diff --git a/cmdb-api/api/commands/click_cmdb.py b/cmdb-api/api/commands/click_cmdb.py index 8bf2f51..a3049b4 100644 --- a/cmdb-api/api/commands/click_cmdb.py +++ b/cmdb-api/api/commands/click_cmdb.py @@ -22,6 +22,8 @@ from api.lib.perm.acl.cache import AppCache from api.lib.perm.acl.resource import ResourceCRUD from api.lib.perm.acl.resource import ResourceTypeCRUD from api.lib.perm.acl.role import RoleCRUD +from api.lib.perm.acl.user import UserCRUD +from api.models.acl import App from api.models.acl import ResourceType from api.models.cmdb import CI from api.models.cmdb import CIRelation @@ -91,7 +93,9 @@ def init_cache(): @click.command() @with_appcontext def init_acl(): - app_id = AppCache.get('cmdb').id + _app = AppCache.get('cmdb') or App.create(name='cmdb') + app_id = _app.id + # 1. add resource type for resource_type in ResourceTypeEnum.all(): try: @@ -135,3 +139,59 @@ def init_acl(): RoleEnum.CMDB_READ_ALL, ResourceTypeEnum.RELATION_VIEW, [PermEnum.READ]) + + +@click.command() +@click.option( + '-u', + '--user', + help='username' +) +@click.option( + '-p', + '--password', + help='password' +) +@click.option( + '-m', + '--mail', + help='mail' +) +@click.option( + '--is_admin', + is_flag=True +) +@with_appcontext +def add_user(user, password, mail, is_admin): + """ + create a user + + is_admin: default is False + + Example: flask add-user -u -p -m [--is_admin] + """ + assert user is not None + assert password is not None + assert mail is not None + print((user, password, is_admin)) + UserCRUD.add(username=user, password=password, email=mail, is_admin=is_admin) + + +@click.command() +@click.option( + '-u', + '--user', + help='username' +) +@with_appcontext +def del_user(user): + """ + delete a user + + Example: flask del-user -u + """ + assert user is not None + from api.models.acl import User + + u = User.get_by(username=user, first=True, to_dict=False) + u and UserCRUD.delete(u.uid) diff --git a/cmdb-api/api/lib/perm/acl/user.py b/cmdb-api/api/lib/perm/acl/user.py index 778a852..47ad6b1 100644 --- a/cmdb-api/api/lib/perm/acl/user.py +++ b/cmdb-api/api/lib/perm/acl/user.py @@ -38,13 +38,22 @@ class UserCRUD(object): existed = User.get_by(username=kwargs['username'], email=kwargs['email']) existed and abort(400, "User <{0}> is already existed".format(kwargs['username'])) + is_admin = kwargs.pop('is_admin', False) kwargs['nickname'] = kwargs.get('nickname') or kwargs['username'] kwargs['block'] = 0 kwargs['key'], kwargs['secret'] = cls._gen_key_secret() user = User.create(**kwargs) - RoleCRUD.add_role(user.username, uid=user.uid) + role = RoleCRUD.add_role(user.username, uid=user.uid) + + if is_admin: + from api.lib.perm.acl.cache import AppCache + from api.lib.perm.acl.role import RoleRelationCRUD + admin_r = Role.get_by(name='admin', first=True, to_dict=False) or \ + RoleCRUD.add_role('admin', AppCache.get('cmdb').id, True) + + RoleRelationCRUD.add(admin_r.id, role.id) return user @@ -75,11 +84,14 @@ class UserCRUD(object): @classmethod def delete(cls, uid): - if uid == g.user.uid: + if hasattr(g, 'user') and uid == g.user.uid: return abort(400, "You cannot delete yourself") user = User.get_by(uid=uid, to_dict=False, first=True) or abort(404, "User <{0}> does not exist".format(uid)) UserCache.clean(user) - user.soft_delete() + for i in Role.get_by(uid=uid, to_dict=False): + i.delete() + + user.delete() diff --git a/cmdb-api/migrations/README b/cmdb-api/migrations/README new file mode 100644 index 0000000..98e4f9c --- /dev/null +++ b/cmdb-api/migrations/README @@ -0,0 +1 @@ +Generic single-database configuration. \ No newline at end of file diff --git a/cmdb-api/migrations/alembic.ini b/cmdb-api/migrations/alembic.ini new file mode 100644 index 0000000..f8ed480 --- /dev/null +++ b/cmdb-api/migrations/alembic.ini @@ -0,0 +1,45 @@ +# A generic, single database configuration. + +[alembic] +# template used to generate migration files +# file_template = %%(rev)s_%%(slug)s + +# set to 'true' to run the environment during +# the 'revision' command, regardless of autogenerate +# revision_environment = false + + +# Logging configuration +[loggers] +keys = root,sqlalchemy,alembic + +[handlers] +keys = console + +[formatters] +keys = generic + +[logger_root] +level = WARN +handlers = console +qualname = + +[logger_sqlalchemy] +level = WARN +handlers = +qualname = sqlalchemy.engine + +[logger_alembic] +level = INFO +handlers = +qualname = alembic + +[handler_console] +class = StreamHandler +args = (sys.stderr,) +level = NOTSET +formatter = generic + +[formatter_generic] +format = %(levelname)-5.5s [%(name)s] %(message)s +datefmt = %H:%M:%S diff --git a/cmdb-api/migrations/env.py b/cmdb-api/migrations/env.py new file mode 100644 index 0000000..79b8174 --- /dev/null +++ b/cmdb-api/migrations/env.py @@ -0,0 +1,96 @@ +from __future__ import with_statement + +import logging +from logging.config import fileConfig + +from sqlalchemy import engine_from_config +from sqlalchemy import pool + +from alembic import context + +# this is the Alembic Config object, which provides +# access to the values within the .ini file in use. +config = context.config + +# Interpret the config file for Python logging. +# This line sets up loggers basically. +fileConfig(config.config_file_name) +logger = logging.getLogger('alembic.env') + +# add your model's MetaData object here +# for 'autogenerate' support +# from myapp import mymodel +# target_metadata = mymodel.Base.metadata +from flask import current_app +config.set_main_option( + 'sqlalchemy.url', current_app.config.get( + 'SQLALCHEMY_DATABASE_URI').replace('%', '%%')) +target_metadata = current_app.extensions['migrate'].db.metadata + +# other values from the config, defined by the needs of env.py, +# can be acquired: +# my_important_option = config.get_main_option("my_important_option") +# ... etc. + + +def run_migrations_offline(): + """Run migrations in 'offline' mode. + + This configures the context with just a URL + and not an Engine, though an Engine is acceptable + here as well. By skipping the Engine creation + we don't even need a DBAPI to be available. + + Calls to context.execute() here emit the given string to the + script output. + + """ + url = config.get_main_option("sqlalchemy.url") + context.configure( + url=url, target_metadata=target_metadata, literal_binds=True + ) + + with context.begin_transaction(): + context.run_migrations() + + +def run_migrations_online(): + """Run migrations in 'online' mode. + + In this scenario we need to create an Engine + and associate a connection with the context. + + """ + + # this callback is used to prevent an auto-migration from being generated + # when there are no changes to the schema + # reference: http://alembic.zzzcomputing.com/en/latest/cookbook.html + def process_revision_directives(context, revision, directives): + if getattr(config.cmd_opts, 'autogenerate', False): + script = directives[0] + if script.upgrade_ops.is_empty(): + directives[:] = [] + logger.info('No changes in schema detected.') + + connectable = engine_from_config( + config.get_section(config.config_ini_section), + prefix='sqlalchemy.', + poolclass=pool.NullPool, + ) + + with connectable.connect() as connection: + context.configure( + connection=connection, + target_metadata=target_metadata, + process_revision_directives=process_revision_directives, + **current_app.extensions['migrate'].configure_args + ) + + with context.begin_transaction(): + context.run_migrations() + + +if context.is_offline_mode(): + run_migrations_offline() +else: + run_migrations_online() diff --git a/cmdb-api/migrations/script.py.mako b/cmdb-api/migrations/script.py.mako new file mode 100644 index 0000000..2c01563 --- /dev/null +++ b/cmdb-api/migrations/script.py.mako @@ -0,0 +1,24 @@ +"""${message} + +Revision ID: ${up_revision} +Revises: ${down_revision | comma,n} +Create Date: ${create_date} + +""" +from alembic import op +import sqlalchemy as sa +${imports if imports else ""} + +# revision identifiers, used by Alembic. +revision = ${repr(up_revision)} +down_revision = ${repr(down_revision)} +branch_labels = ${repr(branch_labels)} +depends_on = ${repr(depends_on)} + + +def upgrade(): + ${upgrades if upgrades else "pass"} + + +def downgrade(): + ${downgrades if downgrades else "pass"}