7x31
/
cmdb
mirror of https://github.com/veops/cmdb.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix(acl): add relation

This commit is contained in:
pycook 2024-05-30 09:33:30 +08:00
parent 2f03639c57
commit 8875e75883
3 changed files with 14 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
cmdb-api/api/lib/perm/acl/cache.py
View File

@ -3,9 +3,9 @@
import msgpack import msgpack
import redis_lock import redis_lock
from flask import current_app
from api.extensions import cache from api.extensions import cache
from api.extensions import db
from api.extensions import rd from api.extensions import rd
from api.lib.decorator import flush_db from api.lib.decorator import flush_db
from api.models.acl import App from api.models.acl import App
@ -161,6 +161,7 @@ class RoleRelationCache(object):
def get_parent_ids(cls, rid, app_id, force=False): def get_parent_ids(cls, rid, app_id, force=False):
parent_ids = cache.get(cls.PREFIX_PARENT.format(rid, app_id)) parent_ids = cache.get(cls.PREFIX_PARENT.format(rid, app_id))
if not parent_ids or force: if not parent_ids or force:
db.session.commit()
from api.lib.perm.acl.role import RoleRelationCRUD from api.lib.perm.acl.role import RoleRelationCRUD
parent_ids = RoleRelationCRUD.get_parent_ids(rid, app_id) parent_ids = RoleRelationCRUD.get_parent_ids(rid, app_id)
cache.set(cls.PREFIX_PARENT.format(rid, app_id), parent_ids, timeout=0) cache.set(cls.PREFIX_PARENT.format(rid, app_id), parent_ids, timeout=0)
@ -171,6 +172,7 @@ class RoleRelationCache(object):
def get_child_ids(cls, rid, app_id, force=False): def get_child_ids(cls, rid, app_id, force=False):
child_ids = cache.get(cls.PREFIX_CHILDREN.format(rid, app_id)) child_ids = cache.get(cls.PREFIX_CHILDREN.format(rid, app_id))
if not child_ids or force: if not child_ids or force:
db.session.commit()
from api.lib.perm.acl.role import RoleRelationCRUD from api.lib.perm.acl.role import RoleRelationCRUD
child_ids = RoleRelationCRUD.get_child_ids(rid, app_id) child_ids = RoleRelationCRUD.get_child_ids(rid, app_id)
cache.set(cls.PREFIX_CHILDREN.format(rid, app_id), child_ids, timeout=0) cache.set(cls.PREFIX_CHILDREN.format(rid, app_id), child_ids, timeout=0)
@ -187,6 +189,7 @@ class RoleRelationCache(object):
""" """
resources = cache.get(cls.PREFIX_RESOURCES.format(rid, app_id)) resources = cache.get(cls.PREFIX_RESOURCES.format(rid, app_id))
if not resources or force: if not resources or force:
db.session.commit()
from api.lib.perm.acl.role import RoleCRUD from api.lib.perm.acl.role import RoleCRUD
resources = RoleCRUD.get_resources(rid, app_id) resources = RoleCRUD.get_resources(rid, app_id)
if resources['id2perms'] or resources['group2perms']: if resources['id2perms'] or resources['group2perms']:
@ -198,6 +201,7 @@ class RoleRelationCache(object):
def get_resources2(cls, rid, app_id, force=False): def get_resources2(cls, rid, app_id, force=False):
r_g = cache.get(cls.PREFIX_RESOURCES2.format(rid, app_id)) r_g = cache.get(cls.PREFIX_RESOURCES2.format(rid, app_id))
if not r_g or force: if not r_g or force:
db.session.commit()
res = cls.get_resources(rid, app_id) res = cls.get_resources(rid, app_id)
id2perms = res['id2perms'] id2perms = res['id2perms']
group2perms = res['group2perms'] group2perms = res['group2perms']

5
cmdb-api/api/lib/perm/acl/resource.py
View File

@ -315,9 +315,12 @@ class ResourceCRUD(object):
return resource return resource
@staticmethod @staticmethod
def delete(_id, rebuild=True): def delete(_id, rebuild=True, app_id=None):
resource = Resource.get_by_id(_id) or abort(404, ErrFormat.resource_not_found.format("id={}".format(_id))) resource = Resource.get_by_id(_id) or abort(404, ErrFormat.resource_not_found.format("id={}".format(_id)))
if app_id is not None and resource.app_id != app_id:
return abort(404, ErrFormat.resource_not_found.format("id={}".format(_id)))
origin = resource.to_dict() origin = resource.to_dict()
resource.soft_delete() resource.soft_delete()

10
cmdb-api/api/lib/perm/acl/role.py
View File

@ -154,19 +154,19 @@ class RoleRelationCRUD(object):
if existed: if existed:
continue continue
RoleRelationCache.clean(parent_id, app_id)
RoleRelationCache.clean(child_id, app_id)
if parent_id in cls.recursive_child_ids(child_id, app_id): if parent_id in cls.recursive_child_ids(child_id, app_id):
return abort(400, ErrFormat.inheritance_dead_loop) return abort(400, ErrFormat.inheritance_dead_loop)
result.append(RoleRelation.create(parent_id=parent_id, child_id=child_id, app_id=app_id).to_dict())
RoleRelationCache.clean(parent_id, app_id)
RoleRelationCache.clean(child_id, app_id)
if app_id is None: if app_id is None:
for app in AppCRUD.get_all(): for app in AppCRUD.get_all():
if app.name != "acl": if app.name != "acl":
RoleRelationCache.clean(child_id, app.id) RoleRelationCache.clean(child_id, app.id)
result.append(RoleRelation.create(parent_id=parent_id, child_id=child_id, app_id=app_id).to_dict())
AuditCRUD.add_role_log(app_id, AuditOperateType.role_relation_add, AuditCRUD.add_role_log(app_id, AuditOperateType.role_relation_add,
AuditScope.role_relation, role.id, {}, {}, AuditScope.role_relation, role.id, {}, {},
{'child_ids': list(child_ids), 'parent_ids': [parent_id], } {'child_ids': list(child_ids), 'parent_ids': [parent_id], }