update acl

api/views/__init__.py

@@ -32,6 +32,6 @@ register_resources(os.path.join(HERE, "cmdb"), rest)
 
 
 # acl
-blueprint_acl_v1 = Blueprint('cmdb_acl_v1', __name__, url_prefix='/api/v1/acl')
+blueprint_acl_v1 = Blueprint('acl_api_v1', __name__, url_prefix='/api/v1/acl')
 rest = Api(blueprint_acl_v1)
 register_resources(os.path.join(HERE, "acl"), rest)

api/views/acl/permission.py

@@ -0,0 +1,40 @@
+# -*- coding:utf-8 -*-
+
+
+from flask import request
+
+from api.lib.decorator import args_required
+from api.lib.perm.acl.permission import PermissionCRUD
+from api.lib.utils import handle_arg_list
+from api.resource import APIView
+
+
+class ResourcePermissionView(APIView):
+    url_prefix = ("/resources/<int:resource_id>/permissions", "/resource_groups/<int:group_id>/permissions")
+
+    def get(self, resource_id=None, group_id=None):
+        return self.jsonify(PermissionCRUD.get_all(resource_id, group_id))
+
+
+class RolePermissionGrantView(APIView):
+    url_prefix = ('/roles/<int:rid>/resources/<int:resource_id>/grant',
+                  '/roles/<int:rid>/resource_groups/<int:group_id>/grant')
+
+    @args_required('perms')
+    def post(self, rid, resource_id=None, group_id=None):
+        perms = handle_arg_list(request.values.get("perms"))
+        PermissionCRUD.grant(rid, perms, resource_id=resource_id, group_id=group_id)
+
+        return self.jsonify(rid=rid, resource_id=resource_id, group_id=group_id, perms=perms)
+
+
+class RolePermissionRevokeView(APIView):
+    url_prefix = ('/roles/<int:rid>/resources/<int:resource_id>/revoke',
+                  '/roles/<int:rid>/resource_groups/<int:group_id>/revoke')
+
+    @args_required('perms')
+    def post(self, rid, resource_id=None, group_id=None):
+        perms = handle_arg_list(request.values.get("perms"))
+        PermissionCRUD.revoke(rid, perms, resource_id=resource_id, group_id=group_id)
+
+        return self.jsonify(rid=rid, resource_id=resource_id, group_id=group_id, perms=perms)

api/views/acl/role.py

@@ -4,6 +4,7 @@ from flask import request
 
 from api.lib.decorator import args_required
 from api.lib.perm.acl.role import RoleCRUD
+from api.lib.perm.acl.role import RoleRelationCRUD
 from api.lib.utils import get_page
 from api.lib.utils import get_page_size
 from api.resource import APIView
@@ -21,9 +22,12 @@ class RoleView(APIView):
 
         numfound, roles = RoleCRUD.search(q, app_id, page, page_size)
 
+        id2parents = RoleRelationCRUD.get_parents([i.id for i in roles])
+
         return self.jsonify(numfound=numfound,
                             page=page,
                             page_size=page_size,
+                            id2parents=id2parents,
                             roles=[i.to_dict() for i in roles])
 
     @args_required('name')
@@ -46,3 +50,22 @@ class RoleView(APIView):
         RoleCRUD.delete_role(rid)
 
         return self.jsonify(rid=rid)
+
+
+class RoleRelationView(APIView):
+    url_prefix = "/roles/<int:child_id>/parents"
+
+    @args_required('parent_id')
+    def post(self, child_id):
+        parent_id = request.values.get('parent_id')
+        res = RoleRelationCRUD.add(parent_id, child_id)
+
+        return self.jsonify(res.to_dict())
+
+    @args_required('parent_id')
+    def delete(self, child_id):
+        parent_id = request.values.get('parent_id')
+
+        RoleRelationCRUD.delete2(parent_id, child_id)
+
+        return self.jsonify(parent_id=parent_id, child_id=child_id)