def add_nodes_assets_to_system_users(nodes_keys, system_users): from ..models import Node from assets.tasks import push_system_user_to_assets nodes = Node.objects.filter(key__in=nodes_keys) assets = Node.get_nodes_all_assets(*nodes) for system_user in system_users: """ 解决资产和节点进行关联时,已经关联过的节点不会触发 authbook post_save 信号, 无法更新节点下所有资产的管理用户的问题 """ need_push_asset_ids = [] for asset in assets: defaults = { 'asset': asset, 'systemuser': system_user, 'org_id': asset.org_id } instance, created = AuthBook.objects.update_or_create( defaults=defaults, asset=asset, systemuser=system_user) if created: need_push_asset_ids.append(asset.id) # # 不再自动更新资产管理用户,只允许用户手动指定。 # 只要关联都需要更新资产的管理用户 # instance.update_asset_admin_user_if_need() if need_push_asset_ids: push_system_user_to_assets.delay(system_user.id, need_push_asset_ids)
def on_system_user_update(instance: SystemUser, created, **kwargs): """ 当系统用户更新时,可能更新了密钥,用户名等,这时要自动推送系统用户到资产上, 其实应该当 用户名,密码,密钥 sudo等更新时再推送,这里偷个懒, 这里直接取了 instance.assets 因为nodes和系统用户发生变化时,会自动将nodes下的资产 关联到上面 """ if instance and not created: logger.info("System user update signal recv: {}".format(instance)) assets = instance.assets.all().valid() push_system_user_to_assets.delay(instance.id, [_asset.id for _asset in assets])
def on_system_user_assets_change(instance, action, model, pk_set, **kwargs): """ 当系统用户和资产关系发生变化时,应该重新推送系统用户到新添加的资产中 """ if action != POST_ADD: return logger.debug("System user assets change signal recv: {}".format(instance)) if model == Asset: system_user_ids = [instance.id] asset_ids = pk_set else: system_user_ids = pk_set asset_ids = [instance.id] for system_user_id in system_user_ids: push_system_user_to_assets.delay(system_user_id, asset_ids)
def on_asset_nodes_add(instance, action, reverse, pk_set, **kwargs): """ 本操作共访问 4 次数据库 当资产的节点发生变化时,或者 当节点的资产关系发生变化时, 节点下新增的资产,添加到节点关联的系统用户中 """ if action != POST_ADD: return logger.debug("Assets node add signal recv: {}".format(action)) if reverse: nodes = [instance.key] asset_ids = pk_set else: nodes = Node.objects.filter(pk__in=pk_set).values_list('key', flat=True) asset_ids = [instance.id] # 节点资产发生变化时,将资产关联到节点及祖先节点关联的系统用户, 只关注新增的 nodes_ancestors_keys = set() for node in nodes: nodes_ancestors_keys.update(Node.get_node_ancestor_keys(node, with_self=True)) # 查询所有祖先节点关联的系统用户,都是要跟资产建立关系的 system_user_ids = SystemUser.objects.filter( nodes__key__in=nodes_ancestors_keys ).distinct().values_list('id', flat=True) # 查询所有已存在的关系 m2m_model = SystemUser.assets.through exist = set(m2m_model.objects.filter( systemuser_id__in=system_user_ids, asset_id__in=asset_ids ).values_list('systemuser_id', 'asset_id')) # TODO 优化 to_create = [] for system_user_id in system_user_ids: asset_ids_to_push = [] for asset_id in asset_ids: if (system_user_id, asset_id) in exist: continue asset_ids_to_push.append(asset_id) to_create.append(m2m_model( systemuser_id=system_user_id, asset_id=asset_id, org_id=instance.org_id )) if asset_ids_to_push: push_system_user_to_assets.delay(system_user_id, asset_ids_to_push) m2m_model.objects.bulk_create(to_create)
def on_system_user_assets_change(instance, action, model, pk_set, **kwargs): """ 当系统用户和资产关系发生变化时,应该重新推送系统用户到新添加的资产中 """ logger.debug("System user assets change signal recv: {}".format(instance)) if not instance: logger.debug('No system user found') return if model == Asset: system_user_ids = [instance.id] asset_ids = pk_set else: system_user_ids = pk_set asset_ids = [instance.id] org_id = instance.org_id # 关联创建的 authbook 没有系统用户id with tmp_to_root_org(): authbooks = AuthBook.objects.filter(asset_id__in=asset_ids, systemuser_id__in=system_user_ids) if action == POST_ADD: authbooks.update(org_id=org_id) save_action_mapper = { 'pre_add': pre_save, 'post_add': post_save, 'pre_remove': pre_delete, 'post_remove': post_delete } for ab in authbooks: ab.org_id = org_id save_action = save_action_mapper[action] logger.debug('Send AuthBook post save signal: {} -> {}'.format( action, ab.id)) save_action.send(sender=AuthBook, instance=ab, created=True) if action == POST_ADD: for system_user_id in system_user_ids: push_system_user_to_assets.delay(system_user_id, asset_ids)