feat: 删除授权模块中关于系统用户的API

2 years ago · 76747642c4
4 changed files with 2 additions and 79 deletions
--- a/apps/perms/api/user_group_permission.py
+++ b/apps/perms/api/user_group_permission.py
@ -11,7 +11,6 @@ from perms.models import AssetPermission
 from assets.models import Asset, Node
 from . import user_permission as uapi
 from perms import serializers
-from perms.utils.permission import get_asset_system_user_ids_with_actions_by_group
 from assets.api.mixin import SerializeToTreeNodeMixin
 from users.models import UserGroup

@ -19,18 +18,10 @@ __all__ = [
    'UserGroupGrantedAssetsApi', 'UserGroupGrantedNodesApi',
    'UserGroupGrantedNodeAssetsApi',
    'UserGroupGrantedNodeChildrenAsTreeApi',
-    'UserGroupGrantedAssetSystemUsersApi',
    'UserGroupGrantedAssetAccountsApi',
 ]


-class UserGroupMixin:
-    @lazyproperty
-    def group(self):
-        group_id = self.kwargs.get('pk')
-        return UserGroup.objects.get(id=group_id)
-
-
 class UserGroupGrantedAssetsApi(ListAPIView):
    serializer_class = serializers.AssetGrantedSerializer
    only_fields = serializers.AssetGrantedSerializer.Meta.only_fields
@ -201,11 +192,6 @@ class UserGroupGrantedNodeChildrenAsTreeApi(SerializeToTreeNodeMixin, ListAPIVie
        return Response(data=nodes)


-class UserGroupGrantedAssetSystemUsersApi(UserGroupMixin, uapi.UserGrantedAssetSystemUsersForAdminApi):
-    def get_asset_system_user_ids_with_actions(self, asset):
-        return get_asset_system_user_ids_with_actions_by_group(self.group, asset)
-
-
 class UserGroupGrantedAssetAccountsApi(uapi.UserGrantedAssetAccountsApi):

    @lazyproperty
--- a/apps/perms/api/user_permission/common.py
+++ b/apps/perms/api/user_permission/common.py
@ -26,10 +26,8 @@ from perms.models import AssetPermission, Action
 logger = get_logger(__name__)

 __all__ = [
-    'UserGrantedAssetSystemUsersForAdminApi',
    'ValidateUserAssetPermissionApi',
    'GetUserAssetPermissionActionsApi',
-    'MyGrantedAssetSystemUsersApi',
    'UserGrantedAssetAccountsApi',
    'MyGrantedAssetAccountsApi',
    'UserGrantedAssetSpecialAccountsApi',
@ -101,50 +99,6 @@ class ValidateUserAssetPermissionApi(APIView):
        return Response(data, status=status_code)


-class UserGrantedAssetSystemUsersForAdminApi(ListAPIView):
-    rbac_perms = {
-        'list': 'perms.view_userassets'
-    }
-
-    @lazyproperty
-    def user(self):
-        user_id = self.kwargs.get('pk')
-        return User.objects.get(id=user_id)
-
-    @lazyproperty
-    def system_users_with_actions(self):
-        asset_id = self.kwargs.get('asset_id')
-        asset = get_object_or_404(Asset, id=asset_id, is_active=True)
-        return self.get_asset_system_user_ids_with_actions(asset)
-
-    def get_asset_system_user_ids_with_actions(self, asset):
-        return get_asset_system_user_ids_with_actions_by_user(self.user, asset)
-
-    def paginate_queryset(self, queryset):
-        page = super().paginate_queryset(queryset)
-
-        if page:
-            page = self.set_systemusers_action(page)
-        else:
-            self.set_systemusers_action(queryset)
-        return page
-
-    def set_systemusers_action(self, queryset):
-        queryset_list = list(queryset)
-        for system_user in queryset_list:
-            actions = self.system_users_with_actions.get(system_user.id, 0)
-            system_user.actions = actions
-        return queryset_list
-
-
-class MyGrantedAssetSystemUsersApi(UserGrantedAssetSystemUsersForAdminApi):
-    permission_classes = (IsValidUser,)
-
-    @lazyproperty
-    def user(self):
-        return self.request.user
-
-
 class UserGrantedAssetAccountsApi(ListAPIView):
    serializer_class = serializers.AccountsGrantedSerializer
    rbac_perms = {
--- a/apps/perms/urls/asset_permission.py
+++ b/apps/perms/urls/asset_permission.py
@ -60,12 +60,6 @@ user_permission_urlpatterns = [
    path('nodes/favorite/assets/', api.MyFavoriteGrantedAssetsApi.as_view(), name='my-ungrouped-assets'),
    # v3 中上面的 API 基本不用动

