Merge branch 'v3' of github.com:jumpserver/jumpserver into v3

apps/common/mixins/api/permission.py

@@ -27,7 +27,6 @@ class RoleAdminMixin:
         user_id = self.kwargs.get(self.user_id_url_kwarg)
         if hasattr(self, 'swagger_fake_view') and not user_id:
             return self.request.user  # NOQA
-
         user_model = get_user_model()
         return user_model.objects.get(id=user_id)
 
@@ -37,4 +36,4 @@ class RoleUserMixin:
 
     @lazyproperty
     def user(self):
-        return self.request.user
+        return self.request.user

apps/perms/api/user_permission/assets/api.py

@@ -9,54 +9,52 @@ from .mixin import (
 )
 
 __all__ = [
-    'UserDirectGrantedAssetsForAdminApi', 'MyDirectGrantedAssetsApi', 'UserFavoriteGrantedAssetsForAdminApi',
+    'UserDirectGrantedAssetsApi', 'MyDirectGrantedAssetsApi',
-    'MyFavoriteGrantedAssetsApi', 'UserDirectGrantedAssetsAsTreeForAdminApi', 'MyUngroupAssetsAsTreeApi',
+    'UserFavoriteGrantedAssetsApi',
-    'UserAllGrantedAssetsApi', 'MyAllGrantedAssetsApi', 'MyAllAssetsAsTreeApi', 'UserGrantedNodeAssetsForAdminApi',
+    'MyFavoriteGrantedAssetsApi', 'UserDirectGrantedAssetsAsTreeApi',
+    'MyUngroupAssetsAsTreeApi',
+    'UserAllGrantedAssetsApi', 'MyAllGrantedAssetsApi', 'MyAllAssetsAsTreeApi',
+    'UserGrantedNodeAssetsApi',
     'MyGrantedNodeAssetsApi',
 ]
 
 logger = get_logger(__name__)
 
 
-class UserDirectGrantedAssetsForAdminApi(UserDirectGrantedAssetsQuerysetMixin,
+class UserDirectGrantedAssetsApi(
-                                         AssetRoleAdminMixin,
+    AssetRoleAdminMixin,
-                                         AssetsSerializerFormatMixin,
+    UserDirectGrantedAssetsQuerysetMixin, AssetsSerializerFormatMixin, ListAPIView
-                                         ListAPIView):
+):
+    """ 直接授权给用户的资产 """
     pass
 
 
-class MyDirectGrantedAssetsApi(UserDirectGrantedAssetsQuerysetMixin,
+class MyDirectGrantedAssetsApi(AssetRoleUserMixin, UserDirectGrantedAssetsApi):
-                               AssetRoleUserMixin,
+    """ 直接授权给我的资产 """
-                               AssetsSerializerFormatMixin,
-                               ListAPIView):
     pass
 
 
-class UserFavoriteGrantedAssetsForAdminApi(UserFavoriteGrantedAssetsMixin,
+class UserFavoriteGrantedAssetsApi(
-                                           AssetRoleAdminMixin,
+    AssetRoleAdminMixin,
-                                           AssetsSerializerFormatMixin,
+    UserFavoriteGrantedAssetsMixin, AssetsSerializerFormatMixin, ListAPIView
-                                           ListAPIView):
+):
+    """ 用户收藏的授权资产 """
     pass
 
 
-class MyFavoriteGrantedAssetsApi(UserFavoriteGrantedAssetsMixin,
+class MyFavoriteGrantedAssetsApi(AssetRoleUserMixin, UserFavoriteGrantedAssetsApi):
-                                 AssetRoleUserMixin,
+    """ 我收藏的授权资产 """
-                                 AssetsSerializerFormatMixin,
-                                 ListAPIView):
     pass
 
 
-class UserDirectGrantedAssetsAsTreeForAdminApi(UserDirectGrantedAssetsQuerysetMixin,
+class UserDirectGrantedAssetsAsTreeApi(AssetsTreeFormatMixin, UserDirectGrantedAssetsApi):
-                                               AssetRoleAdminMixin,
+    """ 用户直接授权的资产作为树 """
-                                               AssetsTreeFormatMixin,
-                                               ListAPIView):
     pass
 
