mirror of https://github.com/jumpserver/jumpserver
refactor: 重构资产授权工具、资产授权账号工具类
parent
1b795791de
commit
c41e0148d9
|
@ -1,22 +1,20 @@
|
|||
from collections import defaultdict
|
||||
from assets.models import Account
|
||||
from perms.models import AssetPermission
|
||||
from .permission import AssetPermissionUtil
|
||||
|
||||
|
||||
class PermAccountUtil(object):
|
||||
""" 授权账号查询工具 """
|
||||
|
||||
# Accounts
|
||||
class PermAccountUtil(AssetPermissionUtil):
|
||||
""" 资产授权账号相关的工具 """
|
||||
|
||||
def get_user_perm_asset_accounts(self, user, asset, with_actions=False):
|
||||
""" 获取授权给用户某个资产的账号 """
|
||||
perms = self.get_user_asset_permissions(user, asset)
|
||||
perms = self.get_permissions_for_user_asset(user, asset)
|
||||
accounts = self.get_permissions_accounts(perms, with_actions=with_actions)
|
||||
return accounts
|
||||
|
||||
def get_user_perm_accounts(self, user, with_actions=False):
|
||||
""" 获取授权给用户的所有账号 """
|
||||
perms = self.get_user_permissions(user)
|
||||
perms = self.get_permissions_for_user(user)
|
||||
accounts = self.get_permissions_accounts(perms, with_actions=with_actions)
|
||||
return accounts
|
||||
|
||||
|
@ -35,49 +33,3 @@ class PermAccountUtil(object):
|
|||
account.actions = aid_actions_map.get(str(account.id))
|
||||
return accounts
|
||||
|
||||
# Permissions
|
||||
|
||||
def get_user_asset_permissions(self, user, asset):
|
||||
""" 获取同时包含用户、资产的授权规则 """
|
||||
user_perm_ids = self.get_user_permissions(user, flat=True)
|
||||
asset_perm_ids = self.get_asset_permissions(asset, flat=True)
|
||||
perm_ids = set(user_perm_ids) & set(asset_perm_ids)
|
||||
perms = AssetPermission.objects.filter(id__in=perm_ids)
|
||||
return perms
|
||||
|
||||
def get_user_permissions(self, user, with_group=True, flat=False):
|
||||
""" 获取用户的授权规则 """
|
||||
perm_ids = set()
|
||||
# user
|
||||
user_perm_ids = AssetPermission.users.through.objects.filter(user_id=user.id)\
|
||||
.values_list('assetpermission_id', flat=True).distinct()
|
||||
perm_ids.update(user_perm_ids)
|
||||
# group
|
||||
if with_group:
|
||||
groups = user.groups.all()
|
||||
group_perm_ids = self.get_user_groups_permissions(groups, flat=True)
|
||||
perm_ids.update(group_perm_ids)
|
||||
if flat:
|
||||
return perm_ids
|
||||
perms = AssetPermission.objects.filter(id__in=perm_ids)
|
||||
return perms
|
||||
|
||||
@staticmethod
|
||||
def get_user_groups_permissions(user_groups, flat=False):
|
||||
""" 获取用户组的授权规则 """
|
||||
group_ids = user_groups.values_list('id', flat=True).distinct()
|
||||
perm_ids = AssetPermission.user_groups.through.objects.filter(usergroup_id__in=group_ids) \
|
||||
.values_list('assetpermission_id', flat=True).distinct()
|
||||
if flat:
|
||||
return perm_ids
|
||||
perms = AssetPermission.objects.filter(id__in=perm_ids)
|
||||
return perms
|
||||
|
||||
def get_asset_permissions(self, asset, flat=False):
|
||||
""" 获取资产的授权规则"""
|
||||
return AssetPermission.objects.all()
|
||||
|
||||
def get_node_permissions(self):
|
||||
""" 获取节点的授权规则 """
|
||||
pass
|
||||
|
||||
|
|
|
