refactor: 重构资产授权工具、资产授权账号工具类;删除Model中的处理逻辑;增加用户组、资产授权账号的获取方式

2 years ago · 152749c872
5 changed files with 30 additions and 119 deletions
--- a/apps/perms/api/user_group_permission.py
+++ b/apps/perms/api/user_group_permission.py
@ -11,6 +11,7 @@ from perms.models import AssetPermission
 from assets.models import Asset, Node
 from . import user_permission as uapi
 from perms import serializers
 from perms.utils import PermAccountUtil
 from assets.api.mixin import SerializeToTreeNodeMixin
 from users.models import UserGroup
@ -200,7 +201,7 @@ class UserGroupGrantedAssetAccountsApi(uapi.UserGrantedAssetAccountsApi):
        return UserGroup.objects.get(id=group_id)
    def get_queryset(self):
-        accounts = AssetPermission.get_perm_asset_accounts(
+        accounts = PermAccountUtil().get_perm_accounts_for_user_group_asset(
-            user_group=self.user_group, asset=self.asset
+            self.user_group, self.asset, with_actions=True
        )
        return accounts
--- a/apps/perms/api/user_permission/common.py
+++ b/apps/perms/api/user_permission/common.py
@ -22,6 +22,7 @@ from common.utils import get_logger, lazyproperty
 from perms.hands import User, Asset, Account
 from perms import serializers
 from perms.models import AssetPermission, Action
 from perms.utils import PermAccountUtil
 logger = get_logger(__name__)
@ -118,7 +119,9 @@ class UserGrantedAssetAccountsApi(ListAPIView):
        return asset
    def get_queryset(self):
-        accounts = AssetPermission.get_perm_asset_accounts(user=self.user, asset=self.asset)
+        accounts = PermAccountUtil().get_perm_accounts_for_user_asset(
            self.user, self.asset, with_actions=True
        )
        return accounts
--- a/apps/perms/models/asset_permission.py
+++ b/apps/perms/models/asset_permission.py
@ -177,116 +177,6 @@ class AssetPermission(OrgModelMixin):
        names = [node.full_value for node in self.nodes.all()]
        return names
    # Accounts
    @classmethod
    def get_perm_asset_accounts(cls, user=None, user_group=None, asset=None, with_actions=True):
        perms = cls.filter(user=user, user_group=user_group, asset=asset)
        account_names = cls.retrieve_account_names(perms)
        accounts = asset.filter_accounts(account_names)
        if with_actions:
            cls.set_accounts_actions(accounts, perms=perms)
        return accounts
    @classmethod
    def set_accounts_actions(cls, accounts, perms):
        account_names_actions_map = cls.get_account_names_actions_map(accounts, perms)
        for account in accounts:
            account.actions = account_names_actions_map.get(account.username)
        return accounts
    @classmethod
    def get_account_names_actions_map(cls, accounts, perms):
        account_names_actions_map = defaultdict(int)
        account_names = accounts.values_list('username', flat=True)
        perms = perms.filter_by_accounts(account_names)
        account_names_actions = perms.values_list('accounts', 'actions')
        for account_names, actions in account_names_actions:
            for account_name in account_names:
                account_names_actions_map[account_name] |= actions
        return account_names_actions_map
    @classmethod
    def retrieve_account_names(cls, perms):
        account_names = set()
        for perm in perms:
            if not isinstance(perm.accounts, list):
                continue
            account_names.update(perm.accounts)
        return account_names
    @classmethod
    def filter(cls, user=None, user_group=None, asset=None, account_names=None):
        """ 获取同时包含 用户(组)-资产-账号 的授权规则, 条件之间都是 & 的关系"""
        perm_ids = []
        if user:
            user_perm_ids = cls.filter_by_user(user, flat=True)
            perm_ids.append(user_perm_ids)
        if user_group:
            user_group_perm_ids = cls.filter_by_user_group(user_group, flat=True)
            perm_ids.append(user_group_perm_ids)
        if asset:
            asset_perm_ids = cls.filter_by_asset(asset, flat=True)
            perm_ids.append(asset_perm_ids)
        # & 是同时满足，比如有用户，但是用户的规则是空，那么返回也应该是空
        perm_ids = list(reduce(lambda x, y: set(x) & set(y), perm_ids))
        perms = cls.objects.filter(id__in=perm_ids)
        if account_names:
            perms = perms.filter_by_accounts(account_names)
        perms = perms.valid().order_by('-date_expired')
        return perms
    @classmethod
    def filter_by_user(cls, user, with_group=True, flat=False):
        perm_ids = set()
        user_perm_ids = AssetPermission.users.through.objects.filter(
            user_id=user.id
        ).values_list('assetpermission_id', flat=True).distinct()
        perm_ids.update(user_perm_ids)
        if with_group:
