diff --git a/apps/assets/forms/asset.py b/apps/assets/forms/asset.py index a6f488761..f8f187b4d 100644 --- a/apps/assets/forms/asset.py +++ b/apps/assets/forms/asset.py @@ -27,13 +27,16 @@ class AssetCreateForm(forms.ModelForm): 'class': 'select2', 'data-placeholder': _('Admin user') }), 'labels': forms.SelectMultiple(attrs={ - 'class': 'select2', 'data-placeholder': _('Labels') + 'class': 'select2', 'data-placeholder': _('Label') }), 'port': forms.TextInput(), 'domain': forms.Select(attrs={ 'class': 'select2', 'data-placeholder': _('Domain') }), } + labels = { + 'nodes': _("Node"), + } help_texts = { 'hostname': '* required', 'ip': '* required', @@ -57,19 +60,22 @@ class AssetUpdateForm(forms.ModelForm): ] widgets = { 'nodes': forms.SelectMultiple(attrs={ - 'class': 'select2', 'data-placeholder': _('Nodes') + 'class': 'select2', 'data-placeholder': _('Node') }), 'admin_user': forms.Select(attrs={ 'class': 'select2', 'data-placeholder': _('Admin user') }), 'labels': forms.SelectMultiple(attrs={ - 'class': 'select2', 'data-placeholder': _('Labels') + 'class': 'select2', 'data-placeholder': _('Label') }), 'port': forms.TextInput(), 'domain': forms.Select(attrs={ 'class': 'select2', 'data-placeholder': _('Domain') }), } + labels = { + 'nodes': _("Node"), + } help_texts = { 'hostname': '* required', 'ip': '* required', @@ -116,10 +122,10 @@ class AssetBulkUpdateForm(forms.ModelForm): ] widgets = { 'labels': forms.SelectMultiple( - attrs={'class': 'select2', 'data-placeholder': _('Select labels')} + attrs={'class': 'select2', 'data-placeholder': _('Label')} ), 'nodes': forms.SelectMultiple( - attrs={'class': 'select2', 'data-placeholder': _('Select nodes')} + attrs={'class': 'select2', 'data-placeholder': _('Node')} ), } diff --git a/apps/assets/models/user.py b/apps/assets/models/user.py index 541ef8b6a..2326f1c46 100644 --- a/apps/assets/models/user.py +++ b/apps/assets/models/user.py @@ -3,6 +3,7 @@ # import logging +import uuid from django.core.cache import cache from django.db import models @@ -100,10 +101,11 @@ class SystemUser(AssetUser): ) nodes = models.ManyToManyField('assets.Node', blank=True, verbose_name=_("Nodes")) + assets = models.ManyToManyField('assets.Asset', blank=True, verbose_name=_("Assets")) priority = models.IntegerField(default=10, verbose_name=_("Priority")) protocol = models.CharField(max_length=16, choices=PROTOCOL_CHOICES, default='ssh', verbose_name=_('Protocol')) auto_push = models.BooleanField(default=True, verbose_name=_('Auto push')) - sudo = models.TextField(default='/sbin/ifconfig', verbose_name=_('Sudo')) + sudo = models.TextField(default='/bin/whoami', verbose_name=_('Sudo')) shell = models.CharField(max_length=64, default='/bin/bash', verbose_name=_('Shell')) def __str__(self): @@ -119,9 +121,8 @@ class SystemUser(AssetUser): 'auto_push': self.auto_push, } - @property - def assets(self): - assets = set() + def get_assets(self): + assets = set(self.assets.all()) for node in self.nodes.all(): assets.update(set(node.get_all_assets())) return assets @@ -168,6 +169,3 @@ class SystemUser(AssetUser): except IntegrityError: print('Error continue') continue - - - diff --git a/apps/assets/serializers/system_user.py b/apps/assets/serializers/system_user.py index 1dff79422..7abd09d29 100644 --- a/apps/assets/serializers/system_user.py +++ b/apps/assets/serializers/system_user.py @@ -34,7 +34,7 @@ class SystemUserSerializer(serializers.ModelSerializer): @staticmethod def