예제 #1
0
 def _construct_meta_display_of_open(self):
     meta_display_fields = ['apply_actions_display']
     apply_actions = self.ticket.meta.get('apply_actions', Action.NONE)
     apply_actions_display = Action.value_to_choices_display(apply_actions)
     meta_display_values = [apply_actions_display]
     meta_display = dict(zip(meta_display_fields, meta_display_values))
     return meta_display
예제 #2
0
 def _construct_meta_display_of_approve(self):
     meta_display_fields = [
         'approve_actions_display', 'approve_assets_display',
         'approve_system_users_display'
     ]
     approve_actions = self.ticket.meta.get('approve_actions', Action.NONE)
     approve_actions_display = Action.value_to_choices_display(
         approve_actions)
     approve_asset_ids = self.ticket.meta.get('approve_assets', [])
     approve_system_user_ids = self.ticket.meta.get('approve_system_users',
                                                    [])
     with tmp_to_org(self.ticket.org_id):
         assets = Asset.objects.filter(id__in=approve_asset_ids)
         system_users = SystemUser.objects.filter(
             id__in=approve_system_user_ids)
         approve_assets_display = [str(asset) for asset in assets]
         approve_system_users_display = [
             str(system_user) for system_user in system_users
         ]
     meta_display_values = [
         approve_actions_display, approve_assets_display,
         approve_system_users_display
     ]
     meta_display = dict(zip(meta_display_fields, meta_display_values))
     return meta_display
예제 #3
0
def validate_permission(user, application, system_user, action='connect'):
    app_perm_ids = get_user_all_app_perm_ids(user)
    app_perm_ids = ApplicationPermission.applications.through.objects.filter(
        applicationpermission_id__in=app_perm_ids,
        application_id=application.id).values_list('applicationpermission_id',
                                                   flat=True)
    app_perm_ids = set(app_perm_ids)
    app_perm_ids = ApplicationPermission.system_users.through.objects.filter(
        applicationpermission_id__in=app_perm_ids,
        systemuser_id=system_user.id).values_list('applicationpermission_id',
                                                  flat=True)
    app_perm_ids = set(app_perm_ids)
    app_perms = ApplicationPermission.objects.filter(
        id__in=app_perm_ids).order_by('-date_expired')

    if app_perms:
        actions = set()
        actions_values = app_perms.values_list('actions', flat=True)
        for value in actions_values:
            _actions = Action.value_to_choices(value)
            actions.update(_actions)
        actions = list(actions)
        app_perm: ApplicationPermission = app_perms.first()
        expire_at = app_perm.date_expired.timestamp()
    else:
        actions = []
        expire_at = time.time()

    # TODO: 组件改造API完成后统一通过actions判断has_perm
    has_perm = action in actions
    return has_perm, actions, expire_at
예제 #4
0
def check_system_user_action(system_user, action):
    """
    :param system_user: SystemUser object (包含动态属性: actions)
    :param action: Action object
    :return: bool
    """

    check_actions = [Action.get_action_all(), action]
    granted_actions = getattr(system_user, 'actions', [])
    actions = list(set(granted_actions).intersection(set(check_actions)))
    return bool(actions)
예제 #5
0
def validate_permission(user, asset, system_user, action='connect'):

    if not system_user.protocol in asset.protocols_as_dict.keys():
        return False, time.time()

    asset_perm_ids = get_user_all_asset_perm_ids(user)

    asset_perm_ids_from_asset = AssetPermission.assets.through.objects.filter(
        assetpermission_id__in=asset_perm_ids,
        asset_id=asset.id).values_list('assetpermission_id', flat=True)

    nodes = asset.get_nodes()
    node_keys = set()
    for node in nodes:
        ancestor_keys = node.get_ancestor_keys(with_self=True)
        node_keys.update(ancestor_keys)
    node_ids = Node.objects.filter(key__in=node_keys).values_list('id',
                                                                  flat=True)

    node_ids = set(node_ids)

    asset_perm_ids_from_node = AssetPermission.nodes.through.objects.filter(
        assetpermission_id__in=asset_perm_ids,
        node_id__in=node_ids).values_list('assetpermission_id', flat=True)

    asset_perm_ids = {*asset_perm_ids_from_asset, *asset_perm_ids_from_node}

    asset_perm_ids = AssetPermission.system_users.through.objects.filter(
        assetpermission_id__in=asset_perm_ids,
        systemuser_id=system_user.id).values_list('assetpermission_id',
                                                  flat=True)

    asset_perm_ids = set(asset_perm_ids)

    asset_perms = AssetPermission.objects.filter(
        id__in=asset_perm_ids).order_by('-date_expired')

    if asset_perms:
        actions = set()
        actions_values = asset_perms.values_list('actions', flat=True)
        for value in actions_values:
            _actions = Action.value_to_choices(value)
            actions.update(_actions)
        asset_perm: AssetPermission = asset_perms.first()
        actions = list(actions)
        expire_at = asset_perm.date_expired.timestamp()
    else:
        actions = []
        expire_at = time.time()

