Example #1
0
def init_acl():
    _app = AppCache.get('cmdb') or App.create(name='cmdb')
    app_id = _app.id

    # 1. add resource type
    for resource_type in ResourceTypeEnum.all():
        try:
            ResourceTypeCRUD.add(app_id, resource_type, '', PermEnum.all())
        except AbortException:
            pass

    # 2. add role
    try:
        RoleCRUD.add_role(RoleEnum.CONFIG, app_id, True)
    except AbortException:
        pass
    try:
        RoleCRUD.add_role(RoleEnum.CMDB_READ_ALL, app_id, False)
    except AbortException:
        pass

    # 3. add resource and grant
    ci_types = CIType.get_by(to_dict=False)
    type_id = ResourceType.get_by(name=ResourceTypeEnum.CI,
                                  first=True,
                                  to_dict=False).id
    for ci_type in ci_types:
        try:
            ResourceCRUD.add(ci_type.name, type_id, app_id)
        except AbortException:
            pass

        ACLManager().grant_resource_to_role(ci_type.name,
                                            RoleEnum.CMDB_READ_ALL,
                                            ResourceTypeEnum.CI,
                                            [PermEnum.READ])

    relation_views = PreferenceRelationView.get_by(to_dict=False)
    type_id = ResourceType.get_by(name=ResourceTypeEnum.RELATION_VIEW,
                                  first=True,
                                  to_dict=False).id
    for view in relation_views:
        try:
            ResourceCRUD.add(view.name, type_id, app_id)
        except AbortException:
            pass

        ACLManager().grant_resource_to_role(view.name, RoleEnum.CMDB_READ_ALL,
                                            ResourceTypeEnum.RELATION_VIEW,
                                            [PermEnum.READ])
Example #2
0
    def add(cls, **kwargs):
        existed = User.get_by(username=kwargs['username'],
                              email=kwargs['email'])
        existed and abort(
            400, "User <{0}> is already existed".format(kwargs['username']))

        kwargs['nickname'] = kwargs.get('nickname') or kwargs['username']
        kwargs['block'] = 0
        kwargs['key'], kwargs['secret'] = cls._gen_key_secret()

        user = User.create(**kwargs)

        RoleCRUD.add_role(user.username, uid=user.uid)

        return user
Example #3
0
File: acl.py Project: 13052020/cmdb
    def has_permission(self, resource_name, resource_type, perm):

        role = self._get_role(g.user.username)

        role or abort(404, "Role <{0}> is not found".format(g.user.username))

        return RoleCRUD.has_permission(role.id, resource_name, resource_type,
                                       self.app_id, perm)
Example #4
0
    def post(self):
        name = request.values.get('name')
        app_id = request.values.get('app_id')
        is_app_admin = request.values.get('is_app_admin', False)

        role = RoleCRUD.add_role(name, app_id, is_app_admin=is_app_admin)

        return self.jsonify(role.to_dict())
Example #5
0
    def update(uid, **kwargs):
        user = User.get_by(uid=uid, to_dict=False, first=True) or abort(
            404, "User <{0}> does not exist".format(uid))

        if kwargs.get("username"):
            other = User.get_by(username=kwargs['username'],
                                first=True,
                                to_dict=False)
            if other is not None and other.uid != user.uid:
                return abort(
                    400, "User <{0}> cannot be duplicated".format(
                        kwargs['username']))

        UserCache.clean(user)

        if kwargs.get("username") and kwargs['username'] != user.username:
            role = Role.get_by(name=user.username, first=True, to_dict=False)
            if role is not None:
                RoleCRUD.update_role(role.id, **dict(name=kwargs['name']))

        return user.update(**kwargs)
Example #6
0
    def get_resources(cls, rid):
        """
        :param rid: 
        :return: {id2perms: {resource_id: [perm,]}, group2perms: {group_id: [perm, ]}}
        """
        resources = cache.get(cls.PREFIX_RESOURCES.format(rid))
        if not resources:
            from api.lib.perm.acl.role import RoleCRUD
            resources = RoleCRUD.get_resources(rid)
            cache.set(cls.PREFIX_RESOURCES.format(rid), resources, timeout=0)

        return resources or {}
Example #7
0
    def add(cls, **kwargs):
        existed = User.get_by(username=kwargs['username'],
                              email=kwargs['email'])
        existed and abort(
            400, "User <{0}> is already existed".format(kwargs['username']))

        is_admin = kwargs.pop('is_admin', False)
        kwargs['nickname'] = kwargs.get('nickname') or kwargs['username']
        kwargs['block'] = 0
        kwargs['key'], kwargs['secret'] = cls._gen_key_secret()

        user = User.create(**kwargs)

        role = RoleCRUD.add_role(user.username, uid=user.uid)

        if is_admin:
            from api.lib.perm.acl.cache import AppCache
            from api.lib.perm.acl.role import RoleRelationCRUD
            admin_r = Role.get_by(name='admin', first=True, to_dict=False) or \
                      RoleCRUD.add_role('admin', AppCache.get('cmdb').id, True)

            RoleRelationCRUD.add(admin_r.id, role.id)

        return user
Example #8
0
    def get(self):
        page = get_page(request.values.get("page", 1))
        page_size = get_page_size(request.values.get("page_size"))
        q = request.values.get('q')
        app_id = request.values.get('app_id')
        user_role = request.values.get('user_role', False)

        numfound, roles = RoleCRUD.search(q, app_id, page, page_size,
                                          user_role)

        id2parents = RoleRelationCRUD.get_parents([i.id for i in roles])

        return self.jsonify(numfound=numfound,
                            page=page,
                            page_size=page_size,
                            id2parents=id2parents,
                            roles=[i.to_dict() for i in roles])
Example #9
0
    def delete(self, rid):
        RoleCRUD.delete_role(rid)

        return self.jsonify(rid=rid)
Example #10
0
    def put(self, rid):
        role = RoleCRUD.update_role(rid, **request.values)

        return self.jsonify(role.to_dict())