|
|
|
@ -177,116 +177,6 @@ class AssetPermission(OrgModelMixin):
|
|
|
|
names = [node.full_value for node in self.nodes.all()]
|
|
|
|
names = [node.full_value for node in self.nodes.all()]
|
|
|
|
return names
|
|
|
|
return names
|
|
|
|
|
|
|
|
|
|
|
|
# Accounts
|
|
|
|
|
|
|
|
@classmethod
|
|
|
|
|
|
|
|
def get_perm_asset_accounts(cls, user=None, user_group=None, asset=None, with_actions=True):
|
|
|
|
|
|
|
|
perms = cls.filter(user=user, user_group=user_group, asset=asset)
|
|
|
|
|
|
|
|
account_names = cls.retrieve_account_names(perms)
|
|
|
|
|
|
|
|
accounts = asset.filter_accounts(account_names)
|
|
|
|
|
|
|
|
if with_actions:
|
|
|
|
|
|
|
|
cls.set_accounts_actions(accounts, perms=perms)
|
|
|
|
|
|
|
|
return accounts
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@classmethod
|
|
|
|
|
|
|
|
def set_accounts_actions(cls, accounts, perms):
|
|
|
|
|
|
|
|
account_names_actions_map = cls.get_account_names_actions_map(accounts, perms)
|
|
|
|
|
|
|
|
for account in accounts:
|
|
|
|
|
|
|
|
account.actions = account_names_actions_map.get(account.username)
|
|
|
|
|
|
|
|
return accounts
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@classmethod
|
|
|
|
|
|
|
|
def get_account_names_actions_map(cls, accounts, perms):
|
|
|
|
|
|
|
|
account_names_actions_map = defaultdict(int)
|
|
|
|
|
|
|
|
account_names = accounts.values_list('username', flat=True)
|
|
|
|
|
|
|
|
perms = perms.filter_by_accounts(account_names)
|
|
|
|
|
|
|
|
account_names_actions = perms.values_list('accounts', 'actions')
|
|
|
|
|
|
|
|
for account_names, actions in account_names_actions:
|
|
|
|
|
|
|
|
for account_name in account_names:
|
|
|
|
|
|
|
|
account_names_actions_map[account_name] |= actions
|
|
|
|
|
|
|
|
return account_names_actions_map
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@classmethod
|
|
|
|
|
|
|
|
def retrieve_account_names(cls, perms):
|
|
|
|
|
|
|
|
account_names = set()
|
|
|
|
|
|
|
|
for perm in perms:
|
|
|
|
|
|
|
|
if not isinstance(perm.accounts, list):
|
|
|
|
|
|
|
|
continue
|
|
|
|
|
|
|
|
account_names.update(perm.accounts)
|
|
|
|
|
|
|
|
return account_names
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@classmethod
|
|
|
|
|
|
|
|
def filter(cls, user=None, user_group=None, asset=None, account_names=None):
|
|
|
|
|
|
|
|
""" 获取同时包含 用户(组)-资产-账号 的授权规则, 条件之间都是 & 的关系"""
|
|
|
|
|
|
|
|
perm_ids = []
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if user:
|
|
|
|
|
|
|
|
user_perm_ids = cls.filter_by_user(user, flat=True)
|
|
|
|
|
|
|
|
perm_ids.append(user_perm_ids)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if user_group:
|
|
|
|
|
|
|
|
user_group_perm_ids = cls.filter_by_user_group(user_group, flat=True)
|
|
|
|
|
|
|
|
perm_ids.append(user_group_perm_ids)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if asset:
|
|
|
|
|
|
|
|
asset_perm_ids = cls.filter_by_asset(asset, flat=True)
|
|
|
|
|
|
|
|
perm_ids.append(asset_perm_ids)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# & 是同时满足,比如有用户,但是用户的规则是空,那么返回也应该是空
