def group_create(appname, group_name, perm_list={}): ''' create api to add group. Request URL: /auth/group/add Http Method: POST Parameters: { "group_name":"xxx", "perm_list":{} } Return : { "status":0 "data":{} } ''' if Group.find_one_group(appname, {"group_name": group_name}): return json_response_error( PARAM_ERROR, msg="the groupname exist") group_instance = Group.new(group_name, perm_list) Group.save(appname, group_instance) cond = {"group_name": group_name} group_info = Group.find_one_group( appname, cond, {"_id": 1, "group_name": 1}) group_info["id"] = group_info["_id"] return json_response_ok(group_info)
def group_name_mod(appname, gid, data): ''' this api is used to modify one group Request URL: /auth/user/{gid} HTTP Method:POST Parameters: { "group_name":"xxx", } Return : { "status":0 "data":{} } ''' group_name = data["group_name"] old_group = Group.find_one_group(appname, {"group_name": group_name}) if old_group and old_group["_id"] != gid: return json_response_error( PARAM_ERROR, msg="the groupname exist") cond = {"_id": gid} Group.update_group(appname, cond, data) group_info = Group.find_one_group( appname, cond, {"_id": 1, "group_name": 1}) group_info["id"] = group_info["_id"] return json_response_ok(group_info)
def group_delete(appname, gid): ''' this api is used to delete group,when one group removed,the user who in this group ,the group id will remove too. Request URL: /auth/group/delete HTTP Method: POST Parameters: { "gids":3 } Return: { "status":0 "data":{} "msg":"delete successfully" } ''' gid = int(gid) group = Group.find_one_group(appname, {"_id": gid}, None) data = {"id": gid} if group: users = user_info(appname, int(gid)) if users: _LOGGER.info("group id %s is refer" % gid) return json_response_error(DATA_RELETED_BY_OTHER, data) else: Group.del_group(appname, gid) return json_response_ok(data, msg="delete group success") else: _LOGGER.info("group id %s is not exist" % gid) return json_response_error( PARAM_ERROR, data, msg="invalid group id,check parameters")
def group_right_mod(appname, projectname, gid, data): ''' this api is used to modify one group Request URL: /auth/user/{gid} HTTP Method:POST Parameters: { "perm_list":[1,2,3,4] } Return : { "status":0 "data":{} } ''' # check if group id in db cond = {"_id": gid} fields = {"_id": 0} group_info = Group.find_one_group(appname, cond, fields) if not group_info: return json_response_error(PARAM_ERROR, msg="the group not exist") right_list = [int(rid) for rid in data["perm_list"]] right_list = list(set(right_list)) # check if right id in db for rid in right_list: if not Right.find_one_right(appname, {"_id": rid}): return json_response_error( PARAM_ERROR, msg="the right id:%s not exist" % rid) # update group right info group_info["permission_list"][projectname] = right_list Group.update_group(appname, cond, group_info) return json_response_ok({}, msg="update group right success")
def group_right_get(appname, projectname, gid): ''' this api is used to get group perm list Request URL: /auth/user/{uid} HTTP Method:POST Parameters:None Return : { "status":0 "data":{ "perm_list":[1,2,3,4], "id": 1 } "msg":"" } ''' cond = {"_id": gid} group_info = Group.find_one_group(appname, cond, None) if not group_info: return json_response_error( PARAM_ERROR, msg="the group not exist") right_ids = group_info.get("permission_list") right_ids = right_ids.get(projectname, []) rights = {} rights.setdefault("perm_list", right_ids) rights.setdefault("id", gid) return json_response_ok(rights)
def _gid2name(appname, gids): assert(isinstance(gids, list)) namedict = {} for gid in gids: group = Group.find_one_group(appname, {"_id": gid}) namedict[gid] = group['group_name'] return namedict
def check_session(appname, module, opname, action, lc, uid): ''' check user right ''' rightids = [] perm_names = ['%s-%s-%s' % (opname, module, action), ] for perm_name in perm_names: perm = Right.find_one_right(appname, {'perm_name': perm_name}) if perm: if perm['_id'] not in rightids: rightids.append(perm['_id']) usr = User.find_one_user({'_id': uid}) usrights = usr['permission_list'] if not usr: return json_response_error(AUTH_ERROR) if usr['is_superuser']: return json_response_ok() usrgroup = usr['group_id'] for group in usrgroup: group_info = Group.find_one_group({'_id': group}) usrights.extend(group_info['permission_list']) for rightid in rightids: if rightid in usrights: return json_response_ok() return json_response_error(AUTH_ERROR)
