perf: 资产授权支持 delete 控制

apps/acls/models/base.py

@@ -61,3 +61,28 @@ class UserAssetAccountBaseACL(BaseACL, OrgModelMixin):
     class Meta(BaseACL.Meta):
         unique_together = ('name', 'org_id')
         abstract = True
+
+    @classmethod
+    def filter_queryset(cls, user=None, asset=None, account=None, account_username=None, **kwargs):
+        queryset = cls.objects.all()
+        org_id = None
+
+        if user:
+            q = cls.users.get_filter_q(user)
+            queryset = queryset.filter(q)
+        if asset:
+            org_id = asset.org_id
+            q = cls.assets.get_filter_q(asset)
+            queryset = queryset.filter(q)
+        if account and not account_username:
+            account_username = account.username
+        if account_username:
+            q = models.Q(accounts__contains=account_username) | \
+                models.Q(accounts__contains='*') | \
+                models.Q(accounts__contains='@ALL')
+            queryset = queryset.filter(q)
+        if org_id:
+            kwargs['org_id'] = org_id
+        if kwargs:
+            queryset = queryset.filter(**kwargs)
+        return queryset.distinct()

apps/authentication/api/connection_token.py

@@ -317,7 +317,7 @@ class ConnectionTokenViewSet(ExtraActionApiMixin, RootOrgViewMixin, JMSModelView
         if acl.is_action(acl.ActionChoices.accept):
             return
         if acl.is_action(acl.ActionChoices.reject):
-            msg = _('ACL action is reject')
+            msg = _('ACL action is reject: {}({})'.format(acl.name, acl.id))
             raise JMSException(code='acl_reject', detail=msg)
         if acl.is_action(acl.ActionChoices.review):
             if not self.request.query_params.get('create_ticket'):

apps/locale/zh/LC_MESSAGES/django.po

@@ -1856,7 +1856,7 @@ msgstr "删除"
 
 #: audits/const.py:15 perms/const.py:13
 msgid "Upload"
-msgstr "上传文件"
+msgstr "上传"
 
 #: audits/const.py:16
 msgid "Rename"
@@ -1868,7 +1868,7 @@ msgstr "建立软链接"
 
 #: audits/const.py:18 perms/const.py:14
 msgid "Download"
-msgstr "下载文件"
+msgstr "下载"
 
 #: audits/const.py:22 rbac/tree.py:228
 msgid "View"

apps/perms/const.py

@@ -14,6 +14,7 @@ class ActionChoices(BitChoices):
     download = bit(3), _("Download")
     copy = bit(4), _("Copy")
     paste = bit(5), _("Paste")
+    delete = bit(6), _("Delete")
 
     @classmethod
     def is_tree(cls):
@@ -23,13 +24,13 @@ class ActionChoices(BitChoices):
     def branches(cls):
         return (
             cls.connect,
-            (_("Transfer"), [cls.upload, cls.download]),
+            (_("Transfer"), [cls.upload, cls.download, cls.delete]),
             (_("Clipboard"), [cls.copy, cls.paste]),
         )
 
     @classmethod
     def transfer(cls):
-        return cls.upload | cls.download
+        return cls.upload | cls.download | cls.delete
 
     @classmethod
     def clipboard(cls):

apps/perms/migrations/0034_auto_20230525_1734.py

@@ -0,0 +1,18 @@
+# Generated by Django 3.2.17 on 2023-05-25 09:34
+
+from django.db import migrations
+
+
+def migrate_asset_permission_delete_perm(apps, *args):
+    asset_permission_cls = apps.get_model('perms', 'AssetPermission')
+    asset_permission_cls.objects.filter(actions__gte=31).update(actions=63)
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ('perms', '0033_auto_20221220_1956'),
+    ]
+
+    operations = [
+        migrations.RunPython(migrate_asset_permission_delete_perm)
+    ]