def delete(self, request, *args, **kwargs): """ 二次确认删除应用 --- parameters: - name: tenantName description: 租户名 required: true type: string paramType: path - name: service_id description: 应用id required: true type: string paramType: form """ service_id = request.data.get("service_id", None) identitys = team_services.get_user_perm_identitys_in_permtenant( user_id=self.user.user_id, tenant_name=self.tenant_name) perm_tuple = team_services.get_user_perm_in_tenant(user_id=self.user.user_id, tenant_name=self.tenant_name) if "delete_service" not in perm_tuple and "owner" not in identitys and "admin" \ not in identitys and "developer" not in identitys: return Response(general_message(400, "Permission denied", "没有删除应用权限"), status=400) service = service_repo.get_service_by_service_id(service_id) code, msg = app_manage_service.delete_again(self.user, self.tenant, service, is_force=True) bean = {} if code != 200: return Response(general_message(code, "delete service error", msg, bean=bean), status=code) result = general_message(code, "success", "操作成功", bean=bean) return Response(result, status=result["code"])
def get(self, request, team_name, *args, **kwargs): """ 退出当前团队 --- parameters: - name: team_name description: 当前所在的团队 required: true type: string paramType: path """ if "owner" in team_services.get_user_perm_identitys_in_permtenant( user_id=request.user.user_id, tenant_name=team_name): result = general_message(409, "not allow exit.", "您是当前团队最高管理员,不能退出此团队") else: try: code, msg_show = team_services.exit_current_team( team_name=team_name, user_id=request.user.user_id) if code == 200: result = general_message(code=code, msg="success", msg_show=msg_show) else: result = general_message(code=code, msg="failed", msg_show=msg_show) except Exception as e: logger.exception(e) result = error_message(e.message) return Response(result, status=result["code"])
def put(self, request, team_name, *args, **kwargs): """管理员审核用户""" try: # 判断角色 identity_list = team_services.get_user_perm_identitys_in_permtenant( user_id=request.user.user_id, tenant_name=team_name) if "owner" or "admin" in identity_list: user_id = request.data.get("user_id") action = request.data.get("action") join = apply_repo.get_applicants_by_id_team_name( user_id=user_id, team_name=team_name) if action is True: join.update(is_pass=1) team = team_repo.get_team_by_team_name(team_name=team_name) team_services.add_user_to_team_by_viewer(tenant=team, user_id=user_id) return Response(general_message(200, "join success", "加入成功"), status=200) else: join.update(is_pass=2) return Response(general_message(200, "join rejected", "拒绝成功"), status=200) except Exception as e: logger.exception(e) result = error_message(e.message) return Response(result, status=result["code"])
def post(self, request, *args, **kwargs): """ 批量操作服务 --- parameters: - name: tenantName description: 租户名 required: true type: string paramType: path - name: action description: 操作名称 stop| start|restart required: true type: string paramType: form - name: service_ids description: 批量操作的服务ID 多个以英文逗号分隔 required: true type: string paramType: form """ try: action = request.data.get("action", None) service_ids = request.data.get("service_ids", None) if action not in ("stop", "start", "restart"): return Response(general_message(400, "param error", "操作类型错误"), status=400) identitys = team_services.get_user_perm_identitys_in_permtenant( user_id=self.user.user_id, tenant_name=self.tenant_name) perm_tuple = team_services.get_user_perm_in_tenant( user_id=self.user.user_id, tenant_name=self.tenant_name) if action == "stop": if "stop_service" not in perm_tuple and "owner" not in identitys and "admin" not in identitys and "developer" not in identitys: return Response(general_message(400, "Permission denied", "没有关闭应用权限"), status=400) if action == "start": if "start_service" not in perm_tuple and "owner" not in identitys and "admin" not in identitys and "developer" not in identitys: return Response(general_message(400, "Permission denied", "没有启动应用权限"), status=400) if action == "restart": if "restart_service" not in perm_tuple and "owner" not in identitys and "admin" not in identitys and "developer" not in identitys: return Response(general_message(400, "Permission denied", "没有重启应用权限"), status=400) service_id_list = service_ids.split(",") code, msg = app_manage_service.batch_action( self.tenant, self.user, action, service_id_list) if code != 200: result = general_message(code, "batch manage error", msg) else: result = general_message(200, "success", "操作成功") except Exception as e: logger.exception(e) result = error_message(e.message) return Response(result, status=result["code"])
def list_users_by_tenant_id(self, tenant_id, page=None, size=None, query=""): result = user_repo.list_users_by_tenant_id(tenant_id, query=query, page=page, size=size) users = [] for item in result: # 获取一个用户在一个团队中的身份列表 perms_identitys = team_services.get_user_perm_identitys_in_permtenant( user_id=item.get("user_id"), tenant_name=tenant_id) # 获取一个用户在一个团队中的角色ID列表 perms_role_list = team_services.get_user_perm_role_id_in_permtenant( user_id=item.get("user_id"), tenant_name=tenant_id) role_infos = [] for identity in perms_identitys: if identity == "access": role_infos.append({"role_name": identity, "role_id": None}) else: role_id = role_repo.get_role_id_by_role_name(identity) role_infos.append({"role_name": identity, "role_id": role_id}) for role in perms_role_list: role_name = role_repo.get_role_name_by_role_id(role) role_infos.append({"role_name": role_name, "role_id": role}) users.append({ "user_id": item.get("user_id"), "nick_name": item.get("nick_name"), "email": item.get("email"), "phone": item.get("phone"), "is_active": item.get("is_active"), "enterprise_id": item.get("enterprise_id"), "role_infos": role_infos, }) total = user_repo.count_users_by_tenant_id(tenant_id, query=query) return users, total
