def get_enterprise_user_active_teams(self, enterprise_id, user_id):
tenants = self.get_enterprise_user_teams(enterprise_id, user_id)
if not tenants:
return None
active_tenants_list = []
for tenant in tenants:
user = user_repo.get_user_by_user_id(tenant.creater)
try:
role = user_role_repo.get_role_names(user.user_id, tenant.tenant_id)
except UserRoleNotFoundException:
if tenant.creater == user.user_id:
role = "owner"
else:
role = None
region_name_list = []
user = user_repo.get_user_by_user_id(tenant.creater)
region_list = team_repo.get_team_regions(tenant.tenant_id)
if region_list:
region_name_list = region_list.values_list("region_name", flat=True)
active_tenants_list.append({
"tenant_id": tenant.tenant_id,
"team_alias": tenant.tenant_alias,
"owner": tenant.creater,
"owner_name": user.get_name(),
"enterprise_id": tenant.enterprise_id,
"create_time": tenant.create_time,
"team_name": tenant.tenant_name,
"region": tenant.region,
"region_list": region_name_list,
"num": len(ServiceGroup.objects.filter(tenant_id=tenant.tenant_id)),
"role": role
})
active_tenants_list.sort(key=lambda x: x["num"], reverse=True)
active_tenants_list = active_tenants_list[:3]
return active_tenants_list
def add_service_perm(self, current_user, user_id, tenant, service,
identity):
if current_user.user_id == user_id:
return 409, u"不能给自己添加应用权限", None
user = user_repo.get_user_by_user_id(user_id)
if not user:
return 404, "用户{0}不存在".format(user_id), None
service_perm = service_perm_repo.get_service_perm_by_user_pk(
service.ID, user_id)
if service_perm:
return 409, "用户{0}已有权限,无需添加".format(user.nick_name), None
service_perm = service_perm_repo.add_service_perm(
user_id, service.ID, identity)
perm_tenant = perms_repo.get_user_tenant_perm(tenant.ID, user_id)
enterprise = None
try:
enterprise = enterprise_repo.get_enterprise_by_enterprise_id(
tenant.enterprise_id)
except Exception as e:
pass
if not perm_tenant:
perm_info = {
"user_id": user.user_id,
"tenant_id": tenant.ID,
"identity": "access",
"enterprise_id": enterprise.ID if enterprise else 0
}
perm_tenant = perms_repo.add_user_tenant_perm(perm_info)
logger.debug("service_perm {0} , perm_tenant {1}".format(
service_perm, perm_tenant))
return 200, "已向用户{0}授权".format(user.nick_name), service_perm
def check_user_password(self, user_id, password):
u = user_repo.get_user_by_user_id(user_id=user_id)
if u:
default_pass = u.check_password("goodrain")
if not default_pass:
return u.check_password(password)
return default_pass
else:
raise AccountNotExistError("账户不存在")
def update_password(self, user_id, new_password):
u = user_repo.get_user_by_user_id(user_id=user_id)
if not u:
raise AccountNotExistError("账户不存在")
else:
if len(new_password) < 8:
raise PasswordTooShortError("密码不能小于8位")
u.set_password(new_password)
u.save()
return True, "password update success"
def get_enterprises_by_user_id(self, user_id):
try:
user = user_repo.get_user_by_user_id(user_id)
tenant_ids = team_repo.get_tenants_by_user_id(user_id).values_list("tenant_id", flat=True)
enterprise_ids = list(
TenantRegionInfo.objects.filter(tenant_id__in=tenant_ids).values_list("enterprise_id", flat=True))
enterprise_ids.append(user.enterprise_id)
enterprises = TenantEnterprise.objects.filter(enterprise_id__in=enterprise_ids)
return enterprises
except Exception:
raise ExterpriseNotExistError
def get_enterprise_user_active_teams(self, enterprise_id, user_id):
tenants = self.get_enterprise_user_teams(enterprise_id, user_id)
if not tenants:
return None
active_tenants_list = []
for tenant in tenants:
role = None
owner = None
try:
owner = user_repo.get_user_by_user_id(tenant.creater)
role = user_role_repo.get_role_names(user_id, tenant.tenant_id)
