diff --git a/apps/perms/utils/account.py b/apps/perms/utils/account.py index 9db8a175f..948f60a84 100644 --- a/apps/perms/utils/account.py +++ b/apps/perms/utils/account.py @@ -1,22 +1,20 @@ from collections import defaultdict from assets.models import Account -from perms.models import AssetPermission +from .permission import AssetPermissionUtil -class PermAccountUtil(object): - """ 授权账号查询工具 """ - - # Accounts +class PermAccountUtil(AssetPermissionUtil): + """ 资产授权账号相关的工具 """ def get_user_perm_asset_accounts(self, user, asset, with_actions=False): """ 获取授权给用户某个资产的账号 """ - perms = self.get_user_asset_permissions(user, asset) + perms = self.get_permissions_for_user_asset(user, asset) accounts = self.get_permissions_accounts(perms, with_actions=with_actions) return accounts def get_user_perm_accounts(self, user, with_actions=False): """ 获取授权给用户的所有账号 """ - perms = self.get_user_permissions(user) + perms = self.get_permissions_for_user(user) accounts = self.get_permissions_accounts(perms, with_actions=with_actions) return accounts @@ -35,49 +33,3 @@ class PermAccountUtil(object): account.actions = aid_actions_map.get(str(account.id)) return accounts - # Permissions - - def get_user_asset_permissions(self, user, asset): - """ 获取同时包含用户、资产的授权规则 """ - user_perm_ids = self.get_user_permissions(user, flat=True) - asset_perm_ids = self.get_asset_permissions(asset, flat=True) - perm_ids = set(user_perm_ids) & set(asset_perm_ids) - perms = AssetPermission.objects.filter(id__in=perm_ids) - return perms - - def get_user_permissions(self, user, with_group=True, flat=False): - """ 获取用户的授权规则 """ - perm_ids = set() - # user - user_perm_ids = AssetPermission.users.through.objects.filter(user_id=user.id)\ - .values_list('assetpermission_id', flat=True).distinct() - perm_ids.update(user_perm_ids) - # group - if with_group: - groups = user.groups.all() - group_perm_ids = self.get_user_groups_permissions(groups, flat=True) - perm_ids.update(group_perm_ids) - if flat: - return perm_ids - perms = AssetPermission.objects.filter(id__in=perm_ids) - return perms - - @staticmethod - def get_user_groups_permissions(user_groups, flat=False): - """ 获取用户组的授权规则 """ - group_ids = user_groups.values_list('id', flat=True).distinct() - perm_ids = AssetPermission.user_groups.through.objects.filter(usergroup_id__in=group_ids) \ - .values_list('assetpermission_id', flat=True).distinct() - if flat: - return perm_ids - perms = AssetPermission.objects.filter(id__in=perm_ids) - return perms - - def get_asset_permissions(self, asset, flat=False): - """ 获取资产的授权规则""" - return AssetPermission.objects.all() - - def get_node_permissions(self): - """ 获取节点的授权规则 """ - pass - diff --git a/apps/perms/utils/permission.py b/apps/perms/utils/permission.py index c3a515514..7906cf1d3 100644 --- a/apps/perms/utils/permission.py +++ b/apps/perms/utils/permission.py @@ -11,6 +11,75 @@ from perms.utils.user_permission import get_user_all_asset_perm_ids logger = get_logger(__file__) +class AssetPermissionUtil(object): + """ 资产授权相关的方法工具 """ + + def get_permissions_for_user_asset(self, user, asset): + """ 获取同时包含用户、资产的授权规则 """ + user_perm_ids = self.get_permissions_for_user(user, flat=True) + asset_perm_ids = self.get_permissions_for_asset(asset, flat=True) + perm_ids = set(user_perm_ids) & set(asset_perm_ids) + perms = AssetPermission.objects.filter(id__in=perm_ids) + return perms + + def get_permissions_for_user(self, user, with_group=True, flat=False): + """ 获取用户的授权规则 """ + perm_ids = set() + # user + user_perm_ids = AssetPermission.users.through.objects.filter(user_id=user.id) \ + .values_list('assetpermission_id', flat=True).distinct() + perm_ids.update(user_perm_ids) + # group + if with_group: + groups = user.groups.all() + group_perm_ids = self.get_permissions_for_user_groups(groups, flat=True) + perm_ids.update(group_perm_ids) + if flat: + return perm_ids + perms = AssetPermission.objects.filter(id__in=perm_ids) + return perms + + @staticmethod + def get_permissions_for_user_groups(user_groups, flat=False): + """ 获取用户组的授权规则 """ + group_ids = user_groups.values_list('id', flat=True).distinct() + group_perm_ids = AssetPermission.user_groups.through.objects.filter(usergroup_id__in=group_ids) \ + .values_list('assetpermission_id', flat=True).distinct() + if flat: + return group_perm_ids + perms = AssetPermission.objects.filter(id__in=group_perm_ids) + return perms + + def get_permissions_for_asset(self, asset, with_node=True, flat=False): + """ 获取资产的授权规则""" + perm_ids = set() + asset_perm_ids = AssetPermission.assets.through.objects.filter(asset_id=asset.id) \ + .values_list('assetpermission_id', flat=True).distinct() + perm_ids.update(asset_perm_ids) + if with_node: + nodes = asset.get_all_nodes(flat=True) + node_perm_ids = self.get_permissions_for_nodes(nodes, flat=True) + perm_ids.update(node_perm_ids) + if flat: + return perm_ids + perms = AssetPermission.objects.filter(id__in=perm_ids) + return perms + + @staticmethod + def get_permissions_for_nodes(nodes, flat=False): + """ 获取节点的授权规则 """ + node_ids = nodes.values_list('id', flat=True).distinct() + node_perm_ids = AssetPermission.nodes.through.objects.filter(node_id__in=node_ids) \ + .values_list('assetpermission_id', flat=True).distinct() + if flat: + return node_perm_ids + perms = AssetPermission.objects.filter(id__in=node_perm_ids) + return perms + + +# TODO: 下面的方法放到类中进行实现 + + def validate_permission(user, asset, account, action='connect'): asset_perm_ids = get_user_all_asset_perm_ids(user)