Fix: permission management

2020-03-13 10:30:21 +08:00 · 2020-03-13 10:30:21 +08:00 · 2cce2d5cf2
parent e720b7af66
commit 2cce2d5cf2
4 changed files with 21 additions and 4 deletions
--- a/README.md
+++ b/README.md
@ -55,7 +55,7 @@ There are various ways of installing CMDB.
 - cache: redis
 - python: python2.7, >=python3.6

-### install
+### Install
 - Start mysql, redis
 - Create mysql database: cmdb
 - Pull code
@ -102,6 +102,14 @@ There are various ways of installing CMDB.
    - start UI: ```make ui```
    - start worker: ```make worker```
    
+## Contributing
+
+1. Fork it
+1. Create your feature branch (`git checkout -b my-feature`)
+1. Commit your changes (`git commit -am 'Add some feature'`)
+1. Push to the branch (`git push origin my-feature`)
+1. Create new Pull Request
+

 ## DEMO
 ##### resource view
--- a/cmdb-api/api/lib/perm/acl/resource.py
+++ b/cmdb-api/api/lib/perm/acl/resource.py
@ -68,6 +68,9 @@ class ResourceTypeCRUD(object):
    def delete(cls, rt_id):
        rt = ResourceType.get_by_id(rt_id) or abort(404, "ResourceType <{0}> is not found".format(rt_id))

+        if Resource.get_by(resource_type_id=rt_id):
+            return abort(400, "At least one instance of this type exists and cannot be deleted")
+
        cls.update_perms(rt_id, [], rt.app_id)

        rt.soft_delete()
--- a/cmdb-api/api/lib/perm/acl/role.py
+++ b/cmdb-api/api/lib/perm/acl/role.py
@ -47,7 +47,7 @@ class RoleRelationCRUD(object):
    def get_child_ids(rid):
        res = RoleRelation.get_by(parent_id=rid, to_dict=False)

-        return [i.parent_id for i in res]
+        return [i.child_id for i in res]

    @classmethod
    def recursive_parent_ids(cls, rid):
@ -77,10 +77,13 @@ class RoleRelationCRUD(object):

        return all_child_ids

-    @staticmethod
-    def add(parent_id, child_id):
+    @classmethod
+    def add(cls, parent_id, child_id):
        RoleRelation.get_by(parent_id=parent_id, child_id=child_id) and abort(400, "It's already existed")

+        if parent_id in cls.recursive_child_ids(child_id):
+            return abort(400, "Circulation inheritance!!!")
+
        RoleRelationCache.clean(parent_id)
        RoleRelationCache.clean(child_id)

--- a/cmdb-api/api/lib/perm/acl/user.py
+++ b/cmdb-api/api/lib/perm/acl/user.py
@ -75,6 +75,9 @@ class UserCRUD(object):

    @classmethod
    def delete(cls, uid):
+        if uid == g.user.uid:
+            return abort(400, "You cannot delete yourself")
+
        user = User.get_by(uid=uid, to_dict=False, first=True) or abort(404, "User <{0}> does not exist".format(uid))

        UserCache.clean(user)