From 8b8b11ce1e7e7a682ebe5de320cf5b9ee4238591 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E8=80=81=E5=B9=BF?= Date: Sat, 15 Feb 2020 20:49:20 +0800 Subject: [PATCH] =?UTF-8?q?[Update]=20=E6=81=A2=E5=A4=8D=E5=88=B0=E5=8E=9F?= =?UTF-8?q?=E6=9D=A5=E7=9A=84sql=20(#3707)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/perms/api/asset_permission.py | 15 +++++++------ apps/perms/api/user_permission/common.py | 2 ++ apps/perms/models/base.py | 9 ++++---- apps/perms/utils/asset_permission.py | 24 ++++++++------------- apps/perms/utils/database_app_permission.py | 11 +++++----- apps/perms/utils/remote_app_permission.py | 12 +++++------ 6 files changed, 33 insertions(+), 40 deletions(-) diff --git a/apps/perms/api/asset_permission.py b/apps/perms/api/asset_permission.py index 72cab48f1..ff477f5af 100644 --- a/apps/perms/api/asset_permission.py +++ b/apps/perms/api/asset_permission.py @@ -1,9 +1,10 @@ # -*- coding: utf-8 -*- # +from django.db.models import Q from common.permissions import IsOrgAdmin from orgs.mixins.api import OrgModelViewSet -from common.utils import get_object_or_none, union_queryset +from common.utils import get_object_or_none from ..models import AssetPermission from ..hands import ( User, UserGroup, Asset, Node, SystemUser, @@ -109,9 +110,9 @@ class AssetPermissionViewSet(OrgModelViewSet): continue ancestor_keys = Node.get_node_ancestor_keys(key, with_self=True) inherit_all_nodes.update(ancestor_keys) - assets_queryset = queryset.filter(assets__in=assets) - nodes_queryset = queryset.filter(nodes__key__in=inherit_all_nodes) - queryset = union_queryset(assets_queryset, nodes_queryset) + queryset = queryset.filter( + Q(assets__in=assets) | Q(nodes__key__in=inherit_all_nodes) + ).distinct() return queryset def filter_user(self, queryset): @@ -129,9 +130,9 @@ class AssetPermissionViewSet(OrgModelViewSet): queryset = queryset.filter(users=user) return queryset groups = user.groups.all() - users_queryset = queryset.filter(users=user) - groups_queryset = queryset.filter(user_groups__in=groups) - queryset = union_queryset(users_queryset, groups_queryset) + queryset = queryset.filter( + Q(users=user) | Q(user_groups__in=groups) + ).distinct() return queryset def filter_user_group(self, queryset): diff --git a/apps/perms/api/user_permission/common.py b/apps/perms/api/user_permission/common.py index 12469d3da..370a921b4 100644 --- a/apps/perms/api/user_permission/common.py +++ b/apps/perms/api/user_permission/common.py @@ -105,6 +105,7 @@ class UserGrantedAssetSystemUsersApi(UserAssetPermissionMixin, ListAPIView): only_fields = serializers.AssetSystemUserSerializer.Meta.only_fields def get_queryset(self): + import time asset_id = self.kwargs.get('asset_id') asset = get_object_or_404(Asset, id=asset_id) system_users_with_actions = self.util.get_asset_system_users_with_actions(asset) @@ -114,3 +115,4 @@ class UserGrantedAssetSystemUsersApi(UserAssetPermissionMixin, ListAPIView): system_users.append(system_user) system_users.sort(key=lambda x: x.priority) return system_users + diff --git a/apps/perms/models/base.py b/apps/perms/models/base.py index 2885711ae..da40ced9d 100644 --- a/apps/perms/models/base.py +++ b/apps/perms/models/base.py @@ -8,7 +8,7 @@ from django.db.models import Q from django.utils import timezone from orgs.mixins.models import OrgModelMixin -from common.utils import date_expired_default, union_queryset +from common.utils import date_expired_default from orgs.mixins.models import OrgManager @@ -83,8 +83,7 @@ class BasePermission(OrgModelMixin): from users.models import User users_id = self.users.all().values_list('id', flat=True) groups_id = self.user_groups.all().values_list('id', flat=True) - users = User.objects.filter(id__in=users_id) - if groups_id: - groups_users = User.objects.filter(groups__id__in=groups_id) - users = union_queryset(users, groups_users) + users = User.objects.filter( + Q(id__in=users_id) | Q(groups__id__in=groups_id) + ).distinct() return users diff --git a/apps/perms/utils/asset_permission.py b/apps/perms/utils/asset_permission.py index 0f56b0779..3ba5c68d6 100644 --- a/apps/perms/utils/asset_permission.py +++ b/apps/perms/utils/asset_permission.py @@ -9,7 +9,7 @@ from django.db.models import Q from django.conf import settings from orgs.utils import set_to_root_org -from common.utils import get_logger, timeit, lazyproperty, union_queryset +from common.utils import get_logger, timeit, lazyproperty from common.tree import TreeNode from assets.utils import TreeService from ..models import AssetPermission @@ -25,17 +25,12 @@ __all__ = [ def get_user_permissions(user, include_group=True): - permissions = AssetPermission.objects.filter(users=user) if include_group: groups = user.groups.all() - permissions_groups = AssetPermission.objects.filter( - user_groups__in=groups - ) - base_queryset = AssetPermission.get_queryset_with_prefetch() - permissions = union_queryset( - permissions, permissions_groups, base_queryset=base_queryset - ) - return permissions + arg = Q(users=user) | Q(user_groups__in=groups) + else: + arg = Q(users=user) + return AssetPermission.get_queryset_with_prefetch().filter(arg) def get_user_group_permissions(user_group): @@ -45,13 +40,12 @@ def get_user_group_permissions(user_group): def get_asset_permissions(asset, include_node=True): - permissions = AssetPermission.objects.filter(asset=asset) if include_node: nodes = asset.get_all_nodes(flat=True) - base_queryset = AssetPermission.get_queryset_with_prefetch() - permissions_nodes = AssetPermission.objects.filter(nodes__in=nodes) - permissions = union_queryset(permissions, permissions_nodes, base_queryset=base_queryset) - return permissions + arg = Q(assets=asset) | Q(nodes__in=nodes) + else: + arg = Q(assets=asset) + return AssetPermission.objects.valid().filter(arg) def get_node_permissions(node): diff --git a/apps/perms/utils/database_app_permission.py b/apps/perms/utils/database_app_permission.py index 88bbd1eb6..38aac99c1 100644 --- a/apps/perms/utils/database_app_permission.py +++ b/apps/perms/utils/database_app_permission.py @@ -2,10 +2,10 @@ # from django.utils.translation import ugettext as _ +from django.db.models import Q from orgs.utils import set_to_root_org from ..models import DatabaseAppPermission -from common.utils import union_queryset from common.tree import TreeNode from applications.models import DatabaseApp from assets.models import SystemUser @@ -19,13 +19,12 @@ __all__ = [ def get_user_database_app_permissions(user, include_group=True): - permissions = DatabaseAppPermission.objects.all().valid().filter(users=user) if include_group: groups = user.groups.all() - groups_permissions = DatabaseAppPermission.objects.all().valid()\ - .filter(user_groups__in=groups) - permissions = union_queryset(permissions, groups_permissions) - return permissions + arg = Q(users=user) | Q(user_groups__in=groups) + else: + arg = Q(users=user) + return DatabaseAppPermission.objects.all().valid().filter(arg) def get_user_group_database_app_permission(user_group): diff --git a/apps/perms/utils/remote_app_permission.py b/apps/perms/utils/remote_app_permission.py index 9ffab0e61..ea0cb9e4b 100644 --- a/apps/perms/utils/remote_app_permission.py +++ b/apps/perms/utils/remote_app_permission.py @@ -2,9 +2,9 @@ # from django.utils.translation import ugettext as _ +from django.db.models import Q from common.tree import TreeNode -from common.utils import union_queryset from orgs.utils import set_to_root_org from ..models import RemoteAppPermission @@ -18,14 +18,12 @@ __all__ = [ def get_user_remote_app_permissions(user, include_group=True): - permissions = RemoteAppPermission.objects.all().valid().filter(users=user) if include_group: groups = user.groups.all() - groups_permissions = RemoteAppPermission.objects.all().valid().filter( - user_groups__in=groups - ) - permissions = union_queryset(permissions, groups_permissions) - return permissions + arg = Q(users=user) | Q(user_groups__in=groups) + else: + arg = Q(users=user) + return RemoteAppPermission.objects.all().valid().filter(arg) def get_user_group_remote_app_permissions(user_group):