mirror of https://github.com/jumpserver/jumpserver
pref: 修改 perms accounts
parent
22dd9906c7
commit
8e123304ad
|
@ -1,3 +1,5 @@
|
||||||
|
|
||||||
def bit(x):
|
def bit(x):
|
||||||
return 2 ** (x - 1)
|
if x == 0:
|
||||||
|
return 0
|
||||||
|
else:
|
||||||
|
return 2 ** (x - 1)
|
||||||
|
|
|
@ -17,6 +17,9 @@ __all__ = [
|
||||||
|
|
||||||
class UserGrantedAssetAccountsApi(ListAPIView):
|
class UserGrantedAssetAccountsApi(ListAPIView):
|
||||||
serializer_class = serializers.AccountsGrantedSerializer
|
serializer_class = serializers.AccountsGrantedSerializer
|
||||||
|
rbac_perms = (
|
||||||
|
('list', 'perms.view_userassets'),
|
||||||
|
)
|
||||||
|
|
||||||
@lazyproperty
|
@lazyproperty
|
||||||
def user(self) -> User:
|
def user(self) -> User:
|
||||||
|
|
|
@ -1,12 +1,12 @@
|
||||||
from rest_framework.generics import ListAPIView
|
|
||||||
from django.conf import settings
|
from django.conf import settings
|
||||||
|
from rest_framework.generics import ListAPIView
|
||||||
|
|
||||||
from common.utils import get_logger
|
from common.utils import get_logger
|
||||||
from ..mixin import AssetRoleAdminMixin, AssetRoleUserMixin
|
|
||||||
from .mixin import (
|
from .mixin import (
|
||||||
UserAllGrantedAssetsQuerysetMixin, UserDirectGrantedAssetsQuerysetMixin, UserFavoriteGrantedAssetsMixin,
|
UserAllGrantedAssetsQuerysetMixin, UserDirectGrantedAssetsQuerysetMixin, UserFavoriteGrantedAssetsMixin,
|
||||||
UserGrantedNodeAssetsMixin, AssetsSerializerFormatMixin, AssetsTreeFormatMixin,
|
UserGrantedNodeAssetsMixin, AssetsSerializerFormatMixin, AssetsTreeFormatMixin,
|
||||||
)
|
)
|
||||||
|
from ..mixin import AssetRoleAdminMixin, AssetRoleUserMixin
|
||||||
|
|
||||||
__all__ = [
|
__all__ = [
|
||||||
'UserDirectGrantedAssetsApi', 'MyDirectGrantedAssetsApi',
|
'UserDirectGrantedAssetsApi', 'MyDirectGrantedAssetsApi',
|
||||||
|
@ -14,7 +14,8 @@ __all__ = [
|
||||||
'MyFavoriteGrantedAssetsApi', 'UserDirectGrantedAssetsAsTreeApi',
|
'MyFavoriteGrantedAssetsApi', 'UserDirectGrantedAssetsAsTreeApi',
|
||||||
'MyUngroupAssetsAsTreeApi',
|
'MyUngroupAssetsAsTreeApi',
|
||||||
'UserAllGrantedAssetsApi', 'MyAllGrantedAssetsApi', 'MyAllAssetsAsTreeApi',
|
'UserAllGrantedAssetsApi', 'MyAllGrantedAssetsApi', 'MyAllAssetsAsTreeApi',
|
||||||
'UserGrantedNodeAssetsApi', 'MyGrantedNodeAssetsApi',
|
'UserGrantedNodeAssetsApi',
|
||||||
|
'MyGrantedNodeAssetsApi',
|
||||||
]
|
]
|
||||||
|
|
||||||
logger = get_logger(__name__)
|
logger = get_logger(__name__)
|
||||||
|
|
|
@ -1,30 +1,31 @@
|
||||||
|
import time
|
||||||
from collections import defaultdict
|
from collections import defaultdict
|
||||||
from typing import List, Tuple
|
from typing import List, Tuple
|
||||||
import time
|
|
||||||
|
|
||||||
from django.core.cache import cache
|
|
||||||
from django.conf import settings
|
from django.conf import settings
|
||||||
|
from django.core.cache import cache
|
||||||
from django.db.models import Q, QuerySet
|
from django.db.models import Q, QuerySet
|
||||||
from django.utils.translation import gettext as _
|
from django.utils.translation import gettext as _
|
||||||
|
|
||||||
