# ~*~ coding: utf-8 ~*~ from __future__ import absolute_import, unicode_literals from datetime import timedelta from collections import defaultdict from django.db.transaction import atomic from django.conf import settings from celery import shared_task from users.models import User from orgs.utils import tmp_to_root_org from common.utils import get_logger from common.utils.timezone import now, dt_formater, dt_parser from ops.celery.decorator import register_as_period_task from perms.notifications import ( AssetPermWillExpireMsg, AssetPermWillExpireForOrgAdminMsg, AssetPermWillExpireForAdminMsg, AppPermWillExpireMsg, AppPermWillExpireForOrgAdminMsg, AppPermWillExpireForAdminMsg, ) from perms.models import AssetPermission, ApplicationPermission from perms.utils.asset.user_permission import UserGrantedTreeRefreshController logger = get_logger(__file__) @register_as_period_task(interval=settings.PERM_EXPIRED_CHECK_PERIODIC) @shared_task() @atomic() @tmp_to_root_org() def check_asset_permission_expired(): """ 这里的任务要足够短,不要影响周期任务 """ from settings.models import Setting setting_name = 'last_asset_perm_expired_check' end = now() default_start = end - timedelta(days=36000) # Long long ago in china defaults = {'value': dt_formater(default_start)} setting, created = Setting.objects.get_or_create( name=setting_name, defaults=defaults ) if created: start = default_start else: start = dt_parser(setting.value) setting.value = dt_formater(end) setting.save() asset_perm_ids = AssetPermission.objects.filter( date_expired__gte=start, date_expired__lte=end ).distinct().values_list('id', flat=True) asset_perm_ids = list(asset_perm_ids) logger.info(f'>>> checking {start} to {end} have {asset_perm_ids} expired') UserGrantedTreeRefreshController.add_need_refresh_by_asset_perm_ids_cross_orgs(asset_perm_ids) @register_as_period_task(crontab='0 10 * * *') @shared_task() @atomic() @tmp_to_root_org() def check_asset_permission_will_expired(): start = now() end = start + timedelta(days=3) user_asset_mapper = defaultdict(set) org_perm_mapper = defaultdict(set) asset_perms = AssetPermission.objects.filter( date_expired__gte=start, date_expired__lte=end ).distinct() for asset_perm in asset_perms: # 资产授权按照组织分类 org_perm_mapper[asset_perm.org].add(asset_perm) # 计算每个用户即将过期的资产 users = asset_perm.get_all_users() assets = asset_perm.get_all_assets() for u in users: user_asset_mapper[u].update(assets) for user, assets in user_asset_mapper.items(): AssetPermWillExpireMsg(user, assets).publish_async() admins = User.objects.filter(role=User.ROLE.ADMIN) if org_perm_mapper: for admin in admins: AssetPermWillExpireForAdminMsg(admin, org_perm_mapper).publish_async() for org, perms in org_perm_mapper.items(): org_admins = org.admins.exclude(role=User.ROLE.ADMIN) for org_admin in org_admins: AssetPermWillExpireForOrgAdminMsg(org_admin, perms, org).publish_async() @register_as_period_task(crontab='0 10 * * *') @shared_task() @atomic() @tmp_to_root_org() def check_app_permission_will_expired(): start = now() end = start + timedelta(days=3) app_perms = ApplicationPermission.objects.filter( date_expired__gte=start, date_expired__lte=end ).distinct() user_app_mapper = defaultdict(set) org_perm_mapper = defaultdict(set) for app_perm in app_perms: org_perm_mapper[app_perm.org].add(app_perm) users = app_perm.get_all_users() apps = app_perm.applications.all() for u in users: user_app_mapper[u].update(apps) for user, apps in user_app_mapper.items(): AppPermWillExpireMsg(user, apps).publish_async() admins = User.objects.filter(role=User.ROLE.ADMIN) if org_perm_mapper: for admin in admins: AppPermWillExpireForAdminMsg(admin, org_perm_mapper).publish_async() for org, perms in org_perm_mapper.items(): org_admins = org.admins.exclude(role=User.ROLE.ADMIN) for org_admin in org_admins: AppPermWillExpireForOrgAdminMsg(org_admin, perms, org).publish_async()