def get(self, request, team_name, *args, **kwargs): """ 获取某团队下的所有用户(每页展示八个用户) --- parameters: - name: team_name description: 团队名称 required: true type: string paramType: path - name: page description: 页数 required: true type: string paramType: query """ try: code = 200 page = request.GET.get("page", 1) user_list = team_services.get_tenant_users_by_tenant_name( tenant_name=team_name) users_list = list() for user in user_list: perms_list = team_services.get_user_perm_identitys_in_permtenant( user_id=user.user_id, tenant_name=team_name) users_list.append({ "user_id": user.user_id, "user_name": user.nick_name, "email": user.email, "identity": perms_list }) paginator = Paginator(users_list, 8) try: users = paginator.page(page).object_list except PageNotAnInteger: users = paginator.page(1).object_list except EmptyPage: users = paginator.page(paginator.num_pages).object_list result = general_message(code, "team members query success", "查询成功", list=users, total=paginator.count) except UserNotExistError as e: code = 400 logger.exception(e) result = general_message(code, "user not exist", e.message) except TenantNotExistError as e: code = 400 logger.exception(e) result = general_message(code, "tenant not exist", "{}团队不存在".format(team_name)) except Exception as e: code = 500 logger.exception(e) result = general_message(code, "system error", "系统异常") return Response(data=result, status=code)
def get(self, request, team_name, *args, **kwargs): """ 获取团队详情 --- parameters: - name: team_name description: team name required: true type: string paramType: path """ try: tenant = team_services.get_tenant_by_tenant_name(team_name) if not tenant: return Response(general_message(404, "team not exist", "团队{0}不存在".format(team_name)), status=404) user_team_perm = team_services.get_user_perms_in_permtenant(self.user.user_id, team_name) tenant_info = dict() team_region_list = region_services.get_region_list_by_team_name(request=request, team_name=team_name) p = PermActions() tenant_info["team_id"] = tenant.ID tenant_info["team_name"] = tenant.tenant_name tenant_info["team_alias"] = tenant.tenant_alias tenant_info["limit_memory"] = tenant.limit_memory tenant_info["pay_level"] = tenant.pay_level tenant_info["region"] = team_region_list tenant_info["creater"] = tenant.creater tenant_info["create_time"] = tenant.create_time if not user_team_perm: if not self.user.is_sys_admin and team_name != "grdemo": return Response(general_message(403, "you right to see this team", "您无权查看此团队"), 403) else: perms_list = team_services.get_user_perm_identitys_in_permtenant(user_id=self.user.user_id, tenant_name=tenant.tenant_name) role_name_list = team_services.get_user_perm_role_in_permtenant(user_id=self.user.user_id, tenant_name=tenant.tenant_name) role_perms_tuple = team_services.get_user_perm_in_tenant(user_id=self.user.user_id, tenant_name=tenant.tenant_name) tenant_actions = () tenant_info["identity"] = perms_list + role_name_list if perms_list: final_identity = get_highest_identity(perms_list) perms = p.keys('tenant_{0}_actions'.format(final_identity)) tenant_actions += perms tenant_actions += role_perms_tuple tenant_info["tenant_actions"] = tuple(set(tenant_actions)) return Response(general_message(200, "success", "查询成功", bean=tenant_info), status=200) except Exception as e: logger.exception(e) result = error_message(e.message) return Response(result, status=result["code"])
def get(self, request, team_name, *args, **kwargs): """ 退出当前团队 --- parameters: - name: team_name description: 当前所在的团队 required: true type: string paramType: path """ identity_list = team_services.get_user_perm_identitys_in_permtenant( user_id=request.user.user_id, tenant_name=team_name) role_name_list = team_services.get_user_perm_role_in_permtenant( user_id=request.user.user_id, tenant_name=team_name) if "owner" in identity_list: result = general_message(409, "not allow exit.", "您是当前团队创建者,不能退出此团队") return Response(result, status=409) if "admin" in identity_list: result = general_message(409, "not allow exit.", "您是当前团队管理员,不能退出此团队") return Response(result, status=409) if "owner" in role_name_list: result = general_message(409, "not allow exit.", "您是当前团队创建者,不能退出此团队") return Response(result, status=409) if "admin" in role_name_list: result = general_message(409, "not allow exit.", "您是当前团队管理员,不能退出此团队") return Response(result, status=409) try: if request.user.nick_name == "rainbond-demo" and team_name == "a5qw69mz": return Response(general_message(403, "permission denied!", "您无法退出此团队"), status=403) code, msg_show = team_services.exit_current_team( team_name=team_name, user_id=request.user.user_id) if code == 200: result = general_message(code=code, msg="success", msg_show=msg_show) else: result = general_message(code=code, msg="failed", msg_show=msg_show) except Exception as e: logger.exception(e) result = error_message(e.message) return Response(result, status=result["code"])
