Dev api 240517 (#511)

* fix(api): list values delete

* fix(acl): role rebuild cache

cmdb-api/api/lib/perm/acl/acl.py

@@ -153,11 +153,11 @@ class ACLManager(object):
         if resource:
             return ResourceCRUD.delete(resource.id, rebuild=rebuild)
 
-    def has_permission(self, resource_name, resource_type, perm, resource_id=None):
+    def has_permission(self, resource_name, resource_type, perm, resource_id=None, rid=None):
         if is_app_admin(self.app_id):
             return True
 
-        role = self._get_role(current_user.username)
+        role = self._get_role(current_user.username) if rid is None else RoleCache.get(rid)
 
         role or abort(404, ErrFormat.role_not_found.format(current_user.username))
 

cmdb-api/api/lib/perm/acl/cache.py

@@ -3,6 +3,7 @@
 
 import msgpack
 import redis_lock
+from flask import current_app
 
 from api.extensions import cache
 from api.extensions import rd
@@ -157,9 +158,9 @@ class RoleRelationCache(object):
     PREFIX_RESOURCES2 = "RoleRelationResources2::id::{0}::AppId::{1}"
 
     @classmethod
-    def get_parent_ids(cls, rid, app_id):
+    def get_parent_ids(cls, rid, app_id, force=False):
         parent_ids = cache.get(cls.PREFIX_PARENT.format(rid, app_id))
-        if not parent_ids:
+        if not parent_ids or force:
             from api.lib.perm.acl.role import RoleRelationCRUD
             parent_ids = RoleRelationCRUD.get_parent_ids(rid, app_id)
             cache.set(cls.PREFIX_PARENT.format(rid, app_id), parent_ids, timeout=0)
@@ -167,9 +168,9 @@ class RoleRelationCache(object):
         return parent_ids
 
     @classmethod
-    def get_child_ids(cls, rid, app_id):
+    def get_child_ids(cls, rid, app_id, force=False):
         child_ids = cache.get(cls.PREFIX_CHILDREN.format(rid, app_id))
-        if not child_ids:
+        if not child_ids or force:
             from api.lib.perm.acl.role import RoleRelationCRUD
             child_ids = RoleRelationCRUD.get_child_ids(rid, app_id)
             cache.set(cls.PREFIX_CHILDREN.format(rid, app_id), child_ids, timeout=0)
@@ -177,14 +178,15 @@ class RoleRelationCache(object):
         return child_ids
 
     @classmethod
-    def get_resources(cls, rid, app_id):
+    def get_resources(cls, rid, app_id, force=False):
         """
         :param rid: 
         :param app_id: 
+        :param force:
         :return: {id2perms: {resource_id: [perm,]}, group2perms: {group_id: [perm, ]}}
         """
         resources = cache.get(cls.PREFIX_RESOURCES.format(rid, app_id))
-        if not resources:
+        if not resources or force:
             from api.lib.perm.acl.role import RoleCRUD
             resources = RoleCRUD.get_resources(rid, app_id)
             if resources['id2perms'] or resources['group2perms']:
@@ -193,9 +195,9 @@ class RoleRelationCache(object):
         return resources or {}
 
     @classmethod
-    def get_resources2(cls, rid, app_id):
+    def get_resources2(cls, rid, app_id, force=False):
         r_g = cache.get(cls.PREFIX_RESOURCES2.format(rid, app_id))
-        if not r_g:
+        if not r_g or force:
             res = cls.get_resources(rid, app_id)
             id2perms = res['id2perms']
             group2perms = res['group2perms']
@@ -232,20 +234,20 @@ class RoleRelationCache(object):
         for _app_id in app_ids:
             cls.clean(rid, _app_id)
 
-            cls.get_parent_ids(rid, _app_id)
-            cls.get_child_ids(rid, _app_id)
-            resources = cls.get_resources(rid, _app_id)
+            cls.get_parent_ids(rid, _app_id, force=True)
+            cls.get_child_ids(rid, _app_id, force=True)
+            resources = cls.get_resources(rid, _app_id, force=True)
             if resources.get('id2perms') or resources.get('group2perms'):
                 HasResourceRoleCache.add(rid, _app_id)
             else:
                 HasResourceRoleCache.remove(rid, _app_id)
-            cls.get_resources2(rid, _app_id)
+            cls.get_resources2(rid, _app_id, force=True)
 
     @classmethod
     @flush_db
     def rebuild2(cls, rid, app_id):
         cache.delete(cls.PREFIX_RESOURCES2.format(rid, app_id))
-        cls.get_resources2(rid, app_id)
+        cls.get_resources2(rid, app_id, force=True)
 
     @classmethod
     def clean(cls, rid, app_id):

cmdb-api/api/lib/perm/acl/role.py

@@ -379,16 +379,16 @@ class RoleCRUD(object):
             resource_type_id = resource_type and resource_type.id
 
         result = dict(resources=dict(), groups=dict())
-        s = time.time()
+        # s = time.time()
         parent_ids = RoleRelationCRUD.recursive_parent_ids(rid, app_id)
-        current_app.logger.info('parent ids {0}: {1}'.format(parent_ids, time.time() - s))
+        # current_app.logger.info('parent ids {0}: {1}'.format(parent_ids, time.time() - s))
         for parent_id in parent_ids:
 
             _resources, _groups = cls._extend_resources(parent_id, resource_type_id, app_id)
-            current_app.logger.info('middle1: {0}'.format(time.time() - s))
+            # current_app.logger.info('middle1: {0}'.format(time.time() - s))
             _merge(result['resources'], _resources)
-            current_app.logger.info('middle2: {0}'.format(time.time() - s))
-            current_app.logger.info(len(_groups))
+            # current_app.logger.info('middle2: {0}'.format(time.time() - s))
+            # current_app.logger.info(len(_groups))
             if not group_flat:
                 _merge(result['groups'], _groups)
             else:
@@ -399,7 +399,7 @@ class RoleCRUD(object):
                             item.setdefault('permissions', [])
                             item['permissions'] = list(set(item['permissions'] + _groups[rg_id]['permissions']))
                             result['resources'][item['id']] = item
-        current_app.logger.info('End: {0}'.format(time.time() - s))
+        # current_app.logger.info('End: {0}'.format(time.time() - s))
 
         result['resources'] = list(result['resources'].values())
         result['groups'] = list(result['groups'].values())