    # TODO: 组件改造API完成后统一通过actions判断has_perm
    has_perm = action in actions
    return has_perm, actions, expire_at
예제 #6
0
 def _construct_meta_display_of_open(self):
     meta_display_fields = ['apply_actions_display']
     apply_actions = self.ticket.meta.get('apply_actions', Action.NONE)
     apply_actions_display = Action.value_to_choices_display(apply_actions)
     meta_display_values = [apply_actions_display]
     meta_display = dict(zip(meta_display_fields, meta_display_values))
     apply_assets = self.ticket.meta.get('apply_assets')
     apply_system_users = self.ticket.meta.get('apply_system_users')
     with tmp_to_org(self.ticket.org_id):
         meta_display.update({
             'apply_assets_display':
             [str(i) for i in Asset.objects.filter(id__in=apply_assets)],
             'apply_system_users_display': [
                 str(i) for i in SystemUser.objects.filter(
                     id__in=apply_system_users)
             ]
         })
     return meta_display
예제 #7
0
def validate_permission(user, asset, system_user, action_name):

    if not system_user.protocol in asset.protocols_as_dict.keys():
        return False, time.time()

    asset_perm_ids = get_user_all_asset_perm_ids(user)

    asset_perm_ids_from_asset = AssetPermission.assets.through.objects.filter(
        assetpermission_id__in=asset_perm_ids,
        asset_id=asset.id).values_list('assetpermission_id', flat=True)

    nodes = asset.get_nodes()
    node_keys = set()
    for node in nodes:
        ancestor_keys = node.get_ancestor_keys(with_self=True)
        node_keys.update(ancestor_keys)
    node_ids = Node.objects.filter(key__in=node_keys).values_list('id',
                                                                  flat=True)

    node_ids = set(node_ids)

    asset_perm_ids_from_node = AssetPermission.nodes.through.objects.filter(
        assetpermission_id__in=asset_perm_ids,
        node_id__in=node_ids).values_list('assetpermission_id', flat=True)

    asset_perm_ids = {*asset_perm_ids_from_asset, *asset_perm_ids_from_node}

    asset_perm_ids = AssetPermission.system_users.through.objects.filter(
        assetpermission_id__in=asset_perm_ids,
        systemuser_id=system_user.id).values_list('assetpermission_id',
                                                  flat=True)

    asset_perm_ids = set(asset_perm_ids)

    asset_perms = AssetPermission.objects.filter(
        id__in=asset_perm_ids).order_by('-date_expired')

    for asset_perm in asset_perms:
        if action_name in Action.value_to_choices(asset_perm.actions):
            return True, asset_perm.date_expired.timestamp()
    return False, time.time()
예제 #8
0
    def get(self, request, *args, **kwargs):
        asset_id = request.query_params.get('asset_id', '')
        system_id = request.query_params.get('system_user_id', '')
        action_name = request.query_params.get('action_name', '')

        try:
            asset_id = uuid.UUID(asset_id)
            system_id = uuid.UUID(system_id)
        except ValueError:
            return Response({'msg': False}, status=403)

        asset = get_object_or_404(Asset, id=asset_id)
        system_user = get_object_or_404(SystemUser, id=system_id)

        system_users_actions = get_asset_system_user_ids_with_actions_by_user(self.get_user(), asset)
        actions = system_users_actions.get(system_user.id)
        if actions is None:
            return Response({'msg': False}, status=403)
        if action_name in Action.value_to_choices(actions):
            return Response({'msg': True}, status=200)
        return Response({'msg': False}, status=403)
예제 #9
0
 def to_internal_value(self, data):
     if data is None:
         return data
     return Action.choices_to_value(data)
예제 #10
0
 def to_representation(self, value):
     return Action.value_to_choices(value)
예제 #11
0
 def run_validation(self, data=empty):
     data = super(ActionsField, self).run_validation(data)
     if isinstance(data, list):
         data = Action.choices_to_value(value=data)
     return data