 
-class MyUngroupAssetsAsTreeApi(UserDirectGrantedAssetsQuerysetMixin,
+class MyUngroupAssetsAsTreeApi(AssetRoleUserMixin, UserDirectGrantedAssetsAsTreeApi):
-                               AssetRoleUserMixin,
+    """ 我的未分组节点下的资产作为树 """
-                               AssetsTreeFormatMixin,
+
-                               ListAPIView):
     def get_queryset(self):
         queryset = super().get_queryset()
         if not settings.PERM_SINGLE_ASSET_TO_UNGROUP_NODE:
@@ -64,36 +62,31 @@ class MyUngroupAssetsAsTreeApi(UserDirectGrantedAssetsQuerysetMixin,
         return queryset
 
 
-class UserAllGrantedAssetsApi(UserAllGrantedAssetsQuerysetMixin,
+class UserAllGrantedAssetsApi(
-                              AssetRoleAdminMixin,
+    AssetRoleAdminMixin,
-                              AssetsSerializerFormatMixin,
+    UserAllGrantedAssetsQuerysetMixin, AssetsSerializerFormatMixin, ListAPIView
-                              ListAPIView):
+):
+    """ 授权给用户的所有资产 """
     pass
 
 
-class MyAllGrantedAssetsApi(UserAllGrantedAssetsQuerysetMixin,
+class MyAllGrantedAssetsApi(AssetRoleUserMixin, UserAllGrantedAssetsApi):
-                            AssetRoleUserMixin,
+    """ 授权给我的所有资产 """
-                            AssetsSerializerFormatMixin,
-                            ListAPIView):
     pass
 
 
-class MyAllAssetsAsTreeApi(UserAllGrantedAssetsQuerysetMixin,
+class MyAllAssetsAsTreeApi(AssetsTreeFormatMixin, MyAllGrantedAssetsApi):
-                           AssetRoleUserMixin,
+    """ 授权给我的所有资产作为树 """
-                           AssetsTreeFormatMixin,
-                           ListAPIView):
     pass
 
 
-class UserGrantedNodeAssetsForAdminApi(AssetRoleAdminMixin,
+class UserGrantedNodeAssetsApi(
-                                       UserGrantedNodeAssetsMixin,
+    AssetRoleAdminMixin, UserGrantedNodeAssetsMixin, AssetsSerializerFormatMixin, ListAPIView
-                                       AssetsSerializerFormatMixin,
+):
-                                       ListAPIView):
+    """ 授权给用户的节点资产 """
     pass
 
 
-class MyGrantedNodeAssetsApi(AssetRoleUserMixin,
+class MyGrantedNodeAssetsApi(AssetRoleUserMixin, UserGrantedNodeAssetsApi):
-                             UserGrantedNodeAssetsMixin,
+    """ 授权给我的节点资产 """
-                             AssetsSerializerFormatMixin,
-                             ListAPIView):
     pass

apps/perms/api/user_permission/assets/mixin.py

@@ -64,6 +64,7 @@ class UserGrantedNodeAssetsMixin:
     pagination_class = NodeGrantedAssetPagination
     pagination_node: Node
     user: User
+    kwargs: dict
 
     def get_queryset(self):
         if getattr(self, 'swagger_fake_view', False):
@@ -91,6 +92,9 @@ class AssetsTreeFormatMixin(SerializeToTreeNodeMixin):
     """
     将 资产 序列化成树的结构返回
     """
+    filter_queryset: callable
+    get_queryset: callable
+
     filterset_fields = ['name', 'ip', 'id', 'comment']
     search_fields = ['name', 'ip', 'comment']
 

apps/perms/api/user_permission/mixin.py

@@ -3,14 +3,14 @@
 from rest_framework.request import Request
 
 from common.http import is_true
-from common.mixins.api import RoleAdminMixin as _RoleAdminMixin
+from common.mixins.api import RoleAdminMixin
-from common.mixins.api import RoleUserMixin as _RoleUserMixin
+from common.mixins.api import RoleUserMixin
 from orgs.utils import tmp_to_root_org
 from users.models import User
 from perms.utils.user_permission import UserGrantedTreeRefreshController
 
