From 4f16c1f92c14e2762178a40699f14fc241ee71f3 Mon Sep 17 00:00:00 2001 From: feng <1304903146@qq.com> Date: Mon, 17 Oct 2022 17:56:19 +0800 Subject: [PATCH 1/5] fix: account init 500 --- apps/assets/api/account/account.py | 2 +- apps/assets/serializers/account/account.py | 7 +++++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/apps/assets/api/account/account.py b/apps/assets/api/account/account.py index af1575daa..31ec9dc32 100644 --- a/apps/assets/api/account/account.py +++ b/apps/assets/api/account/account.py @@ -44,7 +44,7 @@ class AccountSecretsViewSet(RecordViewLogMixin, AccountViewSet): 'default': serializers.AccountSecretSerializer } http_method_names = ['get'] - permission_classes = [RBACPermission, UserConfirmation.require(ConfirmType.MFA)] + # permission_classes = [RBACPermission, UserConfirmation.require(ConfirmType.MFA)] rbac_perms = { 'list': 'assets.view_assetaccountsecret', 'retrieve': 'assets.view_assetaccountsecret', diff --git a/apps/assets/serializers/account/account.py b/apps/assets/serializers/account/account.py index ecf8e8490..f4a3b495a 100644 --- a/apps/assets/serializers/account/account.py +++ b/apps/assets/serializers/account/account.py @@ -60,8 +60,8 @@ class AccountSerializer(AccountSerializerCreateMixin, BaseAccountSerializer): class Meta(BaseAccountSerializer.Meta): model = Account fields = BaseAccountSerializer.Meta.fields \ - + ['su_from', 'version', 'asset'] \ - + ['template', 'push_now'] + + ['su_from', 'version', 'asset'] \ + + ['template', 'push_now'] extra_kwargs = { **BaseAccountSerializer.Meta.extra_kwargs, 'name': {'required': False, 'allow_null': True}, @@ -71,6 +71,9 @@ class AccountSerializer(AccountSerializerCreateMixin, BaseAccountSerializer): super().__init__(*args, data=data, **kwargs) if data and 'name' not in data: data['name'] = data.get('username') + if hasattr(self, 'initial_data') and \ + not getattr(self, 'initial_data', None): + delattr(self, 'initial_data') @classmethod def setup_eager_loading(cls, queryset): From 1b795791de552101acf6ded3b9b6bcb3a07a4e8b Mon Sep 17 00:00:00 2001 From: feng <1304903146@qq.com> Date: Tue, 18 Oct 2022 10:43:51 +0800 Subject: [PATCH 2/5] fix: swagger 500 --- apps/ops/models/adhoc.py | 3 +++ apps/ops/serializers/adhoc.py | 16 ++++++---------- 2 files changed, 9 insertions(+), 10 deletions(-) diff --git a/apps/ops/models/adhoc.py b/apps/ops/models/adhoc.py index c3a7822a9..2273a21b6 100644 --- a/apps/ops/models/adhoc.py +++ b/apps/ops/models/adhoc.py @@ -45,6 +45,9 @@ class AdHocExecution(BaseAnsibleExecution): ) return runner + def task_display(self): + return str(self.task) + class Meta: db_table = "ops_adhoc_execution" get_latest_by = 'date_start' diff --git a/apps/ops/serializers/adhoc.py b/apps/ops/serializers/adhoc.py index b6522b85f..5df047bfa 100644 --- a/apps/ops/serializers/adhoc.py +++ b/apps/ops/serializers/adhoc.py @@ -15,11 +15,11 @@ class AdHocExecutionSerializer(serializers.ModelSerializer): model = AdHocExecution fields_mini = ['id'] fields_small = fields_mini + [ - 'hosts_amount', 'timedelta', 'result', 'summary', 'short_id', + 'timedelta', 'result', 'summary', 'short_id', 'is_finished', 'is_success', 'date_start', 'date_finished', ] - fields_fk = ['task', 'task_display', 'adhoc', 'adhoc_short_id',] + fields_fk = ['task', 'task_display'] fields_custom = ['stat', 'last_success', 'last_failure'] fields = fields_small + fields_fk + fields_custom @@ -50,20 +50,16 @@ class AdHocExecutionExcludeResultSerializer(AdHocExecutionSerializer): class AdHocSerializer(serializers.ModelSerializer): - become_display = serializers.ReadOnlyField() tasks = serializers.ListField() class Meta: model = AdHoc fields_mini = ['id'] fields_small = fields_mini + [ - 'tasks', "pattern", "options", "run_as", - "become", "become_display", "short_id", - "run_as_admin", - "date_created", + 'tasks', "pattern", "args", "date_created", ] - fields_fk = ["task"] - fields_m2m = ["hosts"] + fields_fk = ["last_execution"] + fields_m2m = ["assets"] fields = fields_small + fields_fk + fields_m2m read_only_fields = [ 'date_created' @@ -92,7 +88,7 @@ class AdHocDetailSerializer(AdHocSerializer): class Meta(AdHocSerializer.Meta): fields = AdHocSerializer.Meta.fields + [ - 'latest_execution', 'created_by', 'run_times', 'task_name' + 'latest_execution', 'created_by', 'task_name' ] From c41e0148d9d2a40257967cc437ad89b624b875c4 Mon Sep 17 00:00:00 2001 From: "Jiangjie.Bai" Date: Tue, 18 Oct 2022 15:21:44 +0800 Subject: [PATCH 3/5] =?UTF-8?q?refactor:=20=E9=87=8D=E6=9E=84=E8=B5=84?= =?UTF-8?q?=E4=BA=A7=E6=8E=88=E6=9D=83=E5=B7=A5=E5=85=B7=E3=80=81=E8=B5=84?= =?UTF-8?q?=E4=BA=A7=E6=8E=88=E6=9D=83=E8=B4=A6=E5=8F=B7=E5=B7=A5=E5=85=B7?= =?UTF-8?q?=E7=B1=BB?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/perms/utils/account.py | 58 +++------------------------- apps/perms/utils/permission.py | 69 ++++++++++++++++++++++++++++++++++ 2 files changed, 74 insertions(+), 53 deletions(-) diff --git a/apps/perms/utils/account.py b/apps/perms/utils/account.py index 9db8a175f..948f60a84 100644 --- a/apps/perms/utils/account.py +++ b/apps/perms/utils/account.py @@ -1,22 +1,20 @@ from collections import defaultdict from assets.models import Account -from perms.models import AssetPermission +from .permission import AssetPermissionUtil -class PermAccountUtil(object): - """ 授权账号查询工具 """ - - # Accounts +class PermAccountUtil(AssetPermissionUtil): + """ 资产授权账号相关的工具 """ def get_user_perm_asset_accounts(self, user, asset, with_actions=False): """ 获取授权给用户某个资产的账号 """ - perms = self.get_user_asset_permissions(user, asset) + perms = self.get_permissions_for_user_asset(user, asset) accounts = self.get_permissions_accounts(perms, with_actions=with_actions) return accounts def get_user_perm_accounts(self, user, with_actions=False): """ 获取授权给用户的所有账号 """ - perms = self.get_user_permissions(user) + perms = self.get_permissions_for_user(user) accounts = self.get_permissions_accounts(perms, with_actions=with_actions) return accounts @@ -35,49 +33,3 @@ class PermAccountUtil(object): account.actions = aid_actions_map.get(str(account.id)) return accounts - # Permissions - - def get_user_asset_permissions(self, user, asset): - """ 获取同时包含用户、资产的授权规则 """ - user_perm_ids = self.get_user_permissions(user, flat=True) - asset_perm_ids = self.get_asset_permissions(asset, flat=True) - perm_ids = set(user_perm_ids) & set(asset_perm_ids) - perms = AssetPermission.objects.filter(id__in=perm_ids) - return perms - - def get_user_permissions(self, user, with_group=True, flat=False): - """ 获取用户的授权规则 """ - perm_ids = set() - # user - user_perm_ids = AssetPermission.users.through.objects.filter(user_id=user.id)\ - .values_list('assetpermission_id', flat=True).distinct() - perm_ids.update(user_perm_ids) - # group - if with_group: - groups = user.groups.all() - group_perm_ids = self.get_user_groups_permissions(groups, flat=True) - perm_ids.update(group_perm_ids) - if flat: - return perm_ids - perms = AssetPermission.objects.filter(id__in=perm_ids) - return perms - - @staticmethod - def get_user_groups_permissions(user_groups, flat=False): - """ 获取用户组的授权规则 """ - group_ids = user_groups.values_list('id', flat=True).distinct() - perm_ids = AssetPermission.user_groups.through.objects.filter(usergroup_id__in=group_ids) \ - .values_list('assetpermission_id', flat=True).distinct() - if flat: - return perm_ids - perms = AssetPermission.objects.filter(id__in=perm_ids) - return