diff --git a/apps/rbac/const.py b/apps/rbac/const.py index 9e25279fb..ae1f9dfb9 100644 --- a/apps/rbac/const.py +++ b/apps/rbac/const.py @@ -36,6 +36,7 @@ exclude_permissions = ( ('assets', 'favoriteasset', '*', '*'), ('assets', 'historicalauthbook', '*', '*'), ('assets', 'assetuser', '*', '*'), + ('assets', 'gathereduser', 'add,delete,change', 'gathereduser'), ('perms', 'databaseapppermission', '*', '*'), ('perms', 'k8sapppermission', '*', '*'), ('perms', 'remoteapppermission', '*', '*'), diff --git a/apps/rbac/ztree/__init__.py b/apps/rbac/ztree/__init__.py deleted file mode 100644 index e69de29bb..000000000 diff --git a/apps/rbac/ztree/permissions.py b/apps/rbac/ztree/permissions.py deleted file mode 100644 index 5c5a7a37b..000000000 --- a/apps/rbac/ztree/permissions.py +++ /dev/null @@ -1,259 +0,0 @@ -# @ 分割符 $ 企业版 # ! 系统级别 # # 组织级别 # 控制台 -flag_sep = '@' -flag_license_required = '$' -flag_scope_system = '!' -# flag_scop_org = '#' - -permission_paths = [ - # format: 权限树路径 / app.codename @ 企业版、系统级别 - '/root/view/view_console/rbac.view_console', - '/root/view/view_console/rbac.view_dashboard', - '/root/view/view_console/user_management/user_list/users.view_user', - '/root/view/view_console/user_management/user_list/users.add_user', - '/root/view/view_console/user_management/user_list/users.change_user', - '/root/view/view_console/user_management/user_list/users.delete_user', - f'/root/view/view_console/user_management/user_list/users.invite_user{flag_sep}{flag_license_required}', - f'/root/view/view_console/user_management/user_list/users.remove_user{flag_sep}{flag_license_required}', - '/root/view/view_console/user_management/user_list/user_detail/perms.view_userassets', - '/root/view/view_console/user_management/user_list/user_detail/asset_perm/perms.view_assetpermission', - '/root/view/view_console/user_management/user_list/user_detail/asset_perm/perms.change_assetpermission', - '/root/view/view_console/user_management/user_list/user_detail/asset_perm/perms.delete_assetpermission', - '/root/view/view_console/user_management/user_list/user_detail/perms.view_userapps', - '/root/view/view_console/user_management/user_list/user_detail/app_perm/perms.view_applicationpermission', - '/root/view/view_console/user_management/user_list/user_detail/app_perm/perms.change_applicationpermission', - '/root/view/view_console/user_management/user_list/user_detail/app_perm/perms.delete_applicationpermission', - '/root/view/view_console/user_management/user_list/user_detail/user_login_acl/acls.view_loginacl', - '/root/view/view_console/user_management/user_list/user_detail/user_login_acl/acls.add_loginacl', - '/root/view/view_console/user_management/user_list/user_detail/user_login_acl/acls.change_loginacl', - '/root/view/view_console/user_management/user_list/user_detail/user_login_acl/acls.delete_loginacl', - '/root/view/view_console/user_management/user_group_list/users.view_usergroup', - '/root/view/view_console/user_management/user_group_list/users.add_usergroup', - '/root/view/view_console/user_management/user_group_list/users.change_usergroup', - '/root/view/view_console/user_management/user_group_list/users.delete_usergroup', - '/root/view/view_console/user_management/user_group_list/user_group_detail/perms.view_permusergroupasset', - '/root/view/view_console/user_management/role_list/permission_list/rbac.view_permission', - '/root/view/view_console/user_management/role_list/org_role/rbac.view_orgrole', - '/root/view/view_console/user_management/role_list/org_role/rbac.add_orgrole', - '/root/view/view_console/user_management/role_list/org_role/rbac.change_orgrole', - '/root/view/view_console/user_management/role_list/org_role/rbac.delete_orgrole', - '/root/view/view_console/user_management/role_list/org_role/org_role_detail/rbac.view_orgrolebinding', - '/root/view/view_console/user_management/role_list/org_role/org_role_detail/rbac.add_orgrolebinding', - '/root/view/view_console/user_management/role_list/org_role/org_role_detail/rbac.delete_orgrolebinding', - '/root/view/view_console/user_management/role_list/system_role/rbac.view_systemrole', - '/root/view/view_console/user_management/role_list/system_role/rbac.add_systemrole', - '/root/view/view_console/user_management/role_list/system_role/rbac.change_systemrole', - '/root/view/view_console/user_management/role_list/system_role/rbac.delete_systemrole', - '/root/view/view_console/user_management/role_list/system_role/system