def add_role(name, app_id=None, is_app_admin=False, uid=None):
Role.get_by(name=name, app_id=app_id) and abort(
400, "Role <{0}> is already existed".format(name))
return Role.create(name=name,
app_id=app_id,
is_app_admin=is_app_admin,
uid=uid)
def _get_role(self, name):
user = UserCache.get(name)
if user:
return Role.get_by(name=name,
uid=user.uid,
first=True,
to_dict=False)
return Role.get_by(name=name,
app_id=self.app_id,
first=True,
to_dict=False)
def get(cls, rid):
role = cache.get(cls.PREFIX_ID.format(rid))
if role is None:
role = Role.get_by_id(rid)
if role is not None:
cache.set(cls.PREFIX_ID.format(rid), role)
return role
def get_by_name(cls, app_id, name):
role = cache.get(cls.PREFIX_NAME.format(app_id, name))
if role is None:
role = Role.get_by(app_id=app_id, name=name, first=True, to_dict=False)
if role is not None:
cache.set(cls.PREFIX_NAME.format(app_id, name), role)
return role
def update_role(rid, **kwargs):
kwargs.pop('app_id', None)
role = Role.get_by_id(rid) or abort(
404, "Role <{0}> does not exist".format(rid))
RoleCache.clean(rid)
return role.update(**kwargs)
def delete(cls, uid):
if hasattr(g, 'user') and uid == g.user.uid:
return abort(400, "You cannot delete yourself")
user = User.get_by(uid=uid, to_dict=False, first=True) or abort(
404, "User <{0}> does not exist".format(uid))
UserCache.clean(user)
for i in Role.get_by(uid=uid, to_dict=False):
i.delete()
user.delete()
def delete_role(cls, rid):
role = Role.get_by_id(rid) or abort(
404, "Role <{0}> does not exist".format(rid))
for i in RoleRelation.get_by(parent_id=rid, to_dict=False):
i.soft_delete()
for i in RoleRelation.get_by(child_id=rid, to_dict=False):
i.soft_delete()
for i in RolePermission.get_by(rid=rid, to_dict=False):
i.soft_delete()
role_rebuild.apply_async(args=(list(
RoleRelationCRUD.recursive_child_ids(rid)), ),
queue=ACL_QUEUE)
RoleCache.clean(rid)
RoleRelationCache.clean(rid)
role.soft_delete()
def update(uid, **kwargs):
user = User.get_by(uid=uid, to_dict=False, first=True) or abort(
404, "User <{0}> does not exist".format(uid))
if kwargs.get("username"):
other = User.get_by(username=kwargs['username'],
first=True,
to_dict=False)
if other is not None and other.uid != user.uid:
return abort(
400, "User <{0}> cannot be duplicated".format(
kwargs['username']))
UserCache.clean(user)
if kwargs.get("username") and kwargs['username'] != user.username:
role = Role.get_by(name=user.username, first=True, to_dict=False)
if role is not None:
RoleCRUD.update_role(role.id, **dict(name=kwargs['name']))
return user.update(**kwargs)
def post(self):
username = request.values.get("username") or request.values.get(
"email")
password = request.values.get("password")
if current_app.config.get('AUTH_WITH_LDAP'):
user, authenticated = User.query.authenticate_with_ldap(
username, password)
else:
user, authenticated = User.query.authenticate(username, password)
if not user:
return abort(403, "User <{0}> does not exist".format(username))
if not authenticated:
return abort(403, "invalid username or password")
login_user(user)
token = jwt.encode(
{
'sub':
user.email,
'iat':
datetime.datetime.now(),
'exp':
datetime.datetime.now() +
datetime.timedelta(minutes=24 * 60 * 7)
}, current_app.config['SECRET_KEY'])
role = Role.get_by(uid=user.uid, first=True, to_dict=False)
if role:
parent_ids = RoleRelationCRUD.recursive_parent_ids(role.id)
parent_roles = [RoleCache.get(i).name for i in parent_ids]
else:
parent_roles = []
session["acl"] = dict(uid=user.uid,
avatar=user.avatar,
userName=user.username,
nickName=user.nickname,
parentRoles=parent_roles)
return self.jsonify(token=token.decode())
def add(cls, **kwargs):
existed = User.get_by(username=kwargs['username'],
email=kwargs['email'])
existed and abort(
400, "User <{0}> is already existed".format(kwargs['username']))
is_admin = kwargs.pop('is_admin', False)
kwargs['nickname'] = kwargs.get('nickname') or kwargs['username']
kwargs['block'] = 0
kwargs['key'], kwargs['secret'] = cls._gen_key_secret()
user = User.create(**kwargs)
role = RoleCRUD.add_role(user.username, uid=user.uid)
if is_admin:
from api.lib.perm.acl.cache import AppCache
from api.lib.perm.acl.role import RoleRelationCRUD
admin_r = Role.get_by(name='admin', first=True, to_dict=False) or \
RoleCRUD.add_role('admin', AppCache.get('cmdb').id, True)
RoleRelationCRUD.add(admin_r.id, role.id)
return user