from common.db.models import output_as_string, UnionQuerySet
|
from assets.models import (
|
||||||
from common.utils.common import lazyproperty, timeit
|
Asset, FavoriteAsset, AssetQuerySet, NodeQuerySet
|
||||||
|
)
|
||||||
from assets.utils import NodeAssetsUtil
|
from assets.utils import NodeAssetsUtil
|
||||||
from common.utils import get_logger
|
from common.db.models import output_as_string, UnionQuerySet
|
||||||
from common.decorator import on_transaction_commit
|
from common.decorator import on_transaction_commit
|
||||||
|
from common.utils import get_logger
|
||||||
|
from common.utils.common import lazyproperty, timeit
|
||||||
|
from orgs.models import Organization
|
||||||
from orgs.utils import (
|
from orgs.utils import (
|
||||||
tmp_to_org, current_org,
|
tmp_to_org, current_org,
|
||||||
ensure_in_real_or_default_org, tmp_to_root_org
|
ensure_in_real_or_default_org, tmp_to_root_org
|
||||||
)
|
)
|
||||||
from assets.models import (
|
|
||||||
Asset, FavoriteAsset, AssetQuerySet, NodeQuerySet
|
|
||||||
)
|
|
||||||
from users.models import User
|
|
||||||
from orgs.models import Organization
|
|
||||||
from perms.locks import UserGrantedTreeRebuildLock
|
from perms.locks import UserGrantedTreeRebuildLock
|
||||||
from perms.models import (
|
from perms.models import (
|
||||||
AssetPermission, PermNode, UserAssetGrantedTreeNodeRelation
|
AssetPermission, PermNode, UserAssetGrantedTreeNodeRelation
|
||||||
)
|
)
|
||||||
|
from users.models import User
|
||||||
|
|
||||||
NodeFrom = UserAssetGrantedTreeNodeRelation.NodeFrom
|
NodeFrom = UserAssetGrantedTreeNodeRelation.NodeFrom
|
||||||
NODE_ONLY_FIELDS = ('id', 'key', 'parent_key', 'org_id')
|
NODE_ONLY_FIELDS = ('id', 'key', 'parent_key', 'org_id')
|
||||||
|
|
||||||
|
@ -119,8 +120,7 @@ class UserGrantedTreeRefreshController:
|
||||||
key = cls.key_template.format(user_id=user_id)
|
key = cls.key_template.format(user_id=user_id)
|
||||||
p.srem(key, *org_ids)
|
p.srem(key, *org_ids)
|
||||||
p.execute()
|
p.execute()
|
||||||
logger.info(f'Remove orgs from users built tree: users:{user_ids} '
|
logger.info(f'Remove orgs from users built tree: users:{user_ids} orgs:{org_ids}')
|
||||||
f'orgs:{org_ids}')
|
|
||||||
|
|
||||||
@classmethod
|
@classmethod
|
||||||
def add_need_refresh_orgs_for_users(cls, org_ids, user_ids):
|
def add_need_refresh_orgs_for_users(cls, org_ids, user_ids):
|
||||||
|
@ -205,28 +205,30 @@ class UserGrantedTreeRefreshController:
|
||||||
user = self.user
|
user = self.user
|
||||||
|
|
||||||
with tmp_to_root_org():
|
with tmp_to_root_org():
|
||||||
UserAssetGrantedTreeNodeRelation.objects.filter(user=user)\
|
UserAssetGrantedTreeNodeRelation.objects.filter(user=user) \
|
||||||
.exclude(org_id__in=self.org_ids)\
|
.exclude(org_id__in=self.org_ids) \
|
||||||
.delete()
|
.delete()
|
||||||
|
|
||||||
if force or self.have_need_refresh_orgs():
|
if not force and not self.have_need_refresh_orgs():
|
||||||
with UserGrantedTreeRebuildLock(user_id=user.id):
|
return
|
||||||
if force:
|
|
||||||
orgs = self.orgs
|
|
||||||
self.set_all_orgs_as_built()
|
|
||||||
else:
|
|
||||||