except UserNotExistError:
pass
except UserRoleNotFoundException:
if tenant.creater == user_id:
role = "owner"
region_name_list = team_repo.get_team_region_names(
tenant.tenant_id)
if len(region_name_list) > 0:
team_item = {
"tenant_id":
tenant.tenant_id,
"team_alias":
tenant.tenant_alias,
"owner":
tenant.creater,
"owner_name":
owner.get_name() if owner else "",
"enterprise_id":
tenant.enterprise_id,
"create_time":
tenant.create_time,
"team_name":
tenant.tenant_name,
"region":
region_name_list[0] if region_name_list else "",
"region_list":
region_name_list,
"num":
len(ServiceGroup.objects.filter(
tenant_id=tenant.tenant_id)),
"role":
role
}
if not team_item["region"] and len(region_name_list) > 0:
team_item["region"] = region_name_list[0]
active_tenants_list.append(team_item)
active_tenants_list.sort(key=lambda x: x["num"], reverse=True)
active_tenants_list = active_tenants_list[:3]
return active_tenants_list
def team_with_region_info(self,
tenant,
request_user=None,
get_region=True):
try:
user = user_repo.get_user_by_user_id(tenant.creater)
owner_name = user.get_name()
except UserNotExistError:
owner_name = None
info = {
"team_name": tenant.tenant_name,
"team_alias": tenant.tenant_alias,
"team_id": tenant.tenant_id,
"create_time": tenant.create_time,
"enterprise_id": tenant.enterprise_id,
"owner": tenant.creater,
"owner_name": owner_name,
}
if request_user:
user_role_list = user_kind_role_service.get_user_roles(
kind="team", kind_id=tenant.tenant_id, user=request_user)
roles = [x["role_name"] for x in user_role_list["roles"]]
if tenant.creater == request_user.user_id:
roles.append("owner")
info["roles"] = roles
if get_region:
region_info_map = []
region_name_list = team_repo.get_team_region_names(
tenant.tenant_id)
if region_name_list:
region_infos = region_repo.get_region_by_region_names(
region_name_list)
if region_infos:
for region in region_infos:
region_info_map.append({
"region_name":
region.region_name,
"region_alias":
region.region_alias
})
info["region"] = region_info_map[0]["region_name"] if len(
region_info_map) > 0 else ""
info["region_list"] = region_info_map
return info
def add_user_service_perm(self, current_user, user_list, tenant, service,
perm_list):
"""添加用户在一个应用中的权限"""
if current_user.user_id in user_list:
return 409, u"不能给自己添加应用权限", None
for user_id in user_list:
user = user_repo.get_user_by_user_id(user_id)
if not user:
return 404, "用户{0}不存在".format(user_id), None
service_perm = service_perm_repo.get_service_perm_by_user_pk_service_pk(
service_pk=service.ID, user_pk=user_id)
if service_perm:
return 409, "用户{0}已有权限,无需添加".format(user.nick_name), None
service_perm_repo.add_user_service_perm(user_ids=user_list,
service_pk=service.ID,
perm_ids=perm_list)
enterprise = None
try:
enterprise = enterprise_repo.get_enterprise_by_enterprise_id(
tenant.enterprise_id)
except Exception as e:
logger.exception(e)
pass
for user_id in user_list:
perm_tenant = perms_repo.get_user_tenant_perm(tenant.ID, user_id)
if not perm_tenant:
perm_info = {
"user_id": user_id,
"tenant_id": tenant.ID,
"role_id": role_repo.get_role_id_by_role_name("viewer"),
"enterprise_id": enterprise.ID if enterprise else 0
}
perm_tenant = perms_repo.add_user_tenant_perm(perm_info)
return 200, "添加用户应用权限成功", None
def __team_with_region_info(self, tenant, user_id=None):
role = ""
owner_name = ""
try:
user = user_repo.get_user_by_user_id(tenant.creater)
owner_name = user.get_name()
if user_id:
role = user_role_repo.get_role_names(user_id, tenant.tenant_id)
except UserNotExistError:
pass
except UserRoleNotFoundException:
if tenant.creater == user_id:
role = "owner"
region_info_map = []
