-    def retrieve_account_names(cls, perms):
-        account_names = set()
-        for perm in perms:
-            if not isinstance(perm.accounts, list):
-                continue
-            account_names.update(perm.accounts)
-        return account_names
-
-    @classmethod
-    def filter(cls, user=None, user_group=None, asset=None, account_names=None):
-        """ 获取同时包含 用户(组)-资产-账号 的授权规则, 条件之间都是 & 的关系"""
-        perm_ids = []
-
-        if user:
-            user_perm_ids = cls.filter_by_user(user, flat=True)
-            perm_ids.append(user_perm_ids)
-
-        if user_group:
-            user_group_perm_ids = cls.filter_by_user_group(user_group, flat=True)
-            perm_ids.append(user_group_perm_ids)
-
-        if asset:
-            asset_perm_ids = cls.filter_by_asset(asset, flat=True)
-            perm_ids.append(asset_perm_ids)
-
-        # & 是同时满足，比如有用户，但是用户的规则是空，那么返回也应该是空
-        perm_ids = list(reduce(lambda x, y: set(x) & set(y), perm_ids))
-        perms = cls.objects.filter(id__in=perm_ids)
-
-        if account_names:
-            perms = perms.filter_by_accounts(account_names)
-
-        perms = perms.valid().order_by('-date_expired')
-        return perms
-
-    @classmethod
-    def filter_by_user(cls, user, with_group=True, flat=False):
-        perm_ids = set()
-        user_perm_ids = AssetPermission.users.through.objects.filter(
-            user_id=user.id
-        ).values_list('assetpermission_id', flat=True).distinct()
-        perm_ids.update(user_perm_ids)
-        if with_group:
-            usergroup_ids = user.get_groups(flat=True)
-            usergroups_perm_id = AssetPermission.user_groups.through.objects.filter(
-                usergroup_id__in=usergroup_ids
-            ).values_list('assetpermission_id', flat=True).distinct()
-            perm_ids.update(usergroups_perm_id)
-        if flat:
-            return perm_ids
-        perms = cls.objects.filter(id__in=perm_ids).valid()
-        return perms
-
-    @classmethod
-    def filter_by_user_group(cls, user_group, flat=False):
-        perm_ids = AssetPermission.user_groups.through.objects.filter(
-            usergroup_id=user_group
-        ).values_list('assetpermission_id', flat=True)
-        if flat:
-            return set(perm_ids)
-        perms = cls.objects.filter(id__in=perm_ids).valid()
-        return perms
-
-    @classmethod
-    def filter_by_asset(cls, asset, with_node=True, flat=False):
-        perm_ids = set()
-        asset_perm_ids = AssetPermission.assets.through.objects.filter(
-            asset_id=asset.id
-        ).values_list('assetpermission_id', flat=True).distinct()
-        perm_ids.update(asset_perm_ids)
-        if with_node:
-            node_ids = asset.get_all_nodes(flat=True)
-            node_perm_ids = AssetPermission.nodes.through.objects.filter(
-                node_id__in=node_ids
-            ).values_list('assetpermission_id', flat=True).distinct()
-            perm_ids.update(node_perm_ids)
-        if flat:
-            return perm_ids
-        perms = cls.objects.filter(id__in=perm_ids).valid()
-        return perms
-

 class UserAssetGrantedTreeNodeRelation(OrgModelMixin, FamilyMixin, BaseCreateUpdateModel):
    class NodeFrom(TextChoices):
--- a/apps/perms/utils/account.py
+++ b/apps/perms/utils/account.py
@ -2,24 +2,31 @@ from collections import defaultdict
 from assets.models import Account
 from .permission import AssetPermissionUtil

+__all__ = ['PermAccountUtil']
+

 class PermAccountUtil(AssetPermissionUtil):
    """ 资产授权账号相关的工具 """

-    def get_user_perm_asset_accounts(self, user, asset, with_actions=False):
+    def get_perm_accounts_for_user_asset(self, user, asset, with_actions=False):
        """ 获取授权给用户某个资产的账号 """
        perms = self.get_permissions_for_user_asset(user, asset)
-        accounts = self.get_permissions_accounts(perms, with_actions=with_actions)
+        accounts = self.get_perm_accounts_for_permissions(perms, with_actions=with_actions)
        return accounts

-    def get_user_perm_accounts(self, user, with_actions=False):
+    def get_perm_accounts_for_user(self, user, with_actions=False):
        """ 获取授权给用户的所有账号 """
        perms = self.get_permissions_for_user(user)
-        accounts = self.get_permissions_accounts(perms, with_actions=with_actions)
+        accounts = self.get_perm_accounts_for_permissions(perms, with_actions=with_actions)
+        return accounts
+
+    def get_perm_accounts_for_user_group_asset(self, user_group, asset, with_actions=False):
+        perms = self.get_permissions_for_user_group_asset(user_group, asset)
+        accounts = self.get_perm_accounts_for_permissions(perms, with_actions=with_actions)
        return accounts

    @staticmethod
-    def get_permissions_accounts(permissions, with_actions=False):
+    def get_perm_accounts_for_permissions(permissions, with_actions=False):
        aid_actions_map = defaultdict(int)
        for perm in permissions:
            account_ids = perm.get_all_accounts(flat=True)
--- a/apps/perms/utils/permission.py
+++ b/apps/perms/utils/permission.py
@ -22,6 +22,13 @@ class AssetPermissionUtil(object):
        perms = AssetPermission.objects.filter(id__in=perm_ids)
        return perms

+    def get_permissions_for_user_group_asset(self, user_group, asset):
+        user_perm_ids = self.get_permissions_for_user_groups([user_group], flat=True)
+        asset_perm_ids = self.get_permissions_for_asset(asset, flat=True)
+        perm_ids = set(user_perm_ids) & set(asset_perm_ids)
+        perms = AssetPermission.objects.filter(id__in=perm_ids)
+        return perms
+
    def get_permissions_for_user(self, user, with_group=True, flat=False):
        """ 获取用户的授权规则 """
        perm_ids = set()
@ -42,7 +49,10 @@ class AssetPermissionUtil(object):
    @staticmethod
    def get_permissions_for_user_groups(user_groups, flat=False):
        """ 获取用户组的授权规则 """
-        group_ids = user_groups.values_list('id', flat=True).distinct()
+        if isinstance(user_groups, list):
+            group_ids = [g.id for g in user_groups]
+        else:
+            group_ids = user_groups.values_list('id', flat=True).distinct()
        group_perm_ids = AssetPermission.user_groups.through.objects\
            .filter(usergroup_id__in=group_ids)\
            .values_list('assetpermission_id', flat=True).distinct()