[Update] 修改action

e4880a24 · ibuler · e43da3d6 · e4880a24 · e4880a24 · e4880a24
Commit e4880a24 authored Jul 02, 2019 by ibuler
Showing with 46 additions and 86 deletions

user_permission.py apps/perms/api/user_permission.py +4 -4

api_urls.py apps/perms/urls/api_urls.py +34 -81

asset_permission.py apps/perms/utils/asset_permission.py +7 -0

v1.py apps/users/serializers/v1.py +1 -1

No files found.
--- a/apps/perms/api/user_permission.py
+++ b/apps/perms/api/user_permission.py
@@ -8,7 +8,7 @@ from django.conf import settings
 from django.shortcuts import get_object_or_404
 from rest_framework.views import APIView, Response
 from rest_framework.generics import (
-    ListAPIView, get_object_or_404, GenericAPIView, RetrieveAPIView
+    ListAPIView, get_object_or_404, RetrieveAPIView
 )
 from rest_framework.pagination import LimitOffsetPagination

@@ -172,7 +172,7 @@ class UserGrantedAssetsApi(UserPermissionCacheMixin, AssetsFilterMixin, ListAPIV

 class UserGrantedNodesApi(UserPermissionCacheMixin, ListAPIView):
    """
-    查询用户授权的所有节点的API, 如果是超级用户或者是 app，切换到root org
+    查询用户授权的所有节点的API
    """
    permission_classes = (IsOrgAdminOrAppUser,)
    serializer_class = NodeSerializer
@@ -188,8 +188,8 @@ class UserGrantedNodesApi(UserPermissionCacheMixin, ListAPIView):
    def get_queryset(self):
        user = self.get_object()
        util = AssetPermissionUtil(user, cache_policy=self.cache_policy)
-        nodes = util.get_nodes_with_assets()
-        return nodes.keys()
+        nodes = util.get_nodes()
+        return nodes

    def get_permissions(self):
        if self.kwargs.get('pk') is None:

--- a/apps/perms/urls/api_urls.py
+++ b/apps/perms/urls/api_urls.py
@@ -10,108 +10,61 @@ router = routers.DefaultRouter()
 router.register('asset-permissions', api.AssetPermissionViewSet, 'asset-permission')
 router.register('remote-app-permissions', api.RemoteAppPermissionViewSet, 'remote-app-permission')

+
 asset_permission_urlpatterns = [
    # 查询某个用户授权的资产和资产组
-    path('user/<uuid:pk>/assets/',
-         api.UserGrantedAssetsApi.as_view()),
-    path('users/<uuid:pk>/assets/',
-         api.UserGrantedAssetsApi.as_view(), name='user-assets'),
-    path('user/assets/', api.UserGrantedAssetsApi.as_view(),
-         name='my-assets'),
-    path('user/<uuid:pk>/nodes/',
-         api.UserGrantedNodesApi.as_view(), name='user-nodes'),
-    path('user/nodes/', api.UserGrantedNodesApi.as_view(),
-         name='my-nodes'),
-    path('user/nodes/children/', api.UserGrantedNodeChildrenApi.as_view(),
-         name='my-node-children'),
-    path('user/<uuid:pk>/nodes/<uuid:node_id>/assets/',
-         api.UserGrantedNodeAssetsApi.as_view(), name='user-node-assets'),
-    path('user/nodes/<uuid:node_id>/assets/',
-         api.UserGrantedNodeAssetsApi.as_view(), name='my-node-assets'),
-    path('user/<uuid:pk>/nodes-assets/',
-         api.UserGrantedNodesWithAssetsApi.as_view(), name='user-nodes-assets'),
-    path('user/nodes-assets/', api.UserGrantedNodesWithAssetsApi.as_view(),
-         name='my-nodes-assets'),
-    path('user/<uuid:pk>/nodes-assets/tree/',
-         api.UserGrantedNodesWithAssetsAsTreeApi.as_view(), name='user-nodes-assets-as-tree'),
-    path('user/nodes-assets/tree/', api.UserGrantedNodesWithAssetsAsTreeApi.as_view(),
-         name='my-nodes-assets-as-tree'),
+    path('user/<uuid:pk>/assets/', api.UserGrantedAssetsApi.as_view()),
+    path('users/<uuid:pk>/assets/', api.UserGrantedAssetsApi.as_view(), name='user-assets'),
+    path('user/assets/', api.UserGrantedAssetsApi.as_view(), name='my-assets'),
+    path('user/<uuid:pk>/nodes/', api.UserGrantedNodesApi.as_view(), name='user-nodes'),
+    path('user/nodes/', api.UserGrantedNodesApi.as_view(), name='my-nodes'),
+    path('user/nodes/children/', api.UserGrantedNodeChildrenApi.as_view(), name='my-node-children'),
+    path('user/<uuid:pk>/nodes/<uuid:node_id>/assets/', api.UserGrantedNodeAssetsApi.as_view(), name='user-node-assets'),
+    path('user/nodes/<uuid:node_id>/assets/', api.UserGrantedNodeAssetsApi.as_view(), name='my-node-assets'),
+    path('user/<uuid:pk>/nodes-assets/', api.UserGrantedNodesWithAssetsApi.as_view(), name='user-nodes-assets'),
+    path('user/nodes-assets/', api.UserGrantedNodesWithAssetsApi.as_view(), name='my-nodes-assets'),
+    path('user/<uuid:pk>/nodes-assets/tree/', api.UserGrantedNodesWithAssetsAsTreeApi.as_view(), name='user-nodes-assets-as-tree'),
+    path('user/nodes-assets/tree/', api.UserGrantedNodesWithAssetsAsTreeApi.as_view(), name='my-nodes-assets-as-tree'),

