github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

fix(perms): 作业中心-批量命令-选择系统用户之后,左侧资产列表未筛选,还是全部资产

pull/5024/head
xinwen 2020-11-17 18:27:09 +08:00 committed by 老广
parent 31cd441a34
commit 3e78d627f8
4 changed files with 139 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
apps/assets/models/favorite_asset.py
View File

@ -20,9 +20,13 @@ class FavoriteAsset(CommonModelMixin):
return cls.objects.filter(user=user).values_list('asset', flat=True) return cls.objects.filter(user=user).values_list('asset', flat=True)
@classmethod @classmethod
def get_user_favorite_assets(cls, user): def get_user_favorite_assets(cls, user, asset_perms_id=None):
from assets.models import Asset from assets.models import Asset
from perms.utils.asset.user_permission import get_user_granted_all_assets from perms.utils.asset.user_permission import get_user_granted_all_assets
asset_ids = get_user_granted_all_assets(user).values_list('id', flat=True) asset_ids = get_user_granted_all_assets(
user,
via_mapping_node=False,
asset_perms_id=asset_perms_id
).values_list('id', flat=True)
query_name = cls.asset.field.related_query_name() query_name = cls.asset.field.related_query_name()
return Asset.org_objects.filter(**{f'{query_name}__user_id': user.id}, id__in=asset_ids).distinct() return Asset.org_objects.filter(**{f'{query_name}__user_id': user.id}, id__in=asset_ids).distinct()

11
apps/perms/api/asset/user_permission/user_permission_nodes.py
View File

@ -1,6 +1,7 @@
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
# #
import abc import abc
from django.conf import settings
from rest_framework.generics import ( from rest_framework.generics import (
ListAPIView ListAPIView
) )
@ -16,7 +17,8 @@ from perms.utils.asset.user_permission import (
get_indirect_granted_node_children, get_indirect_granted_node_children,
get_user_granted_nodes_list_via_mapping_node, get_user_granted_nodes_list_via_mapping_node,
get_top_level_granted_nodes, get_top_level_granted_nodes,
rebuild_user_tree_if_need, rebuild_user_tree_if_need, get_favorite_node,
get_ungrouped_node
) )
@ -113,7 +115,12 @@ class UserGrantedNodesMixin:
user: User user: User
def get_nodes(self): def get_nodes(self):
return get_user_granted_nodes_list_via_mapping_node(self.user) nodes = []
if settings.PERM_SINGLE_ASSET_TO_UNGROUP_NODE:
nodes.append(get_ungrouped_node(self.user))
nodes.append(get_favorite_node(self.user))
nodes.extend(get_user_granted_nodes_list_via_mapping_node(self.user))
return nodes
# ------------------------------------------ # ------------------------------------------

111
apps/perms/api/asset/user_permission/user_permission_nodes_with_assets.py
View File

