def _get_user_info(request, use_cache=True): """ 获取用户基本信息 @param request: @param use_cache: @return: """ user = request.user cache_key = "%s_get_user_info_%s" % (CACHE_PREFIX, user.username) data = cache.get(cache_key) if not (use_cache and data): client = settings.ESB_GET_CLIENT_BY_REQUEST(request) auth = getattr(client, settings.ESB_AUTH_COMPONENT_SYSTEM) get_user_info = getattr(auth, settings.ESB_AUTH_GET_USER_INFO) userinfo = get_user_info({}) userinfo.setdefault('code', -1) if userinfo['result']: data = userinfo['data'] if data: cache.set(cache_key, data, DEFAULT_CACHE_TIME_FOR_CC) elif userinfo['code'] in ('20101', 20101): raise exceptions.Unauthorized(userinfo['message']) elif userinfo['code'] in ('20103', 20103, '20201', 20201, '20202', 20202): raise exceptions.Forbidden(userinfo['message']) else: raise exceptions.APIError( settings.ESB_AUTH_COMPONENT_SYSTEM, 'get_user', userinfo.get('detail_message', userinfo['message'])) return data
def _get_user_info(request, use_cache=True): """ 获取用户基本信息 @param request: @param use_cache: @return: """ user = request.user cache_key = "%s_get_user_info_%s" % (CACHE_PREFIX, user.username) data = cache.get(cache_key) if not (use_cache and data): userinfo = get_user_info(request) userinfo.setdefault('code', -1) if userinfo['result']: data = userinfo['data'] if data: cache.set(cache_key, data, DEFAULT_CACHE_TIME_FOR_CC) elif userinfo.get('code') in ('20101', 20101): raise exceptions.Unauthorized(userinfo['message']) elif userinfo.get('code') in ('20103', 20103, '20201', 20201, '20202', 20202): raise exceptions.Forbidden(userinfo['message']) else: raise exceptions.APIError( 'bk_api', 'get_user_info', userinfo.get('detail_message', userinfo['message'])) return data
def _get_user_business_list(request, use_cache=True): """Get authorized business list for a exact username. :param object request: django request object. :param bool use_cache: (Optional) """ user = request.user cache_key = "%s_get_user_business_list_%s" % (CACHE_PREFIX, user.username) data = cache.get(cache_key) if not (use_cache and data): client = settings.ESB_GET_CLIENT_BY_REQUEST(request) result = client.cc.get_app_by_user_role({ 'user_role': ','.join(roles.CC_ROLES), # 'user_role': roles.MAINTAINERS, }) if result['result']: data = result['data'] # 获取用户所属开发商信息 user_info = _get_user_info(request) # 兼容多开发商和单开发商模式 if user_info.get('company_list', []): owner_list = [ owner['company_code'] for owner in user_info['company_list'] ] elif user_info.get('company_code'): owner_list = [user_info.get('company_code')] else: owner_list = [] # 按照开发商过滤 for role, biz_list in data.iteritems(): temp_list = [] for item in biz_list: if item.get('LifeCycle') not in ['3', _(u"停运")]: if owner_list: if item['Owner'] in owner_list: temp_list.append(item) else: temp_list.append(item) data.update({role: temp_list}) cache.set(cache_key, data, DEFAULT_CACHE_TIME_FOR_CC) elif result['code'] in ('20101', 20101): raise exceptions.Unauthorized(result['message']) elif result['code'] in ('20103', 20103, '20201', 20201, '20202', 20202): raise exceptions.Forbidden(result['message']) else: raise exceptions.APIError( 'cc', 'get_app_by_user_role', result.get('detail_message', result['message'])) return data
def _get_user_business_list(request, use_cache=True): """Get authorized business list for a exact username. :param object request: django request object. :param bool use_cache: (Optional) """ user = request.user cache_key = "%s_get_user_business_list_%s" % (CACHE_PREFIX, user.username) data = cache.get(cache_key) if not (use_cache and data): user_info = _get_user_info(request) client = settings.ESB_GET_CLIENT_BY_USER(request.user.username) result = client.cc.search_business({ 'bk_supplier_account': user_info['bk_supplier_account'], 'condition': { 'bk_data_status': { '$in': ['enable', 'disabled', None] }, '$or': [{ 'bk_biz_developer': { "$regex": user.username } }, { 'bk_biz_productor': { "$regex": user.username } }, { 'bk_biz_maintainer': { "$regex": user.username } }, { 'bk_biz_tester': { "$regex": user.username } }] } }) if result['result']: data = result['data']['info'] cache.set(cache_key, data, DEFAULT_CACHE_TIME_FOR_CC) elif result.get('code') in ('20101', 20101): raise exceptions.Unauthorized(result['message']) elif result.get('code') in ('20103', 20103, '20201', 20201, '20202', 20202): raise exceptions.Forbidden(result['message']) else: raise exceptions.APIError( 'cc', 'search_business', result.get('detail_message', result['message'])) return data
def update_user_info(request, cc_id, use_cache=True): cache_key = "%s_update_user_info_%s" % (CACHE_PREFIX, cc_id) data = cache.get(cache_key) if not (use_cache and data): result = get_user_info(request) if result['result']: _update_user_info(result['data']) elif result['code'] in ('20101', 20101): raise exceptions.Unauthorized(result['message']) elif result['code'] in ('20103', 20103): raise exceptions.Forbidden(result['message']) else: raise exceptions.APIError( settings.ESB_AUTH_COMPONENT_SYSTEM, 'get_user', result.get('detail_message', result['message'])) cache.set(cache_key, True, DEFAULT_CACHE_TIME_FOR_CC)
def process_view(self, request, view_func, view_args, view_kwargs): """ If a request path contains biz_cc_id parameter, check if current user has perm view_business or return http 403. """ if getattr(view_func, 'login_exempt', False): return None biz_cc_id = view_kwargs.get( 'biz_cc_id') or self._get_biz_cc_id_in_rest_request(request) if biz_cc_id and str(biz_cc_id) != '0': try: business = prepare_business(request, cc_id=biz_cc_id) except exceptions.Unauthorized: # permission denied for target business (irregular request) return HttpResponse(status=401) except exceptions.Forbidden: # target business does not exist (irregular request) return HttpResponseForbidden() except exceptions.APIError as e: ctx = { 'system': e.system, 'api': e.api, 'message': e.message, } logger.error(json.dumps(ctx)) return HttpResponse(status=503, content=json.dumps(ctx)) # set time_zone of business if business.time_zone: request.session['blueking_timezone'] = business.time_zone try: if not request.user.has_perm('view_business', business): raise exceptions.Unauthorized( 'user[{username}] has no perm view_business of business[{biz}]' .format(username=request.user.username, biz=business.cc_id)) except Exception as e: logger.exception( 'user[username={username},type={user_type}] has_perm raise error[{error}]' .format(username=request.user.username, user_type=type(request.user), error=e)) return HttpResponseForbidden(e.message)
def _get_business_info(request, app_id, use_cache=True, use_maintainer=False): """Get detail infomations for a exact app_id. @param object request: django request object. @param int app_id: cc_id of core.business model. @param use_maintainer: 使用运维身份请求 """ username = request.user.username business = Business.objects.get(cc_id=app_id) cache_key = "%s_get_business_info_%s_%s" % (CACHE_PREFIX, app_id, username) data = cache.get(cache_key) if not (use_cache and data): if use_maintainer: client = get_client_by_user_and_biz_id(username, app_id) else: client = settings.ESB_GET_CLIENT_BY_REQUEST(request) result = client.cc.search_business({ 'bk_supplier_account': business.cc_owner, 'condition': { 'bk_biz_id': int(app_id) } }) if result['result']: if not result['data']['info']: raise exceptions.Forbidden() data = result['data']['info'][0] elif result.get('code') in ('20101', 20101): raise exceptions.Unauthorized(result['message']) elif result.get('code') in ('20103', 20103, '20201', 20201, '20202', 20202): raise exceptions.Forbidden(result['message']) else: raise exceptions.APIError( 'cc', 'get_app_by_id', result.get('detail_message', result['message']) ) cache.set(cache_key, data, DEFAULT_CACHE_TIME_FOR_CC) return data
def _get_business_info(request, app_id, use_cache=True, use_maintainer=False): """Get detail infomations for a exact app_id. @param object request: django request object. @param int app_id: cc_id of core.business model. @param use_maintainer: 使用运维身份请求 """ username = request.user.username cache_key = "%s_get_business_info_%s_%s" % (CACHE_PREFIX, app_id, username) data = cache.get(cache_key) if not (use_cache and data): if use_maintainer: client = get_client_by_user_and_biz_id(username, app_id) else: client = settings.ESB_GET_CLIENT_BY_REQUEST(request) result = client.cc.get_app_by_id({ 'app_id': app_id, 'uin_to_openid_column': ','.join(roles.CC_ROLES), }) if result['result']: data = result['data'][0] elif result['code'] in ('20101', 20101): raise exceptions.Unauthorized(result['message']) elif result['code'] in ('20103', 20103, '20201', 20201, '20202', 20202): raise exceptions.Forbidden(result['message']) else: raise exceptions.APIError( 'cc', 'get_app_by_id', result.get('detail_message', result['message'])) cache.set(cache_key, data, DEFAULT_CACHE_TIME_FOR_CC) return data