mirror of https://github.com/veops/cmdb.git
fix: common perms (#200)
This commit is contained in:
simontigers
GitHub
parent
0cd5c0277b
commit
30477f736e
|
|
@ -165,31 +165,48 @@ class InitDepartment(object):
|
||||||
acl = self.check_app('backend')
|
acl = self.check_app('backend')
|
||||||
resources_types = acl.get_all_resources_types()
|
resources_types = acl.get_all_resources_types()
|
||||||
|
|
||||||
|
perms = ['read', 'grant', 'delete', 'update']
|
||||||
|
|
||||||
|
acl_rid = self.get_admin_user_rid()
|
||||||
|
|
||||||
results = list(filter(lambda t: t['name'] == '操作权限', resources_types['groups']))
|
results = list(filter(lambda t: t['name'] == '操作权限', resources_types['groups']))
|
||||||
if len(results) == 0:
|
if len(results) == 0:
|
||||||
payload = dict(
|
payload = dict(
|
||||||
app_id=acl.app_name,
|
app_id=acl.app_name,
|
||||||
name='操作权限',
|
name='操作权限',
|
||||||
description='',
|
description='',
|
||||||
perms=['read', 'grant', 'delete', 'update']
|
perms=perms
|
||||||
)
|
)
|
||||||
resource_type = acl.create_resources_type(payload)
|
resource_type = acl.create_resources_type(payload)
|
||||||
else:
|
else:
|
||||||
resource_type = results[0]
|
resource_type = results[0]
|
||||||
|
resource_type_id = resource_type['id']
|
||||||
|
existed_perms = resources_types.get('id2perms', {}).get(resource_type_id, [])
|
||||||
|
existed_perms = [p['name'] for p in existed_perms]
|
||||||
|
new_perms = []
|
||||||
|
for perm in perms:
|
||||||
|
if perm not in existed_perms:
|
||||||
|
new_perms.append(perm)
|
||||||
|
if len(new_perms) > 0:
|
||||||
|
resource_type['perms'] = existed_perms + new_perms
|
||||||
|
acl.update_resources_type(resource_type_id, resource_type)
|
||||||
|
|
||||||
|
resource_list = acl.get_resource_by_type(None, None, resource_type['id'])
|
||||||
|
|
||||||
for name in ['公司信息', '公司架构', '通知设置']:
|
for name in ['公司信息', '公司架构', '通知设置']:
|
||||||
|
target = list(filter(lambda r: r['name'] == name, resource_list))
|
||||||
|
if len(target) == 0:
|
||||||
payload = dict(
|
payload = dict(
|
||||||
type_id=resource_type['id'],
|
type_id=resource_type['id'],
|
||||||
app_id=acl.app_name,
|
app_id=acl.app_name,
|
||||||
name=name,
|
name=name,
|
||||||
)
|
)
|
||||||
try:
|
resource = acl.create_resource(payload)
|
||||||
acl.create_resource(payload)
|
|
||||||
except Exception as e:
|
|
||||||
if '已经存在' in str(e):
|
|
||||||
pass
|
|
||||||
else:
|
else:
|
||||||
raise Exception(e)
|
resource = target[0]
|
||||||
|
|
||||||
|
if acl_rid > 0:
|
||||||
|
acl.grant_resource(acl_rid, resource['id'], perms)
|
||||||
|
|
||||||
def check_app(self, app_name):
|
def check_app(self, app_name):
|
||||||
acl = ACLManager(app_name)
|
acl = ACLManager(app_name)
|
||||||
|
|
@ -210,6 +227,10 @@ class InitDepartment(object):
|
||||||
return acl
|
return acl
|
||||||
raise Exception(e)
|
raise Exception(e)
|
||||||
|
|
||||||
|
def get_admin_user_rid(self):
|
||||||
|
admin = Employee.get_by(first=True, username='admin', to_dict=False)
|
||||||
|
return admin.acl_rid if admin else 0
|
||||||
|
|
||||||
|
|
||||||
@click.command()
|
@click.command()
|
||||||
@with_appcontext
|
@with_appcontext
|
||||||
|
|
|
||||||
|
|
@ -7,6 +7,7 @@ from api.lib.perm.acl.cache import RoleCache, AppCache
|
||||||
from api.lib.perm.acl.role import RoleCRUD, RoleRelationCRUD
|
from api.lib.perm.acl.role import RoleCRUD, RoleRelationCRUD
|
||||||
from api.lib.perm.acl.user import UserCRUD
|
from api.lib.perm.acl.user import UserCRUD
|
||||||
from api.lib.perm.acl.resource import ResourceTypeCRUD, ResourceCRUD
|
from api.lib.perm.acl.resource import ResourceTypeCRUD, ResourceCRUD
|
||||||
|
from api.lib.perm.acl.permission import PermissionCRUD
|
||||||
|
|
||||||
|
|
||||||
class ACLManager(object):
|
class ACLManager(object):
|
||||||
|
|
@ -109,8 +110,26 @@ class ACLManager(object):
|
||||||
id2perms=id2perms
|
id2perms=id2perms
|
||||||
)
|
)
|
||||||
|
|
||||||
|
def create_resources_type(self, payload):
|
||||||
|
payload['app_id'] = self.validate_app().id
|
||||||
|
rt = ResourceTypeCRUD.add(**payload)
|
||||||
|
|
||||||
|
return rt.to_dict()
|
||||||
|
|
||||||
|
def update_resources_type(self, _id, payload):
|
||||||
|
rt = ResourceTypeCRUD.update(_id, **payload)
|
||||||
|
|
||||||
|
return rt.to_dict()
|
||||||
|
|
||||||
def create_resource(self, payload):
|
def create_resource(self, payload):
|
||||||
payload['app_id'] = self.validate_app().id
|
payload['app_id'] = self.validate_app().id
|
||||||
resource = ResourceCRUD.add(**payload)
|
resource = ResourceCRUD.add(**payload)
|
||||||
|
|
||||||
return resource.to_dict()
|
return resource.to_dict()
|
||||||
|
|
||||||
|
def get_resource_by_type(self, q, u, rt_id, page=1, page_size=999999):
|
||||||
|
numfound, res = ResourceCRUD.search(q, u, self.validate_app().id, rt_id, page, page_size)
|
||||||
|
return res
|
||||||
|
|
||||||
|
def grant_resource(self, rid, resource_id, perms):
|
||||||
|
PermissionCRUD.grant(rid, perms, resource_id=resource_id, group_id=None)
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue