[Change] 修改perm的代码，强制79个字符内

ffed28c9 · ibuler · 25cb47d2 · ffed28c9 · ffed28c9 · ffed28c9
Commit ffed28c9 authored Jan 17, 2017 by ibuler
Hide whitespace changes
Inline Side-by-side

Showing with 100 additions and 60 deletions

api.py apps/perms/api.py +10 -10

api_urls.py apps/perms/urls/api_urls.py +34 -14

views.py apps/perms/views.py +55 -35

api.py apps/users/api.py +1 -1

No files found.
--- a/apps/perms/api.py
+++ b/apps/perms/api.py
@@ -201,21 +201,21 @@ class UserGroupGrantedAssetGroupsApi(ListAPIView):
        return queryset
-class CheckUserAssetSystemPermission(APIView):
+class ValidateUserAssetPermissionView(APIView):
    permission_classes = (IsAppUser,)
-    def get(self, request):
+    @staticmethod
+    def get(request):
        user_id = request.params.get('user_id', '')
        asset_id = request.params.get('asset_id', '')
        system_id = request.params.get('system_id', '')
-        user = get_object_or_none(User, id=user_id)
+        user = get_object_or_404(User, id=user_id)
-        asset = get_object_or_none(Asset, id=asset_id)
+        asset = get_object_or_404(Asset, id=asset_id)
-        system_user = get_object_or_none(SystemUser, id=system_id)
+        system_user = get_object_or_404(SystemUser, id=system_id)
-        if not (user and asset and system_user):
-            return Response(status=403)
        assets_granted = get_user_granted_assets(user)
+        if system_user in assets_granted.get(asset, []):
+            return Response({'msg': True}, status=200)
+        else:
+            return Response({'msg': False}, status=403)
--- a/apps/perms/urls/api_urls.py
+++ b/apps/perms/urls/api_urls.py
@@ -7,30 +7,50 @@ from .. import api
 app_name = 'perms'
 router = routers.DefaultRouter()
-router.register('v1/asset-permissions', api.AssetPermissionViewSet, 'asset-permission')
+router.register('v1/asset-permissions',
+                api.AssetPermissionViewSet,
+                'asset-permission')
 urlpatterns = [
-    url(r'^v1/user/my/assets/$', api.MyGrantedAssetsApi.as_view(), name='my-assets'),
+    # 用户可以使用自己的Token或其它认证查看自己授权的资产,资产组等
-    url(r'^v1/user/my/asset-groups/$', api.MyGrantedAssetsGroupsApi.as_view(), name='my-asset-groups'),
+    url(r'^v1/user/my/assets/$',
-    url(r'^v1/user/my/asset-group/(?P<pk>[0-9]+)/assets/$', api.MyAssetGroupAssetsApi.as_view(),
+        api.MyGrantedAssetsApi.as_view(),
+        name='my-assets'),
+    url(r'^v1/user/my/asset-groups/$',
+        api.MyGrantedAssetsGroupsApi.as_view(),
+        name='my-asset-groups'),
+    url(r'^v1/user/my/asset-group/(?P<pk>[0-9]+)/assets/$',
+        api.MyAssetGroupAssetsApi.as_view(),
        name='user-my-asset-group-assets'),
-    # Select user permission of asset and asset group
+    # 查询某个用户授权的资产和资产组
-    url(r'^v1/user/(?P<pk>[0-9]+)/assets/$', api.UserGrantedAssetsApi.as_view(), name='user-assets'),
+    url(r'^v1/user/(?P<pk>[0-9]+)/assets/$',
-    url(r'^v1/user/(?P<pk>[0-9]+)/asset-groups/$', api.UserGrantedAssetGroupsApi.as_view(),
+        api.UserGrantedAssetsApi.as_view(),
+        name='user-assets'),
+    url(r'^v1/user/(?P<pk>[0-9]+)/asset-groups/$',
+        api.UserGrantedAssetGroupsApi.as_view(),
        name='user-asset-groups'),
-    # Select user group permission of asset and asset group
+    # 查询某个用户组授权的资产和资产组
-    url(r'^v1/user-group/(?P<pk>[0-9]+)/assets/$', api.UserGroupGrantedAssetsApi.as_view(), name='user-group-assets'),
+    url(r'^v1/user-group/(?P<pk>[0-9]+)/assets/$',
-    url(r'^v1/user-group/(?P<pk>[0-9]+)/asset-groups/$', api.UserGroupGrantedAssetGroupsApi.as_view(),
+        api.UserGroupGrantedAssetsApi.as_view(),
+        name='user-group-assets'),
+    url(r'^v1/user-group/(?P<pk>[0-9]+)/asset-groups/$',
+        api.UserGroupGrantedAssetGroupsApi.as_view(),
        name='user-group-asset-groups'),
+    # 回收用户或用户组授权
-    # Revoke permission api
+    url(r'^v1/asset-permissions/user/revoke/$',
-    url(r'^v1/asset-permissions/user/revoke/', api.RevokeUserAssetPermission.as_view(),
+        api.RevokeUserAssetPermission.as_view(),
        name='revoke-user-asset-permission'),
-    url(r'^v1/asset-permissions/user-group/revoke/', api.RevokeUserGroupAssetPermission.as_view(),
+    url(r'^v1/asset-permissions/user-group/revoke/$',
+        api.RevokeUserGroupAssetPermission.as_view(),
        name='revoke-user-group-asset-permission'),
+    # 验证用户是否有某个资产和系统用户的权限
+    url(r'v1/asset-permission/user/validate/$',
+        api.ValidateUserAssetPermissionView.as_view(),
+        name='validate-user-asset-permission')
 ]
 urlpatterns += router.urls

