Commit b74650c2 authored by BaiJiangJie's avatar BaiJiangJie

[Feature] 应用授权: DatabasePermission 添加用户授权的APIView

parent 1ae0a8d1
...@@ -7,3 +7,4 @@ from .user_group_permission import * ...@@ -7,3 +7,4 @@ from .user_group_permission import *
from .remote_app_permission import * from .remote_app_permission import *
from .user_remote_app_permission import * from .user_remote_app_permission import *
from .database_permission import * from .database_permission import *
from .user_database_permission import *
# coding: utf-8
#
from django.shortcuts import get_object_or_404
from rest_framework.generics import ListAPIView
from rest_framework.pagination import LimitOffsetPagination
from common.permissions import IsOrgAdminOrAppUser, IsValidUser
from ..hands import User, DatabaseSerializer
from ..utils import (
DatabasePermissionUtil,
)
from ..mixins import DatabasesFilterMixin
__all__ = [
'UserGrantedDatabasesApi',
]
class UserGrantedDatabasesApi(DatabasesFilterMixin, ListAPIView):
permission_classes = (IsOrgAdminOrAppUser,)
serializer_class = DatabaseSerializer
pagination_class = LimitOffsetPagination
def get_object(self):
user_id = self.kwargs.get('pk', '')
if user_id:
user = get_object_or_404(User, id=user_id)
else:
user = self.request.user
return user
def get_queryset(self):
util = DatabasePermissionUtil(self.get_object())
queryset = util.get_databases()
queryset = list(queryset)
return queryset
def get_permissions(self):
if self.kwargs.get('pk') is None:
self.permission_classes = (IsValidUser,)
return super().get_permissions()
...@@ -4,7 +4,7 @@ ...@@ -4,7 +4,7 @@
from users.models import User, UserGroup from users.models import User, UserGroup
from assets.models import Asset, SystemUser, Node, Label from assets.models import Asset, SystemUser, Node, Label
from assets.serializers import NodeSerializer from assets.serializers import NodeSerializer
from applications.serializers import RemoteAppSerializer from applications.serializers import RemoteAppSerializer, DatabaseSerializer
from applications.models import RemoteApp, Database from applications.models import RemoteApp, Database
......
...@@ -4,7 +4,8 @@ ...@@ -4,7 +4,8 @@
from orgs.utils import set_to_root_org from orgs.utils import set_to_root_org
__all__ = [ __all__ = [
'AssetsFilterMixin', 'RemoteAppFilterMixin', 'ChangeOrgIfNeedMixin', 'AssetsFilterMixin', 'RemoteAppFilterMixin', 'DatabasesFilterMixin',
'ChangeOrgIfNeedMixin',
] ]
...@@ -103,6 +104,40 @@ class RemoteAppFilterMixin(object): ...@@ -103,6 +104,40 @@ class RemoteAppFilterMixin(object):
return queryset return queryset
class DatabasesFilterMixin(object):
"""
对Database进行过滤(查询、排序)
"""
def filter_queryset(self, queryset):
queryset = self.search_databases(queryset)
queryset = self.sort_databases(queryset)
return queryset
def search_databases(self, queryset):
value = self.request.query_params.get('search')
if not value:
return queryset
queryset = [
database for database in queryset if value in database.name
]
return queryset
def sort_databases(self, queryset):
order_by = self.request.query_params.get('order')
if not order_by:
order_by = 'name'
if order_by.startswith('-'):
order_by = order_by.lstrip('-')
reverse = True
else:
reverse = False
queryset = sorted(
queryset, key=lambda x: getattr(x, order_by), reverse=reverse
)
return queryset
class ChangeOrgIfNeedMixin(object): class ChangeOrgIfNeedMixin(object):
@staticmethod @staticmethod
......
...@@ -87,6 +87,10 @@ remote_app_permission_urlpatterns = [ ...@@ -87,6 +87,10 @@ remote_app_permission_urlpatterns = [
] ]
database_permission_urlpatterns = [ database_permission_urlpatterns = [
# 查询用户授权的Database
path('users/<uuid:pk>/databases/', api.UserGrantedDatabasesApi.as_view(), name='user-databases'),
path('users/databases/', api.UserGrantedDatabasesApi.as_view(), name='my-databases'),
# 用户和Database变更 # 用户和Database变更
path('database-permissions/<uuid:pk>/user/add/', api.DatabasePermissionAddUserApi.as_view(), name='database-permission-add-user'), path('database-permissions/<uuid:pk>/user/add/', api.DatabasePermissionAddUserApi.as_view(), name='database-permission-add-user'),
path('database-permissions/<uuid:pk>/user/remove/', api.DatabasePermissionRemoveUserApi.as_view(), name='database-permission-remove-user'), path('database-permissions/<uuid:pk>/user/remove/', api.DatabasePermissionRemoveUserApi.as_view(), name='database-permission-remove-user'),
......
...@@ -3,3 +3,4 @@ ...@@ -3,3 +3,4 @@
from .asset_permission import * from .asset_permission import *
from .remote_app_permission import * from .remote_app_permission import *
from .database_permission import *
# coding: utf-8
#
from django.db.models import Q
from orgs.utils import set_to_root_org
from ..models import DatabasePermission
__all__ = [
'DatabasePermissionUtil',
]
def get_user_database_permissions(user, include_group=True):
if include_group:
groups = user.groups.all()
arg = Q(users=user) | Q(user_groups__in=groups)
else:
arg = Q(users=user)
return DatabasePermission.objects.all().valid().filter(arg)
def get_user_group_database_permissions(user_group):
return DatabasePermission.objects.all().valid().filter(
user_groups=user_group
)
class DatabasePermissionUtil:
get_permissions_map = {
'User': get_user_database_permissions,
'UserGroup': get_user_group_database_permissions
}
def __init__(self, obj):
self.object = obj
self.change_org_if_need()
@staticmethod
def change_org_if_need():
set_to_root_org()
@property
def permissions(self):
obj_class = self.object.__class__.__name__
func = self.get_permissions_map.get(obj_class)
_permissions = func(self.object)
return _permissions
def get_databases(self):
databases = set()
for perm in self.permissions:
databases.update(list(perm.databases.all()))
return databases
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment