diff --git a/apps/assets/models.py b/apps/assets/models.py index 71a076d02..8c48eb373 100644 --- a/apps/assets/models.py +++ b/apps/assets/models.py @@ -266,7 +266,7 @@ class Asset(models.Model): password = models.CharField(max_length=256, null=True, blank=True, verbose_name=_("Admin password")) admin_user = models.ForeignKey(AdminUser, null=True, related_name='assets', on_delete=models.SET_NULL, verbose_name=_("Admin user")) - system_user = models.ManyToManyField(SystemUser, blank=True, related_name='assets', verbose_name=_("System User")) + system_users = models.ManyToManyField(SystemUser, blank=True, related_name='assets', verbose_name=_("System User")) idc = models.ForeignKey(IDC, null=True, related_name='assets', on_delete=models.SET_NULL, verbose_name=_('IDC')) mac_address = models.CharField(max_length=20, null=True, blank=True, verbose_name=_("Mac address")) brand = models.CharField(max_length=64, null=True, blank=True, verbose_name=_('Brand')) @@ -298,7 +298,7 @@ class Asset(models.Model): @classmethod def generate_fake(cls, count=100): - from random import seed + from random import seed, choice import forgery_py from django.db import IntegrityError @@ -306,10 +306,14 @@ class Asset(models.Model): for i in range(count): asset = cls(ip='%s.%s.%s.%s' % tuple([forgery_py.forgery.basic.text(length=3, digits=True) for i in range(0, 4)]), + admin_user=choice(AdminUser.objects.all()), + idc=choice(IDC.objects.all()), port=22, created_by='Fake') try: asset.save() + asset.system_users = [choice(SystemUser.objects.all()) for i in range(3)] + asset.groups = [choice(AssetGroup.objects.all()) for i in range(3)] logger.debug('Generate fake asset : %s' % asset.ip) except IntegrityError: print('Error continue') @@ -332,5 +336,5 @@ class Label(models.Model): def generate_fake(): - for cls in (Asset, AssetGroup, IDC): + for cls in (AssetGroup, IDC, AdminUser, SystemUser, Asset): cls.generate_fake() diff --git a/apps/perms/models.py b/apps/perms/models.py index e71fb15c7..25ac3640d 100644 --- a/apps/perms/models.py +++ b/apps/perms/models.py @@ -24,7 +24,7 @@ class AssetPermission(models.Model): comment = models.TextField(verbose_name=_('Comment'), blank=True) def __unicode__(self): - return '%(name)s: %(action)s' % {'name': self.name, 'action': self.action} + return self.name @property def is_valid(self): diff --git a/apps/perms/utils.py b/apps/perms/utils.py index 33cc38343..3f5830e5f 100644 --- a/apps/perms/utils.py +++ b/apps/perms/utils.py @@ -1,56 +1,73 @@ from __future__ import absolute_import, unicode_literals -from .models import AssetPermission from .hands import User, UserGroup, Asset, AssetGroup, SystemUser -from common.utils import combine_seq -def get_asset_groups_denied_by_user_group(user_group): - pass - - -def get_asset_groups_granted_by_user_group(user_group): +def get_user_group_granted_asset_groups(user_group): """Return asset groups granted of the user group - :param user_group: Instance of :class: ``UserGroup`` - :return: {asset_group1: {system_user1, }, asset_group2: {system_user1, system_user2]} + :param user_group: Instance of :class: ``UserGroup`` + :return: {asset_group1: {system_user1, }, asset_group2: {system_user1, system_user2]} """ asset_groups = {} - - if not isinstance(user_group, UserGroup): - return asset_groups - asset_permissions = user_group.asset_permissions.all() + for asset_permission in asset_permissions: if not asset_permission.is_valid: continue for asset_group in asset_permission.asset_groups.all(): if asset_group in asset_groups: - asset_groups[asset_group].union(set(asset_permission.system_users.all())) + asset_groups[asset_group] |= set(asset_permission.system_users.all()) else: asset_groups[asset_group] = set(asset_permission.system_users.all()) + return asset_groups -def get_assets_granted_by_user_group(user_group): +def get_user_group_granted_assets(user_group): """Return assets granted of the user group - :param user_group: Instance of :class: ``UserGroup`` - :return: {asset1: {system_user1, }, asset1: {system_user1, system_user2]} + :param user_group: Instance of :class: ``UserGroup`` + :return: {asset1: {system_user1, }, asset1: {system_user1, system_user2]} """ assets = {} - if not isinstance(user_group, UserGroup): - return assets - asset_permissions = user_group.asset_permissions.all() + for asset_permission in asset_permissions: - for asset in asset_permission.get_granted_assets: + if not asset_permission.is_valid: + continue + for asset in