@ -1,9 +1,12 @@
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
# #
from itertools import chain
from rest_framework.generics import ListAPIView from rest_framework.generics import ListAPIView
from rest_framework.request import Request from rest_framework.request import Request
from rest_framework.response import Response from rest_framework.response import Response
from django.db.models import F from django.db.models import F, Value, CharField, Q
from django.conf import settings
from orgs.utils import tmp_to_root_org from orgs.utils import tmp_to_root_org
from common.permissions import IsValidUser from common.permissions import IsValidUser
@ -14,9 +17,12 @@ from perms.utils.asset.user_permission import (
get_user_direct_granted_assets, get_top_level_granted_nodes, get_user_direct_granted_assets, get_top_level_granted_nodes,
get_user_granted_nodes_list_via_mapping_node, get_user_granted_nodes_list_via_mapping_node,
get_user_granted_all_assets, rebuild_user_tree_if_need, get_user_granted_all_assets, rebuild_user_tree_if_need,
get_user_all_assetpermissions_id, get_user_all_assetpermissions_id, get_favorite_node,
get_ungrouped_node, compute_tmp_mapping_node_from_perm,
TMP_GRANTED_FIELD, count_direct_granted_node_assets,
count_node_all_granted_assets
) )
from perms.models import AssetPermission
from assets.models import Asset, FavoriteAsset from assets.models import Asset, FavoriteAsset
from assets.api import SerializeToTreeNodeMixin from assets.api import SerializeToTreeNodeMixin
from perms.hands import Node from perms.hands import Node
@ -27,6 +33,78 @@ logger = get_logger(__name__)
class MyGrantedNodesWithAssetsAsTreeApi(SerializeToTreeNodeMixin, ListAPIView): class MyGrantedNodesWithAssetsAsTreeApi(SerializeToTreeNodeMixin, ListAPIView):
permission_classes = (IsValidUser,) permission_classes = (IsValidUser,)
def add_ungrouped_resource(self, data: list, user, asset_perms_id):
if not settings.PERM_SINGLE_ASSET_TO_UNGROUP_NODE:
return
ungrouped_node = get_ungrouped_node(user, asset_perms_id=asset_perms_id)
direct_granted_assets = get_user_direct_granted_assets(
user, asset_perms_id=asset_perms_id
).annotate(
parent_key=Value(ungrouped_node.key, output_field=CharField())
).prefetch_related('platform')
data.extend(self.serialize_nodes([ungrouped_node], with_asset_amount=True))
data.extend(self.serialize_assets(direct_granted_assets))
def add_favorite_resource(self, data: list, user, asset_perms_id):
favorite_node = get_favorite_node(user, asset_perms_id)
favorite_assets = FavoriteAsset.get_user_favorite_assets(
user, asset_perms_id=asset_perms_id
).annotate(
parent_key=Value(favorite_node.key, output_field=CharField())
).prefetch_related('platform')
data.extend(self.serialize_nodes([favorite_node], with_asset_amount=True))
data.extend(self.serialize_assets(favorite_assets))
def add_node_filtered_by_system_user(self, data: list, user, asset_perms_id):
tmp_nodes = compute_tmp_mapping_node_from_perm(user, asset_perms_id=asset_perms_id)
granted_nodes_key = []
for _node in tmp_nodes:
_granted = getattr(_node, TMP_GRANTED_FIELD, False)
if not _granted:
if settings.PERM_SINGLE_ASSET_TO_UNGROUP_NODE:
assets_amount = count_direct_granted_node_assets(user, _node.key, asset_perms_id)
else:
assets_amount = count_node_all_granted_assets(user, _node.key, asset_perms_id)
_node.assets_amount = assets_amount
else:
granted_nodes_key.append(_node.key)
# 查询他们的子节点
q = Q()
for _key in granted_nodes_key:
q |= Q(key__startswith=f'{_key}:')
if q:
descendant_nodes = Node.objects.filter(q).distinct()
else:
descendant_nodes = Node.objects.none()
data.extend(self.serialize_nodes(chain(tmp_nodes, descendant_nodes), with_asset_amount=True))
def add_assets(self, data: list, user, asset_perms_id):
if settings.PERM_SINGLE_ASSET_TO_UNGROUP_NODE:
all_assets = get_user_granted_all_assets(
user,
via_mapping_node=False,
include_direct_granted_assets=False,
asset_perms_id=asset_perms_id
)
else:
all_assets = get_user_granted_all_assets(
user,
via_mapping_node=False,
include_direct_granted_assets=True,
asset_perms_id=asset_perms_id
)
all_assets = all_assets.annotate(
parent_key=F('nodes__key')
).prefetch_related('platform')
data.extend(self.serialize_assets(all_assets))
@tmp_to_root_org() @tmp_to_root_org()
def list(self, request: Request, *args, **kwargs): def list(self, request: Request, *args, **kwargs):
""" """
@ -38,16 +116,25 @@ class MyGrantedNodesWithAssetsAsTreeApi(SerializeToTreeNodeMixin, ListAPIView):
""" """
user = request.user user = request.user
rebuild_user_tree_if_need(request, user) data = []
all_nodes = get_user_granted_nodes_list_via_mapping_node(user) asset_perms_id = get_user_all_assetpermissions_id(user)
all_assets = get_user_granted_all_assets(user)
all_assets = all_assets.annotate(parent_key=F('nodes__key'))
all_assets = all_assets.prefetch_related('platform')
data = [ system_user_id = request.query_params.get('system_user')
*self.serialize_nodes(all_nodes, with_asset_amount=True), if system_user_id:
*self.serialize_assets(all_assets) asset_perms_id = list(AssetPermission.objects.valid().filter(
] id__in=asset_perms_id, system_users__id=system_user_id, actions__gt=0
).values_list('id', flat=True).distinct())
self.add_ungrouped_resource(data, user, asset_perms_id)
self.add_favorite_resource(data, user, asset_perms_id)
if system_user_id:
self.add_node_filtered_by_system_user(data, user, asset_perms_id)
else:
all_nodes = get_user_granted_nodes_list_via_mapping_node(user)
data.extend(self.serialize_nodes(all_nodes, with_asset_amount=True))
self.add_assets(data, user, asset_perms_id)
return Response(data=data) return Response(data=data)