_role_detail/rbac.view_systemrolebinding', - '/root/view/view_console/user_management/role_list/system_role/system_role_detail/rbac.add_systemrolebinding', - '/root/view/view_console/user_management/role_list/system_role/system_role_detail/rbac.delete_systemrolebinding', - - '/root/view/view_console/asset_management/asset_list/assets.view_asset', - '/root/view/view_console/asset_management/asset_list/assets.add_asset', - '/root/view/view_console/asset_management/asset_list/assets.change_asset', - '/root/view/view_console/asset_management/asset_list/assets.delete_asset', - '/root/view/view_console/asset_management/asset_list/assets.test_assetconnectivity', - '/root/view/view_console/asset_management/asset_list/assets.refresh_assethardwareinfo', - '/root/view/view_console/asset_management/asset_list/assets.push_assetsystemuser', - '/root/view/view_console/asset_management/asset_list/assets.match_asset', - '/root/view/view_console/asset_management/asset_list/node_tree/assets.view_node', - '/root/view/view_console/asset_management/asset_list/node_tree/assets.add_node', - '/root/view/view_console/asset_management/asset_list/node_tree/assets.change_node', - '/root/view/view_console/asset_management/asset_list/node_tree/assets.delete_node', - '/root/view/view_console/asset_management/asset_list/node_tree/assets.add_assettonode', - '/root/view/view_console/asset_management/asset_list/node_tree/assets.move_assettonode', - f'/root/view/view_console/asset_management/asset_list/cloud_sync/sync_instance_task_list/xpack.view_syncinstancetask{flag_sep}{flag_license_required}', - f'/root/view/view_console/asset_management/asset_list/cloud_sync/sync_instance_task_list/xpack.add_syncinstancetask{flag_sep}{flag_license_required}', - f'/root/view/view_console/asset_management/asset_list/cloud_sync/sync_instance_task_list/xpack.change_syncinstancetask{flag_sep}{flag_license_required}', - f'/root/view/view_console/asset_management/asset_list/cloud_sync/sync_instance_task_list/xpack.delete_syncinstancetask{flag_sep}{flag_license_required}', - f'/root/view/view_console/asset_management/asset_list/cloud_sync/sync_instance_task_list/xpack.add_syncinstancetaskexecution{flag_sep}{flag_license_required}', - f'/root/view/view_console/asset_management/asset_list/cloud_sync/sync_instance_task_list/sync_instance_task_detail/xpack.view_syncinstancetaskexecution{flag_sep}{flag_license_required}', - f'/root/view/view_console/asset_management/asset_list/cloud_sync/sync_instance_task_list/sync_instance_task_detail/xpack.view_syncinstancedetail{flag_sep}{flag_license_required}', - f'/root/view/view_console/asset_management/asset_list/cloud_sync/account_list/xpack.view_account{flag_sep}{flag_license_required}', - f'/root/view/view_console/asset_management/asset_list/cloud_sync/account_list/xpack.add_account{flag_sep}{flag_license_required}', - f'/root/view/view_console/asset_management/asset_list/cloud_sync/account_list/xpack.change_account{flag_sep}{flag_license_required}', - f'/root/view/view_console/asset_management/asset_list/cloud_sync/account_list/xpack.delete_account{flag_sep}{flag_license_required}', - f'/root/view/view_console/asset_management/asset_list/cloud_sync/account_list/xpack.test_account{flag_sep}{flag_license_required}', - '/root/view/view_console/asset_management/domain_list/assets.view_domain', - '/root/view/view_console/asset_management/domain_list/assets.add_domain', - '/root/view/view_console/asset_management/domain_list/assets.change_domain', - '/root/view/view_console/asset_management/domain_list/assets.delete_domain', - '/root/view/view_console/asset_management/domain_list/gateway_list/assets.view_gateway', - '/root/view/view_console/asset_management/domain_list/gateway_list/assets.add_gateway', - '/root/view/view_console/asset_management/domain_list/gateway_list/assets.change_gateway', - '/root/view/view_console/asset_management/domain_list/gateway_list/assets.delete_gateway', - '/root/view/view_console/asset_management/domain_list/gateway_list/assets.test_gateway', - '/root/view/view_console/asset_management/system_user/assets.view_systemuser', - '/root/view/view_console/asset_management/system_user/assets.add_systemuser', - '/root/view/view_console/asset_management/system_user/assets.change_systemuser', - '/root/view/view_console/asset_management/system_user/assets.delete_systemuser', - '/root/view/view_console/asset_management/system_user/assets.test_assetconnectivity', - '/root/view/view_console/asset_management/system_user/assets.push_assetsystemuser', - '/root/view/view_console/asset_management/system_user/system_user_detail/system_user_asset_list/assets.view_systemuserasset', - '/root/view/view_console/asset_management/system_user/system_user_detail/system_user_asset_list/assets.add_systemuserasset', - '/root/view/view_console/asset_management/system_user/system_user_detail/system_user_asset_list/assets.remove_systemuserasset', - '/root/view/view_console/asset_management/system_user/system_user_detail/system_user_account_list/assets.view_authbook', - '/root/view/view_console/asset_management/system_user/system_user_detail/system_user_account_list/assets.change_authbook', - '/root/view/view_console/asset_management/system_user/system_user_detail/system_user_account_list/assets.delete_authbook', - '/root/view/view_console/asset_management/system_user/system_user_detail/system_user_account_list/assets.test_authbook', - '/root/view/view_console/asset_management/command_filter/assets.view_commandfilter', - '/root/view/view_console/asset_management/command_filter/assets.add_commandfilter', - '/root/view/view_console/asset_management/command_filter/assets.change_commandfilter', - '/root/view/view_console/asset_management/command_filter/assets.delete_commandfilter', - '/root/view/view_console/asset_management/command_filter/command_filter_rule/assets.view_commandfilterrule', - '/root/view/view_console/asset_management/command_filter/command_filter_rule/assets.add_commandfilterrule', - '/root/view/view_console/asset_management/command_filter/command_filter_rule/assets.change_commandfilterrule', - '/root/view/view_console/asset_management/command_filter/command_filter_rule/assets.delete_commandfilterrule', - '/root/view/view_console/asset_management/platform_list/assets.view_platform', - '/root/view/view_console/asset_management/platform_list/assets.add_platform', - '/root/view/view_console/asset_management/platform_list/assets.change_platform', - '/root/view/view_console/asset_management/platform_list/assets.delete_platform', - '/root/view/view_console/asset_management/label_management/assets.view_label', - '/root/view/view_console/asset_management/label_management/assets.add_label', - '/root/view/view_console/asset_management/label_management/assets.change_label', - '/root/view/view_console/asset_management/label_management/assets.delete_label', - - '/root/view/view_console/app_management/remote_app/applications.view_remoteapp', - '/root/view/view_console/app_management/remote_app/applications.add_remoteapp', - '/root/view/view_console/app_management/remote_app/applications.change_remoteapp', - '/root/view/view_console/app_management/remote_app/applications.delete_remoteapp', - '/root/view/view_console/app_management/db_app/applications.view_databaseapp', - '/root/view/view_console/app_management/db_app/applications.add_databaseapp', - '/root/view/view_console/app_management/db_app/applications.change_databaseapp', - '/root/view/view_console/app_management/db_app/applications.delete_databaseapp', - '/root/view/view_console/app_management/k8s_app/applications.view_kubernetesapp', - '/root/view/view_console/app_management/k8s_app/applications.add_kubernetesapp', - '/root/view/view_console/app_management/k8s_app/applications.change_kubernetesapp', - '/root/view/view_console/app_management/k8s_app/applications.delete_kubernetesapp', - - '/root/view/view_console/account_management/asset_account/assets.view_authbook', - '/root/view/view_console/account_management/asset_account/assets.add_authbook', - '/root/view/view_console/account_management/asset_account/assets.change_authbook', - '/root/view/view_console/account_management/asset_account/assets.delete_authbook', - '/root/view/view_console/account_management/asset_account/assets.test_authbook', - '/root/view/view_console/account_management/application_account/applications.view_account', - '/root/view/view_console/account_management/application_account/applications.add_account', - '/root/view/view_console/account_management/application_account/applications.change_account', - '/root/view/view_console/account_management/application_account/applications.delete_account', - '/root/view/view_console/account_management/gather_user/gather_user_list/assets.view_gathereduser', - '/root/view/view_console/account_management/gather_user/gather_user_task_list/xpack.view_gatherusertask', - '/root/view/view