perf: 修改 perm tree

2022-03-11 17:17:49 +08:00 · 2022-03-11 17:17:49 +08:00 · 797b184c7f
parent b3632f6531
commit 797b184c7f
10 changed files with 53 additions and 52 deletions
--- a/apps/jumpserver/api.py
+++ b/apps/jumpserver/api.py
@ -214,7 +214,7 @@ class DatesLoginMetricMixin:
 class IndexApi(DatesLoginMetricMixin, APIView):
    http_method_names = ['get']
    rbac_perms = {
-        'GET': 'rbac.view_dashboard'
+        'GET': 'rbac.view_audit | rbac.view_console'
    }

    def get(self, request, *args, **kwargs):
--- a/apps/rbac/migrations/0005_auto_20220307_1524.py
+++ b/apps/rbac/migrations/0005_auto_20220307_1524.py
@ -12,6 +12,6 @@ class Migration(migrations.Migration):
    operations = [
        migrations.AlterModelOptions(
            name='menupermission',
-            options={'default_permissions': [], 'permissions': [('view_dashboard', 'Can view resource statistics'), ('view_console', 'Can view console view'), ('view_audit', 'Can view audit view'), ('view_workspace', 'Can view workspace view'), ('view_webterminal', 'Can view web terminal'), ('view_filemanager', 'Can view file manager')], 'verbose_name': 'Menu permission'},
+            options={'default_permissions': [], 'permissions': [('view_console', 'Can view console view'), ('view_audit', 'Can view audit view'), ('view_workspace', 'Can view workspace view'), ('view_webterminal', 'Can view web terminal'), ('view_filemanager', 'Can view file manager')], 'verbose_name': 'Menu permission'},
        ),
    ]
--- a/apps/rbac/migrations/0006_auto_20220310_0616.py
+++ b/apps/rbac/migrations/0006_auto_20220310_0616.py
@ -12,6 +12,6 @@ class Migration(migrations.Migration):
    operations = [
        migrations.AlterModelOptions(
            name='menupermission',
-            options={'default_permissions': [], 'permissions': [('view_console', 'Can view console view'), ('view_audit', 'Can view audit view'), ('view_workspace', 'Can view workspace view'), ('view_webterminal', 'Can view web terminal'), ('view_filemanager', 'Can view file manager'), ('view_dashboard', 'Can view dashboard')], 'verbose_name': 'Menu permission'},
+            options={'default_permissions': [], 'permissions': [('view_console', 'Can view console view'), ('view_audit', 'Can view audit view'), ('view_workspace', 'Can view workspace view'), ('view_webterminal', 'Can view web terminal'), ('view_filemanager', 'Can view file manager') ], 'verbose_name': 'Menu permission'},
        ),
    ]
--- a/apps/rbac/models/menu.py
+++ b/apps/rbac/models/menu.py
@ -17,5 +17,4 @@ class MenuPermission(models.Model):
            ('view_workspace', _('Can view workspace view')),
            ('view_webterminal', _('Can view web terminal')),
            ('view_filemanager', _('Can view file manager')),
-            ('view_dashboard', _('Can view dashboard')),
        ]
--- a/apps/rbac/tree.py
+++ b/apps/rbac/tree.py
@ -98,7 +98,14 @@ special_pid_mapper = {
    "perms.view_mydatabaseapp": "my_apps",
    "perms.connect_mydatabaseapp": "my_apps",
    "xpack.interface": "view_setting",
-    "settings.change_terminal": "terminal_node"
+    "settings.change_terminal": "terminal_node",
+    "settings.view_setting": "view_setting",
+    "settings.change_setting": "view_setting",
+    "rbac.view_console": "view_console",
+    "rbac.view_audit": "view_audit",
+    "rbac.view_workspace": "view_workspace",
+    "rbac.view_webterminal": "view_workspace",
+    "rbac.view_filemanager": "view_workspace",
 }

 verbose_name_mapper = {
@ -115,6 +122,32 @@ xpack_nodes = [
 ]


+def _sort_action(node):
+    value = 0
+
+    if 'view' in node.title:
+        value += 2
+    elif 'add' in node.title:
+        value += 4
+    elif 'change' in node.title:
+        value += 6
+    elif 'delete' in node.title:
+        value += 8
+    else:
+        value += 10
+    return value
+
+
+def sort_nodes(node):
+    value = 0
+
+    if node.isParent:
+        value += 50
+    else:
+        value += _sort_action(node)
+    return value
+
+
 class PermissionTreeUtil:
    get_permissions: Callable

@ -122,7 +155,7 @@ class PermissionTreeUtil:
        self.permissions = self.prefetch_permissions(permissions)
        self.all_permissions = self.prefetch_permissions(
            Permission.get_permissions(scope)
-        ).order_by('-codename')
+        )
        self.check_disabled = check_disabled
        self.total_counts = defaultdict(int)
        self.checked_counts = defaultdict(int)
@ -323,6 +356,8 @@ class PermissionTreeUtil:
        if not node_data.get('title'):
            node_data['title'] = node_data['name']
        node = TreeNode(**node_data)
+        if settings.DEBUG:
+            node.name += ('-' + node.id)
        node.name += f'({checked_count}/{total_count})'
        return node

