From 8875e75883f5177d43e3ea219d51f3902223819b Mon Sep 17 00:00:00 2001 From: pycook Date: Thu, 30 May 2024 09:33:30 +0800 Subject: [PATCH] fix(acl): add relation --- cmdb-api/api/lib/perm/acl/cache.py | 6 +++++- cmdb-api/api/lib/perm/acl/resource.py | 5 ++++- cmdb-api/api/lib/perm/acl/role.py | 10 +++++----- 3 files changed, 14 insertions(+), 7 deletions(-) diff --git a/cmdb-api/api/lib/perm/acl/cache.py b/cmdb-api/api/lib/perm/acl/cache.py index 8dffa0b..42acbfb 100644 --- a/cmdb-api/api/lib/perm/acl/cache.py +++ b/cmdb-api/api/lib/perm/acl/cache.py @@ -3,9 +3,9 @@ import msgpack import redis_lock -from flask import current_app from api.extensions import cache +from api.extensions import db from api.extensions import rd from api.lib.decorator import flush_db from api.models.acl import App @@ -161,6 +161,7 @@ class RoleRelationCache(object): def get_parent_ids(cls, rid, app_id, force=False): parent_ids = cache.get(cls.PREFIX_PARENT.format(rid, app_id)) if not parent_ids or force: + db.session.commit() from api.lib.perm.acl.role import RoleRelationCRUD parent_ids = RoleRelationCRUD.get_parent_ids(rid, app_id) cache.set(cls.PREFIX_PARENT.format(rid, app_id), parent_ids, timeout=0) @@ -171,6 +172,7 @@ class RoleRelationCache(object): def get_child_ids(cls, rid, app_id, force=False): child_ids = cache.get(cls.PREFIX_CHILDREN.format(rid, app_id)) if not child_ids or force: + db.session.commit() from api.lib.perm.acl.role import RoleRelationCRUD child_ids = RoleRelationCRUD.get_child_ids(rid, app_id) cache.set(cls.PREFIX_CHILDREN.format(rid, app_id), child_ids, timeout=0) @@ -187,6 +189,7 @@ class RoleRelationCache(object): """ resources = cache.get(cls.PREFIX_RESOURCES.format(rid, app_id)) if not resources or force: + db.session.commit() from api.lib.perm.acl.role import RoleCRUD resources = RoleCRUD.get_resources(rid, app_id) if resources['id2perms'] or resources['group2perms']: @@ -198,6 +201,7 @@ class RoleRelationCache(object): def get_resources2(cls, rid, app_id, force=False): r_g = cache.get(cls.PREFIX_RESOURCES2.format(rid, app_id)) if not r_g or force: + db.session.commit() res = cls.get_resources(rid, app_id) id2perms = res['id2perms'] group2perms = res['group2perms'] diff --git a/cmdb-api/api/lib/perm/acl/resource.py b/cmdb-api/api/lib/perm/acl/resource.py index 3628b3a..739d104 100644 --- a/cmdb-api/api/lib/perm/acl/resource.py +++ b/cmdb-api/api/lib/perm/acl/resource.py @@ -315,9 +315,12 @@ class ResourceCRUD(object): return resource @staticmethod - def delete(_id, rebuild=True): + def delete(_id, rebuild=True, app_id=None): resource = Resource.get_by_id(_id) or abort(404, ErrFormat.resource_not_found.format("id={}".format(_id))) + if app_id is not None and resource.app_id != app_id: + return abort(404, ErrFormat.resource_not_found.format("id={}".format(_id))) + origin = resource.to_dict() resource.soft_delete() diff --git a/cmdb-api/api/lib/perm/acl/role.py b/cmdb-api/api/lib/perm/acl/role.py index b662135..1cd35e9 100644 --- a/cmdb-api/api/lib/perm/acl/role.py +++ b/cmdb-api/api/lib/perm/acl/role.py @@ -154,19 +154,19 @@ class RoleRelationCRUD(object): if existed: continue - RoleRelationCache.clean(parent_id, app_id) - RoleRelationCache.clean(child_id, app_id) - if parent_id in cls.recursive_child_ids(child_id, app_id): return abort(400, ErrFormat.inheritance_dead_loop) + result.append(RoleRelation.create(parent_id=parent_id, child_id=child_id, app_id=app_id).to_dict()) + + RoleRelationCache.clean(parent_id, app_id) + RoleRelationCache.clean(child_id, app_id) + if app_id is None: for app in AppCRUD.get_all(): if app.name != "acl": RoleRelationCache.clean(child_id, app.id) - result.append(RoleRelation.create(parent_id=parent_id, child_id=child_id, app_id=app_id).to_dict()) - AuditCRUD.add_role_log(app_id, AuditOperateType.role_relation_add, AuditScope.role_relation, role.id, {}, {}, {'child_ids': list(child_ids), 'parent_ids': [parent_id], }