mirror of https://github.com/veops/cmdb.git
175 lines
5.8 KiB
Python
175 lines
5.8 KiB
Python
# -*- coding:utf-8 -*-
|
|
|
|
from flask import abort
|
|
from flask import current_app
|
|
from flask import request
|
|
from flask_login import current_user
|
|
|
|
from api.lib.decorator import args_required
|
|
from api.lib.decorator import args_validate
|
|
from api.lib.perm.acl import validate_app
|
|
from api.lib.perm.acl.acl import is_app_admin
|
|
from api.lib.perm.acl.cache import AppCache
|
|
from api.lib.perm.acl.cache import RoleCache
|
|
from api.lib.perm.acl.resp_format import ErrFormat
|
|
from api.lib.perm.acl.role import RoleCRUD
|
|
from api.lib.perm.acl.role import RoleRelationCRUD
|
|
from api.lib.perm.auth import auth_only_for_acl
|
|
from api.lib.perm.auth import auth_with_app_token
|
|
from api.lib.utils import get_page
|
|
from api.lib.utils import get_page_size
|
|
from api.resource import APIView
|
|
|
|
|
|
class RoleView(APIView):
|
|
url_prefix = ("/roles", "/roles/<int:rid>")
|
|
|
|
@validate_app
|
|
@auth_with_app_token
|
|
def get(self):
|
|
page = get_page(request.values.get("page", 1))
|
|
page_size = get_page_size(request.values.get("page_size"))
|
|
q = request.values.get('q')
|
|
app_id = request.values.get('app_id')
|
|
is_all = request.values.get('is_all', True) in current_app.config.get("BOOL_TRUE")
|
|
user_role = request.values.get('user_role', True) in current_app.config.get("BOOL_TRUE")
|
|
user_only = request.values.get('user_only', False) in current_app.config.get("BOOL_TRUE")
|
|
|
|
numfound, roles = RoleCRUD.search(q, app_id, page, page_size, user_role, is_all, user_only)
|
|
|
|
id2parents = RoleRelationCRUD.get_parents([i.id for i in roles], app_id=app_id)
|
|
|
|
roles = [i.to_dict() for i in roles]
|
|
for i in roles:
|
|
i.pop('password', None)
|
|
|
|
return self.jsonify(numfound=numfound,
|
|
page=page,
|
|
page_size=page_size,
|
|
id2parents=id2parents,
|
|
roles=roles)
|
|
|
|
@args_required('name')
|
|
@validate_app
|
|
@auth_with_app_token
|
|
@args_validate(RoleCRUD.cls, exclude_args=['app_id'])
|
|
def post(self):
|
|
name = request.values.get('name')
|
|
app_id = request.values.get('app_id')
|
|
password = request.values.get('password')
|
|
_is_app_admin = request.values.get('is_app_admin', False)
|
|
|
|
role = RoleCRUD.add_role(name, app_id, password=password, is_app_admin=_is_app_admin)
|
|
|
|
return self.jsonify(role.to_dict())
|
|
|
|
@auth_only_for_acl
|
|
@args_validate(RoleCRUD.cls, exclude_args=['app_id'])
|
|
def put(self, rid):
|
|
role = RoleCRUD.update_role(rid, **request.values)
|
|
|
|
return self.jsonify(role.to_dict())
|
|
|
|
@auth_only_for_acl
|
|
def delete(self, rid):
|
|
RoleCRUD.delete_role(rid)
|
|
|
|
return self.jsonify(rid=rid)
|
|
|
|
|
|
class RoleRelationView(APIView):
|
|
url_prefix = ("/roles/<int:rid>/parents", "/roles/<int:rid>/users", "/roles/<int:rid>/children")
|
|
|
|
@auth_with_app_token
|
|
@validate_app
|
|
def get(self, rid):
|
|
app_id = request.values.get('app_id')
|
|
app = AppCache.get(app_id)
|
|
if app and app.name == "acl":
|
|
app_id = None # global
|
|
|
|
users = RoleRelationCRUD.get_users_by_rid(rid, app_id)
|
|
|
|
return self.jsonify(users=users)
|
|
|
|
@auth_only_for_acl
|
|
@validate_app
|
|
@args_validate(RoleRelationCRUD.cls, exclude_args=['app_id'])
|
|
def post(self, rid):
|
|
|
|
app_id = request.values.get('app_id')
|
|
app = AppCache.get(app_id)
|
|
if app and app.name == "acl":
|
|
app_id = None # global
|
|
|
|
role = RoleCache.get(rid) or abort(400, ErrFormat.role_not_found.format("id={}".format(rid)))
|
|
|
|
if request.values.get('parent_id'):
|
|
parent_id = request.values.get('parent_id')
|
|
|
|
res = RoleRelationCRUD.add(role, parent_id, [rid], app_id)
|
|
|
|
return self.jsonify(res)
|
|
elif request.values.get("child_ids") and isinstance(request.values['child_ids'], list):
|
|
res = RoleRelationCRUD.add(role, rid, request.values['child_ids'], app_id)
|
|
|
|
return self.jsonify(res)
|
|
|
|
else:
|
|
return abort(400, ErrFormat.invalid_request)
|
|
|
|
@args_required('parent_id')
|
|
@auth_only_for_acl
|
|
@validate_app
|
|
def delete(self, rid):
|
|
parent_id = request.values.get('parent_id')
|
|
|
|
app_id = request.values.get('app_id')
|
|
app = AppCache.get(app_id)
|
|
if app and app.name == "acl":
|
|
app_id = None # global
|
|
|
|
RoleRelationCRUD.delete2(parent_id, rid, app_id)
|
|
|
|
return self.jsonify(parent_id=parent_id, child_id=rid)
|
|
|
|
|
|
class RoleResourcesView(APIView):
|
|
url_prefix = "/roles/<int:rid>/resources"
|
|
|
|
@auth_with_app_token
|
|
@validate_app
|
|
def get(self, rid):
|
|
resource_type_id = request.values.get('resource_type_id')
|
|
group_flat = request.values.get('group_flat', True)
|
|
res = RoleCRUD.recursive_resources(rid, request.values['app_id'], resource_type_id, group_flat, to_record=True)
|
|
|
|
return self.jsonify(res)
|
|
|
|
|
|
class RoleHasPermissionView(APIView):
|
|
url_prefix = "/roles/has_perm"
|
|
|
|
@args_required('resource_name')
|
|
@args_required('resource_type_name')
|
|
@args_required('perm')
|
|
@validate_app
|
|
@auth_with_app_token
|
|
def get(self):
|
|
if not request.values.get('rid'):
|
|
role = RoleCache.get_by_name(None, current_user.username)
|
|
role or abort(404, ErrFormat.role_not_found.format(current_user.username))
|
|
else:
|
|
role = RoleCache.get(int(request.values.get('rid')))
|
|
|
|
app_id = request.values.get('app_id')
|
|
if is_app_admin(app_id):
|
|
return self.jsonify(result=True)
|
|
|
|
resource_name = request.values.get('resource_name')
|
|
resource_type_name = request.values.get('resource_type_name')
|
|
perm = request.values.get('perm')
|
|
result = RoleCRUD.has_permission(role.id, resource_name, resource_type_name, app_id, perm)
|
|
|
|
return self.jsonify(result=result)
|