def user_delete(appname, uid):
"""
this api is used to delete user.
Request URL: /auth/user/delete
HTTP Method: POST
Parameters:
{
"uids": 3
}
Return:
{
"status":0
"data":{}
"msg":"delete successfully"
}
"""
uid = int(uid)
user = User.find_one_user(appname, {"_id": uid}, None)
if user:
User.del_user(appname, uid)
return json_response_ok({"id": uid}, msg="delete user success")
else:
return json_response_error(PARAM_ERROR, msg="id:%s is invalid" % uid)
def user_mod(appname, uid, data):
"""
this api is used to modify one user
Request URL: /auth/user/{uid}
HTTP Method:POST
Parameters: None
Return :
{
"status":0
"data":{
"perm_list":[1,2,3,4],
"disable_list":[1,2,3,4],
"id": 1
}
"msg":""
}
"""
cond = {"_id": uid}
user = User.find_one_user(appname, cond, None)
if not user:
return json_response_error(PARAM_ERROR, msg="id:%s is invalid" % uid)
user_name = data["user_name"]
old_user = Group.find_one_group(appname, {"user_name": user_name})
if old_user and old_user["_id"] != uid:
return json_response_error(PARAM_ERROR, msg="the user name exist")
group_id = [int(gid) for gid in data["group_id"]]
user_data = {"user_name": user_name, "mark": data["mark"], "group_id": group_id}
User.update_user(appname, cond, user_data)
return json_response_ok({})
def user_chpasswd(appname, uid, old_pwd, new_pwd):
usr = User.find_one_user(appname, {"_id": int(uid)}, None)
if usr:
if usr.get("password") == old_pwd:
User.update_user(appname, {"_id": int(uid)}, {"password": new_pwd})
return json_response_ok()
else:
_LOGGER.error("old_pwd err")
return json_response_error(AUTH_ERROR)
else:
return json_response_error(AUTH_ERROR)
def user_list(appname, page=0, page_size=PAGE_SIZE, searchKeyword=None):
"""
list api for show user list.
Request URL: /appname/auth/user/list
Http Method: GET
Parameters : None
Return :
{
"status":0
"data":{
"items":[
{
"_id":"2",
"user_name":"admin",
"email":"*****@*****.**",
"permission_list":[19,20,21,22]
},
{
"_id":4,
"user_name":"translator",
"email":"*****@*****.**",
"permission_list":[22,23]
}
]
}
}
"""
cond = {}
if searchKeyword:
cond = search_cond(appname, searchKeyword)
fields = {"password": 0, "super": 0, "permission_list": 0, "department": 0, "is_superuser": 0}
sort = [("last_login", -1)]
user_cursor = User.find_users(appname, cond, fields)
if sort is not None:
user_cursor = user_cursor.sort(sort)
user_cursor = user_cursor.skip(page * page_size).limit(page_size)
total = User.find_users(appname, cond).count()
users = []
for item in user_cursor:
item["id"] = item.pop("_id")
item["last_login"] = unixto_string(item.get("last_login"))
item["role"] = get_role(appname, item["group_id"])
users.append(item)
data = {}
data.setdefault("items", users)
data.setdefault("total", total)
return json_response_ok(data)
def user_create(appname, user_data):
"""
create api to add user.
