import time from collections import defaultdict from django.db.models import Q from common.utils import get_logger from perms.models import AssetPermission, Action from perms.hands import Asset, User, UserGroup, SystemUser, Node from perms.utils.asset.user_permission import get_user_all_asset_perm_ids logger = get_logger(__file__) def validate_permission(user, asset, system_user, action='connect'): if not system_user.protocol in asset.protocols_as_dict.keys(): return False, time.time() asset_perm_ids = get_user_all_asset_perm_ids(user) asset_perm_ids_from_asset = AssetPermission.assets.through.objects.filter( assetpermission_id__in=asset_perm_ids, asset_id=asset.id ).values_list('assetpermission_id', flat=True) nodes = asset.get_nodes() node_keys = set() for node in nodes: ancestor_keys = node.get_ancestor_keys(with_self=True) node_keys.update(ancestor_keys) node_ids = Node.objects.filter(key__in=node_keys).values_list('id', flat=True) node_ids = set(node_ids) asset_perm_ids_from_node = AssetPermission.nodes.through.objects.filter( assetpermission_id__in=asset_perm_ids, node_id__in=node_ids ).values_list('assetpermission_id', flat=True) asset_perm_ids = {*asset_perm_ids_from_asset, *asset_perm_ids_from_node} asset_perm_ids = AssetPermission.system_users.through.objects.filter( assetpermission_id__in=asset_perm_ids, systemuser_id=system_user.id ).values_list('assetpermission_id', flat=True) asset_perm_ids = set(asset_perm_ids) asset_perms = AssetPermission.objects.filter( id__in=asset_perm_ids ).order_by('-date_expired') if asset_perms: actions = set() actions_values = asset_perms.values_list('actions', flat=True) for value in actions_values: _actions = Action.value_to_choices(value) actions.update(_actions) asset_perm: AssetPermission = asset_perms.first() actions = list(actions) expire_at = asset_perm.date_expired.timestamp() else: actions = [] expire_at = time.time() # TODO: 组件改造API完成后统一通过actions判断has_perm has_perm = action in actions return has_perm, actions, expire_at def get_asset_system_user_ids_with_actions(asset_perm_ids, asset: Asset): nodes = asset.get_nodes() node_keys = set() for node in nodes: ancestor_keys = node.get_ancestor_keys(with_self=True) node_keys.update(ancestor_keys) queryset = AssetPermission.objects.filter(id__in=asset_perm_ids)\ .filter(Q(assets=asset) | Q(nodes__key__in=node_keys)) asset_protocols = asset.protocols_as_dict.keys() values = queryset.filter( system_users__protocol__in=asset_protocols ).distinct().values_list('system_users', 'actions') system_users_actions = defaultdict(int) for system_user_id, actions in values: if None in (system_user_id, actions): continue system_users_actions[system_user_id] |= actions return system_users_actions def get_asset_system_user_ids_with_actions_by_user(user: User, asset: Asset): asset_perm_ids = get_user_all_asset_perm_ids(user) return get_asset_system_user_ids_with_actions(asset_perm_ids, asset) def has_asset_system_permission(user: User, asset: Asset, system_user: SystemUser): systemuser_actions_mapper = get_asset_system_user_ids_with_actions_by_user(user, asset) actions = systemuser_actions_mapper.get(system_user.id, 0) if actions: return True return False def get_asset_system_user_ids_with_actions_by_group(group: UserGroup, asset: Asset): asset_perm_ids = AssetPermission.objects.filter( user_groups=group ).valid().values_list('id', flat=True).distinct() return get_asset_system_user_ids_with_actions(asset_perm_ids, asset) def get_asset_actions(user, asset, system_user): systemuser_actions_mapper = get_asset_system_user_ids_with_actions_by_user(user, asset) actions = systemuser_actions_mapper.get(system_user.id, 0) return actions