def initial(self, request, *args, **kwargs): super(AppBaseView, self).initial(request, *args, **kwargs) service_alias = kwargs.get("serviceAlias", None) if not service_alias: raise ImportError("You url not contains args - serviceAlias -") services = TenantServiceInfo.objects.filter(service_alias=service_alias, tenant_id=self.tenant.tenant_id) if services: self.service = services[0] if self.service.tenant_id != self.tenant.tenant_id: team_info = Tenants.objects.filter(tenant_id=self.service.tenant_id) if team_info: raise BusinessException( response=Response( general_message(10403, "service team is not current team", "应用{0}不属于当前团队".format(service_alias), {"service_team_name": team_info[0].tenant_name}), status=404)) else: raise BusinessException( response=Response( general_message(10403, "service team is not current team", "应用{0}不属于当前团队且其团队不存在".format( service_alias), {"service_team_name": ""}), status=404)) # 请求应用资源的数据中心与用户当前页面数据中心不一致 if self.service.service_region != self.response_region: raise BusinessException( Response( general_message(10404, "service region is not current region", "应用{0}不属于当前数据中心".format(service_alias), {"service_region": self.service.service_region}), status=404)) else: raise BusinessException( Response(general_message(404, "service not found", "应用{0}不存在".format(service_alias)), status=404)) self.initial_header_info(request)
def initial(self, request, *args, **kwargs): super(PluginBaseView, self).initial(request, *args, **kwargs) plugin_id = kwargs.get("plugin_id", None) if not plugin_id: raise ImportError("You url not contains args - plugin_id -") tenant_plugin = TenantPlugin.objects.filter(plugin_id=plugin_id) if tenant_plugin: self.plugin = tenant_plugin[0] if self.plugin.tenant_id != self.tenant.tenant_id: team_info = Tenants.objects.filter(tenant_id=self.plugin.tenant_id) if team_info: raise BusinessException( response=Response(general_message(10403, "plugin team is not current team", "插件不属于当前团队"), status=404)) else: raise BusinessException( response=Response(general_message(10403, "current team is not exist", "团队不存在"), status=404)) # 请求应用资源的数据中心与用户当前页面数据中心不一致 if self.plugin.region != self.response_region: raise BusinessException( Response(general_message(10404, "plugin region is not current region", "插件不属于当前数据中心"), status=404)) else: raise BusinessException(Response(general_message(404, "plugin not found", "插件不存在"), status=404)) self.initial_header_info(request) build_version = kwargs.get("build_version", None) if build_version: plugin_build_version = PluginBuildVersion.objects.filter(plugin_id=plugin_id, build_version=build_version) if plugin_build_version: self.plugin_version = plugin_build_version[0] else: raise BusinessException( response=Response( general_message(10403, "plugin id {0}, build version {1} is not exist".format(plugin_id, build_version), "当前版本插件不存在"), status=404))
def check_perm(perm, user, tenantName=None, serviceAlias=None): if isinstance(user, AnonymousUser): raise PermissionDenied('this resource need login status', redirect_url='/login') if tenantName is None: raise UrlParseError(500, 'tenantName is None') if not hasattr(user, 'actions'): user.actions = UserActions() p = PermActions() try: tenant = Tenants.objects.get(tenant_name=tenantName) identitys = team_services.get_user_perm_identitys_in_permtenant(user_id=user.pk, tenant_name=tenant.tenant_name) role_id_list = team_services.get_user_perm_role_id_in_permtenant(user_id=user.pk, tenant_name=tenant.tenant_name) if not identitys and not role_id_list: raise PermRelTenant.DoesNotExist tenant_actions_tuple = () if identitys: tenant_identity = get_highest_identity(identitys) tenant_actions = p.keys('tenant_{0}_actions'.format(tenant_identity)) tenant_actions_tuple += tenant_actions if role_id_list: for role_id in role_id_list: perm_tuple = role_perm_repo.get_perm_by_role_id(role_id=role_id) tenant_actions_tuple += perm_tuple user.actions.set_actions('tenant', tuple(set(tenant_actions_tuple))) if serviceAlias is not None: service = TenantServiceInfo.objects.get(tenant_id=tenant.tenant_id, service_alias=serviceAlias) user_service_perms_id_list = ServiceRelPerms.objects.filter( user_id=user.pk, service_id=service.pk).values_list( "perm_id", flat=True) perm_codename_list = role_perm_repo.get_perm_list_by_perm_id_list(perm_id_list=user_service_perms_id_list) user.actions.set_actions('service', perm_codename_list) except Tenants.DoesNotExist: raise UrlParseError(404, 'no matching tenantName for {0}'.format(tenantName)) except TenantServiceInfo.DoesNotExist: raise UrlParseError(404, 'no matching serviceAlias for {0}'.format(serviceAlias)) except PermRelTenant.DoesNotExist: tenant = Tenants.objects.filter(tenant_name=tenantName)[0] if not user.is_sys_admin and tenantName != "grdemo": raise UrlParseError(403, 'no permissions for user {0} on tenant {1}'.format(user.nick_name, tenant.tenant_name)) user.actions.set_actions('tenant', p.keys('tenant_viewer_actions')) except PermRelService.DoesNotExist: pass # if user.is_sys_admin: # return True if perm in user.actions: return True raise BusinessException(Response(general_message(403, "you don't have enough permissions", "您无权限执行此操作"), status=403))
def initial(self, request, *args, **kwargs): super(ComposeGroupBaseView, self).initial(request, *args, **kwargs) group_id = kwargs.get("group_id", None) if not group_id: raise ImportError("You url not contains args - group_id -") group = group_repo.get_group_by_pk(self.tenant.tenant_id, self.response_region, group_id) if group: self.group = group else: raise BusinessException(Response(general_message(404, "group not found", "组ID{0}不存在".format(group_id)), status=404)) self.initial_header_info(request)
def initial(self, request, *args, **kwargs): super(ComposeBaseView, self).initial(request, *args, **kwargs) compose_id = kwargs.get("compose_id", None) if not compose_id: raise ImportError("You url not contains args - compose_id -") group_compose = compose_repo.get_group_compose_by_compose_id(compose_id) if group_compose: self.group_compose = group_compose else: raise BusinessException( Response(general_message(404, "compose not found", "compose组{0}不存在".format(compose_id)), status=404)) self.initial_header_info(request)