def get_team_by_team_id(self, team_id): team = team_repo.get_team_by_team_id(team_id=team_id) if team is None: raise Tenants.DoesNotExist() user = user_repo.get_by_user_id(team.creater) team.creater = user.nick_name return team
def create_applicants(self, user_id, team_name): applicant = apply_repo.get_applicants_by_id_team_name(user_id=user_id, team_name=team_name) if not applicant: team = team_repo.get_team_by_team_name(team_name=team_name) user = user_repo.get_by_user_id(user_id=user_id) info = { "user_id": user_id, "user_name": user.get_username(), "team_id": team.tenant_id, "team_name": team_name, "team_alias": team.tenant_alias, "apply_time": datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S') } return apply_repo.create_apply_info(**info) if applicant[0].is_pass == 0: raise ServiceHandleException(msg="already applied for it", msg_show="该团队已经申请过") if applicant[0].is_pass == 1: teams = team_repo.get_tenants_by_user_id(user_id) tnames = [team.tenant_name for team in teams] if team_name in tnames: raise ServiceHandleException(msg="already join for it", msg_show="您已加入该团队") applicant[0].apply_time = datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S') applicant[0].is_pass = 0 applicant[0].save() return applicant
def list_users_by_tenant_id(self, tenant_id, page=None, size=None, query=""): result = user_repo.list_users_by_tenant_id(tenant_id, query=query, page=page, size=size) users = [] for item in result: user = user_repo.get_by_user_id(item.get("user_id")) role_infos = user_kind_role_service.get_user_roles( kind="team", kind_id=tenant_id, user=user) users.append({ "user_id": item.get("user_id"), "nick_name": item.get("nick_name"), "email": item.get("email"), "phone": item.get("phone"), "is_active": item.get("is_active"), "enterprise_id": item.get("enterprise_id"), "role_infos": role_infos["roles"], }) total = user_repo.count_users_by_tenant_id(tenant_id, query=query) return users, total
def get_user_service_perm_info(self, service): """获取应用下的成员及对应的权限""" user_id_list = service_perm_repo.get_user_id_in_service(service.ID) user_id_list = list(set(user_id_list)) perm_list = [] for user_id in user_id_list: user_obj = user_repo.get_by_user_id(user_id) if not user_obj: continue user_info = {} user_perm_list = [] perm_id_list = service_perm_repo.get_perms_by_user_id_service_id( user_id=user_id, service_id=service.ID) for perm_id in perm_id_list: perm_obj = role_perm_repo.get_perm_obj_by_perm_id( perm_id=perm_id) if not perm_obj: continue perm_info = dict() perm_info["id"] = perm_obj.ID perm_info["codename"] = perm_obj.codename perm_info["perm_info"] = perm_obj.per_info user_perm_list.append(perm_info) user_info["user_id"] = user_obj.user_id user_info["nick_name"] = user_obj.nick_name user_info["email"] = user_obj.email user_info["service_perms"] = user_perm_list perm_list.append(user_info) return perm_list
def get(self, request, *args, **kwargs): page = int(request.GET.get("page_num", 1)) page_size = int(request.GET.get("page_size", 10)) enterprise_id = request.GET.get("eid", None) admins_num = EnterpriseUserPerm.objects.filter( enterprise_id=enterprise_id).count() admin_list = [] start = (page - 1) * 10 remaining_num = admins_num - (page - 1) * 10 end = 10 if remaining_num < page_size: end = remaining_num cursor = connection.cursor() cursor.execute( "select user_id from enterprise_user_perm where enterprise_id='{0}' order by user_id desc LIMIT {1},{2};" .format(enterprise_id, start, end)) admin_tuples = cursor.fetchall() for admin in admin_tuples: user = user_repo.get_by_user_id(user_id=admin[0]) bean = dict() if user: bean["nick_name"] = user.nick_name bean["phone"] = user.phone bean["email"] = user.email bean["create_time"] = time_to_str(user.create_time, "%Y-%m-%d %H:%M:%S") bean["user_id"] = user.user_id admin_list.append(bean) result = {"list": admin_list, "total": admins_num} return Response(result, status.HTTP_200_OK)