"""
user_name = user_data["user_name"]
password = user_data.get("password", "123456")
superuser = user_data.get("super")
groups = [int(gid) for gid in user_data["group_id"]]
mark = user_data.get("mark")
if User.find_one_user(appname, {"user_name": user_name}):
return json_response_error(PARAM_ERROR, msg="the user name exist")
user_instance = User.new(user_name, password, superuser, groups, mark=mark)
User.save(appname, user_instance)
return json_response_ok()
def _send_email_to_user(
appname, projectname, module, uid, submit_uid, id, mark):
user_info = User.find_one(
appname, {"_id": submit_uid}, {"user_name": 1, "_id": 0})
subject = u"Check result"
template = os.path.join(TEMPLATE_ROOT, "check_info.html")
mail_to = [user_info.get("user_name")]
from_to = User.find_one(
appname, {"_id": uid}, {"user_name": 1}).get("user_name")
mail_to.append("*****@*****.**")
module = get_module_value(appname, projectname, module)
projectname = get_project_value(projectname)
send_email(
subject, template, mail_to, from_to, projectname, module, id, mark)
def _send_email_to_assessor(appname, projectname, module, uid, uids, ids):
subject = u"Submit check list"
from_info = User.find_one(appname, {"_id": uid}, {"user_name": 1})
from_to = from_info.get("user_name")
mail_to = []
for uid in uids:
user_info = User.find_one(
appname, {"_id": uid}, {"user_name": 1, "_id": 0})
mail_to.append(user_info.get("user_name"))
mail_to.append("*****@*****.**")
template = os.path.join(TEMPLATE_ROOT, "submit_checklist.html")
module = get_module_value(appname, projectname, module)
projectname = get_project_value(projectname)
send_email(subject, template, mail_to, from_to, projectname, module, ids)
def user_login(appname, user_name, password, session):
user_cond = {"user_name": user_name, "password": password}
user_check = User.find_one_user(appname, user_cond, None)
if not user_check:
return json_response_error(AUTH_ERROR, {}, msg="username or password err")
elif not user_check["is_active"]:
return json_response_error(AUTH_ERROR, {}, msg="user is not active")
else:
session["uid"] = int(user_check["_id"])
uid = user_check["_id"]
upt_dict = {"last_login": now_timestamp(), "total_login": user_check.get("total_login") + 1}
User.update_user(appname, {"_id": uid}, upt_dict)
# 业务相关拆分
# permissions = Permission.init_menu(uid)
return json_response_ok({"uid": uid})
def user_right_mod(appname, projectname, uid, data):
"""
this api is used to modify one group
Request URL: /auth/user/{gid}
HTTP Method:POST
Parameters:
{
"perm_list":[1,2,3,4]
"disable_list":[1,2,3,4]
}
Return :
{
"status":0
"data":{}
}
"""
# check if user id in db
cond = {"_id": uid}
fields = {"_id": 0}
user_info = User.find_one_user(appname, cond, fields)
if not user_info:
return json_response_error(PARAM_ERROR, msg="the user not exist")
# check if right id in db
right_list = [int(rid) for rid in data["perm_list"]]
right_list = list(set(right_list))
for rid in right_list:
if not Right.find_one_right(appname, {"_id": rid}):
return json_response_error(PARAM_ERROR, msg="the right id:%s not exist" % rid)
group_perm_ids = []
gids = user_info.get("group_id")
for gid in gids:
group_info = Group.find_one_group(appname, {"_id": gid}, None)
if group_info:
perm_ids = group_info.get("permission_list")
group_perm_ids += perm_ids.get(projectname, [])
if group_perm_ids:
group_perm_ids = list(set(group_perm_ids))
# update user right info
user_right_list = []
for rid in right_list:
if rid not in group_perm_ids:
user_right_list.append(rid)
user_info["permission_list"][projectname] = user_right_list
User.update_user(appname, cond, user_info)
return json_response_ok({}, msg="update user right success")
def get_check_uids(
appname, projectname, applabel, module,
action="checked", perm_lc="all"):
# get perm id
perm_name = '%s-%s-%s' % (applabel, module, action)
right_cond = {