-    # Todo: v3 删除
-    # Asset System users
-    path('<uuid:pk>/assets/<uuid:asset_id>/system-users/', api.UserGrantedAssetSystemUsersForAdminApi.as_view(), name='user-asset-system-users'),
-    path('assets/<uuid:asset_id>/system-users/', api.MyGrantedAssetSystemUsersApi.as_view(), name='my-asset-system-users'),
-
-    # Todo: v3 增加 Done.
    # 获取所有和资产-用户关联的账号列表
    path('<uuid:pk>/assets/<uuid:asset_id>/accounts/', api.UserGrantedAssetAccountsApi.as_view(), name='user-asset-accounts'),
    path('assets/<uuid:asset_id>/accounts/', api.MyGrantedAssetAccountsApi.as_view(), name='my-asset-accounts'),
@ -82,9 +76,6 @@ user_group_permission_urlpatterns = [
    path('<uuid:pk>/nodes/children/tree/', api.UserGroupGrantedNodeChildrenAsTreeApi.as_view(), name='user-group-nodes-children-as-tree'),
    path('<uuid:pk>/nodes/<uuid:node_id>/assets/', api.UserGroupGrantedNodeAssetsApi.as_view(), name='user-group-node-assets'),

-    # Todo: v3 删除
-    path('<uuid:pk>/assets/<uuid:asset_id>/system-users/', api.UserGroupGrantedAssetSystemUsersApi.as_view(), name='user-group-asset-system-users'),
-    # Todo: v3 增加 Done.
    # 获取所有和资产-用户组关联的账号列表
    path('<uuid:pk>/assets/<uuid:asset_id>/accounts/', api.UserGroupGrantedAssetAccountsApi.as_view(), name='user-group-asset-accounts'),
 ]
@ -95,8 +86,7 @@ permission_urlpatterns = [
    path('<uuid:pk>/users/all/', api.AssetPermissionAllUserListApi.as_view(), name='asset-permission-all-users'),

    # 验证用户是否有某个资产和系统用户的权限
-    # Todo: v3 API 需要修改，验证用户有某个账号的权限 # 先不动, v3 中可能会修改连接资产时的逻辑,
-    #  直接获取认证信息，获取不到就时没有权限，就不需要校验了
+    # Todo: v3 先不动, 可能会修改连接资产时的逻辑, 直接获取认证信息，获取不到就时没有权限，就不需要校验了
    path('user/validate/', api.ValidateUserAssetPermissionApi.as_view(), name='validate-user-asset-permission'),
    path('user/actions/', api.GetUserAssetPermissionActionsApi.as_view(), name='get-user-asset-permission-actions'),

--- a/apps/perms/utils/permission.py
+++ b/apps/perms/utils/permission.py
@ -85,14 +85,7 @@ def get_asset_system_user_ids_with_actions_by_user(user: User, asset: Asset):

 def has_asset_system_permission(user: User, asset: Asset, account: str):
    systemuser_actions_mapper = get_asset_system_user_ids_with_actions_by_user(user, asset)
-    actions = systemuser_actions_mapper.get(system_user.id, 0)
+    actions = systemuser_actions_mapper.get(account, 0)
    if actions:
        return True
    return False
-
-
-def get_asset_system_user_ids_with_actions_by_group(group: UserGroup, asset: Asset):
-    asset_perm_ids = AssetPermission.objects.filter(
-        user_groups=group
-    ).valid().values_list('id', flat=True).distinct()
-    return get_asset_system_user_ids_with_actions(asset_perm_ids, asset)