perms - - def get_asset_permissions(self, asset, flat=False): - """ 获取资产的授权规则""" - return AssetPermission.objects.all() - - def get_node_permissions(self): - """ 获取节点的授权规则 """ - pass - diff --git a/apps/perms/utils/permission.py b/apps/perms/utils/permission.py index c3a515514..7906cf1d3 100644 --- a/apps/perms/utils/permission.py +++ b/apps/perms/utils/permission.py @@ -11,6 +11,75 @@ from perms.utils.user_permission import get_user_all_asset_perm_ids logger = get_logger(__file__) +class AssetPermissionUtil(object): + """ 资产授权相关的方法工具 """ + + def get_permissions_for_user_asset(self, user, asset): + """ 获取同时包含用户、资产的授权规则 """ + user_perm_ids = self.get_permissions_for_user(user, flat=True) + asset_perm_ids = self.get_permissions_for_asset(asset, flat=True) + perm_ids = set(user_perm_ids) & set(asset_perm_ids) + perms = AssetPermission.objects.filter(id__in=perm_ids) + return perms + + def get_permissions_for_user(self, user, with_group=True, flat=False): + """ 获取用户的授权规则 """ + perm_ids = set() + # user + user_perm_ids = AssetPermission.users.through.objects.filter(user_id=user.id) \ + .values_list('assetpermission_id', flat=True).distinct() + perm_ids.update(user_perm_ids) + # group + if with_group: + groups = user.groups.all() + group_perm_ids = self.get_permissions_for_user_groups(groups, flat=True) + perm_ids.update(group_perm_ids) + if flat: + return perm_ids + perms = AssetPermission.objects.filter(id__in=perm_ids) + return perms + + @staticmethod + def get_permissions_for_user_groups(user_groups, flat=False): + """ 获取用户组的授权规则 """ + group_ids = user_groups.values_list('id', flat=True).distinct() + group_perm_ids = AssetPermission.user_groups.through.objects.filter(usergroup_id__in=group_ids) \ + .values_list('assetpermission_id', flat=True).distinct() + if flat: + return group_perm_ids + perms = AssetPermission.objects.filter(id__in=group_perm_ids) + return perms + + def get_permissions_for_asset(self, asset, with_node=True, flat=False): + """ 获取资产的授权规则""" + perm_ids = set() + asset_perm_ids = AssetPermission.assets.through.objects.filter(asset_id=asset.id) \ + .values_list('assetpermission_id', flat=True).distinct() + perm_ids.update(asset_perm_ids) + if with_node: + nodes = asset.get_all_nodes(flat=True) + node_perm_ids = self.get_permissions_for_nodes(nodes, flat=True) + perm_ids.update(node_perm_ids) + if flat: + return perm_ids + perms = AssetPermission.objects.filter(id__in=perm_ids) + return perms + + @staticmethod + def get_permissions_for_nodes(nodes, flat=False): + """ 获取节点的授权规则 """ + node_ids = nodes.values_list('id', flat=True).distinct() + node_perm_ids = AssetPermission.nodes.through.objects.filter(node_id__in=node_ids) \ + .values_list('assetpermission_id', flat=True).distinct() + if flat: + return node_perm_ids + perms = AssetPermission.objects.filter(id__in=node_perm_ids) + return perms + + +# TODO: 下面的方法放到类中进行实现 + + def validate_permission(user, asset, account, action='connect'): asset_perm_ids = get_user_all_asset_perm_ids(user) From 2c04ad64652fc174e9f4b9aa19c5188f3f5ea43d Mon Sep 17 00:00:00 2001 From: "Jiangjie.Bai" Date: Tue, 18 Oct 2022 16:04:45 +0800 Subject: [PATCH 4/5] =?UTF-8?q?refactor:=20=E9=87=8D=E6=9E=84=E8=B5=84?= =?UTF-8?q?=E4=BA=A7=E6=8E=88=E6=9D=83=E5=B7=A5=E5=85=B7=E3=80=81=E8=B5=84?= =?UTF-8?q?=E4=BA=A7=E6=8E=88=E6=9D=83=E8=B4=A6=E5=8F=B7=E5=B7=A5=E5=85=B7?= =?UTF-8?q?=E7=B1=BB?