Add user permission select

pull/530/head
ibuler 8 years ago
parent d9812e2bdb
commit a091036744

@ -266,7 +266,7 @@ class Asset(models.Model):
password = models.CharField(max_length=256, null=True, blank=True, verbose_name=_("Admin password")) password = models.CharField(max_length=256, null=True, blank=True, verbose_name=_("Admin password"))
admin_user = models.ForeignKey(AdminUser, null=True, related_name='assets', admin_user = models.ForeignKey(AdminUser, null=True, related_name='assets',
on_delete=models.SET_NULL, verbose_name=_("Admin user")) on_delete=models.SET_NULL, verbose_name=_("Admin user"))
system_user = models.ManyToManyField(SystemUser, blank=True, related_name='assets', verbose_name=_("System User")) system_users = models.ManyToManyField(SystemUser, blank=True, related_name='assets', verbose_name=_("System User"))
idc = models.ForeignKey(IDC, null=True, related_name='assets', on_delete=models.SET_NULL, verbose_name=_('IDC')) idc = models.ForeignKey(IDC, null=True, related_name='assets', on_delete=models.SET_NULL, verbose_name=_('IDC'))
mac_address = models.CharField(max_length=20, null=True, blank=True, verbose_name=_("Mac address")) mac_address = models.CharField(max_length=20, null=True, blank=True, verbose_name=_("Mac address"))
brand = models.CharField(max_length=64, null=True, blank=True, verbose_name=_('Brand')) brand = models.CharField(max_length=64, null=True, blank=True, verbose_name=_('Brand'))
@ -298,7 +298,7 @@ class Asset(models.Model):
@classmethod @classmethod
def generate_fake(cls, count=100): def generate_fake(cls, count=100):
from random import seed from random import seed, choice
import forgery_py import forgery_py
from django.db import IntegrityError from django.db import IntegrityError
@ -306,10 +306,14 @@ class Asset(models.Model):
for i in range(count): for i in range(count):
asset = cls(ip='%s.%s.%s.%s' % tuple([forgery_py.forgery.basic.text(length=3, digits=True) asset = cls(ip='%s.%s.%s.%s' % tuple([forgery_py.forgery.basic.text(length=3, digits=True)
for i in range(0, 4)]), for i in range(0, 4)]),
admin_user=choice(AdminUser.objects.all()),
idc=choice(IDC.objects.all()),
port=22, port=22,
created_by='Fake') created_by='Fake')
try: try:
asset.save() asset.save()
asset.system_users = [choice(SystemUser.objects.all()) for i in range(3)]
asset.groups = [choice(AssetGroup.objects.all()) for i in range(3)]
logger.debug('Generate fake asset : %s' % asset.ip) logger.debug('Generate fake asset : %s' % asset.ip)
except IntegrityError: except IntegrityError:
print('Error continue') print('Error continue')
@ -332,5 +336,5 @@ class Label(models.Model):
def generate_fake(): def generate_fake():
for cls in (Asset, AssetGroup, IDC): for cls in (AssetGroup, IDC, AdminUser, SystemUser, Asset):
cls.generate_fake() cls.generate_fake()

@ -24,7 +24,7 @@ class AssetPermission(models.Model):
comment = models.TextField(verbose_name=_('Comment'), blank=True) comment = models.TextField(verbose_name=_('Comment'), blank=True)
def __unicode__(self): def __unicode__(self):
return '%(name)s: %(action)s' % {'name': self.name, 'action': self.action} return self.name
@property @property
def is_valid(self): def is_valid(self):