get_assets_amount(obj): - return len(obj.assets) + return len(obj.get_assets()) class SystemUserAuthSerializer(AuthSerializer): diff --git a/apps/assets/signals_handler.py b/apps/assets/signals_handler.py index b530067a7..06cd9f63e 100644 --- a/apps/assets/signals_handler.py +++ b/apps/assets/signals_handler.py @@ -1,14 +1,13 @@ # -*- coding: utf-8 -*- # - +from collections import defaultdict from django.db.models.signals import post_save, m2m_changed from django.dispatch import receiver from common.utils import get_logger from .models import Asset, SystemUser, Node from .tasks import update_assets_hardware_info_util, \ - test_asset_connectability_util, push_system_user_to_node, \ - push_node_system_users_to_asset + test_asset_connectability_util, push_system_user_to_assets logger = get_logger(__file__) @@ -31,7 +30,6 @@ def set_asset_root_node(asset): @receiver(post_save, sender=Asset, dispatch_uid="my_unique_identifier") def on_asset_created_or_update(sender, instance=None, created=False, **kwargs): - # set_asset_root_node(instance) if created: logger.info("Asset `{}` create signal received".format(instance)) update_asset_hardware_info_on_created(instance) @@ -41,25 +39,39 @@ def on_asset_created_or_update(sender, instance=None, created=False, **kwargs): @receiver(post_save, sender=SystemUser, dispatch_uid="my_unique_identifier") def on_system_user_update(sender, instance=None, created=True, **kwargs): if instance and not created: - for node in instance.nodes.all(): - push_system_user_to_node(instance, node) + logger.info("System user `{}` update signal received".format(instance)) + assets = instance.assets.all() + push_system_user_to_assets.delay(instance, assets) @receiver(m2m_changed, sender=SystemUser.nodes.through) -def on_system_user_node_change(sender, instance=None, **kwargs): +def on_system_user_nodes_change(sender, instance=None, **kwargs): if instance and kwargs["action"] == "post_add": - for pk in kwargs['pk_set']: - node = kwargs['model'].objects.get(pk=pk) - push_system_user_to_node(instance, node) + assets = set() + nodes = kwargs['model'].objects.filter(pk__in=kwargs['pk_set']) + for node in nodes: + assets.update(set(node.get_all_assets())) + instance.assets.add(*tuple(assets)) + + +@receiver(m2m_changed, sender=SystemUser.assets.through) +def on_system_user_assets_change(sender, instance=None, **kwargs): + if instance and kwargs["action"] == "post_add": + assets = kwargs['model'].objects.filter(pk__in=kwargs['pk_set']) + push_system_user_to_assets(instance, assets) @receiver(m2m_changed, sender=Asset.nodes.through) def on_asset_node_changed(sender, instance=None, **kwargs): if isinstance(instance, Asset) and kwargs['action'] == 'post_add': logger.debug("Asset node change signal received") - for pk in kwargs['pk_set']: - node = kwargs['model'].objects.get(pk=pk) - push_node_system_users_to_asset(node, [instance]) + nodes = kwargs['model'].objects.filter(pk__in=kwargs['pk_set']) + system_users_assets = defaultdict(set) + system_users = SystemUser.objects.filter(nodes__in=nodes) + for system_user in system_users: + system_users_assets[system_user].update({instance}) + for system_user, assets in system_users_assets.items(): + system_user.assets.add(*tuple(assets)) @receiver(m2m_changed, sender=Asset.nodes.through) @@ -67,5 +79,6 @@ def on_node_assets_changed(sender, instance=None, **kwargs): if isinstance(instance, Node) and kwargs['action'] == 'post_add': logger.debug("Node assets