Add user permission select

2016-09-16 16:09:11 +08:00 · 2016-09-16 16:09:11 +08:00 · a091036744
parent d9812e2bdb
commit a091036744
3 changed files with 128 additions and 32 deletions
--- a/apps/assets/models.py
+++ b/apps/assets/models.py
@ -266,7 +266,7 @@ class Asset(models.Model):
    password = models.CharField(max_length=256, null=True, blank=True, verbose_name=_("Admin password"))
    admin_user = models.ForeignKey(AdminUser, null=True, related_name='assets',
                                   on_delete=models.SET_NULL, verbose_name=_("Admin user"))
-    system_user = models.ManyToManyField(SystemUser, blank=True, related_name='assets', verbose_name=_("System User"))
+    system_users = models.ManyToManyField(SystemUser, blank=True, related_name='assets', verbose_name=_("System User"))
    idc = models.ForeignKey(IDC, null=True, related_name='assets', on_delete=models.SET_NULL, verbose_name=_('IDC'))
    mac_address = models.CharField(max_length=20, null=True, blank=True, verbose_name=_("Mac address"))
    brand = models.CharField(max_length=64, null=True, blank=True, verbose_name=_('Brand'))
@ -298,7 +298,7 @@ class Asset(models.Model):

    @classmethod
    def generate_fake(cls, count=100):
-        from random import seed
+        from random import seed, choice
        import forgery_py
        from django.db import IntegrityError

@ -306,10 +306,14 @@ class Asset(models.Model):
        for i in range(count):
            asset = cls(ip='%s.%s.%s.%s' % tuple([forgery_py.forgery.basic.text(length=3, digits=True)
                                                  for i in range(0, 4)]),
+                        admin_user=choice(AdminUser.objects.all()),
+                        idc=choice(IDC.objects.all()),
                        port=22,
                        created_by='Fake')
            try:
                asset.save()
+                asset.system_users = [choice(SystemUser.objects.all()) for i in range(3)]
+                asset.groups = [choice(AssetGroup.objects.all()) for i in range(3)]
                logger.debug('Generate fake asset : %s' % asset.ip)
            except IntegrityError:
                print('Error continue')
@ -332,5 +336,5 @@ class Label(models.Model):


 def generate_fake():
-    for cls in (Asset, AssetGroup, IDC):
+    for cls in (AssetGroup, IDC, AdminUser, SystemUser, Asset):
        cls.generate_fake()
--- a/apps/perms/models.py
+++ b/apps/perms/models.py
@ -24,7 +24,7 @@ class AssetPermission(models.Model):
    comment = models.TextField(verbose_name=_('Comment'), blank=True)

    def __unicode__(self):
-        return '%(name)s: %(action)s' % {'name': self.name, 'action': self.action}
+        return self.name

    @property
    def is_valid(self):
--- a/apps/perms/utils.py
+++ b/apps/perms/utils.py
@ -1,56 +1,73 @@
 from __future__ import absolute_import, unicode_literals

-from .models import AssetPermission
 from .hands import User, UserGroup, Asset, AssetGroup, SystemUser
-from common.utils import combine_seq


-def get_asset_groups_denied_by_user_group(user_group):
-    pass
-
-
-def get_asset_groups_granted_by_user_group(user_group):
+def get_user_group_granted_asset_groups(user_group):
    """Return asset groups granted of the user group

-        :param user_group: Instance of :class: ``UserGroup``
-        :return: {asset_group1: {system_user1, }, asset_group2: {system_user1, system_user2]}
+     :param user_group: Instance of :class: ``UserGroup``
+     :return: {asset_group1: {system_user1, }, asset_group2: {system_user1, system_user2]}
    """
    asset_groups = {}
-
-    if not isinstance(user_group, UserGroup):
-        return asset_groups
-
    asset_permissions = user_group.asset_permissions.all()
+
    for asset_permission in asset_permissions:
        if not asset_permission.is_valid:
            continue
        for asset_group in asset_permission.asset_groups.all():
            if asset_group in asset_groups:
-                asset_groups[asset_group].union(set(asset_permission.system_users.all()))
+                asset_groups[asset_group] |= set(asset_permission.system_users.all())
            else:
                asset_groups[asset_group] = set(asset_permission.system_users.all())
+
    return asset_groups


-def get_assets_granted_by_user_group(user_group):
+def get_user_group_granted_assets(user_group):
    """Return assets granted of the user group

-        :param user_group: Instance of :class: ``UserGroup``
-        :return: {asset1: {system_user1, }, asset1: {system_user1, system_user2]}
+    :param user_group: Instance of :class: ``UserGroup``
+    :return: {asset1: {system_user1, }, asset1: {system_user1, system_user2]}
    """
    assets = {}
-    if not isinstance(user_group, UserGroup):
-        return assets
-
    asset_permissions = user_group.asset_permissions.all()
+
    for asset_permission in asset_permissions:
-        for asset in asset_permission.get_granted_assets:
+        if not asset_permission.is_valid:
+            continue
+        for asset in asset_permission.get_granted_assets():
            if asset in assets:
-                pass
+                assets[asset] |= set(asset_permission.system_users.all())
+            else:
+                assets[asset] = set(asset_permission.system_users.all())
+
+    return assets