    # 查询某个用户组授权的资产和资产组
-    path('user-group/<uuid:pk>/assets/',
-         api.UserGroupGrantedAssetsApi.as_view(), name='user-group-assets'),
-    path('user-group/<uuid:pk>/nodes/',
-         api.UserGroupGrantedNodesApi.as_view(), name='user-group-nodes'),
-    path('user-group/<uuid:pk>/nodes-assets/',
-         api.UserGroupGrantedNodesWithAssetsApi.as_view(),
-         name='user-group-nodes-assets'),
-    path('user-group/<uuid:pk>/nodes-assets/tree/',
-         api.UserGroupGrantedNodesWithAssetsAsTreeApi.as_view(),
-         name='user-group-nodes-assets-as-tree'),
-    path('user-group/<uuid:pk>/nodes/<uuid:node_id>/assets/',
-         api.UserGroupGrantedNodeAssetsApi.as_view(),
-         name='user-group-node-assets'),
+    path('user-group/<uuid:pk>/assets/', api.UserGroupGrantedAssetsApi.as_view(), name='user-group-assets'),
+    path('user-group/<uuid:pk>/nodes/', api.UserGroupGrantedNodesApi.as_view(), name='user-group-nodes'),
+    path('user-group/<uuid:pk>/nodes-assets/', api.UserGroupGrantedNodesWithAssetsApi.as_view(), name='user-group-nodes-assets'),
+    path('user-group/<uuid:pk>/nodes-assets/tree/', api.UserGroupGrantedNodesWithAssetsAsTreeApi.as_view(), name='user-group-nodes-assets-as-tree'),
+    path('user-group/<uuid:pk>/nodes/<uuid:node_id>/assets/', api.UserGroupGrantedNodeAssetsApi.as_view(), name='user-group-node-assets'),

    # 用户和资产授权变更
-    path('asset-permissions/<uuid:pk>/user/remove/',
-         api.AssetPermissionRemoveUserApi.as_view(),
-         name='asset-permission-remove-user'),
-    path('asset-permissions/<uuid:pk>/user/add/',
-         api.AssetPermissionAddUserApi.as_view(),
-         name='asset-permission-add-user'),
-    path('asset-permissions/<uuid:pk>/asset/remove/',
-         api.AssetPermissionRemoveAssetApi.as_view(),
-         name='asset-permission-remove-asset'),
-    path('asset-permissions/<uuid:pk>/asset/add/',
-         api.AssetPermissionAddAssetApi.as_view(),
-         name='asset-permission-add-asset'),
+    path('asset-permissions/<uuid:pk>/user/remove/', api.AssetPermissionRemoveUserApi.as_view(), name='asset-permission-remove-user'),
+    path('asset-permissions/<uuid:pk>/user/add/', api.AssetPermissionAddUserApi.as_view(), name='asset-permission-add-user'),
+    path('asset-permissions/<uuid:pk>/asset/remove/', api.AssetPermissionRemoveAssetApi.as_view(), name='asset-permission-remove-asset'),
+    path('asset-permissions/<uuid:pk>/asset/add/', api.AssetPermissionAddAssetApi.as_view(), name='asset-permission-add-asset'),

    # 验证用户是否有某个资产和系统用户的权限
-    path('asset-permission/user/validate/', api.ValidateUserAssetPermissionApi.as_view(),
-         name='validate-user-asset-permission'),
-    path('asset-permission/user/actions/', api.GetUserAssetPermissionActionsApi.as_view(),
-         name='get-user-asset-permission-actions'),
+    path('asset-permission/user/validate/', api.ValidateUserAssetPermissionApi.as_view(), name='validate-user-asset-permission'),
+    path('asset-permission/user/actions/', api.GetUserAssetPermissionActionsApi.as_view(), name='get-user-asset-permission-actions'),
 ]


 remote_app_permission_urlpatterns = [
    # 查询用户授权的RemoteApp
-    path('user/<uuid:pk>/remote-apps/',
-         api.UserGrantedRemoteAppsApi.as_view(), name='user-remote-apps'),
-    path('user/remote-apps/',
-         api.UserGrantedRemoteAppsApi.as_view(), name='my-remote-apps'),
+    path('user/<uuid:pk>/remote-apps/', api.UserGrantedRemoteAppsApi.as_view(), name='user-remote-apps'),
+    path('user/remote-apps/', api.UserGrantedRemoteAppsApi.as_view(), name='my-remote-apps'),