region_list = team_repo.get_team_regions(tenant.tenant_id)
if region_list:
region_name_list = region_list.values_list("region_name",
flat=True)
region_infos = region_repo.get_region_by_region_names(
region_name_list)
if region_infos:
for region in region_infos:
region_info_map.append({
"region_name": region.region_name,
"region_alias": region.region_alias
})
info = {
"team_name": tenant.tenant_name,
"team_alias": tenant.tenant_alias,
"team_id": tenant.tenant_id,
"create_time": tenant.create_time,
"region": tenant.region,
"region_list": region_info_map,
"enterprise_id": tenant.enterprise_id,
"owner": tenant.creater,
"owner_name": owner_name,
}
if user_id:
info["role"] = role
return info
def __team_with_region_info(self, tenant, request_user=None):
try:
user = user_repo.get_user_by_user_id(tenant.creater)
owner_name = user.get_name()
except UserNotExistError:
owner_name = None
if request_user:
user_role_list = user_kind_role_service.get_user_roles(
kind="team", kind_id=tenant.tenant_id, user=request_user)
roles = map(lambda x: x["role_name"], user_role_list["roles"])
if tenant.creater == request_user.user_id:
roles.append("owner")
region_info_map = []
region_list = team_repo.get_team_regions(tenant.tenant_id)
if region_list:
region_name_list = region_list.values_list("region_name",
flat=True)
region_infos = region_repo.get_region_by_region_names(
region_name_list)
if region_infos:
for region in region_infos:
region_info_map.append({
"region_name": region.region_name,
"region_alias": region.region_alias
})
info = {
"team_name": tenant.tenant_name,
"team_alias": tenant.tenant_alias,
"team_id": tenant.tenant_id,
"create_time": tenant.create_time,
"region": tenant.region,
"region_list": region_info_map,
"enterprise_id": tenant.enterprise_id,
"owner": tenant.creater,
"owner_name": owner_name,
}
if request_user:
info["roles"] = roles
return info
def get(self, request, enterprise_id, *args, **kwargs):
code = 200
new_join_team = []
request_join_team = []
try:
tenants = enterprise_repo.get_enterprise_user_teams(enterprise_id, request.user.user_id)
join_tenants = enterprise_repo.get_enterprise_user_join_teams(enterprise_id, request.user.user_id)
active_tenants = enterprise_repo.get_enterprise_user_active_teams(enterprise_id, request.user.user_id)
request_tenants = enterprise_repo.get_enterprise_user_request_join(enterprise_id, request.user.user_id)
if tenants:
for tenant in tenants[:3]:
region_name_list = []
region_name_list = team_repo.get_team_region_names(tenant.tenant_id)
user_role_list = user_kind_role_service.get_user_roles(
kind="team", kind_id=tenant.tenant_id, user=request.user)
roles = [x["role_name"] for x in user_role_list["roles"]]
if tenant.creater == request.user.user_id:
roles.append("owner")
owner = user_repo.get_by_user_id(tenant.creater)
if len(region_name_list) > 0:
team_item = {
"team_name": tenant.tenant_name,
"team_alias": tenant.tenant_alias,
"team_id": tenant.tenant_id,
"create_time": tenant.create_time,
"region": region_name_list[0], # first region is default
"region_list": region_name_list,
"enterprise_id": tenant.enterprise_id,
"owner": tenant.creater,
"owner_name": (owner.get_name() if owner else None),
"roles": roles,
"is_pass": True,
}
new_join_team.append(team_item)
if join_tenants:
for tenant in join_tenants:
region_name_list = team_repo.get_team_region_names(tenant.team_id)
tenant_info = team_repo.get_team_by_team_id(tenant.team_id)
try:
user = user_repo.get_user_by_user_id(tenant_info.creater)
nick_name = user.nick_name
except UserNotExistError:
nick_name = None
if len(region_name_list) > 0:
team_item = {
"team_name": tenant.team_name,
"team_alias": tenant.team_alias,
