From ccf1d1c09a28b83bdefce7d527bdf6a861cea1d0 Mon Sep 17 00:00:00 2001
From: pycook <pycook@126.com>
Date: Fri, 13 Dec 2019 09:59:38 +0800
Subject: [PATCH] catch abort exception when getting relation views

---
 api/commands/click_cmdb.py | 12 ++++++------
 api/lib/cmdb/preference.py | 22 ++++++++++++++++------
 api/lib/exception.py       |  6 ++++++
 api/lib/perm/acl/cache.py  |  3 ++-
 4 files changed, 30 insertions(+), 13 deletions(-)

diff --git a/api/commands/click_cmdb.py b/api/commands/click_cmdb.py
index e8a9a88..8bf2f51 100644
--- a/api/commands/click_cmdb.py
+++ b/api/commands/click_cmdb.py
@@ -6,7 +6,6 @@ import json
 import click
 from flask import current_app
 from flask.cli import with_appcontext
-from werkzeug.exceptions import BadRequest
 
 import api.lib.cmdb.ci
 from api.extensions import db
@@ -17,6 +16,7 @@ from api.lib.cmdb.const import REDIS_PREFIX_CI_RELATION
 from api.lib.cmdb.const import ResourceTypeEnum
 from api.lib.cmdb.const import RoleEnum
 from api.lib.cmdb.const import ValueTypeEnum
+from api.lib.exception import AbortException
 from api.lib.perm.acl.acl import ACLManager
 from api.lib.perm.acl.cache import AppCache
 from api.lib.perm.acl.resource import ResourceCRUD
@@ -96,17 +96,17 @@ def init_acl():
     for resource_type in ResourceTypeEnum.all():
         try:
             ResourceTypeCRUD.add(app_id, resource_type, '', PermEnum.all())
-        except BadRequest:
+        except AbortException:
             pass
 
     # 2. add role
     try:
         RoleCRUD.add_role(RoleEnum.CONFIG, app_id, True)
-    except BadRequest:
+    except AbortException:
         pass
     try:
         RoleCRUD.add_role(RoleEnum.CMDB_READ_ALL, app_id, False)
-    except BadRequest:
+    except AbortException:
         pass
 
     # 3. add resource and grant
@@ -115,7 +115,7 @@ def init_acl():
     for ci_type in ci_types:
         try:
             ResourceCRUD.add(ci_type.name, type_id, app_id)
-        except BadRequest:
+        except AbortException:
             pass
 
         ACLManager().grant_resource_to_role(ci_type.name,
@@ -128,7 +128,7 @@ def init_acl():
     for view in relation_views:
         try:
             ResourceCRUD.add(view.name, type_id, app_id)
-        except BadRequest:
+        except AbortException:
             pass
 
         ACLManager().grant_resource_to_role(view.name,
diff --git a/api/lib/cmdb/preference.py b/api/lib/cmdb/preference.py
index d7affc7..aca9a4b 100644
--- a/api/lib/cmdb/preference.py
+++ b/api/lib/cmdb/preference.py
@@ -15,13 +15,14 @@ from api.lib.cmdb.attribute import AttributeManager
 from api.lib.cmdb.cache import AttributeCache
 from api.lib.cmdb.cache import CITypeAttributeCache
 from api.lib.cmdb.cache import CITypeCache
+from api.lib.cmdb.const import ResourceTypeEnum, RoleEnum, PermEnum
+from api.lib.exception import AbortException
+from api.lib.perm.acl.acl import ACLManager
 from api.models.cmdb import CITypeAttribute
 from api.models.cmdb import CITypeRelation
 from api.models.cmdb import PreferenceRelationView
 from api.models.cmdb import PreferenceShowAttributes
 from api.models.cmdb import PreferenceTreeView
-from api.lib.perm.acl.acl import ACLManager
-from api.lib.cmdb.const import ResourceTypeEnum, RoleEnum, PermEnum
 
 
 class PreferenceManager(object):
@@ -118,11 +119,19 @@ class PreferenceManager(object):
 
     @staticmethod
     def get_relation_view():
-        views = PreferenceRelationView.get_by(to_dict=True)
+        _views = PreferenceRelationView.get_by(to_dict=True)
+        views = []
         if current_app.config.get("USE_ACL"):
-            views = [i for i in views if ACLManager().has_permission(i.get('name'),
-                                                                     ResourceTypeEnum.RELATION_VIEW,
-                                                                     PermEnum.READ)]
+            for i in _views:
+                try:
+                    if ACLManager().has_permission(i.get('name'),
+                                                   ResourceTypeEnum.RELATION_VIEW,
+                                                   PermEnum.READ):
+                        views.append(i)
+                except AbortException:
+                    pass
+        else:
+            views = _views
 
         view2cr_ids = dict()
         result = dict()
@@ -175,6 +184,7 @@ class PreferenceManager(object):
             return abort(400, "Node must be selected")
 
         existed = PreferenceRelationView.get_by(name=name, to_dict=False, first=True)
+        current_app.logger.debug(existed)
         if existed is None:
             PreferenceRelationView.create(name=name, cr_ids=json.dumps(cr_ids))
 
diff --git a/api/lib/exception.py b/api/lib/exception.py
index 0a68289..f006d33 100644
--- a/api/lib/exception.py
+++ b/api/lib/exception.py
@@ -1,5 +1,11 @@
 # -*- coding:utf-8 -*-
 
 
+from werkzeug.exceptions import NotFound, Forbidden, BadRequest
+
+
 class CommitException(Exception):
     pass
+
+
+AbortException = (NotFound, Forbidden, BadRequest)
diff --git a/api/lib/perm/acl/cache.py b/api/lib/perm/acl/cache.py
index d2b8a4f..a8fd13d 100644
--- a/api/lib/perm/acl/cache.py
+++ b/api/lib/perm/acl/cache.py
@@ -1,6 +1,7 @@
 # -*- coding:utf-8 -*-
 
 from api.extensions import cache
+from api.extensions import db
 from api.models.acl import App
 from api.models.acl import Permission
 from api.models.acl import Role
@@ -139,7 +140,7 @@ class RoleRelationCache(object):
     @classmethod
     def rebuild(cls, rid):
         cls.clean(rid)
-
+        db.session.close()
         cls.get_parent_ids(rid)
         cls.get_child_ids(rid)
         cls.get_resources(rid)