 
-class PermBaseMixin:
+class RebuildTreeMixin:
     user: User
 
     def get(self, request: Request, *args, **kwargs):
@@ -20,7 +20,7 @@ class PermBaseMixin:
         return super().get(request, *args, **kwargs)
 
 
-class AssetRoleAdminMixin(PermBaseMixin, _RoleAdminMixin):
+class AssetRoleAdminMixin(RebuildTreeMixin, RoleAdminMixin):
     rbac_perms = (
         ('list', 'perms.view_userassets'),
         ('retrieve', 'perms.view_userassets'),
@@ -29,7 +29,7 @@ class AssetRoleAdminMixin(PermBaseMixin, _RoleAdminMixin):
     )
 
 
-class AssetRoleUserMixin(PermBaseMixin, _RoleUserMixin):
+class AssetRoleUserMixin(RebuildTreeMixin, RoleUserMixin):
     rbac_perms = (
         ('list', 'perms.view_myassets'),
         ('retrieve', 'perms.view_myassets'),

apps/perms/urls/asset_permission.py

@@ -24,7 +24,7 @@ user_permission_urlpatterns = [
     path('assets/', api.MyAllGrantedAssetsApi.as_view(), name='my-assets'),
 
     # Tree Node 的数据格式返回
-    path('<uuid:pk>/assets/tree/', api.UserDirectGrantedAssetsAsTreeForAdminApi.as_view(), name='user-assets-as-tree'),
+    path('<uuid:pk>/assets/tree/', api.UserDirectGrantedAssetsAsTreeApi.as_view(), name='user-assets-as-tree'),
     path('assets/tree/', api.MyAllAssetsAsTreeApi.as_view(), name='my-assets-as-tree'),
     path('ungroup/assets/tree/', api.MyUngroupAssetsAsTreeApi.as_view(), name='my-ungroup-assets-as-tree'),
     # ^--------------------------------------------------------^
@@ -60,17 +60,18 @@ user_permission_urlpatterns = [
     path('nodes/children-with-assets/tree/', api.MyGrantedNodeChildrenWithAssetsAsTreeApi.as_view(), name='my-nodes-children-with-assets-as-tree'),
 
     # 查询授权树上某个节点的所有资产
-    path('<uuid:pk>/nodes/<uuid:node_id>/assets/', api.UserGrantedNodeAssetsForAdminApi.as_view(), name='user-node-assets'),
+    path('<uuid:pk>/nodes/<uuid:node_id>/assets/', api.UserGrantedNodeAssetsApi.as_view(), name='user-node-assets'),
     path('nodes/<uuid:node_id>/assets/', api.MyGrantedNodeAssetsApi.as_view(), name='my-node-assets'),
 
     # 未分组的资产
-    path('<uuid:pk>/nodes/ungrouped/assets/', api.UserDirectGrantedAssetsForAdminApi.as_view(), name='user-ungrouped-assets'),
+    path('<uuid:pk>/nodes/ungrouped/assets/', api.UserDirectGrantedAssetsApi.as_view(), name='user-ungrouped-assets'),
     path('nodes/ungrouped/assets/', api.MyDirectGrantedAssetsApi.as_view(), name='my-ungrouped-assets'),
 
     # 收藏的资产
-    path('<uuid:pk>/nodes/favorite/assets/', api.UserFavoriteGrantedAssetsForAdminApi.as_view(), name='user-ungrouped-assets'),
+    path('<uuid:pk>/nodes/favorite/assets/', api.UserFavoriteGrantedAssetsApi.as_view(), name='user-ungrouped-assets'),
     path('nodes/favorite/assets/', api.MyFavoriteGrantedAssetsApi.as_view(), name='my-ungrouped-assets'),
 
+    # Todo: 删除
     # Asset System users
     path('<uuid:pk>/assets/<uuid:asset_id>/system-users/', api.UserGrantedAssetSystemUsersForAdminApi.as_view(), name='user-asset-system-users'),
     path('assets/<uuid:asset_id>/system-users/', api.MyGrantedAssetSystemUsersApi.as_view(), name='my-asset-system-users'),