ВБ
Size: a a a
2021 August 04
RS
ты можешь по админам, проджект овнерам и лидам мониторить, когда я в репозитории смотрел там такой опции не было)
VM
Я правильно понимаю, что выложены только скриншоты? Без Prep нельзя было сделать?
RS
так ты только по All users смотришь, а у меня несколько групп + отдельно права на юзеров
ВБ
У меня все
ВБ
Это первая страница только
EL
)))
EL
Нужны ивенты, а не их последствия)
EL
Теперь еще и коллекции ;)))
RS
и насколько вижу это данные тянул из некстгена, или пермишенов что только на сервере) для пользователя удобно отобразить те что не присвоены (серые клетки но считаем крестами, в зависимости от логики), и ещё те которые априорно идут от какой-то группы
RS
если заммепить всё, то скорее всего получится то что у меня, пока вижу другую ситуацию)
RS
к слову была идея синхронить, но с этим сложнее
RS
без препа можно, один из методов - перенести всё на sql и джоинить там, потому что всё подтягивается из серверного репозитория - база постгрес.
второй метод, это получение пермишенов через питон - над чем буду работать дальше, чтобы и сама логика обрабатывалась на нём либо частично, а потом автоматизировать процесс назначения также скриптами
второй метод, это получение пермишенов через питон - над чем буду работать дальше, чтобы и сама логика обрабатывалась на нём либо частично, а потом автоматизировать процесс назначения также скриптами
RS
ещё один через логи, но в нём подробно не разбирался
ВБ
Хз я может чего то не понимаю, но вот база для пермишинов, которую можно еще прокачать.
select ngp.*
, grantee.name
, object.name as "object name"
, c.display_name as "capability"
from next_gen_permissions ngp
inner join (
select 'Group' as "type", id, name from "groups" g
union all
select 'User' as "type", id, name from system_users su ) grantee on grantee.id = ngp.grantee_id and grantee.type = ngp.grantee_type
inner join (
select 'Project' as "authorizable_type", id, name from projects p
union all
select 'Workbook' as "authorizable_type", id, name from workbooks w
union all
select 'View' as "authorizable_type", id, name from "views" v
union all
select 'Datasource' as "authorizable_type", id, name from datasources d )
object on object.id = ngp.authorizable_id and object.authorizable_type = ngp.authorizable_type
inner join capabilities c on c.id = ngp.capability_id
where ngp.capability_id not in (34,19)
select ngp.*
, grantee.name
, object.name as "object name"
, c.display_name as "capability"
from next_gen_permissions ngp
inner join (
select 'Group' as "type", id, name from "groups" g
union all
select 'User' as "type", id, name from system_users su ) grantee on grantee.id = ngp.grantee_id and grantee.type = ngp.grantee_type
inner join (
select 'Project' as "authorizable_type", id, name from projects p
union all
select 'Workbook' as "authorizable_type", id, name from workbooks w
union all
select 'View' as "authorizable_type", id, name from "views" v
union all
select 'Datasource' as "authorizable_type", id, name from datasources d )
object on object.id = ngp.authorizable_id and object.authorizable_type = ngp.authorizable_type
inner join capabilities c on c.id = ngp.capability_id
where ngp.capability_id not in (34,19)
RS
у тебя логика будет пропадать во вложенных проектах, и нет учёта шоу/хидден табс, а это тоже важно
RS
я тестил только с ngp+capabilies дальше одного не раболо, а у меня их было 4 вложенных, как матрёшка))
ВБ
Это все понятно. но скрипт выше написан за час примерно. Ну докинуть туда перечисленные нюансы можно.
ВБ
Но ок, я понял.
