def get_enterprise_user_active_teams(self, enterprise_id, user_id): tenants = self.get_enterprise_user_teams(enterprise_id, user_id) if not tenants: return None active_tenants_list = [] for tenant in tenants: user = user_repo.get_user_by_user_id(tenant.creater) try: role = user_role_repo.get_role_names(user.user_id, tenant.tenant_id) except UserRoleNotFoundException: if tenant.creater == user.user_id: role = "owner" else: role = None region_name_list = [] user = user_repo.get_user_by_user_id(tenant.creater) region_list = team_repo.get_team_regions(tenant.tenant_id) if region_list: region_name_list = region_list.values_list("region_name", flat=True) active_tenants_list.append({ "tenant_id": tenant.tenant_id, "team_alias": tenant.tenant_alias, "owner": tenant.creater, "owner_name": user.get_name(), "enterprise_id": tenant.enterprise_id, "create_time": tenant.create_time, "team_name": tenant.tenant_name, "region": tenant.region, "region_list": region_name_list, "num": len(ServiceGroup.objects.filter(tenant_id=tenant.tenant_id)), "role": role }) active_tenants_list.sort(key=lambda x: x["num"], reverse=True) active_tenants_list = active_tenants_list[:3] return active_tenants_list
def add_service_perm(self, current_user, user_id, tenant, service, identity): if current_user.user_id == user_id: return 409, u"不能给自己添加应用权限", None user = user_repo.get_user_by_user_id(user_id) if not user: return 404, "用户{0}不存在".format(user_id), None service_perm = service_perm_repo.get_service_perm_by_user_pk( service.ID, user_id) if service_perm: return 409, "用户{0}已有权限,无需添加".format(user.nick_name), None service_perm = service_perm_repo.add_service_perm( user_id, service.ID, identity) perm_tenant = perms_repo.get_user_tenant_perm(tenant.ID, user_id) enterprise = None try: enterprise = enterprise_repo.get_enterprise_by_enterprise_id( tenant.enterprise_id) except Exception as e: pass if not perm_tenant: perm_info = { "user_id": user.user_id, "tenant_id": tenant.ID, "identity": "access", "enterprise_id": enterprise.ID if enterprise else 0 } perm_tenant = perms_repo.add_user_tenant_perm(perm_info) logger.debug("service_perm {0} , perm_tenant {1}".format( service_perm, perm_tenant)) return 200, "已向用户{0}授权".format(user.nick_name), service_perm
def check_user_password(self, user_id, password): u = user_repo.get_user_by_user_id(user_id=user_id) if u: default_pass = u.check_password("goodrain") if not default_pass: return u.check_password(password) return default_pass else: raise AccountNotExistError("账户不存在")
def update_password(self, user_id, new_password): u = user_repo.get_user_by_user_id(user_id=user_id) if not u: raise AccountNotExistError("账户不存在") else: if len(new_password) < 8: raise PasswordTooShortError("密码不能小于8位") u.set_password(new_password) u.save() return True, "password update success"
def get_enterprises_by_user_id(self, user_id): try: user = user_repo.get_user_by_user_id(user_id) tenant_ids = team_repo.get_tenants_by_user_id(user_id).values_list("tenant_id", flat=True) enterprise_ids = list( TenantRegionInfo.objects.filter(tenant_id__in=tenant_ids).values_list("enterprise_id", flat=True)) enterprise_ids.append(user.enterprise_id) enterprises = TenantEnterprise.objects.filter(enterprise_id__in=enterprise_ids) return enterprises except Exception: raise ExterpriseNotExistError
def get_enterprise_user_active_teams(self, enterprise_id, user_id): tenants = self.get_enterprise_user_teams(enterprise_id, user_id) if not tenants: return None active_tenants_list = [] for tenant in tenants: role = None owner = None try: owner = user_repo.get_user_by_user_id(tenant.creater) role = user_role_repo.get_role_names(user_id, tenant.tenant_id) except UserNotExistError: pass except UserRoleNotFoundException: if tenant.creater == user_id: role = "owner" region_name_list = team_repo.get_team_region_names( tenant.tenant_id) if len(region_name_list) > 0: team_item = { "tenant_id": tenant.tenant_id, "team_alias": tenant.tenant_alias, "owner": tenant.creater, "owner_name": owner.get_name() if owner else "", "enterprise_id": tenant.enterprise_id, "create_time": tenant.create_time, "team_name": tenant.tenant_name, "region": region_name_list[0] if region_name_list else "", "region_list": region_name_list, "num": len(ServiceGroup.objects.filter( tenant_id=tenant.tenant_id)), "role": role } if not team_item["region"] and len(region_name_list) > 0: team_item["region"] = region_name_list[0] active_tenants_list.append(team_item) active_tenants_list.sort(key=lambda x: x["num"], reverse=True) active_tenants_list = active_tenants_list[:3] return active_tenants_list
