def wrapper(request, *args, **kwargs):
if not getattr(request, 'is_trust', False):
get_filters = {}
for kwarg, filter_arg in get_kwargs.items():
get_filters[filter_arg] = kwargs.get(kwarg)
# project_id value replace
if 'project_id' in get_filters:
obj_id = get_filters['project_id']
scope = _get_project_scope_from_request(request)
try:
project = get_project_with(obj_id=obj_id, scope=scope)
except Project.DoesNotExist:
return JsonResponse({
'result':
False,
'message':
'project{id} with scope{scope} does not exist.'.
format(id=obj_id, scope=scope)
})
get_filters['project_id'] = project.id
instance = auth_resource.resource_cls.objects.get(
**get_filters)
verify_or_raise_auth_failed(
principal_type='user',
principal_id=request.user.username,
resource=auth_resource,
action_ids=[act.id for act in actions],
instance=instance,
status=200)
return view_func(request, *args, **kwargs)
def test_verify_or_raise_auth_failed__pass(self):
shortcuts.verify_or_raise_auth_failed(
principal_type=self.principal_type,
principal_id=self.principal_id,
resource=self.resource,
action_ids=self.action_ids,
instance=self.instance,
scope_id=self.scope_id,
status=self.status)
shortcuts.verify_or_return_insufficient_perms \
.assert_called_once_with(self.principal_type,
self.principal_id,
[(self.resource, self.action_ids, self.instance)],
self.scope_id)
def test_verify_or_raise_auth_failed__failed(self):
try:
shortcuts.verify_or_raise_auth_failed(
principal_type=self.principal_type,
principal_id=self.principal_id,
resource=self.resource,
action_ids=self.action_ids,
instance=self.instance,
scope_id=self.scope_id,
status=self.status)
except AuthFailedException as e:
self.assertEqual(e.permissions, self.permissions)
self.assertEqual(e.status, self.status)
shortcuts.verify_or_return_insufficient_perms \
.assert_called_once_with(self.principal_type,
self.principal_id,
[(self.resource, self.action_ids, self.instance)],
self.scope_id)
def get_common_template_info(request, template_id):
try:
tmpl = CommonTemplate.objects.select_related('pipeline_template').get(id=template_id, is_deleted=False)
auth_resource = common_template_resource
except CommonTemplate.DoesNotExist:
result = {
'result': False,
'message': 'common template[id={template_id}] does not exist'.format(template_id=template_id)
}
return JsonResponse(result)
if not request.is_trust:
verify_or_raise_auth_failed(principal_type='user',
principal_id=request.user.username,
resource=auth_resource,
action_ids=[auth_resource.actions.view.id],
instance=tmpl,
status=200)
return JsonResponse({'result': True, 'data': format_template_data(template=tmpl)})
def get_template_info(request, template_id, project_id):
project = request.project
template_source = request.GET.get('template_source', PROJECT)
if template_source in {BUSINESS, PROJECT}:
try:
tmpl = TaskTemplate.objects.select_related('pipeline_template').get(id=template_id,
project_id=project.id,
is_deleted=False)
auth_resource = task_template_resource
except TaskTemplate.DoesNotExist:
result = {
'result': False,
'message': 'template[id={template_id}] of project[project_id={project_id}, biz_id={biz_id}] '
'does not exist'.format(template_id=template_id,
project_id=project.id,
biz_id=project.bk_biz_id)}
return JsonResponse(result)
else:
try:
tmpl = CommonTemplate.objects.select_related('pipeline_template').get(id=template_id, is_deleted=False)
auth_resource = common_template_resource
except CommonTemplate.DoesNotExist:
result = {
'result': False,
'message': 'common template[id={template_id}] does not exist'.format(template_id=template_id)
}
return JsonResponse(result)
if not request.is_trust:
verify_or_raise_auth_failed(principal_type='user',
principal_id=request.user.username,
resource=auth_resource,
action_ids=[auth_resource.actions.view.id],
instance=tmpl,
status=200)
return JsonResponse({'result': True, 'data': format_template_data(tmpl, project)})
def wrapper(request, *args, **kwargs):
if not getattr(request, 'is_trust', False):
project = getattr(request, 'project', None)
if not project:
obj_id = kwargs.get('project_id')
try:
obj_scope = _get_project_scope_from_request(request)
except Exception:
return JsonResponse({
'result': False,
'message': 'invalid param format'
})
try:
project = get_project_with(obj_id=obj_id,
scope=obj_scope)
except Project.DoesNotExist:
return JsonResponse({
'result':
False,
'message':
'project{id} with scope{scope} does not exist.'.
