refactor(perms): 修改授权规则的目录结构（asset、application)

apps/assets/models/favorite_asset.py

@@ -22,7 +22,7 @@ class FavoriteAsset(CommonModelMixin):
     @classmethod
     def get_user_favorite_assets(cls, user):
         from assets.models import Asset
-        from perms.utils.user_asset_permission import get_user_granted_all_assets
+        from perms.utils.asset.user_permission import get_user_granted_all_assets
         asset_ids = get_user_granted_all_assets(user).values_list('id', flat=True)
         query_name = cls.asset.field.related_query_name()
         return Asset.org_objects.filter(**{f'{query_name}__user_id': user.id}, id__in=asset_ids).distinct()

apps/perms/api/__init__.py

@@ -1,14 +1,10 @@
 # -*- coding: utf-8 -*-
 #
 
-from .asset_permission import *
+from .asset import *
-from .application_permission import *
+from .application import *
-from .user_permission import *
+
-from .user_permission_application import *
+# TODO: 删除
-from .asset_permission_relation import *
-from .application_permission_relation import *
-from .user_group_permission import *
-from .user_group_permission_application import *
 from .remote_app_permission import *
 from .remote_app_permission_relation import *
 from .user_remote_app_permission import *

apps/perms/api/application/__init__.py

@@ -0,0 +1,4 @@
+from .user_permission import *
+from .application_permission import *
+from .application_permission_relation import *
+from .user_group_permission_application import *

apps/perms/api/application/application_permission.py

@@ -2,8 +2,8 @@
 #
 from common.permissions import IsOrgAdmin
 from orgs.mixins.api import OrgBulkModelViewSet
-from ..models import ApplicationPermission
+from perms.models import ApplicationPermission
-from .. import serializers
+from perms import serializers
 
 
 class ApplicationPermissionViewSet(OrgBulkModelViewSet):

apps/perms/api/application/application_permission_relation.py

@@ -10,8 +10,8 @@ from orgs.mixins.api import OrgRelationMixin
 from orgs.mixins.api import OrgBulkModelViewSet
 from orgs.utils import current_org
 from common.permissions import IsOrgAdmin
-from .. import serializers
+from perms import serializers
-from .. import models
+from perms import models
 
 __all__ = [
     'ApplicationPermissionUserRelationViewSet',

apps/perms/api/application/user_permission/common.py

@@ -8,13 +8,13 @@ from rest_framework.generics import (
 )
 
 from applications.models import Application
-from perms.utils.application_permission import (
+from perms.utils.application.permission import (
     get_application_system_users_id
 )
-from perms.api.user_permission.mixin import ForAdminMixin, ForUserMixin
+from perms.api.asset.user_permission.mixin import ForAdminMixin, ForUserMixin
 from common.permissions import IsOrgAdminOrAppUser
-from ...hands import User, SystemUser
+from perms.hands import User, SystemUser
-from ... import serializers
+from perms import serializers
 
 
 __all__ = [

apps/perms/api/application/user_permission/user_permission_applications.py

@@ -5,8 +5,8 @@ from rest_framework.response import Response
 
 from applications.api.mixin import SerializeApplicationToTreeNodeMixin
 from perms import serializers
-from perms.api.user_permission.mixin import ForAdminMixin, ForUserMixin
+from perms.api.asset.user_permission.mixin import ForAdminMixin, ForUserMixin
-from perms.utils.user_application_permission import (
+from perms.utils.application.user_permission import (
     get_user_granted_all_applications
 )
 

apps/perms/api/asset/__init__.py

@@ -0,0 +1,4 @@
+from .user_permission import *
+from .asset_permission import *
+from .asset_permission_relation import *
+from .user_group_permission import *

apps/perms/api/asset/asset_permission.py

@@ -5,11 +5,11 @@ from django.db.models import Q
 from common.permissions import IsOrgAdmin
 from orgs.mixins.api import OrgBulkModelViewSet
 from common.utils import get_object_or_none
-from ..models import AssetPermission
+from perms.models import AssetPermission
-from ..hands import (
+from perms.hands import (
     User, UserGroup, Asset, Node, SystemUser,
 )
-from .. import serializers
+from perms import serializers
 