32
apps/perms/utils/asset/user_permission.py
View File

@ -311,8 +311,12 @@ def get_user_granted_nodes_list_via_mapping_node(user):
return all_nodes return all_nodes
def get_user_granted_all_assets(user, via_mapping_node=True): def get_user_granted_all_assets(
user, via_mapping_node=True,
include_direct_granted_assets=True, asset_perms_id=None):
if asset_perms_id is None:
asset_perms_id = get_user_all_assetpermissions_id(user) asset_perms_id = get_user_all_assetpermissions_id(user)
if via_mapping_node: if via_mapping_node:
granted_node_keys = UserGrantedMappingNode.objects.filter( granted_node_keys = UserGrantedMappingNode.objects.filter(
user=user, granted=True, user=user, granted=True,
@ -328,10 +332,16 @@ def get_user_granted_all_assets(user, via_mapping_node=True):
granted_node_q |= Q(nodes__key__startswith=f'{_key}:') granted_node_q |= Q(nodes__key__startswith=f'{_key}:')
granted_node_q |= Q(nodes__key=_key) granted_node_q |= Q(nodes__key=_key)
if include_direct_granted_assets:
assets__id = get_user_direct_granted_assets(user, asset_perms_id).values_list('id', flat=True) assets__id = get_user_direct_granted_assets(user, asset_perms_id).values_list('id', flat=True)
q = granted_node_q | Q(id__in=list(assets__id)) q = granted_node_q | Q(id__in=list(assets__id))
else:
q = granted_node_q
if q:
return Asset.org_objects.filter(q).distinct() return Asset.org_objects.filter(q).distinct()
else:
return Asset.org_objects.none()
def get_node_all_granted_assets(user: User, key): def get_node_all_granted_assets(user: User, key):
@ -484,13 +494,15 @@ def get_user_direct_granted_assets(user, asset_perms_id=None):
return assets return assets
def count_user_direct_granted_assets(user): def count_user_direct_granted_assets(user, asset_perms_id=None):
count = get_user_direct_granted_assets(user).values_list('id').count() count = get_user_direct_granted_assets(
user, asset_perms_id=asset_perms_id
).values_list('id').count()
return count return count
def get_ungrouped_node(user): def get_ungrouped_node(user, asset_perms_id=None):
assets_amount = count_user_direct_granted_assets(user) assets_amount = count_user_direct_granted_assets(user, asset_perms_id)
return Node( return Node(
id=UNGROUPED_NODE_KEY, id=UNGROUPED_NODE_KEY,
key=UNGROUPED_NODE_KEY, key=UNGROUPED_NODE_KEY,
@ -499,10 +511,10 @@ def get_ungrouped_node(user):
) )
def get_favorite_node(user): def get_favorite_node(user, asset_perms_id=None):
assets_amount = FavoriteAsset.get_user_favorite_assets(user)\ assets_amount = FavoriteAsset.get_user_favorite_assets(
.values_list('id')\ user, asset_perms_id=asset_perms_id
.count() ).values_list('id').count()
return Node( return Node(
id=FAVORITE_NODE_KEY, id=FAVORITE_NODE_KEY,
key=FAVORITE_NODE_KEY, key=FAVORITE_NODE_KEY,