def item_check(info, item_name):
if not info:
raise GulDanException().with_code(400).with_message(u"请求body不能为空")
item = info.get(item_name, None)
if is_empty(item):
raise GulDanException().with_code(400).with_message(
u"{}没有找到或不应该为空".format(item_name), )
return item
def set_int_attr(self, name, value):
try:
setattr(self, name, valid_int(value))
except ValueError:
raise GulDanException().with_code(400).with_message(
u"{}应该是一个整数".format(name))
if getattr(self, name) < 0:
raise GulDanException().with_code(400).with_message(
u"{}不应该小于0".format(name))
def set_resource_name(self, name):
if not name or not bool(re.match(NAME_REGEX, name)):
raise GulDanException().with_message(
u"资源名称({})不匹配正则表达式: {}".format(name,
NAME_REGEX)).with_code(400)
if len(name) > MAX_RESOURCE_NAME_LENGTH:
raise GulDanException().with_code(403).with_message(
u"名称最大长度是{}".format(MAX_RESOURCE_NAME_LENGTH))
self.resource_name = name
def get_user_info_from_request(req):
session_id = req.cookies.get(GULDAN_SESSION_ID_STR, None)
user_hash = req.cookies.get(GULDAN_TOKEN_STR, None)
if not user_hash:
raise GulDanException().with_code(400).with_message(u"登录信息不完整")
if not session_id:
session_id = req.headers.get(GULDAN_SESSION_ID_STR, None)
if not session_id:
raise GulDanException().with_code(400).with_message(u"登录信息不完整")
return session_id, user_hash
def create_org_internal(org_name, visibility=None):
if len(org_name) > MAX_RESOURCE_NAME_LENGTH:
raise GulDanException().with_code(403).with_message(
u"组织名称最大是{}".format(MAX_RESOURCE_NAME_LENGTH))
if is_existing_org(org_name):
raise GulDanException().with_message(
u"组织({})已经存在".format(org_name)).with_code(409)
return _create_org(
org_name=org_name,
visibility=visibility,
)
def set_privilege_type(self, privilege_type):
if not privilege_type:
raise GulDanException().with_message(
u"非法的授权类型:{}".format(privilege_type)).with_code(400)
privilege_type_lower = privilege_type.lower()
if privilege_type_lower == "modifier":
self.privilege_type = Privilege.Type.MODIFIER
elif privilege_type_lower == "viewer":
self.privilege_type = Privilege.Type.VIEWER
elif privilege_type_lower == "puller":
self.privilege_type = Privilege.Type.PULLER
else:
raise GulDanException().with_message(
u"非法的授权类型:{}".format(privilege_type)).with_code(400)
def logout_user_by_user_id(user_id, session_id):
user_login = g.db_session.query(UserLogin).filter_by(
user_id=user_id, is_deleted=0).limit(1).first()
if not user_login:
raise GulDanException().with_message(
u"找不到登录信息, user_id:{}".format(user_id)).with_code(404)
if user_login.login_token == session_id:
user_login.login_token = UserLogin.DEFAULT_SESSION_ID
elif user_login.login_token == UserLogin.DEFAULT_SESSION_ID:
raise GulDanException().with_message(
u"用户(id:{})已经登出".format(user_id)).with_code(409)
else:
raise GulDanException().with_message(u"登录信息不匹配,不能登出").with_code(
409)
def parse_redis_url(url):
m = re.match("redis://(.+?):(\d+?)/(\d+)", url)
if not m or not m.groups():
raise GulDanException().with_code(500).with_message(
u"非法的redis地址:{}".format(url))
groups = m.groups()
return groups[0], int(groups[1]), int(groups[2])
def ensure_item_by_name(item_name):
item = Item.get_by_name(item_name)
if not item:
raise GulDanException().with_code(404).with_message(
u"找不到配置项(name:{})".format(item_name))
return item
def ensure_item(item_id):
item = Item.get_by_id(item_id)
if not item:
raise GulDanException().with_code(404).with_message(
u"找不到配置项(id:{})".format(item_id))
return item
def ensure_user(user_id):
user = User.get_by_id(user_id)
if not user:
raise GulDanException().with_code(404).with_message(
u"找不到用户(id:{})".format(user_id))
return user
def get_parent_id(cls, res_id):
res = cls.get_by_id(res_id)
if not res:
raise GulDanException().with_message(u"{}找不到资源, id:{}".format(
cls.__name__, res_id)).with_code(404)
return res.parent_id
def resource_search_internal(resource_name):
resource_name_splits = resource_name.split(".")