_console/account_management/gather_user/gather_user_task_list/xpack.add_gatherusertask', - '/root/view/view_console/account_management/gather_user/gather_user_task_list/xpack.change_gatherusertask', - '/root/view/view_console/account_management/gather_user/gather_user_task_list/xpack.delete_gatherusertask', - '/root/view/view_console/account_management/gather_user/gather_user_task_list/xpack.add_gatherusertaskexecution', - '/root/view/view_console/account_management/gather_user/gather_user_task_list/xpack.view_gatherusertaskexecution', - '/root/view/view_console/account_management/change_auth_plan/asset_change_auth_plan/xpack.view_changeauthplan', - '/root/view/view_console/account_management/change_auth_plan/asset_change_auth_plan/xpack.add_changeauthplan', - '/root/view/view_console/account_management/change_auth_plan/asset_change_auth_plan/xpack.change_changeauthplan', - '/root/view/view_console/account_management/change_auth_plan/asset_change_auth_plan/xpack.delete_changeauthplan', - '/root/view/view_console/account_management/change_auth_plan/asset_change_auth_plan/xpack.add_changeauthplanexecution', - '/root/view/view_console/account_management/change_auth_plan/asset_change_auth_plan/xpack.view_changeauthplanexecution', - '/root/view/view_console/account_management/change_auth_plan/app_change_auth_plan/xpack.view_applicationchangeauthplan', - '/root/view/view_console/account_management/change_auth_plan/app_change_auth_plan/xpack.add_applicationchangeauthplan', - '/root/view/view_console/account_management/change_auth_plan/app_change_auth_plan/xpack.change_applicationchangeauthplan', - '/root/view/view_console/account_management/change_auth_plan/app_change_auth_plan/xpack.delete_applicationchangeauthplan', - '/root/view/view_console/account_management/change_auth_plan/app_change_auth_plan/xpack.add_applicationchangeauthplanexecution', - '/root/view/view_console/account_management/change_auth_plan/app_change_auth_plan/xpack.view_applicationchangeauthplanexecution', - '/root/view/view_console/account_management/account_backup/assets.view_accountbackupplan', - '/root/view/view_console/account_management/account_backup/assets.add_accountbackupplan', - '/root/view/view_console/account_management/account_backup/assets.change_accountbackupplan', - '/root/view/view_console/account_management/account_backup/assets.delete_accountbackupplan', - '/root/view/view_console/account_management/account_backup/assets.add_accountbackupplanexecution', - '/root/view/view_console/account_management/account_backup/assets.view_accountbackupplanexecution', - - '/root/view/view_console/perm_management/asset_permission/perms.view_assetpermission', - '/root/view/view_console/perm_management/asset_permission/perms.add_assetpermission', - '/root/view/view_console/perm_management/asset_permission/perms.change_assetpermission', - '/root/view/view_console/perm_management/asset_permission/perms.delete_assetpermission', - '/root/view/view_console/perm_management/app_permission/perms.view_applicationpermission', - '/root/view/view_console/perm_management/app_permission/perms.add_applicationpermission', - '/root/view/view_console/perm_management/app_permission/perms.change_applicationpermission', - '/root/view/view_console/perm_management/app_permission/perms.delete_applicationpermission', - - '/root/view/view_console/access_control/asset_login/acls.view_loginassetacl', - '/root/view/view_console/access_control/asset_login/acls.add_loginassetacl', - '/root/view/view_console/access_control/asset_login/acls.change_loginassetacl', - '/root/view/view_console/access_control/asset_login/acls.delete_loginassetacl', - - '/root/view/view_console/job_center/task_list/ops.view_task', - '/root/view/view_console/job_center/task_list/ops.delete_task', - '/root/view/view_console/job_center/task_list/ops.add_adhocexecution', - '/root/view/view_console/job_center/task_list/task_list_detail/ops.view_adhoc', - '/root/view/view_console/job_center/task_list/task_list_detail/ops.view_adhocexecution', - '/root/view/view_console/job_center/ops.view_taskmonitor', - - '/root/view/view_audit/rbac.view_audit', - '/root/view/view_audit/rbac.view_dashboard', - '/root/view/view_audit/session_audit/session_record/terminal.view_session', - '/root/view/view_audit/session_audit/session_record/terminal.terminate_session', - '/root/view/view_audit/session_audit/session_record/terminal.monitor_session', - '/root/view/view_audit/session