"team_id": tenant.team_id,
"create_time": tenant_info.create_time,
"region": region_name_list[0],
"region_list": region_name_list,
"enterprise_id": tenant_info.enterprise_id,
"owner": tenant_info.creater,
"owner_name": nick_name,
"role": None,
"is_pass": tenant.is_pass,
}
new_join_team.append(team_item)
if request_tenants:
for request_tenant in request_tenants:
region_name_list = team_repo.get_team_region_names(request_tenant.team_id)
tenant_info = team_repo.get_team_by_team_id(request_tenant.team_id)
try:
user = user_repo.get_user_by_user_id(tenant_info.creater)
nick_name = user.nick_name
except UserNotExistError:
nick_name = None
if len(region_name_list) > 0:
team_item = {
"team_name": request_tenant.team_name,
"team_alias": request_tenant.team_alias,
"team_id": request_tenant.team_id,
"apply_time": request_tenant.apply_time,
"user_id": request_tenant.user_id,
"user_name": request_tenant.user_name,
"region": region_name_list[0],
"region_list": region_name_list,
"enterprise_id": enterprise_id,
"owner": tenant_info.creater,
"owner_name": nick_name,
"role": "viewer",
"is_pass": request_tenant.is_pass,
}
request_join_team.append(team_item)
data = {
"active_teams": active_tenants,
"new_join_team": new_join_team,
"request_join_team": request_join_team,
}
result = general_message(200, "success", None, bean=data)
except Exception as e:
logger.exception(e)
code = 400
result = general_message(code, "failed", "请求失败")
return Response(result, status=code)
def get(self, request, enterprise_id, user_id, *args, **kwargs):
name = request.GET.get("name", None)
user = user_repo.get_user_by_user_id(user_id)
teams = team_services.list_user_teams(enterprise_id, user, name)
result = general_message(200, "team query success", "查询成功", list=teams)
return Response(result, status=200)
def post(self, request, team_name, user_id, *args, **kwargs):
"""
修改团队成员角色
---
parameters:
- name: team_name
description: 团队名
required: true
type: string
paramType: path
- name: user_id
description: 被修改权限的团队成员id
required: true
type: string
paramType: path
- name: role_ids
description: 角色 格式 {"role_ids": "1,2,3"}
required: true
type: string
paramType: body
"""
try:
perm_list = team_services.get_user_perm_identitys_in_permtenant(
user_id=request.user.user_id, tenant_name=team_name)
perm_tuple = team_services.get_user_perm_in_tenant(
user_id=request.user.user_id, tenant_name=team_name)
no_auth = ("owner" not in perm_list) and (
"admin" not in perm_list
) and "manage_team_member_permissions" not in perm_tuple
if no_auth:
code = 400
result = general_message(code, "no identity", "您没有权限做此操作")
else:
code = 200
role_ids = request.data.get("role_ids", None)
if role_ids:
try:
role_id_list = [int(id) for id in role_ids.split(",")]
except Exception as e:
logger.exception(e)
code = 400
result = general_message(code, "params is empty",
"参数格式不正确")
return Response(result, status=code)
other_user = user_repo.get_user_by_user_id(
user_id=int(user_id))
if other_user.user_id == request.user.user_id:
result = general_message(400, "failed", "您不能修改自己的权限!")
return Response(result, status=400)
for id in role_id_list:
if id not in team_services.get_all_team_role_id(
tenant_name=team_name):
code = 400
result = general_message(
code, "The role does not exist", "该角色在团队中不存在")
return Response(result, status=code)
identity_list = team_services.get_user_perm_identitys_in_permtenant(
user_id=other_user.user_id, tenant_name=team_name)
role_name_list = team_services.get_user_perm_role_in_permtenant(
user_id=other_user.user_id, tenant_name=team_name)
if "owner" in identity_list or "owner" in role_name_list:
result = general_message(400, "failed", "您不能修改创建者的权限!")
