[update] delete roles, users, attributes

2025-08-07 22:17:37 +08:00 · 2023-08-15 19:47:59 +08:00
parent ff061d4d2e
commit 1de8b492ea
10 changed files with 41 additions and 20 deletions
--- a/cmdb-api/api/lib/perm/acl/resp_format.py
+++ b/cmdb-api/api/lib/perm/acl/resp_format.py
@@ -17,6 +17,7 @@ class ErrFormat(CommonErrFormat):
    role_exists = "角色 {} 已经存在!"
    global_role_not_found = "全局角色 {} 不存在!"
    global_role_exists = "全局角色 {} 已经存在!"
+    user_role_delete_invalid = "删除用户角色, 请在 用户管理 页面操作!"

    resource_no_permission = "您没有资源: {} 的 {} 权限"
    admin_required = "需要管理员权限"
--- a/cmdb-api/api/lib/perm/acl/role.py
+++ b/cmdb-api/api/lib/perm/acl/role.py
@@ -285,11 +285,13 @@ class RoleCRUD(object):
        return role

    @classmethod
-    def delete_role(cls, rid):
+    def delete_role(cls, rid, force=False):
        from api.lib.perm.acl.acl import is_admin

        role = Role.get_by_id(rid) or abort(404, ErrFormat.role_not_found.format("rid={}".format(rid)))

+        not force and role.uid and abort(400, ErrFormat.user_role_delete_invalid)
+
        if not role.app_id and not is_admin():
            return abort(403, ErrFormat.admin_required)

@@ -301,18 +303,20 @@ class RoleCRUD(object):

        for i in RoleRelation.get_by(parent_id=rid, to_dict=False):
            child_ids.append(i.child_id)
-            i.soft_delete()
+            i.soft_delete(commit=False)

        for i in RoleRelation.get_by(child_id=rid, to_dict=False):
            parent_ids.append(i.parent_id)
-            i.soft_delete()
+            i.soft_delete(commit=False)

        role_permissions = []
        for i in RolePermission.get_by(rid=rid, to_dict=False):
            role_permissions.append(i.to_dict())
-            i.soft_delete()
+            i.soft_delete(commit=False)

-        role.soft_delete()
+        role.soft_delete(commit=False)
+
+        db.session.commit()

        role_rebuild.apply_async(args=(recursive_child_ids, role.app_id), queue=ACL_QUEUE)

--- a/cmdb-api/api/lib/perm/acl/user.py
+++ b/cmdb-api/api/lib/perm/acl/user.py
@@ -107,6 +107,10 @@ class UserCRUD(object):

        UserCache.clean(user)

+        role = RoleCRUD.get_by_name(user.username, app_id=None)
+        if role:
+            RoleCRUD.delete_role(role[0]['id'], force=True)
+
        AuditCRUD.add_role_log(None, AuditOperateType.delete,
                               AuditScope.user, user.uid, origin, {}, {}, {})