def team_with_region_info(self, tenant, request_user=None, get_region=True): try: user = user_repo.get_user_by_user_id(tenant.creater) owner_name = user.get_name() except UserNotExistError: owner_name = None info = { "team_name": tenant.tenant_name, "team_alias": tenant.tenant_alias, "team_id": tenant.tenant_id, "create_time": tenant.create_time, "enterprise_id": tenant.enterprise_id, "owner": tenant.creater, "owner_name": owner_name, } if request_user: user_role_list = user_kind_role_service.get_user_roles( kind="team", kind_id=tenant.tenant_id, user=request_user) roles = [x["role_name"] for x in user_role_list["roles"]] if tenant.creater == request_user.user_id: roles.append("owner") info["roles"] = roles if get_region: region_info_map = [] region_name_list = team_repo.get_team_region_names( tenant.tenant_id) if region_name_list: region_infos = region_repo.get_region_by_region_names( region_name_list) if region_infos: for region in region_infos: region_info_map.append({ "region_name": region.region_name, "region_alias": region.region_alias }) info["region"] = region_info_map[0]["region_name"] if len( region_info_map) > 0 else "" info["region_list"] = region_info_map return info
def add_user_service_perm(self, current_user, user_list, tenant, service, perm_list): """添加用户在一个应用中的权限""" if current_user.user_id in user_list: return 409, u"不能给自己添加应用权限", None for user_id in user_list: user = user_repo.get_user_by_user_id(user_id) if not user: return 404, "用户{0}不存在".format(user_id), None service_perm = service_perm_repo.get_service_perm_by_user_pk_service_pk( service_pk=service.ID, user_pk=user_id) if service_perm: return 409, "用户{0}已有权限,无需添加".format(user.nick_name), None service_perm_repo.add_user_service_perm(user_ids=user_list, service_pk=service.ID, perm_ids=perm_list) enterprise = None try: enterprise = enterprise_repo.get_enterprise_by_enterprise_id( tenant.enterprise_id) except Exception as e: logger.exception(e) pass for user_id in user_list: perm_tenant = perms_repo.get_user_tenant_perm(tenant.ID, user_id) if not perm_tenant: perm_info = { "user_id": user_id, "tenant_id": tenant.ID, "role_id": role_repo.get_role_id_by_role_name("viewer"), "enterprise_id": enterprise.ID if enterprise else 0 } perm_tenant = perms_repo.add_user_tenant_perm(perm_info) return 200, "添加用户应用权限成功", None
def __team_with_region_info(self, tenant, user_id=None): role = "" owner_name = "" try: user = user_repo.get_user_by_user_id(tenant.creater) owner_name = user.get_name() if user_id: role = user_role_repo.get_role_names(user_id, tenant.tenant_id) except UserNotExistError: pass except UserRoleNotFoundException: if tenant.creater == user_id: role = "owner" region_info_map = [] region_list = team_repo.get_team_regions(tenant.tenant_id) if region_list: region_name_list = region_list.values_list("region_name", flat=True) region_infos = region_repo.get_region_by_region_names( region_name_list) if region_infos: for region in region_infos: region_info_map.append({ "region_name": region.region_name, "region_alias": region.region_alias }) info = { "team_name": tenant.tenant_name, "team_alias": tenant.tenant_alias, "team_id": tenant.tenant_id, "create_time": tenant.create_time, "region": tenant.region, "region_list": region_info_map, "enterprise_id": tenant.enterprise_id, "owner": tenant.creater, "owner_name": owner_name, } if user_id: info["role"] = role return info
def __team_with_region_info(self, tenant, request_user=None): try: user = user_repo.get_user_by_user_id(tenant.creater) owner_name = user.get_name() except UserNotExistError: owner_name = None if request_user: user_role_list = user_kind_role_service.get_user_roles( kind="team", kind_id=tenant.tenant_id, user=request_user) roles = map(lambda x: x["role_name"], user_role_list["roles"]) if tenant.creater == request_user.user_id: roles.append("owner") region_info_map = [] region_list = team_repo.get_team_regions(tenant.tenant_id) if region_list: region_name_list = region_list.values_list("region_name", flat=True) region_infos = region_repo.get_region_by_region_names( region_name_list) if region_infos: for region in region_infos: region_info_map.append({ "region_name": region.region_name, "region_alias": region.region_alias }) info = { "team_name": tenant.tenant_name, "team_alias": tenant.tenant_alias, "team_id": tenant.tenant_id, "create_time": tenant.create_time, "region": tenant.region, "region_list": region_info_map, "enterprise_id": tenant.enterprise_id, "owner": tenant.creater, "owner_name": owner_name, } if request_user: info["roles"] = roles return info
