From 94f898b55d09d561bca88e15aba6b52bd2f5eef0 Mon Sep 17 00:00:00 2001 From: feng626 <1304903146@qq.com> Date: Thu, 1 Sep 2022 10:37:22 +0800 Subject: [PATCH] login asset acl --- apps/acls/api/login_asset_check.py | 4 +-- .../migrations/0004_auto_20220831_1658.py | 33 +++++++++++++++++ apps/acls/models/login_asset_acl.py | 23 ++++++------ apps/acls/serializers/login_asset_acl.py | 15 +++----- apps/acls/serializers/login_asset_check.py | 35 +++---------------- 5 files changed, 53 insertions(+), 57 deletions(-) create mode 100644 apps/acls/migrations/0004_auto_20220831_1658.py diff --git a/apps/acls/api/login_asset_check.py b/apps/acls/api/login_asset_check.py index a7e8990c7..bedf78d41 100644 --- a/apps/acls/api/login_asset_check.py +++ b/apps/acls/api/login_asset_check.py @@ -26,7 +26,7 @@ class LoginAssetCheckAPI(CreateAPIView): def check_if_need_confirm(self): queries = { 'user': self.serializer.user, 'asset': self.serializer.asset, - 'system_user': self.serializer.system_user, + 'account': self.serializer.account, 'action': LoginAssetACL.ActionChoices.login_confirm } with tmp_to_org(self.serializer.org): @@ -45,7 +45,7 @@ class LoginAssetCheckAPI(CreateAPIView): ticket = LoginAssetACL.create_login_asset_confirm_ticket( user=self.serializer.user, asset=self.serializer.asset, - system_user=self.serializer.system_user, + account=self.serializer.account, assignees=acl.reviewers.all(), org_id=self.serializer.org.id, ) diff --git a/apps/acls/migrations/0004_auto_20220831_1658.py b/apps/acls/migrations/0004_auto_20220831_1658.py new file mode 100644 index 000000000..e4392992b --- /dev/null +++ b/apps/acls/migrations/0004_auto_20220831_1658.py @@ -0,0 +1,33 @@ +# Generated by Django 3.2.13 on 2022-08-31 08:58 + +from django.db import migrations, models + + +def migrate_system_users_to_accounts(apps, schema_editor): + login_asset_acl_model = apps.get_model('acls', 'LoginAssetACL') + qs = login_asset_acl_model.objects.all() + login_asset_acls = [] + for instance in qs: + instance.accounts = instance.system_users + login_asset_acls.append(instance) + login_asset_acl_model.objects.bulk_update(login_asset_acls, ['accounts']) + + +class Migration(migrations.Migration): + dependencies = [ + ('acls', '0003_auto_20211130_1037'), + ] + + operations = [ + migrations.AddField( + model_name='loginassetacl', + name='accounts', + field=models.JSONField(default=dict, verbose_name='Account'), + ), + migrations.RunPython(migrate_system_users_to_accounts), + migrations.RemoveField( + model_name='loginassetacl', + name='system_users', + ), + + ] diff --git a/apps/acls/models/login_asset_acl.py b/apps/acls/models/login_asset_acl.py index 5727e521b..8d920e4d5 100644 --- a/apps/acls/models/login_asset_acl.py +++ b/apps/acls/models/login_asset_acl.py @@ -18,7 +18,7 @@ class LoginAssetACL(BaseACL, OrgModelMixin): # 条件 users = models.JSONField(verbose_name=_('User')) - system_users = models.JSONField(verbose_name=_('System User')) + accounts = models.JSONField(verbose_name=_('Account'), default=dict) assets = models.JSONField(verbose_name=_('Asset')) # 动作 action = models.CharField( @@ -43,11 +43,11 @@ class LoginAssetACL(BaseACL, OrgModelMixin): return self.name @classmethod - def filter(cls, user, asset, system_user, action): + def filter(cls, user, asset, account, action): queryset = cls.objects.filter(action=action) queryset = cls.filter_user(user, queryset) queryset = cls.filter_asset(asset, queryset) - queryset = cls.filter_system_user(system_user, queryset) + queryset = cls.filter_account(account, queryset) return queryset @classmethod @@ -69,21 +69,18 @@ class LoginAssetACL(BaseACL, OrgModelMixin): return queryset @classmethod - def filter_system_user(cls, system_user, queryset): + def filter_account(cls, account, queryset): queryset = queryset.filter( - Q(system_users__name_group__contains=system_user.name) | - Q(system_users__name_group__contains='*') + Q(accounts__name_group__contains=account.name) | + Q(accounts__name_group__contains='*') ).filter( - Q(system_users__username_group__contains=system_user.username) | - Q(system_users__username_group__contains='*') - ).filter( - Q(system_users__protocol_group__contains=system_user.protocol) | - Q(system_users__protocol_group__contains='*') + Q(accounts__username_group__contains=account.username) | + Q(accounts__username_group__contains='*') ) return queryset @classmethod - def create_login_asset_confirm_ticket(cls, user, asset, system_user, assignees, org_id): + def create_login_asset_confirm_ticket(cls, user, asset, account, assignees, org_id): from tickets.const import TicketType from tickets.models import ApplyLoginAssetTicket title = _('Login asset confirm') + ' ({})'.format(user) @@ -93,7 +90,7 @@ class LoginAssetACL(BaseACL, OrgModelMixin): 'applicant': user, 'apply_login_user': user, 'apply_login_asset': asset, - 'apply_login_system_user': system_user, + 'apply_login_account': account, 'org_id': org_id, } ticket = ApplyLoginAssetTicket.objects.create(**data) diff --git a/apps/acls/serializers/login_asset_acl.py b/apps/acls/serializers/login_asset_acl.py index b30876f27..884b75c52 100644 --- a/apps/acls/serializers/login_asset_acl.py +++ b/apps/acls/serializers/login_asset_acl.py @@ -38,7 +38,7 @@ class LoginAssetACLAssestsSerializer(serializers.Serializer): ) -class LoginAssetACLSystemUsersSerializer(serializers.Serializer): +class LoginAssetACLAccountsSerializer(serializers.Serializer): protocol_group_help_text = _( 'Format for comma-delimited string, with * indicating a match all. ' 'Protocol options: {}' @@ -52,18 +52,12 @@ class LoginAssetACLSystemUsersSerializer(serializers.Serializer): default=['*'], child=serializers.CharField(max_length=128), label=_('Username'), help_text=common_help_text ) - protocol_group = serializers.ListField( - default=['*'], child=serializers.CharField(max_length=16), label=_('Protocol'), - help_text=protocol_group_help_text.format( - ', '.join([Protocol.ssh, Protocol.telnet]) - ) - ) class LoginAssetACLSerializer(BulkOrgResourceModelSerializer): users = LoginAssetACLUsersSerializer() assets = LoginAssetACLAssestsSerializer() - system_users = LoginAssetACLSystemUsersSerializer() + account = LoginAssetACLAccountsSerializer() reviewers_amount = serializers.IntegerField(read_only=True, source='reviewers.count') action_display = serializers.ReadOnlyField(source='get_action_display', label=_('Action')) @@ -71,9 +65,8 @@ class LoginAssetACLSerializer(BulkOrgResourceModelSerializer): model = models.LoginAssetACL fields_mini = ['id', 'name'] fields_small = fields_mini + [ - 'users', 'system_users', 'assets', - 'is_active', - 'date_created', 'date_updated', + 'users', 'accounts', 'assets', + 'is_active', 'date_created', 'date_updated', 'priority', 'action', 'action_display', 'comment', 'created_by', 'org_id' ] fields_m2m = ['reviewers', 'reviewers_amount'] diff --git a/apps/acls/serializers/login_asset_check.py b/apps/acls/serializers/login_asset_check.py index 2c52506d5..b85d092ae 100644 --- a/apps/acls/serializers/login_asset_check.py +++ b/apps/acls/serializers/login_asset_check.py @@ -11,15 +11,15 @@ __all__ = ['LoginAssetCheckSerializer'] class LoginAssetCheckSerializer(serializers.Serializer): user_id = serializers.UUIDField(required=True, allow_null=False) asset_id = serializers.UUIDField(required=True, allow_null=False) - system_user_id = serializers.UUIDField(required=True, allow_null=False) - system_user_username = serializers.CharField(max_length=128, default='') + account_id = serializers.UUIDField(required=True, allow_null=False) + account_username = serializers.CharField(max_length=128, default='') def __init__(self, *args, **kwargs): super().__init__(*args, **kwargs) self.user = None self.asset = None - self._system_user = None - self._system_user_username = None + self._account = None + self._account_username = None def validate_user_id(self, user_id): self.user = self.validate_object_exist(User, user_id) @@ -29,22 +29,6 @@ class LoginAssetCheckSerializer(serializers.Serializer): self.asset = self.validate_object_exist(Asset, asset_id) return asset_id - # def validate_system_user_id(self, system_user_id): - # self._system_user = self.validate_object_exist(SystemUser, system_user_id) - # return system_user_id - # - # def validate_system_user_username(self, system_user_username): - # system_user_id = self.initial_data.get('system_user_id') - # system_user = self.validate_object_exist(SystemUser, system_user_id) - # if self._system_user.login_mode == SystemUser.LOGIN_MANUAL \ - # and not system_user.username \ - # and not system_user.username_same_with_user \ - # and not system_user_username: - # error = 'Missing parameter: system_user_username' - # raise serializers.ValidationError(error) - # self._system_user_username = system_user_username - # return system_user_username - @staticmethod def validate_object_exist(model, field_id): with tmp_to_root_org(): @@ -54,17 +38,6 @@ class LoginAssetCheckSerializer(serializers.Serializer): raise serializers.ValidationError(error) return obj - # @lazyproperty - # def system_user(self): - # if self._system_user.username_same_with_user: - # username = self.user.username - # elif self._system_user.login_mode == SystemUser.LOGIN_MANUAL: - # username = self._system_user_username - # else: - # username = self._system_user.username - # self._system_user.username = username - # return self._system_user - @lazyproperty def org(self): return self.asset.org