@ -1,56 +1,73 @@
from __future__ import absolute_import, unicode_literals from __future__ import absolute_import, unicode_literals
from .models import AssetPermission
from .hands import User, UserGroup, Asset, AssetGroup, SystemUser from .hands import User, UserGroup, Asset, AssetGroup, SystemUser
from common.utils import combine_seq
def get_asset_groups_denied_by_user_group(user_group): def get_user_group_granted_asset_groups(user_group):
pass
def get_asset_groups_granted_by_user_group(user_group):
"""Return asset groups granted of the user group """Return asset groups granted of the user group
:param user_group: Instance of :class: ``UserGroup`` :param user_group: Instance of :class: ``UserGroup``
:return: {asset_group1: {system_user1, }, asset_group2: {system_user1, system_user2]} :return: {asset_group1: {system_user1, }, asset_group2: {system_user1, system_user2]}
""" """
asset_groups = {} asset_groups = {}
if not isinstance(user_group, UserGroup):
return asset_groups
asset_permissions = user_group.asset_permissions.all() asset_permissions = user_group.asset_permissions.all()
for asset_permission in asset_permissions: for asset_permission in asset_permissions:
if not asset_permission.is_valid: if not asset_permission.is_valid:
continue continue
for asset_group in asset_permission.asset_groups.all(): for asset_group in asset_permission.asset_groups.all():
if asset_group in asset_groups: if asset_group in asset_groups:
asset_groups[asset_group].union(set(asset_permission.system_users.all())) asset_groups[asset_group] |= set(asset_permission.system_users.all())
else: else:
asset_groups[asset_group] = set(asset_permission.system_users.all()) asset_groups[asset_group] = set(asset_permission.system_users.all())
return asset_groups return asset_groups
def get_assets_granted_by_user_group(user_group): def get_user_group_granted_assets(user_group):
"""Return assets granted of the user group """Return assets granted of the user group
:param user_group: Instance of :class: ``UserGroup`` :param user_group: Instance of :class: ``UserGroup``
:return: {asset1: {system_user1, }, asset1: {system_user1, system_user2]} :return: {asset1: {system_user1, }, asset1: {system_user1, system_user2]}
""" """
assets = {} assets = {}
if not isinstance(user_group, UserGroup):
return assets
asset_permissions = user_group.asset_permissions.all() asset_permissions = user_group.asset_permissions.all()
for asset_permission in asset_permissions: for asset_permission in asset_permissions:
for asset in asset_permission.get_granted_assets: if not asset_permission.is_valid:
continue
for asset in asset_permission.get_granted_assets():
if asset in assets: if asset in assets:
pass assets[asset] |= set(asset_permission.system_users.all())
else:
assets[asset] = set(asset_permission.system_users.all())
return assets
def get_user_granted_asset_groups_direct(user):
"""Return asset groups granted of the user direct nor inherit from user group
:param user: Instance of :class: ``User``
:return: {asset_group: {system_user1, }, asset_group2: {system_user1, system_user2]}
"""
asset_groups = {}
asset_permissions_direct = user.asset_permissions.all()
def get_asset_groups_granted_by_user(user): for asset_permission in asset_permissions_direct:
"""Return asset groups granted of the user if not asset_permission.is_valid:
continue
for asset_group in asset_permission.asset_groups.all():
if asset_group in asset_groups:
asset_groups[asset_group] |= set(asset_permission.system_users.all())
else:
asset_groups[asset_group] = set(asset_permission.system_users.all())
return asset_groups
def get_user_granted_asset_groups_inherit_from_user_groups(user):
"""Return asset groups granted of the user and inherit from user group
:param user: Instance of :class: ``User`` :param user: Instance of :class: ``User``
:return: {asset_group: {system_user1, }, asset_group2: {system_user1, system_user2]} :return: {asset_group: {system_user1, }, asset_group2: {system_user1, system_user2]}
@ -60,25 +77,100 @@ def get_asset_groups_granted_by_user(user):
if not isinstance(user, User): if not isinstance(user, User):
return asset_groups return asset_groups
asset_permissions = user.asset_permissions.all() user_groups = user.groups.all()
asset_permissions = set()
# Get asset permission list of user groups for this user
for user_group in user_groups:
asset_permissions |= set(user_group.asset_permissions.all())
# Get asset groups granted from user groups
for asset_permission in asset_permissions: for asset_permission in asset_permissions:
if not asset_permission.is_valid:
continue
for asset_group in asset_permission.asset_groups.all(): for asset_group in asset_permission.asset_groups.all():
if asset_group in asset_groups: if asset_group in asset_groups:
asset_groups[asset_group].union(set(asset_permission.system_users.all())) asset_groups[asset_group] |= set(asset_permission.system_users.all())
else: else:
asset_groups[asset_group] = set(asset_permission.system_users.all()) asset_groups[asset_group] = set(asset_permission.system_users.all())
return asset_groups return asset_groups
def get_assets_granted_by_user(user): def get_user_granted_asset_groups(user):
"""Get user granted asset groups all, include direct and inherit from user group
:param user: Instance of :class: ``User``
:return: {asset1: {system_user1, system_user2}, asset2: {...}}
"""
asset_groups_inherit_from_user_groups = get_user_granted_asset_groups_inherit_from_user_groups(user)
asset_groups_direct = get_user_granted_asset_groups_direct(user)
asset_groups = asset_groups_inherit_from_user_groups
# Merge direct granted and inherit from user group
for asset_group, system_users in asset_groups_direct.items():
if asset_group in asset_groups:
asset_groups[asset_group] |= asset_groups_direct[asset_group]
else:
asset_groups[asset_group] = asset_groups_direct[asset_group]
return asset_groups
def get_user_granted_assets_direct(user):
"""Return assets granted of the user directly
:param user: Instance of :class: ``User``
:return: {asset1: {system_user1, system_user2}, asset2: {...}}
"""
assets = {}
asset_permissions_direct = user.asset_permissions.all()
for asset_permission in asset_permissions_direct:
if not asset_permission.is_valid:
continue
for asset in asset_permission.get_granted_assets():
if asset in assets:
assets[asset] |= set(asset_permission.system_users.all())
else:
assets[asset] = set(asset_permission.system_users.all())
return assets
def get_user_granted_assets_inherit_from_user_groups(user):
"""Return all assets granted of the user """Return all assets granted of the user
:param user: Instance of :class: ``User`` :param user: Instance of :class: ``User``
:return: {asset1: {system_user1, system_user2}, asset2: {...}} :return: {asset1: {system_user1, system_user2}, asset2: {...}}
""" """
pass assets = {}
user_groups = user.groups.all()
for user_group in user_groups:
assets_inherited = get_user_group_granted_assets(user_group)
for asset in assets_inherited:
if asset in assets:
assets[asset] |= assets_inherited[asset]
else:
assets[asset] = assets_inherited[asset]
return assets
def get_user_granted_assets(user):
assets_direct = get_user_granted_assets_direct(user)
assets_inherited = get_user_granted_assets_inherit_from_user_groups(user)
assets = assets_inherited
for asset in assets_direct:
if asset in assets:
assets[asset] |= assets_direct[asset]
else:
assets[asset] = assets_direct[asset]
return assets
def get_user_groups_granted_in_asset(asset): def get_user_groups_granted_in_asset(asset):

Loading…
Cancel
Save