Skip to content
Projects
Groups
Snippets
Help
Loading...
Sign in
Toggle navigation
J
jumpserver
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
ops
jumpserver
Commits
d80cbe27
Commit
d80cbe27
authored
Nov 23, 2017
by
ibuler
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
[Update] 修改用户获取自己授权资产的api,和查询用户授权资产组等api的Url和结构
parent
818ead85
Show whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
144 additions
and
42 deletions
+144
-42
serializers.py
apps/assets/serializers.py
+27
-3
api.py
apps/perms/api.py
+111
-36
hands.py
apps/perms/hands.py
+1
-1
api_urls.py
apps/perms/urls/api_urls.py
+5
-2
No files found.
apps/assets/serializers.py
View file @
d80cbe27
...
...
@@ -155,8 +155,8 @@ class AssetGrantedSerializer(serializers.ModelSerializer):
class
Meta
(
object
):
model
=
Asset
fields
=
(
"id"
,
"hostname"
,
"ip"
,
"port"
,
"system_users_granted"
,
"is_inherited"
,
"is_active"
,
"system_users_join"
,
"comment"
)
fields
=
(
"id"
,
"hostname"
,
"ip"
,
"port"
,
"system_users_granted"
,
"is_
inherited"
,
"is_
active"
,
"system_users_join"
,
"comment"
)
@staticmethod
def
get_is_inherited
(
obj
):
...
...
@@ -167,7 +167,17 @@ class AssetGrantedSerializer(serializers.ModelSerializer):
@staticmethod
def
get_system_users_join
(
obj
):
return
', '
.
join
([
system_user
.
username
for
system_user
in
obj
.
system_users_granted
])
return
', '
.
join
([
system_user
.
username
for
system_user
in
obj
.
system_users_granted
])
class
MyAssetGrantedSerializer
(
AssetGrantedSerializer
):
"""Remove ip and port from asset for security"""
class
Meta
(
object
):
model
=
Asset
fields
=
(
"id"
,
"hostname"
,
"system_users_granted"
,
"is_inherited"
,
"is_active"
,
"system_users_join"
,
"comment"
)
class
IDCSerializer
(
BulkSerializerMixin
,
serializers
.
ModelSerializer
):
...
...
@@ -200,3 +210,17 @@ class AssetGroupGrantedSerializer(BulkSerializerMixin, serializers.ModelSerializ
@staticmethod
def
get_assets_amount
(
obj
):
return
len
(
obj
.
assets_granted
)
class
MyAssetGroupGrantedSerializer
(
serializers
.
ModelSerializer
):
assets_granted
=
MyAssetGrantedSerializer
(
many
=
True
,
read_only
=
True
)
assets_amount
=
serializers
.
SerializerMethodField
()
class
Meta
:
model
=
AssetGroup
list_serializer_class
=
BulkListSerializer
fields
=
'__all__'
@staticmethod
def
get_assets_amount
(
obj
):
return
len
(
obj
.
assets_granted
)
apps/perms/api.py
View file @
d80cbe27
...
...
@@ -12,12 +12,15 @@ from .utils import get_user_granted_assets, get_user_granted_asset_groups, \
get_user_group_granted_assets
,
get_user_group_granted_asset_groups
from
.models
import
AssetPermission
from
.hands
import
AssetGrantedSerializer
,
User
,
UserGroup
,
AssetGroup
,
Asset
,
\
AssetGroup
,
AssetGroupGrantedSerializer
,
SystemUser
AssetGroup
,
AssetGroupGrantedSerializer
,
SystemUser
,
MyAssetGroupGrantedSerializer
from
.
import
serializers
from
.utils
import
associate_system_users_and_assets
class
AssetPermissionViewSet
(
viewsets
.
ModelViewSet
):
"""
资产授权列表的增删改查api
"""
queryset
=
AssetPermission
.
objects
.
all
()
serializer_class
=
serializers
.
AssetPermissionSerializer
permission_classes
=
(
IsSuperUser
,)
...
...
@@ -63,6 +66,9 @@ class AssetPermissionViewSet(viewsets.ModelViewSet):
class
RevokeUserAssetPermission
(
APIView
):
"""
将用户从授权中移除,Detail页面会调用
"""
permission_classes
=
(
IsSuperUser
,)
def
put
(
self
,
request
,
*
args
,
**
kwargs
):
...
...
@@ -80,7 +86,9 @@ class RevokeUserAssetPermission(APIView):
class
RemoveSystemUserAssetPermission
(
APIView
):
"""将系统用户从授权中移除, Detail页面会调用"""
"""
将系统用户从授权中移除, Detail页面会调用
"""
permission_classes
=
(
IsSuperUser
,)
def
put
(
self
,
request
,
*
args
,
**
kwargs
):
...
...
@@ -101,6 +109,9 @@ class RemoveSystemUserAssetPermission(APIView):
class
RevokeUserGroupAssetPermission
(
APIView
):
"""
将用户组从授权中删除
"""
permission_classes
=
(
IsSuperUser
,)
def
put
(
self
,
request
,
*
args
,
**
kwargs
):
...
...
@@ -118,6 +129,9 @@ class RevokeUserGroupAssetPermission(APIView):
class
UserGrantedAssetsApi
(
ListAPIView
):
"""
用户授权的所有资产
"""
permission_classes
=
(
IsSuperUserOrAppUser
,)
serializer_class
=
AssetGrantedSerializer
...
...
@@ -133,7 +147,58 @@ class UserGrantedAssetsApi(ListAPIView):
return
queryset
class
UserGrantedAssetGroupsApi
(
ListAPIView
):
class
UserGrantedAssetGroupsApi
(
APIView
):
permission_classes
=
(
IsValidUser
,)
def
get
(
self
,
request
,
*
args
,
**
kwargs
):
asset_groups
=
{}
user_id
=
kwargs
.
get
(
'pk'
,
''
)
user
=
get_object_or_404
(
User
,
id
=
user_id
)
assets
=
get_user_granted_assets
(
user
)
for
asset
in
assets
:
for
asset_group
in
asset
.
groups
.
all
():
if
asset_group
.
id
in
asset_groups
:
asset_groups
[
asset_group
.
id
][
'assets_amount'
]
+=
1
else
:
asset_groups
[
asset_group
.
id
]
=
{
'id'
:
asset_group
.
id
,
'name'
:
asset_group
.
name
,
'comment'
:
asset_group
.
comment
,
'assets_amount'
:
1
}
asset_groups_json
=
asset_groups
.
values
()
return
Response
(
asset_groups_json
,
status
=
200
)
class
UserGrantedAssetGroupsWithAssetsApi
(
ListAPIView
):
"""
授权用户的资产组,注:这里的资产组并非是授权列表中授权的,
而是把所有资产取出来,然后反查出所有资产组,然后合并得到,
结果里也包含资产组下授权的资产
数据结构如下:
[
{
"id": 1,
"name": "资产组1",
... 其它属性
"assets_granted": [
{
"id": 1,
"hostname": "testserver",
"ip": "192.168.1.1",
"port": 22,
"system_users_granted": [
"id": 1,
"name": "web",
"username": "web",
"protocol": "ssh",
]
}
]
}
]
"""
permission_classes
=
(
IsSuperUserOrAppUser
,)
serializer_class
=
AssetGroupGrantedSerializer
...
...
@@ -157,9 +222,8 @@ class UserGrantedAssetGroupsApi(ListAPIView):
class
MyGrantedAssetsApi
(
ListAPIView
):
"""授权给用户的资产列表
[{'hostname': 'x','ip': 'x', ..,
'system_users_granted': [{'name': 'x', .}, ...]
"""
用户自己查询授权的资产列表
"""
permission_classes
=
(
IsValidUser
,)
serializer_class
=
AssetGrantedSerializer
...
...
@@ -174,10 +238,9 @@ class MyGrantedAssetsApi(ListAPIView):
return
queryset
class
MyGrantedAsset
s
GroupsApi
(
APIView
):
class
MyGrantedAssetGroupsApi
(
APIView
):
"""
授权给用户的资产组列表, 非直接通过授权规则授权的资产组列表, 而是授权资产的所有
资产组之和
授权的所有资产组,并非是授权列表中的,而是经过计算得来的
"""
permission_classes
=
(
IsValidUser
,)
...
...