format(id=obj_id, scope=obj_scope)
})
verify_or_raise_auth_failed(
principal_type='user',
principal_id=request.user.username,
resource=project_resource,
action_ids=[act.id for act in actions],
instance=project,
status=200)
return view_func(request, *args, **kwargs)
def create_task(request, template_id, project_id):
try:
params = json.loads(request.body)
except Exception:
return JsonResponse({
'result': False,
'message': 'invalid json format'
})
project = request.project
template_source = params.get('template_source', PROJECT)
logger.info('apigw create_task info, template_id: {template_id}, project_id: {project_id}, params: {params}'.format(
template_id=template_id,
project_id=project.id,
params=params))
# 兼容老版本的接口调用
if template_source in {BUSINESS, PROJECT}:
try:
tmpl = TaskTemplate.objects.select_related('pipeline_template').get(id=template_id,
project_id=project.id,
is_deleted=False)
if not request.is_trust:
verify_or_raise_auth_failed(principal_type='user',
principal_id=request.user.username,
resource=task_template_resource,
action_ids=[task_template_resource.actions.create_task.id],
instance=tmpl,
status=200)
except TaskTemplate.DoesNotExist:
result = {
'result': False,
'message': 'template[id={template_id}] of project[project_id={project_id} , biz_id{biz_id}] '
'does not exist'.format(template_id=template_id,
project_id=project.id,
biz_id=project.bk_biz_id)}
return JsonResponse(result)
else:
try:
tmpl = CommonTemplate.objects.select_related('pipeline_template').get(id=template_id,
is_deleted=False)
if not request.is_trust:
perms_tuples = [(project_resource, [project_resource.actions.use_common_template.id], project),
(common_template_resource, [common_template_resource.actions.create_task.id], tmpl)]
batch_verify_or_raise_auth_failed(principal_type='user',
principal_id=request.user.username,
perms_tuples=perms_tuples,
status=200)
except CommonTemplate.DoesNotExist:
result = {
'result': False,
'message': 'common template[id={template_id}] does not exist'.format(template_id=template_id)
}
return JsonResponse(result)
try:
params.setdefault('flow_type', 'common')
params.setdefault('constants', {})
params.setdefault('exclude_task_nodes_id', [])
jsonschema.validate(params, APIGW_CREATE_TASK_PARAMS)
except jsonschema.ValidationError as e:
logger.warning(u"apigw create_task raise prams error: %s" % e)
message = 'task params is invalid: %s' % e
return JsonResponse({'result': False, 'message': message})
app_code = getattr(request.jwt.app, settings.APIGW_APP_CODE_KEY)
if not app_code:
message = 'app_code cannot be empty, make sure api gateway has sent correct params'
return JsonResponse({'result': False, 'message': message})
pipeline_instance_kwargs = {
'name': params['name'],
'creator': request.user.username,
}
if 'description' in params:
pipeline_instance_kwargs['description'] = params['description']
try:
result, data = TaskFlowInstance.objects.create_pipeline_instance_exclude_task_nodes(
tmpl, pipeline_instance_kwargs, params['constants'], params['exclude_task_nodes_id'])
except PipelineException as e:
return JsonResponse({'result': False, 'message': e.message})
if not result:
return JsonResponse({'result': False, 'message': data})
task = TaskFlowInstance.objects.create(
project=project,
pipeline_instance=data,
category=tmpl.category,
template_id=template_id,
create_method='api',
create_info=app_code,
flow_type=params.get('flow_type', 'common'),
current_flow='execute_task' if params.get('flow_type', 'common') == 'common' else 'func_claim',
)
return JsonResponse({
'result': True,
'data': {
'task_id': task.id,
'task_url': task.url,
'pipeline_tree': task.pipeline_tree
}})
def collect(request, project_id):
template_id = request.POST.get('template_id')
template_list = json.loads(request.POST.get('template_list', '[]'))
if template_id:
method = request.POST.get('method', 'add')
try:
template = TaskTemplate.objects.get(pk=template_id,
project_id=project_id,
is_deleted=False)
except TaskTemplate.DoesNotExist:
return JsonResponse({
'result':
False,
'message':
'flow[id=%s] does not exist' % template_id
})
verify_or_raise_auth_failed(
principal_type='user',
principal_id=request.user.username,
resource=task_template_resource,
action_ids=[task_template_resource.actions.view.id],
instance=template)
ctx = template.user_collect(request.user.username, method)
return JsonResponse(ctx)
if template_list:
if len(template_list) > 10:
return JsonResponse({
'result':
False,
'message':
u"template list must not larger than 10"
})
user_model = get_user_model()
user = user_model.objects.get(username=request.user.username)
try:
templates = TaskTemplate.objects.filter(pk__in=template_list,
project_id=project_id,
is_deleted=False)
perms_tuples = [(task_template_resource,
[task_template_resource.actions.view.id], t)
for t in templates]
batch_verify_or_raise_auth_failed(
principal_type='user',
principal_id=request.user.username,
perms_tuples=perms_tuples)
collected_template = user.tasktemplate_set.filter(
project_id=project_id)
user.tasktemplate_set.remove(*collected_template)
user.tasktemplate_set.add(*templates)
except Exception as e:
message = u"collect template error: %s" % e
ctx = {'result': False, 'message': message}
else:
ctx = {'result': True, 'data': ''}
return JsonResponse(ctx)
else:
try:
user_model = get_user_model()
user = user_model.objects.get(username=request.user.username)
collected_template = user.tasktemplate_set.filter(
project_id=project_id)
user.tasktemplate_set.remove(*collected_template)
except Exception as e:
message = u"collect template error: %s" % e
ctx = {'result': False, 'message': message}
else:
ctx = {'result': True, 'data': ''}
return JsonResponse(ctx)
def save_app_maker(self, project_id, app_params, fake=False):
"""
@summary:
@param project_id: 项目 ID
@param app_params: App maker参数
@param fake: 为True则不会真正调用API创建轻应用
@return:
"""
logger.info('save_app_maker params: %s' % app_params)
app_id = app_params['id']
if app_id == '0' or not app_id:
app_id = None
template_id = app_params['template_id']
app_params['name'] = name_handler(app_params['name'], 20)
app_params['desc'] = name_handler(app_params.get('desc', ''), 30)
proj = Project.objects.get(id=project_id)
try:
task_template = TaskTemplate.objects.get(pk=template_id,
project_id=project_id,
is_deleted=False)
except TaskTemplate.DoesNotExist:
return False, _(u"保存失败,引用的流程模板不存在!")
