fix: 删除应用/授权应用相关权限 (#7792)

* fix: 删除应用/授权应用相关权限

* fix: 删rbac清除code的一些迁移文件;增加到utils目录下

Co-authored-by: Jiangjie.Bai <bugatti_it@163.com>

apps/applications/migrations/0019_databaseapp_kubernetesapp_remoteapp.py

@@ -1,55 +0,0 @@
-# Generated by Django 3.1.14 on 2022-03-09 22:16
-
-from django.db import migrations
-
-
-def drop_old_permissions(apps, schema_editor):
-    content_type_model = apps.get_model("rbac", "ContentType")
-    db_alias = schema_editor.connection.alias
-    content_type_model.objects.using(db_alias).filter(platform__startswith='Win').update(protocol='rdp')
-
-
-class Migration(migrations.Migration):
-
-    dependencies = [
-        ('applications', '0018_auto_20220223_1539'),
-    ]
-
-    operations = [
-        migrations.CreateModel(
-            name='DatabaseApp',
-            fields=[
-            ],
-            options={
-                'verbose_name': 'Database application',
-                'proxy': True,
-                'indexes': [],
-                'constraints': [],
-            },
-            bases=('applications.application',),
-        ),
-        migrations.CreateModel(
-            name='KubernetesApp',
-            fields=[
-            ],
-            options={
-                'verbose_name': 'Kubernetes',
-                'proxy': True,
-                'indexes': [],
-                'constraints': [],
-            },
-            bases=('applications.application',),
-        ),
-        migrations.CreateModel(
-            name='RemoteApp',
-            fields=[
-            ],
-            options={
-                'verbose_name': 'Remote application',
-                'proxy': True,
-                'indexes': [],
-                'constraints': [],
-            },
-            bases=('applications.application',),
-        ),
-    ]

apps/applications/models/application.py

@@ -269,21 +269,3 @@ class ApplicationUser(SystemUser):
     class Meta:
         proxy = True
         verbose_name = _('Application user')
-
-
-class RemoteApp(Application):
-    class Meta:
-        proxy = True
-        verbose_name = _('Remote application')
-
-
-class DatabaseApp(Application):
-    class Meta:
-        proxy = True
-        verbose_name = _('Database application')
-
-
-class KubernetesApp(Application):
-    class Meta:
-        proxy = True
-        verbose_name = _('Kubernetes')

apps/perms/migrations/0027_auto_20220310_0616.py

@@ -1,78 +0,0 @@
-# Generated by Django 3.1.14 on 2022-03-09 22:16
-
-from django.db import migrations
-
-
-class Migration(migrations.Migration):
-
-    dependencies = [
-        ('applications', '0019_databaseapp_kubernetesapp_remoteapp'),
-        ('perms', '0026_auto_20220307_1500'),
-    ]
-
-    operations = [
-        migrations.CreateModel(
-            name='PermedApplication',
-            fields=[
-            ],
-            options={
-                'verbose_name': 'Permed application',
-                'permissions': [('view_userapps', 'Can view user apps'), ('view_usergroupapps', 'Can view usergroup apps')],
-                'proxy': True,
-                'default_permissions': [],
-                'indexes': [],
-                'constraints': [],
-            },
-            bases=('applications.application',),
-        ),
-        migrations.CreateModel(
-            name='PermedDatabaseApp',
-            fields=[
-            ],
-            options={
-                'verbose_name': 'Database application',
-                'permissions': [('view_mydatabaseapp', 'Can view my database application'), ('connect_mydatabaseapp', 'Can connect my database application')],
-                'proxy': True,
-                'default_permissions': [],
-                'indexes': [],
-                'constraints': [],
-            },
-            bases=('applications.application',),
-        ),
-        migrations.CreateModel(
-            name='PermedKubernetesApp',
-            fields=[
-            ],
-            options={
-                'verbose_name': 'Kubernetes',
-                'permissions': [('view_mykubernetesapp', 'Can view my kubernetes application'), ('connect_mykubernetesapp', 'Can connect my kubernetes application')],
-                'proxy': True,
-                'default_permissions': [],
-                'indexes': [],
-                'constraints': [],
-            },
-            bases=('applications.application',),
-        ),
-        migrations.CreateModel(
-            name='PermedRemoteApp',
-            fields=[
-            ],
-            options={
-                'verbose_name': 'Permed remote application',
-                'permissions': [('view_myremoteapp', 'Can view my remoteapp'), ('connect_myremoteapp', 'Can connect my remoteapp')],
-                'proxy': True,
-                'default_permissions': [],
-                'indexes': [],
-                'constraints': [],
-            },
-            bases=('applications.application',),
-        ),
-        migrations.AlterModelOptions(
-            name='applicationpermission',
-            options={'ordering': ('name',), 'permissions': [('view_permuserapplication', 'Can view application of permission to user')], 'verbose_name': 'Application permission'},
-        ),
-        migrations.AlterModelOptions(
-            name='assetpermission',
-            options={'ordering': ('name',), 'permissions': [('view_permuserasset', 'Can view asset of permission to user'), ('view_permusergroupasset', 'Can view asset of permission to user group')], 'verbose_name': 'Asset permission'},
-        ),
-    ]