@ -367,12 +402,12 @@ class PermissionTreeUtil:
        return nodes

    def create_tree_nodes(self):
-        nodes = [self._create_root_tree_node()]
-        perms_nodes = self._create_perms_nodes()
-        models_nodes = self._create_models_nodes()
-        apps_nodes = self.create_apps_nodes()
-        extra_nodes = self._create_extra_nodes()
-        views_nodes = self._create_views_node()
+        nodes = self._create_perms_nodes()
+        nodes += self._create_models_nodes()
+        nodes += self.create_apps_nodes()
+        nodes += self._create_extra_nodes()
+        nodes += self._create_views_node()
+        nodes += [self._create_root_tree_node()]

-        nodes += views_nodes + apps_nodes + models_nodes + perms_nodes + extra_nodes
+        nodes.sort(key=sort_nodes)
        return nodes
--- a/apps/settings/migrations/0005_auto_20220310_0616.py
+++ b/apps/settings/migrations/0005_auto_20220310_0616.py
@ -12,6 +12,6 @@ class Migration(migrations.Migration):
    operations = [
        migrations.AlterModelOptions(
            name='setting',
-            options={'permissions': [('change_basic', 'Can change basic setting'), ('change_email', 'Can change email setting'), ('change_auth', 'Can change auth setting'), ('change_sms', 'Can change sms setting'), ('change_security', 'Can change security setting'), ('change_clean', 'Can change clean setting'), ('change_other', 'Can change other setting'), ('change_terminal_basic_setting', 'Can change terminal basic setting')], 'verbose_name': 'System setting'},
+            options={'permissions': [('change_email', 'Can change email setting'), ('change_auth', 'Can change auth setting'), ('change_systemmsgsubscription', 'Can sys msg sub setting'), ('change_sms', 'Can change sms setting'), ('change_security', 'Can change security setting'), ('change_clean', 'Can change clean setting'), ('change_interface', 'Can change interface setting'), ('change_license', 'Can change license setting'), ('change_terminal', 'Can change terminal setting'), ('change_other', 'Can change other setting')], 'verbose_name': 'System setting'},
        ),
    ]
--- a/apps/settings/migrations/0006_auto_20220310_1952.py
+++ b/apps/settings/migrations/0006_auto_20220310_1952.py
@ -1,17 +0,0 @@
-# Generated by Django 3.1.14 on 2022-03-10 11:52
-
-from django.db import migrations
-
-
-class Migration(migrations.Migration):
-
-    dependencies = [
-        ('settings', '0005_auto_20220310_0616'),
-    ]
-
-    operations = [
-        migrations.AlterModelOptions(
-            name='setting',
-            options={'permissions': [('change_basic', 'Can change basic setting'), ('change_email', 'Can change email setting'), ('change_auth', 'Can change auth setting'), ('change_sms', 'Can change sms setting'), ('change_security', 'Can change security setting'), ('change_clean', 'Can change clean setting'), ('change_other', 'Can change other setting'), ('change_interface', 'Can change interface setting'), ('change_license', 'Can change license setting'), ('change_terminal_basic_setting', 'Can change terminal basic setting')], 'verbose_name': 'System setting'},
-        ),
-    ]
--- a/apps/settings/migrations/0007_auto_20220310_2006.py
+++ b/apps/settings/migrations/0007_auto_20220310_2006.py
@ -1,17 +0,0 @@
-# Generated by Django 3.1.14 on 2022-03-10 12:06
-
-from django.db import migrations
-
-
-class Migration(migrations.Migration):
-
-    dependencies = [
-        ('settings', '0006_auto_20220310_1952'),
-    ]
-
-    operations = [
-        migrations.AlterModelOptions(
-            name='setting',
-            options={'permissions': [('change_basic', 'Can change basic setting'), ('change_email', 'Can change email setting'), ('change_auth', 'Can change auth setting'), ('change_sys_msg_sub', 'Can sys msg sub setting'), ('change_sms', 'Can change sms setting'), ('change_security', 'Can change security setting'), ('change_clean', 'Can change clean setting'), ('change_interface', 'Can change interface setting'), ('change_license', 'Can change license setting'), ('change_terminal', 'Can change terminal setting'), ('change_other', 'Can change other setting')], 'verbose_name': 'System setting'},
-        ),
-    ]
--- a/apps/settings/models.py
+++ b/apps/settings/models.py
@ -139,7 +139,6 @@ class Setting(models.Model):
        db_table = "settings_setting"
        verbose_name = _("System setting")
        permissions = [
-            ('change_basic', _('Can change basic setting')),
            ('change_email', _('Can change email setting')),
            ('change_auth', _('Can change auth setting')),
            ('change_systemmsgsubscription', _('Can sys msg sub setting')),
--- a/utils/clean_db_content_types.py
+++ b/utils/clean_db_content_types.py
@ -53,9 +53,11 @@ def clean_db_content_types():
        ('applications', 'remoteapp', 'view_remoteapp'),

        ('settings', 'setting', 'change_terminal_basic_setting'),
-        ('rbac', 'menupermission', 'view_resourcestatistics'),
-
-
+        ('settings', 'setting', 'change_sys_msg_sub'),
+        ('settings', 'setting', 'change_basic'),
+        ('rbac', 'menupermission', 'view_userview'),
+        ('rbac', 'menupermission', 'view_adminview'),
+        ('rbac', 'menupermission', 'view_auditview'),
    ]
    for app, model, codename in permissions_delete_required:
        print('delete {}.{} ({})'.format(app, codename, model))