change signal received") assets = kwargs['model'].objects.filter(pk__in=kwargs['pk_set']) - push_node_system_users_to_asset(instance, assets) - + system_users = SystemUser.objects.filter(nodes=instance) + for system_user in system_users: + system_user.assets.add(*tuple(assets)) diff --git a/apps/assets/tasks.py b/apps/assets/tasks.py index 53a54764d..b51798e3d 100644 --- a/apps/assets/tasks.py +++ b/apps/assets/tasks.py @@ -386,52 +386,17 @@ def push_system_user_util(system_users, assets, task_name): return task.run() -def get_node_push_system_user_task_name(system_user, node): - - # return _("Push system user to node: {} => {}").format( - return _("推送系统用户到节点资产: {} => {}").format( - system_user.name, - node.value - ) - - -@shared_task -def push_system_user_to_node(system_user, node): - logger.info("Start push system user node: {} => {}".format(system_user.name, node.value)) - assets = node.get_all_assets() - task_name = get_node_push_system_user_task_name(system_user, node) - push_system_user_util([system_user], assets, task_name) - - -@shared_task -def push_system_user_related_nodes(system_user): - if not system_user.is_need_push(): - msg = "push system user `{}` passed, may be not auto push or ssh " \ - "protocol is not ssh".format(system_user.name) - logger.info(msg) - return - - nodes = system_user.nodes.all() - for node in nodes: - push_system_user_to_node(system_user, node) - - @shared_task def push_system_user_to_assets_manual(system_user): - push_system_user_related_nodes(system_user) + assets = system_user.get_assets() + task_name = "推送系统用户到入资产: {}".format(system_user.name) + return push_system_user_util([system_user], assets, task_name=task_name) -def push_node_system_users_to_asset(node, assets): - system_users = [] - nodes = node.ancestor_with_node - # 获取该节点所有父节点有的系统用户, 然后推送 - for n in nodes: - system_users.extend(list(n.systemuser_set.all())) - - if system_users: - # task_name = _("Push system users to node: {}").format(node.value) - task_name = _("推送节点系统用户到新加入资产中: {}").format(node.value) - push_system_user_util.delay(system_users, assets, task_name) +@shared_task +def push_system_user_to_assets(system_user, assets): + task_name = _("推送系统用户到入资产: {}").format(system_user.name) + return push_system_user_util.delay([system_user], assets, task_name) # @shared_task diff --git a/apps/assets/templates/assets/asset_create.html b/apps/assets/templates/assets/asset_create.html index 7f01e0530..eca0f6a03 100644 --- a/apps/assets/templates/assets/asset_create.html +++ b/apps/assets/templates/assets/asset_create.html @@ -34,7 +34,7 @@
- {% for name, labels in form.labels.field.queryset|group_labels %} {% for label in labels %} diff --git a/apps/assets/templates/assets/asset_update.html b/apps/assets/templates/assets/asset_update.html index 3e96438bc..3d42ca2b5 100644 --- a/apps/assets/templates/assets/asset_update.html +++ b/apps/assets/templates/assets/asset_update.html @@ -39,7 +39,7 @@