def get(self, request, enterprise_id, *args, **kwargs): code = 200 new_join_team = [] request_join_team = [] try: tenants = enterprise_repo.get_enterprise_user_teams(enterprise_id, request.user.user_id) join_tenants = enterprise_repo.get_enterprise_user_join_teams(enterprise_id, request.user.user_id) active_tenants = enterprise_repo.get_enterprise_user_active_teams(enterprise_id, request.user.user_id) request_tenants = enterprise_repo.get_enterprise_user_request_join(enterprise_id, request.user.user_id) if tenants: for tenant in tenants[:3]: region_name_list = [] region_name_list = team_repo.get_team_region_names(tenant.tenant_id) user_role_list = user_kind_role_service.get_user_roles( kind="team", kind_id=tenant.tenant_id, user=request.user) roles = [x["role_name"] for x in user_role_list["roles"]] if tenant.creater == request.user.user_id: roles.append("owner") owner = user_repo.get_by_user_id(tenant.creater) if len(region_name_list) > 0: team_item = { "team_name": tenant.tenant_name, "team_alias": tenant.tenant_alias, "team_id": tenant.tenant_id, "create_time": tenant.create_time, "region": region_name_list[0], # first region is default "region_list": region_name_list, "enterprise_id": tenant.enterprise_id, "owner": tenant.creater, "owner_name": (owner.get_name() if owner else None), "roles": roles, "is_pass": True, } new_join_team.append(team_item) if join_tenants: for tenant in join_tenants: region_name_list = team_repo.get_team_region_names(tenant.team_id) tenant_info = team_repo.get_team_by_team_id(tenant.team_id) try: user = user_repo.get_user_by_user_id(tenant_info.creater) nick_name = user.nick_name except UserNotExistError: nick_name = None if len(region_name_list) > 0: team_item = { "team_name": tenant.team_name, "team_alias": tenant.team_alias, "team_id": tenant.team_id, "create_time": tenant_info.create_time, "region": region_name_list[0], "region_list": region_name_list, "enterprise_id": tenant_info.enterprise_id, "owner": tenant_info.creater, "owner_name": nick_name, "role": None, "is_pass": tenant.is_pass, } new_join_team.append(team_item) if request_tenants: for request_tenant in request_tenants: region_name_list = team_repo.get_team_region_names(request_tenant.team_id) tenant_info = team_repo.get_team_by_team_id(request_tenant.team_id) try: user = user_repo.get_user_by_user_id(tenant_info.creater) nick_name = user.nick_name except UserNotExistError: nick_name = None if len(region_name_list) > 0: team_item = { "team_name": request_tenant.team_name, "team_alias": request_tenant.team_alias, "team_id": request_tenant.team_id, "apply_time": request_tenant.apply_time, "user_id": request_tenant.user_id, "user_name": request_tenant.user_name, "region": region_name_list[0], "region_list": region_name_list, "enterprise_id": enterprise_id, "owner": tenant_info.creater, "owner_name": nick_name, "role": "viewer", "is_pass": request_tenant.is_pass, } request_join_team.append(team_item) data = { "active_teams": active_tenants, "new_join_team": new_join_team, "request_join_team": request_join_team, } result = general_message(200, "success", None, bean=data) except Exception as e: logger.exception(e) code = 400 result = general_message(code, "failed", "请求失败") return Response(result, status=code)
def get(self, request, enterprise_id, user_id, *args, **kwargs): name = request.GET.get("name", None) user = user_repo.get_user_by_user_id(user_id) teams = team_services.list_user_teams(enterprise_id, user, name) result = general_message(200, "team query success", "查询成功", list=teams) return Response(result, status=200)
def post(self, request, team_name, user_id, *args, **kwargs): """ 修改团队成员角色 --- parameters: - name: team_name description: 团队名 required: true type: string paramType: path - name: user_id description: 被修改权限的团队成员id required: true type: string paramType: path - name: role_ids description: 角色 格式 {"role_ids": "1,2,3"} required: true type: string paramType: body """ try: perm_list = team_services.get_user_perm_identitys_in_permtenant( user_id=request.user.user_id, tenant_name=team_name) perm_tuple = team_services.get_user_perm_in_tenant( user_id=request.user.user_id, tenant_name=team_name) no_auth = ("owner" not in perm_list) and ( "admin" not in perm_list ) and "manage_team_member_permissions" not in perm_tuple if no_auth: code = 400 result = general_message(code, "no identity", "您没有权限做此操作") else: code = 200 role_ids = request.data.get("role_ids", None) if role_ids: try: role_id_list = [int(id) for id in role_ids.split(",")] except Exception as e: logger.exception(e) code = 400 result = general_message(code, "params is empty", "参数格式不正确") return Response(result, status=code) other_user = user_repo.get_user_by_user_id( user_id=int(user_id)) if other_user.user_id == request.user.user_id: result = general_message(400, "failed", "您不能修改自己的权限!") return Response(result, status=400) for id in role_id_list: if id not