AV
SELECT current_date as current_date, DM."Object Type", DM."Is _users.id/groups.id", DM."Friendly Name", DM."Is User/Group", DM."Site", DM."site_id", DM."Base Authorization",
DM."Object Name", DM."Project", DM."Workbook", DM."View", DM.capability_id, DM."Capability", RC.user_name, RC."Is SysAdmin", RC."Is SiteAdmin"
FROM (
SELECT X.*, C.display_name AS "Capability"
FROM (
SELECT N.authorizable_type AS "Object Type", N.grantee_id AS "Is _users.id/groups.id", N.grantee_type AS "Is User/Group", N.capability_id, S.name AS "Site", S.id AS "site_id",
CASE
WHEN N.permission = 1 THEN 'Grant'
WHEN N.permission = 2 THEN 'Deny'
WHEN N.permission = 3 THEN 'Grant'
WHEN N.permission = 4 THEN 'Deny'
ELSE NULL
END AS "Base Authorization",
U.friendly_name AS "Friendly Name", P.name as "Object Name", P.name as "Project", NULL as "Workbook", NULL as "View" FROM next_gen_permissions N
LEFT JOIN _users U ON N.grantee_id = U.id
LEFT JOIN sites S ON U.site_id = S.id
LEFT JOIN projects P ON N.authorizable_id = P.id WHERE N.grantee_type = 'User' AND N.authorizable_type = 'Project' AND P.name is not NULL
UNION
SELECT N.authorizable_type AS "Object Type", N.grantee_id AS "Is _users.id/groups.id", N.grantee_type AS "Is User/Group", N.capability_id, S.name AS "Site", S.id AS "site_id",
CASE
WHEN N.permission = 1 THEN 'Grant'
WHEN N.permission = 2 THEN 'Deny'
WHEN N.permission = 3 THEN 'Grant'
WHEN N.permission = 4 THEN 'Deny'
ELSE NULL
END AS "Base Authorization",
G.name as "Friendly Name", P.name as "Object Name", P.name as "Project", NULL as "Workbook", NULL as "View"
FROM next_gen_permissions N
LEFT JOIN groups G ON N.grantee_id = G.id
LEFT JOIN sites S ON G.site_id = S.id
LEFT JOIN projects P ON N.authorizable_id = P.id WHERE N.grantee_type = 'Group' AND N.authorizable_type = 'Project' AND P.name is not NULL
UNION
SELECT N.authorizable_type AS "Object Type", N.grantee_id AS "Is _users.id/groups.id", N.grantee_type AS "Is User/Group", N.capability_id, S.name AS "Site", S.id AS "site_id",
CASE
WHEN N.permission = 1 THEN 'Grant'
WHEN N.permission = 2 THEN 'Deny'
WHEN N.permission = 3 THEN 'Grant'
WHEN N.permission = 4 THEN 'Deny'
ELSE NULL
END AS "Base Authorization",
G.name as "Friendly Name", W.name as "Object Name", P.name as "Project", W.name as "Workbook", NULL as "View"
FROM next_gen_permissions N
LEFT JOIN groups G ON N.grantee_id = G.id
LEFT JOIN sites S ON G.site_id = S.id
LEFT JOIN workbooks W ON N.authorizable_id = W.id
LEFT JOIN projects P ON W.project_id = P.id WHERE N.grantee_type = 'Group' AND N.authorizable_type = 'Workbook' AND P.name is not NULL
UNION
SELECT N.authorizable_type AS "Object Type", N.grantee_id AS "Is _users.id/groups.id", N.grantee_type AS "Is User/Group", N.capability_id, S.name AS "Site", S.id AS "site_id",
CASE
WHEN N.permission = 1 THEN 'Grant'
WHEN N.permission = 2 THEN 'Deny'
WHEN N.permission = 3 THEN 'Grant'
WHEN N.permission = 4 THEN 'Deny'
ELSE NULL
END AS "Base Authorization",
U.friendly_name as "Friendly Name", W.name as "Object Name", P.name as "Project", W.name as "Workbook", NULL as "View"
FROM next_gen_permissions N
LEFT JOIN _users U ON N.grantee_id = U.id