'perm_name': perm_name, 'app_name': projectname, "lc": perm_lc}
perm = Right.find_one(appname, right_cond)
if not perm:
_LOGGER.error("the right:%s not exist" % perm_name)
#get user who has this right
check_ids = []
perm_id = perm["_id"]
perm_key = "permission_list.%s" % projectname
group_cond = {perm_key: perm_id}
groups_info = Group.find(appname, group_cond)
group_ids = [i["_id"] for i in groups_info]
for gid in group_ids:
group_info = user_info(appname, gid)
user_ids = [i["id"] for i in group_info]
check_ids += user_ids
user_cond = {perm_key: perm_id}
users_info = User.find(appname, user_cond)
user_ids = [i["_id"] for i in users_info]
check_ids += user_ids
check_ids = list(set(check_ids))
return check_ids
def check_session(appname, module, opname, action, lc, uid):
'''
check user right
'''
rightids = []
perm_names = ['%s-%s-%s' % (opname, module, action), ]
for perm_name in perm_names:
perm = Right.find_one_right(appname, {'perm_name': perm_name})
if perm:
if perm['_id'] not in rightids:
rightids.append(perm['_id'])
usr = User.find_one_user({'_id': uid})
usrights = usr['permission_list']
if not usr:
return json_response_error(AUTH_ERROR)
if usr['is_superuser']:
return json_response_ok()
usrgroup = usr['group_id']
for group in usrgroup:
group_info = Group.find_one_group({'_id': group})
usrights.extend(group_info['permission_list'])
for rightid in rightids:
if rightid in usrights:
return json_response_ok()
return json_response_error(AUTH_ERROR)
def user_get(appname, user_id):
"""
this api is used to view one group
Request URL: /auth/user/{gid}
HTTP Method:GET
Return:
Parameters: None
{
"status":0
"data":{
"item":[
{
"id":"2",
"role":"admin",
"last_login": "******"
}
}
"""
fields = {"group_id": 1, "_id": 1, "user_name": 1, "mark": 1}
user_info = User.find_one_user(appname, {"_id": user_id}, fields)
if user_info:
user_info["id"] = user_info["_id"]
_LOGGER.info(user_info)
return json_response_ok(user_info)
else:
return json_response_error(PARAM_ERROR, msg="not user:%s" % user_id)
def navigate_list(appname, uid):
try:
uid = int(uid)
except ValueError as expt:
_LOGGER.error("get navigate para except:%s", expt)
return json_response_error(
PARAM_ERROR, msg="uid error,check parameters format")
cond = {"_id": uid}
user_info = User.find_one_user(appname, cond, None)
if not user_info:
return json_response_error(PARAM_ERROR, msg="the user not exist")
nav = init_navigate_list(appname, uid)
data = {}
data.setdefault("navigate", nav)
return json_response_ok(data)
def user_active(appname, data):
"""
this api is used to active one user
Request URL: /auth/active/user/
HTTP Method:POST
Parameters: None
Return :
{
"status":0
"data":{
"is_active":False,
"id": 1
}
"msg":""
}
"""
user_id = int(data["id"])
cond = {"_id": user_id}
user_info = User.find_one_user(appname, cond)
if not user_info:
return json_response_error(PARAM_ERROR, msg="the user id not exist")
user_data = {"is_active": data["is_active"]}
User.update_user(appname, cond, user_data)
return json_response_ok(data)
def init_navigate_list(appname, uid):
'''
return values like below:
[
{
"display_value":"环信",
"value":"square_console"
}
]
'''
assert uid
cond = {"_id": uid}
user_info = User.find_one_user(appname, cond, None)
app_names = []
if user_info.get("is_superuser"):
app_names = Right.find_right(
appname, {}, {"app_name": 1}, toarray=True)
else:
user_right_info = user_info.get("permission_list")
# get user privately-owned right
for app_name in user_right_info:
if user_right_info.get(app_name):
app_names.append(app_name)
# get user publicly-owned right
gids = user_info.get("group_id")
if gids:
for gid in gids:
group_info = Group.find_one_group(appname, {"_id": gid}, None)
if group_info:
group_right_info = group_info.get("permission_list")
for app_name in group_right_info:
if group_right_info.get(app_name):
app_names.append(app_name)