# create appmaker
from gcloud.contrib.appmaker.permissions import mini_app_resource
if not app_id:
verify_or_raise_auth_failed(
principal_type='user',
principal_id=app_params['username'],
resource=task_template_resource,
action_ids=[task_template_resource.actions.create_mini_app.id],
instance=task_template)
fields = {
'project': proj,
'name': app_params['name'],
'code': '',
'desc': app_params['desc'],
'logo_url': '',
'link': app_params['link_prefix'],
'creator': app_params['username'],
'editor': app_params['username'],
'task_template': task_template,
# 生成一个删除状态的对象,以便拼接轻应用访问链接
'is_deleted': True,
}
if app_params.get('template_scheme_id'):
fields['template_scheme_id'] = app_params['template_scheme_id']
app_maker_obj = AppMaker.objects.create(**fields)
# update app link
app_id = app_maker_obj.id
app_link = '{appmaker_prefix}{app_id}/newtask/{project_id}/selectnode/?template_id={template_id}'.format(
appmaker_prefix=app_params['link_prefix'],
app_id=app_id,
project_id=project_id,
template_id=template_id)
app_maker_obj.link = app_link
if fake:
app_maker_obj.code = '%s%s' % (settings.APP_CODE,
time_now_str())
app_maker_obj.is_deleted = False
app_maker_obj.save()
return True, app_maker_obj
# create app on blueking desk
app_create_result = create_maker_app(
app_params['username'],
app_params['name'],
app_link,
app_params['username'],
task_template.category,
app_params['desc'],
)
if not app_create_result['result']:
return False, _(u"创建轻应用失败:%s") % app_create_result['message']
app_code = app_create_result['data']['bk_light_app_code']
app_maker_obj.code = app_code
app_maker_obj.is_deleted = False
# edit appmaker
else:
try:
app_maker_obj = AppMaker.objects.get(
id=app_id,
project_id=project_id,
task_template__id=template_id,
is_deleted=False)
except AppMaker.DoesNotExist:
return False, _(u"保存失败,当前操作的轻应用不存在或已删除!")
verify_or_raise_auth_failed(
principal_type='user',
principal_id=app_params['username'],
resource=mini_app_resource,
action_ids=[mini_app_resource.actions.edit.id],
instance=app_maker_obj)
app_code = app_maker_obj.code
creator = app_maker_obj.creator
link = app_maker_obj.link
if not fake:
# edit app on blueking
app_edit_result = edit_maker_app(
creator,
app_code,
app_params['name'],
link,
creator,
task_template.category,
app_params['desc'],
)
if not app_edit_result['result']:
return False, _(u"编辑轻应用失败:%s") % app_edit_result['message']
app_maker_obj.name = app_params['name']
app_maker_obj.desc = app_params['desc']
app_maker_obj.editor = app_params['username']
if 'template_scheme_id' in app_params:
app_maker_obj.template_scheme_id = app_params[
'template_scheme_id']
# upload app logo
if not fake and app_params['logo_content']:
logo = base64.b64encode(app_params['logo_content'])
app_logo_result = modify_app_logo(app_maker_obj.creator, app_code,
logo)
if not app_logo_result['result']:
logger.warning(u"AppMaker[id=%s] upload logo failed: %s" %
(app_maker_obj.id, app_logo_result['message']))
# update app maker info
app_maker_obj.logo_url = get_app_logo_url(app_code=app_code)
app_maker_obj.save()
return True, app_maker_obj
