diff --git a/apps/perms/api/user_permission/__init__.py b/apps/perms/api/user_permission/__init__.py index b0db20ee0..55bc108b4 100644 --- a/apps/perms/api/user_permission/__init__.py +++ b/apps/perms/api/user_permission/__init__.py @@ -1,6 +1,5 @@ # -*- coding: utf-8 -*- # -from .common import * from .nodes import * from .assets import * from .nodes_with_assets import * diff --git a/apps/perms/api/user_permission/accounts.py b/apps/perms/api/user_permission/accounts.py index d504ac8f9..70973d988 100644 --- a/apps/perms/api/user_permission/accounts.py +++ b/apps/perms/api/user_permission/accounts.py @@ -1,13 +1,29 @@ -from rest_framework import generics +from django.shortcuts import get_object_or_404 +from rest_framework.generics import ListAPIView, get_object_or_404 + +from common.permissions import IsValidUser +from common.utils import get_logger, lazyproperty from assets.serializers import AccountSerializer -from perms.utils.account import PermAccountUtil +from perms.hands import User, Asset, Account +from perms import serializers +from perms.models import Action +from perms.utils import PermAccountUtil from .mixin import RoleAdminMixin, RoleUserMixin - -__all__ = ['UserAllGrantedAccountsApi', 'MyAllGrantedAccountsApi'] +logger = get_logger(__name__) -class UserAllGrantedAccountsApi(RoleAdminMixin, generics.ListAPIView): +__all__ = [ + 'UserAllGrantedAccountsApi', + 'MyAllGrantedAccountsApi', + 'UserGrantedAssetAccountsApi', + 'MyGrantedAssetAccountsApi', + 'UserGrantedAssetSpecialAccountsApi', + 'MyGrantedAssetSpecialAccountsApi', +] + + +class UserAllGrantedAccountsApi(RoleAdminMixin, ListAPIView): """ 授权给用户的所有账号列表 """ serializer_class = AccountSerializer filterset_fields = ("name", "username", "privileged", "version") @@ -22,3 +38,59 @@ class UserAllGrantedAccountsApi(RoleAdminMixin, generics.ListAPIView): class MyAllGrantedAccountsApi(RoleUserMixin, UserAllGrantedAccountsApi): """ 授权给我的所有账号列表 """ pass + + +class UserGrantedAssetAccountsApi(ListAPIView): + serializer_class = serializers.AccountsGrantedSerializer + + @lazyproperty + def user(self) -> User: + user_id = self.kwargs.get('pk') + return User.objects.get(id=user_id) + + @lazyproperty + def asset(self): + asset_id = self.kwargs.get('asset_id') + kwargs = {'id': asset_id, 'is_active': True} + asset = get_object_or_404(Asset, **kwargs) + return asset + + def get_queryset(self): + accounts = PermAccountUtil().get_perm_accounts_for_user_asset( + self.user, self.asset, with_actions=True + ) + return accounts + + +class MyGrantedAssetAccountsApi(UserGrantedAssetAccountsApi): + permission_classes = (IsValidUser,) + + @lazyproperty + def user(self): + return self.request.user + + +class UserGrantedAssetSpecialAccountsApi(ListAPIView): + serializer_class = serializers.AccountsGrantedSerializer + + @lazyproperty + def user(self): + return self.request.user + + def get_queryset(self): + # 构造默认包含的账号,如: @INPUT @USER + accounts = [ + Account.get_input_account(), + Account.get_user_account(self.user.username) + ] + for account in accounts: + account.actions = Action.ALL + return accounts + + +class MyGrantedAssetSpecialAccountsApi(UserGrantedAssetSpecialAccountsApi): + permission_classes = (IsValidUser,) + + @lazyproperty + def user(self): + return self.request.user diff --git a/apps/perms/api/user_permission/common.py b/apps/perms/api/user_permission/common.py deleted file mode 100644 index 927ec7443..000000000 --- a/apps/perms/api/user_permission/common.py +++ /dev/null @@ -1,84 +0,0 @@ -# -*- coding: utf-8 -*- -# -from django.shortcuts import get_object_or_404 -from rest_framework.generics import ( - ListAPIView, get_object_or_404 -) -from common.permissions import IsValidUser -from common.utils import get_logger, lazyproperty - -from perms.hands import User, Asset, Account -from perms import serializers -from perms.models import Action -from perms.utils import PermAccountUtil - -logger = get_logger(__name__) - -__all__ = [ - 'UserGrantedAssetAccountsApi', - 'MyGrantedAssetAccountsApi', - 'UserGrantedAssetSpecialAccountsApi', - 'MyGrantedAssetSpecialAccountsApi', -] - - -class UserGrantedAssetAccountsApi(ListAPIView): - serializer_class = serializers.AccountsGrantedSerializer - rbac_perms = { - 'list': 'perms.view_userassets' - } - - @lazyproperty - def user(self) -> User: - user_id = self.kwargs.get('pk') - return User.objects.get(id=user_id) - - @lazyproperty - def asset(self): - asset_id = self.kwargs.get('asset_id') - kwargs = {'id': asset_id, 'is_active': True} - asset = get_object_or_404(Asset, **kwargs) - return asset - - def get_queryset(self): - accounts = PermAccountUtil().get_perm_accounts_for_user_asset( - self.user, self.asset, with_actions=True - ) - return accounts - - -class MyGrantedAssetAccountsApi(UserGrantedAssetAccountsApi): - permission_classes = (IsValidUser,) - - @lazyproperty - def user(self): - return self.request.user - - -class UserGrantedAssetSpecialAccountsApi(ListAPIView): - serializer_class = serializers.AccountsGrantedSerializer - rbac_perms = { - 'list': 'perms.view_userassets' - } - - @lazyproperty - def user(self): - return self.request.user - - def get_queryset(self): - # 构造默认包含的账号,如: @INPUT @USER - accounts = [ - Account.get_input_account(), - Account.get_user_account(self.user.username) - ] - for account in accounts: - account.actions = Action.ALL - return accounts - - -class MyGrantedAssetSpecialAccountsApi(UserGrantedAssetSpecialAccountsApi): - permission_classes = (IsValidUser,) - - @lazyproperty - def user(self): - return self.request.user diff --git a/apps/perms/utils/account.py b/apps/perms/utils/account.py index 63bfcc723..3963e113c 100644 --- a/apps/perms/utils/account.py +++ b/apps/perms/utils/account.py @@ -39,7 +39,9 @@ class PermAccountUtil(AssetPermissionUtil): for aid in account_ids: aid_actions_map[str(aid)] |= actions account_ids = list(aid_actions_map.keys()) - accounts = Account.objects.filter(id__in=account_ids) + accounts = Account.objects.filter(id__in=account_ids).order_by( + 'asset__name', 'name', 'username' + ) if with_actions: for account in accounts: account.actions = aid_actions_map.get(str(account.id)) diff --git a/apps/perms/utils/permission.py b/apps/perms/utils/permission.py index e7d88e06d..fd0ea593b 100644 --- a/apps/perms/utils/permission.py +++ b/apps/perms/utils/permission.py @@ -52,7 +52,7 @@ class AssetPermissionUtil(object): .values_list('assetpermission_id', flat=True).distinct() perm_ids.update(asset_perm_ids) if with_node: - nodes = asset.get_all_nodes(flat=True) + nodes = asset.get_all_nodes() node_perm_ids = self.get_permissions_for_nodes(nodes, flat=True) perm_ids.update(node_perm_ids) if flat: