github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

pref: 修改授权规则

pull/9044/head
ibuler 2022-11-09 20:58:45 +08:00
parent 2d479d1ffa
commit 1ffcf8f39c
3 changed files with 24 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
apps/perms/api/user_permission/assets/api.py
View File

@ -14,16 +14,15 @@ __all__ = [
'MyFavoriteGrantedAssetsApi', 'UserDirectGrantedAssetsAsTreeApi', 'MyFavoriteGrantedAssetsApi', 'UserDirectGrantedAssetsAsTreeApi',
'MyUngroupAssetsAsTreeApi', 'MyUngroupAssetsAsTreeApi',
'UserAllGrantedAssetsApi', 'MyAllGrantedAssetsApi', 'MyAllAssetsAsTreeApi', 'UserAllGrantedAssetsApi', 'MyAllGrantedAssetsApi', 'MyAllAssetsAsTreeApi',
'UserGrantedNodeAssetsApi', 'UserGrantedNodeAssetsApi', 'MyGrantedNodeAssetsApi',
'MyGrantedNodeAssetsApi',
] ]
logger = get_logger(__name__) logger = get_logger(__name__)
class UserDirectGrantedAssetsApi( class UserDirectGrantedAssetsApi(
AssetRoleAdminMixin, AssetRoleAdminMixin, UserDirectGrantedAssetsQuerysetMixin,
UserDirectGrantedAssetsQuerysetMixin, AssetsSerializerFormatMixin, ListAPIView AssetsSerializerFormatMixin, ListAPIView
): ):
""" 直接授权给用户的资产 """ """ 直接授权给用户的资产 """
pass pass
@ -35,8 +34,8 @@ class MyDirectGrantedAssetsApi(AssetRoleUserMixin, UserDirectGrantedAssetsApi):
class UserFavoriteGrantedAssetsApi( class UserFavoriteGrantedAssetsApi(
AssetRoleAdminMixin, AssetRoleAdminMixin, UserFavoriteGrantedAssetsMixin,
UserFavoriteGrantedAssetsMixin, AssetsSerializerFormatMixin, ListAPIView AssetsSerializerFormatMixin, ListAPIView
): ):
""" 用户收藏的授权资产 """ """ 用户收藏的授权资产 """
pass pass
@ -63,8 +62,8 @@ class MyUngroupAssetsAsTreeApi(AssetRoleUserMixin, UserDirectGrantedAssetsAsTree
class UserAllGrantedAssetsApi( class UserAllGrantedAssetsApi(
AssetRoleAdminMixin, AssetRoleAdminMixin, UserAllGrantedAssetsQuerysetMixin,
UserAllGrantedAssetsQuerysetMixin, AssetsSerializerFormatMixin, ListAPIView AssetsSerializerFormatMixin, ListAPIView
): ):
""" 授权给用户的所有资产 """ """ 授权给用户的所有资产 """
pass pass
@ -81,7 +80,8 @@ class MyAllAssetsAsTreeApi(AssetsTreeFormatMixin, MyAllGrantedAssetsApi):
class UserGrantedNodeAssetsApi( class UserGrantedNodeAssetsApi(
AssetRoleAdminMixin, UserGrantedNodeAssetsMixin, AssetsSerializerFormatMixin, ListAPIView AssetRoleAdminMixin, UserGrantedNodeAssetsMixin,
AssetsSerializerFormatMixin, ListAPIView
): ):
""" 授权给用户的节点资产 """ """ 授权给用户的节点资产 """
pass pass

9
apps/perms/api/user_permission/assets/mixin.py
View File

@ -1,11 +1,11 @@
from rest_framework.response import Response from rest_framework.response import Response
from rest_framework.request import Request from rest_framework.request import Request
from common.utils import get_logger
from users.models import User from users.models import User
from assets.api.mixin import SerializeToTreeNodeMixin from assets.api.mixin import SerializeToTreeNodeMixin
from common.utils import get_logger
from perms.pagination import NodeGrantedAssetPagination, AllGrantedAssetPagination
from assets.models import Asset, Node from assets.models import Asset, Node
from perms.pagination import NodeGrantedAssetPagination, AllGrantedAssetPagination
from perms import serializers from perms import serializers
from perms.utils.user_permission import UserGrantedAssetsQueryUtils from perms.utils.user_permission import UserGrantedAssetsQueryUtils
@ -21,8 +21,7 @@ class UserDirectGrantedAssetsQuerysetMixin:
def get_queryset(self): def get_queryset(self):
if getattr(self, 'swagger_fake_view', False): if getattr(self, 'swagger_fake_view', False):
return Asset.objects.none() return Asset.objects.none()
user = self.user assets = UserGrantedAssetsQueryUtils(self.user) \
assets = UserGrantedAssetsQueryUtils(user) \
.get_direct_granted_assets() \ .get_direct_granted_assets() \
.prefetch_related('platform') \ .prefetch_related('platform') \
.only(*self.only_fields) .only(*self.only_fields)
@ -32,7 +31,7 @@ class UserDirectGrantedAssetsQuerysetMixin:
class UserAllGrantedAssetsQuerysetMixin: class UserAllGrantedAssetsQuerysetMixin:
only_fields = serializers.AssetGrantedSerializer.Meta.only_fields only_fields = serializers.AssetGrantedSerializer.Meta.only_fields
pagination_class = AllGrantedAssetPagination pagination_class = AllGrantedAssetPagination
ordering_fields = ("name", "address", "port", "cpu_cores") ordering_fields = ("name", "address")
ordering = ('name', ) ordering = ('name', )
user: User user: User

18
apps/perms/serializers/user_permission.py
View File

@ -4,14 +4,14 @@
from rest_framework import serializers from rest_framework import serializers
from django.utils.translation import ugettext_lazy as _ from django.utils.translation import ugettext_lazy as _
from common.drf.fields import ObjectRelatedField, LabeledChoiceField
from assets.models import Node, Asset, Platform, Account from assets.models import Node, Asset, Platform, Account
from assets.const import Category, AllTypes
from perms.serializers.permission import ActionsField from perms.serializers.permission import ActionsField
__all__ = [ __all__ = [
'NodeGrantedSerializer', 'NodeGrantedSerializer', 'AssetGrantedSerializer',
'AssetGrantedSerializer', 'ActionsSerializer', 'AccountsGrantedSerializer'
'ActionsSerializer',
'AccountsGrantedSerializer'
] ]
@ -20,14 +20,18 @@ class AssetGrantedSerializer(serializers.ModelSerializer):
platform = serializers.SlugRelatedField( platform = serializers.SlugRelatedField(
slug_field='name', queryset=Platform.objects.all(), label=_("Platform") slug_field='name', queryset=Platform.objects.all(), label=_("Platform")
) )
protocols = ObjectRelatedField(read_only=True, many=True)
category = LabeledChoiceField(choices=Category.choices, read_only=True, label=_('Category'))
type = LabeledChoiceField(choices=AllTypes.choices(), read_only=True, label=_('Type'))
class Meta: class Meta:
model = Asset model = Asset
only_fields = [ only_fields = [
"id", "name", "address", "protocols", 'domain', "id", "name", "address", "protocols",
"platform", "comment", "org_id", "is_active" 'domain', 'platform',
"comment", "org_id", "is_active",
] ]
fields = only_fields + ['org_name'] fields = only_fields + ['category', 'type'] + ['org_name']
read_only_fields = fields read_only_fields = fields