def check_perm(perm, user, tenantName=None, serviceAlias=None): if isinstance(user, AnonymousUser): raise PermissionDenied('this resource need login status', redirect_url='/login') if tenantName is None: raise UrlParseError(500, 'tenantName is None') if not hasattr(user, 'actions'): user.actions = UserActions() p = PermActions() try: tenant = Tenants.objects.get(tenant_name=tenantName) identitys = team_services.get_user_perm_identitys_in_permtenant(user_id=user.pk, tenant_name=tenant.tenant_name) role_id_list = team_services.get_user_perm_role_id_in_permtenant(user_id=user.pk, tenant_name=tenant.tenant_name) if not identitys and not role_id_list: raise PermRelTenant.DoesNotExist tenant_actions_tuple = () if identitys: tenant_identity = get_highest_identity(identitys) tenant_actions = p.keys('tenant_{0}_actions'.format(tenant_identity)) tenant_actions_tuple += tenant_actions if role_id_list: for role_id in role_id_list: perm_tuple = role_perm_repo.get_perm_by_role_id(role_id=role_id) tenant_actions_tuple += perm_tuple user.actions.set_actions('tenant', tuple(set(tenant_actions_tuple))) if serviceAlias is not None: service = TenantServiceInfo.objects.get(tenant_id=tenant.tenant_id, service_alias=serviceAlias) user_service_perms_id_list = ServiceRelPerms.objects.filter( user_id=user.pk, service_id=service.pk).values_list( "perm_id", flat=True) perm_codename_list = role_perm_repo.get_perm_list_by_perm_id_list(perm_id_list=user_service_perms_id_list) user.actions.set_actions('service', perm_codename_list) except Tenants.DoesNotExist: raise UrlParseError(404, 'no matching tenantName for {0}'.format(tenantName)) except TenantServiceInfo.DoesNotExist: raise UrlParseError(404, 'no matching serviceAlias for {0}'.format(serviceAlias)) except PermRelTenant.DoesNotExist: tenant = Tenants.objects.filter(tenant_name=tenantName)[0] if not user.is_sys_admin and tenantName != "grdemo": raise UrlParseError(403, 'no permissions for user {0} on tenant {1}'.format(user.nick_name, tenant.tenant_name)) user.actions.set_actions('tenant', p.keys('tenant_viewer_actions')) except PermRelService.DoesNotExist: pass # if user.is_sys_admin: # return True if perm in user.actions: return True raise BusinessException(Response(general_message(403, "you don't have enough permissions", "您无权限执行此操作"), status=403))
def post(self, request, team_name, *args, **kwargs): """ 修改团队名 --- parameters: - name: team_name description: 旧团队名 required: true type: string paramType: path - name: new_team_alias description: 新团队名 required: true type: string paramType: body """ try: perms = team_services.get_user_perm_identitys_in_permtenant( user_id=request.user.user_id, tenant_name=team_name) perm_tuple = team_services.get_user_perm_in_tenant( user_id=request.user.user_id, tenant_name=team_name) no_auth = True if "owner" in perms or "modify_team_name" in perm_tuple: no_auth = False if no_auth: code = 400 result = general_message(code, "no identity", "权限不足不能修改团队名") else: new_team_alias = request.data.get("new_team_alias", "") if new_team_alias: try: code = 200 team = team_services.update_tenant_alias( tenant_name=team_name, new_team_alias=new_team_alias) result = general_message(code, "update success", "团队名修改成功", bean=team.to_dict()) except Exception as e: code = 500 result = general_message(code, "update failed", "团队名修改失败") logger.exception(e) else: result = general_message(400, "failed", "修改的团队名不能为空") code = 400 except Exception as e: code = 500 result = general_message(code, "update failed", "团队名修改失败") logger.exception(e) return Response(result, status=code)
def get(self, request, *args, **kwargs): """ 团队管理员可以获取公有云的数据中心列表 --- parameters: - name: enterprise_id description: 企业id required: true type: string paramType: path - name: team_name description: 当前团队名字 required: true type: string paramType: query """ try: team_name = request.GET.get("team_name", None) if not team_name: return Response(general_message(400, "params error", "参数错误"), status=400) perm_list = team_services.get_user_perm_identitys_in_permtenant( user_id=request.user.user_id, tenant_name=team_name) role_name_list = team_services.get_user_perm_role_in_permtenant( user_id=request.user.user_id, tenant_name=team_name) perm = "owner" not in perm_list and "admin" not in perm_list if perm and "owner" not in role_name_list and "admin" not in role_name_list: code = 400 result = general_message(code, "no identity", "您不是owner或admin,没有权限做此操作") return Response(result, status=code) team = team_services.get_tenant_by_tenant_name( tenant_name=team_name, exception=True) res, data = market_api.get_public_regions_list( tenant_id=team.tenant_id, enterprise_id=team.enterprise_id) if res["status"] == 200: code = 200 result = general_message( code, "query the data center is successful.", "公有云数据中心获取成功", list=data) else: code = 400 result = general_message(code, msg="query the data center failed", msg_show="公有云数据中心获取失败") except Exception as e: code = 500 logger.exception(e) result = error_message(e.message) return Response(result, status=code)
