feat: init resource for backend (#176)

2025-08-08 17:36:28 +08:00 · 2023-09-15 15:30:30 +08:00
parent 8c703fb6d9
commit 737b29f7d6
2 changed files with 73 additions and 2 deletions
--- a/cmdb-api/api/commands/click_common_setting.py
+++ b/cmdb-api/api/commands/click_common_setting.py
@@ -0,0 +1,232 @@
+import click
+from flask import current_app
+from flask.cli import with_appcontext
+from werkzeug.datastructures import MultiDict
+
+from api.lib.common_setting.acl import ACLManager
+from api.lib.common_setting.employee import EmployeeAddForm
+from api.lib.common_setting.resp_format import ErrFormat
+from api.models.common_setting import Employee, Department
+
+
+class InitEmployee(object):
+    """
+    初始化员工
+    """
+
+    def __init__(self):
+        self.log = current_app.logger
+
+    def import_user_from_acl(self):
+        """
+        Import users from ACL
+        """
+
+        InitDepartment().init()
+        acl = ACLManager('acl')
+        user_list = acl.get_all_users()
+
+        username_list = [e['username'] for e in Employee.get_by()]
+
+        for user in user_list:
+            acl_uid = user['uid']
+            block = 1 if user['block'] else 0
+            acl_rid = self.get_rid_by_uid(acl_uid)
+            if user['username'] in username_list:
+                existed = Employee.get_by(first=True, username=user['username'], to_dict=False)
+                if existed:
+                    existed.update(
+                        acl_uid=acl_uid,
+                        acl_rid=acl_rid,
+                        block=block,
+                    )
+                continue
+            try:
+                form = EmployeeAddForm(MultiDict(user))
+                if not form.validate():
+                    raise Exception(
+                        ','.join(['{}: {}'.format(filed, ','.join(msg)) for filed, msg in form.errors.items()]))
+                data = form.data
+                data['acl_uid'] = acl_uid
+                data['acl_rid'] = acl_rid
+                data['block'] = block
+                data.pop('password')
+                Employee.create(
+                    **data
+                )
+            except Exception as e:
+                self.log.error(ErrFormat.acl_import_user_failed.format(user['username'], str(e)))
+                self.log.error(e)
+
+    def get_rid_by_uid(self, uid):
+        from api.models.acl import Role
+        role = Role.get_by(first=True, uid=uid)
+        return role['id'] if role is not None else 0
+
+
+class InitDepartment(object):
+    def __init__(self):
+        self.log = current_app.logger
+
+    def init(self):
+        self.init_wide_company()
+
+    def hard_delete(self, department_id, department_name):
+        existed_deleted_list = Department.query.filter(
+            Department.department_name == department_name,
+            Department.department_id == department_id,
+            Department.deleted == 1,
+        ).all()
+        for existed in existed_deleted_list:
+            existed.delete()
+
+    def get_department(self, department_name):
+        return Department.query.filter(
+            Department.department_name == department_name,
+            Department.deleted == 0,
+        ).order_by(Department.created_at.asc()).first()
+
+    def run(self, department_id, department_name, department_parent_id):
+        self.hard_delete(department_id, department_name)
+
+        res = self.get_department(department_name)
+        if res:
+            if res.department_id == department_id:
+                return
+            else:
+                new_d = res.update(
+                    department_id=department_id,
+                    department_parent_id=department_parent_id,
+                )
+                return
+
+        Department.create(
+            department_id=department_id,
+            department_name=department_name,
+            department_parent_id=department_parent_id,
+        )
+        new_d = self.get_department(department_name)
+
+        if new_d.department_id != department_id:
+            new_d = new_d.update(
+                department_id=department_id,
+                department_parent_id=department_parent_id,
+            )
+        self.log.info(f"初始化 {department_name} 部门成功.")
+
+    def run_common(self, department_id, department_name, department_parent_id):
+        try:
+            self.run(department_id, department_name, department_parent_id)
+        except Exception as e:
+            current_app.logger.error(f"init {department_name} err:")
+            current_app.logger.error(e)
+            raise Exception(e)
+
+    def init_wide_company(self):
+        """
+        创建 id 0, name 全公司 的部门
+        """
+        department_id = 0
+        department_name = '全公司'
+        department_parent_id = -1
+
+        self.run_common(department_id, department_name, department_parent_id)
+
+    def create_acl_role_with_department(self):
+        """
+        当前所有部门，在ACL创建 role
+        """
+        acl = ACLManager('acl')
+        role_name_map = {role['name']: role for role in acl.get_all_roles()}
+
+        d_list = Department.query.filter(
+            Department.deleted == 0, Department.department_parent_id != -1).all()
+        for department in d_list:
+            if department.acl_rid > 0:
+                continue
+
+            role = role_name_map.get(department.department_name)
+            if role is None:
+                payload = {
+                    'app_id': 'acl',
+                    'name': department.department_name,
+                }
+                role = acl.create_role(payload)
+
+            acl_rid = role.get('id') if role else 0
+
+            department.update(
+                acl_rid=acl_rid
+            )
+            info = f"update department acl_rid: {acl_rid}"
+            current_app.logger.info(info)
+
+    def init_backend_resource(self):
+        acl = self.check_app('backend')
+        resources_types = acl.get_all_resources_types()
+
+        results = list(filter(lambda t: t['name'] == '操作权限', resources_types['groups']))
+        if len(results) == 0:
+            payload = dict(
+                app_id=acl.app_name,
+                name='操作权限',
+                description='',
+                perms=['read', 'grant', 'delete', 'update']
+            )
+            resource_type = acl.create_resources_type(payload)
+        else:
+            resource_type = results[0]
+
+        for name in ['公司信息']:
+            payload = dict(
+                type_id=resource_type['id'],
+                app_id=acl.app_name,
+                name=name,
+            )
+            try:
+                acl.create_resource(payload)
+            except Exception as e:
+                if '已经存在' in str(e):
+                    pass
+                else:
+                    raise Exception(e)
+
+    def check_app(self, app_name):
+        acl = ACLManager(app_name)
+        payload = dict(
+            name=app_name,
+            description=app_name
+        )
+        try:
+            app = acl.validate_app()
+            if app:
+                return acl
+
+            acl.create_app(payload)
+        except Exception as e:
+            current_app.logger.error(e)
+            if '不存在' in str(e):
+                acl.create_app(payload)
+                return acl
+            raise Exception(e)
+
+
+@click.command()
+@with_appcontext
+def init_import_user_from_acl():
+    """
+    Import users from ACL
+    """
+    InitEmployee().import_user_from_acl()
+
+
+@click.command()
+@with_appcontext
+def init_department():
+    """
+    Department initialization
+    """
+    cli = InitDepartment()
+    cli.init_wide_company()
+    cli.create_acl_role_with_department()
+    cli.init_backend_resource()