apps/perms/migrations/0027_auto_20220310_1802.py

@@ -0,0 +1,36 @@
+# Generated by Django 3.1.14 on 2022-03-10 10:02
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('applications', '0018_auto_20220223_1539'),
+        ('perms', '0026_auto_20220307_1500'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='PermedApplication',
+            fields=[
+            ],
+            options={
+                'verbose_name': 'Permed application',
+                'permissions': [('view_myapps', 'Can view my apps'), ('connect_myapps', 'Can connect my apps'), ('view_userapps', 'Can view user apps'), ('view_usergroupapps', 'Can view usergroup apps')],
+                'proxy': True,
+                'default_permissions': [],
+                'indexes': [],
+                'constraints': [],
+            },
+            bases=('applications.application',),
+        ),
+        migrations.AlterModelOptions(
+            name='applicationpermission',
+            options={'ordering': ('name',), 'permissions': [('view_permuserapplication', 'Can view application of permission to user')], 'verbose_name': 'Application permission'},
+        ),
+        migrations.AlterModelOptions(
+            name='assetpermission',
+            options={'ordering': ('name',), 'permissions': [('view_permuserasset', 'Can view asset of permission to user'), ('view_permusergroupasset', 'Can view asset of permission to user group')], 'verbose_name': 'Asset permission'},
+        ),
+    ]

apps/perms/models/application_permission.py

@@ -112,39 +112,8 @@ class PermedApplication(Application):
         verbose_name = _('Permed application')
         default_permissions = []
         permissions = [
+            ('view_myapps', 'Can view my apps'),
+            ('connect_myapps', 'Can connect my apps'),
             ('view_userapps', _('Can view user apps')),
             ('view_usergroupapps', _('Can view usergroup apps')),
         ]
-
-
-class PermedRemoteApp(Application):
-    class Meta:
-        proxy = True
-        verbose_name = _('Permed remote application')
-        default_permissions = []
-        permissions = [
-            ('view_myremoteapp', _('Can view my remoteapp')),
-            ('connect_myremoteapp', _('Can connect my remoteapp')),
-        ]
-
-
-class PermedDatabaseApp(Application):
-    class Meta:
-        proxy = True
-        verbose_name = _('Database application')
-        default_permissions = []
-        permissions = [
-            ('view_mydatabaseapp', _('Can view my database application')),
-            ('connect_mydatabaseapp', _('Can connect my database application')),
-        ]
-
-
-class PermedKubernetesApp(Application):
-    class Meta:
-        proxy = True
-        verbose_name = _('Kubernetes')
-        default_permissions = []
-        permissions = [
-            ('view_mykubernetesapp', _('Can view my kubernetes application')),
-            ('connect_mykubernetesapp', _('Can connect my kubernetes application')),
-        ]

