Example #1
0
    def list_users_by_tenant_id(self, tenant_id, page=None, size=None, query=""):
        result = user_repo.list_users_by_tenant_id(tenant_id, query=query, page=page, size=size)
        users = []
        for item in result:
            # 获取一个用户在一个团队中的身份列表
            perms_identitys = team_services.get_user_perm_identitys_in_permtenant(
                user_id=item.get("user_id"), tenant_name=tenant_id)
            # 获取一个用户在一个团队中的角色ID列表
            perms_role_list = team_services.get_user_perm_role_id_in_permtenant(
                user_id=item.get("user_id"), tenant_name=tenant_id)

            role_infos = []

            for identity in perms_identitys:
                if identity == "access":
                    role_infos.append({"role_name": identity, "role_id": None})
                else:
                    role_id = role_repo.get_role_id_by_role_name(identity)
                    role_infos.append({"role_name": identity, "role_id": role_id})
            for role in perms_role_list:
                role_name = role_repo.get_role_name_by_role_id(role)
                role_infos.append({"role_name": role_name, "role_id": role})

            users.append({
                "user_id": item.get("user_id"),
                "nick_name": item.get("nick_name"),
                "email": item.get("email"),
                "phone": item.get("phone"),
                "is_active": item.get("is_active"),
                "enterprise_id": item.get("enterprise_id"),
                "role_infos": role_infos,
            })

        total = user_repo.count_users_by_tenant_id(tenant_id, query=query)
        return users, total
Example #2
0
def check_perm(perm, user, tenantName=None, serviceAlias=None):
    if isinstance(user, AnonymousUser):
        raise PermissionDenied('this resource need login status', redirect_url='/login')

    if tenantName is None:
        raise UrlParseError(500, 'tenantName is None')

    if not hasattr(user, 'actions'):
        user.actions = UserActions()

        p = PermActions()

        try:
            tenant = Tenants.objects.get(tenant_name=tenantName)
            identitys = team_services.get_user_perm_identitys_in_permtenant(user_id=user.pk, tenant_name=tenant.tenant_name)
            role_id_list = team_services.get_user_perm_role_id_in_permtenant(user_id=user.pk, tenant_name=tenant.tenant_name)
            if not identitys and not role_id_list:
                raise PermRelTenant.DoesNotExist

            tenant_actions_tuple = ()
            if identitys:
                tenant_identity = get_highest_identity(identitys)
                tenant_actions = p.keys('tenant_{0}_actions'.format(tenant_identity))
                tenant_actions_tuple += tenant_actions
            if role_id_list:
                for role_id in role_id_list:
                    perm_tuple = role_perm_repo.get_perm_by_role_id(role_id=role_id)
                    tenant_actions_tuple += perm_tuple
            user.actions.set_actions('tenant', tuple(set(tenant_actions_tuple)))

            if serviceAlias is not None:
                service = TenantServiceInfo.objects.get(tenant_id=tenant.tenant_id, service_alias=serviceAlias)
                user_service_perms_id_list = ServiceRelPerms.objects.filter(
                    user_id=user.pk, service_id=service.pk).values_list(
                        "perm_id", flat=True)
                perm_codename_list = role_perm_repo.get_perm_list_by_perm_id_list(perm_id_list=user_service_perms_id_list)
                user.actions.set_actions('service', perm_codename_list)
        except Tenants.DoesNotExist:
            raise UrlParseError(404, 'no matching tenantName for {0}'.format(tenantName))
        except TenantServiceInfo.DoesNotExist:
            raise UrlParseError(404, 'no matching serviceAlias for {0}'.format(serviceAlias))
        except PermRelTenant.DoesNotExist:
            tenant = Tenants.objects.filter(tenant_name=tenantName)[0]
            if not user.is_sys_admin and tenantName != "grdemo":
                raise UrlParseError(403, 'no permissions for user {0} on tenant {1}'.format(user.nick_name, tenant.tenant_name))
            user.actions.set_actions('tenant', p.keys('tenant_viewer_actions'))
        except PermRelService.DoesNotExist:
            pass

    # if user.is_sys_admin:
    #     return True

    if perm in user.actions:
        return True
    raise BusinessException(Response(general_message(403, "you don't have enough permissions", "您无权限执行此操作"), status=403))
Example #3
0
    def get(self, request, team_name, *args, **kwargs):
        """
        获取某团队下的所有用户(每页展示八个用户)
        ---
        parameters:
            - name: team_name
              description: 团队名称
              required: true
              type: string
              paramType: path
            - name: page
              description: 页数
              required: true
              type: string
              paramType: query
        """
        try:
            code = 200
            page = request.GET.get("page", 1)
            # 获得租户/团队 对象
            user_list = team_services.get_tenant_users_by_tenant_name(tenant_name=team_name)
            users_list = list()
            for user in user_list:
                # 获取一个用户在一个团队中的身份列表
                perms_identitys_list = team_services.get_user_perm_identitys_in_permtenant(user_id=user.user_id,
                                                                                           tenant_name=team_name)
                # 获取一个用户在一个团队中的角色ID列表
                perms_role_list = team_services.get_user_perm_role_id_in_permtenant(user_id=user.user_id,
                                                                                    tenant_name=team_name)

