def add_members(handler, policy_id, policy_type, ref_type, members):
# step 1: select exists rid.
s = SQL(get_db())
s.select_from('ops_auz', ['rid'], alt_name='p')
_where = list()
_where.append('p.policy_id={}'.format(policy_id))
_where.append('p.type={}'.format(policy_type))
_where.append('p.rtype={}'.format(ref_type))
s.where('( {} )'.format(' AND '.join(_where)))
err = s.query()
if err != TPE_OK:
return err
exists_ids = [r['rid'] for r in s.recorder]
operator = handler.get_current_user()
db = get_db()
_time_now = tp_timestamp_sec()
sql = []
for m in members:
if m['id'] in exists_ids:
continue
sql_s = 'INSERT INTO `{tp}ops_auz` (`policy_id`,`type`,`rtype`,`rid`,`name`,`creator_id`,`create_time`) VALUES ' \
'({ph}, {ph}, {ph}, {ph}, {ph}, {ph}, {ph});' \
''.format(tp=db.table_prefix, ph=db.place_holder)
sql_v = (policy_id, policy_type, ref_type, m['id'], m['name'],
operator['id'], _time_now)
sql.append({'s': sql_s, 'v': sql_v})
if db.transaction(sql):
# return TPE_OK
return policy.rebuild_ops_auz_map()
else:
return TPE_DATABASE
def rank_reorder(handler, pid, new_rank, start_rank, end_rank, direct):
db = get_db()
# 调节顺序:
# 由pid获取被移动的策略,得到其rank,即,p_rank
# p_rank > new_rank,向前移动
# 所有 new_rank <= rank < p_rank 的条目,其rank+1
# p_rank < new_rank,向后移动
# 所有 new_rank >= rank > p_rank 的条目,其rank-1
# 最后令pid条目的rank为new_rank
# 1. 判断此账号是否已经存在
s = SQL(db)
err = s.select_from('ops_policy', ['id', 'name', 'rank']).where(
'ops_policy.id={}'.format(pid)).query()
if err != TPE_OK:
return err
if len(s.recorder) == 0:
return TPE_NOT_EXISTS
p_name = s.recorder[0]['name']
p_rank = s.recorder[0]['rank']
# if p_rank > new_rank:
# compare = '>'
# if insert_before:
# compare = '>='
# sql = 'UPDATE `{dbtp}ops_policy` SET rank=rank+1 WHERE (rank{compare}{new_rank} AND rank<{p_rank});' \
# ''.format(dbtp=db.table_prefix, compare=compare, new_rank=new_rank, p_rank=p_rank)
# else:
# compare = '<'
# if insert_before:
# compare = '<='
# sql = 'UPDATE `{dbtp}ops_policy` SET rank=rank-1 WHERE (rank{compare}{new_rank} AND rank>{p_rank});' \
# ''.format(dbtp=db.table_prefix, compare=compare, new_rank=new_rank, p_rank=p_rank)
sql = 'UPDATE `{dbtp}ops_policy` SET rank=rank{direct} WHERE (rank>={start_rank} AND rank<={end_rank});' \
''.format(dbtp=db.table_prefix, direct=direct, start_rank=start_rank, end_rank=end_rank)
db_ret = db.exec(sql)
if not db_ret:
return TPE_DATABASE
sql = 'UPDATE `{dbtp}ops_policy` SET rank={new_rank} WHERE id={pid};' \
''.format(dbtp=db.table_prefix, new_rank=new_rank, pid=pid)
db_ret = db.exec(sql)
if not db_ret:
return TPE_DATABASE
syslog.sys_log(handler.get_current_user(), handler.request.remote_ip,
TPE_OK,
"调整运维授权策略顺序:{},从{}到{}".format(p_name, p_rank, new_rank))
return policy.rebuild_ops_auz_map()
def remove_members(handler, policy_id, policy_type, ids):
s = SQL(get_db())
auz_ids = [str(i) for i in ids]
# 将用户从所在组中移除
where = 'policy_id={} AND type={} AND id IN ({})'.format(policy_id, policy_type, ','.join(auz_ids))