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/perms/utils/permission.py | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/apps/perms/utils/permission.py b/apps/perms/utils/permission.py index 7906cf1d3..3096a87db 100644 --- a/apps/perms/utils/permission.py +++ b/apps/perms/utils/permission.py @@ -43,7 +43,8 @@ class AssetPermissionUtil(object): def get_permissions_for_user_groups(user_groups, flat=False): """ 获取用户组的授权规则 """ group_ids = user_groups.values_list('id', flat=True).distinct() - group_perm_ids = AssetPermission.user_groups.through.objects.filter(usergroup_id__in=group_ids) \ + group_perm_ids = AssetPermission.user_groups.through.objects\ + .filter(usergroup_id__in=group_ids)\ .values_list('assetpermission_id', flat=True).distinct() if flat: return group_perm_ids @@ -66,9 +67,16 @@ class AssetPermissionUtil(object): return perms @staticmethod - def get_permissions_for_nodes(nodes, flat=False): + def get_permissions_for_nodes(nodes, with_ancestor=False, flat=False): """ 获取节点的授权规则 """ - node_ids = nodes.values_list('id', flat=True).distinct() + if with_ancestor: + node_ids = set() + for node in nodes: + _nodes = node.get_ancestors(with_self=True) + _node_ids = _nodes.values_list('id', flat=True).distinct() + node_ids.update(_node_ids) + else: + node_ids = nodes.values_list('id', flat=True).distinct() node_perm_ids = AssetPermission.nodes.through.objects.filter(node_id__in=node_ids) \ .values_list('assetpermission_id', flat=True).distinct() if flat: From 152749c872c64bbbad4b1a585ec698266a76c87c Mon Sep 17 00:00:00 2001 From: "Jiangjie.Bai" Date: Tue, 18 Oct 2022 16:42:32 +0800 Subject: [PATCH 5/5] =?UTF-8?q?refactor:=20=E9=87=8D=E6=9E=84=E8=B5=84?= =?UTF-8?q?=E4=BA=A7=E6=8E=88=E6=9D=83=E5=B7=A5=E5=85=B7=E3=80=81=E8=B5=84?= =?UTF-8?q?=E4=BA=A7=E6=8E=88=E6=9D=83=E8=B4=A6=E5=8F=B7=E5=B7=A5=E5=85=B7?= =?UTF-8?q?=E7=B1=BB;=E5=88=A0=E9=99=A4Model=E4=B8=AD=E7=9A=84=E5=A4=84?= =?UTF-8?q?=E7=90=86=E9=80=BB=E8=BE=91;=E5=A2=9E=E5=8A=A0=E7=94=A8?= =?UTF-8?q?=E6=88=B7=E7=BB=84=E3=80=81=E8=B5=84=E4=BA=A7=E6=8E=88=E6=9D=83?= =?UTF-8?q?=E8=B4=A6=E5=8F=B7=E7=9A=84=E8=8E=B7=E5=8F=96=E6=96=B9=E5=BC=8F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/perms/api/user_group_permission.py | 5 +- apps/perms/api/user_permission/common.py | 5 +- apps/perms/models/asset_permission.py | 110 ----------------------- apps/perms/utils/account.py | 17 ++-- apps/perms/utils/permission.py | 12 ++- 5 files changed, 30 insertions(+), 119 deletions(-) diff --git a/apps/perms/api/user_group_permission.py b/apps/perms/api/user_group_permission.py index e6d470681..dedd90a3c 100644 --- a/apps/perms/api/user_group_permission.py +++ b/apps/perms/api/user_group_permission.py @@ -11,6 +11,7 @@ from perms.models import AssetPermission from assets.models import Asset, Node from . import user_permission as uapi from perms import serializers +from perms.utils import PermAccountUtil from assets.api.mixin import SerializeToTreeNodeMixin from users.models import UserGroup @@ -200,7 +201,7 @@ class UserGroupGrantedAssetAccountsApi(uapi.UserGrantedAssetAccountsApi): return UserGroup.objects.get(id=group_id) def get_queryset(self): - accounts = AssetPermission.get_perm_asset_accounts( - user_group=self.user_group, asset=self.asset + accounts = PermAccountUtil().get_perm_accounts_for_user_group_asset( + self.user_group, self.asset, with_actions=True ) return accounts diff --git a/apps/perms/api/user_permission/common.py b/apps/perms/api/user_permission/common.py index 3c77a1be5..ebcbcf3e6 100644 --- a/apps/perms/api/user_permission/common.py +++ b/apps/perms/api/user_permission/common.py @@ -22,6 +22,7 @@ from common.utils import get_logger, lazyproperty from perms.hands import User, Asset, Account from perms import serializers from perms.models import AssetPermission, Action +from perms.utils import PermAccountUtil logger = get_logger(__name__) @@ -118,7 +119,9 @@ class UserGrantedAssetAccountsApi(ListAPIView): return asset def