if len(resource_name_splits) > 3:
raise GulDanException().with_code(400).with_message(u"非法的资源名")
resource_type = get_resource_type(resource_name_splits)
resource_model = get_resource_model(resource_type)
resource = resource_model.get_by_name(resource_name)
if not resource:
raise GulDanException().with_code(404).with_message(u"找不到资源")
return [{
"id": resource.id,
"name": resource.name,
"visibility": Resource.Visibility.to_str(resource.visibility)
}]
def get_resource(resource_model, resource_name):
resource = resource_model.get_by_name(resource_name)
if not resource:
raise GulDanException().with_code(404).with_message(
u"找不到资源:{}".format(resource_name)
)
return resource
def update_user(user_id, name, secret_hash):
user = g.db_session.query(User).filter_by(id=user_id, is_deleted=0).limit(1).first()
if not user:
raise GulDanException().with_message(u"用户(id:{})没有找到".format(user_id)).with_code(404)
user.name = name
user.secret_hash = secret_hash
def ensure_project(project_id):
project = Project.get_by_id(project_id)
if not project:
raise GulDanException().with_code(404).with_message(
u"找不到项目(id:{})".format(project_id))
return project
def parse_item_version_rollback_arguments(request):
op_info = parse_request(request)
version_id = request.args.get("version_id", None)
if not version_id:
raise GulDanException().with_code(400).with_message(u"请指定version_id")
try:
op_info.version_id = int(version_id)
if op_info.version_id < 1:
raise Exception()
except:
raise GulDanException().with_code(400).with_message(
u"version_id参数应该是一个正整数")
return op_info
def ensure_grey_item_by_name(item_name):
grey_item = GreyItem.get_by_item_name(item_name)
if not grey_item:
raise GulDanException().with_code(404).with_message(
u"找不到配置项(name:{})的灰度版本".format(item_name))
return grey_item
def get_one_modifier(resource_type, resource_id):
priv = Privilege.get_one_user_for_resource(resource_id, resource_type,
Privilege.Type.MODIFIER)
user_id = priv[0]
user = User.get_by_id(user_id)
if not user:
raise GulDanException().with_code(404).with_message(u"找不到指定的用户")
return {"user_id": user.id, "user_name": user.name}
def build_full_resource_name(res_id, res_type):
res_model = get_resource_model(res_type)
res = res_model.get_by_id(res_id)
if not res:
raise GulDanException().with_message(u"找不到资源(id:{}, type:{})".format(
res_id, res_type))
return res.name
def get_name_by_id(cls, res_id):
resource = g.db_session.query(cls.name).filter_by(
is_deleted=0, id=res_id).limit(1).first()
if not resource:
raise GulDanException().with_code(404).with_message(
u"找不到资源, id:{}".format(res_id))
return resource[0]
def update_org(org_id, org_name):
org = g.db_session.query(Org).filter_by(id=org_id,
is_deleted=0).limit(1).first()
if not org:
raise GulDanException().with_message(
u"没有找到组织(id:{})".format(org_id)).with_code(404)
org.name = org_name
def delete_by_id(cls, object_id):
object = g.db_session.query(cls).filter_by(
id=object_id, is_deleted=0).limit(1).first()
if not object:
raise GulDanException().with_message(u"{} id:{} 找不到".format(
cls.__name__, object_id)).with_code(404)
object.is_deleted = 1
def delete_privilege(user_hash, resource_id, resource_type):
privilege = g.db_session.query(Privilege).filter(
Privilege.is_deleted == 0, Privilege.resource_id == resource_id,
Privilege.resource_type == resource_type,
Privilege.user_hash == user_hash).first()
if not privilege:
raise GulDanException().with_message(
u"用户没有改资源的权限,请尝试删除它上级资源的权限").with_code(404)
privilege.is_deleted = 1
def parse_from_int(type_id):
if type_id == 1:
return Resource.Type.ORG
elif type_id == 2:
return Resource.Type.PROJECT
elif type_id == 3:
return Resource.Type.ITEM
else:
raise GulDanException().with_code(400).with_message(
u"非法的资源类型: " + type_id)
def create_project_internal(project_name, parent_id=None, visibility=None):
org = Org.get_by_id(parent_id)
if not org:
raise GulDanException().with_message(
u"找不到组织(id:{})".format(parent_id)).with_code(404)
project_full_name = "{}.{}".format(org.name, project_name)
return _create_project(parent_id=parent_id,
project_full_name=project_full_name,
visibility=visibility)
def delete_item_privilege_for_user(target_user=None, resource_id=None):
if target_user.id == g.user_id:
raise GulDanException().with_message(u"你不能删除自己的权限").with_code(409)
Privilege.delete_privilege(target_user.user_hash, resource_id,
Resource.Type.ITEM)
item = ensure_item(resource_id)
cache.delete_memoized(pull_item, ItemPuller(item.name), item.name,
target_user.user_hash)
def validate_user_for_view_project(user_hash, project_id):
if can_user_view_project(project_id, user_hash):
return
org_id = Project.get_parent_id(project_id)
if can_user_view_org(org_id, user_hash):
return
raise GulDanException().with_code(403).with_message(
u"用户({})没有权限查看组织(id:{})".format(g.user_name, project_id))
def _create_project(parent_id=None, project_full_name=None, visibility=None):
project = Project.get_by_parent_and_name(parent_id, project_full_name)
if project:
raise GulDanException().with_message(u"项目({})已经在组织(id:{})中存在".format(
project_full_name, parent_id)).with_code(409)
project = Project(project_full_name, parent_id, visibility=visibility)
Project.add(project)
return project
def ensure_grey_item_by_name(item_name):
grey_item = GreyItem.get_by_item_name(item_name)
if not grey_item:
item = Item.get_by_name(item_name)
if not item:
raise GulDanException().with_code(404).with_message(
u"找不到配置项(name:{})".format(item_name))
grey_item = GreyItem(item.id, item.name, item.data, item.type,
item.visibility)
return grey_item