in team_services.get_all_team_role_id( tenant_name=team_name): code = 400 result = general_message( code, "The role does not exist", "该角色在团队中不存在") return Response(result, status=code) identity_list = team_services.get_user_perm_identitys_in_permtenant( user_id=other_user.user_id, tenant_name=team_name) role_name_list = team_services.get_user_perm_role_in_permtenant( user_id=other_user.user_id, tenant_name=team_name) if "owner" in identity_list or "owner" in role_name_list: result = general_message(400, "failed", "您不能修改创建者的权限!") return Response(result, status=400) team_services.change_tenant_role( user_id=other_user.user_id, tenant_name=team_name, role_id_list=role_id_list) result = general_message( code, "identity modify success", "{}角色修改成功".format(other_user.nick_name)) else: result = general_message(400, "identity failed", "修改角色时,角色不能为空") except UserNotExistError as e: logger.exception(e) code = 400 result = general_message(code, "users not exist", "该用户不存在") except Exception as e: logger.exception(e) code = 500 result = error_message(e.message) return Response(result, status=code)
def check_user_password(self, user_id, password): u = user_repo.get_user_by_user_id(user_id=user_id) if u: return u.check_password(password) else: raise AccountNotExistError("账户不存在")
def get_user_by_user_id(self, user_id): return user_repo.get_user_by_user_id(user_id=user_id)
def get(self, request, enterprise_id, *args, **kwargs): code = 200 new_join_team = [] request_join_team = [] try: tenants = enterprise_repo.get_enterprise_user_teams( enterprise_id, request.user.user_id) join_tenants = enterprise_repo.get_enterprise_user_join_teams( enterprise_id, request.user.user_id) active_tenants = enterprise_repo.get_enterprise_user_active_teams( enterprise_id, request.user.user_id) request_tenants = enterprise_repo.get_enterprise_user_request_join( enterprise_id, request.user.user_id) if tenants: for tenant in tenants[:3]: region_name_list = [] user = user_repo.get_user_by_user_id(tenant.creater) region_list = team_repo.get_team_regions(tenant.tenant_id) if region_list: region_name_list = region_list.values_list( "region_name", flat=True) try: role = user_role_repo.get_role_names( user.user_id, tenant.tenant_id) except UserRoleNotFoundException: if tenant.creater == user.user_id: role = "owner" else: role = None new_join_team.append({ "team_name": tenant.tenant_name, "team_alias": tenant.tenant_alias, "team_id": tenant.tenant_id, "create_time": tenant.create_time, "region": tenant.region, "region_list": region_name_list, "enterprise_id": tenant.enterprise_id, "owner": tenant.creater, "owner_name": user.nick_name, "role": role, "is_pass": True, }) if join_tenants: for tenant in join_tenants: region_name_list = [] region_list = team_repo.get_team_regions(tenant.team_id) if region_list: region_name_list = region_list.values_list( "region_name", flat=True) tenant_info = team_repo.get_team_by_team_id(tenant.team_id) try: user = user_repo.get_user_by_user_id( tenant_info.creater) nick_name = user.nick_name except UserNotExistError: nick_name = None new_join_team.append({ "team_name": tenant.team_name, "team_alias": tenant.team_alias, "team_id": tenant.team_id, "create_time": tenant_info.create_time, "region": tenant_info.region, "region_list": region_name_list, "enterprise_id": tenant_info.enterprise_id, "owner": tenant_info.creater, "owner_name": nick_name, "role": None, "is_pass": tenant.is_pass, }) if request_tenants: for request_tenant in request_tenants: region_name_list = [] region_list = team_repo.get_team_regions( request_tenant.team_id) if region_list: region_name_list = region_list.values_list( "region_name", flat=True) tenant_info = team_repo.get_team_by_team_id( request_tenant.team_id) try: user = user_repo.get_user_by_user_id( tenant_info.creater) nick_name = user.nick_name except UserNotExistError: nick_name = None request_join_team.append({ "team_name": request_tenant.team_name, "team_alias": request_tenant.team_alias, "team_id": request_tenant.team_id, "apply_time": request_tenant.apply_time, "user_id": request_tenant.user_id, "user_name": request_tenant.user_name, "region": team_repo.get_team_by_team_id( request_tenant.team_id).region, "region_list": region_name_list, "enterprise_id": enterprise_id, "owner": tenant_info.creater, "owner_name": nick_name, "role": "viewer", "is_pass": request_tenant.is_pass, }) data = { "active_teams": active_tenants, "new_join_team": new_join_team, "request_join_team": request_join_team, } result = general_message(200, "success", None, bean=data) except Exception as e: logger.exception(e) code = 400 result = general_message(code, "failed", "请求失败") return Response(result, status=code)