def list_teams_by_user_id(self, eid, user_id, query=None, page=None, page_size=None): tenants = team_repo.list_by_user_id(eid, user_id, query, page, page_size) total = team_repo.count_by_user_id(eid, user_id, query) user = user_repo.get_by_user_id(user_id) for tenant in tenants: roles = user_kind_role_service.get_user_roles(kind="team", kind_id=tenant["tenant_id"], user=user) tenant["role_infos"] = roles["roles"] return tenants, total
def add_user_role_to_team(self, tenant, user_ids, role_ids): """在团队中添加一个用户并给用户分配一个角色""" enterprise = enterprise_services.get_enterprise_by_enterprise_id(enterprise_id=tenant.enterprise_id) if enterprise: for user_id in user_ids: # for role_id in role_ids: PermRelTenant.objects.update_or_create(user_id=user_id, tenant_id=tenant.pk, enterprise_id=enterprise.pk) user = user_repo.get_by_user_id(user_id) user_kind_role_service.update_user_roles(kind="team", kind_id=tenant.tenant_id, user=user, role_ids=role_ids)
def put(self, req, team_id, user_id): if req.user.user_id == user_id: raise serializers.ValidationError("您不能修改自己的权限!", status.HTTP_400_BAD_REQUEST) serializer = CreateTeamUserReqSerializer(data=req.data) serializer.is_valid(raise_exception=True) role_ids = req.data["role_ids"].replace(" ", "").split(",") user = user_repo.get_by_user_id(user_id) user_kind_role_service.update_user_roles(kind="team", kind_id=self.team.tenant_id, user=user, role_ids=role_ids) return Response(None, status.HTTP_200_OK)
def add_user_to_team(self, tenant, user_id, role_ids=None): user = user_repo.get_by_user_id(user_id) if not user: raise ServiceHandleException(msg="user not found", msg_show="用户不存在", status_code=404) exist_team_user = PermRelTenant.objects.filter(tenant_id=tenant.ID, user_id=user.user_id) enterprise = enterprise_services.get_enterprise_by_enterprise_id(enterprise_id=tenant.enterprise_id) if exist_team_user: raise ServiceHandleException(msg="user exist", msg_show="用户已经加入此团队") PermRelTenant.objects.create(tenant_id=tenant.ID, user_id=user.user_id, identity="", enterprise_id=enterprise.ID) if role_ids: user_kind_role_service.update_user_roles(kind="team", kind_id=tenant.tenant_id, user=user, role_ids=role_ids)
def get_service_perm(self, service): service_perms = service_perm_repo.get_service_perms(service.ID) perm_list = [] for service_perm in service_perms: perm = {} u = user_repo.get_by_user_id(service_perm.user_id) perm["user_id"] = service_perm.user_id perm["identity"] = service_perm.identity perm["nick_name"] = u.nick_name perm["email"] = u.email perm_list.append(perm) return perm_list
def get(self, request, *args, **kwargs): """指定用户可以加入哪些团队""" try: tenants = team_repo.get_tenants_by_user_id( user_id=self.user.user_id) team_names = tenants.values("tenant_name") team_name_list = [ t_name.get("tenant_name") for t_name in team_names ] user_id = request.GET.get("user_id", None) if user_id: enterprise_id = user_repo.get_by_user_id( user_id=user_id).enterprise_id team_list = team_repo.get_teams_by_enterprise_id(enterprise_id) apply_team = apply_repo.get_applicants_team(user_id=user_id) else: enterprise_id = user_repo.get_by_user_id( user_id=self.user.user_id).enterprise_id team_list = team_repo.get_teams_by_enterprise_id(enterprise_id) apply_team = apply_repo.get_applicants_team( user_id=self.user.user_id) applied_team = [ team_repo.get_team_by_team_name(team_name=team_name) for team_name in [team_name.team_name for team_name in apply_team] ] join_list = [] for join_team in team_list: if join_team not in applied_team and join_team.tenant_name not in team_name_list: join_list.append(join_team) join_list = [{ "team_name": j_team.tenant_name, "team_alias": j_team.tenant_alias, "team_id": j_team.tenant_id } for j_team in join_list] result = general_message(200, "success", "查询成功", list=join_list) except Exception as e: logger.exception(e) result = error_message(e.message) return Response(result, status=result["code"])
