github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

feat: 修改获取用户-资产授权的账号列表目录结构;

pull/9023/head
Jiangjie.Bai 2022-11-04 18:46:49 +08:00
parent ba1ce5fadb
commit 5447ee6c39
5 changed files with 81 additions and 92 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
apps/perms/api/user_permission/__init__.py
View File

@ -1,6 +1,5 @@
# -*- coding: utf-8 -*-
#
from .common import *
from .nodes import *
from .assets import *
from .nodes_with_assets import *

82
apps/perms/api/user_permission/accounts.py
View File

@ -1,13 +1,29 @@
from rest_framework import generics
from django.shortcuts import get_object_or_404
from rest_framework.generics import ListAPIView, get_object_or_404
from common.permissions import IsValidUser
from common.utils import get_logger, lazyproperty
from assets.serializers import AccountSerializer
from perms.utils.account import PermAccountUtil
from perms.hands import User, Asset, Account
from perms import serializers
from perms.models import Action
from perms.utils import PermAccountUtil
from .mixin import RoleAdminMixin, RoleUserMixin
__all__ = ['UserAllGrantedAccountsApi', 'MyAllGrantedAccountsApi']
logger = get_logger(__name__)
class UserAllGrantedAccountsApi(RoleAdminMixin, generics.ListAPIView):
__all__ = [
'UserAllGrantedAccountsApi',
'MyAllGrantedAccountsApi',
'UserGrantedAssetAccountsApi',
'MyGrantedAssetAccountsApi',
'UserGrantedAssetSpecialAccountsApi',
'MyGrantedAssetSpecialAccountsApi',
]
class UserAllGrantedAccountsApi(RoleAdminMixin, ListAPIView):
""" 授权给用户的所有账号列表 """
serializer_class = AccountSerializer
filterset_fields = ("name", "username", "privileged", "version")
@ -22,3 +38,59 @@ class UserAllGrantedAccountsApi(RoleAdminMixin, generics.ListAPIView):
class MyAllGrantedAccountsApi(RoleUserMixin, UserAllGrantedAccountsApi):
""" 授权给我的所有账号列表 """
pass
class UserGrantedAssetAccountsApi(ListAPIView):
serializer_class = serializers.AccountsGrantedSerializer
@lazyproperty
def user(self) -> User:
user_id = self.kwargs.get('pk')
return User.objects.get(id=user_id)
@lazyproperty
def asset(self):
asset_id = self.kwargs.get('asset_id')
kwargs = {'id': asset_id, 'is_active': True}
asset = get_object_or_404(Asset, **kwargs)
return asset
def get_queryset(self):
accounts = PermAccountUtil().get_perm_accounts_for_user_asset(
self.user, self.asset, with_actions=True
)
return accounts
class MyGrantedAssetAccountsApi(UserGrantedAssetAccountsApi):
permission_classes = (IsValidUser,)
@lazyproperty
def user(self):
return self.request.user
class UserGrantedAssetSpecialAccountsApi(ListAPIView):
serializer_class = serializers.AccountsGrantedSerializer
@lazyproperty
def user(self):
return self.request.user
def get_queryset(self):
# 构造默认包含的账号,如: @INPUT @USER
accounts = [
Account.get_input_account(),
Account.get_user_account(self.user.username)
]
for account in accounts:
account.actions = Action.ALL
return accounts
class MyGrantedAssetSpecialAccountsApi(UserGrantedAssetSpecialAccountsApi):
permission_classes = (IsValidUser,)
@lazyproperty
def user(self):
return self.request.user

84
apps/perms/api/user_permission/common.py
View File

@ -1,84 +0,0 @@
# -*- coding: utf-8 -*-
#
from django.shortcuts import get_object_or_404
from rest_framework.generics import (
ListAPIView, get_object_or_404
)
from common.permissions import IsValidUser
from common.utils import get_logger, lazyproperty
from perms.hands import User, Asset, Account
from perms import serializers
from perms.models import Action
from perms.utils import PermAccountUtil
logger = get_logger(__name__)
__all__ = [
'UserGrantedAssetAccountsApi',
'MyGrantedAssetAccountsApi',
'UserGrantedAssetSpecialAccountsApi',
'MyGrantedAssetSpecialAccountsApi',
]
class UserGrantedAssetAccountsApi(ListAPIView):
serializer_class = serializers.AccountsGrantedSerializer
rbac_perms = {
'list': 'perms.view_userassets'
}
@lazyproperty
def user(self) -> User:
user_id = self.kwargs.get('pk')
return User.objects.get(id=user_id)
@lazyproperty
def asset(self):
asset_id = self.kwargs.get('asset_id')
kwargs = {'id': asset_id, 'is_active': True}
asset = get_object_or_404(Asset, **kwargs)
return asset
def get_queryset(self):
accounts = PermAccountUtil().get_perm_accounts_for_user_asset(
self.user, self.asset, with_actions=True
)
return accounts
class MyGrantedAssetAccountsApi(UserGrantedAssetAccountsApi):
permission_classes = (IsValidUser,)
@lazyproperty
def user(self):
return self.request.user
class UserGrantedAssetSpecialAccountsApi(ListAPIView):
serializer_class = serializers.AccountsGrantedSerializer
rbac_perms = {
'list': 'perms.view_userassets'
}
@lazyproperty
def user(self):
return self.request.user
def get_queryset(self):
# 构造默认包含的账号,如: @INPUT @USER
accounts = [
Account.get_input_account(),
Account.get_user_account(self.user.username)
]
for account in accounts:
account.actions = Action.ALL
return accounts
class MyGrantedAssetSpecialAccountsApi(UserGrantedAssetSpecialAccountsApi):
permission_classes = (IsValidUser,)
@lazyproperty
def user(self):
return self.request.user

4
apps/perms/utils/account.py
View File

@ -39,7 +39,9 @@ class PermAccountUtil(AssetPermissionUtil):
for aid in account_ids:
aid_actions_map[str(aid)] |= actions
account_ids = list(aid_actions_map.keys())
accounts = Account.objects.filter(id__in=account_ids)
accounts = Account.objects.filter(id__in=account_ids).order_by(
'asset__name', 'name', 'username'
)
if with_actions:
for account in accounts:
account.actions = aid_actions_map.get(str(account.id))

2
apps/perms/utils/permission.py
View File

@ -52,7 +52,7 @@ class AssetPermissionUtil(object):
.values_list('assetpermission_id', flat=True).distinct()
perm_ids.update(asset_perm_ids)
if with_node:
nodes = asset.get_all_nodes(flat=True)
nodes = asset.get_all_nodes()
node_perm_ids = self.get_permissions_for_nodes(nodes, flat=True)
perm_ids.update(node_perm_ids)
if flat: