diff --git a/dongtai_common/endpoint/__init__.py b/dongtai_common/endpoint/__init__.py index e9434ec54..892be0c42 100644 --- a/dongtai_common/endpoint/__init__.py +++ b/dongtai_common/endpoint/__init__.py @@ -4,10 +4,10 @@ import logging from functools import reduce from operator import ior -from typing import TYPE_CHECKING, Union +from typing import TYPE_CHECKING from django.core.paginator import EmptyPage, Paginator -from django.db.models import Count, Q, QuerySet +from django.db.models import Count, Q from django.http import JsonResponse from django.http.request import HttpRequest from django.utils.translation import gettext_lazy as _ @@ -23,8 +23,8 @@ from dongtai_common.models.asset import Asset from dongtai_common.models.asset_aggr import AssetAggr from dongtai_common.models.asset_vul import IastVulAssetRelation -from dongtai_common.models.department import Department from dongtai_common.models.log import IastLog, OperateType +from dongtai_common.models.project import IastProject from dongtai_common.permissions import ( UserPermission, ) @@ -33,6 +33,7 @@ if TYPE_CHECKING: from django.core.paginator import _SupportsPagination + from django.db.models.query import QuerySet, ValuesQuerySet logger = logging.getLogger("dongtai-core") @@ -188,8 +189,8 @@ def parse_args(self, request): @staticmethod def get_paginator( - queryset: QuerySet, page: int = 1, page_size: int = 20 - ) -> tuple[dict, Union[QuerySet, "_SupportsPagination"]]: + queryset: "QuerySet | ValuesQuerySet", page: int = 1, page_size: int = 20 + ) -> tuple[dict, "QuerySet | _SupportsPagination"]: """ 根据模型集合、页号、每页大小获取分页数据 :param queryset: @@ -257,11 +258,10 @@ def get_auth_agents(users): :param users: :return: """ - qs = Department.objects.none() - qss = [user.get_relative_department() for user in users] - departments = reduce(ior, qss, qs) - return IastAgent.objects.filter(bind_project__department__in=departments) - # if isinstance(users, QuerySet): + qs = IastProject.objects.none() + qss = [user.get_projects() for user in users] + projects = reduce(ior, qss, qs) + return IastAgent.objects.filter(bind_project__in=projects) @staticmethod def get_auth_assets(users): @@ -270,10 +270,10 @@ def get_auth_assets(users): :param users: :return: """ - qs = Department.objects.none() - qss = [user.get_relative_department() for user in users] - departments = reduce(ior, qss, qs) - return Asset.objects.filter(department__in=departments, is_del=0) + qs = IastProject.objects.none() + qss = [user.get_projects() for user in users] + projects = reduce(ior, qss, qs) + return Asset.objects.filter(project__in=projects, is_del=0) @staticmethod def get_auth_asset_aggrs(auth_assets): diff --git a/dongtai_common/models/user.py b/dongtai_common/models/user.py index 3c0876de2..cd879ace7 100644 --- a/dongtai_common/models/user.py +++ b/dongtai_common/models/user.py @@ -7,6 +7,7 @@ from django.utils.translation import gettext_lazy as _ from dongtai_common.models.department import Department +from dongtai_conf.patch import patch_point class PermissionsMixin(models.Model): @@ -109,3 +110,11 @@ def get_using_department(self): if self.using_department: return self.using_department return self.get_department() + + def get_projects(self) -> QuerySet: + from dongtai_common.models.project import IastProject + + queryset = IastProject.objects.none() + if self.is_system_admin: + return IastProject.objects.all() + return patch_point(queryset) diff --git a/dongtai_web/aggr_vul/aggr_vul_list.py b/dongtai_web/aggr_vul/aggr_vul_list.py index db01ab300..40815733e 100644 --- a/dongtai_web/aggr_vul/aggr_vul_list.py +++ b/dongtai_web/aggr_vul/aggr_vul_list.py @@ -61,6 +61,7 @@ class GetAggregationVulList(UserEndPoint): description = _("New application") @extend_schema_with_envcheck( + deprecated=True, request=AggregationArgsSerializer, tags=[_("漏洞")], summary=_("组件漏洞列表"), @@ -155,11 +156,9 @@ def post(self, request): except ValidationError as e: return R.failure(data=e.detail) - departments = list(request.user.get_relative_department()) - department_filter_sql = " and {}.department_id in ({})".format( - "asset", ",".join(str(x.id) for x in departments) - ) - query_condition = query_condition + department_filter_sql + projects = list(request.user.get_projects()) + project_filter_sql = " and {}.project_id in ({})".format("asset", ",".join(str(x.id) for x in projects)) + query_condition = query_condition + project_filter_sql if keywords: query_base = ( @@ -245,7 +244,7 @@ def post(self, request): Asset.objects.filter( iastvulassetrelation__asset_vul_id__in=vul_ids, iastvulassetrelation__is_del=0, - department__in=departments, + project__in=projects, project_id__gt=0, ) .values("project_id", "iastvulassetrelation__asset_vul_id") @@ -337,10 +336,10 @@ def get_vul_list_from_elastic_search( auth_user_info = auth_user_list_str(user_id=user_id) auth_user_info["user_list"] user = User.objects.filter(pk=user_id).first() - departments = user.get_relative_department() - department_ids = [department.id for department in departments] + projects = user.get_projects() + project_ids = [project.id for project in projects] must_query = [ - Q("terms", asset_department_id=department_ids), + Q("terms", asset_project_id=project_ids), Q("terms", asset_vul_relation_is_del=[0]), Q("range", asset_project_id={"gt": 0}), ] diff --git a/dongtai_web/aggr_vul/aggr_vul_summary.py