diff --git a/apps/assets/models/node.py b/apps/assets/models/node.py index 5ee97af9b..fed8980ed 100644 --- a/apps/assets/models/node.py +++ b/apps/assets/models/node.py @@ -61,10 +61,14 @@ class Node(models.Model): return child def get_children(self): - return self.__class__.objects.filter(key__regex=r'^{}:[0-9]+$'.format(self.key)) + return self.__class__.objects.filter( + key__regex=r'^{}:[0-9]+$'.format(self.key) + ) def get_all_children(self): - return self.__class__.objects.filter(key__startswith='{}:'.format(self.key)) + return self.__class__.objects.filter( + key__startswith='{}:'.format(self.key) + ) def get_family(self): children = list(self.get_all_children()) diff --git a/apps/perms/api.py b/apps/perms/api.py index be69d6158..8f663a0f4 100644 --- a/apps/perms/api.py +++ b/apps/perms/api.py @@ -6,7 +6,7 @@ from rest_framework.views import APIView, Response from rest_framework.generics import ListAPIView, get_object_or_404, RetrieveUpdateAPIView from rest_framework import viewsets -from common.utils import set_or_append_attr_bulk +from common.utils import set_or_append_attr_bulk, get_object_or_none from users.permissions import IsValidUser, IsSuperUser, IsSuperUserOrAppUser from .utils import AssetPermissionUtil from .models import AssetPermission @@ -147,8 +147,13 @@ class UserGrantedNodeAssetsApi(ListAPIView): user = get_object_or_404(User, id=user_id) else: user = self.request.user - node = get_object_or_404(Node, id=node_id) nodes = AssetPermissionUtil.get_user_nodes_with_assets(user) + node = get_object_or_none(Node, id=node_id) + + if not node: + unnode = [node for node in nodes if node.name == 'Unnode'] + node = unnode[0] if unnode else None + assets = nodes.get(node, []) for asset, system_users in assets.items(): asset.system_users_granted = system_users diff --git a/apps/perms/utils.py b/apps/perms/utils.py index b23b1cb7c..abcd2e17e 100644 --- a/apps/perms/utils.py +++ b/apps/perms/utils.py @@ -13,7 +13,6 @@ logger = get_logger(__file__) class AssetPermissionUtil: - @staticmethod def get_user_permissions(user): return AssetPermission.objects.all().valid().filter(users=user) @@ -122,6 +121,24 @@ class AssetPermissionUtil: nodes[node].update(set(_system_users)) return nodes + @classmethod + def get_user_nodes_inherit_group(cls, user): + nodes = defaultdict(set) + groups = user.groups.all() + for group in groups: + _nodes = cls.get_user_group_nodes(group) + for node, system_users in _nodes.items(): + nodes[node].update(set(system_users)) + return nodes + + @classmethod + def get_user_nodes(cls, user): + nodes = cls.get_user_nodes_direct(user) + nodes_inherit = cls.get_user_nodes_inherit_group(user) + for node, system_users in nodes_inherit.items(): + nodes[node].update(set(system_users)) + return nodes + @classmethod def get_user_nodes_assets_direct(cls, user): assets = defaultdict(set) @@ -164,15 +181,26 @@ class AssetPermissionUtil: :param user: :return: {node: {asset: set(su1, su2)}} """ + from assets.models import Node + unnode = Node(value='Unnode') nodes = defaultdict(dict) + for _node in cls.get_user_nodes(user): + children = _node.get_family() + for node in children: + nodes[node] = defaultdict(set) _assets = cls.get_user_assets(user) for asset, _system_users in _assets.items(): _nodes = asset.get_nodes() + in_node = False for node in _nodes: - if asset in nodes[node]: + if node in nodes: + in_node = True nodes[node][asset].update(_system_users) + if not in_node: + if unnode in nodes: + nodes[unnode][asset].update(_system_users) else: - nodes[node][asset] = _system_users + nodes[unnode][asset] = _system_users return nodes @classmethod