def _create_asset_permission(self, instance: Ticket, assets, system_users):
meta = instance.meta
request = self.request
actions = meta.get('actions', Action.CONNECT)
ap_kwargs = {
'name':
_('From request ticket: {} {}').format(instance.user_display,
instance.id),
'created_by':
self.request.user.username,
'comment':
_('{} request assets, approved by {}').format(
instance.user_display, instance.assignees_display),
'actions':
actions,
}
date_start = dt_parser(meta.get('date_start'))
date_expired = dt_parser(meta.get('date_expired'))
if date_start:
ap_kwargs['date_start'] = date_start
if date_expired:
ap_kwargs['date_expired'] = date_expired
instance.perform_action(instance.ACTION.APPROVE, request.user,
self._get_extra_comment(instance))
ap = AssetPermission.objects.create(**ap_kwargs)
ap.system_users.add(*system_users)
ap.assets.add(*assets)
ap.users.add(instance.user)
return ap
def check_asset_permission_expired():
"""
这里的任务要足够短,不要影响周期任务
"""
from settings.models import Setting
setting_name = 'last_asset_perm_expired_check'
end = now()
default_start = end - timedelta(days=36000) # Long long ago in china
defaults = {'value': dt_formater(default_start)}
setting, created = Setting.objects.get_or_create(
name=setting_name, defaults=defaults
)
if created:
start = default_start
else:
start = dt_parser(setting.value)
setting.value = dt_formater(end)
setting.save()
asset_perm_ids = AssetPermission.objects.filter(
date_expired__gte=start, date_expired__lte=end
).distinct().values_list('id', flat=True)
asset_perm_ids = list(asset_perm_ids)
logger.info(f'>>> checking {start} to {end} have {asset_perm_ids} expired')
UserGrantedTreeRefreshController.add_need_refresh_by_asset_perm_ids_cross_orgs(asset_perm_ids)
def check_asset_permission_expired():
"""
这里的任务要足够短,不要影响周期任务
"""
from settings.models import Setting
setting_name = 'last_asset_perm_expired_check'
end = now()
default_start = end - timedelta(days=36000) # Long long ago in china
defaults = {'value': dt_formater(default_start)}
setting, created = Setting.objects.get_or_create(name=setting_name,
defaults=defaults)
if created:
start = default_start
else:
start = dt_parser(setting.value)
setting.value = dt_formater(end)
setting.save()
ids = AssetPermission.objects.filter(
date_expired__gte=start,
date_expired__lte=end).distinct().values_list('id', flat=True)
logger.info(f'>>> checking {start} to {end} have {ids} expired')
dispatch_process_expired_asset_permission.delay(list(ids))
def _create_body(self, validated_data):
meta = validated_data['meta']
type = Ticket.TYPE.get(validated_data.get('type', ''))
date_start = dt_parser(meta.get('date_start')).strftime(
settings.DATETIME_DISPLAY_FORMAT)
date_expired = dt_parser(meta.get('date_expired')).strftime(
settings.DATETIME_DISPLAY_FORMAT)
validated_data['body'] = _('''
Type: {type}<br>
User: {username}<br>
Ip group: {ips}<br>
Hostname: {hostname}<br>
System user: {system_user}<br>
Date start: {date_start}<br>
Date expired: {date_expired}<br>
''').format(type=type,
username=validated_data.get('user', ''),
ips=', '.join(meta.get('ips', [])),
hostname=meta.get('hostname', ''),
system_user=meta.get('system_user', ''),
date_start=date_start,
date_expired=date_expired)
def check_asset_permission_will_expired():
start = local_now()
end = start + timedelta(days=3)
user_asset_remain_day_mapper = defaultdict(dict)
org_perm_remain_day_mapper = defaultdict(dict)
asset_perms = AssetPermission.objects.filter(
date_expired__gte=start, date_expired__lte=end).distinct()
for asset_perm in asset_perms:
date_expired = dt_parser(asset_perm.date_expired)
remain_days = (end - date_expired).days
org = asset_perm.org
# 资产授权按照组织分类
if org in org_perm_remain_day_mapper[remain_days]:
org_perm_remain_day_mapper[remain_days][org].add(asset_perm)
else:
org_perm_remain_day_mapper[remain_days][org] = {
asset_perm,
}
# 计算每个用户即将过期的资产
users = asset_perm.get_all_users()
assets = asset_perm.get_all_assets()
for u in users:
if u in user_asset_remain_day_mapper[remain_days]:
user_asset_remain_day_mapper[remain_days][u].update(assets)
else:
user_asset_remain_day_mapper[remain_days][u] = set(assets)
for day_count, user_asset_mapper in user_asset_remain_day_mapper.items():
for user, assets in user_asset_mapper.items():
PermedAssetsWillExpireUserMsg(user, assets,
day_count).publish_async()
for day_count, org_perm_mapper in org_perm_remain_day_mapper.items():
for org, perms in org_perm_mapper.items():
org_admins = org.admins.all()
for org_admin in org_admins:
AssetPermsWillExpireForOrgAdminMsg(org_admin, perms, org,
day_count).publish_async()
def check_app_permission_will_expired():
start = local_now()
end = start + timedelta(days=3)
app_perms = ApplicationPermission.objects.filter(
date_expired__gte=start, date_expired__lte=end).distinct()
user_app_remain_day_mapper = defaultdict(dict)
org_perm_remain_day_mapper = defaultdict(dict)
for app_perm in app_perms:
date_expired = dt_parser(app_perm.date_expired)
remain_days = (end - date_expired).days
org = app_perm.org
if org in org_perm_remain_day_mapper[remain_days]:
org_perm_remain_day_mapper[remain_days][org].add(app_perm)
else:
org_perm_remain_day_mapper[remain_days][org] = {
app_perm,
}
users = app_perm.get_all_users()
apps = app_perm.applications.all()
for u in users:
if u in user_app_remain_day_mapper[remain_days]:
user_app_remain_day_mapper[remain_days][u].update(apps)
else:
user_app_remain_day_mapper[remain_days][u] = set(apps)
for day_count, user_app_mapper in user_app_remain_day_mapper.items():
for user, apps in user_app_mapper.items():
PermedAppsWillExpireUserMsg(user, apps, day_count).publish_async()
for day_count, org_perm_mapper in org_perm_remain_day_mapper.items():
for org, perms in org_perm_mapper.items():
org_admins = org.admins.all()
for org_admin in org_admins:
AppPermsWillExpireForOrgAdminMsg(org_admin, perms, org,
day_count).publish_async()