b/dongtai_web/aggr_vul/aggr_vul_summary.py index bcecce210..a8e980f8e 100644 --- a/dongtai_web/aggr_vul/aggr_vul_summary.py +++ b/dongtai_web/aggr_vul/aggr_vul_summary.py @@ -62,9 +62,9 @@ def get_annotate_sca_base_data(user_id: int, pro_condition: str): "project": [], } user = User.objects.get(pk=user_id) - departments = list(user.get_relative_department()) - department_filter_sql = " and {}.department_id in ({})".format("asset", ",".join(str(x.id) for x in departments)) - query_condition = " where rel.is_del=0 and asset.project_id>0 " + department_filter_sql + pro_condition + projects = list(user.get_projects()) + project_filter_sql = " and {}.project_id in ({})".format("asset", ",".join(str(x.id) for x in projects)) + query_condition = " where rel.is_del=0 and asset.project_id>0 " + project_filter_sql + pro_condition base_join = ( "left JOIN iast_asset_vul_relation as rel on rel.asset_vul_id=vul.id " "left JOIN iast_asset as asset on rel.asset_id=asset.id " @@ -201,10 +201,10 @@ def get_annotate_data_es(user_id, bind_project_id=None, project_version_id=None) from dongtai_web.utils import dict_transfrom user = User.objects.get(pk=user_id) - departments = list(user.get_relative_department()) - department_ids = [i.id for i in departments] + projects = list(user.get_projects()) + project_ids = [i.id for i in projects] must_query = [ - Q("terms", asset_department_id=department_ids), + Q("terms", asset_project_id=project_ids), Q("terms", asset_vul_relation_is_del=[0]), Q("range", asset_project_id={"gt": 0}), ] diff --git a/dongtai_web/aggr_vul/app_vul_list.py b/dongtai_web/aggr_vul/app_vul_list.py index b1d52a110..ce0bdbd0f 100644 --- a/dongtai_web/aggr_vul/app_vul_list.py +++ b/dongtai_web/aggr_vul/app_vul_list.py @@ -51,10 +51,8 @@ def post(self, request): } ser = AggregationArgsSerializer(data=request.data) # 获取用户权限 - departments = request.user.get_relative_department() - queryset = IastVulnerabilityModel.objects.filter( - is_del=0, project_id__gt=0, project__department__in=departments - ) + projects = request.user.get_projects() + queryset = IastVulnerabilityModel.objects.filter(is_del=0, project_id__gt=0, project__in=projects) try: if ser.is_valid(True): @@ -148,7 +146,7 @@ def post(self, request): order_list.append(order_type_desc + order_type) es_query["order"] = order_type_desc + order_type if ELASTICSEARCH_STATE: - vul_data = get_vul_list_from_elastic_search(departments, page=page, page_size=page_size, **es_query) + vul_data = get_vul_list_from_elastic_search(projects, page=page, page_size=page_size, **es_query) else: vul_data = queryset.values(*tuple(fields)).order_by(*tuple(order_list))[begin_num:end_num] except ValidationError as e: @@ -214,7 +212,7 @@ def set_vul_inetration(end: dict[str, Any], user_id: int) -> None: def get_vul_list_from_elastic_search( - departments, + projects, project_ids=None, project_version_ids=None, hook_type_ids=None, @@ -246,9 +244,9 @@ def get_vul_list_from_elastic_search( from dongtai_common.models.strategy import IastStrategyModel - department_ids = list(departments.values_list("id", flat=True)) + auth_project_ids = list(project_ids.values_list("id", flat=True)) must_query = [ - Q("terms", department_id=department_ids), + Q("terms", bind_project_id=auth_project_ids), Q("terms", is_del=[0]), Q("range", bind_project_id={"gt": 0}), Q("range", strategy_id={"gt": 0}), @@ -290,7 +288,7 @@ def get_vul_list_from_elastic_search( a = Q("bool", must=must_query) hashkey = make_hash( [ - department_ids, + auth_project_ids, project_ids, project_version_ids, hook_type_ids, diff --git a/dongtai_web/aggr_vul/app_vul_summary.py b/dongtai_web/aggr_vul/app_vul_summary.py index 0bf720f51..6e475120a 100644 --- a/dongtai_web/aggr_vul/app_vul_summary.py +++ b/dongtai_web/aggr_vul/app_vul_summary.py @@ -1,11 +1,12 @@ import logging from django.db.models import Count, Q +from django.db.models.query import QuerySet from django.utils.translation import gettext_lazy as _ from rest_framework.serializers import ValidationError from dongtai_common.endpoint import R, UserEndPoint -from dongtai_common.models.department import Department +from dongtai_common.models.project import IastProject from dongtai_common.models.vulnerablity import IastVulnerabilityModel from dongtai_common.utils.const import OPERATE_GET from dongtai_conf.patch import patch_point @@ -20,18 +21,12 @@ def _annotate_by_query(q, value_fields, count_field): return IastVulnerabilityModel.objects.filter(q).values(*value_fields).annotate(count=Count(count_field)) -# @cached_decorator(random_range=(2 * 60 * 60, 2 * 60 * 60), -# use_celery_update=True) +def get_annotate_cache_data(projects: QuerySet[IastProject]): + return get_annotate_data(projects, 0, 0) -def get_annotate_cache_data(department: Department): - return get_annotate_data(department, 0, 0) - - -def get_annotate_data(department: Department, bind_project_id=int, project_version_id=int) -> dict: - # cache_q = Q(is_del=0, agent__bind_project_id__gt=0, - # agent__user_id__in=auth_user_info['user_list']) - cache_q = Q(is_del=0, project_id__gt=0, project__department__in=department) +def get_annotate_data(projects: QuerySet[IastProject], bind_project_id: int, project_version_id: int) -> dict: + cache_q = Q(is_del=0, project_id__gt=0, project__in=projects) # 从项目列表进入 绑定项目id if bind_project_id: @@ -98,7 +93,7 @@ def post(self, request): :return: """ - department = request.user.get_relative_department() + projects = request.user.get_projects() ser = AggregationArgsSerializer(data=request.data) bind_project_id = 0 @@ -111,12 +106,12 @@ def post(self, request): project_version_id = ser.validated_data.get("project_version_id", 0) if ELASTICSEARCH_STATE: - result_summary = get_annotate_data_es(department, bind_project_id, project_version_id) + result_summary = get_annotate_data_es(projects, bind_project_id, project_version_id) elif bind_project_id or project_version_id: - result_summary = get_annotate_data(department, bind_project_id, project_version_id) + result_summary = get_annotate_data(projects, bind_project_id, project_version_id) else: # 全局下走缓存 - result_summary = get_annotate_cache_data(department) + result_summary = get_annotate_cache_data(projects) except ValidationError as e: logger.info(e) return R.failure(data=e.detail) @@ -128,7 +123,7 @@ def post(self, request): ) -def get_annotate_data_es(department: Department, bind_project_id, project_version_id): +def get_annotate_data_es(projects: QuerySet[IastProject], bind_project_id: int, project_version_id: int): from elasticsearch import Elasticsearch from elasticsearch_dsl import A, Q @@ -142,7 +137,7 @@ def get_annotate_data_es(department: Department, bind_project_id, project_versio strategy_ids = list(IastStrategyModel.objects.all().values_list("id", flat=True)) must_query = [ - Q("terms", department_id=list(department.values_list("id", flat=True))), + Q("terms", bind_project_id=list(projects.values_list("id", flat=True))), Q("terms", is_del=[0]), Q("terms", is_del=[0]), Q("range", bind_project_id={"gt": 0}), diff --git a/dongtai_web/aggregation/aggregation_del.py b/dongtai_web/aggregation/aggregation_del.py index cb6eb32d7..59b7a45ed 100644 --- a/dongtai_web/aggregation/aggregation_del.py +++ b/dongtai_web/aggregation/aggregation_del.py @@ -25,17 +25,17 @@ def post(self, request): ids = request.data.get("ids", "") ids = turnIntListOfStr(ids) source_type = request.data.get("source_type", 1) - department = request.user.get_relative_department() + projects = request.user.get_projects() if source_type == 1: queryset = IastVulnerabilityModel.objects.filter(is_del=0) else: queryset = IastVulAssetRelation.objects.filter(is_del=0) - # 部门删除逻辑 + # 项目删除逻辑 if source_type == 1: - queryset = queryset.filter(project__department__in=department) + queryset = queryset.filter(project__in=projects) else: - queryset = queryset.filter(asset__department__in=department) + queryset = queryset.filter(asset__project__in=projects) if source_type == 1: # noqa: SIM108 # 应用漏洞删除 @@ -43,13 +43,7 @@ def post(self, request): else: # 组件漏洞删除 del_queryset = queryset.filter(asset_vul_id__in=ids) - # with connection.cursor() as cursor: - # sca_ids_str) for vul in del_queryset: vul.is_del = 1 vul.save() - return R.success( - data={ - "messages": "success", - }, - ) + return R.success(data={"messages": "success"}) diff --git a/dongtai_web/aggregation/aggregation_project_del.py b/dongtai_web/aggregation/aggregation_project_del.py index 40b35193d..11bc70d96 100644 --- a/dongtai_web/aggregation/aggregation_project_del.py +++ b/dongtai_web/aggregation/aggregation_project_del.py @@ -26,7 +26,7 @@ def post(self, request): return R.failure() project_version_id = request.data.get("project_version_id", None) source_type = request.data.get("source_type", 1) - department = request.user.get_relative_department() + project = request.user.get_projects() if source_type == 1: queryset = IastVulnerabilityModel.objects.filter(is_del=0) else: @@ -44,15 +44,11 @@ def post(self, request): # 部门删除逻辑 if source_type == 1: - queryset = queryset.filter(project__department__in=department) + queryset = queryset.filter(project__in=project) else: - queryset = queryset.filter(asset__department__in=department) + queryset = queryset.filter(asset__project__in=project) for vul in queryset: vul.is_del = 1 vul.save() - return R.success( - data={ - "messages": "success", - }, - ) + return R.success(data={"messages": "success"}) diff --git a/dongtai_web/base/project_version.py b/dongtai_web/base/project_version.py index 89678f959..c42d47653 100644 --- a/dongtai_web/base/project_version.py +++ b/dongtai_web/base/project_version.py @@ -2,6 +2,7 @@ from django.db import transaction from django.db.models import Q +from django.db.models.query import QuerySet from django.utils.translation import gettext_lazy as _ from rest_framework import serializers @@ -20,13 +21,13 @@ class VersionModifySerializer(serializers.Serializer): @transaction.atomic -def version_modify(user, department, versionData=None): +def version_modify(user, projects: QuerySet[IastProject], versionData): version_id = versionData.get("version_id", 0) project_id = versionData.get("project_id", 0) current_version = versionData.get("current_version", 0) version_name = versionData.get("version_name", "") description = versionData.get("description", "") - project = IastProject.objects.filter(department__in=department, id=project_id).only("id", "user").first() + project = projects.filter(id=project_id).only("id", "user").first() if not version_name or not project: return {"status": "202", "msg": _("Parameter error")} baseVersion = IastProjectVersion.objects.filter( diff --git a/dongtai_web/dongtai_sca/views/newpackageprojects.py