upgrade flask to 2.3.2 and replace g.user with current_user

cmdb-api/api/lib/perm/acl/acl.py

@@ -5,8 +5,9 @@ import hashlib
 
 import requests
 import six
-from flask import current_app, g, request
-from flask import session, abort
+from flask import abort, session
+from flask import current_app, request
+from flask_login import current_user
 
 from api.extensions import cache
 from api.lib.perm.acl.audit import AuditCRUD
@@ -154,9 +155,9 @@ class ACLManager(object):
         if is_app_admin(self.app_id):
             return True
 
-        role = self._get_role(g.user.username)
+        role = self._get_role(current_user.username)
 
-        role or abort(404, ErrFormat.role_not_found.format(g.user.username))
+        role or abort(404, ErrFormat.role_not_found.format(current_user.username))
 
         return RoleCRUD.has_permission(role.id, resource_name, resource_type, self.app_id, perm,
                                        resource_id=resource_id)
@@ -193,9 +194,9 @@ class ACLManager(object):
         return user
 
     def get_resources(self, resource_type_name=None):
-        role = self._get_role(g.user.username)
+        role = self._get_role(current_user.username)
 
-        role or abort(404, ErrFormat.role_not_found.format(g.user.username))
+        role or abort(404, ErrFormat.role_not_found.format(current_user.username))
         rid = role.id
 
         return RoleCRUD.recursive_resources(rid, self.app_id, resource_type_name).get('resources')
@@ -215,7 +216,7 @@ def validate_permission(resources, resource_type, perm, app=None):
         return
 
     if current_app.config.get("USE_ACL"):
-        if g.user.username == "worker":
+        if current_user.username == "worker":
             return
 
         resources = [resources] if isinstance(resources, six.string_types) else resources
@@ -313,7 +314,7 @@ def role_required(role_name, app=None):
                 return
 
             if current_app.config.get("USE_ACL"):
-                if getattr(g.user, 'username', None) == "worker":
+                if getattr(current_user, 'username', None) == "worker":
                     return func(*args, **kwargs)
 
                 if role_name not in session.get("acl", {}).get("parentRoles", []) and not is_app_admin(app):

cmdb-api/api/lib/perm/acl/audit.py

@@ -9,8 +9,8 @@ from flask_login import current_user
 from sqlalchemy import func
 
 from api.lib.perm.acl import AppCache
-from api.models.acl import AuditRoleLog, AuditResourceLog, AuditPermissionLog, AuditTriggerLog, RolePermission, \
-    Resource, ResourceGroup, Permission, Role, ResourceType
+from api.models.acl import AuditPermissionLog, AuditResourceLog, AuditRoleLog, AuditTriggerLog, Permission, Resource, \
+    ResourceGroup, ResourceType, Role, RolePermission
 
 
 class AuditScope(str, Enum):
@@ -50,7 +50,7 @@ class AuditCRUD(object):
     @staticmethod
     def get_current_operate_uid(uid=None):
 
-        user_id = uid or (hasattr(g, 'user') and getattr(g.user, 'uid', None)) \
+        user_id = uid or (hasattr(g, 'user') and getattr(current_user, 'uid', None)) \
                   or getattr(current_user, 'user_id', None)
 
         if has_request_context() and request.headers.get('X-User-Id'):

cmdb-api/api/lib/perm/acl/role.py

@@ -6,6 +6,7 @@ import time
 import six
 from flask import abort
 from flask import current_app
+from sqlalchemy import or_
 
 from api.extensions import db
 from api.lib.perm.acl.app import AppCRUD
@@ -212,18 +213,16 @@ class RoleCRUD(object):
 
     @staticmethod
     def search(q, app_id, page=1, page_size=None, user_role=True, is_all=False, user_only=False):
-        query = db.session.query(Role).filter(Role.deleted.is_(False))
-        query1 = query.filter(Role.app_id == app_id).filter(Role.uid.is_(None))
-        query2 = query.filter(Role.app_id.is_(None)).filter(Role.uid.is_(None))
-        query = query1.union(query2)
 
-        if user_role:
-            query1 = db.session.query(Role).filter(Role.deleted.is_(False)).filter(Role.uid.isnot(None))
-            query = query.union(query1)
-
-        if user_only:
+        if user_only:  # only user role
             query = db.session.query(Role).filter(Role.deleted.is_(False)).filter(Role.uid.isnot(None))
 
+        else:
+            query = db.session.query(Role).filter(Role.deleted.is_(False)).filter(
+                or_(Role.app_id == app_id, Role.app_id.is_(None)))
+            if not user_role:  # only virtual role
+                query = query.filter(Role.uid.is_(None))
+
         if not is_all:
             role_ids = list(HasResourceRoleCache.get(app_id).keys())
             query = query.filter(Role.id.in_(role_ids))

cmdb-api/api/lib/perm/acl/user.py

@@ -6,7 +6,7 @@ import string
 import uuid
 
 from flask import abort
-from flask import g
+from flask_login import current_user
 
 from api.extensions import db
 from api.lib.perm.acl.audit import AuditCRUD, AuditOperateType, AuditScope
@@ -90,9 +90,9 @@ class UserCRUD(object):
     @classmethod
     def reset_key_secret(cls):
         key, secret = cls.gen_key_secret()
-        g.user.update(key=key, secret=secret)
+        current_user.update(key=key, secret=secret)
 
-        UserCache.clean(g.user)
+        UserCache.clean(current_user)
 
         return key, secret
 

cmdb-api/api/lib/perm/auth.py

@@ -10,6 +10,7 @@ from flask import current_app
 from flask import g
 from flask import request
 from flask import session
+from flask_login import current_user
 from flask_login import login_user
 
 from api.lib.perm.acl.acl import ACLManager
@@ -65,7 +66,7 @@ def _auth_with_key():
 
 def _auth_with_session():
     if isinstance(getattr(g, 'user', None), User):
-        login_user(g.user)
+        login_user(current_user)
         return True
     if "acl" in session and "userName" in (session["acl"] or {}):
         login_user(UserCache.get(session["acl"]["userName"]))