diff --git a/apps/perms/api/user_permission/accounts.py b/apps/perms/api/user_permission/accounts.py index 257ff8c31..31f73d037 100644 --- a/apps/perms/api/user_permission/accounts.py +++ b/apps/perms/api/user_permission/accounts.py @@ -1,7 +1,7 @@ from django.shortcuts import get_object_or_404 from rest_framework.generics import ListAPIView, get_object_or_404 -from common.utils import get_logger +from common.utils import get_logger, lazyproperty from perms import serializers from perms.hands import Asset from perms.utils import PermAccountUtil @@ -16,11 +16,8 @@ __all__ = [ class UserGrantedAssetAccountsApi(SelfOrPKUserMixin, ListAPIView): serializer_class = serializers.AccountsGrantedSerializer - rbac_perms = ( - ('GET', 'perms.view_userassets'), - ('list', 'perms.view_userassets'), - ) + @lazyproperty def asset(self): asset_id = self.kwargs.get('asset_id') kwargs = {'id': asset_id, 'is_active': True} diff --git a/apps/perms/api/user_permission/mixin.py b/apps/perms/api/user_permission/mixin.py index 510ed9f1a..9ff8ed0f1 100644 --- a/apps/perms/api/user_permission/mixin.py +++ b/apps/perms/api/user_permission/mixin.py @@ -2,8 +2,11 @@ # from django.shortcuts import get_object_or_404 from rest_framework.request import Request +from django.utils.translation import ugettext_lazy as _ from common.http import is_true +from common.utils import is_uuid +from common.exceptions import JMSObjectDoesNotExist from common.mixins.api import RoleAdminMixin, RoleUserMixin from perms.utils.user_permission import UserGrantedTreeRefreshController from rbac.permissions import RBACPermission @@ -43,6 +46,12 @@ class SelfOrPKUserMixin: request: Request permission_classes = (RBACPermission,) + def get_rbac_perms(self): + if self.request_user_is_self(): + return self.self_rbac_perms + else: + return self.admin_rbac_perms + @property def self_rbac_perms(self): return ( @@ -61,18 +70,15 @@ class SelfOrPKUserMixin: ('GET', 'perms.view_userassets'), ) - def get_rbac_perms(self): - if self.request_user_is_self(): - return self.self_rbac_perms - else: - return self.admin_rbac_perms - - def request_user_is_self(self): - return self.kwargs.get('user') in ['my', 'self'] - @property def user(self): if self.request_user_is_self(): - return self.request.user + user = self.request.user + elif is_uuid(self.kwargs.get('user')): + user = get_object_or_404(User, pk=self.kwargs.get('user')) else: - return get_object_or_404(User, pk=self.kwargs.get('user')) + raise JMSObjectDoesNotExist(object_name=_('User')) + return user + + def request_user_is_self(self): + return self.kwargs.get('user') in ['my', 'self'] diff --git a/apps/perms/utils/account.py b/apps/perms/utils/account.py index baaedb8fc..1ce1504b0 100644 --- a/apps/perms/utils/account.py +++ b/apps/perms/utils/account.py @@ -9,6 +9,12 @@ __all__ = ['PermAccountUtil'] class PermAccountUtil(AssetPermissionUtil): """ 资产授权账号相关的工具 """ + def get_permed_accounts_for_user(self, user, asset): + """ 获取授权给用户某个资产的账号 """ + perms = self.get_permissions_for_user_asset(user, asset) + permed_accounts = self.get_permed_accounts_from_perms(perms, user, asset) + return permed_accounts + @staticmethod def get_permed_accounts_from_perms(perms, user, asset): alias_action_bit_mapper = defaultdict(int) @@ -55,12 +61,6 @@ class PermAccountUtil(AssetPermissionUtil): accounts.append(account) return accounts - def get_permed_accounts_for_user(self, user, asset): - """ 获取授权给用户某个资产的账号 """ - perms = self.get_permissions_for_user_asset(user, asset) - permed_accounts = self.get_permed_accounts_from_perms(perms, user, asset) - return permed_accounts - @staticmethod def get_accounts_for_permission(perm, with_actions=False): """ 获取授权规则包含的账号 """