def get_check_uids( appname, projectname, applabel, module, action="checked", perm_lc="all"): # get perm id perm_name = '%s-%s-%s' % (applabel, module, action) right_cond = { 'perm_name': perm_name, 'app_name': projectname, "lc": perm_lc} perm = Right.find_one(appname, right_cond) if not perm: _LOGGER.error("the right:%s not exist" % perm_name) #get user who has this right check_ids = [] perm_id = perm["_id"] perm_key = "permission_list.%s" % projectname group_cond = {perm_key: perm_id} groups_info = Group.find(appname, group_cond) group_ids = [i["_id"] for i in groups_info] for gid in group_ids: group_info = user_info(appname, gid) user_ids = [i["id"] for i in group_info] check_ids += user_ids user_cond = {perm_key: perm_id} users_info = User.find(appname, user_cond) user_ids = [i["_id"] for i in users_info] check_ids += user_ids check_ids = list(set(check_ids)) return check_ids
def user_mod(appname, uid, data): """ this api is used to modify one user Request URL: /auth/user/{uid} HTTP Method:POST Parameters: None Return : { "status":0 "data":{ "perm_list":[1,2,3,4], "disable_list":[1,2,3,4], "id": 1 } "msg":"" } """ cond = {"_id": uid} user = User.find_one_user(appname, cond, None) if not user: return json_response_error(PARAM_ERROR, msg="id:%s is invalid" % uid) user_name = data["user_name"] old_user = Group.find_one_group(appname, {"user_name": user_name}) if old_user and old_user["_id"] != uid: return json_response_error(PARAM_ERROR, msg="the user name exist") group_id = [int(gid) for gid in data["group_id"]] user_data = {"user_name": user_name, "mark": data["mark"], "group_id": group_id} User.update_user(appname, cond, user_data) return json_response_ok({})
def group_get(appname, gid): ''' this api is used to view one group Request URL: /auth/user/{gid} HTTP Method:GET Return: Parameters: None { "status":0 "data":{ "item":[ { "id":"2", "role":"admin", "last_login":"******" } } ''' group_info = Group.find_one_group(appname, {"_id": gid}) if not group_info: return json_response_error(PARAM_ERROR, msg="the group not exist") group_info = user_info(appname, gid) data = {} data.setdefault("items", group_info) return json_response_ok(data)
def get_role(appname, gids): roles = [] for gid in gids: group_id = int(gid) cond = {"_id": group_id} group_info = Group.find_one_group(appname, cond, None) roles.append(group_info["group_name"]) return roles
def group_list(appname, page=0, page_size=PAGE_SIZE): ''' list api for show group list. Request URL: /auth/group/list Http Method: GET Parameters : None Return : { "status":0 "data":{ "items":[ { "_id":"2", "group_name":"admin", "permission_list":[19,20,21,22] }, { "_id":4, "group_name":"translator", "permission_list":[22,23] } ] } } ''' cond = {} fields = {"_id": 1, "group_name": 1} sort = [("_id", 1)] group_cursor = Group.find_group(appname, cond, fields) if sort is not None: group_cursor = group_cursor.sort(sort) group_cursor = group_cursor.skip( page * page_size).limit(page_size) total = Group.find_group(appname, cond).count() groups = [] for item in group_cursor: item["id"] = item.pop("_id") groups.append(item) data = {} data.setdefault("items", groups) data.setdefault("total", total) return json_response_ok(data)
def get_role_display_data(appname): sort = [("last_modified", -1)] fields = {"_id": 1, "group_name": 1} info = {"name": "role", "items": []} group_cursor = Group.find_group(appname, {}, fields).sort(sort) for role_item in group_cursor: role_dict = {"display_value": "", "value": ""} role_dict["value"] = role_item.get("_id") role_dict["display_value"] = role_item.get("group_name") info["items"].append(role_dict) return info