- {% for name, labels in form.labels.field.queryset|group_labels %} {% for label in labels %} diff --git a/apps/perms/api.py b/apps/perms/api.py index 6b0b15f76..0ec3a7980 100644 --- a/apps/perms/api.py +++ b/apps/perms/api.py @@ -7,9 +7,9 @@ from rest_framework.generics import ListAPIView, get_object_or_404 from rest_framework import viewsets from users.permissions import IsValidUser, IsSuperUser, IsSuperUserOrAppUser -from .utils import NodePermissionUtil -from .models import NodePermission -from .hands import AssetGrantedSerializer, User, UserGroup, Asset, \ +from .utils import AssetPermissionUtil +from .models import AssetPermission +from .hands import AssetGrantedSerializer, User, UserGroup, Asset, Node, \ NodeGrantedSerializer, SystemUser, NodeSerializer from . import serializers @@ -18,7 +18,7 @@ class AssetPermissionViewSet(viewsets.ModelViewSet): """ 资产授权列表的增删改查api """ - queryset = NodePermission.objects.all() + queryset = AssetPermission.objects.all() serializer_class = serializers.AssetPermissionCreateUpdateSerializer permission_classes = (IsSuperUser,) @@ -27,15 +27,6 @@ class AssetPermissionViewSet(viewsets.ModelViewSet): return serializers.AssetPermissionListSerializer return self.serializer_class - def get_queryset(self): - queryset = super().get_queryset() - node_id = self.request.query_params.get('node_id') - - if node_id: - queryset = queryset.filter(node__id=node_id) - - return queryset - class UserGrantedAssetsApi(ListAPIView): """ @@ -53,7 +44,7 @@ class UserGrantedAssetsApi(ListAPIView): else: user = self.request.user - for k, v in NodePermissionUtil.get_user_assets(user).items(): + for k, v in AssetPermissionUtil.get_user_assets(user).items(): if k.is_unixlike(): system_users_granted = [s for s in v if s.protocol == 'ssh'] else: @@ -78,14 +69,14 @@ class UserGrantedNodesApi(ListAPIView): user = get_object_or_404(User, id=user_id) else: user = self.request.user - nodes = NodePermissionUtil.get_user_nodes(user) + nodes = AssetPermissionUtil.get_user_nodes_with_assets(user) return nodes.keys() class UserGrantedNodesWithAssetsApi(ListAPIView): """ 授权用户的资产组,注:这里的资产组并非是授权列表中授权的, - 而是把所有资产取出来,然后反查出所有资产组,然后合并得到, + 而是把所有资产取出来,然后反查出所有节点,然后合并得到, 结果里也包含资产组下授权的资产 数据结构如下: [ @@ -121,18 +112,12 @@ class UserGrantedNodesWithAssetsApi(ListAPIView): else: user = get_object_or_404(User, id=user_id) - nodes = NodePermissionUtil.get_user_nodes_with_assets(user) - assets = {} - for k, v in NodePermissionUtil.get_user_assets(user).items(): - if k.is_unixlike(): - system_users_granted = [s for s in v if s.protocol == 'ssh'] - else: - system_users_granted = [s for s in v if s.protocol == 'rdp'] - assets[k] = system_users_granted - for node, v in nodes.items(): - for asset in v['assets']: - asset.system_users_granted = assets[asset] - node.assets_granted = v['assets'] + nodes = AssetPermissionUtil.get_user_nodes_with_assets(user) + for node, _assets in nodes.items(): + assets = _assets.keys() + for asset, system_users in _assets.items(): + asset.system_users_granted = system_users + node.assets_granted = assets queryset.append(node) return queryset @@ -142,6 +127,26 @@ class UserGrantedNodesWithAssetsApi(ListAPIView): return super().get_permissions() +class UserGrantedNodeAssetsApi(ListAPIView): + permission_classes = (IsSuperUserOrAppUser,) + serializer_class = AssetGrantedSerializer + + def get_queryset(self): + user_id = self.kwargs.get('pk', '') + node_id = self.kwargs.get('node_id') + + if user_id: + user = get_object_or_404(User, id=user_id) + else: + user = self.request.user + node = get_object_or_404(Node, id=node_id) + nodes = AssetPermissionUtil.get_user_nodes_with_assets(user) + assets = nodes.get(node, []) + for asset, system_users in assets.items(): + asset.system_users_granted = system_users + return assets + + class UserGroupGrantedAssetsApi(ListAPIView): permission_classes = (IsSuperUser,) serializer_class = AssetGrantedSerializer @@ -154,7 +159,7 @@ class UserGroupGrantedAssetsApi(ListAPIView): return