|
|
|
|
|
|
|
|
perm_ids = list(reduce(lambda x, y: set(x) & set(y), perm_ids))
|
|
|
|
|
|
|
|
perms = cls.objects.filter(id__in=perm_ids)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if account_names:
|
|
|
|
|
|
|
|
perms = perms.filter_by_accounts(account_names)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
perms = perms.valid().order_by('-date_expired')
|
|
|
|
|
|
|
|
return perms
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@classmethod
|
|
|
|
|
|
|
|
def filter_by_user(cls, user, with_group=True, flat=False):
|
|
|
|
|
|
|
|
perm_ids = set()
|
|
|
|
|
|
|
|
user_perm_ids = AssetPermission.users.through.objects.filter(
|
|
|
|
|
|
|
|
user_id=user.id
|
|
|
|
|
|
|
|
).values_list('assetpermission_id', flat=True).distinct()
|
|
|
|
|
|
|
|
perm_ids.update(user_perm_ids)
|
|
|
|
|
|
|
|
if with_group:
|
|
|
|
|
|
|
|
usergroup_ids = user.get_groups(flat=True)
|
|
|
|
|
|
|
|
usergroups_perm_id = AssetPermission.user_groups.through.objects.filter(
|
|
|
|
|
|
|
|
usergroup_id__in=usergroup_ids
|
|
|
|
|
|
|
|
).values_list('assetpermission_id', flat=True).distinct()
|
|
|
|
|
|
|
|
perm_ids.update(usergroups_perm_id)
|
|
|
|
|
|
|
|
if flat:
|
|
|
|
|
|
|
|
return perm_ids
|
|
|
|
|
|
|
|
perms = cls.objects.filter(id__in=perm_ids).valid()
|
|
|
|
|
|
|
|
return perms
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@classmethod
|
|
|
|
|
|
|
|
def filter_by_user_group(cls, user_group, flat=False):
|
|
|
|
|
|
|
|
perm_ids = AssetPermission.user_groups.through.objects.filter(
|
|
|
|
|
|
|
|
usergroup_id=user_group
|
|
|
|
|
|
|
|
).values_list('assetpermission_id', flat=True)
|
|
|
|
|
|
|
|
if flat:
|
|
|
|
|
|
|
|
return set(perm_ids)
|
|
|
|
|
|
|
|
perms = cls.objects.filter(id__in=perm_ids).valid()
|
|
|
|
|
|
|
|
return perms
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@classmethod
|
|
|
|
|
|
|
|
def filter_by_asset(cls, asset, with_node=True, flat=False):
|
|
|
|
|
|
|
|
perm_ids = set()
|
|
|
|
|
|
|
|
asset_perm_ids = AssetPermission.assets.through.objects.filter(
|
|
|
|
|
|
|
|
asset_id=asset.id
|
|
|
|
|
|
|
|
).values_list('assetpermission_id', flat=True).distinct()
|
|
|
|
|
|
|
|
perm_ids.update(asset_perm_ids)
|
|
|
|
|
|
|
|
if with_node:
|
|
|
|
|
|
|
|
node_ids = asset.get_all_nodes(flat=True)
|
|
|
|
|
|
|
|
node_perm_ids = AssetPermission.nodes.through.objects.filter(
|
|
|
|
|
|
|
|
node_id__in=node_ids
|
|
|
|
|
|
|
|
).values_list('assetpermission_id', flat=True).distinct()
|
|
|
|
|
|
|
|
perm_ids.update(node_perm_ids)
|
|
|
|
|
|
|
|
if flat:
|
|
|
|
|
|
|
|
return perm_ids
|
|
|
|
|
|
|
|
perms = cls.objects.filter(id__in=perm_ids).valid()
|
|
|
|
|
|
|
|
return perms
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class UserAssetGrantedTreeNodeRelation(OrgModelMixin, FamilyMixin, BaseCreateUpdateModel):
|
|
|
|
class UserAssetGrantedTreeNodeRelation(OrgModelMixin, FamilyMixin, BaseCreateUpdateModel):
|
|
|
|
class NodeFrom(TextChoices):
|
|
|
|
class NodeFrom(TextChoices):
|
|
|
|
|
Jiangjie.Bai
2 years ago