[Feature] 应用授权: DatabasePermission 添加用户授权的APIView

b74650c2 · BaiJiangJie · 1ae0a8d1 · b74650c2 · b74650c2 · b74650c2
Commit b74650c2 authored Aug 06, 2019 by BaiJiangJie
7 changed files
--- a/apps/perms/api/__init__.py
+++ b/apps/perms/api/__init__.py
@@ -7,3 +7,4 @@ from .user_group_permission import *
 from .remote_app_permission import *
 from .user_remote_app_permission import *
 from .database_permission import *
+from .user_database_permission import *
--- a/apps/perms/api/user_database_permission.py
+++ b/apps/perms/api/user_database_permission.py
+# coding: utf-8
+#
+from django.shortcuts import get_object_or_404
+from rest_framework.generics import ListAPIView
+from rest_framework.pagination import LimitOffsetPagination
+from common.permissions import IsOrgAdminOrAppUser, IsValidUser
+from ..hands import User, DatabaseSerializer
+from ..utils import (
+    DatabasePermissionUtil,
+)
+from ..mixins import DatabasesFilterMixin
+__all__ = [
+    'UserGrantedDatabasesApi',
+]
+class UserGrantedDatabasesApi(DatabasesFilterMixin, ListAPIView):
+    permission_classes = (IsOrgAdminOrAppUser,)
+    serializer_class = DatabaseSerializer
+    pagination_class = LimitOffsetPagination
+    def get_object(self):
+        user_id = self.kwargs.get('pk', '')
+        if user_id:
+            user = get_object_or_404(User, id=user_id)
+        else:
+            user = self.request.user
+        return user
+    def get_queryset(self):
+        util = DatabasePermissionUtil(self.get_object())
+        queryset = util.get_databases()
+        queryset = list(queryset)
+        return queryset
+    def get_permissions(self):
+        if self.kwargs.get('pk') is None:
+            self.permission_classes = (IsValidUser,)
+        return super().get_permissions()
--- a/apps/perms/hands.py
+++ b/apps/perms/hands.py
@@ -4,7 +4,7 @@
 from users.models import User, UserGroup
 from assets.models import Asset, SystemUser, Node, Label
 from assets.serializers import NodeSerializer
-from applications.serializers import RemoteAppSerializer
+from applications.serializers import RemoteAppSerializer, DatabaseSerializer
 from applications.models import RemoteApp, Database

--- a/apps/perms/mixins.py
+++ b/apps/perms/mixins.py
@@ -4,7 +4,8 @@
 from orgs.utils import set_to_root_org
 __all__ = [
-    'AssetsFilterMixin', 'RemoteAppFilterMixin', 'ChangeOrgIfNeedMixin',
+    'AssetsFilterMixin', 'RemoteAppFilterMixin', 'DatabasesFilterMixin',
+    'ChangeOrgIfNeedMixin',
 ]
@@ -103,6 +104,40 @@ class RemoteAppFilterMixin(object):
        return queryset
+class DatabasesFilterMixin(object):
+    """
+    对Database进行过滤（查询、排序）
+    """
+    def filter_queryset(self, queryset):
+        queryset = self.search_databases(queryset)
+        queryset = self.sort_databases(queryset)
+        return queryset
+    def search_databases(self, queryset):
+        value = self.request.query_params.get('search')
+        if not value:
+            return queryset
+        queryset = [
+            database for database in queryset if value in database.name
+        ]
+        return queryset
+    def sort_databases(self, queryset):
+        order_by = self.request.query_params.get('order')
+        if not order_by:
+            order_by = 'name'
+        if order_by.startswith('-'):
+            order_by = order_by.lstrip('-')
+            reverse = True
+        else:
+            reverse = False
+        queryset = sorted(
+            queryset, key=lambda x: getattr(x, order_by), reverse=reverse
+        )
+        return queryset
 class ChangeOrgIfNeedMixin(object):
    @staticmethod

--- a/apps/perms/urls/api_urls.py
+++ b/apps/perms/urls/api_urls.py
@@ -87,6 +87,10 @@ remote_app_permission_urlpatterns = [
 ]
 database_permission_urlpatterns = [
+    # 查询用户授权的Database
+    path('users/<uuid:pk>/databases/', api.UserGrantedDatabasesApi.as_view(), name='user-databases'),
+    path('users/databases/', api.UserGrantedDatabasesApi.as_view(), name='my-databases'),
    # 用户和Database变更
    path('database-permissions/<uuid:pk>/user/add/', api.DatabasePermissionAddUserApi.as_view(), name='database-permission-add-user'),
    path('database-permissions/<uuid:pk>/user/remove/', api.DatabasePermissionRemoveUserApi.as_view(), name='database-permission-remove-user'),

--- a/apps/perms/utils/__init__.py
+++ b/apps/perms/utils/__init__.py
@@ -3,3 +3,4 @@
 from .asset_permission import *
 from .remote_app_permission import *
+from .database_permission import *
--- a/apps/perms/utils/database_permission.py
+++ b/apps/perms/utils/database_permission.py
+# coding: utf-8
+#
+from django.db.models import Q
+from orgs.utils import set_to_root_org
+from ..models import DatabasePermission
+__all__ = [
+    'DatabasePermissionUtil',
+]
+def get_user_database_permissions(user, include_group=True):
+    if include_group:
+        groups = user.groups.all()
+        arg = Q(users=user) | Q(user_groups__in=groups)
+    else:
+        arg = Q(users=user)
+    return DatabasePermission.objects.all().valid().filter(arg)
+def get_user_group_database_permissions(user_group):
+    return DatabasePermission.objects.all().valid().filter(
+        user_groups=user_group
+    )
+class DatabasePermissionUtil:
+    get_permissions_map = {
+        'User': get_user_database_permissions,
+        'UserGroup': get_user_group_database_permissions
+    }
+    def __init__(self, obj):
+        self.object = obj
+        self.change_org_if_need()
+    @staticmethod
+    def change_org_if_need():
+        set_to_root_org()
+    @property
+    def permissions(self):
+        obj_class = self.object.__class__.__name__
+        func = self.get_permissions_map.get(obj_class)
+        _permissions = func(self.object)
+        return _permissions
+    def get_databases(self):
+        databases = set()
+        for perm in self.permissions:
+            databases.update(list(perm.databases.all()))
+        return databases