--- a/apps/perms/views.py
+++ b/apps/perms/views.py
@@ -39,22 +39,25 @@ class AssetPermissionListView(AdminUserRequiredMixin, ListView):
        self.sort = sort = self.request.GET.get('sort', '-date_created')
        if keyword:
-            self.queryset = self.queryset.filter(Q(users__name__contains=keyword) |
+            self.queryset = self.queryset\
-                                                 Q(users__username__contains=keyword) |
+                .filter(Q(users__name__contains=keyword) |
-                                                 Q(user_groups__name__contains=keyword) |
+                        Q(users__username__contains=keyword) |
-                                                 Q(assets__ip__contains=keyword) |
+                        Q(user_groups__name__contains=keyword) |
-                                                 Q(assets__hostname__contains=keyword) |
+                        Q(assets__ip__contains=keyword) |
-                                                 Q(system_users__username__icontains=keyword) |
+                        Q(assets__hostname__contains=keyword) |
-                                                 Q(system_users__name__icontains=keyword) |
+                        Q(system_users__username__icontains=keyword) |
-                                                 Q(asset_groups__name__icontains=keyword) |
+                        Q(system_users__name__icontains=keyword) |
-                                                 Q(comment__icontains=keyword) |
+                        Q(asset_groups__name__icontains=keyword) |
-                                                 Q(name__icontains=keyword)).distinct()
+                        Q(comment__icontains=keyword) |
+                        Q(name__icontains=keyword)).distinct()
        if sort:
            self.queryset = self.queryset.order_by(sort)
        return self.queryset
-class AssetPermissionCreateView(AdminUserRequiredMixin, SuccessMessageMixin, CreateView):
+class AssetPermissionCreateView(AdminUserRequiredMixin,
+                                SuccessMessageMixin,
+                                CreateView):
    model = AssetPermission
    form_class = AssetPermissionForm
    template_name = 'perms/asset_permission_create_update.html'
@@ -69,11 +72,11 @@ class AssetPermissionCreateView(AdminUserRequiredMixin, SuccessMessageMixin, Cre
        return super(AssetPermissionCreateView, self).get_context_data(**kwargs)
    def get_success_message(self, cleaned_data):
-        success_message = _('Create asset permission <a href="%s"> %s </a> successfully.' %
+        success_message = _(
-                            (
+            'Create asset permission <a href="%s"> %s </a> '
-                                reverse_lazy('perms:asset-permission-detail', kwargs={'pk': self.object.pk}),
+            'successfully.' % (reverse_lazy('perms:asset-permission-detail',
-                                self.object.name,
+                                            kwargs={'pk': self.object.pk}),
-                            ))
+                               self.object.name,))
        return success_message
@@ -81,7 +84,8 @@ class AssetPermissionUpdateView(AdminUserRequiredMixin, UpdateView):
    model = AssetPermission
    form_class = AssetPermissionForm
    template_name = 'perms/asset_permission_create_update.html'
-    success_message = _('Update asset permission <a href="%s"> %s </a> successfully.')
+    success_message = _('Update asset permission '
+                        '<a href="%s"> %s </a> successfully.')
    def get_context_data(self, **kwargs):
        context = {
@@ -92,7 +96,8 @@ class AssetPermissionUpdateView(AdminUserRequiredMixin, UpdateView):
        return super(AssetPermissionUpdateView, self).get_context_data(**kwargs)
    def get_success_url(self):
-        success_url = reverse_lazy('perms:asset-permission-detail', kwargs={'pk': self.object.pk})
+        success_url = reverse_lazy('perms:asset-permission-detail',
+                                   kwargs={'pk': self.object.pk})
        return success_url
@@ -105,8 +110,9 @@ class AssetPermissionDetailView(AdminUserRequiredMixin, DetailView):
        context = {
            'app': _('Perms'),
            'action': _('Asset permission detail'),
-            'system_users_remain': [system_user for system_user in SystemUser.objects.all()
+            'system_users_remain': [
-                                    if system_user not in self.object.system_users.all()],
+                system_user for system_user in SystemUser.objects.all()
+                if system_user not in self.object.system_users.all()],
            'system_users': self.object.system_users.all(),
        }
        kwargs.update(context)
@@ -119,7 +125,9 @@ class AssetPermissionDeleteView(AdminUserRequiredMixin, DeleteView):
