feat: 添加一些注释信息

2022-09-29 16:36:28 +08:00 · 2022-09-29 16:36:28 +08:00 · fd0ce0d1c6
parent ba3af280d5
commit fd0ce0d1c6
2 changed files with 10 additions and 4 deletions
--- a/apps/perms/models/asset_permission.py
+++ b/apps/perms/models/asset_permission.py
@ -258,8 +258,9 @@ class AssetPermission(OrgModelMixin):

    @classmethod
    def filter(cls, user=None, user_group=None, asset=None, account_names=None):
-        """ 获取同时包含 用户(组)-资产-账号 的授权规则 """
+        """ 获取同时包含 用户(组)-资产-账号 的授权规则, 条件之间都是 & 的关系"""
        perm_ids = []
+
        if user:
            user_perm_ids = cls.filter_by_user(user, flat=True)
            perm_ids.append(user_perm_ids)
@ -271,12 +272,16 @@ class AssetPermission(OrgModelMixin):
        if asset:
            asset_perm_ids = cls.filter_by_asset(asset, flat=True)
            perm_ids.append(asset_perm_ids)
+
        # & 是同时满足，比如有用户，但是用户的规则是空，那么返回也应该是空
        perm_ids = list(reduce(lambda x, y: set(x) & set(y), perm_ids))
        perms = cls.objects.filter(id__in=perm_ids)
+
        if account_names:
            perms = perms.filter_by_accounts(account_names)
-        return perms.valid().order_by('-date_expired')
+
+        perms = perms.valid().order_by('-date_expired')
+        return perms

    @classmethod
    def filter_by_user(cls, user, with_group=True, flat=False):
--- a/apps/perms/urls/asset_permission.py
+++ b/apps/perms/urls/asset_permission.py
@ -84,7 +84,7 @@ user_group_permission_urlpatterns = [

    # Todo: v3 删除
    path('<uuid:pk>/assets/<uuid:asset_id>/system-users/', api.UserGroupGrantedAssetSystemUsersApi.as_view(), name='user-group-asset-system-users'),
-    # Todo: v3 增加
+    # Todo: v3 增加 Done.
    # 获取所有和资产-用户组关联的账号列表
    path('<uuid:pk>/assets/<uuid:asset_id>/accounts/', api.UserGroupGrantedAssetAccountsApi.as_view(), name='user-group-asset-accounts'),
 ]
@ -95,7 +95,8 @@ permission_urlpatterns = [
    path('<uuid:pk>/users/all/', api.AssetPermissionAllUserListApi.as_view(), name='asset-permission-all-users'),

    # 验证用户是否有某个资产和系统用户的权限
-    # Todo: API 需要修改，验证用户有某个账号的权限
+    # Todo: v3 API 需要修改，验证用户有某个账号的权限 # 先不动, v3 中可能会修改连接资产时的逻辑,
+    #  直接获取认证信息，获取不到就时没有权限，就不需要校验了
    path('user/validate/', api.ValidateUserAssetPermissionApi.as_view(), name='validate-user-asset-permission'),
    path('user/actions/', api.GetUserAssetPermissionActionsApi.as_view(), name='get-user-asset-permission-actions'),