mirror of https://github.com/jumpserver/jumpserver
pref: 修改 accounts
ibuler
parent
9d0e2b2872
commit
73290f4ed0
|
|
@ -1,31 +1,25 @@
|
|||
from django.shortcuts import get_object_or_404
|
||||
from rest_framework.generics import ListAPIView, get_object_or_404
|
||||
|
||||
from common.permissions import IsValidUser
|
||||
from common.utils import get_logger, lazyproperty
|
||||
from perms import serializers
|
||||
from perms.hands import User, Asset
|
||||
from perms.hands import Asset
|
||||
from perms.utils import PermAccountUtil
|
||||
from .mixin import SelfOrPKUserMixin
|
||||
|
||||
logger = get_logger(__name__)
|
||||
|
||||
__all__ = [
|
||||
'UserGrantedAssetAccountsApi',
|
||||
'MyGrantedAssetAccountsApi',
|
||||
]
|
||||
|
||||
|
||||
class UserGrantedAssetAccountsApi(ListAPIView):
|
||||
class UserGrantedAssetAccountsApi(SelfOrPKUserMixin, ListAPIView):
|
||||
serializer_class = serializers.AccountsGrantedSerializer
|
||||
rbac_perms = (
|
||||
('list', 'perms.view_userassets'),
|
||||
)
|
||||
|
||||
@lazyproperty
|
||||
def user(self) -> User:
|
||||
user_id = self.kwargs.get('pk')
|
||||
return User.objects.get(id=user_id)
|
||||
|
||||
@lazyproperty
|
||||
def asset(self):
|
||||
asset_id = self.kwargs.get('asset_id')
|
||||
|
|
@ -37,11 +31,3 @@ class UserGrantedAssetAccountsApi(ListAPIView):
|
|||
util = PermAccountUtil()
|
||||
accounts = util.get_permed_accounts_for_user(self.user, self.asset)
|
||||
return accounts
|
||||
|
||||
|
||||
class MyGrantedAssetAccountsApi(UserGrantedAssetAccountsApi):
|
||||
permission_classes = (IsValidUser,)
|
||||
|
||||
@lazyproperty
|
||||
def user(self):
|
||||
return self.request.user
|
||||
|
|
|
|||
|
|
@ -1,10 +1,12 @@
|
|||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
from django.shortcuts import get_object_or_404
|
||||
from rest_framework.request import Request
|
||||
|
||||
from common.http import is_true
|
||||
from common.mixins.api import RoleAdminMixin, RoleUserMixin
|
||||
from perms.utils.user_permission import UserGrantedTreeRefreshController
|
||||
from rbac.permissions import RBACPermission
|
||||
from users.models import User
|
||||
|
||||
|
||||
|
|
@ -34,3 +36,44 @@ class AssetRoleUserMixin(RebuildTreeMixin, RoleUserMixin):
|
|||
('get_tree', 'perms.view_myassets'),
|
||||
('GET', 'perms.view_myassets'),
|
||||
)
|
||||
|
||||
|
||||
class SelfOrPKUserMixin:
|
||||
kwargs: dict
|
||||
request: Request
|
||||
permission_classes = (RBACPermission,)
|
||||
|
||||
@property
|
||||
def self_rbac_perms(self):
|
||||
return (
|
||||
('list', 'perms.view_myassets'),
|
||||
('retrieve', 'perms.view_myassets'),
|
||||
('get_tree', 'perms.view_myassets'),
|
||||
('GET', 'perms.view_myassets'),
|
||||
)
|
||||
|
||||
@property
|
||||
def admin_rbac_perms(self):
|
||||
return (
|
||||
('list', 'perms.view_userassets'),
|
||||
('retrieve', 'perms.view_userassets'),
|
||||
('get_tree', 'perms.view_userassets'),
|
||||
('GET', 'perms.view_userassets'),
|
||||
)
|
||||
|
||||
def get_rbac_perms(self):
|
||||
if self.request_user_is_self():
|
||||
return self.self_rbac_perms
|
||||
else:
|
||||
return self.admin_rbac_perms
|
||||
|
||||
def request_user_is_self(self):
|
||||
print("user is: ", self.kwargs)
|
||||
return self.kwargs.get('user') in ['my', 'self']