    success_url = reverse_lazy('perms:asset-permission-list')
-class AssetPermissionUserView(AdminUserRequiredMixin, SingleObjectMixin, ListView):
+class AssetPermissionUserView(AdminUserRequiredMixin,
+                              SingleObjectMixin,
+                              ListView):
    template_name = 'perms/asset_permission_user.html'
    context_object_name = 'asset_permission'
    paginate_by = settings.CONFIG.DISPLAY_PER_PAGE
@@ -132,9 +140,11 @@ class AssetPermissionUserView(AdminUserRequiredMixin, SingleObjectMixin, ListVie
    def get_queryset(self):
        queryset = self.object.get_granted_users()
        if self.keyword:
-            search_func = functools.partial(search_object_attr, value=self.keyword,
+            search_func = functools.partial(
-                                            attr_list=['username', 'name', 'email'],
+                search_object_attr,
-                                            ignore_case=True)
+                value=self.keyword,
+                attr_list=['username', 'name', 'email'],
+                ignore_case=True)
            queryset = filter(search_func, queryset)
        return queryset
@@ -144,17 +154,22 @@ class AssetPermissionUserView(AdminUserRequiredMixin, SingleObjectMixin, ListVie
        context = {
            'app': _('Perms'),
            'action': _('Asset permission user list'),
-            'users_remain': [user for user in User.objects.all() if user not in users_granted],
+            'users_remain': [
+                user for user in User.objects.all()
+                if user not in users_granted],
            'user_groups': self.object.user_groups.all(),
-            'user_groups_remain': [user_group for user_group in UserGroup.objects.all()
+            'user_groups_remain': [
-                                   if user_group not in user_groups_granted],
+                user_group for user_group in UserGroup.objects.all()
+                if user_group not in user_groups_granted],
            'keyword': self.keyword,
        }
        kwargs.update(context)
        return super(AssetPermissionUserView, self).get_context_data(**kwargs)
-class AssetPermissionAssetView(AdminUserRequiredMixin, SingleObjectMixin, ListView):
+class AssetPermissionAssetView(AdminUserRequiredMixin,
+                               SingleObjectMixin,
+                               ListView):
    template_name = 'perms/asset_permission_asset.html'
    context_object_name = 'asset_permission'
    paginate_by = settings.CONFIG.DISPLAY_PER_PAGE
@@ -162,14 +177,16 @@ class AssetPermissionAssetView(AdminUserRequiredMixin, SingleObjectMixin, ListVi
    def get(self, request, *args, **kwargs):
        self.object = self.get_object(queryset=AssetPermission.objects.all())
        self.keyword = self.request.GET.get('keyword', '')
-        return super(AssetPermissionAssetView, self).get(request, *args, **kwargs)
+        return super(AssetPermissionAssetView, self)\
+            .get(request, *args, **kwargs)
    def get_queryset(self):
        queryset = self.object.get_granted_assets()
        if self.keyword:
-            search_func = functools.partial(search_object_attr, value=self.keyword,
+            search_func = functools.partial(
-                                            attr_list=['hostname', 'ip'],
+                search_object_attr, value=self.keyword,
-                                            ignore_case=True)
+                attr_list=['hostname', 'ip'],
+                ignore_case=True)
            queryset = filter(search_func, queryset)
        return queryset
@@ -179,10 +196,13 @@ class AssetPermissionAssetView(AdminUserRequiredMixin, SingleObjectMixin, ListVi
        context = {
            'app': _('Perms'),
            'action': _('Asset permission asset list'),
-            'assets_remain': (asset for asset in Asset.objects.all() if asset not in assets_granted),
+            'assets_remain': [
+                asset for asset in Asset.objects.all()
+                if asset not in assets_granted],
            'asset_groups': self.object.asset_groups.all(),
-            'asset_groups_remain': [asset_group for asset_group in AssetGroup.objects.all()
+            'asset_groups_remain': [
-                                    if asset_group not in asset_groups_granted],
+                asset_group for asset_group in AssetGroup.objects.all()
+                if asset_group not in asset_groups_granted],
            'keyword': self.keyword,
        }
        kwargs.update(context)

--- a/apps/users/api.py
+++ b/apps/users/api.py
@@ -18,7 +18,7 @@ from .utils import check_user_valid, generate_token
 from .models import User, UserGroup
 from .hands import write_login_log_async
 from .permissions import (
-    IsSuperUser, IsAppUser, IsValidUser, IsSuperUserOrAppUser)
+    IsSuperUser, IsAppUser, IsValidUser)
 from . import serializers