                role_info_list = []

                for identity in perms_identitys_list:
                    if identity == "access":
                        role_info_list.append({"role_name": identity, "role_id": None})
                    else:
                        role_id = role_repo.get_role_id_by_role_name(identity)
                        role_info_list.append({"role_name": identity, "role_id": role_id})
                for role in perms_role_list:
                    role_name = role_repo.get_role_name_by_role_id(role)
                    role_info_list.append({"role_name": role_name, "role_id": role})

                users_list.append(
                    {
                        "user_id": user.user_id,
                        "user_name": user.nick_name,
                        "email": user.email,
                        "role_info": role_info_list
                    }
                )
            paginator = Paginator(users_list, 8)
            try:
                users = paginator.page(page).object_list
            except PageNotAnInteger:
                users = paginator.page(1).object_list
            except EmptyPage:
                users = paginator.page(paginator.num_pages).object_list
            result = general_message(code, "team members query success", "查询成功", list=users, total=paginator.count)
        except UserNotExistError as e:
            code = 400
            logger.exception(e)
            result = general_message(code, "user not exist", e.message)
        except TenantNotExistError as e:
            code = 400
            logger.exception(e)
            result = general_message(code, "tenant not exist", "{}团队不存在".format(team_name))
        except Exception as e:
            code = 500
            logger.exception(e)
            result = general_message(code, "system error", "系统异常")
        return Response(data=result, status=code)
    def get(self, request, *args, **kwargs):
        """
        查询我的详情
        ---
        """
        try:
            p = PermActions()
            code = 200
            user = self.user
            user.actions = UserActions()
            tenants = team_services.get_current_user_tenants(
                user_id=user.user_id)
            user_detail = dict()
            user_detail["user_id"] = user.user_id
            user_detail["user_name"] = user.nick_name
            user_detail["email"] = user.email
            user_detail["enterprise_id"] = user.enterprise_id
            user_detail["phone"] = user.phone
            user_detail["git_user_id"] = user.git_user_id
            user_detail["is_sys_admin"] = user.is_sys_admin
            enterprise = enterprise_services.get_enterprise_by_enterprise_id(
                user.enterprise_id)
            user_detail["is_enterprise_active"] = enterprise.is_active
            is_user_enter_amdin = user_services.is_user_admin_in_current_enterprise(
                self.user, user.enterprise_id)
            user_detail["is_user_enter_amdin"] = is_user_enter_amdin
            tenant_list = list()
            for tenant in tenants:
                tenant_info = dict()
                team_region_list = region_services.get_region_list_by_team_name(
                    request=request, team_name=tenant.tenant_name)
                tenant_info["team_id"] = tenant.ID
                tenant_info["team_name"] = tenant.tenant_name
                tenant_info["team_alias"] = tenant.tenant_alias
                tenant_info["limit_memory"] = tenant.limit_memory
                tenant_info["pay_level"] = tenant.pay_level
                tenant_info["region"] = team_region_list
                tenant_info["creater"] = tenant.creater
                tenant_info["create_time"] = tenant.create_time
                perms_list = team_services.get_user_perm_identitys_in_permtenant(
                    user_id=user.user_id, tenant_name=tenant.tenant_name)
                perms_role_id_list = team_services.get_user_perm_role_id_in_permtenant(
                    user_id=user.user_id, tenant_name=tenant.tenant_name)

                perms_tuple = ()

                if perms_list:
                    final_identity = perms.get_highest_identity(perms_list)
                    tenant_actions = p.keys(
                        'tenant_{0}_actions'.format(final_identity))
                    perms_tuple += tenant_actions
                else:
                    final_identity = []

                role_name_list = [
                    role_repo.get_role_name_by_role_id(role_id=role_id)
                    for role_id in perms_role_id_list
                ]

                for role_id in perms_role_id_list:
                    tenant_actions = role_perm_repo.get_perm_by_role_id(
                        role_id=role_id)
                    perms_tuple += tenant_actions
                if final_identity:
                    tenant_info["role_name_list"] = [final_identity
                                                     ] + role_name_list
                else:
                    tenant_info["role_name_list"] = role_name_list
                user.actions.set_actions('tenant', tuple(set(perms_tuple)))
                tenant_info["tenant_actions"] = user.actions.tenant_actions
                tenant_list.append(tenant_info)
            user_detail["teams"] = tenant_list
            result = general_message(code,
                                     "Obtain my details to be successful.",
                                     "获取我的详情成功",
                                     bean=user_detail)
        except Exception as e:
            code = 500
            logger.exception(e)
            result = error_message(e.message)
        return Response(result, status=code)