[Update] Merge

79554b47 · ibuler · 31d2f2a7 · 1983533e · 79554b47 · 79554b47
Commit 79554b47 authored Jul 02, 2019 by ibuler
Hide whitespace changes
Inline Side-by-side

Showing with 12 additions and 24 deletions

user_permission.py apps/perms/api/user_permission.py +12 -10

asset_permission.py apps/perms/utils/asset_permission.py +0 -14

No files found.
--- a/apps/perms/api/user_permission.py
+++ b/apps/perms/api/user_permission.py
@@ -17,12 +17,11 @@ from common.tree import TreeNodeSerializer
 from common.utils import get_logger
 from ..utils import (
    AssetPermissionUtil, parse_asset_to_tree_node, parse_node_to_tree_node,
-    check_system_user_action,
 )
 from ..hands import User, Asset, Node, SystemUser, NodeSerializer
 from .. import serializers, const
 from ..mixins import AssetsFilterMixin
-from ..models import Action
+from ..models import ActionFlag
 logger = get_logger(__name__)
@@ -405,7 +404,7 @@ class UserGrantedNodeChildrenApi(UserPermissionCacheMixin, ListAPIView):
 class ValidateUserAssetPermissionApi(UserPermissionCacheMixin, APIView):
    permission_classes = (IsOrgAdminOrAppUser,)
    def get(self, request, *args, **kwargs):
        user_id = request.query_params.get('user_id', '')
        asset_id = request.query_params.get('asset_id', '')
@@ -415,17 +414,17 @@ class ValidateUserAssetPermissionApi(UserPermissionCacheMixin, APIView):
        user = get_object_or_404(User, id=user_id)
        asset = get_object_or_404(Asset, id=asset_id)
        su = get_object_or_404(SystemUser, id=system_id)
-        action = get_object_or_404(Action, name=action_name)
        util = AssetPermissionUtil(user, cache_policy=self.cache_policy)
        granted_assets = util.get_assets()
-        granted_system_users = granted_assets.get(asset, [])
+        granted_system_users = granted_assets.get(asset, {})
        if su not in granted_system_users:
            return Response({'msg': False}, status=403)
-        _su = next((s for s in granted_system_users if s.id == su.id), None)
+        action = granted_system_users[su]
-        if not check_system_user_action(_su, action):
+        choices = ActionFlag.value_to_choices(action)
+        if action_name not in choices:
            return Response({'msg': False}, status=403)
        return Response({'msg': True}, status=200)
@@ -433,7 +432,7 @@ class ValidateUserAssetPermissionApi(UserPermissionCacheMixin, APIView):
 class GetUserAssetPermissionActionsApi(UserPermissionCacheMixin, RetrieveAPIView):
    permission_classes = (IsOrgAdminOrAppUser,)
-    serializers_class = serializers.ActionsSerializer
+    serializer_class = serializers.ActionsSerializer
    def get_object(self):
        user_id = self.request.query_params.get('user_id', '')
@@ -448,6 +447,9 @@ class GetUserAssetPermissionActionsApi(UserPermissionCacheMixin, RetrieveAPIView
        granted_assets = util.get_assets()
        granted_system_users = granted_assets.get(asset, {})
+        _object = {}
        if su not in granted_system_users:
-            return {"actions": 0}
+            _object['actions'] = 0
-        return granted_system_users[su]
+        else:
+            _object['actions'] = granted_system_users[su]
+        return _object
--- a/apps/perms/utils/asset_permission.py
+++ b/apps/perms/utils/asset_permission.py
@@ -27,7 +27,6 @@ logger = get_logger(__file__)
 __all__ = [
    'AssetPermissionUtil', 'is_obj_attr_has', 'sort_assets',
    'parse_asset_to_tree_node', 'parse_node_to_tree_node',
-    'check_system_user_action',
 ]
@@ -597,16 +596,3 @@ def parse_asset_to_tree_node(node, asset, system_users):
    }
    tree_node = TreeNode(**data)
    return tree_node
-def check_system_user_action(system_user, action):
-    """
-    :param system_user: SystemUser object (包含动态属性: actions)
-    :param action: Action object
-    :return: bool
-    """
-    check_actions = [Action.get_action_all(), action]
-    granted_actions = getattr(system_user, 'actions', [])
-    actions = list(set(granted_actions).intersection(set(check_actions)))
-    return bool(actions)