From 152749c872c64bbbad4b1a585ec698266a76c87c Mon Sep 17 00:00:00 2001 From: "Jiangjie.Bai" Date: Tue, 18 Oct 2022 16:42:32 +0800 Subject: [PATCH] =?UTF-8?q?refactor:=20=E9=87=8D=E6=9E=84=E8=B5=84?= =?UTF-8?q?=E4=BA=A7=E6=8E=88=E6=9D=83=E5=B7=A5=E5=85=B7=E3=80=81=E8=B5=84?= =?UTF-8?q?=E4=BA=A7=E6=8E=88=E6=9D=83=E8=B4=A6=E5=8F=B7=E5=B7=A5=E5=85=B7?= =?UTF-8?q?=E7=B1=BB;=E5=88=A0=E9=99=A4Model=E4=B8=AD=E7=9A=84=E5=A4=84?= =?UTF-8?q?=E7=90=86=E9=80=BB=E8=BE=91;=E5=A2=9E=E5=8A=A0=E7=94=A8?= =?UTF-8?q?=E6=88=B7=E7=BB=84=E3=80=81=E8=B5=84=E4=BA=A7=E6=8E=88=E6=9D=83?= =?UTF-8?q?=E8=B4=A6=E5=8F=B7=E7=9A=84=E8=8E=B7=E5=8F=96=E6=96=B9=E5=BC=8F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/perms/api/user_group_permission.py | 5 +- apps/perms/api/user_permission/common.py | 5 +- apps/perms/models/asset_permission.py | 110 ----------------------- apps/perms/utils/account.py | 17 ++-- apps/perms/utils/permission.py | 12 ++- 5 files changed, 30 insertions(+), 119 deletions(-) diff --git a/apps/perms/api/user_group_permission.py b/apps/perms/api/user_group_permission.py index e6d470681..dedd90a3c 100644 --- a/apps/perms/api/user_group_permission.py +++ b/apps/perms/api/user_group_permission.py @@ -11,6 +11,7 @@ from perms.models import AssetPermission from assets.models import Asset, Node from . import user_permission as uapi from perms import serializers +from perms.utils import PermAccountUtil from assets.api.mixin import SerializeToTreeNodeMixin from users.models import UserGroup @@ -200,7 +201,7 @@ class UserGroupGrantedAssetAccountsApi(uapi.UserGrantedAssetAccountsApi): return UserGroup.objects.get(id=group_id) def get_queryset(self): - accounts = AssetPermission.get_perm_asset_accounts( - user_group=self.user_group, asset=self.asset + accounts = PermAccountUtil().get_perm_accounts_for_user_group_asset( + self.user_group, self.asset, with_actions=True ) return accounts diff --git a/apps/perms/api/user_permission/common.py b/apps/perms/api/user_permission/common.py index 3c77a1be5..ebcbcf3e6 100644 --- a/apps/perms/api/user_permission/common.py +++ b/apps/perms/api/user_permission/common.py @@ -22,6 +22,7 @@ from common.utils import get_logger, lazyproperty from perms.hands import User, Asset, Account from perms import serializers from perms.models import AssetPermission, Action +from perms.utils import PermAccountUtil logger = get_logger(__name__) @@ -118,7 +119,9 @@ class UserGrantedAssetAccountsApi(ListAPIView): return asset def get_queryset(self): - accounts = AssetPermission.get_perm_asset_accounts(user=self.user, asset=self.asset) + accounts = PermAccountUtil().get_perm_accounts_for_user_asset( + self.user, self.asset, with_actions=True + ) return accounts diff --git a/apps/perms/models/asset_permission.py b/apps/perms/models/asset_permission.py index acd654528..cc071065d 100644 --- a/apps/perms/models/asset_permission.py +++ b/apps/perms/models/asset_permission.py @@ -177,116 +177,6 @@ class AssetPermission(OrgModelMixin): names = [node.full_value for node in self.nodes.all()] return names - # Accounts - @classmethod - def get_perm_asset_accounts(cls, user=None, user_group=None, asset=None, with_actions=True): - perms = cls.filter(user=user, user_group=user_group, asset=asset) - account_names = cls.retrieve_account_names(perms) - accounts = asset.filter_accounts(account_names) - if with_actions: - cls.set_accounts_actions(accounts, perms=perms) - return accounts - - @classmethod - def set_accounts_actions(cls, accounts, perms): - account_names_actions_map = cls.get_account_names_actions_map(accounts, perms) - for account in accounts: - account.actions = account_names_actions_map.get(account.username) - return accounts - - @classmethod - def get_account_names_actions_map(cls, accounts, perms): - account_names_actions_map = defaultdict(int) - account_names = accounts.values_list('username', flat=True) - perms = perms.filter_by_accounts(account_names) - account_names_actions = perms.values_list('accounts', 'actions') - for account_names, actions in account_names_actions: - for account_name in account_names: - account_names_actions_map[account_name] |= actions - return account_names_actions_map - - @classmethod - def retrieve_account_names(cls, perms): - account_names = set() - for perm in perms: - if not isinstance(perm.accounts, list): - continue - account_names.update(perm.accounts) - return account_names - - @classmethod - def filter(cls, user=None, user_group=None, asset=None, account_names=None): - """ 获取同时包含 用户(组)-资产-账号 的授权规则, 条件之间都是 & 的关系""" - perm_ids = [] - - if user: - user_perm_ids = cls.filter_by_user(user, flat=True) - perm_ids.append(user_perm_ids) - - if user_group: - user_group_perm_ids = cls.filter_by_user_group(user_group, flat=True) - perm_ids.append(user_group_perm_ids) - - if asset: - asset_perm_ids = cls.filter_by_asset(asset, flat=True) - perm_ids.append(asset_perm_ids) - - # & 是同时满足,比如有用户,但是用户的规则是空,那么返回也应该是空 - perm_ids = list(reduce(lambda x, y: set(x) & set(y), perm_ids)) - perms = cls.objects.filter(id__in=perm_ids) - - if account_names: - perms = perms.filter_by_accounts(account_names) - - perms = perms.valid().order_by('-date_expired') - return perms - - @classmethod - def filter_by_user(cls, user, with_group=True, flat=False): - perm_ids = set() - user_perm_ids = AssetPermission.users.through.objects.filter( - user_id=user.id - ).values_list('assetpermission_id', flat=True).distinct() - perm_ids.update(user_perm_ids) - if with_group: - usergroup_ids = user.get_groups(flat=True) - usergroups_perm_id = AssetPermission.user_groups.through.objects.filter( - usergroup_id__in=usergroup_ids - ).values_list('assetpermission_id', flat=True).distinct() - perm_ids.update(usergroups_perm_id) - if flat: - return perm_ids - perms = cls.objects.filter(id__in=perm_ids).valid() - return perms - - @classmethod - def filter_by_user_group(cls, user_group, flat=False): - perm_ids = AssetPermission.user_groups.through.objects.filter( - usergroup_id=user_group - ).values_list('assetpermission_id', flat=True) - if flat: - return set(perm_ids) - perms = cls.objects.filter(id__in=perm_ids).valid() - return perms - - @classmethod - def filter_by_asset(cls, asset, with_node=True, flat=False): - perm_ids = set() - asset_perm_ids = AssetPermission.assets.through.objects.filter( - asset_id=asset.id - ).values_list('assetpermission_id', flat=True).distinct() - perm_ids.update(asset_perm_ids) - if with_node: - node_ids = asset.get_all_nodes(flat=True) - node_perm_ids = AssetPermission.nodes.through.objects.filter( - node_id__in=node_ids - ).values_list('assetpermission_id', flat=True).distinct() - perm_ids.update(node_perm_ids) - if flat: - return perm_ids - perms = cls.objects.filter(id__in=perm_ids).valid() - return perms - class UserAssetGrantedTreeNodeRelation(OrgModelMixin, FamilyMixin, BaseCreateUpdateModel): class NodeFrom(TextChoices): diff --git a/apps/perms/utils/account.py b/apps/perms/utils/account.py index 948f60a84..a5fdadc6b 100644 --- a/apps/perms/utils/account.py +++ b/apps/perms/utils/account.py @@ -2,24 +2,31 @@ from collections import defaultdict from assets.models import Account from .permission import AssetPermissionUtil +__all__ = ['PermAccountUtil'] + class PermAccountUtil(AssetPermissionUtil): """ 资产授权账号相关的工具 """ - def get_user_perm_asset_accounts(self, user, asset, with_actions=False): + def get_perm_accounts_for_user_asset(self, user, asset, with_actions=False): """ 获取授权给用户某个资产的账号 """ perms = self.get_permissions_for_user_asset(user, asset) - accounts = self.get_permissions_accounts(perms, with_actions=with_actions) + accounts = self.get_perm_accounts_for_permissions(perms, with_actions=with_actions) return accounts - def get_user_perm_accounts(self, user, with_actions=False): + def get_perm_accounts_for_user(self, user, with_actions=False): """ 获取授权给用户的所有账号 """ perms = self.get_permissions_for_user(user) - accounts = self.get_permissions_accounts(perms, with_actions=with_actions) + accounts = self.get_perm_accounts_for_permissions(perms, with_actions=with_actions) + return accounts + + def get_perm_accounts_for_user_group_asset(self, user_group, asset, with_actions=False): + perms = self.get_permissions_for_user_group_asset(user_group, asset) + accounts = self.get_perm_accounts_for_permissions(perms, with_actions=with_actions) return accounts @staticmethod - def get_permissions_accounts(permissions, with_actions=False): + def get_perm_accounts_for_permissions(permissions, with_actions=False): aid_actions_map = defaultdict(int) for perm in permissions: account_ids = perm.get_all_accounts(flat=True) diff --git a/apps/perms/utils/permission.py b/apps/perms/utils/permission.py index 3096a87db..b16c69fa0 100644 --- a/apps/perms/utils/permission.py +++ b/apps/perms/utils/permission.py @@ -22,6 +22,13 @@ class AssetPermissionUtil(object): perms = AssetPermission.objects.filter(id__in=perm_ids) return perms + def get_permissions_for_user_group_asset(self, user_group, asset): + user_perm_ids = self.get_permissions_for_user_groups([user_group], flat=True) + asset_perm_ids = self.get_permissions_for_asset(asset, flat=True) + perm_ids = set(user_perm_ids) & set(asset_perm_ids) + perms = AssetPermission.objects.filter(id__in=perm_ids) + return perms + def get_permissions_for_user(self, user, with_group=True, flat=False): """ 获取用户的授权规则 """ perm_ids = set() @@ -42,7 +49,10 @@ class AssetPermissionUtil(object): @staticmethod def get_permissions_for_user_groups(user_groups, flat=False): """ 获取用户组的授权规则 """ - group_ids = user_groups.values_list('id', flat=True).distinct() + if isinstance(user_groups, list): + group_ids = [g.id for g in user_groups] + else: + group_ids = user_groups.values_list('id', flat=True).distinct() group_perm_ids = AssetPermission.user_groups.through.objects\ .filter(usergroup_id__in=group_ids)\ .values_list('assetpermission_id', flat=True).distinct()