From d1e25e1fefb34eb9a4517cc128ad6e12e126ebe3 Mon Sep 17 00:00:00 2001 From: fit2bot <68588906+fit2bot@users.noreply.github.com> Date: Thu, 10 Mar 2022 18:51:45 +0800 Subject: [PATCH] =?UTF-8?q?fix:=20=E5=88=A0=E9=99=A4=E5=BA=94=E7=94=A8/?= =?UTF-8?q?=E6=8E=88=E6=9D=83=E5=BA=94=E7=94=A8=E7=9B=B8=E5=85=B3=E6=9D=83?= =?UTF-8?q?=E9=99=90=20(#7792)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * fix: 删除应用/授权应用相关权限 * fix: 删rbac清除code的一些迁移文件;增加到utils目录下 Co-authored-by: Jiangjie.Bai --- ...019_databaseapp_kubernetesapp_remoteapp.py | 55 ------------- apps/applications/models/application.py | 18 ----- .../migrations/0027_auto_20220310_0616.py | 78 ------------------- .../migrations/0027_auto_20220310_1802.py | 36 +++++++++ apps/perms/models/application_permission.py | 35 +-------- .../migrations/0006_auto_20220307_1558.py | 40 ---------- ...310_0616.py => 0006_auto_20220310_0616.py} | 2 +- utils/clean_db_content_types.py | 65 ++++++++++++++++ 8 files changed, 104 insertions(+), 225 deletions(-) delete mode 100644 apps/applications/migrations/0019_databaseapp_kubernetesapp_remoteapp.py delete mode 100644 apps/perms/migrations/0027_auto_20220310_0616.py create mode 100644 apps/perms/migrations/0027_auto_20220310_1802.py delete mode 100644 apps/rbac/migrations/0006_auto_20220307_1558.py rename apps/rbac/migrations/{0007_auto_20220310_0616.py => 0006_auto_20220310_0616.py} (93%) create mode 100644 utils/clean_db_content_types.py diff --git a/apps/applications/migrations/0019_databaseapp_kubernetesapp_remoteapp.py b/apps/applications/migrations/0019_databaseapp_kubernetesapp_remoteapp.py deleted file mode 100644 index 6b78c5f42..000000000 --- a/apps/applications/migrations/0019_databaseapp_kubernetesapp_remoteapp.py +++ /dev/null @@ -1,55 +0,0 @@ -# Generated by Django 3.1.14 on 2022-03-09 22:16 - -from django.db import migrations - - -def drop_old_permissions(apps, schema_editor): - content_type_model = apps.get_model("rbac", "ContentType") - db_alias = schema_editor.connection.alias - content_type_model.objects.using(db_alias).filter(platform__startswith='Win').update(protocol='rdp') - - -class Migration(migrations.Migration): - - dependencies = [ - ('applications', '0018_auto_20220223_1539'), - ] - - operations = [ - migrations.CreateModel( - name='DatabaseApp', - fields=[ - ], - options={ - 'verbose_name': 'Database application', - 'proxy': True, - 'indexes': [], - 'constraints': [], - }, - bases=('applications.application',), - ), - migrations.CreateModel( - name='KubernetesApp', - fields=[ - ], - options={ - 'verbose_name': 'Kubernetes', - 'proxy': True, - 'indexes': [], - 'constraints': [], - }, - bases=('applications.application',), - ), - migrations.CreateModel( - name='RemoteApp', - fields=[ - ], - options={ - 'verbose_name': 'Remote application', - 'proxy': True, - 'indexes': [], - 'constraints': [], - }, - bases=('applications.application',), - ), - ] diff --git a/apps/applications/models/application.py b/apps/applications/models/application.py index aa4f03474..467a5de39 100644 --- a/apps/applications/models/application.py +++ b/apps/applications/models/application.py @@ -269,21 +269,3 @@ class ApplicationUser(SystemUser): class Meta: proxy = True verbose_name = _('Application user') - - -class RemoteApp(Application): - class Meta: - proxy = True - verbose_name = _('Remote application') - - -class DatabaseApp(Application): - class Meta: - proxy = True - verbose_name = _('Database application') - - -class KubernetesApp(Application): - class Meta: - proxy = True - verbose_name = _('Kubernetes') diff --git a/apps/perms/migrations/0027_auto_20220310_0616.py b/apps/perms/migrations/0027_auto_20220310_0616.py deleted file mode 100644 index 74a57690a..000000000 --- a/apps/perms/migrations/0027_auto_20220310_0616.py +++ /dev/null @@ -1,78 +0,0 @@ -# Generated by Django 3.1.14 on 2022-03-09 22:16 - -from django.db import migrations - - -class Migration(migrations.Migration): - - dependencies = [ - ('applications', '0019_databaseapp_kubernetesapp_remoteapp'), - ('perms', '0026_auto_20220307_1500'), - ] - - operations = [ - migrations.CreateModel( - name='PermedApplication', - fields=[ - ], - options={ - 'verbose_name': 'Permed application', - 'permissions': [('view_userapps', 'Can view user apps'), ('view_usergroupapps', 'Can view usergroup apps')], - 'proxy': True, - 'default_permissions': [], - 'indexes': [], - 'constraints': [], - }, - bases=('applications.application',), - ), - migrations.CreateModel( - name='PermedDatabaseApp', - fields=[ - ], - options={ - 'verbose_name': 'Database application', - 