return Response(result, status=400)
team_services.change_tenant_role(
user_id=other_user.user_id,
tenant_name=team_name,
role_id_list=role_id_list)
result = general_message(
code, "identity modify success",
"{}角色修改成功".format(other_user.nick_name))
else:
result = general_message(400, "identity failed",
"修改角色时,角色不能为空")
except UserNotExistError as e:
logger.exception(e)
code = 400
result = general_message(code, "users not exist", "该用户不存在")
except Exception as e:
logger.exception(e)
code = 500
result = error_message(e.message)
return Response(result, status=code)
def check_user_password(self, user_id, password):
u = user_repo.get_user_by_user_id(user_id=user_id)
if u:
return u.check_password(password)
else:
raise AccountNotExistError("账户不存在")
def get_user_by_user_id(self, user_id):
return user_repo.get_user_by_user_id(user_id=user_id)
def get(self, request, enterprise_id, *args, **kwargs):
code = 200
new_join_team = []
request_join_team = []
try:
tenants = enterprise_repo.get_enterprise_user_teams(
enterprise_id, request.user.user_id)
join_tenants = enterprise_repo.get_enterprise_user_join_teams(
enterprise_id, request.user.user_id)
active_tenants = enterprise_repo.get_enterprise_user_active_teams(
enterprise_id, request.user.user_id)
request_tenants = enterprise_repo.get_enterprise_user_request_join(
enterprise_id, request.user.user_id)
if tenants:
for tenant in tenants[:3]:
region_name_list = []
user = user_repo.get_user_by_user_id(tenant.creater)
region_list = team_repo.get_team_regions(tenant.tenant_id)
if region_list:
region_name_list = region_list.values_list(
"region_name", flat=True)
try:
role = user_role_repo.get_role_names(
user.user_id, tenant.tenant_id)
except UserRoleNotFoundException:
if tenant.creater == user.user_id:
role = "owner"
else:
role = None
new_join_team.append({
"team_name": tenant.tenant_name,
"team_alias": tenant.tenant_alias,
"team_id": tenant.tenant_id,
"create_time": tenant.create_time,
"region": tenant.region,
"region_list": region_name_list,
"enterprise_id": tenant.enterprise_id,
"owner": tenant.creater,
"owner_name": user.nick_name,
"role": role,
"is_pass": True,
})
if join_tenants:
for tenant in join_tenants:
region_name_list = []
region_list = team_repo.get_team_regions(tenant.team_id)
if region_list:
region_name_list = region_list.values_list(
"region_name", flat=True)
tenant_info = team_repo.get_team_by_team_id(tenant.team_id)
try:
user = user_repo.get_user_by_user_id(
tenant_info.creater)
nick_name = user.nick_name
except UserNotExistError:
nick_name = None
new_join_team.append({
"team_name": tenant.team_name,
"team_alias": tenant.team_alias,
"team_id": tenant.team_id,
"create_time": tenant_info.create_time,
"region": tenant_info.region,
"region_list": region_name_list,
"enterprise_id": tenant_info.enterprise_id,
"owner": tenant_info.creater,
"owner_name": nick_name,
"role": None,
"is_pass": tenant.is_pass,
})
if request_tenants:
for request_tenant in request_tenants:
region_name_list = []
region_list = team_repo.get_team_regions(
request_tenant.team_id)
if region_list:
region_name_list = region_list.values_list(
"region_name", flat=True)
tenant_info = team_repo.get_team_by_team_id(
request_tenant.team_id)
try:
user = user_repo.get_user_by_user_id(
tenant_info.creater)
nick_name = user.nick_name
except UserNotExistError:
nick_name = None
request_join_team.append({
"team_name":
request_tenant.team_name,
"team_alias":
request_tenant.team_alias,
"team_id":
request_tenant.team_id,
"apply_time":
request_tenant.apply_time,
"user_id":
request_tenant.user_id,
"user_name":
request_tenant.user_name,
"region":
team_repo.get_team_by_team_id(
request_tenant.team_id).region,
"region_list":
region_name_list,
"enterprise_id":
enterprise_id,
"owner":
tenant_info.creater,
"owner_name":
nick_name,
"role":
"viewer",
"is_pass":
request_tenant.is_pass,
})
data = {
"active_teams": active_tenants,
"new_join_team": new_join_team,
"request_join_team": request_join_team,
}
result = general_message(200, "success", None, bean=data)
except Exception as e:
logger.exception(e)
code = 400
result = general_message(code, "failed", "请求失败")
return Response(result, status=code)