 
 __all__ = [

apps/perms/api/asset/asset_permission_relation.py

@@ -11,8 +11,8 @@ from orgs.mixins.api import OrgRelationMixin
 from orgs.mixins.api import OrgBulkModelViewSet
 from orgs.utils import current_org
 from common.permissions import IsOrgAdmin
-from .. import serializers
+from perms import serializers
-from .. import models
+from perms import models
 
 __all__ = [
     'AssetPermissionUserRelationViewSet', 'AssetPermissionUserGroupRelationViewSet',

apps/perms/api/asset/user_group_permission.py

@@ -10,9 +10,9 @@ from common.permissions import IsOrgAdminOrAppUser
 from common.utils import lazyproperty
 from perms.models import AssetPermission
 from assets.models import Asset, Node
-from . import user_permission as uapi
+from perms.api.asset import user_permission as uapi
 from perms import serializers
-from perms.utils.asset_permission import get_asset_system_users_id_with_actions_by_group
+from perms.utils.asset.permission import get_asset_system_users_id_with_actions_by_group
 from assets.api.mixin import SerializeToTreeNodeMixin
 from users.models import UserGroup
 

apps/perms/api/asset/user_permission/common.py

@@ -10,13 +10,13 @@ from rest_framework.generics import (
 )
 
 from orgs.utils import tmp_to_root_org
-from perms.utils.asset_permission import get_asset_system_users_id_with_actions_by_user
+from perms.utils.asset.permission import get_asset_system_users_id_with_actions_by_user
 from common.permissions import IsOrgAdminOrAppUser, IsOrgAdmin, IsValidUser
 from common.utils import get_logger, lazyproperty
 
-from ...hands import User, Asset, SystemUser
+from perms.hands import User, Asset, SystemUser
-from ... import serializers
+from perms import serializers
-from ...models import Action
+from perms.models import Action
 
 logger = get_logger(__name__)
 

apps/perms/api/asset/user_permission/user_permission_assets.py

@@ -1,6 +1,6 @@
 # -*- coding: utf-8 -*-
 #
-from perms.api.user_permission.mixin import UserNodeGrantStatusDispatchMixin
+from perms.api.asset.user_permission.mixin import UserNodeGrantStatusDispatchMixin
 from rest_framework.generics import ListAPIView
 from rest_framework.response import Response
 from django.conf import settings
@@ -9,8 +9,8 @@ from assets.api.mixin import SerializeToTreeNodeMixin
 from common.utils import get_logger
 from perms.pagination import GrantedAssetLimitOffsetPagination
 from assets.models import Asset, Node, FavoriteAsset
-from ... import serializers
+from perms import serializers
-from ...utils.user_asset_permission import (
+from perms.utils.asset.user_permission import (
     get_node_all_granted_assets, get_user_direct_granted_assets,
     get_user_granted_all_assets
 )

apps/perms/api/asset/user_permission/user_permission_nodes.py

@@ -10,9 +10,9 @@ from rest_framework.request import Request
 from assets.api.mixin import SerializeToTreeNodeMixin
 from common.utils import get_logger
 from .mixin import ForAdminMixin, ForUserMixin, UserNodeGrantStatusDispatchMixin
-from ...hands import Node, User
+from perms.hands import Node, User
-from ... import serializers
+from perms import serializers
-from ...utils.user_asset_permission import (
+from perms.utils.asset.user_permission import (
     get_indirect_granted_node_children,
     get_user_granted_nodes_list_via_mapping_node,
     get_top_level_granted_nodes,

apps/perms/api/asset/user_permission/user_permission_nodes_with_assets.py

@@ -8,8 +8,7 @@ from django.db.models import F
 from common.permissions import IsValidUser
 from common.utils import get_logger, get_object_or_none
 from .mixin import UserNodeGrantStatusDispatchMixin, ForUserMixin, ForAdminMixin
-from ...utils.user_asset_permission import (
+from perms.utils.asset.user_permission import (
-    get_user_resources_q_granted_by_permissions,
     get_indirect_granted_node_children, UNGROUPED_NODE_KEY, FAVORITE_NODE_KEY,
     get_user_direct_granted_assets, get_top_level_granted_nodes,
     get_user_granted_nodes_list_via_mapping_node,
@@ -19,7 +18,7 @@ from ...utils.user_asset_permission import (
 
 from assets.models import Asset, FavoriteAsset
 from assets.api import SerializeToTreeNodeMixin
-from ...hands import Node
+from perms.hands import Node
 