    # 获取用户授权的RemoteApp树
-    path('user/<uuid:pk>/remote-apps/tree/',
-         api.UserGrantedRemoteAppsAsTreeApi.as_view(),
-         name='user-remote-apps-as-tree'),
-    path('user/remote-apps/tree/',
-         api.UserGrantedRemoteAppsAsTreeApi.as_view(),
-         name='my-remote-apps-as-tree'),
+    path('user/<uuid:pk>/remote-apps/tree/', api.UserGrantedRemoteAppsAsTreeApi.as_view(), name='user-remote-apps-as-tree'),
+    path('user/remote-apps/tree/', api.UserGrantedRemoteAppsAsTreeApi.as_view(), name='my-remote-apps-as-tree'),

    # 查询用户组授权的RemoteApp
-    path('user-group/<uuid:pk>/remote-apps/',
-         api.UserGroupGrantedRemoteAppsApi.as_view(),
-         name='user-group-remote-apps'),
+    path('user-group/<uuid:pk>/remote-apps/', api.UserGroupGrantedRemoteAppsApi.as_view(), name='user-group-remote-apps'),

    # 校验用户对RemoteApp的权限
-    path('remote-app-permission/user/validate/',
-         api.ValidateUserRemoteAppPermissionApi.as_view(),
-         name='validate-user-remote-app-permission'),
+    path('remote-app-permission/user/validate/', api.ValidateUserRemoteAppPermissionApi.as_view(), name='validate-user-remote-app-permission'),

    # 用户和RemoteApp变更
-    path('remote-app-permissions/<uuid:pk>/user/add/',
-         api.RemoteAppPermissionAddUserApi.as_view(),
-         name='remote-app-permission-add-user'),
-    path('remote-app-permissions/<uuid:pk>/user/remove/',
-         api.RemoteAppPermissionRemoveUserApi.as_view(),
-         name='remote-app-permission-remove-user'),
-    path('remote-app-permissions/<uuid:pk>/remote-app/remove/',
-         api.RemoteAppPermissionRemoveRemoteAppApi.as_view(),
-         name='remote-app-permission-remove-remote-app'),
-    path('remote-app-permissions/<uuid:pk>/remote-app/add/',
-         api.RemoteAppPermissionAddRemoteAppApi.as_view(),
-         name='remote-app-permission-add-remote-app'),
+    path('remote-app-permissions/<uuid:pk>/user/add/', api.RemoteAppPermissionAddUserApi.as_view(), name='remote-app-permission-add-user'),
+    path('remote-app-permissions/<uuid:pk>/user/remove/', api.RemoteAppPermissionRemoveUserApi.as_view(), name='remote-app-permission-remove-user'),
+    path('remote-app-permissions/<uuid:pk>/remote-app/remove/', api.RemoteAppPermissionRemoveRemoteAppApi.as_view(), name='remote-app-permission-remove-remote-app'),
+    path('remote-app-permissions/<uuid:pk>/remote-app/add/', api.RemoteAppPermissionAddRemoteAppApi.as_view(), name='remote-app-permission-add-remote-app'),
 ]

 urlpatterns = asset_permission_urlpatterns + remote_app_permission_urlpatterns

--- a/apps/perms/utils/asset_permission.py
+++ b/apps/perms/utils/asset_permission.py
@@ -180,6 +180,9 @@ class GenerateTree:
        self._nodes_with_assets = nodes
        return dict(nodes)

+    def get_nodes(self):
+        return self.nodes.keys()
+

 def get_user_permissions(user, include_group=True):
    if include_group:
@@ -436,6 +439,10 @@ class AssetPermissionUtil(AssetPermissionCacheMixin):
        self.tree.add_nodes(nodes)
        return nodes

+    def get_nodes(self):
+        self.get_assets_direct()
+        return self.tree.get_nodes()
+
    #@timeit
    def get_assets_direct(self):
        """

--- a/apps/users/serializers/v1.py
+++ b/apps/users/serializers/v1.py
@@ -27,7 +27,7 @@ class UserSerializer(BulkSerializerMixin, serializers.ModelSerializer):
            'date_password_last_updated', 'date_expired', 'avatar_url',
        ]
        extra_kwargs = {
-            'password': {'write_only': True},
+            'password': {'write_only': True, 'required': False},
            'public_key': {'write_only': True},
            'groups_display': {'label': _('Groups name')},
            'source_display': {'label': _('Source name')},