7x31/cmdb
1
0
Fork 0
mirror of https://github.com/veops/cmdb.git synced 2025-08-09 10:28:56 +08:00
Code Issues Packages Projects Releases Wiki Activity

update acl

Browse Source
This commit is contained in:
pycook
2019-11-13 13:25:42 +08:00
parent 82a402883b
commit cb0eb7eadd
9 changed files with 239 additions and 80 deletions
Download Patch File Download Diff File Expand all files Collapse all files

165
api/lib/perm/acl/role.py
View File

@@ -1,6 +1,7 @@
# -*- coding:utf-8 -*-
import six
from flask import abort
from api.extensions import db
@@ -16,75 +17,16 @@ from api.tasks.acl import role_rebuild
class RoleRelationCRUD(object):
pass
class RoleCRUD(object):
@staticmethod
def search(q, app_id, page=1, page_size=None):
query = db.session.query(Role).filter(Role.deleted.is_(False)).filter(
Role.app_id == app_id).filter(Role.uid.is_(None))
if q:
query = query.filter(Role.name.ilike('%{0}%'.format(q)))
numfound = query.count()
return numfound, query.offset((page - 1) * page_size).limit(page_size)
@staticmethod
def add_role(name, app_id, is_app_admin=False, uid=None):
Role.get_by(name=name, app_id=app_id) and abort(400, "Role <{0}> is already existed".format(name))
return Role.create(name=name,
app_id=app_id,
is_app_admin=is_app_admin,
uid=uid)
@staticmethod
def update_role(rid, **kwargs):
role = Role.get_by_id(rid) or abort(404, "Role <{0}> does not exist".format(rid))
RoleCache.clean(rid)
return role.update(**kwargs)
@classmethod
def delete_role(cls, rid):
role = Role.get_by_id(rid) or abort(404, "Role <{0}> does not exist".format(rid))
parent_ids = cls.get_parent_ids(rid)
child_ids = cls.get_child_ids(rid)
for i in RoleRelation.get_by(parent_id=rid, to_dict=False):
i.soft_delete()
for i in RoleRelation.get_by(child_id=rid, to_dict=False):
i.soft_delete()
for i in RolePermission.get_by(rid=rid, to_dict=False):
i.soft_delete()
role_rebuild.apply_async(args=(parent_ids + child_ids,), queue=ACL_QUEUE)
RoleCache.clean(rid)
RoleRelationCache.clean(rid)
role.soft_delete()
@staticmethod
def get_resources(rid):
res = RolePermission.get_by(rid=rid, to_dict=False)
id2perms = dict(id2perms={}, group2perms={})
def get_parents(rids):
rids = [rids] if isinstance(rids, six.integer_types) else rids
res = db.session.query(RoleRelation).filter(
RoleRelation.child_id.in_(rids)).filter(RoleRelation.deleted.is_(False))
id2parents = {}
for i in res:
if i.resource_id:
id2perms['id2perms'].setdefault(i.resource_id, []).append(i.perm.name)
elif i.group_id:
id2perms['group2perms'].setdefault(i.group_id, []).append(i.perm.name)
id2parents.setdefault(i.child_id, []).append(RoleCache.get(i.parent_id).to_dict())
return id2perms
@staticmethod
def get_group_ids(resource_id):
return [i.group_id for i in ResourceGroupItems.get_by(resource_id, to_dict=False)]
return id2parents
@staticmethod
def get_parent_ids(rid):
@@ -126,12 +68,99 @@ class RoleCRUD(object):
return all_child_ids
@staticmethod
def add(parent_id, child_id):
RoleRelation.get_by(parent_id=parent_id, child_id=child_id) and abort(400, "It's already existed")
return RoleRelation.create(parent_id=parent_id, child_id=child_id)
@staticmethod
def delete(_id):
existed = RoleRelation.get_by_id(_id) or abort(400, "RoleRelation <{0}> does not exist".format(_id))
existed.soft_delete()
@staticmethod
def delete2(parent_id, child_id):
existed = RoleRelation.get_by(parent_id=parent_id, child_id=child_id)
existed or abort(400, "RoleRelation < {0} -> {1} > does not exist".format(parent_id, child_id))
existed.soft_delete()
class RoleCRUD(object):
@staticmethod
def search(q, app_id, page=1, page_size=None):
query = db.session.query(Role).filter(Role.deleted.is_(False)).filter(
Role.app_id == app_id).filter(Role.uid.is_(None))
if q:
query = query.filter(Role.name.ilike('%{0}%'.format(q)))
numfound = query.count()
return numfound, query.offset((page - 1) * page_size).limit(page_size)
@staticmethod
def add_role(name, app_id, is_app_admin=False, uid=None):
Role.get_by(name=name, app_id=app_id) and abort(400, "Role <{0}> is already existed".format(name))
return Role.create(name=name,
app_id=app_id,
is_app_admin=is_app_admin,
uid=uid)
@staticmethod
def update_role(rid, **kwargs):
role = Role.get_by_id(rid) or abort(404, "Role <{0}> does not exist".format(rid))
RoleCache.clean(rid)
return role.update(**kwargs)
@classmethod
def delete_role(cls, rid):
role = Role.get_by_id(rid) or abort(404, "Role <{0}> does not exist".format(rid))
parent_ids = RoleRelationCRUD.get_parent_ids(rid)
child_ids = RoleRelationCRUD.get_child_ids(rid)
for i in RoleRelation.get_by(parent_id=rid, to_dict=False):
i.soft_delete()
for i in RoleRelation.get_by(child_id=rid, to_dict=False):
i.soft_delete()
for i in RolePermission.get_by(rid=rid, to_dict=False):
i.soft_delete()
role_rebuild.apply_async(args=(parent_ids + child_ids,), queue=ACL_QUEUE)
RoleCache.clean(rid)
RoleRelationCache.clean(rid)
role.soft_delete()
@staticmethod
def get_resources(rid):
res = RolePermission.get_by(rid=rid, to_dict=False)
id2perms = dict(id2perms={}, group2perms={})
for i in res:
if i.resource_id:
id2perms['id2perms'].setdefault(i.resource_id, []).append(i.perm.name)
elif i.group_id:
id2perms['group2perms'].setdefault(i.group_id, []).append(i.perm.name)
return id2perms
@staticmethod
def get_group_ids(resource_id):
return [i.group_id for i in ResourceGroupItems.get_by(resource_id, to_dict=False)]
@classmethod
def has_permission(cls, rid, resource_name, perm):
resource = Resource.get_by(name=resource_name, first=True, to_dict=False)
resource = resource or abort(403, "Resource <{0}> is not in ACL".format(resource_name))
parent_ids = cls.recursive_parent_ids(rid)
parent_ids = RoleRelationCRUD.recursive_parent_ids(rid)
group_ids = cls.get_group_ids(resource.id)
@@ -154,7 +183,7 @@ class RoleCRUD(object):
resource = Resource.get_by(name=resource_name, first=True, to_dict=False)
resource = resource or abort(403, "Resource <{0}> is not in ACL".format(resource_name))
parent_ids = cls.recursive_parent_ids(rid)
parent_ids = RoleRelationCRUD.recursive_parent_ids(rid)
group_ids = cls.get_group_ids(resource.id)
perms = []