def exit_current_team(self, team_name, user_id): s_id = transaction.savepoint() try: tenant = self.get_tenant_by_tenant_name(tenant_name=team_name) team_repo.get_user_perms_in_permtenant(user_id=user_id, tenant_id=tenant.ID).delete() user = user_repo.get_by_user_id(user_id) user_kind_role_service.delete_user_roles(kind="team", kind_id=tenant.tenant_id, user=user) transaction.savepoint_commit(s_id) return 200, "退出团队成功" except Exception as e: logger.exception(e) transaction.savepoint_rollback(s_id) return 400, "退出团队失败"
def get_user_perm_identitys_in_permtenant(self, user_id, tenant_name): """获取用户在一个团队的身份列表""" user = user_repo.get_by_user_id(user_id) try: tenant = self.get_tenant(tenant_name=tenant_name) except Tenants.DoesNotExist: tenant = self.get_team_by_team_id(tenant_name) if tenant is None: raise Tenants.DoesNotExist() user_roles = user_kind_role_service.get_user_roles(kind_id=tenant.ID, kind="team", user=user) if tenant.creater == user_id: user_roles["roles"].append("owner") return user_roles
def create_applicants(self, user_id, team_name): applicant = apply_repo.get_applicants_by_id_team_name(user_id=user_id, team_name=team_name) if not applicant: team = team_repo.get_team_by_team_name(team_name=team_name) user = user_repo.get_by_user_id(user_id=user_id) info = { "user_id": user_id, "user_name": user.get_username(), "team_id": team.tenant_id, "team_name": team_name, "team_alias": team.tenant_alias, "apply_time": datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S') } apply_repo.create_apply_info(**info) return info else: return None
def get(self, request, *args, **kwargs): """ 管理后台查询控制台企业下的企业管理员 :param request: :param args: :param kwargs: :return: """ try: page = int(request.GET.get("page_num", 1)) page_size = int(request.GET.get("page_size", 10)) admins_num = EnterpriseUserPerm.objects.count() admin_list = [] start = (page - 1) * 10 remaining_num = admins_num - (page - 1) * 10 end = 10 if remaining_num < page_size: end = remaining_num cursor = connection.cursor() cursor.execute( "select * from enterprise_user_perm order by user_id desc LIMIT {0},{1};" .format(start, end)) admin_tuples = cursor.fetchall() logger.debug( '---------admin-------------->{0}'.format(admin_tuples)) for admin in admin_tuples: user = user_repo.get_by_user_id(user_id=admin[1]) bean = dict() if user: bean["nick_name"] = user.nick_name bean["phone"] = user.phone bean["email"] = user.email bean["create_time"] = time_to_str(user.create_time, "%Y-%m-%d %H:%M:%S") bean["user_id"] = user.user_id admin_list.append(bean) result = generate_result("0000", "success", "查询成功", list=admin_list, total=admins_num) except Exception as e: logger.exception(e) result = generate_error_result() return Response(result)
def get(self, request, enterprise_id, *args, **kwargs): code = 200 new_join_team = [] request_join_team = [] try: tenants = enterprise_repo.get_enterprise_user_teams(enterprise_id, request.user.user_id) join_tenants = enterprise_repo.get_enterprise_user_join_teams(enterprise_id, request.user.user_id) active_tenants = enterprise_repo.get_enterprise_user_active_teams(enterprise_id, request.user.user_id) request_tenants = enterprise_repo.get_enterprise_user_request_join(enterprise_id, request.user.user_id) if tenants: for tenant in tenants[:3]: region_name_list = [] region_name_list = team_repo.get_team_region_names(tenant.tenant_id) user_role_list = user_kind_role_service.get_user_roles( kind="team", kind_id=tenant.tenant_id, user=request.user) roles = [x["role_name"] for x in user_role_list["roles"]] if tenant.creater == request.user.user_id: roles.append("owner") owner = user_repo.get_by_user_id(tenant.creater) if len(region_name_list) > 0: team_item = { "team_name": tenant.tenant_name, "team_alias": tenant.tenant_alias, "team_id": tenant.tenant_id, "create_time": tenant.create_time, "region": region_name_list[0], # first region is default "region_list": region_name_list, "enterprise_id": tenant.enterprise_id, "owner": tenant.creater, "owner_name": (owner.get_name() if owner else None), "roles": roles, "is_pass": True, } new_join_team.append(team_item) if join_tenants: for tenant in join_tenants: region_name_list = team_repo.get_team_region_names(tenant.team_id) tenant_info = team_repo.get_team_by_team_id(tenant.team_id) try: user = user_repo.get_user_by_user_id(tenant_info.creater) nick_name = user.nick_name except UserNotExistError: nick_name = None if len(region_name_list) > 0: team_item = { "team_name": tenant.team_name, "team_alias": tenant.team_alias, "team_id": tenant.team_id, "create_time": tenant_info.create_time, "region": region_name_list[0], "region_list": region_name_list, "enterprise_id": tenant_info.enterprise_id, "owner": tenant_info.creater, "owner_name": nick_name, "role": None, "is_pass": tenant.is_pass, } new_join_team.append(team_item) if request_tenants: for request_tenant in request_tenants: region_name_list = team_repo.get_team_region_names(request_tenant.team_id) tenant_info = team_repo.get_team_by_team_id(request_tenant.team_id) try: user = user_repo.get_user_by_user_id(tenant_info.creater) nick_name = user.nick_name except UserNotExistError: nick_name = None if len(region_name_list) > 0: team_item = { "team_name": request_tenant.team_name, "team_alias": request_tenant.team_alias, "team_id": request_tenant.team_id, "apply_time": request_tenant.apply_time, "user_id": request_tenant.user_id, "user_name": request_tenant.user_name, "region": region_name_list[0], "region_list": region_name_list, "enterprise_id": enterprise_id, "owner": tenant_info.creater, "owner_name": nick_name, "role": "viewer", "is_pass": request_tenant.is_pass, } request_join_team.append(team_item) data = { "active_teams": active_tenants, "new_join_team": new_join_team, "request_join_team": request_join_team, } result = general_message(200, "success", None, bean=data) except Exception as e: logger.exception(e) code = 400 result = general_message(code, "failed", "请求失败") return Response(result, status=code)
def get_team_by_team_id(self, team_id): team = team_repo.get_team_by_team_id(team_id=team_id) if team: user = user_repo.get_by_user_id(team.creater) team.creater_name = user.get_name() return team
def get(self, request, *args, **kwargs): code = request.GET.get("code") service_id = request.GET.get("service_id") try: oauth_service = oauth_repo.get_oauth_services_by_service_id( service_id) except Exception as e: logger.debug(e) rst = { "data": { "bean": None }, "status": 404, "msg_show": u"未找到oauth服务, 请检查该服务是否存在且属于开启状态" } return Response(rst, status=status.HTTP_200_OK) try: api = get_oauth_instance(oauth_service.oauth_type, oauth_service, None) except NoSupportOAuthType as e: logger.debug(e) rst = { "data": { "bean": None }, "status": 404, "msg_show": u"未找到oauth服务" } return Response(rst, status=status.HTTP_200_OK) try: user, access_token, refresh_token = api.get_user_info(code=code) except Exception as e: logger.debug(e.message) rst = { "data": { "bean": None }, "status": 404, "msg_show": e.message } return Response(rst, status=status.HTTP_200_OK) user_name = user.name user_id = str(user.id) user_email = user.email authenticated_user = oauth_user_repo.user_oauth_exists( service_id=service_id, oauth_user_id=user_id) if authenticated_user is not None: authenticated_user.oauth_user_id = user_id authenticated_user.oauth_user_name = user_name authenticated_user.oauth_user_email = user_email authenticated_user.access_token = access_token authenticated_user.refresh_token = refresh_token authenticated_user.code = code authenticated_user.save() if authenticated_user.user_id is not None: login_user = user_repo.get_by_user_id( authenticated_user.user_id) payload = jwt_payload_handler(login_user) token = jwt_encode_handler(payload) response = Response({"data": { "bean": { "token": token } }}, status=status.HTTP_200_OK) if api_settings.JWT_AUTH_COOKIE: expiration = (datetime.datetime.now() + api_settings.JWT_EXPIRATION_DELTA) response.set_cookie(api_settings.JWT_AUTH_COOKIE, token, expires=expiration, httponly=True) return response else: rst = { "oauth_user_name": user_name, "oauth_user_id": user_id, "oauth_user_email": user_email, "service_id": authenticated_user.service_id, "oauth_type": oauth_service.oauth_type, "is_authenticated": authenticated_user.is_authenticated, "code": code, } msg = "user is not authenticated" return Response( {"data": { "bean": { "result": rst, "msg": msg } }}, status=status.HTTP_200_OK) else: usr = oauth_user_repo.save_oauth( oauth_user_id=user_id, oauth_user_name=user_name, oauth_user_email=user_email, code=code, service_id=service_id, access_token=access_token, refresh_token=refresh_token, is_authenticated=True, is_expired=False, ) rst = { "oauth_user_name": usr.oauth_user_name, "oauth_user_id": usr.oauth_user_id, "oauth_user_email": usr.oauth_user_email, "service_id": usr.service_id, "oauth_type": oauth_service.oauth_type, "is_authenticated": usr.is_authenticated, "code": code, } msg = "user is not authenticated" return Response({"data": { "bean": { "result": rst, "msg": msg } }}, status=status.HTTP_200_OK)
def set_oauth_user_relation(self, api, oauth_service, oauth_user, access_token, refresh_token, code, user=None): oauth_user.id = str(oauth_user.id) if api.is_communication_oauth(): logger.debug(oauth_user.name) user = user_repo.get_enterprise_user_by_username( oauth_user.enterprise_id, oauth_user.name) authenticated_user = oauth_user_repo.user_oauth_exists( service_id=oauth_service.ID, oauth_user_id=oauth_user.id) if authenticated_user is not None: authenticated_user.oauth_user_id = oauth_user.id authenticated_user.oauth_user_name = oauth_user.name authenticated_user.oauth_user_email = oauth_user.email authenticated_user.access_token = access_token authenticated_user.refresh_token = refresh_token authenticated_user.code = code if user: authenticated_user.user_id = user.user_id authenticated_user.save() if authenticated_user.user_id is not None: login_user = user_repo.get_by_user_id( authenticated_user.user_id) payload = jwt_payload_handler(login_user) token = jwt_encode_handler(payload) response = Response({"data": { "bean": { "token": token } }}, status=200) if api_settings.JWT_AUTH_COOKIE: expiration = (datetime.datetime.now() + datetime.timedelta(days=30)) response.set_cookie(api_settings.JWT_AUTH_COOKIE, token, expires=expiration) return response else: rst = { "oauth_user_name": oauth_user.name, "oauth_user_id": oauth_user.id, "oauth_user_email": oauth_user.email, "service_id": authenticated_user.service_id, "oauth_type": oauth_service.oauth_type, "is_authenticated": authenticated_user.is_authenticated, "code": code, } msg = "user is not authenticated" return Response( {"data": { "bean": { "result": rst, "msg": msg } }}, status=200) else: usr = oauth_user_repo.save_oauth( oauth_user_id=oauth_user.id, oauth_user_name=oauth_user.name, oauth_user_email=oauth_user.email, user_id=(user.user_id if user else None), code=code, service_id=oauth_service.ID, access_token=access_token, refresh_token=refresh_token, is_authenticated=True, is_expired=False, ) rst = { "oauth_user_name": usr.oauth_user_name, "oauth_user_id": usr.oauth_user_id, "oauth_user_email": usr.oauth_user_email, "service_id": usr.service_id, "oauth_type": oauth_service.oauth_type, "is_authenticated": usr.is_authenticated, "code": code, } if user: payload = jwt_payload_handler(user) token = jwt_encode_handler(payload) response = Response({"data": { "bean": { "token": token } }}, status=200) if api_settings.JWT_AUTH_COOKIE: expiration = (datetime.datetime.now() + api_settings.JWT_EXPIRATION_DELTA) response.set_cookie(api_settings.JWT_AUTH_COOKIE, token, expires=expiration, httponly=True) return response msg = "user is not authenticated" return Response({"data": { "bean": { "result": rst, "msg": msg } }}, status=200)