_audit/session_record/session_detail/terminal.view_command', - '/root/view/view_audit/session_audit/session_record/session_detail/terminal.view_sessionjoinrecord', - '/root/view/view_audit/session_audit/command_record/terminal.view_command', - '/root/view/view_audit/session_audit/command_record/terminal.view_commandstorage', - '/root/view/view_audit/session_audit/file_transfer/audits.view_ftplog', - '/root/view/view_audit/log_audit/audits.view_userloginlog', - '/root/view/view_audit/log_audit/audits.view_operatelog', - '/root/view/view_audit/log_audit/audits.view_passwordchangelog', - '/root/view/view_audit/log_audit/ops.view_commandexecution', - - '/root/view/view_workspace/rbac.view_workspace', - '/root/view/view_workspace/rbac.view_overview', - '/root/view/view_workspace/my_asset/perms.view_myassets', - '/root/view/view_workspace/my_asset/perms.connect_myassets', - '/root/view/view_workspace/my_app/my_remote_app/perms.view_myremoteapp', - '/root/view/view_workspace/my_app/my_remote_app/perms.connect_myremoteapp', - '/root/view/view_workspace/my_app/my_db_app/perms.view_mydatabaseapp', - '/root/view/view_workspace/my_app/my_db_app/perms.connect_mydatabaseapp', - '/root/view/view_workspace/my_app/my_k8s_app/perms.view_mykubernetesapp', - '/root/view/view_workspace/my_app/my_k8s_app/perms.connect_mykubernetesapp', - '/root/view/view_workspace/ops.add_commandexecution', - '/root/view/view_workspace/rbac.view_webterminal', - '/root/view/view_workspace/rbac.view_filemanager', - - '/root/notifications.view_sitemessage', - '/root/rbac.view_webterminal', - - f'/root/system_setting/settings.change_basic{flag_sep}{flag_scope_system}', - f'/root/system_setting/settings.change_email{flag_sep}{flag_scope_system}', - f'/root/system_setting/settings.change_auth{flag_sep}{flag_scope_system}', - f'/root/system_setting/notifications.change_systemmsgsubscription{flag_sep}{flag_scope_system}', - f'/root/system_setting/settings.change_sms{flag_sep}{flag_scope_system}{flag_license_required}', - f'/root/system_setting/terminal_setting/settings.change_terminal_basic_setting{flag_sep}{flag_scope_system}', - f'/root/system_setting/terminal_setting/terminal_management/terminal.view_terminal{flag_sep}{flag_scope_system}', - f'/root/system_setting/terminal_setting/terminal_management/terminal.change_terminal{flag_sep}{flag_scope_system}', - f'/root/system_setting/terminal_setting/terminal_management/terminal.delete_terminal{flag_sep}{flag_scope_system}', - f'/root/system_setting/terminal_setting/replay_storage/terminal.view_replaystorage{flag_sep}{flag_scope_system}', - f'/root/system_setting/terminal_setting/replay_storage/terminal.add_replaystorage{flag_sep}{flag_scope_system}', - f'/root/system_setting/terminal_setting/replay_storage/terminal.change_replaystorage{flag_sep}{flag_scope_system}', - f'/root/system_setting/terminal_setting/replay_storage/terminal.delete_replaystorage{flag_sep}{flag_scope_system}', - f'/root/system_setting/terminal_setting/command_storage/terminal.view_commandstorage{flag_sep}{flag_scope_system}', - f'/root/system_setting/terminal_setting/command_storage/terminal.add_commandstorage{flag_sep}{flag_scope_system}', - f'/root/system_setting/terminal_setting/command_storage/terminal.change_commandstorage{flag_sep}{flag_scope_system}', - f'/root/system_setting/terminal_setting/command_storage/terminal.delete_commandstorage{flag_sep}{flag_scope_system}', - f'/root/system_setting/terminal_setting/terminal.view_status{flag_sep}{flag_scope_system}', - f'/root/system_setting/settings.change_security{flag_sep}{flag_scope_system}', - f'/root/system_setting/settings.change_clean{flag_sep}{flag_scope_system}{flag_license_required}', - f'/root/system_setting/org_management/orgs.view_rootorg{flag_sep}{flag_scope_system}{flag_license_required}', - f'/root/system_setting/org_management/orgs.view_organization{flag_sep}{flag_scope_system}{flag_license_required}', - f'/root/system_setting/org_management/orgs.add_organization{flag_sep}{flag_scope_system}{flag_license_required}', - f'/root/system_setting/org_management/orgs.change_organization{flag_sep}{flag_scope_system}{flag_license_required}', - f'/root/system_setting/org_management/orgs.delete_organization{flag_sep}{flag_scope_system}{flag_license_required}', - f'/root/system_setting/settings.change_other{flag_sep}{flag_scope_system}', - f'/root/system_setting/license/xpack.view_license{flag_sep}{flag_scope_system}', - f'/root/