-def get_asset_groups_granted_by_user(user):
-    """Return asset groups granted of the user
+def get_user_granted_asset_groups_direct(user):
+    """Return asset groups granted of the user direct nor inherit from user group
+
+        :param user: Instance of :class: ``User``
+        :return: {asset_group: {system_user1, }, asset_group2: {system_user1, system_user2]}
+        """
+    asset_groups = {}
+    asset_permissions_direct = user.asset_permissions.all()
+
+    for asset_permission in asset_permissions_direct:
+        if not asset_permission.is_valid:
+            continue
+        for asset_group in asset_permission.asset_groups.all():
+            if asset_group in asset_groups:
+                asset_groups[asset_group] |= set(asset_permission.system_users.all())
+            else:
+                asset_groups[asset_group] = set(asset_permission.system_users.all())
+
+    return asset_groups
+
+
+def get_user_granted_asset_groups_inherit_from_user_groups(user):
+    """Return asset groups granted of the user and inherit from user group

    :param user: Instance of :class: ``User``
    :return: {asset_group: {system_user1, }, asset_group2: {system_user1, system_user2]}
@ -60,25 +77,100 @@ def get_asset_groups_granted_by_user(user):
    if not isinstance(user, User):
        return asset_groups

-    asset_permissions = user.asset_permissions.all()
+    user_groups = user.groups.all()
+    asset_permissions = set()

+    # Get asset permission list of user groups for this user
+    for user_group in user_groups:
+        asset_permissions |= set(user_group.asset_permissions.all())
+
+    # Get asset groups granted from user groups
    for asset_permission in asset_permissions:
+        if not asset_permission.is_valid:
+            continue
        for asset_group in asset_permission.asset_groups.all():
            if asset_group in asset_groups:
-                asset_groups[asset_group].union(set(asset_permission.system_users.all()))
+                asset_groups[asset_group] |= set(asset_permission.system_users.all())
            else:
                asset_groups[asset_group] = set(asset_permission.system_users.all())

    return asset_groups


-def get_assets_granted_by_user(user):
+def get_user_granted_asset_groups(user):
+    """Get user granted asset groups all, include direct and inherit from user group
+
+    :param user: Instance of :class: ``User``
+    :return: {asset1: {system_user1, system_user2}, asset2: {...}}
+    """
+
+    asset_groups_inherit_from_user_groups = get_user_granted_asset_groups_inherit_from_user_groups(user)
+    asset_groups_direct = get_user_granted_asset_groups_direct(user)
+    asset_groups = asset_groups_inherit_from_user_groups
+
+    # Merge direct granted and inherit from user group
+    for asset_group, system_users in asset_groups_direct.items():
+        if asset_group in asset_groups:
+            asset_groups[asset_group] |= asset_groups_direct[asset_group]
+        else:
+            asset_groups[asset_group] = asset_groups_direct[asset_group]
+
+    return asset_groups
+
+
+def get_user_granted_assets_direct(user):
+    """Return assets granted of the user directly
+
+     :param user: Instance of :class: ``User``
+     :return: {asset1: {system_user1, system_user2}, asset2: {...}}
+    """
+    assets = {}
+    asset_permissions_direct = user.asset_permissions.all()
+
+    for asset_permission in asset_permissions_direct:
+        if not asset_permission.is_valid:
+            continue
+        for asset in asset_permission.get_granted_assets():
+            if asset in assets:
+                assets[asset] |= set(asset_permission.system_users.all())
+            else:
+                assets[asset] = set(asset_permission.system_users.all())
+
+    return assets
+
+
+def get_user_granted_assets_inherit_from_user_groups(user):
    """Return all assets granted of the user

    :param user: Instance of :class: ``User``
    :return: {asset1: {system_user1, system_user2}, asset2: {...}}
    """
-    pass
+    assets = {}
+    user_groups = user.groups.all()
+
+    for user_group in user_groups:
+        assets_inherited = get_user_group_granted_assets(user_group)
+        for asset in assets_inherited:
+            if asset in assets:
+                assets[asset] |= assets_inherited[asset]
+            else:
+                assets[asset] = assets_inherited[asset]
+
+    return assets
+
+
+def get_user_granted_assets(user):
+    assets_direct = get_user_granted_assets_direct(user)
+    assets_inherited = get_user_granted_assets_inherit_from_user_groups(user)
+    assets = assets_inherited
+
+    for asset in assets_direct:
+        if asset in assets:
+            assets[asset] |= assets_direct[asset]
+        else:
+            assets[asset] = assets_direct[asset]
+
+    return assets


 def get_user_groups_granted_in_asset(asset):