b/dongtai_web/dongtai_sca/views/newpackageprojects.py index ee1070238..909d4a000 100644 --- a/dongtai_web/dongtai_sca/views/newpackageprojects.py +++ b/dongtai_web/dongtai_sca/views/newpackageprojects.py @@ -52,8 +52,7 @@ def get(self, request, language_id, package_name, package_version): pass except ValidationError as e: return R.failure(data=e.detail) - departments = request.user.get_relative_department() - queryset = IastProject.objects.filter(department__in=departments).order_by("-latest_time") + queryset = request.user.get_projects().order_by("-latest_time") assets_project_ids = ( AssetV2.objects.filter( language_id=language_id, diff --git a/dongtai_web/dongtai_sca/views/newpackageprojectversions.py b/dongtai_web/dongtai_sca/views/newpackageprojectversions.py index 2ceb4d944..f739ca0a0 100644 --- a/dongtai_web/dongtai_sca/views/newpackageprojectversions.py +++ b/dongtai_web/dongtai_sca/views/newpackageprojectversions.py @@ -6,7 +6,6 @@ from dongtai_common.endpoint import R, UserEndPoint from dongtai_common.models.assetv2 import AssetV2 -from dongtai_common.models.project import IastProject from dongtai_web.utils import extend_schema_with_envcheck_v2, get_response_serializer logger = logging.getLogger(__name__) @@ -43,8 +42,7 @@ class NewPackageRelationProjectVersion(UserEndPoint): responses={200: FullRelationProjectVersionResponseSerializer}, ) def get(self, request, language_id, package_name, package_version, project_id): - departments = request.user.get_relative_department() - queryset = IastProject.objects.filter(department__in=departments).order_by("-latest_time") + queryset = request.user.get_projects().order_by("-latest_time") assets = ( AssetV2.objects.filter( language_id=language_id, diff --git a/dongtai_web/header_vul/base.py b/dongtai_web/header_vul/base.py index 31465b047..0e06a69b1 100644 --- a/dongtai_web/header_vul/base.py +++ b/dongtai_web/header_vul/base.py @@ -61,8 +61,8 @@ def list(self, request): vul_id = ser.validated_data["vul_id"] except ValidationError as e: return R.failure(data=e.detail) - department = request.user.get_relative_department() - q = Q(project__department__in=department) & Q(vul_id=vul_id) + projects = request.user.get_projects() + q = Q(project__in=projects) & Q(vul_id=vul_id) queryset = IastHeaderVulnerability.objects.filter(q).all() page_summary, page_data = self.get_paginator(queryset, page, page_size) return R.success(data=HeaderVulSerializer(page_data, many=True).data, page=page_summary) diff --git a/dongtai_web/views/agent_start.py b/dongtai_web/views/agent_start.py index 4341c1532..190eee1b4 100644 --- a/dongtai_web/views/agent_start.py +++ b/dongtai_web/views/agent_start.py @@ -32,14 +32,14 @@ class AgentStart(UserEndPoint): def post(self, request): agent_id = request.data.get("id") agent_ids = request.data.get("ids", None) - department = request.user.get_relative_department() + projects = request.user.get_projects() if agent_ids: try: agent_ids = [int(i) for i in agent_ids.split(",")] except BaseException: return R.failure(_("Parameter error")) if agent_id: - agent = IastAgent.objects.filter(department__in=department, id=agent_id).first() + agent = IastAgent.objects.filter(bind_project__in=projects, id=agent_id).first() if agent is None: return R.failure(msg=_("Engine does not exist or no permission to access")) if agent.is_control == 1 and agent.control != 3 and agent.control != 4: @@ -51,7 +51,7 @@ def post(self, request): agent.save() if agent_ids: for agent_id in agent_ids: - agent = IastAgent.objects.filter(department__in=department, id=agent_id).first() + agent = IastAgent.objects.filter(bind_project__in=projects, id=agent_id).first() if agent is None: continue if agent.is_control == 1 and agent.control != 3 and agent.control != 4: diff --git a/dongtai_web/views/agent_stop.py b/dongtai_web/views/agent_stop.py index 7a9383050..99f1123c8 100644 --- a/dongtai_web/views/agent_stop.py +++ b/dongtai_web/views/agent_stop.py @@ -25,14 +25,14 @@ class AgentStop(UserEndPoint): def post(self, request): agent_id = request.data.get("id", None) agent_ids = request.data.get("ids", None) - department = request.user.get_relative_department() + projects = request.user.get_projects() if agent_ids: try: agent_ids = [int(i) for i in agent_ids.split(",")] except Exception: return R.failure(_("Parameter error")) if agent_id: - agent = IastAgent.objects.filter(department__in=department, id=agent_id).first() + agent = IastAgent.objects.filter(bind_project__in=projects, id=agent_id).first() if agent is None: return R.failure(msg=_("Engine does not exist or no permission to access")) if agent.is_control == 1 and agent.control != 3 and agent.control != 4: @@ -44,7 +44,7 @@ def post(self, request): agent.save() if agent_ids: for agent_id in agent_ids: - agent = IastAgent.objects.filter(department__in=department, id=agent_id).first() + agent = IastAgent.objects.filter(bind_project__in=projects, id=agent_id).first() if agent is None: continue if agent.is_control == 1 and agent.control != 3 and agent.control != 4: diff --git a/dongtai_web/views/agents_v2.py b/dongtai_web/views/agents_v2.py index 7dfb4d40a..3a8c82b3c 100644 --- a/dongtai_web/views/agents_v2.py +++ b/dongtai_web/views/agents_v2.py @@ -2,6 +2,7 @@ import logging from itertools import groupby from time import time +from typing import TYPE_CHECKING