Merge pull request #4 from pycook/master

fix acl resource_type
2019-11-23 17:36:42 +08:00 · 2019-11-23 17:36:42 +08:00 · aae3b6e2ff
parent efa5a8ea5d b370c7d46e
commit aae3b6e2ff
3 changed files with 28 additions and 4 deletions
--- a/api/lib/perm/acl/resource.py
+++ b/api/lib/perm/acl/resource.py
@ -20,8 +20,20 @@ class ResourceTypeCRUD(object):
            query = query.filter(ResourceType.name.ilike('%{0}%'.format(q)))

        numfound = query.count()
+        res = query.offset((page - 1) * page_size).limit(page_size)
+        rt_ids = [i.id for i in res]
+        perms = db.session.query(Permission).filter(Permission.deleted.is_(False)).filter(
+            Permission.resource_type_id.in_(rt_ids))
+        id2perms = dict()
+        for perm in perms:
+            id2perms.setdefault(perm.resource_type_id, []).append(perm.to_dict())

-        return numfound, query.offset((page - 1) * page_size).limit(page_size)
+        return numfound, res, id2perms
+
+    @staticmethod
+    def get_perms(rt_id):
+        perms = Permission.get_by(resource_type_id=rt_id, to_dict=False)
+        return [i.to_dict() for i in perms]

    @classmethod
    def add(cls, app_id, name, perms):
@ -36,6 +48,8 @@ class ResourceTypeCRUD(object):

    @classmethod
    def update(cls, rt_id, **kwargs):
+        kwargs.pop('app_id', None)
+
        rt = ResourceType.get_by_id(rt_id) or abort(404, "ResourceType <{0}> is not found".format(rt_id))
        if 'name' in kwargs:
            other = ResourceType.get_by(name=kwargs['name'], app_id=rt.app_id, to_dict=False, first=True)
--- a/api/lib/perm/acl/role.py
+++ b/api/lib/perm/acl/role.py
@ -119,6 +119,8 @@ class RoleCRUD(object):

    @staticmethod
    def update_role(rid, **kwargs):
+        kwargs.pop('app_id', None)
+
        role = Role.get_by_id(rid) or abort(404, "Role <{0}> does not exist".format(rid))

        RoleCache.clean(rid)
--- a/api/views/acl/resources.py
+++ b/api/views/acl/resources.py
@ -24,12 +24,13 @@ class ResourceTypeView(APIView):
        q = request.values.get('q')
        app_id = request.values.get('app_id')

-        numfound, res = ResourceTypeCRUD.search(q, app_id, page, page_size)
+        numfound, res, id2perms = ResourceTypeCRUD.search(q, app_id, page, page_size)

        return self.jsonify(numfound=numfound,
                            page=page,
                            page_size=page_size,
-                            groups=[i.to_dict() for i in res])
+                            groups=[i.to_dict() for i in res],
+                            id2perms=id2perms)

    @args_required('name')
    @args_required('app_id')
@ -40,7 +41,7 @@ class ResourceTypeView(APIView):
        app_id = request.values.get('app_id')
        perms = request.values.get('perms')

-        rt = ResourceTypeCRUD.add(name, app_id, perms)
+        rt = ResourceTypeCRUD.add(app_id, name, perms)

        return self.jsonify(rt.to_dict())

@ -55,6 +56,13 @@ class ResourceTypeView(APIView):
        return self.jsonify(type_id=type_id)


+class ResourceTypePermsView(APIView):
+    url_prefix = "/resource_types/<int:type_id>/perms"
+
+    def get(self, type_id):
+        return self.jsonify(ResourceTypeCRUD.get_perms(type_id))
+
+
 class ResourceView(APIView):
    url_prefix = ("/resources", "/resources/<int:resource_id>")