def build_group_rawdata(db_executer, role_manager):
"""
调用dingsdk生成供Group使用的raw数据
"""
role_list_index = 0
role_list_continue = True
root_group = Group.valid_objects.get_queryset().get(uid=GROUP_ROOT_UID)
while role_list_continue:
role_list_detail = role_manager.get_roles_list(PAGE_DEFAULT_SIZE, role_list_index)
role_list_continue = role_list_detail['result']['hasMore']
role_list_index += PAGE_DEFAULT_SIZE
for group in role_list_detail['result']['list']:
group_info = {
'name': group['name'],
'parent': None,
'accept_user': False,
'ding_group': {
'uid': group['groupId'],
'subject': 'role',
'is_group': True,
}
}
exist_group = Group.valid_objects.get_queryset().filter(ding_group__uid=group['groupId'],
ding_group__subject='role',
ding_group__is_group=True).first()
if exist_group:
group_without_user = db_executer.update_group(exist_group, group_info)
else:
group_info['uid'] = gen_uid(group_info['name'], cls=Group)
group_without_user = db_executer.create_group(group_info)
db_executer.add_group_to_group(group_without_user, root_group)
for role in group['roles']:
role_info = {
'name': role['name'],
'parent': group['groupId'],
'accept_user': True,
'ding_group': {
'uid': role['id'],
'subject': 'role',
'is_group': False,
}
}
exist_child_group = Group.valid_objects.get_queryset().filter(ding_group__uid=role['id'],
ding_group__subject='role',
ding_group__is_group=False).first()
if exist_child_group:
group_accept_user = db_executer.update_group(exist_child_group, role_info)
else:
role_info['uid'] = gen_uid(role_info['name'], cls=Group)
group_accept_user = db_executer.create_group(role_info)
if group_accept_user.parent != group_without_user:
db_executer.add_group_to_group(group_accept_user, group_without_user)
build_user_group_rawdata(db_executer, role_manager, role['id'], group_accept_user)
def test_gen_uid(self):
uid = gen_uid('测试ab1')
self.assertEqual('ceshiab1', uid)
uid = gen_uid('测试', prefix='pre', suffix='suf')
self.assertEqual('preceshisuf', uid)
uid = gen_uid('测试', cls=Perm)
self.assertEqual('ceshi', uid)
Perm.valid_objects.create(uid=uid)
uid = gen_uid('测试', cls=Perm)
self.assertEqual('ceshi1', uid)
uid = gen_uid('用 户', cls=Perm)
self.assertEqual('yonghu', uid)
uid = gen_uid('f用 abc1 户', cls=Perm)
self.assertEqual('fyongabc1hu', uid)
uid = gen_uid('a用 abc1 (户)', cls=Perm)
self.assertEqual('ayongabc1hu', uid)
uid = gen_uid('A', cls=Perm)
self.assertEqual('a', uid)
def create_department_meta(db_executer, department):
"""
创建department记录
:param department: 一条dingdept数据
:return:
"""
dept_info = {
'name': department.get('name'),
'ding_dept': {
'uid':
department.get('id'),
'data':
json.dumps({
'order': department.get('order', ''),
'createDeptGroup': department.get('createDeptGroup', True),
'deptHiding': department.get('deptHiding', False),
'userpermit': department.get('userPermit', ''),
'outerdep': department.get('outerDept', False),
'outerpermitdepts': department.get('outerPermitDepts', ''),
'outerpermitusers': department.get('outerPermitUsers', ''),
'outerdeponlyself': department.get('outerDeptOnlySelf', False),
'sourceIdentifier': department.get('sourceIdentifier', ''),
})
}
}
exist_ding_dept = DingDept.valid_objects.filter(uid=department.get('id')).first()
if exist_ding_dept:
return db_executer.update_dept(exist_ding_dept.dept, dept_info)
dept_info['uid'] = gen_uid(dept_info['name'], cls=Dept)
return db_executer.create_dept(dept_info)
def create(self, request, *args, **kwargs): # pylint: disable=unused-argument
'''
添加子组,从无到有 [POST]
'''
parent_group = self.get_object()
group_data = request.data
uid = group_data.get('uid', '')
if 'manager_group' in group_data:
if parent_group.uid == 'manager':
if not group_data.get('name', ''):
name = "".join(
random.choice(string.ascii_lowercase)
for _ in range(8))
group_data.update(name=name)
else:
group_data.pop('manager_group')
if not uid:
name = group_data.get('name')
if not name:
raise ValidationError({'name': ['this field is required']})
uid = gen_uid(name=name, cls=Group)
group_data['uid'] = uid
cli = CLI()
group_data.update(parent_uid=self.kwargs['uid'])
child_group = cli.create_group(group_data)
cli.add_group_to_group(child_group, parent_group)
if parent_group.uid == 'intra':
self._auto_create_manager_group(request, child_group)
