acl done and bugfix

2025-08-08 02:11:06 +08:00 · 2019-12-06 22:33:31 +08:00
parent bc94292279
commit a9fc1ca8f6
22 changed files with 270 additions and 138 deletions
--- a/api/commands/click_cmdb.py
+++ b/api/commands/click_cmdb.py
@@ -6,15 +6,27 @@ import json
 import click
 from flask import current_app
 from flask.cli import with_appcontext
+from werkzeug.exceptions import BadRequest

 import api.lib.cmdb.ci
 from api.extensions import db
 from api.extensions import rd
+from api.lib.cmdb.const import PermEnum
 from api.lib.cmdb.const import REDIS_PREFIX_CI
 from api.lib.cmdb.const import REDIS_PREFIX_CI_RELATION
+from api.lib.cmdb.const import ResourceTypeEnum
+from api.lib.cmdb.const import RoleEnum
 from api.lib.cmdb.const import ValueTypeEnum
+from api.lib.perm.acl.acl import ACLManager
+from api.lib.perm.acl.cache import AppCache
+from api.lib.perm.acl.resource import ResourceCRUD
+from api.lib.perm.acl.resource import ResourceTypeCRUD
+from api.lib.perm.acl.role import RoleCRUD
+from api.models.acl import ResourceType
 from api.models.cmdb import CI
 from api.models.cmdb import CIRelation
+from api.models.cmdb import CIType
+from api.models.cmdb import PreferenceRelationView


@click.command()
@@ -74,3 +86,52 @@ def init_cache():
        rd.create_or_update(relations, REDIS_PREFIX_CI_RELATION)

    db.session.remove()
+
+
+@click.command()
+@with_appcontext
+def init_acl():
+    app_id = AppCache.get('cmdb').id
+    # 1. add resource type
+    for resource_type in ResourceTypeEnum.all():
+        try:
+            ResourceTypeCRUD.add(app_id, resource_type, '', PermEnum.all())
+        except BadRequest:
+            pass
+
+    # 2. add role
+    try:
+        RoleCRUD.add_role(RoleEnum.CONFIG, app_id, True)
+    except BadRequest:
+        pass
+    try:
+        RoleCRUD.add_role(RoleEnum.CMDB_READ_ALL, app_id, False)
+    except BadRequest:
+        pass
+
+    # 3. add resource and grant
+    ci_types = CIType.get_by(to_dict=False)
+    type_id = ResourceType.get_by(name=ResourceTypeEnum.CI, first=True, to_dict=False).id
+    for ci_type in ci_types:
+        try:
+            ResourceCRUD.add(ci_type.name, type_id, app_id)
+        except BadRequest:
+            pass
+
+        ACLManager().grant_resource_to_role(ci_type.name,
+                                            RoleEnum.CMDB_READ_ALL,
+                                            ResourceTypeEnum.CI,
+                                            [PermEnum.READ])
+
+    relation_views = PreferenceRelationView.get_by(to_dict=False)
+    type_id = ResourceType.get_by(name=ResourceTypeEnum.RELATION_VIEW, first=True, to_dict=False).id
+    for view in relation_views:
+        try:
+            ResourceCRUD.add(view.name, type_id, app_id)
+        except BadRequest:
+            pass
+
+        ACLManager().grant_resource_to_role(view.name,
+                                            RoleEnum.CMDB_READ_ALL,
+                                            ResourceTypeEnum.RELATION_VIEW,
+                                            [PermEnum.READ])