apps/rbac/migrations/0006_auto_20220307_1558.py

@@ -1,40 +0,0 @@
-# Generated by Django 3.1.14 on 2022-03-07 07:58
-
-from django.db import migrations
-
-
-def delete_unused_permissions(apps, schema_editor):
-    permission_model = apps.get_model('rbac', 'Permission')
-    content_type_model = apps.get_model('rbac', 'ContentType')
-    content_type_delete_required = [
-        ('common', 'permission'),
-        ('applications', 'k8sapp'),
-    ]
-    for app, model in content_type_delete_required:
-        content_type_model.objects.filter(app_label=app, model=model).delete()
-
-    permissions_delete_required = [
-        ('perms', 'assetpermission', 'connect_myassets'),
-        ('perms', 'assetpermission', 'view_myassets'),
-        ('perms', 'assetpermission', 'view_userassets'),
-        ('perms', 'assetpermission', 'view_usergroupassets'),
-        ('perms', 'applicationpermission', 'view_myapps'),
-        ('perms', 'applicationpermission', 'connect_myapps'),
-        ('perms', 'applicationpermission', 'view_userapps'),
-        ('perms', 'applicationpermission', 'view_usergroupapps'),
-    ]
-    for app, model, codename in permissions_delete_required:
-        permission_model.objects.filter(
-            codename=codename, content_type__model=model, content_type__app_label=app
-        ).delete()
-
-
-class Migration(migrations.Migration):
-
-    dependencies = [
-        ('rbac', '0005_auto_20220307_1524'),
-    ]
-
-    operations = [
-        migrations.RunPython(delete_unused_permissions)
-    ]

apps/rbac/migrations/0006_auto_20220310_0616.py

@@ -6,7 +6,7 @@ from django.db import migrations
 class Migration(migrations.Migration):
 
     dependencies = [
-        ('rbac', '0006_auto_20220307_1558'),
+        ('rbac', '0005_auto_20220307_1524'),
     ]
 
     operations = [

utils/clean_db_content_types.py

@@ -0,0 +1,65 @@
+import os
+import sys
+import django
+
+
+if os.path.exists('../apps'):
+    sys.path.insert(0, '../apps')
+elif os.path.exists('./apps'):
+    sys.path.insert(0, './apps')
+
+os.environ.setdefault("DJANGO_SETTINGS_MODULE", "jumpserver.settings")
+django.setup()
+
+from rbac.models import Permission, ContentType
+
+
+def clean_db_content_types():
+    content_type_delete_required = [
+        ('common', 'permission'),
+    ]
+    for app, model in content_type_delete_required:
+        ContentType.objects.filter(app_label=app, model=model).delete()
+
+    permissions_delete_required = [
+        ('perms', 'assetpermission', 'connect_myassets'),
+        ('perms', 'assetpermission', 'view_myassets'),
+        ('perms', 'assetpermission', 'view_userassets'),
+        ('perms', 'assetpermission', 'view_usergroupassets'),
+        ('perms', 'applicationpermission', 'view_myapps'),
+        ('perms', 'applicationpermission', 'connect_myapps'),
+        ('perms', 'applicationpermission', 'view_userapps'),
+        ('perms', 'applicationpermission', 'view_usergroupapps'),
+
+
+        ('perms', 'permeddatabaseapp', 'connect_mydatabaseapp'),
+        ('perms', 'permeddatabaseapp', 'view_mydatabaseapp'),
+        ('perms', 'permedkubernetesapp', 'connect_mykubernetesapp'),
+        ('perms', 'permedkubernetesapp', 'view_mykubernetesapp'),
+        ('perms', 'permedremoteapp', 'connect_myremoteapp'),
+        ('perms', 'permedremoteapp', 'view_myremoteapp'),
+
+        ('applications', 'databaseapp', 'add_databaseapp'),
+        ('applications', 'databaseapp', 'change_databaseapp'),
+        ('applications', 'databaseapp', 'delete_databaseapp'),
+        ('applications', 'databaseapp', 'view_databaseapp'),
+        ('applications', 'kubernetesapp', 'add_kubernetesapp'),
+        ('applications', 'kubernetesapp', 'delete_kubernetesapp'),
+        ('applications', 'kubernetesapp', 'change_kubernetesapp'),
+        ('applications', 'kubernetesapp', 'view_kubernetesapp'),
+        ('applications', 'remoteapp', 'add_remoteapp'),
+        ('applications', 'remoteapp', 'change_remoteapp'),
+        ('applications', 'remoteapp', 'delete_remoteapp'),
+        ('applications', 'remoteapp', 'view_remoteapp'),
+
+
+    ]
+    for app, model, codename in permissions_delete_required:
+        print('delete {}.{} ({})'.format(app, codename, model))
+        Permission.objects.filter(
+            codename=codename, content_type__model=model, content_type__app_label=app
+        ).delete()
+
+
+if __name__ == '__main__':
+    clean_db_content_types()