transaction.on_commit(
lambda: WebhookManager.group_created(child_group))
return Response(GroupDetailSerializer(child_group).data,
status=status.HTTP_201_CREATED)
def create(self, validated_data):
scope = validated_data.get('scope')
name = validated_data.get('name')
prefix = f'app_{scope}_'
uid = gen_uid(name, cls=Perm, prefix=prefix)
action = uid.replace(prefix, '', 1)
return Perm.objects.create(name=name, scope=scope, action=action)
def create(self, validated_data):
'''
create app
create oauth_app if provided
create oidc_app if provided
create http_app if provided
create saml_app if provided
'''
if 'uid' not in validated_data:
validated_data['uid'] = gen_uid(validated_data['name'],
cls=self.Meta.model)
oauth_app_data = validated_data.pop('oauth_app', None)
oidc_app_data = validated_data.pop('oidc_app', None)
saml_app_data = validated_data.pop('saml_app', None)
ldap_app_data = validated_data.pop('ldap_app', None)
http_app_data = validated_data.pop('http_app', None)
app = APP.objects.create(**validated_data)
if oauth_app_data is not None:
oauth_app_serializer = OAuthAPPSerializer(data=oauth_app_data)
oauth_app_serializer.is_valid(raise_exception=True)
oauth_app_serializer.save(app=app, name=app.name)
if ldap_app_data is not None:
serializer = LDAPAPPSerializer(data=ldap_app_data)
serializer.is_valid(raise_exception=True)
serializer.save(app=app)
if http_app_data is not None:
serializer = HTTPAPPSerializer(data=http_app_data)
serializer.is_valid(raise_exception=True)
serializer.save(app=app)
if oidc_app_data is not None:
oidc_app_serializer = OIDCAPPSerializer(data=oidc_app_data)
oidc_app_serializer.is_valid(raise_exception=True)
oidc_app_serializer.save(app=app, name=app.name)
if saml_app_data is not None:
saml_app_data['app'] = app
serializer = SAMLAPPSerializer(data=saml_app_data)
serializer.is_valid(raise_exception=True)
serializer.save(app=app)
return app
def create(self, request, *args, **kwargs): # pylint: disable=unused-argument
'''
添加子部门,从无到有 [POST]
'''
parent_dept = self.get_object()
dept_data = json.loads(request.body.decode('utf-8'))
uid = dept_data.get('uid', '')
if not uid:
name = dept_data.get('name')
uid = gen_uid(name=name, cls=Dept)
dept_data['uid'] = uid
dept_data.update(parent_uid=self.kwargs['uid'])
cli = CLI()
child_dept = cli.create_dept(dept_data)
cli.add_dept_to_dept(child_dept, parent_dept)
return Response(DeptDetailSerializer(child_dept).data,
status=status.HTTP_201_CREATED)
def _auto_create_manager_group(request, app):
'''
当创建应用时,自动创建子管理员组
成员只有创建者一人,节点管理范围为空,人员管理范围仅自己,应用管理范围仅此一个应用
'''
cli = CLI()
data = {
'uid': gen_uid(name=uuid_utils.uuid4().hex[:6], cls=Group),
'name': f'管理应用{app.name}',
'manager_group': {
'apps': [app.uid],
'users': [request.user.username],
'scope_subject': 2,
}
}
manager_group = cli.create_group(data)
parent, _ = Group.valid_objects.get_or_create(uid='manager')
cli.add_group_to_group(manager_group, parent)
cli.add_users_to_group([request.user], manager_group)
def _auto_create_manager_group(request, child_group):
'''
当创建大类时,自动创建子管理员组
成员只有创建者一人,节点范围仅此大类,人员管理范围仅自己,应用管理范围为空
'''
cli = CLI()
data = {
'uid': gen_uid(name=uuid_utils.uuid4().hex[:6], cls=Group),
'name': f'管理分组{child_group.name}',
'manager_group': {
'nodes': [child_group.node_uid],
'users': [request.user.username],
'scope_subject': 2,
},
}
manager_group = cli.create_group(data)
parent, _ = Group.valid_objects.get_or_create(uid='manager')
cli.add_group_to_group(manager_group, parent)
cli.add_users_to_group([request.user], manager_group)
def create(self, validated_data):
kwargs = {}
scope = validated_data.get('scope')
kwargs['scope'] = scope
sub_account_data = validated_data.pop('sub_account', None)
if sub_account_data:
app = APP.valid_objects.filter(uid=scope).first()
if not app:
raise ValidationError({'scope': 'not found'})
serializer = SubAccountSerializer(data=sub_account_data)
serializer.is_valid(raise_exception=True)
sub_account = serializer.save()
username = sub_account_data['username']
kwargs['name'] = f'以 "{username}" 身份访问 {app.name}'
kwargs['action'] = 'access' + uuid.uuid4().hex[:10]
kwargs['sub_account'] = sub_account
else:
name = validated_data.get('name')
prefix = f'app_{scope}_'
uid = gen_uid(name, cls=Perm, prefix=prefix)
kwargs['name'] = name
