Add user permission select

apps/assets/models.py

@@ -266,7 +266,7 @@ class Asset(models.Model):
     password = models.CharField(max_length=256, null=True, blank=True, verbose_name=_("Admin password"))
     admin_user = models.ForeignKey(AdminUser, null=True, related_name='assets',
                                    on_delete=models.SET_NULL, verbose_name=_("Admin user"))
-    system_user = models.ManyToManyField(SystemUser, blank=True, related_name='assets', verbose_name=_("System User"))
+    system_users = models.ManyToManyField(SystemUser, blank=True, related_name='assets', verbose_name=_("System User"))
     idc = models.ForeignKey(IDC, null=True, related_name='assets', on_delete=models.SET_NULL, verbose_name=_('IDC'))
     mac_address = models.CharField(max_length=20, null=True, blank=True, verbose_name=_("Mac address"))
     brand = models.CharField(max_length=64, null=True, blank=True, verbose_name=_('Brand'))
@@ -298,7 +298,7 @@ class Asset(models.Model):
 
     @classmethod
     def generate_fake(cls, count=100):
-        from random import seed
+        from random import seed, choice
         import forgery_py
         from django.db import IntegrityError
 
@@ -306,10 +306,14 @@ class Asset(models.Model):
         for i in range(count):
             asset = cls(ip='%s.%s.%s.%s' % tuple([forgery_py.forgery.basic.text(length=3, digits=True)
                                                   for i in range(0, 4)]),
+                        admin_user=choice(AdminUser.objects.all()),
+                        idc=choice(IDC.objects.all()),
                         port=22,
                         created_by='Fake')
             try:
                 asset.save()
+                asset.system_users = [choice(SystemUser.objects.all()) for i in range(3)]
+                asset.groups = [choice(AssetGroup.objects.all()) for i in range(3)]
                 logger.debug('Generate fake asset : %s' % asset.ip)
             except IntegrityError:
                 print('Error continue')
@@ -332,5 +336,5 @@ class Label(models.Model):
 
 
 def generate_fake():
-    for cls in (Asset, AssetGroup, IDC):
+    for cls in (AssetGroup, IDC, AdminUser, SystemUser, Asset):
         cls.generate_fake()

apps/perms/models.py

@@ -24,7 +24,7 @@ class AssetPermission(models.Model):
     comment = models.TextField(verbose_name=_('Comment'), blank=True)
 
     def __unicode__(self):
-        return '%(name)s: %(action)s' % {'name': self.name, 'action': self.action}
+        return self.name
 
     @property
     def is_valid(self):

apps/perms/utils.py

@@ -1,56 +1,73 @@
 from __future__ import absolute_import, unicode_literals
 
-from .models import AssetPermission
 from .hands import User, UserGroup, Asset, AssetGroup, SystemUser
-from common.utils import combine_seq
 
 
-def get_asset_groups_denied_by_user_group(user_group):
+def get_user_group_granted_asset_groups(user_group):
-    pass
-
-
-def get_asset_groups_granted_by_user_group(user_group):
     """Return asset groups granted of the user group
 
-        :param user_group: Instance of :class: ``UserGroup``
+     :param user_group: Instance of :class: ``UserGroup``
-        :return: {asset_group1: {system_user1, }, asset_group2: {system_user1, system_user2]}
+     :return: {asset_group1: {system_user1, }, asset_group2: {system_user1, system_user2]}
     """
     asset_groups = {}
-
-    if not isinstance(user_group, UserGroup):
-        return asset_groups
-
     asset_permissions = user_group.asset_permissions.all()
+
     for asset_permission in asset_permissions:
         if not asset_permission.is_valid:
             continue
         for asset_group in asset_permission.asset_groups.all():
             if asset_group in asset_groups:
-                asset_groups[asset_group].union(set(asset_permission.system_users.all()))
+                asset_groups[asset_group] |= set(asset_permission.system_users.all())
             else:
                 asset_groups[asset_group] = set(asset_permission.system_users.all())
+
     return asset_groups
 
 
-def get_assets_granted_by_user_group(user_group):
+def get_user_group_granted_assets(user_group):
     """Return assets granted of the user group
 
-        :param user_group: Instance of :class: ``UserGroup``
+    :param user_group: Instance of :class: ``UserGroup``
-        :return: {asset1: {system_user1, }, asset1: {system_user1, system_user2]}
+    :return: {asset1: {system_user1, }, asset1: {system_user1, system_user2]}
     """
     assets = {}
-    if not isinstance(user_group, UserGroup):
-        return assets
-
     asset_permissions = user_group.asset_permissions.all()
+
     for asset_permission in asset_permissions:
-        for asset in asset_permission.get_granted_assets:
+        if not asset_permission.is_valid:
+            continue
+        for asset in asset_permission.get_granted_assets():
             if asset in assets:
-                pass
+                assets[asset] |= set(asset_permission.system_users.all())
+            else:
+                assets[asset] = set(asset_permission.system_users.all())
+
+    return assets
 