system_setting/license/xpack.add_license{flag_sep}{flag_scope_system}', - - f'/root/ticket/tickets.view_ticket{flag_sep}{flag_license_required}', - f'/root/ticket/tickets.add_ticket{flag_sep}{flag_license_required}', - f'/root/ticket/ticket_detail/tickets.change_ticket{flag_sep}{flag_license_required}', - f'/root/ticket/ticket_detail/tickets.add_comment{flag_sep}{flag_license_required}', - f'/root/ticket/ticket_detail/tickets.view_comment{flag_sep}{flag_license_required}', - f'/root/ticket/ticket_detail/tickets.view_ticketsession{flag_sep}{flag_license_required}', - - # '/root/rbac.view_help', - f'/root/api_permission/terminal.add_session', - '/root/api_permission/terminal.add_command', - f'/root/api_permission/tickets.add_superticket{flag_sep}{flag_license_required}', - '/root/api_permission/authentication.add_superconnectiontoken', - '/root/api_permission/authentication.view_connectiontokensecret', - # ... -] diff --git a/apps/rbac/ztree/tree.py b/apps/rbac/ztree/tree.py deleted file mode 100644 index 2279135e8..000000000 --- a/apps/rbac/ztree/tree.py +++ /dev/null @@ -1,207 +0,0 @@ -import random -from collections import defaultdict -from django.utils.translation import ugettext -from common.tree import TreeNode as RawTreeNode -from django.utils.translation import gettext_lazy as _, gettext -from rbac.models import Permission, ContentType -from django.db.models import F, Count -from .permissions import permission_paths, flag_license_required, flag_sep, flag_scope_system -from .tree_nodes import permission_tree_nodes -from ..const import Scope -from jumpserver.utils import has_valid_xpack_license -from django.conf import settings - - -class TreeNode(RawTreeNode): - total_count = 0 - checked_count = 0 - app_label_codename = '' - - def mark_checked_if_need(self): - if self.isParent: - self.checked = self.total_count == self.checked_count - - def refresh_name_if_need(self): - if self.isParent: - self.name = str(self.name) + f'({self.checked_count}/{self.total_count})' - elif settings.DEBUG: - self.name = str(self.name) + f'({self.app_label_codename})' - - -class TreeNodes: - - def __init__(self): - self.tree_nodes = defaultdict(TreeNode) - - def add_node(self, data): - tree_node = self.add(data) - tree_node.total_count += 1 - - def add_leaf(self, data): - tree_node = self.add(data) - if not data['checked']: - return - - parent_node = self.tree_nodes.get(tree_node.pId) - while parent_node: - parent_node.checked_count += 1 - parent_node = self.tree_nodes.get(parent_node.pId) - - def add(self, data): - _id = data['id'] - data['name'] = data.get('name') or data['id'] - tree_node = self.tree_nodes.get(_id, TreeNode(**data)) - self.tree_nodes[tree_node.id] = tree_node - return tree_node - - def get(self): - tree_nodes = list(self.tree_nodes.values()) - for tree_node in tree_nodes: - tree_node.mark_checked_if_need() - tree_node.refresh_name_if_need() - return tree_nodes - - -class ZTree(object): - - has_valid_license = has_valid_xpack_license() - - def __init__(self, checked_permission, scope, check_disabled=False): - self.scope = scope - self.checked_permission = self.prefetch_permissions( - checked_permission - ) - self.checked_permissions_mapper = {p.id: p for p in self.checked_permission} - self.permissions = self.prefetch_permissions( - Permission.get_permissions(scope) - ) - self.permissions_mapper = {p.app_label_codename: p for p in self.permissions} - self.content_types_name_mapper = {ct.model: ct.name for ct in ContentType.objects.all()} - self.check_disabled = check_disabled - self.tree_nodes = TreeNodes() - self.show_node_level = 3 - - @staticmethod - def prefetch_permissions(permissions): - return permissions.select_related('content_type') \ - .annotate(app=F('content_type__app_label')) \ - .annotate(model=F('content_type__model')) - - def get_tree_nodes(self): - perm_paths = self.