kwargs['action'] = uid.replace(prefix, '', 1)
return Perm.objects.create(**kwargs)
def create_user_meta(db_executer, user):
"""
创建user记录
:param user:一条dinguser数据
:return:
"""
# 手机号码校验
# 手机号存在且非中国号码时,需将区号
# 以 `+852 98765432` 的形式附上
mobile = user.get('mobile', '')
mobile = f"+{user.get('stateCode', '')} {mobile}" if mobile and not is_cn_mobile(
mobile) else mobile
user_info = {
'password': '',
'name': user.get('name'),
'private_email': user.get('email', ''),
'email': user.get('orgEmail', ''),
'mobile': mobile,
'employee_number': user.get('jobnumber', ''),
'gender': UNKNOWN_GENDER,
'ding_user': {
'uid':
user.get('userid'),
'account':
user.get('mobile', ''),
'data':
json.dumps({
'uname': user.get('name'),
'position': user.get('position', ''),
'tel': user.get('tel', ''),
'workplace': user.get('workPlace', ''),
'remark': user.get('remark', ''),
'email': user.get('email', ''),
'orgemail': user.get('orgEmail', ''),
'jobnumber': user.get('jobnumber', ''),
'ishide': user.get('isHide', ''),
'issenior': user.get('issenior', ''),
})
}
}
# 通过钉钉uid匹配
exist_ding_user = DingUser.valid_objects.filter(
uid=user.get('userid')).first()
if exist_ding_user:
return db_executer.update_user(exist_ding_user.user, user_info)
# 通过手机号匹配
exist_mobile_user = User.valid_objects.filter(mobile=mobile).first()
if exist_mobile_user:
return db_executer.update_user(exist_mobile_user, user_info)
# 通过私人邮箱匹配
private_email = user.get('email', '')
if private_email != '':
exist_private_email_user = User.valid_objects.filter(
private_email=private_email).first()
if exist_private_email_user:
return db_executer.update_user(exist_private_email_user, user_info)
# 通过企业邮箱匹配
email = user.get('orgEmail', '')
if email != '':
exist_email_user = User.valid_objects.filter(email=email).first()
if exist_email_user:
return db_executer.update_user(exist_email_user, user_info)
user_info['username'] = gen_uid(user_info['name'],
cls=User,
uid_field='username')
return db_executer.create_user(user_info)
def update(self, instance, validated_data): # pylint: disable=too-many-locals, too-many-statements, too-many-branches
company_config_data = validated_data.pop('company_config', None)
if company_config_data:
if not Dept.valid_objects.filter(parent__uid='root').exists():
uid = gen_uid(name=company_config_data.get('name_cn', ''),
cls=Dept)
parent_dept = Dept.valid_objects.filter(uid='root').first()
cli = CLI()
dept_data = {
'parent_uid': 'root',
'name': company_config_data.get('name_cn', ''),
'uid': uid,
}
child_dept = cli.create_dept(dept_data)
cli.add_dept_to_dept(child_dept, parent_dept)
else:
company_dept = Dept.valid_objects.filter(
parent__uid='root').first()
company_dept.name = company_config_data.get('name_cn', '')
company_dept.save()
serializer = CompanyConfigSerializer(CompanyConfig.get_current(),
company_config_data)
serializer.is_valid(raise_exception=True)
serializer.save()
account_config_data = validated_data.pop('account_config', None)
if account_config_data:
serializer = AccountConfigSerializer(AccountConfig.get_current(),
account_config_data,
partial=True)
serializer.is_valid(raise_exception=True)
serializer.save()
ding_config_data = validated_data.pop('ding_config', None)
if ding_config_data:
serializer = DingConfigSerializer(DingConfig.get_current(),
ding_config_data,
partial=True)
serializer.is_valid(raise_exception=True)
serializer.save()
sms_config_data = validated_data.pop('sms_config', None)
if sms_config_data:
access_secret = sms_config_data.pop('access_secret', '')
config = SMSConfig.get_current()
serializer = SMSConfigSerializer(config,
sms_config_data,
partial=True)
serializer.is_valid(raise_exception=True) # pylint: disable=not-callable
config.__dict__.update(serializer.validated_data)
if access_secret:
config.access_secret = access_secret
if not config.check_valid():
raise ValidationError({'sms': ['invalid']})
config.is_valid = True
config.save()
email_config_data = validated_data.pop('email_config', None)
if email_config_data:
access_secret = email_config_data.pop('access_secret', '')
config = EmailConfig.get_current()
serializer = EmailConfigSerializer(config,
email_config_data,
partial=True)
serializer.is_valid(raise_exception=True) # pylint: disable=not-callable
config.__dict__.update(serializer.validated_data)
