mirror of https://github.com/jumpserver/jumpserver
feat: 删除授权模块中关于系统用户的API
Jiangjie.Bai
parent
fd0ce0d1c6
commit
76747642c4
|
|
@ -11,7 +11,6 @@ from perms.models import AssetPermission
|
|||
from assets.models import Asset, Node
|
||||
from . import user_permission as uapi
|
||||
from perms import serializers
|
||||
from perms.utils.permission import get_asset_system_user_ids_with_actions_by_group
|
||||
from assets.api.mixin import SerializeToTreeNodeMixin
|
||||
from users.models import UserGroup
|
||||
|
||||
|
|
@ -19,18 +18,10 @@ __all__ = [
|
|||
'UserGroupGrantedAssetsApi', 'UserGroupGrantedNodesApi',
|
||||
'UserGroupGrantedNodeAssetsApi',
|
||||
'UserGroupGrantedNodeChildrenAsTreeApi',
|
||||
'UserGroupGrantedAssetSystemUsersApi',
|
||||
'UserGroupGrantedAssetAccountsApi',
|
||||
]
|
||||
|
||||
|
||||
class UserGroupMixin:
|
||||
@lazyproperty
|
||||
def group(self):
|
||||
group_id = self.kwargs.get('pk')
|
||||
return UserGroup.objects.get(id=group_id)
|
||||
|
||||
|
||||
class UserGroupGrantedAssetsApi(ListAPIView):
|
||||
serializer_class = serializers.AssetGrantedSerializer
|
||||
only_fields = serializers.AssetGrantedSerializer.Meta.only_fields
|
||||
|
|
@ -201,11 +192,6 @@ class UserGroupGrantedNodeChildrenAsTreeApi(SerializeToTreeNodeMixin, ListAPIVie
|
|||
return Response(data=nodes)
|
||||
|
||||
|
||||
class UserGroupGrantedAssetSystemUsersApi(UserGroupMixin, uapi.UserGrantedAssetSystemUsersForAdminApi):
|
||||
def get_asset_system_user_ids_with_actions(self, asset):
|
||||
return get_asset_system_user_ids_with_actions_by_group(self.group, asset)
|
||||
|
||||
|
||||
class UserGroupGrantedAssetAccountsApi(uapi.UserGrantedAssetAccountsApi):
|
||||
|
||||
@lazyproperty
|
||||
|
|
|
|||
|
|
@ -26,10 +26,8 @@ from perms.models import AssetPermission, Action
|
|||
logger = get_logger(__name__)
|
||||
|
||||
__all__ = [
|
||||
'UserGrantedAssetSystemUsersForAdminApi',
|
||||
'ValidateUserAssetPermissionApi',
|
||||
'GetUserAssetPermissionActionsApi',
|
||||
'MyGrantedAssetSystemUsersApi',
|
||||
'UserGrantedAssetAccountsApi',
|
||||
'MyGrantedAssetAccountsApi',
|
||||
'UserGrantedAssetSpecialAccountsApi',
|
||||
|
|
@ -101,50 +99,6 @@ class ValidateUserAssetPermissionApi(APIView):
|
|||
return Response(data, status=status_code)
|
||||
|
||||
|
||||
class UserGrantedAssetSystemUsersForAdminApi(ListAPIView):
|
||||
rbac_perms = {
|
||||
'list': 'perms.view_userassets'
|
||||
}
|
||||
|
||||
@lazyproperty
|
||||
def user(self):
|
||||
user_id = self.kwargs.get('pk')
|
||||
return User.objects.get(id=user_id)
|
||||
|
||||
@lazyproperty
|
||||
def system_users_with_actions(self):
|
||||
asset_id = self.kwargs.get('asset_id')
|
||||
asset = get_object_or_404(Asset, id=asset_id, is_active=True)
|
||||
return self.get_asset_system_user_ids_with_actions(asset)
|
||||
|
||||
def get_asset_system_user_ids_with_actions(self, asset):
|
||||
return get_asset_system_user_ids_with_actions_by_user(self.user, asset)
|
||||
|
||||
def paginate_queryset(self, queryset):
|
||||
page = super().paginate_queryset(queryset)
|
||||
|
||||
if page:
|
||||
page = self.set_systemusers_action(page)
|
||||
else:
|
||||
self.set_systemusers_action(queryset)
|
||||
return page
|
||||
|
||||
def set_systemusers_action(self, queryset):
|
||||
queryset_list = list(queryset)
|
||||
for system_user in queryset_list:
|
||||
actions = self.system_users_with_actions.get(system_user.id, 0)
|
||||
system_user.actions = actions
|
||||
return queryset_list
|
||||
|
||||
|
||||
class MyGrantedAssetSystemUsersApi(UserGrantedAssetSystemUsersForAdminApi):
|
||||
permission_classes = (IsValidUser,)
|
||||
|
||||
@lazyproperty
|
||||
def user(self):
|
||||
return self.request.user
|
||||
|
||||
|
||||
class UserGrantedAssetAccountsApi(ListAPIView):
|
||||
serializer_class = serializers.AccountsGrantedSerializer
|
||||
rbac_perms = {
|
||||
|
|
|
|||
|
|
@ -60,12 +60,6 @@ user_permission_urlpatterns = [
|
|||
path('nodes/favorite/assets/', api.MyFavoriteGrantedAssetsApi.as_view(), name='my-ungrouped-assets'),
|
||||
# v3 中上面的 API 基本不用动
|
||||
|
||||
# Todo: v3 删除
|
||||
# Asset System users
|
||||
path('<uuid:pk>/assets/<uuid:asset_id>/system-users/', api.UserGrantedAssetSystemUsersForAdminApi.as_view(), name='user-asset-system-users'),
|
||||
path('assets/<uuid:asset_id>/system-users/', api.MyGrantedAssetSystemUsersApi.as_view(), name='my-asset-system-users'),
