mirror of
https://github.com/veops/cmdb.git
synced 2025-08-07 12:40:13 +08:00
update acl
This commit is contained in:
pycook
@@ -6,7 +6,6 @@ from flask import Blueprint
|
||||
from flask_restful import Api
|
||||
|
||||
from api.resource import register_resources
|
||||
from .permission import GetResourcesView, HasPermissionView, GetUserInfoView
|
||||
from .account import LoginView, LogoutView
|
||||
|
||||
HERE = os.path.abspath(os.path.dirname(__file__))
|
||||
@@ -17,13 +16,6 @@ account_rest = Api(blueprint_account)
|
||||
account_rest.add_resource(LoginView, LoginView.url_prefix)
|
||||
account_rest.add_resource(LogoutView, LogoutView.url_prefix)
|
||||
|
||||
# permission
|
||||
blueprint_perm_v01 = Blueprint('permission_api', __name__, url_prefix='/api/v1/perms')
|
||||
perm_rest = Api(blueprint_perm_v01)
|
||||
perm_rest.add_resource(GetResourcesView, GetResourcesView.url_prefix)
|
||||
perm_rest.add_resource(HasPermissionView, HasPermissionView.url_prefix)
|
||||
perm_rest.add_resource(GetUserInfoView, GetUserInfoView.url_prefix)
|
||||
|
||||
|
||||
# cmdb
|
||||
blueprint_cmdb_v01 = Blueprint('cmdb_api_v01', __name__, url_prefix='/api/v0.1')
|
||||
|
||||
@@ -10,7 +10,7 @@ from flask_login import login_user, logout_user
|
||||
|
||||
from api.lib.decorator import args_required
|
||||
from api.lib.perm.auth import auth_abandoned
|
||||
from api.models.account import User
|
||||
from api.models.acl import User
|
||||
from api.resource import APIView
|
||||
|
||||
|
||||
@@ -24,6 +24,8 @@ class LoginView(APIView):
|
||||
username = request.values.get("username") or request.values.get("email")
|
||||
password = request.values.get("password")
|
||||
user, authenticated = User.query.authenticate(username, password)
|
||||
if not user:
|
||||
return abort(403, "User <{0}> does not exist".format(username))
|
||||
if not authenticated:
|
||||
return abort(403, "invalid username or password")
|
||||
|
||||
|
||||
60
api/views/acl/user.py
Normal file
60
api/views/acl/user.py
Normal file
@@ -0,0 +1,60 @@
|
||||
# -*- coding:utf-8 -*-
|
||||
|
||||
|
||||
from flask import request
|
||||
from flask import session
|
||||
from flask_login import current_user
|
||||
|
||||
from api.lib.decorator import args_required
|
||||
from api.lib.perm.acl.user import UserCRUD
|
||||
from api.lib.perm.acl.role import RoleRelationCRUD
|
||||
from api.lib.utils import get_page
|
||||
from api.lib.utils import get_page_size
|
||||
from api.resource import APIView
|
||||
|
||||
|
||||
class GetUserInfoView(APIView):
|
||||
url_prefix = "/users/info"
|
||||
|
||||
def get(self):
|
||||
name = session.get("acl", {}).get("nickName") or session.get("CAS_USERNAME") or current_user.nickname
|
||||
role = dict(permissions=session.get("acl", {}).get("parentRoles", []) or ["admin"])
|
||||
avatar = session.get("acl", {}).get("avatar") or current_user.avatar
|
||||
return self.jsonify(result=dict(name=name,
|
||||
role=role,
|
||||
avatar=avatar))
|
||||
|
||||
|
||||
class UserView(APIView):
|
||||
url_prefix = ("/users", "/users/<int:uid>")
|
||||
|
||||
def get(self):
|
||||
page = get_page(request.values.get('page', 1))
|
||||
page_size = get_page_size(request.values.get('page_size'))
|
||||
q = request.values.get("q")
|
||||
numfound, users = UserCRUD.search(q, page, page_size)
|
||||
|
||||
id2parents = RoleRelationCRUD.get_parents(uids=[i.uid for i in users])
|
||||
|
||||
return self.jsonify(numfound=numfound,
|
||||
page=page,
|
||||
page_size=page_size,
|
||||
id2parents=id2parents,
|
||||
users=[i.to_dict() for i in users])
|
||||
|
||||
@args_required('username')
|
||||
@args_required('email')
|
||||
def post(self):
|
||||
user = UserCRUD.add(**request.values)
|
||||
|
||||
return self.jsonify(user.to_dict())
|
||||
|
||||
def put(self, uid):
|
||||
user = UserCRUD.update(uid, **request.values)
|
||||
|
||||
return self.jsonify(user.to_dict())
|
||||
|
||||
def delete(self, uid):
|
||||
UserCRUD.delete(uid)
|
||||
|
||||
return self.jsonify(uid=uid)
|
||||
@@ -1,49 +0,0 @@
|
||||
# -*- coding:utf-8 -*-
|
||||
|
||||
from flask import request
|
||||
from flask import session
|
||||
from flask_login import current_user
|
||||
|
||||
from api.lib.decorator import args_required
|
||||
from api.lib.perm.acl.acl import ACLManager
|
||||
from api.lib.perm.acl.acl import validate_permission
|
||||
from api.resource import APIView
|
||||
|
||||
|
||||
class HasPermissionView(APIView):
|
||||
url_prefix = "/validate"
|
||||
|
||||
@args_required("resource")
|
||||
@args_required("resource_type")
|
||||
@args_required("perm")
|
||||
def get(self):
|
||||
resource = request.values.get("resource")
|
||||
resource_type = request.values.get("resource_type")
|
||||
perm = request.values.get("perm")
|
||||
validate_permission(resource, resource_type, perm)
|
||||
return self.jsonify(is_valid=True)
|
||||
|
||||
def post(self):
|
||||
self.get()
|
||||
|
||||
|
||||
class GetResourcesView(APIView):
|
||||
url_prefix = "/resources"
|
||||
|
||||
@args_required("resource_type")
|
||||
def get(self):
|
||||
resource_type = request.values.get("resource_type")
|
||||
res = ACLManager().get_resources(resource_type)
|
||||
return self.jsonify(res)
|
||||
|
||||
|
||||
class GetUserInfoView(APIView):
|
||||
url_prefix = "/user/info"
|
||||
|
||||
def get(self):
|
||||
name = session.get("acl", {}).get("nickName") or session.get("CAS_USERNAME") or current_user.nickname
|
||||
role = dict(permissions=session.get("acl", {}).get("parentRoles", []) or ["admin"])
|
||||
avatar = session.get("acl", {}).get("avatar") or current_user.avatar
|
||||
return self.jsonify(result=dict(name=name,
|
||||
role=role,
|
||||
avatar=avatar))
|
||||
Reference in New Issue
Block a user