fix(api): role grant

cmdb-api/api/lib/cmdb/ci_type.py

@@ -24,6 +24,7 @@ from api.lib.cmdb.const import ResourceTypeEnum
 from api.lib.cmdb.const import RoleEnum
 from api.lib.cmdb.const import ValueTypeEnum
 from api.lib.cmdb.history import CITypeHistoryManager
+from api.lib.cmdb.perms import CIFilterPermsCRUD
 from api.lib.cmdb.relation_type import RelationTypeManager
 from api.lib.cmdb.resp_format import ErrFormat
 from api.lib.cmdb.value import AttributeValueManager
@@ -588,6 +589,11 @@ class CITypeRelationManager(object):
         ci_type_dict = CITypeCache.get(type_id).to_dict()
         ci_type_dict["ctr_id"] = relation_inst.id
         ci_type_dict["attributes"] = CITypeAttributeManager.get_attributes_by_type_id(ci_type_dict["id"])
+        attr_filter = CIFilterPermsCRUD.get_attr_filter(type_id)
+        if attr_filter:
+            ci_type_dict["attributes"] = [attr for attr in (ci_type_dict["attributes"] or [])
+                                          if attr['name'] in attr_filter]
+
         ci_type_dict["relation_type"] = relation_inst.relation_type.name
         ci_type_dict["constraint"] = relation_inst.constraint
 

cmdb-api/api/lib/perm/acl/acl.py

@@ -151,9 +151,7 @@ class ACLManager(object):
     def del_resource(self, name, resource_type_name=None):
         resource = self._get_resource(name, resource_type_name)
         if resource:
-            ResourceCRUD.delete(resource.id)
+            return ResourceCRUD.delete(resource.id)
-
-        return resource
 
     def has_permission(self, resource_name, resource_type, perm, resource_id=None):
         if is_app_admin(self.app_id):

cmdb-api/api/lib/perm/acl/resource.py

@@ -328,6 +328,8 @@ class ResourceCRUD(object):
         AuditCRUD.add_resource_log(resource.app_id, AuditOperateType.delete,
                                    AuditScope.resource, resource.id, origin, {}, {})
 
+        return rebuilds
+
     @classmethod
     def delete_by_name(cls, name, type_id, app_id):
         resource = Resource.get_by(name=name, resource_type_id=type_id, app_id=app_id) or abort(

cmdb-api/api/views/cmdb/ci_type.py

@@ -465,7 +465,14 @@ class CITypeGrantView(APIView):
 
         acl.grant_resource_to_role_by_rid(type_name, rid, ResourceTypeEnum.CI_TYPE, perms, rebuild=False)
 
-        CIFilterPermsCRUD().add(type_id=type_id, rid=rid, **request.values)
+        if request.values.get('ci_filter') or request.values.get('attr_filter'):
+            CIFilterPermsCRUD().add(type_id=type_id, rid=rid, **request.values)
+        else:
+            from api.tasks.acl import role_rebuild
+            from api.lib.perm.acl.const import ACL_QUEUE
+
+            app_id = AppCache.get('cmdb').id
+            role_rebuild.apply_async(args=(rid, app_id), queue=ACL_QUEUE)
 
         return self.jsonify(code=200)
 
@@ -490,7 +497,7 @@ class CITypeRevokeView(APIView):
 
         app_id = AppCache.get('cmdb').id
         resource = None
-        if PermEnum.READ in perms:
+        if PermEnum.READ in perms or not perms:
             resource = CIFilterPermsCRUD().delete(type_id=type_id, rid=rid)
 
             users = RoleRelationCRUD.get_users_by_rid(rid, app_id)
@@ -503,7 +510,7 @@ class CITypeRevokeView(APIView):
             from api.tasks.acl import role_rebuild
             from api.lib.perm.acl.const import ACL_QUEUE
 
-            role_rebuild.apply_async(args=(app_id, rid), queue=ACL_QUEUE)
+            role_rebuild.apply_async(args=(rid, app_id), queue=ACL_QUEUE)
 
         return self.jsonify(type_id=type_id, rid=rid)