feat: 完成用户、用户组对于授权账号的API获取

2 years ago · 4a1aeefb82
4 changed files with 82 additions and 29 deletions
--- a/apps/perms/api/user_group_permission.py
+++ b/apps/perms/api/user_group_permission.py
@ -20,6 +20,7 @@ __all__ = [
    'UserGroupGrantedNodeAssetsApi',
    'UserGroupGrantedNodeChildrenAsTreeApi',
    'UserGroupGrantedAssetSystemUsersApi',
+    'UserGroupGrantedAssetAccountsApi',
 ]


@ -203,3 +204,17 @@ class UserGroupGrantedNodeChildrenAsTreeApi(SerializeToTreeNodeMixin, ListAPIVie
 class UserGroupGrantedAssetSystemUsersApi(UserGroupMixin, uapi.UserGrantedAssetSystemUsersForAdminApi):
    def get_asset_system_user_ids_with_actions(self, asset):
        return get_asset_system_user_ids_with_actions_by_group(self.group, asset)
+
+
+class UserGroupGrantedAssetAccountsApi(uapi.UserGrantedAssetAccountsApi):
+
+    @lazyproperty
+    def user_group(self):
+        group_id = self.kwargs.get('pk')
+        return UserGroup.objects.get(id=group_id)
+
+    def get_queryset(self):
+        accounts = AssetPermission.get_perm_asset_accounts(
+            user_group=self.user_group, asset=self.asset
+        )
+        return accounts
--- a/apps/perms/api/user_permission/common.py
+++ b/apps/perms/api/user_permission/common.py
@ -30,8 +30,10 @@ __all__ = [
    'ValidateUserAssetPermissionApi',
    'GetUserAssetPermissionActionsApi',
    'MyGrantedAssetSystemUsersApi',
-    'UserGrantedAssetAccounts',
-    'MyGrantedAssetAccounts',
+    'UserGrantedAssetAccountsApi',
+    'MyGrantedAssetAccountsApi',
+    'UserGrantedAssetSpecialAccountsApi',
+    'MyGrantedAssetSpecialAccountsApi',
 ]


@ -143,7 +145,7 @@ class MyGrantedAssetSystemUsersApi(UserGrantedAssetSystemUsersForAdminApi):
        return self.request.user


-class UserGrantedAssetAccounts(ListAPIView):
+class UserGrantedAssetAccountsApi(ListAPIView):
    serializer_class = serializers.AccountsGrantedSerializer
    rbac_perms = {
        'list': 'perms.view_userassets'
@ -162,22 +164,40 @@ class UserGrantedAssetAccounts(ListAPIView):
        return asset

    def get_queryset(self):
-        accounts = AssetPermission.get_user_perm_asset_accounts(
-            self.user, self.asset, with_actions=True
-        )
+        accounts = AssetPermission.get_perm_asset_accounts(user=self.user, asset=self.asset)
        return accounts
-        # @INPUT @USER
-        # inner_accounts = [
-        #     Account.get_input_account(), Account.get_user_account(self.user.username)
-        # ]
-        # for inner_account in inner_accounts:
-        #     inner_account.actions = Action.ALL
-        # accounts = accounts + inner_accounts
+
+
+class MyGrantedAssetAccountsApi(UserGrantedAssetAccountsApi):
+    permission_classes = (IsValidUser,)
+
+    @lazyproperty
+    def user(self):
+        return self.request.user
+
+
+class UserGrantedAssetSpecialAccountsApi(ListAPIView):
+    serializer_class = serializers.AccountsGrantedSerializer
+    rbac_perms = {
+        'list': 'perms.view_userassets'
+    }
+
+    @lazyproperty
+    def user(self):
+        return self.request.user
+
+    def get_queryset(self):
        # 构造默认包含的账号，如: @INPUT @USER
-        # return accounts
+        accounts = [
+            Account.get_input_account(),
+            Account.get_user_account(self.user.username)
+        ]
+        for account in accounts:
+            account.actions = Action.ALL
+        return accounts


-class MyGrantedAssetAccounts(UserGrantedAssetAccounts):
+class MyGrantedAssetSpecialAccountsApi(UserGrantedAssetSpecialAccountsApi):
    permission_classes = (IsValidUser,)

    @lazyproperty
--- a/apps/perms/models/asset_permission.py
+++ b/apps/perms/models/asset_permission.py
@ -225,10 +225,10 @@ class AssetPermission(OrgModelMixin):
        return accounts

