perf: 修改 perm tree

apps/jumpserver/api.py

@@ -214,7 +214,7 @@ class DatesLoginMetricMixin:
 class IndexApi(DatesLoginMetricMixin, APIView):
     http_method_names = ['get']
     rbac_perms = {
-        'GET': 'rbac.view_dashboard'
+        'GET': 'rbac.view_audit | rbac.view_console'
     }
 
     def get(self, request, *args, **kwargs):

apps/rbac/migrations/0005_auto_20220307_1524.py

@@ -12,6 +12,6 @@ class Migration(migrations.Migration):
     operations = [
         migrations.AlterModelOptions(
             name='menupermission',
-            options={'default_permissions': [], 'permissions': [('view_dashboard', 'Can view resource statistics'), ('view_console', 'Can view console view'), ('view_audit', 'Can view audit view'), ('view_workspace', 'Can view workspace view'), ('view_webterminal', 'Can view web terminal'), ('view_filemanager', 'Can view file manager')], 'verbose_name': 'Menu permission'},
+            options={'default_permissions': [], 'permissions': [('view_console', 'Can view console view'), ('view_audit', 'Can view audit view'), ('view_workspace', 'Can view workspace view'), ('view_webterminal', 'Can view web terminal'), ('view_filemanager', 'Can view file manager')], 'verbose_name': 'Menu permission'},
         ),
     ]

apps/rbac/migrations/0006_auto_20220310_0616.py

@@ -12,6 +12,6 @@ class Migration(migrations.Migration):
     operations = [
         migrations.AlterModelOptions(
             name='menupermission',
-            options={'default_permissions': [], 'permissions': [('view_console', 'Can view console view'), ('view_audit', 'Can view audit view'), ('view_workspace', 'Can view workspace view'), ('view_webterminal', 'Can view web terminal'), ('view_filemanager', 'Can view file manager'), ('view_dashboard', 'Can view dashboard')], 'verbose_name': 'Menu permission'},
+            options={'default_permissions': [], 'permissions': [('view_console', 'Can view console view'), ('view_audit', 'Can view audit view'), ('view_workspace', 'Can view workspace view'), ('view_webterminal', 'Can view web terminal'), ('view_filemanager', 'Can view file manager') ], 'verbose_name': 'Menu permission'},
         ),
     ]

apps/rbac/models/menu.py

@@ -17,5 +17,4 @@ class MenuPermission(models.Model):
             ('view_workspace', _('Can view workspace view')),
             ('view_webterminal', _('Can view web terminal')),
             ('view_filemanager', _('Can view file manager')),
-            ('view_dashboard', _('Can view dashboard')),
         ]

apps/rbac/tree.py

@@ -98,7 +98,14 @@ special_pid_mapper = {
     "perms.view_mydatabaseapp": "my_apps",
     "perms.connect_mydatabaseapp": "my_apps",
     "xpack.interface": "view_setting",
-    "settings.change_terminal": "terminal_node"
+    "settings.change_terminal": "terminal_node",
+    "settings.view_setting": "view_setting",
+    "settings.change_setting": "view_setting",
+    "rbac.view_console": "view_console",
+    "rbac.view_audit": "view_audit",
+    "rbac.view_workspace": "view_workspace",
+    "rbac.view_webterminal": "view_workspace",
+    "rbac.view_filemanager": "view_workspace",
 }
 
 verbose_name_mapper = {
@@ -115,6 +122,32 @@ xpack_nodes = [
 ]
 
 
+def _sort_action(node):
+    value = 0
+
+    if 'view' in node.title:
+        value += 2
+    elif 'add' in node.title:
+        value += 4
+    elif 'change' in node.title:
+        value += 6
+    elif 'delete' in node.title:
+        value += 8
+    else:
+        value += 10
+    return value
+
+
+def sort_nodes(node):
+    value = 0
+
+    if node.isParent:
+        value += 50
+    else:
+        value += _sort_action(node)
+    return value
+
+
 class PermissionTreeUtil:
     get_permissions: Callable
 
@@ -122,7 +155,7 @@ class PermissionTreeUtil:
         self.permissions = self.prefetch_permissions(permissions)
         self.all_permissions = self.prefetch_permissions(
             Permission.get_permissions(scope)
-        ).order_by('-codename')
+        )
         self.check_disabled = check_disabled
         self.total_counts = defaultdict(int)
         self.checked_counts = defaultdict(int)
@@ -323,6 +356,8 @@ class PermissionTreeUtil:
         if not node_data.get('title'):
             node_data['title'] = node_data['name']
         node = TreeNode(**node_data)
+        if settings.DEBUG:
+            node.name += ('-' + node.id)
         node.name += f'({checked_count}/{total_count})'
         return node
 