 logger = get_logger(__name__)
 

apps/perms/serializers/__init__.py

@@ -1,13 +1,12 @@
 # coding: utf-8
 #
+from .asset import *
+from .application import *
 from .system_user_permission import *
-from .asset_permission import *
+
-from .application_permission import *
+# TODO: 删除
-from .user_permission import *
 from .remote_app_permission import *
 from .remote_app_permission_relation import *
-from .asset_permission_relation import *
-from .application_permission_relation import *
 from .database_app_permission import *
 from .database_app_permission_relation import *
 from .base import *

apps/perms/serializers/application/__init__.py

@@ -0,0 +1,3 @@
+from .permission import *
+from .permission_relation import *
+from .user_permission import *

apps/perms/serializers/application/permission_relation.py

@@ -4,7 +4,7 @@ from rest_framework import serializers
 
 from common.mixins import BulkSerializerMixin
 from common.serializers import AdaptedBulkListSerializer
-from ..models import ApplicationPermission
+from perms.models import ApplicationPermission
 
 __all__ = [
     'ApplicationPermissionUserRelationSerializer',

apps/perms/serializers/application/user_permission.py

@@ -0,0 +1,38 @@
+# -*- coding: utf-8 -*-
+#
+
+from rest_framework import serializers
+
+from assets.models import SystemUser
+from applications.models import Application
+
+__all__ = [
+    'ApplicationGrantedSerializer',
+    'ApplicationSystemUserSerializer'
+]
+
+
+class ApplicationSystemUserSerializer(serializers.ModelSerializer):
+    """
+    查看授权的应用系统用户的数据结构，这个和SystemUserSerializer不同，字段少
+    """
+    class Meta:
+        model = SystemUser
+        only_fields = (
+            'id', 'name', 'username', 'priority', 'protocol', 'login_mode'
+        )
+        fields = list(only_fields)
+        read_only_fields = fields
+
+
+class ApplicationGrantedSerializer(serializers.ModelSerializer):
+    """
+    被授权应用的数据结构
+    """
+    class Meta:
+        model = Application
+        only_fields = [
+            'id', 'name', 'domain', 'category', 'type', 'comment', 'org_id'
+        ]
+        fields = only_fields + ['org_name']
+        read_only_fields = fields

apps/perms/serializers/asset/__init__.py

@@ -0,0 +1,3 @@
+from .permission import *
+from .permission_relation import *
+from .user_permission import *

apps/perms/serializers/asset/permission_relation.py

@@ -5,7 +5,7 @@ from rest_framework import serializers
 from common.mixins import BulkSerializerMixin
 from common.serializers import AdaptedBulkListSerializer
 from assets.models import Asset, Node
-from ..models import AssetPermission
+from perms.models import AssetPermission
 from users.models import User
 
 __all__ = [

apps/perms/serializers/asset/user_permission.py

@@ -6,8 +6,7 @@ from django.utils.translation import ugettext_lazy as _
 
 from assets.models import Node, SystemUser, Asset
 from assets.serializers import ProtocolsField
-from .asset_permission import ActionsField
+from perms.serializers.asset.permission import ActionsField
-from applications.models import Application
 
 __all__ = [
     'NodeGrantedSerializer',
@@ -16,8 +15,6 @@ __all__ = [
     'RemoteAppSystemUserSerializer',
     'DatabaseAppSystemUserSerializer',
     'K8sAppSystemUserSerializer',
-    'ApplicationGrantedSerializer',
-    'ApplicationSystemUserSerializer'
 ]
 
 
@@ -37,49 +34,6 @@ class AssetSystemUserSerializer(serializers.ModelSerializer):
         read_only_fields = fields
 
