github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

fix(perms): 用户授权树bug

pull/4739/head
xinwen 2020-09-29 17:13:32 +08:00 committed by 老广
parent 3ccf32ed48
commit 3af0e68c84
5 changed files with 49 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
apps/assets/serializers/system_user.py
View File

@ -229,15 +229,8 @@ class SystemUserNodeRelationSerializer(RelationMixin, serializers.ModelSerialize
'id', 'node', "node_display", 'id', 'node', "node_display",
] ]
def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs)
self.tree = Node.tree()
def get_node_display(self, obj): def get_node_display(self, obj):
if hasattr(obj, 'node_key'): return obj.node.full_value
return self.tree.get_node_full_tag(obj.node_key)
else:
return obj.node.full_value
class SystemUserUserRelationSerializer(RelationMixin, serializers.ModelSerializer): class SystemUserUserRelationSerializer(RelationMixin, serializers.ModelSerializer):

4
apps/perms/api/user_permission/mixin.py
View File

@ -11,8 +11,8 @@ from perms.models import UserGrantedMappingNode
class UserNodeGrantStatusDispatchMixin: class UserNodeGrantStatusDispatchMixin:
@staticmethod @staticmethod
def get_mapping_node_by_key(key): def get_mapping_node_by_key(key, user):
return UserGrantedMappingNode.objects.get(key=key) return UserGrantedMappingNode.objects.get(key=key, user=user)
def dispatch_get_data(self, key, user): def dispatch_get_data(self, key, user):
status = UserGrantedMappingNode.get_node_granted_status(key, user) status = UserGrantedMappingNode.get_node_granted_status(key, user)

2
apps/perms/api/user_permission/user_permission_assets.py
View File

@ -130,7 +130,7 @@ class UserGrantedNodeAssetsApi(UserNodeGrantStatusDispatchMixin, ListAPIView):
return Node.get_node_all_assets_by_key_v2(key) return Node.get_node_all_assets_by_key_v2(key)
def get_data_on_node_indirect_granted(self, key): def get_data_on_node_indirect_granted(self, key):
self.pagination_node = self.get_mapping_node_by_key(key) self.pagination_node = self.get_mapping_node_by_key(key, self.user)
return get_node_all_granted_assets(self.user, key) return get_node_all_granted_assets(self.user, key)
def get_data_on_node_not_granted(self, key): def get_data_on_node_not_granted(self, key):

21
apps/perms/signals_handler.py
View File

@ -1,16 +1,13 @@
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
# #
from itertools import chain
from django.db.models.signals import m2m_changed, pre_delete, pre_save from django.db.models.signals import m2m_changed, pre_delete, pre_save
from django.dispatch import receiver from django.dispatch import receiver
from django.db.models import Q from perms.tasks import create_rebuild_user_tree_task, \
create_rebuild_user_tree_task_by_related_nodes_or_assets
from perms.tasks import create_rebuild_user_tree_task
from users.models import User, UserGroup from users.models import User, UserGroup
from assets.models import Asset from assets.models import Asset
from common.utils import get_logger, get_object_or_none from common.utils import get_logger
from common.exceptions import M2MReverseNotAllowed from common.exceptions import M2MReverseNotAllowed
from common.const.signals import POST_ADD, POST_REMOVE, POST_CLEAR from common.const.signals import POST_ADD, POST_REMOVE, POST_CLEAR
from .models import AssetPermission, RemoteAppPermission from .models import AssetPermission, RemoteAppPermission
@ -203,15 +200,9 @@ def on_node_asset_change(action, instance, reverse, pk_set, **kwargs):
if reverse: if reverse:
asset_pk_set = pk_set asset_pk_set = pk_set
node_pk_set = [instance.id]
else: else:
asset_pk_set = [instance.id] asset_pk_set = [instance.id]
node_pk_set = pk_set
user_ap_query_name = AssetPermission.users.field.related_query_name() create_rebuild_user_tree_task_by_related_nodes_or_assets.delay(node_pk_set, asset_pk_set)
group_ap_query_name = AssetPermission.user_groups.field.related_query_name()
user_ap_q = Q(**{f'{user_ap_query_name}__assets__id__in': asset_pk_set})
group_ap_q = Q(**{f'groups__{group_ap_query_name}__assets__id__in': asset_pk_set})
from_user_ids = User.objects.filter(user_ap_q).values_list('id', flat=True)
from_group_ids = User.objects.filter(group_ap_q).values_list('id', flat=True)
create_rebuild_user_tree_task(chain(from_user_ids, from_group_ids))

39
apps/perms/tasks.py
View File

@ -9,6 +9,7 @@ from celery import shared_task
from common.utils import get_logger from common.utils import get_logger
from common.utils.timezone import now, dt_formater, dt_parser from common.utils.timezone import now, dt_formater, dt_parser
from users.models import User from users.models import User
from assets.models import Node
from perms.models import RebuildUserTreeTask, AssetPermission from perms.models import RebuildUserTreeTask, AssetPermission
from perms.utils.user_asset_permission import rebuild_user_mapping_nodes_if_need_with_lock, lock from perms.utils.user_asset_permission import rebuild_user_mapping_nodes_if_need_with_lock, lock
@ -81,3 +82,41 @@ def create_rebuild_user_tree_task(user_ids):
[RebuildUserTreeTask(user_id=i) for i in user_ids] [RebuildUserTreeTask(user_id=i) for i in user_ids]
) )
transaction.on_commit(dispatch_mapping_node_tasks.delay) transaction.on_commit(dispatch_mapping_node_tasks.delay)
@shared_task(queue='node_tree')
def create_rebuild_user_tree_task_by_related_nodes_or_assets(node_ids, asset_ids):
node_ids = set(node_ids)
node_keys = set()
nodes = Node.objects.filter(id__in=node_ids)
for _node in nodes:
node_keys.update(_node.get_ancestor_keys())
node_ids.update(
Node.objects.filter(key__in=node_keys).values_list('id', flat=True)
)
asset_perm_ids = set()
asset_perm_ids.update(
AssetPermission.objects.filter(
assets__id__in=asset_ids
).values_list('id', flat=True).distinct()
)
asset_perm_ids.update(
AssetPermission.objects.filter(
nodes__id__in=node_ids
).values_list('id', flat=True).distinct()
)
user_ids = set()
user_ids.update(
User.objects.filter(
assetpermissions__id__in=asset_perm_ids
).distinct().values_list('id', flat=True)
)
user_ids.update(
User.objects.filter(
groups__assetpermissions__id__in=asset_perm_ids
).distinct().values_list('id', flat=True)
)
create_rebuild_user_tree_task(user_ids)