def post(self, request, team_name, *args, **kwargs): """ 移交团队管理权 --- parameters: - name: team_name description: 团队名 required: true type: string paramType: path - name: user_name description: 被赋予权限的用户名 required: true type: string paramType: body """ try: perm_list = team_services.get_user_perm_identitys_in_permtenant( user_id=request.user.user_id, tenant_name=team_name) role_list = team_services.get_user_perm_role_in_permtenant( user_id=request.user.user_id, tenant_name=team_name) no_auth = "owner" not in perm_list and "owner" not in role_list if no_auth: code = 400 result = general_message(code, "no identity", "你不是最高管理员") else: user_name = request.data.get("user_name", None) other_user = user_services.get_user_by_username( user_name=user_name) if other_user.nick_name != user_name: code = 400 result = general_message(code, "identity modify failed", "{}不能修改自己的权限".format(user_name)) else: code, msg = team_services.change_tenant_admin( user_id=request.user.user_id, other_user_id=other_user.user_id, tenant_name=team_name) if code == 200: result = general_message(code, "identity modify success", msg) else: result = general_message(code, "Authorization failure", "授权失败") except Exception as e: code = 500 result = error_message(e.message) logger.exception(e) return Response(result, status=code)
def get(self, request, team_name, *args, **kwargs): """ 初始化团队和数据中心信息 --- parameters: - name: team_name description: 团队别名 required: true type: string paramType: path - name: page_num description: 页码 required: false type: string paramType: query - name: page_size description: 每页数量 required: false type: string paramType: query """ try: # 判断角色 identity_list = team_services.get_user_perm_identitys_in_permtenant( user_id=request.user.user_id, tenant_name=team_name) page_num = int(request.GET.get("page_num", 1)) page_size = int(request.GET.get("page_size", 5)) rt_list = [] total = 0 # 是管理员 if "owner" or "admin" in identity_list: # 查询申请用户 applicants = apply_repo.get_applicants(team_name=team_name) for applicant in applicants: is_pass = applicant.is_pass if is_pass == 0: rt_list.append(applicant.to_dict()) apc_paginator = JuncheePaginator(rt_list, int(page_size)) total = apc_paginator.count page_aplic = apc_paginator.page(page_num) rt_list = [apc for apc in page_aplic] # 返回 result = general_message(200, "success", "查询成功", list=rt_list, total=total) except Exception as e: logger.exception(e) result = error_message(e.message) return Response(result, status=result["code"])
def get(self, request, *args, **kwargs): """ 查询我的详情 --- """ try: p = PermActions() code = 200 user = self.user user.actions = UserActions() tenants = team_services.get_current_user_tenants( user_id=user.user_id) user_detail = dict() user_detail["user_id"] = user.user_id user_detail["user_name"] = user.nick_name user_detail["email"] = user.email user_detail["enterprise_id"] = user.enterprise_id user_detail["phone"] = user.phone user_detail["git_user_id"] = user.git_user_id tenant_list = list() for tenant in tenants: tenant_info = dict() team_region_list = region_services.get_region_list_by_team_name( request=request, team_name=tenant.tenant_name) tenant_info["team_id"] = tenant.ID tenant_info["team_name"] = tenant.tenant_name tenant_info["team_alias"] = tenant.tenant_alias tenant_info["limit_memory"] = tenant.limit_memory tenant_info["pay_level"] = tenant.pay_level tenant_info["region"] = team_region_list tenant_info["creater"] = tenant.creater tenant_info["create_time"] = tenant.create_time perms_list = team_services.get_user_perm_identitys_in_permtenant( user_id=user.user_id, tenant_name=tenant.tenant_name) final_identity = perms.get_highest_identity(perms_list) tenant_info["identity"] = final_identity tenant_actions = p.keys( 'tenant_{0}_actions'.format(final_identity)) user.actions.set_actions('tenant', tenant_actions) tenant_info["tenant_actions"] = user.actions.tenant_actions tenant_list.append(tenant_info) user_detail["teams"] = tenant_list result = general_message(code, "Obtain my details to be successful.", "获取我的详情成功", bean=user_detail) except Exception as e: code = 500 logger.exception(e) result = error_message(e.message) return Response(result, status=code)
def delete(self, request, team_name, *args, **kwargs): """ 删除当前团队 --- parameters: - name: team_name description: 要删除的团队 required: true type: string paramType: path """ code = 200 identity_list = team_services.get_user_perm_identitys_in_permtenant( user_id=request.user.user_id, tenant_name=team_name) perm_tuple = team_services.get_user_perm_in_tenant( user_id=request.user.user_id, tenant_name=team_name) team = team_services.get_tenant_by_tenant_name(team_name) if not user_services.is_user_admin_in_current_enterprise( request.user, team.enterprise_id): if "owner" not in identity_list and "drop_tenant" not in perm_tuple: code = 400 result = general_message(code, "no identity", "您不是最高管理员,不能删除团队") return Response(result, status=code) try: service_count = team_services.get_team_service_count_by_team_name( team_name=team_name) if service_count >= 1: result = general_message(400, "failed", "当前团队内有应用,不可以删除") return Response(result, status=400) status = team_services.delete_tenant(tenant_name=team_name) if not status: result = general_message(code, "delete a tenant successfully", "删除团队成功") else: code = 400 result = general_message(code, "delete a tenant failed", "删除团队失败") except Tenants.DoesNotExist as e: code = 400 logger.exception(e) result = generate_result(code, "tenant not exist", "{}团队不存在".format(team_name)) except Exception as e: code = 500 result = general_message(code, "sys exception", "系统异常") logger.exception(e) return Response(result, status=code)