__class__.get_permission_paths(self.scope) - for perm_path in perm_paths: - self.generate_tree_nodes_by_path(perm_path) - return self.tree_nodes.get() - - def generate_tree_nodes_by_path(self, perm_path): - path, perm_app_label_codename = perm_path.rsplit('/', 1) - - # add path - path_list = path.lstrip('/').split('/') - pid = '' - for level, tree_node_id in enumerate(path_list, start=1): - name = _('Detail') if 'detail' in tree_node_id else tree_node_id - data = dict({ - 'id': tree_node_id, - 'name': name, - 'title': name, - 'pId': pid, - 'isParent': True, - 'chkDisabled': self.check_disabled, - 'open': level < self.show_node_level, - 'meta': { - 'type': 'perm', - } - }) - _data = permission_tree_nodes.get(tree_node_id, {}) - data.update(_data) - pid = data['id'] - self.tree_nodes.add_node(data) - - # add perm - if not perm_app_label_codename: - return - perm = self.permissions_mapper.get(perm_app_label_codename) - if perm: - # 解决同一个权限不能在多个节点的问题 - _id = f'{pid}#{perm.id}' - name = self._get_permission_name(perm) - checked = perm.id in self.checked_permissions_mapper - else: - # 最终不应该走这里,所有权限都要在数据库里 - _id = perm_app_label_codename - name = perm_app_label_codename - checked = False - - data = { - 'id': _id, - 'pId': pid, - 'name': name, - 'title': perm_app_label_codename, - 'chkDisabled': self.check_disabled, - 'app_label_codename': perm_app_label_codename, - 'isParent': False, - 'iconSkin': 'file', - 'open': False, - 'checked': checked, - 'meta': { - 'type': 'perm', - } - } - _data = permission_tree_nodes.get(perm_app_label_codename, {}) - data.update(_data) - self.tree_nodes.add_leaf(data) - - def _get_permission_name(self, p): - code_name = p.codename - action_mapper = { - 'add': ugettext('Create'), - 'view': ugettext('View'), - 'change': ugettext('Update'), - 'delete': ugettext('Delete') - } - name = '' - ct = '' - if 'add_' in p.codename: - name = action_mapper['add'] - ct = code_name.replace('add_', '') - elif 'view_' in p.codename: - name = action_mapper['view'] - ct = code_name.replace('view_', '') - elif 'change_' in p.codename: - name = action_mapper['change'] - ct = code_name.replace('change_', '') - elif 'delete' in code_name: - name = action_mapper['delete'] - ct = code_name.replace('delete_', '') - - if ct in self.content_types_name_mapper: - name += self.content_types_name_mapper[ct] - else: - name = gettext(p.name) - name = name.replace('Can ', '').replace('可以', '') - return name - - @classmethod - def get_permissions_app_label_codename(cls, scope): - perm_paths = cls.get_permission_paths(scope) - perms = [] - for path in perm_paths: - path, app_label_code_name = path.rsplit('/', 1) - if not app_label_code_name: - continue - perms.append(app_label_code_name) - return perms - - @classmethod - def get_permission_paths(cls, scope): - perm_paths = [] - for path in permission_paths: - if flag_sep in path: - path, flags = path.split(flag_sep) - if flag_scope_system in flags and scope == Scope.org: - continue - if flag_license_required in flags and not cls.has_valid_license: - continue - perm_paths.append(path) - return perm_paths diff --git a/apps/rbac/ztree/tree_nodes.py b/apps/rbac/ztree/tree_nodes.py deleted file mode 100644 index 3d1dacb1e..000000000 --- a/apps/rbac/ztree/tree_nodes.py +++ /dev/null @@ -1,308 +0,0 @@ -from django.utils.translation import gettext_lazy as _ - -permission_tree_nodes = { - # 节点 - 'root': { - 'name': _('All permissions'), - }, - 'view': { - 'name': _("View menu") - }, - 'view_console': { - 'name': _('Console view'), - }, - 'user_management': { - 'name': _('User management') - }, - 'user_list': { - 'name': _('User list') - }, - 'view_workspace': { - 'name': _('Workspace view') - }, - 'view_audit': { - 'name': _("Audit view") - }, - 'asset_perm': { - 'name': _('Asset permission') - }, - 'session_audits': { - 'name': _('Session audits') - }, - 'session_record': { - 'name': _('Online/Offline Session record') - }, - 'asset_management': { - 'name': _('Asset management') - }, - 'asset_list': { - 'name': _('Asset list') - }, - 'my_asset': { - 'name': _('My assets') - }, - 'my_app': { - 'name': _('My application') - }, - 'bulk_command': { - 'name': _('Bulk command') - }, - 'system_setting': { - 'name': _('System setting') - }, - 'ticket': { - 'name': _('Ticket system') - }, - 'help': { - 'name': _('Help') - }, - 'api_permission': { - 'name': _('API permission') - }, - 'app_management': { - 'name': _('Application management') - }, - 'account_management': { - 'name': _('Account management'), - }, - 'perm_management': { - 'name': _('Permission management'), - }, - 'access_control': { - 'name': _('Access control'), - }, - 'job_center': { - 'name': _('Job center'), - }, - 'session_audit': { - 'name': _('Session audit') - }, - 'log_audit': { - 'name': _('Log audit') - }, - 'user_group_list': { - 'name': _('User group') - }, - 'role_list': { - 'name': _('Role list') - }, - 'app_perm': { - 'name': _('Application permission') - }, - 'user_login_acl': { - 'name': _('User login acl') - }, - 'user_group_detail': { - 'name': _('Detail') - }, - 'permission_list': { - 'name': _('Permission list') - }, - 'node_tree': { - 'name': _('Node tree') - }, - 'cloud_sync': { - 'name': _('Cloud sync') - }, - 'sync_instance_task_list': { - 'name': _('Sync instance task list') - }, - 'account_list': { - 'name': _('Account list') - }, - 'system_user': { - 'name': _('Common/Admin User') - }, - 'system_user_asset_list': { - 'name': _('Asset list'), - }, - 'system_user_account_list': { - 'name': _('Account list') - }, - 'command_filter': { - 'name': _('Command filter') - }, - 'command_filter_rule': { - 'name': _('Command filter rule') - }, - 'platform_list': { - 'name': _('Platform list') - }, - 'label_management': { - 'name': _('Label management') - }, - 'remote_app': { - 'name': _('Remote application') - }, - 'db_app': { - 'name': _('Database application') - }, - 'k8s_app': { - 'name': _('Kubernetes') - }, - 'asset_account': { - 'name': _('Asset account') - }, - 'application_account': { - 'name': _('Application account') - }, - 'gather_user': { - 'name': _('Gathered user') - }, - 'gather_user_list': { - 'name': _('Gathered user list') - }, - 'gather_user_task_list': { - 'name': _('Gathered user task list') - }, - 'change_auth_plan': { - 'name': _('Change auth plan') - }, - 'asset_change_auth_plan': { - 'name': _('Asset change auth plan') - }, - 'app_change_auth_plan': { - 'name': _('Application change auth plan') - }, - 'account_backup': { - 'name': _('Account backup') - }, - 'asset_permission': { - 'name': _('Asset permission') - }, - 'app_permission': { - 'name': _('Application permission') - }, - 'asset_login': { - 'name': _('Asset login') - }, - 'task_list': { - 'name': _('Task list') - }, - 'command_record': { - 'name': _('Command record') - }, - 'file_transfer': { - 'name': _('File transfer') - }, - 'my_remote_app': { - 'name': _('Remote App') - }, - 'my_db_app': { - 'name': _('Database application') - }, - 'my_k8s_app': { - 'name': _('Kubernetes') - }, - 'terminal_setting': { - 'name': _('Terminal setting') - }, - 'terminal_management': { - 'name': _('Terminal management') - }, - 'command_storage': { - 'name': _('Command storage') - }, - 'replay_storage': { - 'name': _('Replay storage') - }, - 'org_management': { - 'name': _('Organization management') - }, - 'license': { - 'name': _('License') - }, - - # 权限 - 'rbac.view_permission': { - 'name': _('View all permission') - }, - 'domain_list': { - 'name': _('Domain list') - }, - 'gateway_list': { - 'name': _('Gateway list') - }, - 'org_role': { - 'name': _('Organization role') - }, - 'system_role': { - 'name': _('System role') - }, - 'xpack.add_gatherusertaskexecution': { - 'name': _('Run gather user task') - }, - 'xpack.add_changeauthplanexecution': { - 'name': _('Run asset change auth plan') - }, - 'xpack.add_applicationchangeauthplanexecution': { - 'name': _('Run application change auth plan') - }, - 'assets.add_accountbackupplanexecution': { - 'name': _('Run account backup plan') - }, - 'ops.add_adhocexecution': { - 'name': _('Run task') - }, - 'ops.view_adhoc': { - 'name': _('View task version') - }, - 'ops.view_adhocexecution': { - 'name': _('View execution history') - }, - 'ops.add_commandexecution': { - 'name': _('Bulk command') - }, - 'notifications.view_sitemessage': { - 'name': _('Site message') - }, - 'notifications.change_systemmsgsubscription': { - 'name': _('Message subscription') - }, - 'terminal.view_status': { - 'name': _('Component monitor') - }, - 'tickets.view_ticket': { - 'name': _('View my/assigned ticket') - }, - 'tickets.add_ticket': { - 'name': _('Create asset/application ticket') - }, - 'tickets.change_ticket': { - 'name': _('Change/close ticket') - }, - 'assets.match_asset': { - 'name': _('View some of the assets searched') - }, - 'rbac.view_workspace': { - 'checked': True, - 'chkDisabled': True, - }, - 'rbac.view_overview': { - 'name': _('Overview'), - 'checked': True, - 'chkDisabled': True, - }, - 'rbac.view_orgrolebinding': { - 'name': _('View permission user') - }, - 'rbac.add_orgrolebinding': { - 'name': _('Add user to role') - }, - 'rbac.delete_orgrolebinding': { - 'name': _('Remove user from role') - }, - 'rbac.view_systemrolebinding': { - 'name': _('View permission user') - }, - 'rbac.add_systemrolebinding': { - 'name': _('Add user to role') - }, - 'rbac.delete_systemrolebinding': { - 'name': _('Remove user from role') - }, - 'xpack.add_syncinstancetaskexecution': { - 'name': _('Run sync instance task') - } - -}