|
||||
|
||||
@property
|
||||
def user(self):
|
||||
if self.request_user_is_self():
|
||||
return self.request.user
|
||||
else:
|
||||
return get_object_or_404(User, pk=self.kwargs.get('user'))
|
||||
|
|
|
|||
|
|
@ -1,8 +1,9 @@
|
|||
# coding:utf-8
|
||||
|
||||
from .asset_permission import asset_permission_urlpatterns
|
||||
from .user_permission import user_permission_urlpatterns
|
||||
|
||||
app_name = 'perms'
|
||||
|
||||
urlpatterns = []
|
||||
urlpatterns += asset_permission_urlpatterns
|
||||
urlpatterns = asset_permission_urlpatterns \
|
||||
+ user_permission_urlpatterns
|
||||
|
|
|
|||
|
|
@ -16,78 +16,6 @@ router.register('asset-permissions-assets-relations', api.AssetPermissionAssetRe
|
|||
router.register('asset-permissions-nodes-relations', api.AssetPermissionNodeRelationViewSet,
|
||||
'asset-permissions-nodes-relation')
|
||||
|
||||
user_permission_urlpatterns = [
|
||||
# 以 serializer 格式返回
|
||||
path('<uuid:pk>/assets/', api.UserAllGrantedAssetsApi.as_view(), name='user-assets'),
|
||||
path('assets/', api.MyAllGrantedAssetsApi.as_view(), name='my-assets'),
|
||||
# Tree Node 的数据格式返回
|
||||
path('<uuid:pk>/assets/tree/', api.UserDirectGrantedAssetsAsTreeApi.as_view(), name='user-assets-as-tree'),
|
||||
path('assets/tree/', api.MyAllAssetsAsTreeApi.as_view(), name='my-assets-as-tree'),
|
||||
path('ungroup/assets/tree/', api.MyUngroupAssetsAsTreeApi.as_view(), name='my-ungroup-assets-as-tree'),
|
||||
|
||||
# 获取用户所有`直接授权的节点`与`直接授权资产`关联的节点
|
||||
# 以 serializer 格式返回
|
||||
path('<uuid:pk>/nodes/', api.UserGrantedNodesApi.as_view(), name='user-nodes'),
|
||||
path('nodes/', api.MyGrantedNodesApi.as_view(), name='my-nodes'),
|
||||
# 以 Tree Node 的数据格式返回
|
||||
path('<uuid:pk>/nodes/tree/', api.MyGrantedNodesAsTreeApi.as_view(), name='user-nodes-as-tree'),
|
||||
path('nodes/tree/', api.MyGrantedNodesAsTreeApi.as_view(), name='my-nodes-as-tree'),
|
||||
|
||||
# 一层一层的获取用户授权的节点,
|
||||
# 以 Serializer 的数据格式返回
|
||||
path('<uuid:pk>/nodes/children/', api.UserGrantedNodeChildrenForAdminApi.as_view(), name='user-nodes-children'),
|
||||
path('nodes/children/', api.MyGrantedNodeChildrenApi.as_view(), name='my-nodes-children'),
|
||||
# 以 Tree Node 的数据格式返回
|
||||
path('<uuid:pk>/nodes/children/tree/', api.UserGrantedNodeChildrenAsTreeForAdminApi.as_view(),
|
||||
name='user-nodes-children-as-tree'),
|
||||
# 部分调用位置
|
||||
# - 普通用户 -> 我的资产 -> 展开节点 时调用
|
||||
path('nodes/children/tree/', api.MyGrantedNodeChildrenAsTreeApi.as_view(), name='my-nodes-children-as-tree'),
|
||||
|
||||
# 此接口会返回整棵树
|
||||
# 普通用户 -> 命令执行 -> 左侧树
|
||||
path('nodes-with-assets/tree/', api.MyGrantedNodesWithAssetsAsTreeApi.as_view(),
|
||||
name='my-nodes-with-assets-as-tree'),
|
||||
|
||||
# 主要用于 luna 页面,带资产的节点树
|
||||
path('<uuid:pk>/nodes/children-with-assets/tree/', api.UserGrantedNodeChildrenWithAssetsAsTreeApi.as_view(),
|
||||
name='user-nodes-children-with-assets-as-tree'),
|
||||
path('nodes/children-with-assets/tree/', api.MyGrantedNodeChildrenWithAssetsAsTreeApi.as_view(),
|
||||
name='my-nodes-children-with-assets-as-tree'),
|
||||
|
||||
# 查询授权树上某个节点的所有资产
|
||||
path('<uuid:pk>/nodes/<uuid:node_id>/assets/', api.UserGrantedNodeAssetsApi.as_view(), name='user-node-assets'),
|
||||