queryset user_group = get_object_or_404(UserGroup, id=user_group_id) - assets = NodePermissionUtil.get_user_group_assets(user_group) + assets = AssetPermissionUtil.get_user_group_assets(user_group) for k, v in assets.items(): k.system_users_granted = v queryset.append(k) @@ -171,8 +176,8 @@ class UserGroupGrantedNodesApi(ListAPIView): if group_id: group = get_object_or_404(UserGroup, id=group_id) - nodes = NodePermissionUtil.get_user_group_nodes(group) - queryset = nodes.keys() + nodes = AssetPermissionUtil.get_user_group_nodes_with_assets(group) + return nodes.keys() return queryset @@ -188,15 +193,33 @@ class UserGroupGrantedNodesWithAssetsApi(ListAPIView): return queryset user_group = get_object_or_404(UserGroup, id=user_group_id) - nodes = NodePermissionUtil.get_user_group_nodes_with_assets(user_group) - for node, v in nodes.items(): - for asset in v['assets']: - asset.system_users_granted = v['system_users'] - node.assets_granted = v['assets'] + nodes = AssetPermissionUtil.get_user_group_nodes_with_assets(user_group) + for node, _assets in nodes.items(): + assets = _assets.keys() + for asset, system_users in _assets.items(): + asset.system_users_granted = system_users + node.assets_granted = assets queryset.append(node) return queryset +class UserGroupGrantedNodeAssetsApi(ListAPIView): + permission_classes = (IsSuperUserOrAppUser,) + serializer_class = AssetGrantedSerializer + + def get_queryset(self): + user_group_id = self.kwargs.get('pk', '') + node_id = self.kwargs.get('node_id') + + user_group = get_object_or_404(UserGroup, id=user_group_id) + node = get_object_or_404(Node, id=node_id) + nodes = AssetPermissionUtil.get_user_group_nodes_with_assets(user_group) + assets = nodes.get(node, []) + for asset, system_users in assets.items(): + asset.system_users_granted = system_users + return assets + + class ValidateUserAssetPermissionView(APIView): permission_classes = (IsSuperUserOrAppUser,) @@ -210,7 +233,7 @@ class ValidateUserAssetPermissionView(APIView): asset = get_object_or_404(Asset, id=asset_id) system_user = get_object_or_404(SystemUser, id=system_id) - assets_granted = NodePermissionUtil.get_user_assets(user) + assets_granted = AssetPermissionUtil.get_user_assets(user) if system_user in assets_granted.get(asset, []): return Response({'msg': True}, status=200) else: diff --git a/apps/perms/serializers.py b/apps/perms/serializers.py index 6decf663b..22306cad2 100644 --- a/apps/perms/serializers.py +++ b/apps/perms/serializers.py @@ -1,29 +1,19 @@ # -*- coding: utf-8 -*- # -from django.utils.translation import ugettext_lazy as _ from rest_framework import serializers -from common.utils import get_object_or_none -from common.fields import StringIDField -from .models import AssetPermission, NodePermission +from .models import AssetPermission class AssetPermissionCreateUpdateSerializer(serializers.ModelSerializer): class Meta: - model = NodePermission - fields = [ - 'id', 'node', 'user_group', 'system_user', - 'is_active', 'date_expired' - ] + model = AssetPermission + exclude = ('id', 'create_by', 'date_created') class AssetPermissionListSerializer(serializers.ModelSerializer): - node = StringIDField(read_only=True) - user_group = StringIDField(read_only=True) - system_user = StringIDField(read_only=True) - class Meta: - model = NodePermission + model = AssetPermission fields = '__all__' @@ -40,14 +30,3 @@ class AssetPermissionUpdateAssetSerializer(serializers.ModelSerializer): model = AssetPermission fields = ['id', 'assets'] - -class UserAssetPermissionCreateUpdateSerializer(AssetPermissionCreateUpdateSerializer): - is_inherited = serializers.SerializerMethodField() - - @staticmethod - def get_is_inherited(obj): - if getattr(obj, 'inherited', ''): - return True - else: - return False - diff --git a/apps/perms/signals_handler.py b/apps/perms/signals_handler.py index ab16a85e7..e6127f836 100644 --- a/apps/perms/signals_handler.py +++ b/apps/perms/signals_handler.py @@ -1,18 +1,42 @@ # -*- coding: utf-8 -*- # - -from django.db.models.signals import post_save, post_delete +from django.db.models.signals import m2m_changed from django.dispatch import receiver from common.utils import get_logger -from .models import NodePermission +from .models import AssetPermission logger = get_logger(__file__) -@receiver(post_save, sender=NodePermission, dispatch_uid="my_unique_identifier") -def on_asset_permission_create_or_update(sender, instance=None, **kwargs): - if instance and instance.node and instance.system_user: - instance.system_user.nodes.add(instance.node) +@receiver(m2m_changed, sender=AssetPermission.nodes.through) +def on_permission_nodes_changed(sender, instance=None, **kwargs): + if isinstance(instance, AssetPermission) and kwargs['action'] == 'post_add': + logger.debug("Asset permission nodes change signal received") + nodes = kwargs['model'].objects.filter(pk__in=kwargs['pk_set']) + system_users = instance.system_users.all() + for system_user in system_users: + system_user.nodes.add(*tuple(nodes)) + +@receiver(m2m_changed, sender=AssetPermission.assets.through) +def on_permission_assets_changed(sender, instance=None, **kwargs): + if isinstance(instance, AssetPermission) and kwargs['action'] == 'post_add': + logger.debug("Asset permission assets change signal received") + assets = kwargs['model'].objects.filter(pk__in=kwargs['pk_set']) + system_users = instance.system_users.all() + for system_user in system_users: + system_user.assets.add(*tuple(assets)) + + +@receiver(m2m_changed, sender=AssetPermission.system_users.through) +def on_permission_system_users_changed(sender, instance=None, **kwargs): + if isinstance(instance, AssetPermission) and kwargs['action'] == 'post_add': + logger.debug("Asset permission system_users change signal received") + system_users = kwargs['model'].objects.filter(pk__in=kwargs['pk_set']) + assets = instance.assets.all() + nodes = instance.nodes.all() + for system_user in system_users: + system_user.nodes.add(*tuple(nodes)) + system_user.assets.add(*tuple(assets)) diff --git a/apps/perms/templates/perms/asset_permission_list.html b/apps/perms/templates/perms/asset_permission_list.html index 84ad0f4f0..6980ba838 100644 --- a/apps/perms/templates/perms/asset_permission_list.html +++ b/apps/perms/templates/perms/asset_permission_list.html @@ -116,7 +116,7 @@ {% trans "Update" %} - {% trans "Delete" %} + {% trans "Delete" %} {{ object.users_detail }} {{ object.user_groups_detail }} @@ -147,6 +147,15 @@ calendarWeeks: true, autoclose: true }); + }).on('click', '.btn-delete', function () { + var $this = $(this); + var uid = $this.data('uid'); + var the_url = '{% url "api-perms:asset-permission-detail" pk=DEFAULT_PK %}'.replace('{{ DEFAULT_PK }}', uid); + var name = $(this).closest("tr").find(":nth-child(2)").children('a').html(); + objectDelete($this, name, the_url); + setTimeout( function () { + window.reload(); + }, 1000); }); {% endblock %} diff --git a/apps/perms/urls/api_urls.py b/apps/perms/urls/api_urls.py index 78c869b2e..d114e4f0b 100644 --- a/apps/perms/urls/api_urls.py +++ b/apps/perms/urls/api_urls.py @@ -15,6 +15,8 @@ urlpatterns = [ url(r'^v1/user/assets/$', api.UserGrantedAssetsApi.as_view(), name='my-assets'), url(r'^v1/user/(?P[0-9a-zA-Z\-]{36})/nodes/$', api.UserGrantedNodesApi.as_view(), name='user-nodes'), url(r'^v1/user/nodes/$', api.UserGrantedNodesApi.as_view(), name='my-nodes'), + url(r'^v1/user/(?P[0-9a-zA-Z\-]{36})/nodes/(?P[0-9a-zA-Z\-]{36})/assets/$', api.UserGrantedNodeAssetsApi.as_view(), name='user-node-assets'), + url(r'^v1/user/nodes/(?P[0-9a-zA-Z\-]{36})/assets/$', api.UserGrantedNodeAssetsApi.as_view(), name='my-node-assets'), url(r'^v1/user/(?P[0-9a-zA-Z\-]{36})/nodes-assets/$', api.UserGrantedNodesWithAssetsApi.as_view(), name='user-nodes-assets'), url(r'^v1/user/nodes-assets/$', api.UserGrantedNodesWithAssetsApi.as_view(), name='my-nodes-assets'), @@ -22,6 +24,7 @@ urlpatterns = [ url(r'^v1/user-group/(?P[0-9a-zA-Z\-]{36})/assets/$', api.UserGroupGrantedAssetsApi.as_view(), name='user-group-assets'), url(r'^v1/user-group/(?P[0-9a-zA-Z\-]{36})/nodes/$', api.UserGroupGrantedNodesApi.as_view(), name='user-group-nodes'), url(r'^v1/user-group/(?P[0-9a-zA-Z\-]{36})/nodes-assets/$', api.UserGroupGrantedNodesWithAssetsApi.as_view(), name='user-group-nodes-assets'), + url(r'^v1/user-group/(?P[0-9a-zA-Z\-]{36})/nodes/(?P[0-9a-zA-Z\-]{36})/assets/$', api.UserGroupGrantedNodeAssetsApi.as_view(), name='user-group-node-assets'), # 验证用户是否有某个资产和系统用户的权限 url(r'v1/asset-permission/user/validate/$', api.ValidateUserAssetPermissionView.as_view(), name='validate-user-asset-permission'), diff --git a/apps/perms/utils.py b/apps/perms/utils.py index 5947ccefb..81ac4bf05 100644 --- a/apps/perms/utils.py +++ b/apps/perms/utils.py @@ -12,7 +12,7 @@ from .models import AssetPermission logger = get_logger(__file__) -class AssetPermissionUtils: +class AssetPermissionUtil: @staticmethod def get_user_permissions(user): @@ -81,6 +81,23 @@ class AssetPermissionUtils: assets[asset].update(set(_system_users)) return assets + @classmethod + def get_user_group_nodes_with_assets(cls, user): + """ + :param user: + :return: {node: {asset: set(su1, su2)}} + """ + nodes = defaultdict(dict) + _assets = cls.get_user_group_assets(user) + for asset, _system_users in _assets.items(): + _nodes = asset.get_nodes() + for node in _nodes: + if asset in nodes[node]: + nodes[node][asset].update(_system_users) + else: + nodes[node][asset] = _system_users + return nodes + @classmethod def get_user_assets_direct(cls, user): assets = defaultdict(set) @@ -142,7 +159,7 @@ class AssetPermissionUtils: return assets @classmethod - def get_user_node_with_assets(cls, user): + def get_user_nodes_with_assets(cls, user): """ :param user: :return: {node: {asset: set(su1, su2)}} @@ -178,8 +195,11 @@ class AssetPermissionUtils: return system_users - +# Abandon class NodePermissionUtil: + """ + + """ @staticmethod def get_user_group_permissions(user_group): diff --git a/apps/users/templates/users/user_granted_asset.html b/apps/users/templates/users/user_granted_asset.html index 92f355d9f..ec807aec5 100644 --- a/apps/users/templates/users/user_granted_asset.html +++ b/apps/users/templates/users/user_granted_asset.html @@ -44,7 +44,7 @@ {% trans 'Hostname' %} {% trans 'IP' %} {% trans 'Active' %} - {% trans 'Reachable' %} + {% trans 'System users' %} @@ -63,6 +63,8 @@