|
||||
|
||||
# Todo: v3 增加 Done.
|
||||
# 获取所有和资产-用户关联的账号列表
|
||||
path('<uuid:pk>/assets/<uuid:asset_id>/accounts/', api.UserGrantedAssetAccountsApi.as_view(), name='user-asset-accounts'),
|
||||
path('assets/<uuid:asset_id>/accounts/', api.MyGrantedAssetAccountsApi.as_view(), name='my-asset-accounts'),
|
||||
|
|
@ -82,9 +76,6 @@ user_group_permission_urlpatterns = [
|
|||
path('<uuid:pk>/nodes/children/tree/', api.UserGroupGrantedNodeChildrenAsTreeApi.as_view(), name='user-group-nodes-children-as-tree'),
|
||||
path('<uuid:pk>/nodes/<uuid:node_id>/assets/', api.UserGroupGrantedNodeAssetsApi.as_view(), name='user-group-node-assets'),
|
||||
|
||||
# Todo: v3 删除
|
||||
path('<uuid:pk>/assets/<uuid:asset_id>/system-users/', api.UserGroupGrantedAssetSystemUsersApi.as_view(), name='user-group-asset-system-users'),
|
||||
# Todo: v3 增加 Done.
|
||||
# 获取所有和资产-用户组关联的账号列表
|
||||
path('<uuid:pk>/assets/<uuid:asset_id>/accounts/', api.UserGroupGrantedAssetAccountsApi.as_view(), name='user-group-asset-accounts'),
|
||||
]
|
||||
|
|
@ -95,8 +86,7 @@ permission_urlpatterns = [
|
|||
path('<uuid:pk>/users/all/', api.AssetPermissionAllUserListApi.as_view(), name='asset-permission-all-users'),
|
||||
|
||||
# 验证用户是否有某个资产和系统用户的权限
|
||||
# Todo: v3 API 需要修改,验证用户有某个账号的权限 # 先不动, v3 中可能会修改连接资产时的逻辑,
|
||||
# 直接获取认证信息,获取不到就时没有权限,就不需要校验了
|
||||
# Todo: v3 先不动, 可能会修改连接资产时的逻辑, 直接获取认证信息,获取不到就时没有权限,就不需要校验了
|
||||
path('user/validate/', api.ValidateUserAssetPermissionApi.as_view(), name='validate-user-asset-permission'),
|
||||
path('user/actions/', api.GetUserAssetPermissionActionsApi.as_view(), name='get-user-asset-permission-actions'),
|
||||
|
||||
|
|
|
|||
|
|
@ -85,14 +85,7 @@ def get_asset_system_user_ids_with_actions_by_user(user: User, asset: Asset):
|
|||
|
||||
def has_asset_system_permission(user: User, asset: Asset, account: str):
|
||||
systemuser_actions_mapper = get_asset_system_user_ids_with_actions_by_user(user, asset)
|
||||
actions = systemuser_actions_mapper.get(system_user.id, 0)
|
||||
actions = systemuser_actions_mapper.get(account, 0)
|
||||
if actions:
|
||||
return True
|
||||
return False
|
||||
|
||||
|
||||
def get_asset_system_user_ids_with_actions_by_group(group: UserGroup, asset: Asset):
|
||||
asset_perm_ids = AssetPermission.objects.filter(
|
||||
user_groups=group
|
||||
).valid().values_list('id', flat=True).distinct()
|
||||
return get_asset_system_user_ids_with_actions(asset_perm_ids, asset)
|
||||
|
|
|
|||
Loading…
Reference in New Issue