if access_secret:
config.access_secret = access_secret
if not config.check_valid():
raise ValidationError({'email': ['invalid']})
config.is_valid = True
config.save()
alipay_config_data = validated_data.pop('alipay_config', None)
if alipay_config_data:
if alipay_config_data["app_id"] != '':
serializer = AlipayConfigSerializer(AlipayConfig.get_current(),
alipay_config_data,
partial=True)
serializer.is_valid(raise_exception=True)
serializer.save()
qq_config_data = validated_data.pop('qq_config', None)
if qq_config_data:
serializer = QQConfigSerializer(QQConfig.get_current(),
qq_config_data,
partial=True)
serializer.is_valid(raise_exception=True)
serializer.save()
work_wechat_config_data = validated_data.pop('work_wechat_config',
None)
if work_wechat_config_data:
serializer = WorkWechatConfigSerializer(WorkWechatConfig.get_current(),\
work_wechat_config_data, partial=True)
serializer.is_valid(raise_exception=True)
serializer.save()
wechat_config_data = validated_data.pop('wechat_config', None)
if wechat_config_data:
serializer = WechatConfigSerializer(WechatConfig.get_current(),\
wechat_config_data, partial=True)
serializer.is_valid(raise_exception=True)
serializer.save()
password_config_data = validated_data.pop('password_config', None)
if password_config_data:
config = PasswordComplexityConfig.get_current()
serializer = PasswordConfigSerializer(config,
password_config_data,
partial=True)
serializer.is_valid(raise_exception=True) # pylint: disable=not-callable
config.__dict__.update(serializer.validated_data)
config.save()
github_config = validated_data.pop('github_config', None)
if github_config:
config = GithubConfig.get_current()
serializer = GithubConfigSerializer(config,
github_config,
partial=True)
serializer.is_valid(raise_exception=True)
serializer.save()
instance.refresh_from_db()
return instance
def update(self, instance, validated_data):
company_config_data = validated_data.pop('company_config', None)
if company_config_data:
if not Dept.valid_objects.filter(parent__uid='root').exists():
uid = gen_uid(name=company_config_data.get('name_cn', ''), cls=Dept)
parent_dept = Dept.valid_objects.filter(uid='root').first()
cli = CLI()
dept_data = {
'parent_uid': 'root',
'name': company_config_data.get('name_cn', ''),
'uid': uid,
}
child_dept = cli.create_dept(dept_data)
cli.add_dept_to_dept(child_dept, parent_dept)
else:
company_dept = Dept.valid_objects.filter(parent__uid='root').first()
company_dept.name = company_config_data.get('name_cn', '')
company_dept.save()
serializer = CompanyConfigSerializer(CompanyConfig.get_current(), company_config_data)
serializer.is_valid(raise_exception=True)
serializer.save()
ding_config_data = validated_data.pop('ding_config', None)
if ding_config_data:
serializer = DingConfigSerializer(DingConfig.get_current(), ding_config_data, partial=True)
serializer.is_valid(raise_exception=True)
serializer.save()
account_config_data = validated_data.pop('account_config', None)
if account_config_data:
serializer = AccountConfigSerializer(AccountConfig.get_current(), account_config_data, partial=True)
serializer.is_valid(raise_exception=True)
serializer.save()
sms_config_data = validated_data.pop('sms_config', None)
if sms_config_data:
access_secret = sms_config_data.pop('access_secret', '')
config = SMSConfig.get_current()
serializer = SMSConfigSerializer(config, sms_config_data, partial=True)
serializer.is_valid(raise_exception=True) # pylint: disable=not-callable
config.__dict__.update(serializer.validated_data)
if access_secret:
config.access_secret = access_secret
if not config.check_valid():
raise ValidationError({'sms': ['invalid']})
config.is_valid = True
config.save()
email_config_data = validated_data.pop('email_config', None)
if email_config_data:
access_secret = email_config_data.pop('access_secret', '')
config = EmailConfig.get_current()
serializer = EmailConfigSerializer(config, email_config_data, partial=True)
serializer.is_valid(raise_exception=True) # pylint: disable=not-callable
config.__dict__.update(serializer.validated_data)
if access_secret:
config.access_secret = access_secret
if not config.check_valid():
raise ValidationError({'email': ['invalid']})
config.is_valid = True
config.save()
instance.refresh_from_db()
return instance