@@ -367,12 +402,12 @@ class PermissionTreeUtil:
         return nodes
 
     def create_tree_nodes(self):
-        nodes = [self._create_root_tree_node()]
+        nodes = self._create_perms_nodes()
-        perms_nodes = self._create_perms_nodes()
+        nodes += self._create_models_nodes()
-        models_nodes = self._create_models_nodes()
+        nodes += self.create_apps_nodes()
-        apps_nodes = self.create_apps_nodes()
+        nodes += self._create_extra_nodes()
-        extra_nodes = self._create_extra_nodes()
+        nodes += self._create_views_node()
-        views_nodes = self._create_views_node()
+        nodes += [self._create_root_tree_node()]
 
-        nodes += views_nodes + apps_nodes + models_nodes + perms_nodes + extra_nodes
+        nodes.sort(key=sort_nodes)
         return nodes

apps/settings/migrations/0005_auto_20220310_0616.py

@@ -12,6 +12,6 @@ class Migration(migrations.Migration):
     operations = [
         migrations.AlterModelOptions(
             name='setting',
-            options={'permissions': [('change_basic', 'Can change basic setting'), ('change_email', 'Can change email setting'), ('change_auth', 'Can change auth setting'), ('change_sms', 'Can change sms setting'), ('change_security', 'Can change security setting'), ('change_clean', 'Can change clean setting'), ('change_other', 'Can change other setting'), ('change_terminal_basic_setting', 'Can change terminal basic setting')], 'verbose_name': 'System setting'},
+            options={'permissions': [('change_email', 'Can change email setting'), ('change_auth', 'Can change auth setting'), ('change_systemmsgsubscription', 'Can sys msg sub setting'), ('change_sms', 'Can change sms setting'), ('change_security', 'Can change security setting'), ('change_clean', 'Can change clean setting'), ('change_interface', 'Can change interface setting'), ('change_license', 'Can change license setting'), ('change_terminal', 'Can change terminal setting'), ('change_other', 'Can change other setting')], 'verbose_name': 'System setting'},
         ),
     ]

apps/settings/migrations/0006_auto_20220310_1952.py

@@ -1,17 +0,0 @@
-# Generated by Django 3.1.14 on 2022-03-10 11:52
-
-from django.db import migrations
-
-
-class Migration(migrations.Migration):
-
-    dependencies = [
-        ('settings', '0005_auto_20220310_0616'),
-    ]
-
-    operations = [
-        migrations.AlterModelOptions(
-            name='setting',
-            options={'permissions': [('change_basic', 'Can change basic setting'), ('change_email', 'Can change email setting'), ('change_auth', 'Can change auth setting'), ('change_sms', 'Can change sms setting'), ('change_security', 'Can change security setting'), ('change_clean', 'Can change clean setting'), ('change_other', 'Can change other setting'), ('change_interface', 'Can change interface setting'), ('change_license', 'Can change license setting'), ('change_terminal_basic_setting', 'Can change terminal basic setting')], 'verbose_name': 'System setting'},
-        ),
-    ]

apps/settings/migrations/0007_auto_20220310_2006.py

@@ -1,17 +0,0 @@
-# Generated by Django 3.1.14 on 2022-03-10 12:06
-
-from django.db import migrations
-
-
-class Migration(migrations.Migration):
-
-    dependencies = [
-        ('settings', '0006_auto_20220310_1952'),
-    ]
-
-    operations = [
-        migrations.AlterModelOptions(
-            name='setting',
-            options={'permissions': [('change_basic', 'Can change basic setting'), ('change_email', 'Can change email setting'), ('change_auth', 'Can change auth setting'), ('change_sys_msg_sub', 'Can sys msg sub setting'), ('change_sms', 'Can change sms setting'), ('change_security', 'Can change security setting'), ('change_clean', 'Can change clean setting'), ('change_interface', 'Can change interface setting'), ('change_license', 'Can change license setting'), ('change_terminal', 'Can change terminal setting'), ('change_other', 'Can change other setting')], 'verbose_name': 'System setting'},
-        ),
-    ]

apps/settings/models.py

@@ -139,7 +139,6 @@ class Setting(models.Model):
         db_table = "settings_setting"
         verbose_name = _("System setting")
         permissions = [
-            ('change_basic', _('Can change basic setting')),
             ('change_email', _('Can change email setting')),
             ('change_auth', _('Can change auth setting')),
             ('change_systemmsgsubscription', _('Can sys msg sub setting')),

utils/clean_db_content_types.py

@@ -53,9 +53,11 @@ def clean_db_content_types():
         ('applications', 'remoteapp', 'view_remoteapp'),
 
         ('settings', 'setting', 'change_terminal_basic_setting'),
-        ('rbac', 'menupermission', 'view_resourcestatistics'),
+        ('settings', 'setting', 'change_sys_msg_sub'),
-
+        ('settings', 'setting', 'change_basic'),
-
+        ('rbac', 'menupermission', 'view_userview'),
+        ('rbac', 'menupermission', 'view_adminview'),
+        ('rbac', 'menupermission', 'view_auditview'),
     ]
     for app, model, codename in permissions_delete_required:
         print('delete {}.{} ({})'.format(app, codename, model))