perf: 优化 job permission

2023-05-09 17:18:52 +08:00 · 2023-05-09 17:18:52 +08:00 · b5599fd3a6
parent 6b6900cfd4
commit b5599fd3a6
1 changed files with 45 additions and 43 deletions
--- a/apps/ops/api/job.py
+++ b/apps/ops/api/job.py
@ -1,23 +1,25 @@
 from django.conf import settings
 from django.db.models import Count
 from django.db.transaction import atomic
-from rest_framework.views import APIView
 from django.shortcuts import get_object_or_404
 from rest_framework.response import Response
+from rest_framework.views import APIView

+from common.permissions import IsValidUser
 from ops.const import Types
 from ops.models import Job, JobExecution
 from ops.serializers.job import JobSerializer, JobExecutionSerializer

-__all__ = ['JobViewSet', 'JobExecutionViewSet', 'JobRunVariableHelpAPIView',
-           'JobAssetDetail', 'JobExecutionTaskDetail', 'FrequentUsernames']
+__all__ = [
+    'JobViewSet', 'JobExecutionViewSet', 'JobRunVariableHelpAPIView',
+    'JobAssetDetail', 'JobExecutionTaskDetail', 'FrequentUsernames'
+]

 from ops.tasks import run_ops_job_execution
 from ops.variables import JMS_JOB_VARIABLE_HELP
 from orgs.mixins.api import OrgBulkModelViewSet
 from orgs.utils import tmp_to_org, get_current_org
 from accounts.models import Account
-from rbac.permissions import RBACPermission


 def set_task_to_serializer_data(serializer, task):
@ -28,7 +30,6 @@ def set_task_to_serializer_data(serializer, task):

 class JobViewSet(OrgBulkModelViewSet):
    serializer_class = JobSerializer
-    permission_classes = (RBACPermission,)
    search_fields = ('name', 'comment')
    model = Job

@ -70,7 +71,6 @@ class JobViewSet(OrgBulkModelViewSet):
 class JobExecutionViewSet(OrgBulkModelViewSet):
    serializer_class = JobExecutionSerializer
    http_method_names = ('get', 'post', 'head', 'options',)
-    permission_classes = (RBACPermission,)
    model = JobExecution
    search_fields = ('material',)

@ -94,50 +94,52 @@ class JobExecutionViewSet(OrgBulkModelViewSet):
        return queryset


+class JobAssetDetail(APIView):
+    rbac_perms = {
+        'get': ['ops.view_jobexecution'],
+    }
+
+    def get(self, request, **kwargs):
+        execution_id = request.query_params.get('execution_id', '')
+        execution = get_object_or_404(JobExecution, id=execution_id)
+        return Response(data=execution.assent_result_detail)
+
+
+class JobExecutionTaskDetail(APIView):
+    rbac_perms = {
+        'get': ['ops.view_jobexecution'],
+    }
+
+    def get(self, request, **kwargs):
+        org = get_current_org()
+        task_id = str(kwargs.get('task_id'))
+
+        with tmp_to_org(org):
+            execution = get_object_or_404(JobExecution, task_id=task_id)
+
+        return Response(data={
+            'status': execution.status,
+            'is_finished': execution.is_finished,
+            'is_success': execution.is_success,
+            'time_cost': execution.time_cost,
+            'job_id': execution.job.id,
+        })
+
+
 class JobRunVariableHelpAPIView(APIView):
-    rbac_perms = ()
-    permission_classes = ()
+    permission_classes = [IsValidUser]

    def get(self, request, **kwargs):
        return Response(data=JMS_JOB_VARIABLE_HELP)


-class JobAssetDetail(APIView):
-    rbac_perms = ()
-    permission_classes = ()
-
-    def get(self, request, **kwargs):
-        execution_id = request.query_params.get('execution_id')
-        if execution_id:
-            execution = get_object_or_404(JobExecution, id=execution_id)
-            return Response(data=execution.assent_result_detail)
-
-
-class JobExecutionTaskDetail(APIView):
-    rbac_perms = ()
-    permission_classes = ()
-
-    def get(self, request, **kwargs):
-        org = get_current_org()
-        task_id = str(kwargs.get('task_id'))
-        if task_id:
-            with tmp_to_org(org):
-                execution = get_object_or_404(JobExecution, task_id=task_id)
-                return Response(data={
-                    'status': execution.status,
-                    'is_finished': execution.is_finished,
-                    'is_success': execution.is_success,
-                    'time_cost': execution.time_cost,
-                    'job_id': execution.job.id,
-                })
-
-
 class FrequentUsernames(APIView):
-    rbac_perms = ()
-    permission_classes = ()
+    permission_classes = [IsValidUser]

    def get(self, request, **kwargs):
-        top_accounts = Account.objects.exclude(username='root').exclude(username__startswith='jms_').values(
-            'username').annotate(
-            total=Count('username')).order_by('total')[:5]
+        top_accounts = Account.objects.exclude(username='root') \
+                           .exclude(username__startswith='jms_') \
+                           .values('username') \
+                           .annotate(total=Count('username')) \
+                           .order_by('total')[:5]
        return Response(data=top_accounts)