LEFT JOIN sites S ON U.site_id = S.id
LEFT JOIN workbooks W ON N.authorizable_id = W.id
DM."Object Name", DM."Project", DM."Workbook", DM."View", DM.capability_id, DM."Capability", RC.user_name, RC."Is SysAdmin", RC."Is SiteAdmin"
FROM (
SELECT X.*, C.display_name AS "Capability"
FROM (
SELECT N.authorizable_type AS "Object Type", N.grantee_id AS "Is _users.id/groups.id", N.grantee_type AS "Is User/Group", N.capability_id, S.name AS "Site", S.id AS "site_id",
CASE
WHEN N.permission = 1 THEN 'Grant'
WHEN N.permission = 2 THEN 'Deny'
WHEN N.permission = 3 THEN 'Grant'
WHEN N.permission = 4 THEN 'Deny'
ELSE NULL
END AS "Base Authorization",
U.friendly_name AS "Friendly Name", P.name as "Object Name", P.name as "Project", NULL as "Workbook", NULL as "View" FROM next_gen_permissions N
LEFT JOIN _users U ON N.grantee_id = U.id
LEFT JOIN sites S ON U.site_id = S.id
LEFT JOIN projects P ON N.authorizable_id = P.id WHERE N.grantee_type = 'User' AND N.authorizable_type = 'Project' AND P.name is not NULL
UNION
SELECT N.authorizable_type AS "Object Type", N.grantee_id AS "Is _users.id/groups.id", N.grantee_type AS "Is User/Group", N.capability_id, S.name AS "Site", S.id AS "site_id",
CASE
WHEN N.permission = 1 THEN 'Grant'
WHEN N.permission = 2 THEN 'Deny'
WHEN N.permission = 3 THEN 'Grant'
WHEN N.permission = 4 THEN 'Deny'
ELSE NULL
END AS "Base Authorization",
G.name as "Friendly Name", P.name as "Object Name", P.name as "Project", NULL as "Workbook", NULL as "View"
FROM next_gen_permissions N
LEFT JOIN groups G ON N.grantee_id = G.id
LEFT JOIN sites S ON G.site_id = S.id
LEFT JOIN projects P ON N.authorizable_id = P.id WHERE N.grantee_type = 'Group' AND N.authorizable_type = 'Project' AND P.name is not NULL
UNION
SELECT N.authorizable_type AS "Object Type", N.grantee_id AS "Is _users.id/groups.id", N.grantee_type AS "Is User/Group", N.capability_id, S.name AS "Site", S.id AS "site_id",
CASE
WHEN N.permission = 1 THEN 'Grant'
WHEN N.permission = 2 THEN 'Deny'
WHEN N.permission = 3 THEN 'Grant'
WHEN N.permission = 4 THEN 'Deny'
ELSE NULL
END AS "Base Authorization",
G.name as "Friendly Name", W.name as "Object Name", P.name as "Project", W.name as "Workbook", NULL as "View"
FROM next_gen_permissions N
LEFT JOIN groups G ON N.grantee_id = G.id
LEFT JOIN sites S ON G.site_id = S.id
LEFT JOIN workbooks W ON N.authorizable_id = W.id
LEFT JOIN projects P ON W.project_id = P.id WHERE N.grantee_type = 'Group' AND N.authorizable_type = 'Workbook' AND P.name is not NULL
UNION
SELECT N.authorizable_type AS "Object Type", N.grantee_id AS "Is _users.id/groups.id", N.grantee_type AS "Is User/Group", N.capability_id, S.name AS "Site", S.id AS "site_id",
CASE
WHEN N.permission = 1 THEN 'Grant'
WHEN N.permission = 2 THEN 'Deny'
WHEN N.permission = 3 THEN 'Grant'
WHEN N.permission = 4 THEN 'Deny'
ELSE NULL
END AS "Base Authorization",
U.friendly_name as "Friendly Name", W.name as "Object Name", P.name as "Project", W.name as "Workbook", NULL as "View"
FROM next_gen_permissions N
LEFT JOIN _users U ON N.grantee_id = U.id
LEFT JOIN sites S ON U.site_id = S.id
LEFT JOIN workbooks W ON N.authorizable_id = W.id