diff --git a/cmdb-api/api/commands/click_cmdb.py b/cmdb-api/api/commands/click_cmdb.py
index 8bf2f51..a3049b4 100644
--- a/cmdb-api/api/commands/click_cmdb.py
+++ b/cmdb-api/api/commands/click_cmdb.py
@@ -22,6 +22,8 @@ from api.lib.perm.acl.cache import AppCache
from api.lib.perm.acl.resource import ResourceCRUD
from api.lib.perm.acl.resource import ResourceTypeCRUD
from api.lib.perm.acl.role import RoleCRUD
+from api.lib.perm.acl.user import UserCRUD
+from api.models.acl import App
from api.models.acl import ResourceType
from api.models.cmdb import CI
from api.models.cmdb import CIRelation
@@ -91,7 +93,9 @@ def init_cache():
@click.command()
@with_appcontext
def init_acl():
- app_id = AppCache.get('cmdb').id
+ _app = AppCache.get('cmdb') or App.create(name='cmdb')
+ app_id = _app.id
+
# 1. add resource type
for resource_type in ResourceTypeEnum.all():
try:
@@ -135,3 +139,59 @@ def init_acl():
RoleEnum.CMDB_READ_ALL,
ResourceTypeEnum.RELATION_VIEW,
[PermEnum.READ])
+
+
+@click.command()
+@click.option(
+ '-u',
+ '--user',
+ help='username'
+)
+@click.option(
+ '-p',
+ '--password',
+ help='password'
+)
+@click.option(
+ '-m',
+ '--mail',
+ help='mail'
+)
+@click.option(
+ '--is_admin',
+ is_flag=True
+)
+@with_appcontext
+def add_user(user, password, mail, is_admin):
+ """
+ create a user
+
+ is_admin: default is False
+
+ Example: flask add-user -u <username> -p <password> -m <mail> [--is_admin]
+ """
+ assert user is not None
+ assert password is not None
+ assert mail is not None
+ print((user, password, is_admin))
+ UserCRUD.add(username=user, password=password, email=mail, is_admin=is_admin)
+
+
+@click.command()
+@click.option(
+ '-u',
+ '--user',
+ help='username'
+)
+@with_appcontext
+def del_user(user):
+ """
+ delete a user
+
+ Example: flask del-user -u <username>
+ """
+ assert user is not None
+ from api.models.acl import User
+
+ u = User.get_by(username=user, first=True, to_dict=False)
+ u and UserCRUD.delete(u.uid)
diff --git a/cmdb-api/api/lib/perm/acl/user.py b/cmdb-api/api/lib/perm/acl/user.py
index 778a852..47ad6b1 100644
--- a/cmdb-api/api/lib/perm/acl/user.py
+++ b/cmdb-api/api/lib/perm/acl/user.py
@@ -38,13 +38,22 @@ class UserCRUD(object):
existed = User.get_by(username=kwargs['username'], email=kwargs['email'])
existed and abort(400, "User <{0}> is already existed".format(kwargs['username']))
+ is_admin = kwargs.pop('is_admin', False)
kwargs['nickname'] = kwargs.get('nickname') or kwargs['username']
kwargs['block'] = 0
kwargs['key'], kwargs['secret'] = cls._gen_key_secret()
user = User.create(**kwargs)
- RoleCRUD.add_role(user.username, uid=user.uid)
+ role = RoleCRUD.add_role(user.username, uid=user.uid)
+
+ if is_admin:
+ from api.lib.perm.acl.cache import AppCache
+ from api.lib.perm.acl.role import RoleRelationCRUD
+ admin_r = Role.get_by(name='admin', first=True, to_dict=False) or \
+ RoleCRUD.add_role('admin', AppCache.get('cmdb').id, True)
+
+ RoleRelationCRUD.add(admin_r.id, role.id)
return user
@@ -75,11 +84,14 @@ class UserCRUD(object):
@classmethod
def delete(cls, uid):
- if uid == g.user.uid:
+ if hasattr(g, 'user') and uid == g.user.uid:
return abort(400, "You cannot delete yourself")
user = User.get_by(uid=uid, to_dict=False, first=True) or abort(404, "User <{0}> does not exist".format(uid))
UserCache.clean(user)
- user.soft_delete()
+ for i in Role.get_by(uid=uid, to_dict=False):
+ i.delete()
+
+ user.delete()
diff --git a/cmdb-api/migrations/README b/cmdb-api/migrations/README
new file mode 100644
index 0000000..98e4f9c
--- /dev/null
+++ b/cmdb-api/migrations/README
@@ -0,0 +1 @@
+Generic single-database configuration.
\ No newline at end of file
diff --git a/cmdb-api/migrations/alembic.ini b/cmdb-api/migrations/alembic.ini
new file mode 100644
index 0000000..f8ed480
--- /dev/null
+++ b/cmdb-api/migrations/alembic.ini
@@ -0,0 +1,45 @@
+# A generic, single database configuration.
