def init_acl(): _app = AppCache.get('cmdb') or App.create(name='cmdb') app_id = _app.id # 1. add resource type for resource_type in ResourceTypeEnum.all(): try: ResourceTypeCRUD.add(app_id, resource_type, '', PermEnum.all()) except AbortException: pass # 2. add role try: RoleCRUD.add_role(RoleEnum.CONFIG, app_id, True) except AbortException: pass try: RoleCRUD.add_role(RoleEnum.CMDB_READ_ALL, app_id, False) except AbortException: pass # 3. add resource and grant ci_types = CIType.get_by(to_dict=False) type_id = ResourceType.get_by(name=ResourceTypeEnum.CI, first=True, to_dict=False).id for ci_type in ci_types: try: ResourceCRUD.add(ci_type.name, type_id, app_id) except AbortException: pass ACLManager().grant_resource_to_role(ci_type.name, RoleEnum.CMDB_READ_ALL, ResourceTypeEnum.CI, [PermEnum.READ]) relation_views = PreferenceRelationView.get_by(to_dict=False) type_id = ResourceType.get_by(name=ResourceTypeEnum.RELATION_VIEW, first=True, to_dict=False).id for view in relation_views: try: ResourceCRUD.add(view.name, type_id, app_id) except AbortException: pass ACLManager().grant_resource_to_role(view.name, RoleEnum.CMDB_READ_ALL, ResourceTypeEnum.RELATION_VIEW, [PermEnum.READ])
def add(cls, **kwargs): existed = User.get_by(username=kwargs['username'], email=kwargs['email']) existed and abort( 400, "User <{0}> is already existed".format(kwargs['username'])) kwargs['nickname'] = kwargs.get('nickname') or kwargs['username'] kwargs['block'] = 0 kwargs['key'], kwargs['secret'] = cls._gen_key_secret() user = User.create(**kwargs) RoleCRUD.add_role(user.username, uid=user.uid) return user
def post(self): name = request.values.get('name') app_id = request.values.get('app_id') is_app_admin = request.values.get('is_app_admin', False) role = RoleCRUD.add_role(name, app_id, is_app_admin=is_app_admin) return self.jsonify(role.to_dict())
def add(cls, **kwargs): existed = User.get_by(username=kwargs['username'], email=kwargs['email']) existed and abort( 400, "User <{0}> is already existed".format(kwargs['username'])) is_admin = kwargs.pop('is_admin', False) kwargs['nickname'] = kwargs.get('nickname') or kwargs['username'] kwargs['block'] = 0 kwargs['key'], kwargs['secret'] = cls._gen_key_secret() user = User.create(**kwargs) role = RoleCRUD.add_role(user.username, uid=user.uid) if is_admin: from api.lib.perm.acl.cache import AppCache from api.lib.perm.acl.role import RoleRelationCRUD admin_r = Role.get_by(name='admin', first=True, to_dict=False) or \ RoleCRUD.add_role('admin', AppCache.get('cmdb').id, True) RoleRelationCRUD.add(admin_r.id, role.id) return user