from django.db.models import IntegerChoices, Q from django.db.models.query import QuerySet @@ -15,11 +16,12 @@ from dongtai_common.models.agent import IastAgent, IastAgentEvent from dongtai_common.models.api_route import FromWhereChoices, IastApiRoute from dongtai_common.models.asset import Asset -from dongtai_common.models.department import Department +from dongtai_common.models.project import IastProject from dongtai_common.models.vulnerablity import IastVulnerabilityModel -from dongtai_web.utils import ( - extend_schema_with_envcheck, -) +from dongtai_web.utils import extend_schema_with_envcheck + +if TYPE_CHECKING: + from django.db.models.query import ValuesQuerySet logger = logging.getLogger("dongtai-webapi") @@ -58,8 +60,8 @@ def pagenation_list(self, request): ser.is_valid(True) except ValidationError as e: return R.failure(data=e.detail) - department = request.user.get_relative_department() - filter_condiction = generate_filter(ser.validated_data["state"]) & Q(department__in=department) + projects = request.user.get_projects() + filter_condiction = generate_filter(ser.validated_data["state"]) & Q(bind_project__in=projects) if ser.validated_data["project_name"]: filter_condiction = filter_condiction & Q(bind_project__name__icontains=ser.validated_data["project_name"]) if ser.validated_data["project_id"] is not None: @@ -105,7 +107,7 @@ def pagenation_list(self, request): ) def summary(self, request): res = {} - department = request.user.get_relative_department() + projects = request.user.get_projects() last_days = int(request.query_params.get("last_days", 0)) for type_ in StateType: filter_condiction = generate_filter(type_) @@ -113,9 +115,8 @@ def summary(self, request): filter_condiction = filter_condiction & Q(heartbeat__dt__gte=int(time()) - 60 * 60 * 24 * last_days) res[type_] = IastAgent.objects.filter( filter_condiction, - department__in=department, + bind_project__in=projects, ).count() - # user__in=get_auth_users__by_id(request.user.id)).count() return R.success(data=res) @@ -124,10 +125,10 @@ def summary(self, request): summary="获取 Agent 状态", ) def agent_stat(self, request): - department = request.user.get_relative_department() + projects = request.user.get_projects() try: agent_id = int(request.query_params.get("id", 0)) - res = get_agent_stat(agent_id, department) + res = get_agent_stat(agent_id, projects) except Exception as e: logger.debug(f"agent_stat error:{e}") res = {} @@ -140,18 +141,15 @@ def get_service_addrs(ip_list: list, port: int) -> list: return [x + ":" + str(port) for x in ip_list] -def get_agent_stat(agent_id: int, department: Department) -> dict: +def get_agent_stat(agent_id: int, projects: QuerySet[IastProject]) -> dict: res = {} res["api_count"] = IastApiRoute.objects.filter( agent__id=agent_id, from_where=FromWhereChoices.FROM_AGENT, - project__department__in=department, - ).count() - # agent__user__in = get_auth_users__by_id(user_id)).count() - res["sca_count"] = Asset.objects.filter(agent__id=agent_id, project__department__in=department).count() - res["vul_count"] = IastVulnerabilityModel.objects.filter( - agent__id=agent_id, project__department__in=department + project__in=projects, ).count() + res["sca_count"] = Asset.objects.filter(agent__id=agent_id, project__in=projects).count() + res["vul_count"] = IastVulnerabilityModel.objects.filter(agent__id=agent_id, project__in=projects).count() return res @@ -224,7 +222,7 @@ def cal_state(agent: dict) -> StateType: return StateType.UNINSTALL -def query_agent(filter_condiction=None) -> QuerySet: +def query_agent(filter_condiction=None) -> "ValuesQuerySet": if filter_condiction is None: filter_condiction = Q() return ( diff --git a/dongtai_web/views/project_add.py b/dongtai_web/views/project_add.py index 733f7492d..a65bfe444 100644 --- a/dongtai_web/views/project_add.py +++ b/dongtai_web/views/project_add.py @@ -16,9 +16,7 @@ from dongtai_common.models.server import IastServer from dongtai_common.models.strategy_user import IastStrategyUser from dongtai_engine.common.queryset import get_scan_id -from dongtai_web.base.project_version import ( - version_modify, -) +from dongtai_web.base.project_version import version_modify from dongtai_web.utils import extend_schema_with_envcheck, get_response_serializer logger = logging.getLogger("django") @@ -80,13 +78,12 @@ def post(self, request): mode = "插桩模式" scan_id = int(request.data.get("scan_id", 5)) template_id = int(request.data.get("template_id", 1)) - departments = request.user.get_relative_department() + projects = request.user.get_projects() scan = IastStrategyUser.objects.filter(id=scan_id).first() base_url = request.data.get("base_url", None) test_req_header_key = request.data.get("test_req_header_key", None) test_req_header_value = request.data.get("test_req_header_value", None) description = request.data.get("description", None) - department_id = request.data.get("department_id", None) pid = request.data.get("pid", 0) enable_log = request.data.get("enable_log", None) log_level = request.data.get("log_level", None) @@ -113,21 +110,14 @@ def post(self, request): vul_validation = request.data.get("vul_validation", None) if pid: - project = IastProject.objects.filter(id=pid, department__in=departments).first() + project = projects.filter(id=pid).first() project.name = name else: - department_id = request.data.get("department_id", 