    @classmethod
-    def get_user_perm_asset_accounts(cls, user, asset: Asset, with_actions=False):
-        perms = cls.filter(user, asset)
-        all_account_names = cls.retrieve_account_names(perms)
-        accounts = asset.filter_accounts(all_account_names)
+    def get_perm_asset_accounts(cls, user=None, user_group=None, asset=None, with_actions=True):
+        perms = cls.filter(user=user, user_group=user_group, asset=asset)
+        account_names = cls.retrieve_account_names(perms)
+        accounts = asset.filter_accounts(account_names)
        if with_actions:
            cls.set_accounts_actions(accounts, perms=perms)
        return accounts
@ -257,15 +257,20 @@ class AssetPermission(OrgModelMixin):
        return account_names

    @classmethod
-    def filter(cls, user=None, asset=None, account_names=None):
-        """ 获取同时包含 用户-资产-账号 的授权规则 """
+    def filter(cls, user=None, user_group=None, asset=None, account_names=None):
+        """ 获取同时包含 用户(组)-资产-账号 的授权规则 """
        perm_ids = []
        if user:
-            user_assetperm_ids = cls.filter_by_user(user, flat=True)
-            perm_ids.append(user_assetperm_ids)
+            user_perm_ids = cls.filter_by_user(user, flat=True)
+            perm_ids.append(user_perm_ids)
+
+        if user_group:
+            user_group_perm_ids = cls.filter_by_user_group(user_group, flat=True)
+            perm_ids.append(user_group_perm_ids)
+
        if asset:
-            asset_assetperm_ids = cls.filter_by_asset(asset, flat=True)
-            perm_ids.append(asset_assetperm_ids)
+            asset_perm_ids = cls.filter_by_asset(asset, flat=True)
+            perm_ids.append(asset_perm_ids)
        # & 是同时满足，比如有用户，但是用户的规则是空，那么返回也应该是空
        perm_ids = list(reduce(lambda x, y: set(x) & set(y), perm_ids))
        perms = cls.objects.filter(id__in=perm_ids)
@ -291,6 +296,16 @@ class AssetPermission(OrgModelMixin):
        perms = cls.objects.filter(id__in=perm_ids).valid()
        return perms

+    @classmethod
+    def filter_by_user_group(cls, user_group, flat=False):
+        perm_ids = AssetPermission.user_groups.through.objects.filter(
+            usergroup_id=user_group
+        ).values_list('assetpermission_id', flat=True)
+        if flat:
+            return set(perm_ids)
+        perms = cls.objects.filter(id__in=perm_ids).valid()
+        return perms
+
    @classmethod
    def filter_by_asset(cls, asset, with_node=True, flat=False):
        perm_ids = set()
--- a/apps/perms/urls/asset_permission.py
+++ b/apps/perms/urls/asset_permission.py
@ -65,10 +65,13 @@ user_permission_urlpatterns = [
    path('<uuid:pk>/assets/<uuid:asset_id>/system-users/', api.UserGrantedAssetSystemUsersForAdminApi.as_view(), name='user-asset-system-users'),
    path('assets/<uuid:asset_id>/system-users/', api.MyGrantedAssetSystemUsersApi.as_view(), name='my-asset-system-users'),

-    # Todo: v3 增加
+    # Todo: v3 增加 Done.
    # 获取所有和资产-用户关联的账号列表
-    path('<uuid:pk>/assets/<uuid:asset_id>/accounts/', api.UserGrantedAssetAccounts.as_view(), name='user-asset-accounts'),
-    path('assets/<uuid:asset_id>/accounts/', api.MyGrantedAssetAccounts.as_view(), name='my-asset-accounts')
+    path('<uuid:pk>/assets/<uuid:asset_id>/accounts/', api.UserGrantedAssetAccountsApi.as_view(), name='user-asset-accounts'),
+    path('assets/<uuid:asset_id>/accounts/', api.MyGrantedAssetAccountsApi.as_view(), name='my-asset-accounts'),
+    # 用户登录资产的特殊账号, @INPUT, @USER 等
+    path('<uuid:pk>/assets/special-accounts/', api.UserGrantedAssetSpecialAccountsApi.as_view(), name='user-special-accounts'),
+    path('/assets/special-accounts/', api.MyGrantedAssetSpecialAccountsApi.as_view(), name='my-special-accounts'),
 ]

 user_group_permission_urlpatterns = [
@ -83,7 +86,7 @@ user_group_permission_urlpatterns = [
    path('<uuid:pk>/assets/<uuid:asset_id>/system-users/', api.UserGroupGrantedAssetSystemUsersApi.as_view(), name='user-group-asset-system-users'),
    # Todo: v3 增加
    # 获取所有和资产-用户组关联的账号列表
-    path('<uuid:pk>/assets/<uuid:asset_id>/accounts/', api.UserGrantedAssetAccounts.as_view(), name='user-asset-accounts'),
+    path('<uuid:pk>/assets/<uuid:asset_id>/accounts/', api.UserGroupGrantedAssetAccountsApi.as_view(), name='user-group-asset-accounts'),
 ]

 permission_urlpatterns = [