def user_right_mod(appname, projectname, uid, data): """ this api is used to modify one group Request URL: /auth/user/{gid} HTTP Method:POST Parameters: { "perm_list":[1,2,3,4] "disable_list":[1,2,3,4] } Return : { "status":0 "data":{} } """ # check if user id in db cond = {"_id": uid} fields = {"_id": 0} user_info = User.find_one_user(appname, cond, fields) if not user_info: return json_response_error(PARAM_ERROR, msg="the user not exist") # check if right id in db right_list = [int(rid) for rid in data["perm_list"]] right_list = list(set(right_list)) for rid in right_list: if not Right.find_one_right(appname, {"_id": rid}): return json_response_error(PARAM_ERROR, msg="the right id:%s not exist" % rid) group_perm_ids = [] gids = user_info.get("group_id") for gid in gids: group_info = Group.find_one_group(appname, {"_id": gid}, None) if group_info: perm_ids = group_info.get("permission_list") group_perm_ids += perm_ids.get(projectname, []) if group_perm_ids: group_perm_ids = list(set(group_perm_ids)) # update user right info user_right_list = [] for rid in right_list: if rid not in group_perm_ids: user_right_list.append(rid) user_info["permission_list"][projectname] = user_right_list User.update_user(appname, cond, user_info) return json_response_ok({}, msg="update user right success")
def init_navigate_list(appname, uid): ''' return values like below: [ { "display_value":"环信", "value":"square_console" } ] ''' assert uid cond = {"_id": uid} user_info = User.find_one_user(appname, cond, None) app_names = [] if user_info.get("is_superuser"): app_names = Right.find_right( appname, {}, {"app_name": 1}, toarray=True) else: user_right_info = user_info.get("permission_list") # get user privately-owned right for app_name in user_right_info: if user_right_info.get(app_name): app_names.append(app_name) # get user publicly-owned right gids = user_info.get("group_id") if gids: for gid in gids: group_info = Group.find_one_group(appname, {"_id": gid}, None) if group_info: group_right_info = group_info.get("permission_list") for app_name in group_right_info: if group_right_info.get(app_name): app_names.append(app_name) else: _LOGGER.error("group id:%s error", gid) navigates = [] if app_names: app_names = list(set(app_names)) for app_name in app_names: app_dict = {} app_display = NAV_DICT.get(app_name) app_dict.setdefault("display_value", app_display) app_dict.setdefault("value", app_name) navigates.append(app_dict) return navigates
def user_right_get(appname, projectname, uid): """ this api is used to get user perm list Request URL: /auth/user/{uid} HTTP Method:POST Parameters: { "group_name":"xxx", "perm_list":[1,2,3,4] } Return : { "status":0 "data":{} "msg":"modify successfully" } """ cond = {"_id": uid} user_info = User.find_one_user(appname, cond, None) if not user_info: return json_response_error(PARAM_ERROR, msg="the user not exist") right_ids = [] disable_right_ids = [] if user_info: gids = user_info.get("group_id") user_perm_ids = user_info.get("permission_list") right_ids += user_perm_ids.get(projectname, []) for gid in gids: group_info = Group.find_one_group(appname, {"_id": gid}, None) if group_info: perm_ids = group_info.get("permission_list") perm_ids = perm_ids.get(projectname, []) right_ids.extend(perm_ids) disable_right_ids.extend(perm_ids) if right_ids: right_ids = list(set(right_ids)) if disable_right_ids: disable_right_ids = list(set(disable_right_ids)) rights = {} rights.setdefault("perm_list", right_ids) rights.setdefault("disable_list", disable_right_ids) rights.setdefault("id", uid) return json_response_ok(rights)
def get_perms_by_uid(appname, projectname, uid, perm_type="module"): right_ids = [] cond = {"_id": uid} user_info = User.find_one_user(appname, cond, None) perm_cond = {"app_name": projectname, "perm_type": perm_type} if user_info.get("is_superuser"): return Right.find_right(appname, perm_cond, {"_id": 1}, toarray=True) else: user_right_info = user_info.get("permission_list") right_ids = user_right_info.get(projectname, []) gids = user_info.get("group_id") if gids: for gid in gids: group_info = Group.find_one_group(appname, {"_id": gid}, None) if group_info: group_right_info = group_info.get("permission_list") right_ids += group_right_info.get(projectname, []) if right_ids: right_ids = list(set(right_ids)) return get_perms_by_ids(appname, projectname, right_ids, perm_type)