1) - if not departments.filter(pk=department_id).exists(): - return R.failure(status=203, msg=_("department does not exist")) - - project = IastProject.objects.filter( - name=name, user_id=request.user.id, department_id=department_id - ).first() + project = IastProject.objects.filter(name=name, user_id=request.user.id).first() if not project: project = IastProject.objects.create( name=name, user_id=request.user.id, - department_id=department_id, template_id=template_id, ) else: @@ -151,7 +141,7 @@ def post(self, request): versionInfo.version_name == version_name and (versionInfo.description == description or not description) ): - result = version_modify(project.user, departments, current_project_version) + result = version_modify(project.user, projects, current_project_version) if result.get("status", "202") == "202": logger.error("version update failure") return R.failure(status=202, msg=result.get("msg", _("Version Update Error"))) @@ -160,7 +150,6 @@ def post(self, request): project.scan = scan project.mode = mode project.template_id = template_id - project.department_id = department_id project.latest_time = int(time.time()) project.enable_log = enable_log project.log_level = log_level @@ -183,7 +172,6 @@ def post(self, request): "test_req_header_key", "test_req_header_value", "template_id", - "department_id", "enable_log", "log_level", ] diff --git a/dongtai_web/views/project_delete.py b/dongtai_web/views/project_delete.py index 1c33c3018..4ad3a179e 100644 --- a/dongtai_web/views/project_delete.py +++ b/dongtai_web/views/project_delete.py @@ -6,7 +6,6 @@ from rest_framework import serializers from dongtai_common.endpoint import R, UserEndPoint -from dongtai_common.models.project import IastProject from dongtai_web.utils import extend_schema_with_envcheck, get_response_serializer @@ -38,10 +37,8 @@ def post(self, request): try: project_id = request.data.get("id", None) if project_id: - department = request.user.get_relative_department() - # IastAgent.objects.filter( - # user__in=auth_users).update(bind_project_id=-1) - IastProject.objects.filter(id=project_id, department__in=department).delete() + projects = request.user.get_projects() + projects.filter(id=project_id).delete() return R.success(msg=_("Application has been deleted successfully")) except Exception as e: diff --git a/dongtai_web/views/project_detail.py b/dongtai_web/views/project_detail.py index a91df4a9b..7747e2d8f 100644 --- a/dongtai_web/views/project_detail.py +++ b/dongtai_web/views/project_detail.py @@ -5,7 +5,6 @@ from dongtai_common.endpoint import R, UserEndPoint from dongtai_common.models.agent import IastAgent -from dongtai_common.models.project import IastProject from dongtai_common.utils import const from dongtai_web.base.project_version import ( ProjectsVersionDataSerializer, @@ -46,8 +45,7 @@ class ProjectDetail(UserEndPoint): response_schema=_ResponseSerializer, ) def get(self, request, id): - department = request.user.get_relative_department() - project = IastProject.objects.filter(department__in=department, id=id).first() + project = request.user.get_projects().filter(id=id).first() if project: relations = IastAgent.objects.filter(bind_project_id=project.id, online=const.RUNNING) diff --git a/dongtai_web/views/project_engines.py b/dongtai_web/views/project_engines.py index 449a80745..619d5fe16 100644 --- a/dongtai_web/views/project_engines.py +++ b/dongtai_web/views/project_engines.py @@ -33,12 +33,17 @@ class ProjectEngines(UserEndPoint): response_schema=_ProjectEnginesResponseSerializer, ) def get(self, request, pid): - department = request.user.get_relative_department() - queryset = IastAgent.objects.filter( - department__in=department, - online=const.RUNNING, - bind_project_id__in=[0, pid], - ).values("id", "token", "alias") + projects = request.user.get_projects() + queryset = ( + IastAgent.objects.filter( + bind_project__in=projects, + ) + .filter( + online=const.RUNNING, + bind_project_id__in=[0, pid], + ) + .values("id", "token", "alias") + ) data = [] if queryset: data = [ diff --git a/dongtai_web/views/project_summary.py b/dongtai_web/views/project_summary.py index e28858b5f..51167bb64 100644 --- a/dongtai_web/views/project_summary.py +++ b/dongtai_web/views/project_summary.py @@ -6,7 +6,6 @@ from dongtai_common.endpoint import R, UserEndPoint from dongtai_common.models.agent import IastAgent -from dongtai_common.models.project import IastProject from dongtai_common.models.project_version import IastProjectVersion from dongtai_common.utils import const from dongtai_web.base.project_version import ( @@ -93,8 +92,7 @@ def weeks_ago(week=1): response_schema=_ProjectSummaryResponseSerializer, ) def get(self, request, id): - department = request.user.get_relative_department() - project = IastProject.objects.filter(department__in=department, id=id).first() + project = request.user.get_projects().filter(id=id).first() if not project: return R.failure(status=203, msg=_("no permission")) diff --git a/dongtai_web/views/project_version_add.py b/dongtai_web/views/project_version_add.py index a8d818381..81aa5e0ca 100644 --- a/dongtai_web/views/project_version_add.py +++ b/dongtai_web/views/project_version_add.py @@ -33,8 +33,8 @@ class ProjectVersionAdd(UserEndPoint): ) def post(self, request): try: - department = request.user.get_relative_department() - result = version_modify(request.user, department, request.data) + projects = request.user.get_projects() + result = version_modify(request.user, projects, request.data) if result.get("status", "202") == "202": return R.failure(status=202, msg=result.get("msg", _("Parameter error"))) return R.success(msg=_("Created success"), data=result.get("data", {})) diff --git a/dongtai_web/views/project_version_list.py b/dongtai_web/views/project_version_list.py index 7c5bdf254..68796a941 100644 --- a/dongtai_web/views/project_version_list.py +++ b/dongtai_web/views/project_version_list.py @@ -5,7 +5,6 @@ from rest_framework import serializers from dongtai_common.endpoint import R, UserEndPoint -from dongtai_common.models.project import IastProject from dongtai_common.models.project_version import IastProjectVersion from dongtai_web.utils import extend_schema_with_envcheck, get_response_serializer @@ -40,8 +39,7 @@ class ProjectVersionList(UserEndPoint): ) def get(self, request, project_id): try: - department = request.user.get_relative_department() - project = IastProject.objects.filter(department__in=department, id=project_id).first() + project = request.user.get_projects().filter(id=project_id).first() if not project: return R.failure(status=203, msg=_("no permission")) diff --git a/dongtai_web/views/project_version_update.py b/dongtai_web/views/project_version_update.py index 82a13dfbc..4b74ae140 100644 --- a/dongtai_web/views/project_version_update.py +++ b/dongtai_web/views/project_version_update.py @@ -31,8 +31,8 @@ class ProjectVersionUpdate(UserEndPoint): def post(self, request): try: version_id = request.data.get("version_id", 0) - department = request.user.get_relative_department() - result = version_modify(request.user, department, request.data) + projects = request.user.get_projects() + result = version_modify(request.user, projects, request.data) if not version_id or result.get("status", "202") == "202": return R.failure(status=202, msg=_("Parameter error")) return R.success(msg=_("Update completed")) diff --git a/dongtai_web/views/projects.py b/dongtai_web/views/projects.py index acb46f463..4b992da6e 100644 --- a/dongtai_web/views/projects.py +++ b/dongtai_web/views/projects.py @@ -7,7 +7,7 @@ from rest_framework.serializers import ValidationError from dongtai_common.endpoint import R, UserEndPoint -from dongtai_common.models.project import IastProject, ProjectStatus +from dongtai_common.models.project import ProjectStatus from dongtai_web.serializers.project import ( ProjectSerializer, get_agent_count, @@ -69,8 +69,7 @@ def get(self, request): except ValidationError as e: return R.failure(data=e.detail) - department = request.user.get_relative_department() - queryset = IastProject.objects.filter(department__in=department).order_by("-latest_time") + queryset = request.user.get_projects().order_by("-latest_time") if name: queryset = queryset.filter(name__icontains=name) if status is not None: diff --git a/dongtai_web/views/sca_summary.py b/dongtai_web/views/sca_summary.py index 65cc14ec5..fbe6de671 100644 --- a/dongtai_web/views/sca_summary.py +++ b/dongtai_web/views/sca_summary.py @@ -1,4 +1,6 @@ #!/usr/bin/env python +import warnings + import pymysql from django.db import connection from django.utils.text import format_lazy @@ -131,6 +133,7 @@ class ScaSummary(UserEndPoint): tags=[_("Component")], summary=_("Component Summary (with project)"), description=_("Use the specified project information to get the corresponding component summary"), + deprecated=True, response_schema=_ResponseSerializer, ) def post(self, request): @@ -143,10 +146,10 @@ def post(self, request): request_data = request.data - departments = request.user.get_relative_department() - department_ids = [i.id for i in departments] - base_query_sql = "WHERE iast_asset.department_id in %s and iast_asset.is_del=0 " - sql_params = [department_ids] + projects = request.user.get_projects() + project_ids = [i.id for i in projects] + base_query_sql = "WHERE iast_asset.project_id in %s and iast_asset.is_del=0 " + sql_params = [project_ids] asset_aggr_where = " and iast_asset.is_del=0 " package_kw = request_data.get("keyword", "") es_query = {} @@ -239,6 +242,7 @@ def get_vul_list_from_elastic_search( search_keyword="", extend_aggs_buckets=None, ): + warnings.warn("deprecated", stacklevel=1) if extend_aggs_buckets is None: extend_aggs_buckets = {} diff --git a/dongtai_web/views/scas.py b/dongtai_web/views/scas.py index 345cb0f7e..5a341db6c 100644 --- a/dongtai_web/views/scas.py +++ b/dongtai_web/views/scas.py @@ -1,5 +1,6 @@ #!