7x31
/
cmdb
mirror of https://github.com/veops/cmdb.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

feat(api): acl supports channel

This commit is contained in:
pycook 2024-09-09 15:28:20 +08:00
parent 4e363176fe
commit 70bdd8f151
3 changed files with 27 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
cmdb-api/api/lib/perm/acl/audit.py
View File

@ -376,7 +376,7 @@ class AuditCRUD(object):
origin=origin, current=current, extra=extra, source=source.value) origin=origin, current=current, extra=extra, source=source.value)
@classmethod @classmethod
def add_login_log(cls, username, is_ok, description, _id=None, logout_at=None): def add_login_log(cls, username, is_ok, description, _id=None, logout_at=None, ip=None, browser=None):
if _id is not None: if _id is not None:
existed = AuditLoginLog.get_by_id(_id) existed = AuditLoginLog.get_by_id(_id)
if existed is not None: if existed is not None:
@ -387,8 +387,8 @@ class AuditCRUD(object):
is_ok=is_ok, is_ok=is_ok,
description=description, description=description,
logout_at=logout_at, logout_at=logout_at,
ip=request.headers.get('X-Real-IP') or request.remote_addr, ip=ip or request.headers.get('X-Real-IP') or request.remote_addr,
browser=request.headers.get('User-Agent'), browser=browser or request.headers.get('User-Agent'),
channel=request.values.get('channel', 'web'), channel=request.values.get('channel', 'web'),
) )

22
cmdb-api/api/views/acl/login.py
View File

@ -1,7 +1,6 @@
# -*- coding:utf-8 -*- # -*- coding:utf-8 -*-
import datetime import datetime
import jwt import jwt
import six import six
from flask import abort from flask import abort
@ -17,10 +16,12 @@ from api.lib.decorator import args_required
from api.lib.decorator import args_validate from api.lib.decorator import args_validate
from api.lib.perm.acl.acl import ACLManager from api.lib.perm.acl.acl import ACLManager
from api.lib.perm.acl.audit import AuditCRUD from api.lib.perm.acl.audit import AuditCRUD
from api.lib.perm.acl.cache import AppCache
from api.lib.perm.acl.cache import RoleCache from api.lib.perm.acl.cache import RoleCache
from api.lib.perm.acl.cache import User from api.lib.perm.acl.cache import User
from api.lib.perm.acl.cache import UserCache from api.lib.perm.acl.cache import UserCache
from api.lib.perm.acl.resp_format import ErrFormat from api.lib.perm.acl.resp_format import ErrFormat
from api.lib.perm.acl.role import RoleRelationCRUD
from api.lib.perm.auth import auth_abandoned from api.lib.perm.auth import auth_abandoned
from api.lib.perm.auth import auth_with_app_token from api.lib.perm.auth import auth_with_app_token
from api.models.acl import Role from api.models.acl import Role
@ -124,10 +125,17 @@ class AuthWithKeyView(APIView):
if not user.get('username'): if not user.get('username'):
user['username'] = user.get('name') user['username'] = user.get('name')
return self.jsonify(user=user, result = dict(user=user,
authenticated=authenticated, authenticated=authenticated,
rid=role and role.id, rid=role and role.id,
can_proxy=can_proxy) can_proxy=can_proxy)
if request.values.get('need_parentRoles') in current_app.config.get('BOOL_TRUE'):
app_id = AppCache.get(request.values.get('app_id'))
parent_ids = RoleRelationCRUD.recursive_parent_ids(role and role.id, app_id and app_id.id)
result['user']['parentRoles'] = [RoleCache.get(rid).name for rid in set(parent_ids) if RoleCache.get(rid)]
return self.jsonify(result)
class AuthWithTokenView(APIView): class AuthWithTokenView(APIView):
@ -184,6 +192,8 @@ class LogoutView(APIView):
def post(self): def post(self):
logout_user() logout_user()
AuditCRUD.add_login_log(None, None, None, _id=session.get('LOGIN_ID'), logout_at=datetime.datetime.now()) AuditCRUD.add_login_log(None, None, None,
_id=session.get('LOGIN_ID') or request.values.get('LOGIN_ID'),
logout_at=datetime.datetime.now())
self.jsonify(code=200) self.jsonify(code=200)

8
cmdb-api/api/views/acl/user.py
View File

@ -11,6 +11,7 @@ from flask_login import current_user
from api.lib.decorator import args_required from api.lib.decorator import args_required
from api.lib.decorator import args_validate from api.lib.decorator import args_validate
from api.lib.perm.acl.acl import ACLManager from api.lib.perm.acl.acl import ACLManager
from api.lib.perm.acl.acl import AuditCRUD
from api.lib.perm.acl.acl import role_required from api.lib.perm.acl.acl import role_required
from api.lib.perm.acl.cache import AppCache from api.lib.perm.acl.cache import AppCache
from api.lib.perm.acl.cache import UserCache from api.lib.perm.acl.cache import UserCache
@ -48,6 +49,13 @@ class GetUserInfoView(APIView):
role=dict(permissions=user_info.get('parents')), role=dict(permissions=user_info.get('parents')),
avatar=user_info.get('avatar')) avatar=user_info.get('avatar'))
if request.values.get('channel'):
_id = AuditCRUD.add_login_log(name, True, ErrFormat.login_succeed,
ip=request.values.get('ip'),
browser=request.values.get('browser'))
session['LOGIN_ID'] = _id
result['LOGIN_ID'] = _id
current_app.logger.info("get user info for3: {}".format(result)) current_app.logger.info("get user info for3: {}".format(result))
return self.jsonify(result=result) return self.jsonify(result=result)