Dev api 0308 (#424)

* feat(api): grant by node in relation view * fix(api): When removing attributes, remove the unique constraint * feat(api): grant by service tree
2025-08-07 20:48:31 +08:00 · 2024-03-18 19:57:25 +08:00
parent 7ff309b8b8
commit 482d34993b
11 changed files with 457 additions and 97 deletions
--- a/cmdb-api/api/views/cmdb/ci.py
+++ b/cmdb-api/api/views/cmdb/ci.py
@@ -11,8 +11,7 @@ from api.lib.cmdb.cache import CITypeCache
 from api.lib.cmdb.ci import CIManager
 from api.lib.cmdb.ci import CIRelationManager
 from api.lib.cmdb.const import ExistPolicy
-from api.lib.cmdb.const import PermEnum
-from api.lib.cmdb.const import ResourceTypeEnum
+from api.lib.cmdb.const import ResourceTypeEnum, PermEnum
 from api.lib.cmdb.const import RetKey
 from api.lib.cmdb.perms import has_perm_for_ci
 from api.lib.cmdb.search import SearchError
@@ -152,9 +151,10 @@ class CISearchView(APIView):
            ret_key = RetKey.NAME
        facet = handle_arg_list(request.values.get("facet", ""))
        sort = request.values.get("sort")
+        use_id_filter = request.values.get("use_id_filter", False) in current_app.config.get('BOOL_TRUE')

        start = time.time()
-        s = search(query, fl, facet, page, ret_key, count, sort, excludes)
+        s = search(query, fl, facet, page, ret_key, count, sort, excludes, use_id_filter=use_id_filter)
        try:
            response, counter, total, page, numfound, facet = s.search()
        except SearchError as e:
--- a/cmdb-api/api/views/cmdb/ci_relation.py
+++ b/cmdb-api/api/views/cmdb/ci_relation.py
@@ -13,7 +13,6 @@ from api.lib.cmdb.resp_format import ErrFormat
 from api.lib.cmdb.search import SearchError
 from api.lib.cmdb.search.ci_relation.search import Search
 from api.lib.decorator import args_required
-from api.lib.perm.auth import auth_abandoned
 from api.lib.utils import get_page
 from api.lib.utils import get_page_size
 from api.lib.utils import handle_arg_list
@@ -36,6 +35,8 @@ class CIRelationSearchView(APIView):

        root_id = request.values.get('root_id')
        ancestor_ids = request.values.get('ancestor_ids') or None  # only for many to many
+        root_parent_path = handle_arg_list(request.values.get('root_parent_path') or '')
+        descendant_ids = list(map(int, handle_arg_list(request.values.get('descendant_ids', []))))
        level = list(map(int, handle_arg_list(request.values.get('level', '1'))))

        query = request.values.get('q', "")
@@ -47,7 +48,8 @@ class CIRelationSearchView(APIView):

        start = time.time()
        s = Search(root_id, level, query, fl, facet, page, count, sort, reverse,
-                   ancestor_ids=ancestor_ids, has_m2m=has_m2m)
+                   ancestor_ids=ancestor_ids, has_m2m=has_m2m, root_parent_path=root_parent_path,
+                   descendant_ids=descendant_ids)
        try:
            response, counter, total, page, numfound, facet = s.search()
        except SearchError as e:
@@ -65,16 +67,16 @@ class CIRelationSearchView(APIView):
 class CIRelationStatisticsView(APIView):
    url_prefix = "/ci_relations/statistics"

-    @auth_abandoned
    def get(self):
        root_ids = list(map(int, handle_arg_list(request.values.get('root_ids'))))
        level = request.values.get('level', 1)
        type_ids = set(map(int, handle_arg_list(request.values.get('type_ids', []))))
        ancestor_ids = request.values.get('ancestor_ids') or None  # only for many to many
+        descendant_ids = list(map(int, handle_arg_list(request.values.get('descendant_ids', []))))
        has_m2m = request.values.get("has_m2m") in current_app.config.get('BOOL_TRUE')

        start = time.time()
-        s = Search(root_ids, level, ancestor_ids=ancestor_ids, has_m2m=has_m2m)
+        s = Search(root_ids, level, ancestor_ids=ancestor_ids, descendant_ids=descendant_ids, has_m2m=has_m2m)
        try:
            result = s.statistics(type_ids)
        except SearchError as e:
--- a/cmdb-api/api/views/cmdb/ci_type.py
+++ b/cmdb-api/api/views/cmdb/ci_type.py
@@ -38,9 +38,13 @@ from api.resource import APIView


 class CITypeView(APIView):
-    url_prefix = ("/ci_types", "/ci_types/<int:type_id>", "/ci_types/<string:type_name>")
+    url_prefix = ("/ci_types", "/ci_types/<int:type_id>", "/ci_types/<string:type_name>",
+                  "/ci_types/icons")

    def get(self, type_id=None, type_name=None):
+        if request.url.endswith("icons"):
+            return self.jsonify(CITypeManager().get_icons())
+
        q = request.args.get("type_name")

        if type_id is not None:
@@ -490,13 +494,14 @@ class CITypeGrantView(APIView):
        if not acl.has_permission(type_name, ResourceTypeEnum.CI_TYPE, PermEnum.GRANT) and not is_app_admin('cmdb'):
            return abort(403, ErrFormat.no_permission.format(type_name, PermEnum.GRANT))

-        acl.grant_resource_to_role_by_rid(type_name, rid, ResourceTypeEnum.CI_TYPE, perms, rebuild=False)
+        if perms and not request.values.get('id_filter'):
+            acl.grant_resource_to_role_by_rid(type_name, rid, ResourceTypeEnum.CI_TYPE, perms, rebuild=False)

-        resource = None
-        if 'ci_filter' in request.values or 'attr_filter' in request.values:
-            resource = CIFilterPermsCRUD().add(type_id=type_id, rid=rid, **request.values)
+        new_resource = None
+        if 'ci_filter' in request.values or 'attr_filter' in request.values or 'id_filter' in request.values:
+            new_resource = CIFilterPermsCRUD().add(type_id=type_id, rid=rid, **request.values)

-        if not resource:
+        if not new_resource:
            from api.tasks.acl import role_rebuild
            from api.lib.perm.acl.const import ACL_QUEUE

@@ -522,10 +527,18 @@ class CITypeRevokeView(APIView):
        if not acl.has_permission(type_name, ResourceTypeEnum.CI_TYPE, PermEnum.GRANT) and not is_app_admin('cmdb'):
            return abort(403, ErrFormat.no_permission.format(type_name, PermEnum.GRANT))

-        acl.revoke_resource_from_role_by_rid(type_name, rid, ResourceTypeEnum.CI_TYPE, perms, rebuild=False)
-
        app_id = AppCache.get('cmdb').id
        resource = None
+
+        if request.values.get('id_filter'):
+            CIFilterPermsCRUD().delete2(
+                type_id=type_id, rid=rid, id_filter=request.values['id_filter'],
+                parent_path=request.values.get('parent_path'))
+
+            return self.jsonify(type_id=type_id, rid=rid)
+
+        acl.revoke_resource_from_role_by_rid(type_name, rid, ResourceTypeEnum.CI_TYPE, perms, rebuild=False)
+
        if PermEnum.READ in perms or not perms:
            resource = CIFilterPermsCRUD().delete(type_id=type_id, rid=rid)