You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
jumpserver/apps/perms/tasks.py

106 lines
3.9 KiB

# ~*~ coding: utf-8 ~*~
from __future__ import absolute_import, unicode_literals
from collections import defaultdict
from datetime import timedelta
from celery import shared_task
from django.conf import settings
from django.db.transaction import atomic
from django.utils.translation import gettext_lazy as _
from common.const.crontab import CRONTAB_AT_AM_TEN
from common.utils import get_logger
from common.utils.timezone import local_now, dt_parser
from ops.celery.decorator import register_as_period_task
from orgs.utils import tmp_to_root_org
from perms.models import AssetPermission
from perms.notifications import (
PermedAssetsWillExpireUserMsg,
AssetPermsWillExpireForOrgAdminMsg,
)
from perms.utils import UserPermTreeExpireUtil
logger = get_logger(__file__)
@shared_task(
verbose_name=_('Check asset permission expired'),
description=_(
"""
The cache of organizational collections, which have completed user authorization tree
construction, will expire. Therefore, expired collections need to be cleared from the
cache, and this task will be executed periodically based on the time interval specified
by PERM_EXPIRED_CHECK_PERIODIC in the system configuration file config.txt
"""
)
)
@register_as_period_task(interval=settings.PERM_EXPIRED_CHECK_PERIODIC)
@atomic()
@tmp_to_root_org()
def check_asset_permission_expired():
""" 这里的任务要足够短,不要影响周期任务 """
perms = AssetPermission.objects.get_expired_permissions()
perm_ids = list(perms.distinct().values_list('id', flat=True))
show_perm_ids = perm_ids[:5]
logger.info(f'Checking expired permissions: {show_perm_ids} ...')
UserPermTreeExpireUtil().expire_perm_tree_for_perms(perm_ids)
@shared_task(
verbose_name=_('Send asset permission expired notification'),
description=_(
"""
Check every day at 10 a.m. and send a notification message to users associated with
assets whose authorization is about to expire, as well as to the organization's
administrators, 3 days in advance, to remind them that the asset authorization will
expire in a few days
"""
)
)
@register_as_period_task(crontab=CRONTAB_AT_AM_TEN)
@atomic()
@tmp_to_root_org()
def check_asset_permission_will_expired():
start = local_now()
end = start + timedelta(days=3)
user_asset_remain_day_mapper = defaultdict(dict)
org_perm_remain_day_mapper = defaultdict(dict)
asset_perms = AssetPermission.objects.filter(
date_expired__gte=start,
date_expired__lte=end
).distinct()
for asset_perm in asset_perms:
date_expired = dt_parser(asset_perm.date_expired)
remain_days = (date_expired - start).days
org = asset_perm.org
# 资产授权按照组织分类
if org in org_perm_remain_day_mapper[remain_days]:
org_perm_remain_day_mapper[remain_days][org].add(asset_perm)
else:
org_perm_remain_day_mapper[remain_days][org] = {asset_perm, }
# 计算每个用户即将过期的资产
users = asset_perm.get_all_users()
assets = asset_perm.get_all_assets()
for u in users:
if u in user_asset_remain_day_mapper[remain_days]:
user_asset_remain_day_mapper[remain_days][u].update(assets)
else:
user_asset_remain_day_mapper[remain_days][u] = set(assets)
for day_count, user_asset_mapper in user_asset_remain_day_mapper.items():
for user, assets in user_asset_mapper.items():
PermedAssetsWillExpireUserMsg(user, assets, day_count).publish_async()
for day_count, org_perm_mapper in org_perm_remain_day_mapper.items():
for org, perms in org_perm_mapper.items():
org_admins = org.admins.all()
for org_admin in org_admins:
AssetPermsWillExpireForOrgAdminMsg(org_admin, perms, org, day_count).publish_async()