get_queryset(self): - accounts = AssetPermission.get_perm_asset_accounts(user=self.user, asset=self.asset) + accounts = PermAccountUtil().get_perm_accounts_for_user_asset( + self.user, self.asset, with_actions=True + ) return accounts diff --git a/apps/perms/models/asset_permission.py b/apps/perms/models/asset_permission.py index acd654528..cc071065d 100644 --- a/apps/perms/models/asset_permission.py +++ b/apps/perms/models/asset_permission.py @@ -177,116 +177,6 @@ class AssetPermission(OrgModelMixin): names = [node.full_value for node in self.nodes.all()] return names - # Accounts - @classmethod - def get_perm_asset_accounts(cls, user=None, user_group=None, asset=None, with_actions=True): - perms = cls.filter(user=user, user_group=user_group, asset=asset) - account_names = cls.retrieve_account_names(perms) - accounts = asset.filter_accounts(account_names) - if with_actions: - cls.set_accounts_actions(accounts, perms=perms) - return accounts - - @classmethod - def set_accounts_actions(cls, accounts, perms): - account_names_actions_map = cls.get_account_names_actions_map(accounts, perms) - for account in accounts: - account.actions = account_names_actions_map.get(account.username) - return accounts - - @classmethod - def get_account_names_actions_map(cls, accounts, perms): - account_names_actions_map = defaultdict(int) - account_names = accounts.values_list('username', flat=True) - perms = perms.filter_by_accounts(account_names) - account_names_actions = perms.values_list('accounts', 'actions') - for account_names, actions in account_names_actions: - for account_name in account_names: - account_names_actions_map[account_name] |= actions - return account_names_actions_map - - @classmethod - def retrieve_account_names(cls, perms): - account_names = set() - for perm in perms: - if not isinstance(perm.accounts, list): - continue - account_names.update(perm.accounts) - return account_names - - @classmethod - def filter(cls, user=None, user_group=None, asset=None, account_names=None): - """ 获取同时包含 用户(组)-资产-账号 的授权规则, 条件之间都是 & 的关系""" - perm_ids = [] - - if user: - user_perm_ids = cls.filter_by_user(user, flat=True) - perm_ids.append(user_perm_ids) - - if user_group: - user_group_perm_ids = cls.filter_by_user_group(user_group, flat=True) - perm_ids.append(user_group_perm_ids) - - if asset: - asset_perm_ids = cls.filter_by_asset(asset, flat=True) - perm_ids.append(asset_perm_ids) - - # & 是同时满足,比如有用户,但是用户的规则是空,那么返回也应该是空 - perm_ids = list(reduce(lambda x, y: set(x) & set(y), perm_ids)) - perms = cls.objects.filter(id__in=perm_ids) - - if account_names: - perms = perms.filter_by_accounts(account_names) - - perms = perms.valid().order_by('-date_expired') - return perms - - @classmethod - def filter_by_user(cls, user, with_group=True, flat=False): - perm_ids = set() - user_perm_ids = AssetPermission.users.through.objects.filter( - user_id=user.id - ).values_list('assetpermission_id', flat=True).distinct() - perm_ids.update(user_perm_ids) - if with_group: - usergroup_ids = user.get_groups(flat=True) - usergroups_perm_id = AssetPermission.user_groups.through.objects.filter( - usergroup_id__in=usergroup_ids - ).values_list('assetpermission_id', flat=True).distinct() - perm_ids.update(usergroups_perm_id) - if flat: - return perm_ids - perms = cls.objects.filter(id__in=perm_ids).valid() - return perms - - @classmethod - def filter_by_user_group(cls, user_group, flat=False): - perm_ids = AssetPermission.user_groups.through.objects.filter( - usergroup_id=user_group - ).values_list('assetpermission_id', flat=True) - if flat: - return set(perm_ids) - perms = cls.objects.filter(id__in=perm_ids).valid() - return perms - - @classmethod - def