def get(self, request, team_name, user_name, *args, **kwargs): """ 用户详情 --- parameters: - name: team_name description: 团队名 required: true type: string paramType: path - name: user_name description: 用户名 required: true type: string paramType: path """ try: # u, perms = user_services.get_user_detail(tenant_name=team_name, nick_name=user_name) team = team_services.get_tenant_by_tenant_name(team_name) is_user_enter_amdin = user_services.is_user_admin_in_current_enterprise( self.user, team.enterprise_id) perms = team_services.get_user_perm_identitys_in_permtenant( self.user.user_id, team_name) role_list = team_services.get_user_perm_role_in_permtenant( user_id=self.user.user_id, tenant_name=team_name) # teams = [{"team_identity": perm.identity} for perm in perms] data = dict() data["nick_name"] = self.user.nick_name data["email"] = self.user.email # data["teams_identity"] = teams[0]["team_identity"] data["teams_identity"] = perms + role_list data["is_user_enter_amdin"] = is_user_enter_amdin code = 200 result = general_message(code, "user details query success.", "用户详情获取成功", bean=data) return Response(result, status=code) except UserNotExistError as e: logger.exception(e) code = 400 result = general_message(code, "this user does not exist on this team.", "该用户不存在这个团队") return Response(result, status=code) except Exception as e: logger.exception(e) result = error_message(e.message) return Response(result, status=500)
def delete(self, request, team_name, *args, **kwargs): """ 删除租户内的用户 (可批量可单个) --- parameters: - name: team_name description: 团队名称 required: true type: string paramType: path - name: user_ids description: 用户名 user_id1,user_id2 ... required: true type: string paramType: body """ try: no_auth = "owner" not in team_services.get_user_perm_identitys_in_permtenant( user_id=request.user.user_id, tenant_name=team_name) if no_auth: code = 400 result = general_message(code, "no identity", "没有权限") else: user_ids = str(request.data.get("user_ids", None)) if not user_ids: result = general_message(400, "failed", "删除成员不能为空") return Response(result, status=400) if str(request.user.user_id) in user_ids: result = general_message(400, "failed", "不能删除自己") return Response(result, status=400) try: user_id_list = user_ids.split(",") user_services.batch_delete_users(team_name, user_id_list) result = general_message(200, "delete the success", "删除成功") except Tenants.DoesNotExist as e: logger.exception(e) result = generate_result(400, "tenant not exist", "{}团队不存在".format(team_name)) except Exception as e: logger.exception(e) result = error_message(e.message) return Response(result) except Exception as e: code = 500 logger.exception(e) result = error_message(e.message) return Response(result, status=code)
def delete(self, request, *args, **kwargs): """ 批量删除应用 --- parameters: - name: tenantName description: 租户名 required: true type: string paramType: path - name: service_ids description: 批量操作的服务ID 多个以英文逗号分隔 required: true type: string paramType: form """ try: service_ids = request.data.get("service_ids", None) identitys = team_services.get_user_perm_identitys_in_permtenant( user_id=self.user.user_id, tenant_name=self.tenant_name) perm_tuple = team_services.get_user_perm_in_tenant( user_id=self.user.user_id, tenant_name=self.tenant_name) if "delete_service" not in perm_tuple and "owner" not in identitys and "admin" \ not in identitys and "developer" not in identitys: return Response(general_message(400, "Permission denied", "没有删除应用权限"), status=400) service_id_list = service_ids.split(",") services = service_repo.get_services_by_service_ids( service_id_list) msg_list = [] for service in services: code, msg = app_manage_service.batch_delete(self.user, self.tenant, service, is_force=True) msg_dict = dict() msg_dict['status'] = code msg_dict['msg'] = msg msg_dict['service_id'] = service.service_id msg_dict['service_cname'] = service.service_cname msg_list.append(msg_dict) code = 200 result = general_message(code, "success", "操作成功", list=msg_list) return Response(result, status=result['code']) except Exception as e: logger.exception(e)
def get(self, request, team_name, *args, **kwargs): """ 团队管理员可以获取公有云的数据中心列表 --- parameters: - name: team_name description: 当前团队名字 required: true type: string paramType: path """ try: perm_list = team_services.get_user_perm_identitys_in_permtenant( user_id=request.user.user_id, tenant_name=team_name) no_auth = ("owner" not in perm_list) and ("admin" not in perm_list) if no_auth: code = 400 result = general_message(code, "no identity", "您不是管理员或拥有者,没有权限做此操作") return Response(result, status=code) else: team = team_services.get_tenant_by_tenant_name( tenant_name=team_name, exception=True) res, data = open_api.get_public_regions_list( tenant_id=team.tenant_id, enterprise_id=team.enterprise_id) if res["status"] == 200: code = 200 result = generate_result( code, "query the data center is successful.", "公有云数据中心获取成功", list=data) else: code = 400 result = general_message( code, msg="query the data center failed", msg_show="公有云数据中心获取失败") except Exception as e: code = 500 logger.exception(e) result = error_message(e.message) return Response(result, status=code)