 
-class ApplicationSystemUserSerializer(serializers.ModelSerializer):
-    """
-    查看授权的应用系统用户的数据结构，这个和SystemUserSerializer不同，字段少
-    """
-    class Meta:
-        model = SystemUser
-        only_fields = (
-            'id', 'name', 'username', 'priority', 'protocol', 'login_mode'
-        )
-        fields = list(only_fields)
-        read_only_fields = fields
-
-
-class RemoteAppSystemUserSerializer(serializers.ModelSerializer):
-    class Meta:
-        model = SystemUser
-        only_fields = (
-            'id', 'name', 'username', 'priority', 'protocol', 'login_mode',
-        )
-        fields = list(only_fields)
-        read_only_fields = fields
-
-
-class DatabaseAppSystemUserSerializer(serializers.ModelSerializer):
-    class Meta:
-        model = SystemUser
-        only_fields = (
-            'id', 'name', 'username', 'priority', 'protocol', 'login_mode',
-        )
-        fields = list(only_fields)
-        read_only_fields = fields
-
-
-class K8sAppSystemUserSerializer(serializers.ModelSerializer):
-    class Meta:
-        model = SystemUser
-        only_fields = (
-            'id', 'name', 'username', 'priority', 'protocol', 'login_mode',
-        )
-        fields = list(only_fields)
-        read_only_fields = fields
-
-
 class AssetGrantedSerializer(serializers.ModelSerializer):
     """
     被授权资产的数据结构
@@ -110,14 +64,33 @@ class ActionsSerializer(serializers.Serializer):
     actions = ActionsField(read_only=True)
 
 
-class ApplicationGrantedSerializer(serializers.ModelSerializer):
+# TODO: 删除
-    """
+class RemoteAppSystemUserSerializer(serializers.ModelSerializer):
-    被授权应用的数据结构
-    """
     class Meta:
-        model = Application
+        model = SystemUser
-        only_fields = [
+        only_fields = (
-            'id', 'name', 'domain', 'category', 'type', 'comment', 'org_id'
+            'id', 'name', 'username', 'priority', 'protocol', 'login_mode',
-        ]
+        )
-        fields = only_fields + ['org_name']
+        fields = list(only_fields)
         read_only_fields = fields
+
+
+class DatabaseAppSystemUserSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = SystemUser
+        only_fields = (
+            'id', 'name', 'username', 'priority', 'protocol', 'login_mode',
+        )
+        fields = list(only_fields)
+        read_only_fields = fields
+
+
+class K8sAppSystemUserSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = SystemUser
+        only_fields = (
+            'id', 'name', 'username', 'priority', 'protocol', 'login_mode',
+        )
+        fields = list(only_fields)
+        read_only_fields = fields
+

apps/perms/tasks.py

@@ -11,7 +11,7 @@ from common.utils.timezone import now, dt_formater, dt_parser
 from users.models import User
 from assets.models import Node
 from perms.models import RebuildUserTreeTask, AssetPermission
-from perms.utils.user_asset_permission import rebuild_user_mapping_nodes_if_need_with_lock, lock
+from perms.utils.asset.user_permission import rebuild_user_mapping_nodes_if_need_with_lock, lock
 
 logger = get_logger(__file__)
 

apps/perms/urls/api_urls.py

@@ -4,6 +4,7 @@ from django.urls import re_path
 from common import api as capi
 from .asset_permission import asset_permission_urlpatterns
 from .application_permission import application_permission_urlpatterns
+
 from .remote_app_permission import remote_app_permission_urlpatterns
 from .database_app_permission import database_app_permission_urlpatterns
 from .system_user_permission import system_users_permission_urlpatterns

apps/perms/utils/__init__.py

@@ -1,10 +1,10 @@
 # coding: utf-8
 #
 
-from .asset_permission import *
+from .asset import *
-from .application_permission import *
+from .application import *
+
+# TODO: 删除
 from .remote_app_permission import *
 from .database_app_permission import *
 from .k8s_app_permission import *
-from .user_asset_permission import *
-from .user_application_permission import *

apps/perms/utils/application/__init__.py

@@ -0,0 +1,2 @@
+from .permission import *
+from .user_permission import *

apps/perms/utils/application/permission.py

@@ -1,7 +1,7 @@
 from django.db.models import Q
 
 from common.utils import get_logger
-from ..models import ApplicationPermission
+from perms.models import ApplicationPermission
 
 logger = get_logger(__file__)
 

apps/perms/utils/asset/__init__.py

@@ -0,0 +1,2 @@
+from .permission import *
+from .user_permission import *

apps/perms/utils/asset/permission.py

@@ -3,8 +3,8 @@ from collections import defaultdict
 from django.db.models import Q
 
 from common.utils import get_logger
-from ..models import AssetPermission
+from perms.models import AssetPermission
-from ..hands import Asset, User, UserGroup
+from perms.hands import Asset, User, UserGroup
 from perms.models.base import BasePermissionQuerySet
 
 logger = get_logger(__file__)