def _create_project(parent_id=None, project_full_name=None, visibility=None):
project = Project.get_by_parent_and_name(parent_id, project_full_name)
if project:
raise GulDanException().with_message(u"项目({})已经在组织(id:{})中存在".format(
project_full_name, parent_id)).with_code(409)
project = Project(project_full_name, parent_id, visibility=visibility)
Project.add(project)
return project
def project_delete(resource_id=None):
items = Item.get_resources_under_parent_id(resource_id)
item_ids = [item.id for item in items]
for item_id in item_ids:
item_delete(resource_id=item_id)
Project.delete_by_id(resource_id)
return resource_id
def ensure_project(project_id):
project = Project.get_by_id(project_id)
if not project:
raise GulDanException().with_code(404).with_message(
u"找不到项目(id:{})".format(project_id))
return project
def org_delete(resource_id=None):
projects = Project.get_resources_under_parent_id(resource_id)
for p in projects:
project_delete(resource_id=p.id)
Org.delete_by_id(resource_id)
return resource_id
def can_user_modify_project(project_id, user_hash):
privilege = Privilege.get_privilege_by_user_and_resource(
user_hash, project_id, Resource.Type.PROJECT)
if privilege and privilege.privilege_type == Privilege.Type.MODIFIER:
return True
org_id = Project.get_parent_id(project_id)
return can_user_modify_org(org_id, user_hash)
def validate_user_for_view_project(user_hash, project_id):
if can_user_view_project(project_id, user_hash):
return
org_id = Project.get_parent_id(project_id)
if can_user_view_org(org_id, user_hash):
return
raise GulDanException().with_code(403).with_message(
u"用户({})没有权限查看组织(id:{})".format(g.user_name, project_id))
def create_item_internal(item_name, item_data, item_type, parent_id=None, visibility=None):
project = Project.get_by_id(parent_id)
if not project:
raise GulDanException().with_message(u"找不到项目(id:{})".format(parent_id)).with_code(404)
item_full_name = "{}.{}".format(project.name, item_name)
return _create_item(
parent_id=parent_id,
item_full_name=item_full_name,
item_data=item_data,
item_type=item_type,
visibility=visibility
)
def can_user_view_project(project_id, user_hash):
project = ensure_project(project_id)
if project.visibility == Resource.Visibility.PUBLIC:
return True
privilege = Privilege.get_privilege_by_user_and_resource(
user_hash, project_id, Resource.Type.PROJECT)
if privilege and privilege.privilege_type >= Privilege.Type.VIEWER:
return True
org_id = Project.get_parent_id(project_id)
return can_user_modify_org(org_id, user_hash)
def get_user_hash_for_item(item_id):
item_user_hashes = Privilege.get_user_hash_for_resource(
item_id, Resource.Type.ITEM, TARGET_PRIVILEGES_TYPES_FOR_ITEM)
project_id = Item.get_parent_id(item_id)
project_user_hashes = Privilege.get_user_hash_for_resource(
project_id, Resource.Type.PROJECT, TARGET_PRIVILEGES_TYPES_FOR_PROJECT)
org_id = Project.get_parent_id(project_id)
org_user_hashes = Privilege.get_user_hash_for_resource(
org_id, Resource.Type.ORG, TARGET_PRIVILEGES_TYPES_FOR_ORG)
user_hashes = set()
for uh in item_user_hashes + project_user_hashes + org_user_hashes:
user_hashes.add(uh[0])
return user_hashes
def get_projects_that_user_can_see(user_hash, org_id):
projects = Project.get_projects_under_org(org_id)
public_projects, private_projects = separate_public_and_private_projects(
projects)
projects_list = [p.to_dict() for p in public_projects]
org = Org.get_by_id(org_id)
privileges = Privilege.get_privileges_by_name_prefix(
org.name + ".", user_hash)
project_names_under_user = {
p.resource_name.split(".")[1]
for p in privileges
}
for p in filter(lambda p: p.name.split(".")[1] in project_names_under_user,
private_projects):
projects_list.append(p.to_dict())
return projects_list
def project_modify(resource_id=None, visibility=None):
return Project.update_visibility(resource_id, visibility)
def disable_puller_cache_for_org(target_user, org_id):
for project in Project.get_projects_under_org(org_id):
disable_puller_cache_for_project(target_user, project.id)
def get_all_projects_list(org_id):
projects = Project.get_projects_under_org(org_id)
return [p.to_dict() for p in projects]