else:
_LOGGER.error("group id:%s error", gid)
navigates = []
if app_names:
app_names = list(set(app_names))
for app_name in app_names:
app_dict = {}
app_display = NAV_DICT.get(app_name)
app_dict.setdefault("display_value", app_display)
app_dict.setdefault("value", app_name)
navigates.append(app_dict)
return navigates
def menu_list(appname, projectname, uid):
uid = int(uid)
cond = {"_id": uid}
user_info = User.find_one_user(appname, cond, None)
if not user_info:
return json_response_error(PARAM_ERROR, msg="the user not exist")
menu = init_menu_list(appname, projectname, uid)
permissions = init_perms_list(appname, projectname, uid)
features = init_features(appname, projectname, uid)
total_login = user_info.get("total_login")
data = {}
data.setdefault("menu", menu)
data.setdefault("permissions", permissions)
if total_login == 2:
data.setdefault("need_changepwd", True)
else:
data.setdefault("need_changepwd", False)
data.setdefault("features", features)
return json_response_ok(data)
def user_right_get(appname, projectname, uid):
"""
this api is used to get user perm list
Request URL: /auth/user/{uid}
HTTP Method:POST
Parameters:
{
"group_name":"xxx",
"perm_list":[1,2,3,4]
}
Return :
{
"status":0
"data":{}
"msg":"modify successfully"
}
"""
cond = {"_id": uid}
user_info = User.find_one_user(appname, cond, None)
if not user_info:
return json_response_error(PARAM_ERROR, msg="the user not exist")
right_ids = []
disable_right_ids = []
if user_info:
gids = user_info.get("group_id")
user_perm_ids = user_info.get("permission_list")
right_ids += user_perm_ids.get(projectname, [])
for gid in gids:
group_info = Group.find_one_group(appname, {"_id": gid}, None)
if group_info:
perm_ids = group_info.get("permission_list")
perm_ids = perm_ids.get(projectname, [])
right_ids.extend(perm_ids)
disable_right_ids.extend(perm_ids)
if right_ids:
right_ids = list(set(right_ids))
if disable_right_ids:
disable_right_ids = list(set(disable_right_ids))
rights = {}
rights.setdefault("perm_list", right_ids)
rights.setdefault("disable_list", disable_right_ids)
rights.setdefault("id", uid)
return json_response_ok(rights)
def get_perms_by_uid(appname, projectname, uid, perm_type="module"):
right_ids = []
cond = {"_id": uid}
user_info = User.find_one_user(appname, cond, None)
perm_cond = {"app_name": projectname, "perm_type": perm_type}
if user_info.get("is_superuser"):
return Right.find_right(appname, perm_cond, {"_id": 1}, toarray=True)
else:
user_right_info = user_info.get("permission_list")
right_ids = user_right_info.get(projectname, [])
gids = user_info.get("group_id")
if gids:
for gid in gids:
group_info = Group.find_one_group(appname, {"_id": gid}, None)
if group_info:
group_right_info = group_info.get("permission_list")
right_ids += group_right_info.get(projectname, [])
if right_ids:
right_ids = list(set(right_ids))
return get_perms_by_ids(appname, projectname, right_ids, perm_type)
def user_info(appname, gid):
"""
get user info by group id
Parameters : groupid
Return :
{
"items":[
{
"id":2,
"user_name":"*****@*****.**",
"role":[19,20,21,22],
"last_login":"******",
"total_login": 2,
"mark": ""
},
{
"id":2,
"user_name":"*****@*****.**",
"role":[19,20,21,22],
"last_login":"******",
"total_login": 2,
"mark": ""
}
]
}
"""
cond = {"group_id": gid}
fields = {"password": 0, "super": 0, "permission_list": 0, "department": 0, "is_superuser": 0}
sort = [("last_login", -1)]
user_cursor = User.find_users(appname, cond, fields).sort(sort)
users = []
for item in user_cursor:
item["id"] = item.pop("_id")
item["last_login"] = unixto_string(item.get("last_login"))
item["role"] = get_role(appname, item["group_id"])
users.append(item)
return users
def user_supervise(appname, uid):
user_check = User.find_one_user(appname, {"_id": int(uid)}, None)
if not user_check or not user_check["is_superuser"]:
return False
return True