path('nodes/<uuid:node_id>/assets/', api.MyGrantedNodeAssetsApi.as_view(), name='my-node-assets'),
|
||||
|
||||
# 未分组的资产
|
||||
path('<uuid:pk>/nodes/ungrouped/assets/', api.UserDirectGrantedAssetsApi.as_view(), name='user-ungrouped-assets'),
|
||||
path('nodes/ungrouped/assets/', api.MyDirectGrantedAssetsApi.as_view(), name='my-ungrouped-assets'),
|
||||
|
||||
# 收藏的资产
|
||||
path('<uuid:pk>/nodes/favorite/assets/', api.UserFavoriteGrantedAssetsApi.as_view(), name='user-ungrouped-assets'),
|
||||
path('nodes/favorite/assets/', api.MyFavoriteGrantedAssetsApi.as_view(),
|
||||
name='my-ungrouped-assets'),
|
||||
|
||||
# 获取授权给用户某个资产的所有账号
|
||||
path('<str:user>/assets/<uuid:asset_id>/accounts/', api.UserGrantedAssetAccountsApi.as_view(),
|
||||
name='user-asset-accounts'),
|
||||
]
|
||||
|
||||
user_group_permission_urlpatterns = [
|
||||
# 查询某个用户组授权的资产和资产组
|
||||
path('<uuid:pk>/assets/', api.UserGroupGrantedAssetsApi.as_view(), name='user-group-assets'),
|
||||
path('<uuid:pk>/nodes/', api.UserGroupGrantedNodesApi.as_view(), name='user-group-nodes'),
|
||||
path('<uuid:pk>/nodes/children/', api.UserGroupGrantedNodesApi.as_view(), name='user-group-nodes-children'),
|
||||
path('<uuid:pk>/nodes/children/tree/', api.UserGroupGrantedNodeChildrenAsTreeApi.as_view(),
|
||||
name='user-group-nodes-children-as-tree'),
|
||||
path('<uuid:pk>/nodes/<uuid:node_id>/assets/', api.UserGroupGrantedNodeAssetsApi.as_view(),
|
||||
name='user-group-node-assets'),
|
||||
|
||||
# 获取所有和资产-用户组关联的账号列表
|
||||
path('<uuid:pk>/assets/<uuid:asset_id>/accounts/', api.UserGroupGrantedAssetAccountsApi.as_view(),
|
||||
name='user-group-asset-accounts'),
|
||||
]
|
||||
|
||||
permission_urlpatterns = [
|
||||
# 授权规则中授权的资产
|
||||
path('<uuid:pk>/assets/all/', api.AssetPermissionAllAssetListApi.as_view(), name='asset-permission-all-assets'),
|
||||
|
|
@ -97,8 +25,6 @@ permission_urlpatterns = [
|
|||
|
||||
asset_permission_urlpatterns = [
|
||||
# Assets
|
||||
path('users/', include(user_permission_urlpatterns)),
|
||||
path('user-groups/', include(user_group_permission_urlpatterns)),
|
||||
path('asset-permissions/', include(permission_urlpatterns)),
|
||||
]
|
||||
|
||||
|
|
|
|||
|
|
@ -0,0 +1,80 @@
|
|||
from django.urls import path, include
|
||||
|
||||
from .. import api
|
||||
|
||||
user_permission_urlpatterns = [
|
||||
# 以 serializer 格式返回
|
||||
path('<uuid:pk>/assets/', api.UserAllGrantedAssetsApi.as_view(), name='user-assets'),
|
||||
path('assets/', api.MyAllGrantedAssetsApi.as_view(), name='my-assets'),
|
||||
# Tree Node 的数据格式返回
|
||||
path('<uuid:pk>/assets/tree/', api.UserDirectGrantedAssetsAsTreeApi.as_view(), name='user-assets-as-tree'),
|
||||
path('assets/tree/', api.MyAllAssetsAsTreeApi.as_view(), name='my-assets-as-tree'),
|
||||
path('ungroup/assets/tree/', api.MyUngroupAssetsAsTreeApi.as_view(), name='my-ungroup-assets-as-tree'),
|
||||
|
||||
# 获取用户所有`直接授权的节点`与`直接授权资产`关联的节点
|
||||
# 以 serializer 格式返回
|
||||
path('<uuid:pk>/nodes/', api.UserGrantedNodesApi.as_view(), name='user-nodes'),
|
||||
path('nodes/', api.MyGrantedNodesApi.as_view(), name='my-nodes'),
|
||||
# 以 Tree Node 的数据格式返回
|
||||
path('<uuid:pk>/nodes/tree/', api.MyGrantedNodesAsTreeApi.as_view(), name='user-nodes-as-tree'),
|
||||