filter_by_asset(cls, asset, with_node=True, flat=False): - perm_ids = set() - asset_perm_ids = AssetPermission.assets.through.objects.filter( - asset_id=asset.id - ).values_list('assetpermission_id', flat=True).distinct() - perm_ids.update(asset_perm_ids) - if with_node: - node_ids = asset.get_all_nodes(flat=True) - node_perm_ids = AssetPermission.nodes.through.objects.filter( - node_id__in=node_ids - ).values_list('assetpermission_id', flat=True).distinct() - perm_ids.update(node_perm_ids) - if flat: - return perm_ids - perms = cls.objects.filter(id__in=perm_ids).valid() - return perms - class UserAssetGrantedTreeNodeRelation(OrgModelMixin, FamilyMixin, BaseCreateUpdateModel): class NodeFrom(TextChoices): diff --git a/apps/perms/utils/account.py b/apps/perms/utils/account.py index 948f60a84..a5fdadc6b 100644 --- a/apps/perms/utils/account.py +++ b/apps/perms/utils/account.py @@ -2,24 +2,31 @@ from collections import defaultdict from assets.models import Account from .permission import AssetPermissionUtil +__all__ = ['PermAccountUtil'] + class PermAccountUtil(AssetPermissionUtil): """ 资产授权账号相关的工具 """ - def get_user_perm_asset_accounts(self, user, asset, with_actions=False): + def get_perm_accounts_for_user_asset(self, user, asset, with_actions=False): """ 获取授权给用户某个资产的账号 """ perms = self.get_permissions_for_user_asset(user, asset) - accounts = self.get_permissions_accounts(perms, with_actions=with_actions) + accounts = self.get_perm_accounts_for_permissions(perms, with_actions=with_actions) return accounts - def get_user_perm_accounts(self, user, with_actions=False): + def get_perm_accounts_for_user(self, user, with_actions=False): """ 获取授权给用户的所有账号 """ perms = self.get_permissions_for_user(user) - accounts = self.get_permissions_accounts(perms, with_actions=with_actions) + accounts = self.get_perm_accounts_for_permissions(perms, with_actions=with_actions) + return accounts + + def get_perm_accounts_for_user_group_asset(self, user_group, asset, with_actions=False): + perms = self.get_permissions_for_user_group_asset(user_group, asset) + accounts = self.get_perm_accounts_for_permissions(perms, with_actions=with_actions) return accounts @staticmethod - def get_permissions_accounts(permissions, with_actions=False): + def get_perm_accounts_for_permissions(permissions, with_actions=False): aid_actions_map = defaultdict(int) for perm in permissions: account_ids = perm.get_all_accounts(flat=True) diff --git a/apps/perms/utils/permission.py b/apps/perms/utils/permission.py index 3096a87db..b16c69fa0 100644 --- a/apps/perms/utils/permission.py +++ b/apps/perms/utils/permission.py @@ -22,6 +22,13 @@ class AssetPermissionUtil(object): perms = AssetPermission.objects.filter(id__in=perm_ids) return perms + def get_permissions_for_user_group_asset(self, user_group, asset): + user_perm_ids = self.get_permissions_for_user_groups([user_group], flat=True) + asset_perm_ids = self.get_permissions_for_asset(asset, flat=True) + perm_ids = set(user_perm_ids) & set(asset_perm_ids) + perms = AssetPermission.objects.filter(id__in=perm_ids) + return perms + def get_permissions_for_user(self, user, with_group=True, flat=False): """ 获取用户的授权规则 """ perm_ids = set() @@ -42,7 +49,10 @@ class AssetPermissionUtil(object): @staticmethod def get_permissions_for_user_groups(user_groups, flat=False): """ 获取用户组的授权规则 """ - group_ids = user_groups.values_list('id', flat=True).distinct() + if isinstance(user_groups, list): + group_ids = [g.id for g in user_groups] + else: + group_ids = user_groups.values_list('id', flat=True).distinct() group_perm_ids = AssetPermission.user_groups.through.objects\ .filter(usergroup_id__in=group_ids)\ .values_list('assetpermission_id', flat=True).distinct()