@ -11,6 +11,75 @@ from perms.utils.user_permission import get_user_all_asset_perm_ids
|
|||
logger = get_logger(__file__)
|
||||
|
||||
|
||||
class AssetPermissionUtil(object):
|
||||
""" 资产授权相关的方法工具 """
|
||||
|
||||
def get_permissions_for_user_asset(self, user, asset):
|
||||
""" 获取同时包含用户、资产的授权规则 """
|
||||
user_perm_ids = self.get_permissions_for_user(user, flat=True)
|
||||
asset_perm_ids = self.get_permissions_for_asset(asset, flat=True)
|
||||
perm_ids = set(user_perm_ids) & set(asset_perm_ids)
|
||||
perms = AssetPermission.objects.filter(id__in=perm_ids)
|
||||
return perms
|
||||
|
||||
def get_permissions_for_user(self, user, with_group=True, flat=False):
|
||||
""" 获取用户的授权规则 """
|
||||
perm_ids = set()
|
||||
# user
|
||||
user_perm_ids = AssetPermission.users.through.objects.filter(user_id=user.id) \
|
||||
.values_list('assetpermission_id', flat=True).distinct()
|
||||
perm_ids.update(user_perm_ids)
|
||||
# group
|
||||
if with_group:
|
||||
groups = user.groups.all()
|
||||
group_perm_ids = self.get_permissions_for_user_groups(groups, flat=True)
|
||||
perm_ids.update(group_perm_ids)
|
||||
if flat:
|
||||
return perm_ids
|
||||
perms = AssetPermission.objects.filter(id__in=perm_ids)
|
||||
return perms
|
||||
|
||||
@staticmethod
|
||||
def get_permissions_for_user_groups(user_groups, flat=False):
|
||||
""" 获取用户组的授权规则 """
|
||||
group_ids = user_groups.values_list('id', flat=True).distinct()
|
||||
group_perm_ids = AssetPermission.user_groups.through.objects.filter(usergroup_id__in=group_ids) \
|
||||
.values_list('assetpermission_id', flat=True).distinct()
|
||||
if flat:
|
||||
return group_perm_ids
|
||||
perms = AssetPermission.objects.filter(id__in=group_perm_ids)
|
||||
return perms
|
||||
|
||||
def get_permissions_for_asset(self, asset, with_node=True, flat=False):
|
||||
""" 获取资产的授权规则"""
|
||||
perm_ids = set()
|
||||
asset_perm_ids = AssetPermission.assets.through.objects.filter(asset_id=asset.id) \
|
||||
.values_list('assetpermission_id', flat=True).distinct()
|
||||
perm_ids.update(asset_perm_ids)
|
||||
if with_node:
|
||||
nodes = asset.get_all_nodes(flat=True)
|
||||
node_perm_ids = self.get_permissions_for_nodes(nodes, flat=True)
|
||||
perm_ids.update(node_perm_ids)
|
||||
if flat:
|
||||
return perm_ids
|
||||
perms = AssetPermission.objects.filter(id__in=perm_ids)
|
||||
return perms
|
||||
|
||||
@staticmethod
|
||||
def get_permissions_for_nodes(nodes, flat=False):
|
||||
""" 获取节点的授权规则 """
|
||||
node_ids = nodes.values_list('id', flat=True).distinct()
|
||||
node_perm_ids = AssetPermission.nodes.through.objects.filter(node_id__in=node_ids) \
|
||||
.values_list('assetpermission_id', flat=True).distinct()
|
||||
if flat:
|
||||
return node_perm_ids
|
||||
perms = AssetPermission.objects.filter(id__in=node_perm_ids)
|
||||
return perms
|
||||
|
||||
|
||||
# TODO: 下面的方法放到类中进行实现
|
||||
|
||||
|
||||
def validate_permission(user, asset, account, action='connect'):
|
||||
asset_perm_ids = get_user_all_asset_perm_ids(user)
|
||||
|
||||
|
|
Loading…
Reference in New Issue