 
-def get_asset_groups_granted_by_user(user):
+def get_user_granted_asset_groups_direct(user):
-    """Return asset groups granted of the user
+    """Return asset groups granted of the user direct nor inherit from user group
+
+        :param user: Instance of :class: ``User``
+        :return: {asset_group: {system_user1, }, asset_group2: {system_user1, system_user2]}
+        """
+    asset_groups = {}
+    asset_permissions_direct = user.asset_permissions.all()
+
+    for asset_permission in asset_permissions_direct:
+        if not asset_permission.is_valid:
+            continue
+        for asset_group in asset_permission.asset_groups.all():
+            if asset_group in asset_groups:
+                asset_groups[asset_group] |= set(asset_permission.system_users.all())
+            else:
+                asset_groups[asset_group] = set(asset_permission.system_users.all())
+
+    return asset_groups
+
+
+def get_user_granted_asset_groups_inherit_from_user_groups(user):
+    """Return asset groups granted of the user and inherit from user group
 
     :param user: Instance of :class: ``User``
     :return: {asset_group: {system_user1, }, asset_group2: {system_user1, system_user2]}
@@ -60,25 +77,100 @@ def get_asset_groups_granted_by_user(user):
     if not isinstance(user, User):
         return asset_groups
 
-    asset_permissions = user.asset_permissions.all()
+    user_groups = user.groups.all()
+    asset_permissions = set()
 
+    # Get asset permission list of user groups for this user
+    for user_group in user_groups:
+        asset_permissions |= set(user_group.asset_permissions.all())
+
+    # Get asset groups granted from user groups
     for asset_permission in asset_permissions:
+        if not asset_permission.is_valid:
+            continue
         for asset_group in asset_permission.asset_groups.all():
             if asset_group in asset_groups:
-                asset_groups[asset_group].union(set(asset_permission.system_users.all()))
+                asset_groups[asset_group] |= set(asset_permission.system_users.all())
             else:
                 asset_groups[asset_group] = set(asset_permission.system_users.all())
 
     return asset_groups
 
 
-def get_assets_granted_by_user(user):
+def get_user_granted_asset_groups(user):
+    """Get user granted asset groups all, include direct and inherit from user group
+
+    :param user: Instance of :class: ``User``
+    :return: {asset1: {system_user1, system_user2}, asset2: {...}}
+    """
+
+    asset_groups_inherit_from_user_groups = get_user_granted_asset_groups_inherit_from_user_groups(user)
+    asset_groups_direct = get_user_granted_asset_groups_direct(user)
+    asset_groups = asset_groups_inherit_from_user_groups
+
+    # Merge direct granted and inherit from user group
+    for asset_group, system_users in asset_groups_direct.items():
+        if asset_group in asset_groups:
+            asset_groups[asset_group] |= asset_groups_direct[asset_group]
+        else:
+            asset_groups[asset_group] = asset_groups_direct[asset_group]
+
+    return asset_groups
+
+
+def get_user_granted_assets_direct(user):
+    """Return assets granted of the user directly
+
+     :param user: Instance of :class: ``User``
+     :return: {asset1: {system_user1, system_user2}, asset2: {...}}
+    """
+    assets = {}
+    asset_permissions_direct = user.asset_permissions.all()
+
+    for asset_permission in asset_permissions_direct:
+        if not asset_permission.is_valid:
+            continue
+        for asset in asset_permission.get_granted_assets():
+            if asset in assets:
+                assets[asset] |= set(asset_permission.system_users.all())
+            else:
+                assets[asset] = set(asset_permission.system_users.all())
+
+    return assets
+
+
+def get_user_granted_assets_inherit_from_user_groups(user):
     """Return all assets granted of the user
 
     :param user: Instance of :class: ``User``
     :return: {asset1: {system_user1, system_user2}, asset2: {...}}
     """
-    pass
+    assets = {}
+    user_groups = user.groups.all()
+
+    for user_group in user_groups:
+        assets_inherited = get_user_group_granted_assets(user_group)
+        for asset in assets_inherited:
+            if asset in assets:
+                assets[asset] |= assets_inherited[asset]
+            else:
+                assets[asset] = assets_inherited[asset]
+
+    return assets
+
+
+def get_user_granted_assets(user):
+    assets_direct = get_user_granted_assets_direct(user)
+    assets_inherited = get_user_granted_assets_inherit_from_user_groups(user)
+    assets = assets_inherited
+
+    for asset in assets_direct:
+        if asset in assets:
+            assets[asset] |= assets_direct[asset]
+        else:
+            assets[asset] = assets_direct[asset]
+
+    return assets
 
 
 def get_user_groups_granted_in_asset(asset):