+
+[alembic]
+# template used to generate migration files
+# file_template = %%(rev)s_%%(slug)s
+
+# set to 'true' to run the environment during
+# the 'revision' command, regardless of autogenerate
+# revision_environment = false
+
+
+# Logging configuration
+[loggers]
+keys = root,sqlalchemy,alembic
+
+[handlers]
+keys = console
+
+[formatters]
+keys = generic
+
+[logger_root]
+level = WARN
+handlers = console
+qualname =
+
+[logger_sqlalchemy]
+level = WARN
+handlers =
+qualname = sqlalchemy.engine
+
+[logger_alembic]
+level = INFO
+handlers =
+qualname = alembic
+
+[handler_console]
+class = StreamHandler
+args = (sys.stderr,)
+level = NOTSET
+formatter = generic
+
+[formatter_generic]
+format = %(levelname)-5.5s [%(name)s] %(message)s
+datefmt = %H:%M:%S
diff --git a/cmdb-api/migrations/env.py b/cmdb-api/migrations/env.py
new file mode 100644
index 0000000..79b8174
--- /dev/null
+++ b/cmdb-api/migrations/env.py
@@ -0,0 +1,96 @@
+from __future__ import with_statement
+
+import logging
+from logging.config import fileConfig
+
+from sqlalchemy import engine_from_config
+from sqlalchemy import pool
+
+from alembic import context
+
+# this is the Alembic Config object, which provides
+# access to the values within the .ini file in use.
+config = context.config
+
+# Interpret the config file for Python logging.
+# This line sets up loggers basically.
+fileConfig(config.config_file_name)
+logger = logging.getLogger('alembic.env')
+
+# add your model's MetaData object here
+# for 'autogenerate' support
+# from myapp import mymodel
+# target_metadata = mymodel.Base.metadata
+from flask import current_app
+config.set_main_option(
+ 'sqlalchemy.url', current_app.config.get(
+ 'SQLALCHEMY_DATABASE_URI').replace('%', '%%'))
+target_metadata = current_app.extensions['migrate'].db.metadata
+
+# other values from the config, defined by the needs of env.py,
+# can be acquired:
+# my_important_option = config.get_main_option("my_important_option")
+# ... etc.
+
+
+def run_migrations_offline():
+ """Run migrations in 'offline' mode.
+
+ This configures the context with just a URL
+ and not an Engine, though an Engine is acceptable
+ here as well. By skipping the Engine creation
+ we don't even need a DBAPI to be available.
+
+ Calls to context.execute() here emit the given string to the
+ script output.
+
+ """
+ url = config.get_main_option("sqlalchemy.url")
+ context.configure(
+ url=url, target_metadata=target_metadata, literal_binds=True
+ )
+
+ with context.begin_transaction():
+ context.run_migrations()
+
+
+def run_migrations_online():
+ """Run migrations in 'online' mode.
+
+ In this scenario we need to create an Engine
+ and associate a connection with the context.
+
+ """
+
+ # this callback is used to prevent an auto-migration from being generated
+ # when there are no changes to the schema
+ # reference: http://alembic.zzzcomputing.com/en/latest/cookbook.html
+ def process_revision_directives(context, revision, directives):
+ if getattr(config.cmd_opts, 'autogenerate', False):
+ script = directives[0]
+ if script.upgrade_ops.is_empty():
+ directives[:] = []
+ logger.info('No changes in schema detected.')
+
+ connectable = engine_from_config(
+ config.get_section(config.config_ini_section),
+ prefix='sqlalchemy.',
+ poolclass=pool.NullPool,
+ )
+
+ with connectable.connect() as connection:
+ context.configure(
+ connection=connection,
+ target_metadata=target_metadata,
+ process_revision_directives=process_revision_directives,
+ **current_app.extensions['migrate'].configure_args
+ )
+
+ with context.begin_transaction():
+ context.run_migrations()
+
+
+if context.is_offline_mode():
+ run_migrations_offline()
+else:
+ run_migrations_online()
diff --git a/cmdb-api/migrations/script.py.mako b/cmdb-api/migrations/script.py.mako
new file mode 100644
index 0000000..2c01563
--- /dev/null
+++ b/cmdb-api/migrations/script.py.mako
@@ -0,0 +1,24 @@
+"""${message}
+
+Revision ID: ${up_revision}
+Revises: ${down_revision | comma,n}
+Create Date: ${create_date}
+
+"""
+from alembic import op
+import sqlalchemy as sa
+${imports if imports else ""}
+
+# revision identifiers, used by Alembic.
+revision = ${repr(up_revision)}
+down_revision = ${repr(down_revision)}
+branch_labels = ${repr(branch_labels)}
+depends_on = ${repr(depends_on)}
+
+
+def upgrade():
+ ${upgrades if upgrades else "pass"}
+
+
+def downgrade():
+ ${downgrades if downgrades else "pass"}