path('nodes/tree/', api.MyGrantedNodesAsTreeApi.as_view(), name='my-nodes-as-tree'),
|
||||
|
||||
# 一层一层的获取用户授权的节点,
|
||||
# 以 Serializer 的数据格式返回
|
||||
path('<uuid:pk>/nodes/children/', api.UserGrantedNodeChildrenForAdminApi.as_view(), name='user-nodes-children'),
|
||||
path('nodes/children/', api.MyGrantedNodeChildrenApi.as_view(), name='my-nodes-children'),
|
||||
# 以 Tree Node 的数据格式返回
|
||||
path('<uuid:pk>/nodes/children/tree/', api.UserGrantedNodeChildrenAsTreeForAdminApi.as_view(),
|
||||
name='user-nodes-children-as-tree'),
|
||||
# 部分调用位置
|
||||
# - 普通用户 -> 我的资产 -> 展开节点 时调用
|
||||
path('nodes/children/tree/', api.MyGrantedNodeChildrenAsTreeApi.as_view(), name='my-nodes-children-as-tree'),
|
||||
|
||||
# 此接口会返回整棵树
|
||||
# 普通用户 -> 命令执行 -> 左侧树
|
||||
path('nodes-with-assets/tree/', api.MyGrantedNodesWithAssetsAsTreeApi.as_view(),
|
||||
name='my-nodes-with-assets-as-tree'),
|
||||
|
||||
# 主要用于 luna 页面,带资产的节点树
|
||||
path('<uuid:pk>/nodes/children-with-assets/tree/', api.UserGrantedNodeChildrenWithAssetsAsTreeApi.as_view(),
|
||||
name='user-nodes-children-with-assets-as-tree'),
|
||||
path('nodes/children-with-assets/tree/', api.MyGrantedNodeChildrenWithAssetsAsTreeApi.as_view(),
|
||||
name='my-nodes-children-with-assets-as-tree'),
|
||||
|
||||
# 查询授权树上某个节点的所有资产
|
||||
path('<uuid:pk>/nodes/<uuid:node_id>/assets/', api.UserGrantedNodeAssetsApi.as_view(), name='user-node-assets'),
|
||||
path('nodes/<uuid:node_id>/assets/', api.MyGrantedNodeAssetsApi.as_view(), name='my-node-assets'),
|
||||
|
||||
# 未分组的资产
|
||||
path('<uuid:pk>/nodes/ungrouped/assets/', api.UserDirectGrantedAssetsApi.as_view(), name='user-ungrouped-assets'),
|
||||
path('nodes/ungrouped/assets/', api.MyDirectGrantedAssetsApi.as_view(), name='my-ungrouped-assets'),
|
||||
|
||||
# 收藏的资产
|
||||
path('<uuid:pk>/nodes/favorite/assets/', api.UserFavoriteGrantedAssetsApi.as_view(), name='user-ungrouped-assets'),
|
||||
path('nodes/favorite/assets/', api.MyFavoriteGrantedAssetsApi.as_view(),
|
||||
name='my-ungrouped-assets'),
|
||||
|
||||
# 获取授权给用户某个资产的所有账号
|
||||
path('<str:user>/assets/<uuid:asset_id>/accounts/', api.UserGrantedAssetAccountsApi.as_view(),
|
||||
name='user-asset-accounts'),
|
||||
]
|
||||
|
||||
user_group_permission_urlpatterns = [
|
||||
# 查询某个用户组授权的资产和资产组
|
||||
path('<uuid:pk>/assets/', api.UserGroupGrantedAssetsApi.as_view(), name='user-group-assets'),
|
||||
path('<uuid:pk>/nodes/', api.UserGroupGrantedNodesApi.as_view(), name='user-group-nodes'),
|
||||
path('<uuid:pk>/nodes/children/', api.UserGroupGrantedNodesApi.as_view(), name='user-group-nodes-children'),
|
||||
path('<uuid:pk>/nodes/children/tree/', api.UserGroupGrantedNodeChildrenAsTreeApi.as_view(),
|
||||
name='user-group-nodes-children-as-tree'),
|
||||
path('<uuid:pk>/nodes/<uuid:node_id>/assets/', api.UserGroupGrantedNodeAssetsApi.as_view(),
|
||||
name='user-group-node-assets'),
|
||||
|
||||
# 获取所有和资产-用户组关联的账号列表
|
||||
path('<uuid:pk>/assets/<uuid:asset_id>/accounts/', api.UserGroupGrantedAssetAccountsApi.as_view(),
|
||||
name='user-group-asset-accounts'),
|
||||
]
|
||||
|
||||
user_permission_urlpatterns = [
|
||||
path('users/', include(user_permission_urlpatterns)),
|
||||
path('user-groups/', include(user_group_permission_urlpatterns)),
|
||||
]
|
||||
Loading…
Reference in New Issue