            usergroup_ids = user.get_groups(flat=True)
            usergroups_perm_id = AssetPermission.user_groups.through.objects.filter(
                usergroup_id__in=usergroup_ids
            ).values_list('assetpermission_id', flat=True).distinct()
            perm_ids.update(usergroups_perm_id)
        if flat:
            return perm_ids
        perms = cls.objects.filter(id__in=perm_ids).valid()
        return perms
    @classmethod
    def filter_by_user_group(cls, user_group, flat=False):
        perm_ids = AssetPermission.user_groups.through.objects.filter(
            usergroup_id=user_group
        ).values_list('assetpermission_id', flat=True)
        if flat:
            return set(perm_ids)
        perms = cls.objects.filter(id__in=perm_ids).valid()
        return perms
    @classmethod
    def filter_by_asset(cls, asset, with_node=True, flat=False):
        perm_ids = set()
        asset_perm_ids = AssetPermission.assets.through.objects.filter(
            asset_id=asset.id
        ).values_list('assetpermission_id', flat=True).distinct()
        perm_ids.update(asset_perm_ids)
        if with_node:
            node_ids = asset.get_all_nodes(flat=True)
            node_perm_ids = AssetPermission.nodes.through.objects.filter(
                node_id__in=node_ids
            ).values_list('assetpermission_id', flat=True).distinct()
            perm_ids.update(node_perm_ids)
        if flat:
            return perm_ids
        perms = cls.objects.filter(id__in=perm_ids).valid()
        return perms
 class UserAssetGrantedTreeNodeRelation(OrgModelMixin, FamilyMixin, BaseCreateUpdateModel):
    class NodeFrom(TextChoices):
--- a/apps/perms/utils/account.py
+++ b/apps/perms/utils/account.py
@ -2,24 +2,31 @@ from collections import defaultdict
 from assets.models import Account
 from .permission import AssetPermissionUtil
 __all__ = ['PermAccountUtil']
 class PermAccountUtil(AssetPermissionUtil):
    """ 资产授权账号相关的工具 """
-    def get_user_perm_asset_accounts(self, user, asset, with_actions=False):
+    def get_perm_accounts_for_user_asset(self, user, asset, with_actions=False):
        """ 获取授权给用户某个资产的账号 """
        perms = self.get_permissions_for_user_asset(user, asset)
-        accounts = self.get_permissions_accounts(perms, with_actions=with_actions)
+        accounts = self.get_perm_accounts_for_permissions(perms, with_actions=with_actions)
        return accounts
-    def get_user_perm_accounts(self, user, with_actions=False):
+    def get_perm_accounts_for_user(self, user, with_actions=False):
        """ 获取授权给用户的所有账号 """
        perms = self.get_permissions_for_user(user)
-        accounts = self.get_permissions_accounts(perms, with_actions=with_actions)
+        accounts = self.get_perm_accounts_for_permissions(perms, with_actions=with_actions)
        return accounts
    def get_perm_accounts_for_user_group_asset(self, user_group, asset, with_actions=False):
        perms = self.get_permissions_for_user_group_asset(user_group, asset)
        accounts = self.get_perm_accounts_for_permissions(perms, with_actions=with_actions)
        return accounts
    @staticmethod
-    def get_permissions_accounts(permissions, with_actions=False):
+    def get_perm_accounts_for_permissions(permissions, with_actions=False):
        aid_actions_map = defaultdict(int)
        for perm in permissions:
            account_ids = perm.get_all_accounts(flat=True)
--- a/apps/perms/utils/permission.py
+++ b/apps/perms/utils/permission.py
@ -22,6 +22,13 @@ class AssetPermissionUtil(object):
        perms = AssetPermission.objects.filter(id__in=perm_ids)
        return perms
    def get_permissions_for_user_group_asset(self, user_group, asset):
        user_perm_ids = self.get_permissions_for_user_groups([user_group], flat=True)
        asset_perm_ids = self.get_permissions_for_asset(asset, flat=True)
        perm_ids = set(user_perm_ids) & set(asset_perm_ids)
        perms = AssetPermission.objects.filter(id__in=perm_ids)
        return perms
    def get_permissions_for_user(self, user, with_group=True, flat=False):
        """ 获取用户的授权规则 """
        perm_ids = set()
@ -42,7 +49,10 @@ class AssetPermissionUtil(object):
    @staticmethod
    def get_permissions_for_user_groups(user_groups, flat=False):
        """ 获取用户组的授权规则 """
-        group_ids = user_groups.values_list('id', flat=True).distinct()
+        if isinstance(user_groups, list):
            group_ids = [g.id for g in user_groups]
        else:
            group_ids = user_groups.values_list('id', flat=True).distinct()
        group_perm_ids = AssetPermission.user_groups.through.objects\
            .filter(usergroup_id__in=group_ids)\
            .values_list('assetpermission_id', flat=True).distinct()