'permissions': [('view_mydatabaseapp', 'Can view my database application'), ('connect_mydatabaseapp', 'Can connect my database application')], - 'proxy': True, - 'default_permissions': [], - 'indexes': [], - 'constraints': [], - }, - bases=('applications.application',), - ), - migrations.CreateModel( - name='PermedKubernetesApp', - fields=[ - ], - options={ - 'verbose_name': 'Kubernetes', - 'permissions': [('view_mykubernetesapp', 'Can view my kubernetes application'), ('connect_mykubernetesapp', 'Can connect my kubernetes application')], - 'proxy': True, - 'default_permissions': [], - 'indexes': [], - 'constraints': [], - }, - bases=('applications.application',), - ), - migrations.CreateModel( - name='PermedRemoteApp', - fields=[ - ], - options={ - 'verbose_name': 'Permed remote application', - 'permissions': [('view_myremoteapp', 'Can view my remoteapp'), ('connect_myremoteapp', 'Can connect my remoteapp')], - 'proxy': True, - 'default_permissions': [], - 'indexes': [], - 'constraints': [], - }, - bases=('applications.application',), - ), - migrations.AlterModelOptions( - name='applicationpermission', - options={'ordering': ('name',), 'permissions': [('view_permuserapplication', 'Can view application of permission to user')], 'verbose_name': 'Application permission'}, - ), - migrations.AlterModelOptions( - name='assetpermission', - options={'ordering': ('name',), 'permissions': [('view_permuserasset', 'Can view asset of permission to user'), ('view_permusergroupasset', 'Can view asset of permission to user group')], 'verbose_name': 'Asset permission'}, - ), - ] diff --git a/apps/perms/migrations/0027_auto_20220310_1802.py b/apps/perms/migrations/0027_auto_20220310_1802.py new file mode 100644 index 000000000..b4446f82a --- /dev/null +++ b/apps/perms/migrations/0027_auto_20220310_1802.py @@ -0,0 +1,36 @@ +# Generated by Django 3.1.14 on 2022-03-10 10:02 + +from django.db import migrations + + +class Migration(migrations.Migration): + + dependencies = [ + ('applications', '0018_auto_20220223_1539'), + ('perms', '0026_auto_20220307_1500'), + ] + + operations = [ + migrations.CreateModel( + name='PermedApplication', + fields=[ + ], + options={ + 'verbose_name': 'Permed application', + 'permissions': [('view_myapps', 'Can view my apps'), ('connect_myapps', 'Can connect my apps'), ('view_userapps', 'Can view user apps'), ('view_usergroupapps', 'Can view usergroup apps')], + 'proxy': True, + 'default_permissions': [], + 'indexes': [], + 'constraints': [], + }, + bases=('applications.application',), + ), + migrations.AlterModelOptions( + name='applicationpermission', + options={'ordering': ('name',), 'permissions': [('view_permuserapplication', 'Can view application of permission to user')], 'verbose_name': 'Application permission'}, + ), + migrations.AlterModelOptions( + name='assetpermission', + options={'ordering': ('name',), 'permissions': [('view_permuserasset', 'Can view asset of permission to user'), ('view_permusergroupasset', 'Can view asset of permission to user group')], 'verbose_name': 'Asset permission'}, + ), + ] diff --git a/apps/perms/models/application_permission.py b/apps/perms/models/application_permission.py index e2e77279a..6cf5e33d7 100644 --- a/apps/perms/models/application_permission.py +++ b/apps/perms/models/application_permission.py @@ -112,39 +112,8 @@ class PermedApplication(Application): verbose_name = _('Permed application') default_permissions = [] permissions = [ + ('view_myapps', 'Can view my apps'), + ('connect_myapps', 'Can connect my apps'), ('view_userapps', _('Can view user apps')), ('view_usergroupapps', _('Can view usergroup apps')), ] - - -class PermedRemoteApp(Application): - class Meta: - proxy = True - verbose_name = _('Permed remote application') - default_permissions = [] - permissions = [ - ('view_myremoteapp', _('Can view my remoteapp')), - ('connect_myremoteapp', _('Can connect my remoteapp')), - ] - - -class PermedDatabaseApp(Application): - class Meta: - proxy = True - verbose_name = _('Database application') - default_permissions = [] - permissions = [ - ('view_mydatabaseapp', _('Can view my database application')), - ('connect_mydatabaseapp', _('Can connect my database application')), - ] - - -class PermedKubernetesApp(Application): - class Meta: - proxy = True - verbose_name = _('Kubernetes') - default_permissions = [] - permissions = [ - ('view_mykubernetesapp', _('Can view my kubernetes application')), - ('connect_mykubernetesapp', _('Can connect my kubernetes application')), - ] diff --git a/apps/rbac/migrations/0006_auto_20220307_1558.py