def delete(self, request, team_name, *args, **kwargs): """ 删除租户内的用户 (可批量可单个) --- parameters: - name: team_name description: 团队名称 required: true type: string paramType: path - name: user_ids description: 用户名 user_id1,user_id2 ... required: true type: string paramType: body """ try: identitys = team_services.get_user_perm_identitys_in_permtenant( user_id=request.user.user_id, tenant_name=team_name ) perm_tuple = team_services.get_user_perm_in_tenant(user_id=request.user.user_id, tenant_name=team_name) if "owner" not in identitys and "admin" not in identitys and "manage_team_member_permissions" not in perm_tuple: code = 400 result = general_message(code, "no identity", "没有权限") return Response(result, status=code) user_ids = str(request.data.get("user_ids", None)) if not user_ids: result = general_message(400, "failed", "删除成员不能为空") return Response(result, status=400) try: user_id_list = [int(user_id) for user_id in user_ids.split(",")] except Exception as e: logger.exception(e) result = general_message(200, "Incorrect parameter format", "参数格式不正确") return Response(result, status=400) if request.user.user_id in user_id_list: result = general_message(400, "failed", "不能删除自己") return Response(result, status=400) for user_id in user_id_list: print user_id role_name_list = team_services.get_user_perm_role_in_permtenant(user_id=user_id, tenant_name=team_name) identity_list = team_services.get_user_perm_identitys_in_permtenant(user_id=user_id, tenant_name=team_name) print role_name_list if "owner" in role_name_list or "owner" in identity_list: result = general_message(400, "failed", "不能删除团队创建者!") return Response(result, status=400) try: user_services.batch_delete_users(team_name, user_id_list) result = general_message(200, "delete the success", "删除成功") except Tenants.DoesNotExist as e: logger.exception(e) result = generate_result(400, "tenant not exist", "{}团队不存在".format(team_name)) except Exception as e: logger.exception(e) result = error_message(e.message) return Response(result) except Exception as e: code = 500 logger.exception(e) result = error_message(e.message) return Response(result, status=code)
def post(self, request, team_name, *args, **kwargs): """ 团队中添加新用户 --- parameters: - name: team_name description: 团队名称 required: true type: string paramType: path - name: user_ids description: 添加成员id 格式 {'user_ids':'1,2'} required: true type: string paramType: body - name: identitys description: 选择权限(当前用户是管理员'admin'或者创建者'owner'就展示权限选择列表,不是管理员就没有这个选项, 默认被邀请用户权限是'access') 格式{"identitys": "viewer,access"} required: true type: string paramType: body """ perm_list = team_services.get_user_perm_identitys_in_permtenant( user_id=request.user.user_id, tenant_name=team_name ) # 根据用户在一个团队的角色来获取这个角色对应的所有权限操作 role_perm_tuple = team_services.get_user_perm_in_tenant(user_id=request.user.user_id, tenant_name=team_name) if perm_list: no_auth = ("owner" not in perm_list) and ("admin" not in perm_list) else: no_auth = "manage_team_member_permissions" not in role_perm_tuple if no_auth: code = 400 result = general_message(code, "no identity", "您不是管理员,没有权限做此操作") return Response(result, status=code) try: user_ids = request.data.get('user_ids', None) identitys = request.data.get('identitys', None) identitys = identitys.split(',') if identitys else [] if not user_ids: raise ParamsError("用户名为空") code = 200 team = team_services.get_tenant_by_tenant_name(tenant_name=team_name, exception=True) user_ids = user_ids.split(',') if identitys: team_services.add_user_to_team(request=request, tenant=team, user_ids=user_ids, identitys=identitys) result = general_message(code, "success", "用户添加到{}成功".format(team_name)) else: team_services.add_user_to_team(request=request, tenant=team, user_ids=user_ids, identitys='access') result = general_message(code, "success", "用户添加到{}成功".format(team_name)) except PermTenantsExistError as e: code = 400 result = general_message(code, "permtenant exist", e.message) except ParamsError as e: logging.exception(e) code = 400 result = general_message(code, "params user_id is empty", e.message) except UserNotExistError as e: code = 400 result = general_message(code, "user not exist", e.message) except Tenants.DoesNotExist as e: code = 400 logger.exception(e) result = general_message(code, "tenant not exist", "{}团队不存在".format(team_name)) except UserExistError as e: logger.exception(e) code = 400 result = general_message(code, "user already exist", e.message) except Exception as e: code = 500 logger.exception(e) print(str(e)) result = general_message(code, "system error", "系统异常") return Response(result, status=code)
def post(self, request, team_name, *args, **kwargs): """ 团队中添加新用户给用户分配一个角色 --- parameters: - name: team_name description: 团队名称 required: true type: string paramType: path - name: user_ids description: 添加成员id 格式 {'user_ids':'1,2'} required: true type: string paramType: body - name: role_ids description: 选择角色 格式{"role_ids": "1,2,3"} required: true type: string paramType: body """ perm_list = team_services.get_user_perm_identitys_in_permtenant( user_id=request.user.user_id, tenant_name=team_name) # 根据用户在一个团队的角色来获取这个角色对应的所有权限操作 role_perm_tuple = team_services.get_user_perm_in_tenant( user_id=request.user.user_id, tenant_name=team_name) no_auth = ("owner" not in perm_list) and ( "admin" not in perm_list ) and "manage_team_member_permissions" not in role_perm_tuple if no_auth: code = 400 result = general_message(code, "no identity", "您没有权限做此操作") return Response(result, status=code) try: user_ids = request.data.get('user_ids', None) role_ids = request.data.get('role_ids', None) if not user_ids: raise ParamsError("用户名为空") if not role_ids: raise ParamsError("角色ID为空") try: user_ids = [int(user_id) for user_id in user_ids.split(",")] role_ids = [int(user_id) for user_id in role_ids.split(",")] except