asset_permission.get_granted_assets(): if asset in assets: - pass + assets[asset] |= set(asset_permission.system_users.all()) + else: + assets[asset] = set(asset_permission.system_users.all()) + + return assets -def get_asset_groups_granted_by_user(user): - """Return asset groups granted of the user +def get_user_granted_asset_groups_direct(user): + """Return asset groups granted of the user direct nor inherit from user group + + :param user: Instance of :class: ``User`` + :return: {asset_group: {system_user1, }, asset_group2: {system_user1, system_user2]} + """ + asset_groups = {} + asset_permissions_direct = user.asset_permissions.all() + + for asset_permission in asset_permissions_direct: + if not asset_permission.is_valid: + continue + for asset_group in asset_permission.asset_groups.all(): + if asset_group in asset_groups: + asset_groups[asset_group] |= set(asset_permission.system_users.all()) + else: + asset_groups[asset_group] = set(asset_permission.system_users.all()) + + return asset_groups + + +def get_user_granted_asset_groups_inherit_from_user_groups(user): + """Return asset groups granted of the user and inherit from user group :param user: Instance of :class: ``User`` :return: {asset_group: {system_user1, }, asset_group2: {system_user1, system_user2]} @@ -60,25 +77,100 @@ def get_asset_groups_granted_by_user(user): if not isinstance(user, User): return asset_groups - asset_permissions = user.asset_permissions.all() + user_groups = user.groups.all() + asset_permissions = set() + + # Get asset permission list of user groups for this user + for user_group in user_groups: + asset_permissions |= set(user_group.asset_permissions.all()) + # Get asset groups granted from user groups for asset_permission in asset_permissions: + if not asset_permission.is_valid: + continue for asset_group in asset_permission.asset_groups.all(): if asset_group in asset_groups: - asset_groups[asset_group].union(set(asset_permission.system_users.all())) + asset_groups[asset_group] |= set(asset_permission.system_users.all()) else: asset_groups[asset_group] = set(asset_permission.system_users.all()) return asset_groups -def get_assets_granted_by_user(user): +def get_user_granted_asset_groups(user): + """Get user granted asset groups all, include direct and inherit from user group + + :param user: Instance of :class: ``User`` + :return: {asset1: {system_user1, system_user2}, asset2: {...}} + """ + + asset_groups_inherit_from_user_groups = get_user_granted_asset_groups_inherit_from_user_groups(user) + asset_groups_direct = get_user_granted_asset_groups_direct(user) + asset_groups = asset_groups_inherit_from_user_groups + + # Merge direct granted and inherit from user group + for asset_group, system_users in asset_groups_direct.items(): + if asset_group in asset_groups: + asset_groups[asset_group] |= asset_groups_direct[asset_group] + else: + asset_groups[asset_group] = asset_groups_direct[asset_group] + + return asset_groups + + +def get_user_granted_assets_direct(user): + """Return assets granted of the user directly + + :param user: Instance of :class: ``User`` + :return: {asset1: {system_user1, system_user2}, asset2: {...}} + """ + assets = {} + asset_permissions_direct = user.asset_permissions.all() + + for asset_permission in asset_permissions_direct: + if not asset_permission.is_valid: + continue + for asset in asset_permission.get_granted_assets(): + if asset in assets: + assets[asset] |= set(asset_permission.system_users.all()) + else: + assets[asset] = set(asset_permission.system_users.all()) + + return assets + + +def get_user_granted_assets_inherit_from_user_groups(user): """Return all assets granted of the user :param user: Instance of :class: ``User`` :return: {asset1: {system_user1, system_user2}, asset2: {...}} """ - pass + assets = {} + user_groups = user.groups.all() + + for user_group in user_groups: + assets_inherited = get_user_group_granted_assets(user_group) + for asset in assets_inherited: + if asset in assets: + assets[asset] |= assets_inherited[asset] + else: + assets[asset] = assets_inherited[asset] + + return assets + + +def get_user_granted_assets(user): + assets_direct = get_user_granted_assets_direct(user) + assets_inherited = get_user_granted_assets_inherit_from_user_groups(user) + assets = assets_inherited + + for asset in assets_direct: + if asset in assets: + assets[asset] |= assets_direct[asset] + else: + assets[asset] = assets_direct[asset] + + return assets def get_user_groups_granted_in_asset(asset):