orgs = self.get_need_refresh_orgs_and_fill_up()
|
|
||||||
|
|
||||||
for org in orgs:
|
with UserGrantedTreeRebuildLock(user_id=user.id):
|
||||||
with tmp_to_org(org):
|
if force:
|
||||||
t_start = time.time()
|
orgs = self.orgs
|
||||||
logger.info(f'Rebuild user tree: user={self.user} org={current_org}')
|
self.set_all_orgs_as_built()
|
||||||
utils = UserGrantedTreeBuildUtils(user)
|
else:
|
||||||
utils.rebuild_user_granted_tree()
|
orgs = self.get_need_refresh_orgs_and_fill_up()
|
||||||
logger.info(
|
|
||||||
f'Rebuild user tree ok: cost={time.time() - t_start} '
|
for org in orgs:
|
||||||
f'user={self.user} org={current_org}'
|
with tmp_to_org(org):
|
||||||
)
|
t_start = time.time()
|
||||||
|
logger.info(f'Rebuild user tree: user={self.user} org={current_org}')
|
||||||
|
utils = UserGrantedTreeBuildUtils(user)
|
||||||
|
utils.rebuild_user_granted_tree()
|
||||||
|
logger.info(
|
||||||
|
f'Rebuild user tree ok: cost={time.time() - t_start} '
|
||||||
|
f'user={self.user} org={current_org}'
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
class UserGrantedUtilsBase:
|
class UserGrantedUtilsBase:
|
||||||
|
@ -427,8 +429,8 @@ class UserGrantedTreeBuildUtils(UserGrantedUtilsBase):
|
||||||
for node_id, asset_id in node_asset_pairs:
|
for node_id, asset_id in node_asset_pairs:
|
||||||
if node_id not in node_id_key_mapper:
|
if node_id not in node_id_key_mapper:
|
||||||
continue
|
continue
|
||||||
nkey = node_id_key_mapper[node_id]
|
node_key = node_id_key_mapper[node_id]
|
||||||
nodekey_assetsid_mapper[nkey].add(asset_id)
|
nodekey_assetsid_mapper[node_key].add(asset_id)
|
||||||
|
|
||||||
util = NodeAssetsUtil(nodes, nodekey_assetsid_mapper)
|
util = NodeAssetsUtil(nodes, nodekey_assetsid_mapper)
|
||||||
util.generate()
|
util.generate()
|
||||||
|
@ -604,7 +606,10 @@ class UserGrantedNodesQueryUtils(UserGrantedUtilsBase):
|
||||||
def get_top_level_nodes(self):
|
def get_top_level_nodes(self):
|
||||||
nodes = self.get_special_nodes()
|
nodes = self.get_special_nodes()
|
||||||
real_nodes = self.get_indirect_granted_node_children('')
|
real_nodes = self.get_indirect_granted_node_children('')
|
||||||
nodes.extend(self.sort(real_nodes))
|
nodes.extend(real_nodes)
|
||||||
|
if len(real_nodes) == 1:
|
||||||
|
children = self.get_node_children(real_nodes[0].key)
|
||||||
|
nodes.extend(children)
|
||||||
return nodes
|
return nodes
|
||||||
|
|
||||||
def get_ungrouped_node(self):
|
def get_ungrouped_node(self):
|
||||||
|
@ -649,11 +654,9 @@ class UserGrantedNodesQueryUtils(UserGrantedUtilsBase):
|
||||||
:param with_special:
|
:param with_special:
|
||||||
:return:
|
:return:
|
||||||
"""
|
"""
|
||||||
nodes = PermNode.objects.filter(
|
nodes = PermNode.objects.filter(granted_node_rels__user=self.user) \
|
||||||
granted_node_rels__user=self.user
|
.annotate(**PermNode.annotate_granted_node_rel_fields) \
|
||||||
).annotate(
|
.distinct()
|
||||||
**PermNode.annotate_granted_node_rel_fields
|
|
||||||
).distinct()
|
|
||||||
|
|
||||||
key_to_node_mapper = {}
|
key_to_node_mapper = {}
|
||||||
nodes_descendant_q = Q()
|
nodes_descendant_q = Q()
|
||||||
|
|
Loading…
Reference in New Issue