err = s.reset().delete_from('ops_auz').where(where).exec()
if err != TPE_OK:
return err
#return TPE_OK
return policy.rebuild_ops_auz_map()
def rank_reorder(handler, pid, new_rank, start_rank, end_rank, direct):
db = get_db()
# 调节顺序:
# 由pid获取被移动的策略,得到其rank,即,p_rank
# p_rank > new_rank,向前移动
# 所有 new_rank <= rank < p_rank 的条目,其rank+1
# p_rank < new_rank,向后移动
# 所有 new_rank >= rank > p_rank 的条目,其rank-1
# 最后令pid条目的rank为new_rank
# 1. 判断此账号是否已经存在
s = SQL(db)
err = s.select_from('ops_policy', ['id', 'name', 'rank']).where('ops_policy.id={}'.format(pid)).query()
if err != TPE_OK:
return err
if len(s.recorder) == 0:
return TPE_NOT_EXISTS
p_name = s.recorder[0]['name']
p_rank = s.recorder[0]['rank']
# if p_rank > new_rank:
# compare = '>'
# if insert_before:
# compare = '>='
# sql = 'UPDATE `{dbtp}ops_policy` SET rank=rank+1 WHERE (rank{compare}{new_rank} AND rank<{p_rank});' \
# ''.format(dbtp=db.table_prefix, compare=compare, new_rank=new_rank, p_rank=p_rank)
# else:
# compare = '<'
# if insert_before:
# compare = '<='
# sql = 'UPDATE `{dbtp}ops_policy` SET rank=rank-1 WHERE (rank{compare}{new_rank} AND rank>{p_rank});' \
# ''.format(dbtp=db.table_prefix, compare=compare, new_rank=new_rank, p_rank=p_rank)
sql = 'UPDATE `{dbtp}ops_policy` SET rank=rank{direct} WHERE (rank>={start_rank} AND rank<={end_rank});' \
''.format(dbtp=db.table_prefix, direct=direct, start_rank=start_rank, end_rank=end_rank)
db_ret = db.exec(sql)
if not db_ret:
return TPE_DATABASE
sql = 'UPDATE `{dbtp}ops_policy` SET rank={new_rank} WHERE id={pid};' \
''.format(dbtp=db.table_prefix, new_rank=new_rank, pid=pid)
db_ret = db.exec(sql)
if not db_ret:
return TPE_DATABASE
syslog.sys_log(handler.get_current_user(), handler.request.remote_ip, TPE_OK, "调整运维授权策略顺序:{},从{}到{}".format(p_name, p_rank, new_rank))
return policy.rebuild_ops_auz_map()
def add_members(handler, policy_id, policy_type, ref_type, members):
# step 1: select exists rid.
s = SQL(get_db())
s.select_from('ops_auz', ['rid'], alt_name='p')
_where = list()
_where.append('p.policy_id={}'.format(policy_id))
_where.append('p.type={}'.format(policy_type))
_where.append('p.rtype={}'.format(ref_type))
s.where('( {} )'.format(' AND '.join(_where)))
err = s.query()
if err != TPE_OK:
return err
exists_ids = [r['rid'] for r in s.recorder]
operator = handler.get_current_user()
db = get_db()
_time_now = tp_timestamp_utc_now()
sql = []
for m in members:
if m['id'] in exists_ids:
continue
str_sql = 'INSERT INTO `{}ops_auz` (policy_id, type, rtype, rid, `name`, creator_id, create_time) VALUES ' \
'({pid}, {t}, {rtype}, {rid}, "{name}", {creator_id}, {create_time});' \
''.format(db.table_prefix,
pid=policy_id, t=policy_type, rtype=ref_type,
rid=m['id'], name=m['name'],
creator_id=operator['id'], create_time=_time_now)
sql.append(str_sql)
if db.transaction(sql):
# return TPE_OK
return policy.rebuild_ops_auz_map()
else:
return TPE_DATABASE