From c143d6ae5b0e5d792817a82218f080ec81bedc97 Mon Sep 17 00:00:00 2001 From: pycook Date: Sat, 23 Dec 2023 12:30:52 +0800 Subject: [PATCH] fix(api): role grant --- cmdb-api/api/lib/cmdb/ci_type.py | 6 ++++++ cmdb-api/api/lib/perm/acl/acl.py | 4 +--- cmdb-api/api/lib/perm/acl/resource.py | 2 ++ cmdb-api/api/views/cmdb/ci_type.py | 13 ++++++++++--- 4 files changed, 19 insertions(+), 6 deletions(-) diff --git a/cmdb-api/api/lib/cmdb/ci_type.py b/cmdb-api/api/lib/cmdb/ci_type.py index 79c963d..e241da8 100644 --- a/cmdb-api/api/lib/cmdb/ci_type.py +++ b/cmdb-api/api/lib/cmdb/ci_type.py @@ -24,6 +24,7 @@ from api.lib.cmdb.const import ResourceTypeEnum from api.lib.cmdb.const import RoleEnum from api.lib.cmdb.const import ValueTypeEnum from api.lib.cmdb.history import CITypeHistoryManager +from api.lib.cmdb.perms import CIFilterPermsCRUD from api.lib.cmdb.relation_type import RelationTypeManager from api.lib.cmdb.resp_format import ErrFormat from api.lib.cmdb.value import AttributeValueManager @@ -588,6 +589,11 @@ class CITypeRelationManager(object): ci_type_dict = CITypeCache.get(type_id).to_dict() ci_type_dict["ctr_id"] = relation_inst.id ci_type_dict["attributes"] = CITypeAttributeManager.get_attributes_by_type_id(ci_type_dict["id"]) + attr_filter = CIFilterPermsCRUD.get_attr_filter(type_id) + if attr_filter: + ci_type_dict["attributes"] = [attr for attr in (ci_type_dict["attributes"] or []) + if attr['name'] in attr_filter] + ci_type_dict["relation_type"] = relation_inst.relation_type.name ci_type_dict["constraint"] = relation_inst.constraint diff --git a/cmdb-api/api/lib/perm/acl/acl.py b/cmdb-api/api/lib/perm/acl/acl.py index fbb2642..16cc283 100644 --- a/cmdb-api/api/lib/perm/acl/acl.py +++ b/cmdb-api/api/lib/perm/acl/acl.py @@ -151,9 +151,7 @@ class ACLManager(object): def del_resource(self, name, resource_type_name=None): resource = self._get_resource(name, resource_type_name) if resource: - ResourceCRUD.delete(resource.id) - - return resource + return ResourceCRUD.delete(resource.id) def has_permission(self, resource_name, resource_type, perm, resource_id=None): if is_app_admin(self.app_id): diff --git a/cmdb-api/api/lib/perm/acl/resource.py b/cmdb-api/api/lib/perm/acl/resource.py index f5128d4..7c03e63 100644 --- a/cmdb-api/api/lib/perm/acl/resource.py +++ b/cmdb-api/api/lib/perm/acl/resource.py @@ -328,6 +328,8 @@ class ResourceCRUD(object): AuditCRUD.add_resource_log(resource.app_id, AuditOperateType.delete, AuditScope.resource, resource.id, origin, {}, {}) + return rebuilds + @classmethod def delete_by_name(cls, name, type_id, app_id): resource = Resource.get_by(name=name, resource_type_id=type_id, app_id=app_id) or abort( diff --git a/cmdb-api/api/views/cmdb/ci_type.py b/cmdb-api/api/views/cmdb/ci_type.py index c26d2aa..275db22 100644 --- a/cmdb-api/api/views/cmdb/ci_type.py +++ b/cmdb-api/api/views/cmdb/ci_type.py @@ -465,7 +465,14 @@ class CITypeGrantView(APIView): acl.grant_resource_to_role_by_rid(type_name, rid, ResourceTypeEnum.CI_TYPE, perms, rebuild=False) - CIFilterPermsCRUD().add(type_id=type_id, rid=rid, **request.values) + if request.values.get('ci_filter') or request.values.get('attr_filter'): + CIFilterPermsCRUD().add(type_id=type_id, rid=rid, **request.values) + else: + from api.tasks.acl import role_rebuild + from api.lib.perm.acl.const import ACL_QUEUE + + app_id = AppCache.get('cmdb').id + role_rebuild.apply_async(args=(rid, app_id), queue=ACL_QUEUE) return self.jsonify(code=200) @@ -490,7 +497,7 @@ class CITypeRevokeView(APIView): app_id = AppCache.get('cmdb').id resource = None - if PermEnum.READ in perms: + if PermEnum.READ in perms or not perms: resource = CIFilterPermsCRUD().delete(type_id=type_id, rid=rid) users = RoleRelationCRUD.get_users_by_rid(rid, app_id) @@ -503,7 +510,7 @@ class CITypeRevokeView(APIView): from api.tasks.acl import role_rebuild from api.lib.perm.acl.const import ACL_QUEUE - role_rebuild.apply_async(args=(app_id, rid), queue=ACL_QUEUE) + role_rebuild.apply_async(args=(rid, app_id), queue=ACL_QUEUE) return self.jsonify(type_id=type_id, rid=rid)