class UserAssetGrantedTreeNodeRelation(OrgModelMixin, FamilyMixin, models.JMSBaseModel): class NodeFrom(ChoiceSet): granted = 'granted', 'Direct node granted' child = 'child', 'Have children node' asset = 'asset', 'Direct asset granted' user = models.ForeignKey('users.User', db_constraint=False, on_delete=models.CASCADE) node = models.ForeignKey('assets.Node', default=None, on_delete=models.CASCADE, db_constraint=False, null=False, related_name='granted_node_rels') node_key = models.CharField(max_length=64, verbose_name=_("Key"), db_index=True) node_parent_key = models.CharField(max_length=64, default='', verbose_name=_('Parent key'), db_index=True) node_from = models.CharField(choices=NodeFrom.choices, max_length=16, db_index=True) node_assets_amount = models.IntegerField(default=0) @property def key(self): return self.node_key @property def parent_key(self): return self.node_parent_key @classmethod def get_node_granted_status(cls, user, key): ancestor_keys = set(cls.get_node_ancestor_keys(key, with_self=True)) ancestor_rel_nodes = cls.objects.filter(user=user, node_key__in=ancestor_keys) for rel_node in ancestor_rel_nodes: if rel_node.key == key: return rel_node.node_from, rel_node if rel_node.node_from == cls.NodeFrom.granted: return cls.NodeFrom.granted, None return '', None
class UserGrantedMappingNode(FamilyMixin, models.JMSBaseModel): node = models.ForeignKey('assets.Node', default=None, on_delete=models.CASCADE, db_constraint=False, null=True, related_name='mapping_nodes') key = models.CharField(max_length=64, verbose_name=_("Key"), db_index=True) # '1:1:1:1' user = models.ForeignKey('users.User', db_constraint=False, on_delete=models.CASCADE) granted = models.BooleanField(default=False, db_index=True) asset_granted = models.BooleanField(default=False, db_index=True) parent_key = models.CharField(max_length=64, default='', verbose_name=_('Parent key'), db_index=True) # '1:1:1:1' assets_amount = models.IntegerField(default=0) GRANTED_DIRECT = 1 GRANTED_INDIRECT = 2 GRANTED_NONE = 0 @classmethod def get_node_granted_status(cls, key, user): ancestor_keys = Node.get_node_ancestor_keys(key, with_self=True) has_granted = UserGrantedMappingNode.objects.filter( key__in=ancestor_keys, user=user ).values_list('granted', flat=True) if not has_granted: return cls.GRANTED_NONE if any(list(has_granted)): return cls.GRANTED_DIRECT return cls.GRANTED_INDIRECT
class AccessKey(models.Model): id = models.UUIDField(verbose_name='AccessKeyID', primary_key=True, default=uuid.uuid4, editable=False) secret = models.UUIDField(verbose_name='AccessKeySecret', default=uuid.uuid4, editable=False) user = models.ForeignKey(settings.AUTH_USER_MODEL, verbose_name='User', on_delete=models.CASCADE, related_name='access_keys') is_active = models.BooleanField(default=True, verbose_name=_('Active')) date_created = models.DateTimeField(auto_now_add=True) def get_id(self): return str(self.id) def get_secret(self): return str(self.secret) def get_full_value(self): return '{}:{}'.format(self.id, self.secret) def __str__(self): return str(self.id) class Meta: verbose_name = _("Access key")
class SSOToken(models.JMSBaseModel): """ 类似腾讯企业邮的 [单点登录](https://exmail.qq.com/qy_mng_logic/doc#10036) 出于安全考虑,这里的 `token` 使用一次随即过期。但我们保留每一个生成过的 `token`。 """ authkey = models.UUIDField(primary_key=True, default=uuid.uuid4, verbose_name=_('Token')) expired = models.BooleanField(default=False, verbose_name=_('Expired')) user = models.ForeignKey('users.User', on_delete=models.PROTECT, verbose_name=_('User'), db_constraint=False)
class RebuildUserTreeTask(models.JMSBaseModel): user = models.ForeignKey('users.User', on_delete=models.CASCADE, verbose_name=_('User'))