mirror of https://github.com/jumpserver/jumpserver
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
93 lines
2.9 KiB
93 lines
2.9 KiB
from django.db.models import Q
|
|
from django.utils.translation import ugettext_lazy as _
|
|
from django.contrib.auth.models import Permission as DjangoPermission
|
|
from django.contrib.auth.models import ContentType as DjangoContentType
|
|
|
|
from .. import const
|
|
|
|
Scope = const.Scope
|
|
|
|
__all__ = ['Permission', 'ContentType']
|
|
|
|
|
|
class ContentType(DjangoContentType):
|
|
class Meta:
|
|
proxy = True
|
|
|
|
@property
|
|
def app_model(self):
|
|
return '%s.%s' % (self.app_label, self.model)
|
|
|
|
|
|
class Permission(DjangoPermission):
|
|
""" 权限类 """
|
|
class Meta:
|
|
proxy = True
|
|
verbose_name = _('Permissions')
|
|
|
|
@classmethod
|
|
def to_perms(cls, queryset):
|
|
perms = queryset.values_list(
|
|
'content_type__app_label', 'codename'
|
|
)
|
|
perms = list(set(["%s.%s" % (ct, codename) for ct, codename in perms]))
|
|
return sorted(perms)
|
|
|
|
@property
|
|
def app_label_codename(self):
|
|
return '%s.%s' % (self.content_type.app_label, self.codename)
|
|
|
|
@classmethod
|
|
def get_define_permissions_q(cls, defines):
|
|
"""
|
|
:param defines: [(app, model, codename),]
|
|
:return:
|
|
"""
|
|
if not defines:
|
|
return None
|
|
q = Q()
|
|
|
|
for define in defines:
|
|
app_label, model, actions, resource, *args = list(define)
|
|
kwargs = {}
|
|
if app_label != '*':
|
|
kwargs['content_type__app_label'] = app_label
|
|
if model != '*':
|
|
kwargs['content_type__model'] = model
|
|
|
|
actions_list = [a.strip() for a in actions.split(',')]
|
|
actions_regex = '|'.join(actions_list)
|
|
if actions == '*' and resource == '*':
|
|
pass
|
|
elif actions == '*' and resource != '*':
|
|
kwargs['codename__iregex'] = r'[a-z]+_{}$'.format(resource)
|
|
elif actions != '*' and resource == '*':
|
|
kwargs['codename__iregex'] = r'({})_[a-z]+'.format(actions_regex)
|
|
else:
|
|
kwargs['codename__iregex'] = r'({})_{}$'.format(actions_regex, resource)
|
|
q |= Q(**kwargs)
|
|
return q
|
|
|
|
@classmethod
|
|
def clean_permissions(cls, permissions, scope=Scope.system):
|
|
if scope == Scope.org:
|
|
excludes = const.org_exclude_permissions
|
|
else:
|
|
excludes = const.system_exclude_permissions
|
|
q = cls.get_define_permissions_q(excludes)
|
|
if q:
|
|
permissions = permissions.exclude(q)
|
|
return permissions
|
|
|
|
@staticmethod
|
|
def create_tree_nodes(permissions, scope, check_disabled=False):
|
|
from ..tree import PermissionTreeUtil
|
|
util = PermissionTreeUtil(permissions, scope, check_disabled)
|
|
return util.create_tree_nodes()
|
|
|
|
@classmethod
|
|
def get_permissions(cls, scope):
|
|
permissions = cls.objects.all()
|
|
permissions = cls.clean_permissions(permissions, scope=scope)
|
|
return permissions
|