/usr/bin/env python import logging +import warnings from django.core.cache import cache from django.utils.text import format_lazy @@ -141,6 +142,7 @@ class ScaList(UserEndPoint): tags=[_("Component")], summary=_("Component List (with project)"), description=_("use the specified project information to obtain the corresponding component."), + deprecated=True, response_schema=_ResponseSerializer, ) def post(self, request): @@ -156,8 +158,8 @@ def post(self, request): page_size = min(50, int(page_size)) auth_user_ids = [str(_i.id) for _i in auth_users] - departments = request.user.get_relative_department() - department_ids = [department.id for department in departments] + projects = request.user.get_projects() + project_ids = [project.id for project in projects] base_query_sql = " LEFT JOIN iast_asset ON iast_asset.signature_value = iast_asset_aggr.signature_value WHERE iast_asset.department_id in %s and iast_asset.is_del=0 " list_sql_params = [auth_user_ids] count_sql_params = [auth_user_ids] @@ -168,12 +170,12 @@ def post(self, request): asset_aggr_where = " and iast_asset_aggr.id>0 " where_conditions = [] where_conditions_dict = {} - if len(department_ids) == 1: - where_conditions.append("department_id = %(department_ids)s") - where_conditions_dict["department_ids"] = department_ids[0] + if len(project_ids) == 1: + where_conditions.append("project_id = %(project_ids)s") + where_conditions_dict["project_ids"] = project_ids[0] else: - where_conditions.append("department_id IN %(department_ids)s") - where_conditions_dict["department_ids"] = department_ids + where_conditions.append("project_id IN %(project_ids)s") + where_conditions_dict["project_ids"] = project_ids project_id = request_data.get("project_id", None) if project_id and project_id != "": @@ -319,6 +321,7 @@ def get_vul_list_from_elastic_searchv2( search_keyword="", extend_filter=None, ): + warnings.warn("deprecated", stacklevel=1) if level_ids is None: level_ids = [] if languages is None: diff --git a/dongtai_web/views/user_token.py b/dongtai_web/views/user_token.py index 250c0ad31..6c4e0d3f9 100644 --- a/dongtai_web/views/user_token.py +++ b/dongtai_web/views/user_token.py @@ -30,10 +30,7 @@ class UserDepartmentToken(UserEndPoint): name = "iast-v1-user-department-token" description = _("获取部门部署 token") - @extend_schema( - summary=_("获取部门部署 token"), - tags=[_("User")], - ) + @extend_schema(summary=_("获取部门部署 token"), tags=[_("User")], deprecated=True) def get(self, request): departments = request.user.get_relative_department() department = request.user.get_department() diff --git a/dongtai_web/views/vul_count_for_plugin.py b/dongtai_web/views/vul_count_for_plugin.py index 5d35526ef..76e6083cc 100644 --- a/dongtai_web/views/vul_count_for_plugin.py +++ b/dongtai_web/views/vul_count_for_plugin.py @@ -29,7 +29,6 @@ def get(self, request): agent_name = request.query_params.get("name") departmenttoken = request.query_params.get("departmenttoken", "") projectname = request.query_params.get("projectname", "") - request.user.get_relative_department() if not agent_name: return R.failure(msg=_("Please input agent name.")) departmenttoken = departmenttoken.replace("GROUP", "") diff --git a/dongtai_web/views/vul_details.py b/dongtai_web/views/vul_details.py index ced220747..7ec9c6857 100644 --- a/dongtai_web/views/vul_details.py +++ b/dongtai_web/views/vul_details.py @@ -237,8 +237,8 @@ def parse_request(method, uri, query_param, protocol, header, data): def parse_response(header, body): return f"{header}\n\n{body}" - def get_vul(self, department): - vul = IastVulnerabilityModel.objects.filter(id=self.vul_id, project__department__in=department).first() + def get_vul(self, projects): + vul = IastVulnerabilityModel.objects.filter(id=self.vul_id, project__in=projects).first() hook_type = HookType.objects.filter(pk=vul.hook_type_id).first() if vul is not None else None hook_type_name = hook_type.name if hook_type else None strategy = IastStrategyModel.objects.filter(pk=vul.strategy_id).first() @@ -408,11 +408,11 @@ def get(self, request, id): :return: """ self.vul_id = id - self.departments = request.user.get_relative_department() + projects = request.user.get_projects() try: return R.success( data={ - "vul": self.get_vul(self.departments), + "vul": self.get_vul(projects), "server": self.get_server(), "strategy": self.get_strategy(), } @@ -464,10 +464,10 @@ def get( id, ): self.vul_id = id - self.departments = request.user.get_relative_department() + projects = request.user.get_projects() try: data = { - "vul": self.get_vul(self.departments), + "vul": self.get_vul(projects), "server": self.get_server(), "strategy": self.get_strategy(), } diff --git a/dongtai_web/views/vul_list_for_plugin.py b/dongtai_web/views/vul_list_for_plugin.py index f50b79467..7e29f4573 100644 --- a/dongtai_web/views/vul_list_for_plugin.py +++ b/dongtai_web/views/vul_list_for_plugin.py @@ -61,7 +61,6 @@ def get(self, request): agent_name = request.query_params.get("name", None) departmenttoken = request.query_params.get("departmenttoken", "") projectname = request.query_params.get("projectname", "") - request.user.get_relative_department() if not agent_name: return R.failure(msg=_("Please input agent name.")) departmenttoken = departmenttoken.replace("GROUP", "") diff --git a/dongtai_web/views/vul_status.py b/dongtai_web/views/vul_status.py index bcbe0ce00..7f27e5ba9 100644 --- a/dongtai_web/views/vul_status.py +++ b/dongtai_web/views/vul_status.py @@ -69,12 +69,12 @@ def post(self, request): status_id = request.data.get("status_id") user = request.user user_id = user.id - department = request.user.get_relative_department() + projects = request.user.get_projects() if not (isinstance(vul_id, int) or isinstance(vul_ids, list)): return R.failure() if not vul_ids: vul_ids = [vul_id] - queryset = IastVulnerabilityModel.objects.filter(is_del=0, project__department__in=department) + queryset = IastVulnerabilityModel.objects.filter(is_del=0, project__in=projects) vul_status = IastVulnerabilityStatus.objects.filter(pk=status_id).first() if vul_status: queryset_status = queryset.filter(id__in=vul_ids)