Exception as e: code = 400 logger.exception(e) result = general_message(code, "Incorrect parameter format", "参数格式不正确") return Response(result, status=code) for role_id in role_ids: if role_id not in team_services.get_all_team_role_id( tenant_name=team_name): code = 400 result = general_message(code, "The role does not exist", "该角色在团队中不存在") return Response(result, status=code) user_id = team_services.user_is_exist_in_team( user_list=user_ids, tenant_name=team_name) if user_id: user_obj = user_services.get_user_by_user_id(user_id=user_id) code = 400 result = general_message(code, "user already exist", "用户{}已经存在".format(user_obj.nick_name)) return Response(result, status=code) code = 200 team = team_services.get_tenant(tenant_name=team_name) team_services.add_user_role_to_team(request=request, tenant=team, user_ids=user_ids, role_ids=role_ids) result = general_message(code, "success", "用户添加到{}成功".format(team_name)) except ParamsError as e: logging.exception(e) code = 400 result = general_message(code, "params is empty", e.message) except UserNotExistError as e: code = 400 result = general_message(code, "user not exist", e.message) except Tenants.DoesNotExist as e: code = 400 logger.exception(e) result = general_message(code, "tenant not exist", "{}团队不存在".format(team_name)) except Exception as e: code = 500 logger.exception(e) print(str(e)) result = general_message(code, "system error", "系统异常") return Response(result, status=code)
def post(self, request, team_name, user_id, *args, **kwargs): """ 修改团队成员角色 --- parameters: - name: team_name description: 团队名 required: true type: string paramType: path - name: user_id description: 被修改权限的团队成员id required: true type: string paramType: path - name: role_ids description: 角色 格式 {"role_ids": "1,2,3"} required: true type: string paramType: body """ try: perm_list = team_services.get_user_perm_identitys_in_permtenant( user_id=request.user.user_id, tenant_name=team_name) perm_tuple = team_services.get_user_perm_in_tenant( user_id=request.user.user_id, tenant_name=team_name) no_auth = ("owner" not in perm_list) and ( "admin" not in perm_list ) and "manage_team_member_permissions" not in perm_tuple if no_auth: code = 400 result = general_message(code, "no identity", "您没有权限做此操作") else: code = 200 role_ids = request.data.get("role_ids", None) if role_ids: try: role_id_list = [int(id) for id in role_ids.split(",")] except Exception as e: logger.exception(e) code = 400 result = general_message(code, "params is empty", "参数格式不正确") return Response(result, status=code) other_user = user_repo.get_user_by_user_id( user_id=int(user_id)) if other_user.user_id == request.user.user_id: result = general_message(400, "failed", "您不能修改自己的权限!") return Response(result, status=400) for id in role_id_list: if id not in team_services.get_all_team_role_id( tenant_name=team_name): code = 400 result = general_message( code, "The role does not exist", "该角色在团队中不存在") return Response(result, status=code) identity_list = team_services.get_user_perm_identitys_in_permtenant( user_id=other_user.user_id, tenant_name=team_name) role_name_list = team_services.get_user_perm_role_in_permtenant( user_id=other_user.user_id, tenant_name=team_name) if "owner" in identity_list or "owner" in role_name_list: result = general_message(400, "failed", "您不能修改创建者的权限!") return Response(result, status=400) team_services.change_tenant_role( user_id=other_user.user_id, tenant_name=team_name, role_id_list=role_id_list) result = general_message( code, "identity modify success", "{}角色修改成功".format(other_user.nick_name)) else: result = general_message(400, "identity failed", "修改角色时,角色不能为空") except UserNotExistError as e: logger.exception(e) code = 400 result = general_message(code, "users not exist", "该用户不存在") except Exception as e: logger.exception(e) code = 500 result = error_message(e.message) return Response(result, status=code)
def get(self, request, *args, **kwargs): """ 查询我的详情 --- """ try: p = PermActions() code = 200 user = self.user user.actions = UserActions() tenants = team_services.get_current_user_tenants( user_id=user.user_id) user_detail = dict() user_detail["user_id"] = user.user_id user_detail["user_name"] = user.nick_name user_detail["email"] = user.email user_detail["enterprise_id"] = user.enterprise_id user_detail["phone"] = user.phone user_detail["git_user_id"] = user.git_user_id user_detail["is_sys_admin"] = user.is_sys_admin enterprise = enterprise_services.get_enterprise_by_enterprise_id( user.enterprise_id) user_detail["is_enterprise_active"] = enterprise.is_active is_user_enter_amdin = user_services.is_user_admin_in_current_enterprise( self.user, user.enterprise_id) user_detail["is_user_enter_amdin"] = is_user_enter_amdin tenant_list = list() for tenant in tenants: tenant_info = dict() team_region_list = region_services.get_region_list_by_team_name( request=request, team_name=tenant.tenant_name) tenant_info["team_id"] = tenant.ID tenant_info["team_name"] = tenant.tenant_name tenant_info["team_alias"] = tenant.tenant_alias tenant_info["limit_memory"] = tenant.limit_memory tenant_info["pay_level"] = tenant.pay_level tenant_info["region"] = team_region_list tenant_info["creater"] = tenant.creater tenant_info["create_time"] = tenant.create_time perms_list = team_services.get_user_perm_identitys_in_permtenant( user_id=user.user_id, tenant_name=tenant.tenant_name) perms_role_id_list = team_services.get_user_perm_role_id_in_permtenant( user_id=user.user_id, tenant_name=tenant.tenant_name) perms_tuple = () if perms_list: final_identity = perms.get_highest_identity(perms_list) tenant_actions = p.keys( 'tenant_{0}_actions'.format(final_identity)) perms_tuple += tenant_actions else: final_identity = [] role_name_list = [ role_repo.get_role_name_by_role_id(role_id=role_id) for role_id in perms_role_id_list ] for role_id in perms_role_id_list: tenant_actions = role_perm_repo.get_perm_by_role_id( role_id=role_id) perms_tuple += tenant_actions if final_identity: tenant_info["role_name_list"] = [final_identity ] + role_name_list else: tenant_info["role_name_list"] = role_name_list user.actions.set_actions('tenant', tuple(set(perms_tuple))) tenant_info["tenant_actions"] = user.actions.tenant_actions tenant_list.append(tenant_info) user_detail["teams"] = tenant_list result = general_message(code, "Obtain my details to be successful.", "获取我的详情成功", bean=user_detail) except Exception as e: code = 500 logger.exception(e) result = error_message(e.message) return Response(result, status=code)
def post(self, request, team_name, user_name, *args, **kwargs): """ 修改成员权限 --- parameters: - name: team_name description: 团队名 required: true type: string paramType: path - name: user_name description: 被修改权限的团队成员 required: true type: string paramType: path - name: identitys description: 权限 格式 {"identitys": "viewer,access"} required: true type: string paramType: body """ try: perm_list = team_services.get_user_perm_identitys_in_permtenant( user_id=request.user.user_id, tenant_name=team_name) perm_tuple = team_services.get_user_perm_in_tenant( user_id=request.user.user_id, tenant_name=team_name) no_auth = ("owner" not in perm_list) and ("admin" not in perm_list) if no_auth: code = 400 result = general_message(code, "no identity", "您不是管理员,没有权限做此操作") else: code = 200 new_identitys = request.data.get("identitys", None) if new_identitys: new_identitys = new_identitys.split( ',') if new_identitys else [] other_user = user_services.get_user_by_username( user_name=user_name) if other_user.user_id == request.user.user_id: result = general_message(400, "failed", "您不能修改自己的权限!") return Response(result, status=400) team_services.change_tenant_identity( user_id=other_user.user_id, tenant_name=team_name, new_identitys=new_identitys) result = general_message(code, "identity modify success", "{}权限修改成功".format(user_name)) else: result = general_message(400, "identity failed", "修改权限时,权限不能为空") except SameIdentityError as e: logger.exception(e) code = 400 result = general_message(code, "identity exist", "该用户已拥有此权限") except UserNotExistError as e: logger.exception(e) code = 400 result = general_message(code, "users not exist", "该用户不存在") except Exception as e: logger.exception(e) code = 500 result = error_message(e.message) return Response(result, status=code)
def post(self, request, *args, **kwargs): """ --- parameters: - name: tenantName description: 租户名 required: true type: string paramType: path - name: action description: 操作名称 stop| start|upgrade|deploy required: true type: string paramType: form - name: group_id description: 组id required: true type: string paramType: path """ try: action = request.data.get("action", None) group_id = int(kwargs.get("group_id", None)) services = group_service_relation_repo.get_services_obj_by_group( group_id) if not services: result = general_message(400, "not service", "当前组内无应用,无法操作") return Response(result) service_ids = [service.service_id for service in services] if action not in ("stop", "start", "upgrade", "deploy"): return Response(general_message(400, "param error", "操作类型错误"), status=400) # 去除掉三方服务 for service_id in service_ids: service_obj = service_repo.get_service_by_service_id( service_id) if service_obj: if service_obj.service_source == "third_party": service_ids.remove(service_id) # 校验权限 identitys = team_services.get_user_perm_identitys_in_permtenant( user_id=self.user.user_id, tenant_name=self.tenant_name) perm_tuple = team_services.get_user_perm_in_tenant( user_id=self.user.user_id, tenant_name=self.tenant_name) if action == "stop": if "stop_service" not in perm_tuple and "owner" not in identitys and "admin" not in identitys and "developer" not in identitys: return Response(general_message(400, "Permission denied", "没有关闭应用权限"), status=400) if action == "start": if "start_service" not in perm_tuple and "owner" not in identitys and "admin" not in identitys and "developer" not in identitys: return Response(general_message(400, "Permission denied", "没有启动应用权限"), status=400) if action == "upgrade": if "restart_service" not in perm_tuple and "owner" not in identitys and "admin" not in identitys and "developer" not in identitys: return Response(general_message(400, "Permission denied", "没有更新应用权限"), status=400) if action == "deploy": if "deploy_service" not in perm_tuple and "owner" not in identitys and "admin" not in identitys and "developer" not in identitys: return Response(general_message(400, "Permission denied", "没有重新构建权限"), status=400) # 批量操作 code, msg = app_manage_service.batch_operations( self.tenant, self.user, action, service_ids) if code != 200: result = general_message(code, "batch manage error", msg) else: result = general_message(200, "success", "操作成功") except Exception as e: logger.exception(e) result = error_message(e.message) return Response(result, status=result["code"])