b/apps/rbac/migrations/0006_auto_20220307_1558.py deleted file mode 100644 index 0790e5c83..000000000 --- a/apps/rbac/migrations/0006_auto_20220307_1558.py +++ /dev/null @@ -1,40 +0,0 @@ -# Generated by Django 3.1.14 on 2022-03-07 07:58 - -from django.db import migrations - - -def delete_unused_permissions(apps, schema_editor): - permission_model = apps.get_model('rbac', 'Permission') - content_type_model = apps.get_model('rbac', 'ContentType') - content_type_delete_required = [ - ('common', 'permission'), - ('applications', 'k8sapp'), - ] - for app, model in content_type_delete_required: - content_type_model.objects.filter(app_label=app, model=model).delete() - - permissions_delete_required = [ - ('perms', 'assetpermission', 'connect_myassets'), - ('perms', 'assetpermission', 'view_myassets'), - ('perms', 'assetpermission', 'view_userassets'), - ('perms', 'assetpermission', 'view_usergroupassets'), - ('perms', 'applicationpermission', 'view_myapps'), - ('perms', 'applicationpermission', 'connect_myapps'), - ('perms', 'applicationpermission', 'view_userapps'), - ('perms', 'applicationpermission', 'view_usergroupapps'), - ] - for app, model, codename in permissions_delete_required: - permission_model.objects.filter( - codename=codename, content_type__model=model, content_type__app_label=app - ).delete() - - -class Migration(migrations.Migration): - - dependencies = [ - ('rbac', '0005_auto_20220307_1524'), - ] - - operations = [ - migrations.RunPython(delete_unused_permissions) - ] diff --git a/apps/rbac/migrations/0007_auto_20220310_0616.py b/apps/rbac/migrations/0006_auto_20220310_0616.py similarity index 93% rename from apps/rbac/migrations/0007_auto_20220310_0616.py rename to apps/rbac/migrations/0006_auto_20220310_0616.py index 684ae9962..aa76969bd 100644 --- a/apps/rbac/migrations/0007_auto_20220310_0616.py +++ b/apps/rbac/migrations/0006_auto_20220310_0616.py @@ -6,7 +6,7 @@ from django.db import migrations class Migration(migrations.Migration): dependencies = [ - ('rbac', '0006_auto_20220307_1558'), + ('rbac', '0005_auto_20220307_1524'), ] operations = [ diff --git a/utils/clean_db_content_types.py b/utils/clean_db_content_types.py new file mode 100644 index 000000000..547d78963 --- /dev/null +++ b/utils/clean_db_content_types.py @@ -0,0 +1,65 @@ +import os +import sys +import django + + +if os.path.exists('../apps'): + sys.path.insert(0, '../apps') +elif os.path.exists('./apps'): + sys.path.insert(0, './apps') + +os.environ.setdefault("DJANGO_SETTINGS_MODULE", "jumpserver.settings") +django.setup() + +from rbac.models import Permission, ContentType + + +def clean_db_content_types(): + content_type_delete_required = [ + ('common', 'permission'), + ] + for app, model in content_type_delete_required: + ContentType.objects.filter(app_label=app, model=model).delete() + + permissions_delete_required = [ + ('perms', 'assetpermission', 'connect_myassets'), + ('perms', 'assetpermission', 'view_myassets'), + ('perms', 'assetpermission', 'view_userassets'), + ('perms', 'assetpermission', 'view_usergroupassets'), + ('perms', 'applicationpermission', 'view_myapps'), + ('perms', 'applicationpermission', 'connect_myapps'), + ('perms', 'applicationpermission', 'view_userapps'), + ('perms', 'applicationpermission', 'view_usergroupapps'), + + + ('perms', 'permeddatabaseapp', 'connect_mydatabaseapp'), + ('perms', 'permeddatabaseapp', 'view_mydatabaseapp'), + ('perms', 'permedkubernetesapp', 'connect_mykubernetesapp'), + ('perms', 'permedkubernetesapp', 'view_mykubernetesapp'), + ('perms', 'permedremoteapp', 'connect_myremoteapp'), + ('perms', 'permedremoteapp', 'view_myremoteapp'), + + ('applications', 'databaseapp', 'add_databaseapp'), + ('applications', 'databaseapp', 'change_databaseapp'), + ('applications', 'databaseapp', 'delete_databaseapp'), + ('applications', 'databaseapp', 'view_databaseapp'), + ('applications', 'kubernetesapp', 'add_kubernetesapp'), + ('applications', 'kubernetesapp', 'delete_kubernetesapp'), + ('applications', 'kubernetesapp', 'change_kubernetesapp'), + ('applications', 'kubernetesapp', 'view_kubernetesapp'), + ('applications', 'remoteapp', 'add_remoteapp'), + ('applications', 'remoteapp', 'change_remoteapp'), + ('applications', 'remoteapp', 'delete_remoteapp'), + ('applications', 'remoteapp', 'view_remoteapp'), + + + ] + for app, model, codename in permissions_delete_required: + print('delete {}.{} ({})'.format(app, codename, model)) + Permission.objects.filter( + codename=codename, content_type__model=model, content_type__app_label=app + ).delete() + + +if __name__ == '__main__': + clean_db_content_types()