@@ -202,36 +265,48 @@ class MyGrantedAssetsGroupsApi(APIView):
return
Response
(
asset_groups_json
,
status
=
200
)
class
MyAssetGroupAssetsApi
(
ListAPIView
):
class
MyGrantedAssetGroupsWithAssetsApi
(
ListAPIView
):
"""
授权当前用户的资产组,注:这里的资产组并非是授权列表中授权的,
而是把所有资产取出来,然后反查出所有资产组,然后合并得到,
结果里也包含资产组下授权的资产
数据结构如下:
[
{
"id": 1,
"name": "资产组1",
... 其它属性
"assets_granted": [
{
"id": 1,
"hostname": "testserver",
"system_users_granted": [
"id": 1,
"name": "web",
"username": "web",
"protocol": "ssh",
]
}
]
}
]
"""
permission_classes
=
(
IsValidUser
,)
serializer_class
=
MyAssetGroupGrantedSerializer
def
get
(
self
,
request
,
*
args
,
**
kwargs
):
asset_groups
=
dict
()
asset_groups
[
0
]
=
{
'id'
:
0
,
'name'
:
'ungrouped'
,
'assets'
:
[]
}
user
=
request
.
user
def
get_queryset
(
self
):
user
=
self
.
request
.
user
asset_groups
=
get_user_granted_asset_groups
(
user
)
if
user
:
assets
=
get_user_granted_assets
(
user
)
for
asset
,
system_users
in
assets
.
items
():
asset_json
=
asset
.
to_json
()
asset_json
[
'system_users'
]
=
[
su
.
to_json
()
for
su
in
system_users
]
if
not
asset
.
groups
.
all
():
asset_groups
[
0
][
'assets'
]
.
append
(
asset_json
)
continue
for
asset_group
in
asset
.
groups
.
all
():
if
asset_group
.
id
in
asset_groups
:
asset_groups
[
asset_group
.
id
][
'assets'
]
.
append
(
asset_json
)
else
:
asset_groups
[
asset_group
.
id
]
=
{
'id'
:
asset_group
.
id
,
'name'
:
asset_group
.
name
,
'comment'
:
asset_group
.
comment
,
'assets'
:
[
asset_json
],
}
asset_groups_json
=
asset_groups
.
values
()
return
Response
(
asset_groups_json
,
status
=
200
)
queryset
=
[]
for
asset_group
,
assets_system_users
in
asset_groups
.
items
():
assets
=
[]
for
asset
,
system_users
in
assets_system_users
:
asset
.
system_users_granted
=
system_users
assets
.
append
(
asset
)
asset_group
.
assets_granted
=
assets
queryset
.
append
(
asset_group
)
return
queryset
class
MyAssetGroupOfAssetsApi
(
ListAPIView
):
...
...
apps/perms/hands.py
View file @
d80cbe27
...
...
@@ -4,7 +4,7 @@
from
users.utils
import
AdminUserRequiredMixin
from
users.models
import
User
,
UserGroup
from
assets.models
import
Asset
,
AssetGroup
,
SystemUser
from
assets.serializers
import
AssetGrantedSerializer
,
AssetGroupGrantedSerializer
from
assets.serializers
import
AssetGrantedSerializer
,
AssetGroupGrantedSerializer
,
MyAssetGroupGrantedSerializer
apps/perms/urls/api_urls.py
View file @
d80cbe27
...
...
@@ -17,10 +17,10 @@ urlpatterns = [
api
.
MyGrantedAssetsApi
.
as_view
(),
name
=
'my-assets'
),
url
(
r'^v1/user/my/asset-groups/$'
,
api
.
MyGrantedAsset
s
GroupsApi
.
as_view
(),
api
.
MyGrantedAssetGroupsApi
.
as_view
(),
name
=
'my-asset-groups'
),
url
(
r'^v1/user/my/asset-groups-assets/$'
,
api
.
My
AssetGroup
AssetsApi
.
as_view
(),
api
.
My
GrantedAssetGroupsWith
AssetsApi
.
as_view
(),
name
=
'my-asset-group-assets'
),
url
(
r'^v1/user/my/asset-group/(?P<pk>[0-9]+)/assets/$'
,
api
.
MyAssetGroupOfAssetsApi
.
as_view
(),
...
...
@@ -33,6 +33,9 @@ urlpatterns = [
url
(
r'^v1/user/(?P<pk>[0-9]+)/asset-groups/$'
,
api
.
UserGrantedAssetGroupsApi
.
as_view
(),
name
=
'user-asset-groups'
),
url
(
r'^v1/user/(?P<pk>[0-9]+)/asset-groups-assets/$'
,
api
.
UserGrantedAssetGroupsWithAssetsApi
.
as_view
(),
name
=
'user-asset-groups'
),
# 查询某个用户组授权的资产和资产组
url
(
r'^v1/user-group/(?P<pk>[0-9]+)/assets/$'
,
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment