def _get_user_info(request, use_cache=True):
"""
获取用户基本信息
@param request:
@param use_cache:
@return:
"""
user = request.user
cache_key = "%s_get_user_info_%s" % (CACHE_PREFIX, user.username)
data = cache.get(cache_key)
if not (use_cache and data):
client = settings.ESB_GET_CLIENT_BY_REQUEST(request)
auth = getattr(client, settings.ESB_AUTH_COMPONENT_SYSTEM)
get_user_info = getattr(auth, settings.ESB_AUTH_GET_USER_INFO)
userinfo = get_user_info({})
userinfo.setdefault('code', -1)
if userinfo['result']:
data = userinfo['data']
if data:
cache.set(cache_key, data, DEFAULT_CACHE_TIME_FOR_CC)
elif userinfo['code'] in ('20101', 20101):
raise exceptions.Unauthorized(userinfo['message'])
elif userinfo['code'] in ('20103', 20103, '20201', 20201, '20202',
20202):
raise exceptions.Forbidden(userinfo['message'])
else:
raise exceptions.APIError(
settings.ESB_AUTH_COMPONENT_SYSTEM, 'get_user',
userinfo.get('detail_message', userinfo['message']))
return data
def _get_user_info(request, use_cache=True):
"""
获取用户基本信息
@param request:
@param use_cache:
@return:
"""
user = request.user
cache_key = "%s_get_user_info_%s" % (CACHE_PREFIX, user.username)
data = cache.get(cache_key)
if not (use_cache and data):
userinfo = get_user_info(request)
userinfo.setdefault('code', -1)
if userinfo['result']:
data = userinfo['data']
if data:
cache.set(cache_key, data, DEFAULT_CACHE_TIME_FOR_CC)
elif userinfo.get('code') in ('20101', 20101):
raise exceptions.Unauthorized(userinfo['message'])
elif userinfo.get('code') in ('20103', 20103, '20201', 20201, '20202',
20202):
raise exceptions.Forbidden(userinfo['message'])
else:
raise exceptions.APIError(
'bk_api', 'get_user_info',
userinfo.get('detail_message', userinfo['message']))
return data
def _get_user_business_list(request, use_cache=True):
"""Get authorized business list for a exact username.
:param object request: django request object.
:param bool use_cache: (Optional)
"""
user = request.user
cache_key = "%s_get_user_business_list_%s" % (CACHE_PREFIX, user.username)
data = cache.get(cache_key)
if not (use_cache and data):
client = settings.ESB_GET_CLIENT_BY_REQUEST(request)
result = client.cc.get_app_by_user_role({
'user_role':
','.join(roles.CC_ROLES),
# 'user_role': roles.MAINTAINERS,
})
if result['result']:
data = result['data']
# 获取用户所属开发商信息
user_info = _get_user_info(request)
# 兼容多开发商和单开发商模式
if user_info.get('company_list', []):
owner_list = [
owner['company_code']
for owner in user_info['company_list']
]
elif user_info.get('company_code'):
owner_list = [user_info.get('company_code')]
else:
owner_list = []
# 按照开发商过滤
for role, biz_list in data.iteritems():
temp_list = []
for item in biz_list:
if item.get('LifeCycle') not in ['3', _(u"停运")]:
if owner_list:
if item['Owner'] in owner_list:
temp_list.append(item)
else:
temp_list.append(item)
data.update({role: temp_list})
cache.set(cache_key, data, DEFAULT_CACHE_TIME_FOR_CC)
elif result['code'] in ('20101', 20101):
raise exceptions.Unauthorized(result['message'])
elif result['code'] in ('20103', 20103, '20201', 20201, '20202',
20202):
raise exceptions.Forbidden(result['message'])
else:
raise exceptions.APIError(
'cc', 'get_app_by_user_role',
result.get('detail_message', result['message']))
return data
def _get_user_business_list(request, use_cache=True):
"""Get authorized business list for a exact username.
:param object request: django request object.
:param bool use_cache: (Optional)
"""
user = request.user
cache_key = "%s_get_user_business_list_%s" % (CACHE_PREFIX, user.username)
data = cache.get(cache_key)
if not (use_cache and data):
user_info = _get_user_info(request)
client = settings.ESB_GET_CLIENT_BY_USER(request.user.username)
result = client.cc.search_business({
'bk_supplier_account':
user_info['bk_supplier_account'],
'condition': {
'bk_data_status': {
'$in': ['enable', 'disabled', None]
},
'$or': [{
'bk_biz_developer': {
"$regex": user.username
}
}, {
'bk_biz_productor': {
"$regex": user.username
}
}, {
'bk_biz_maintainer': {
"$regex": user.username
}
}, {
'bk_biz_tester': {
"$regex": user.username
}
}]
}
})
if result['result']:
data = result['data']['info']
cache.set(cache_key, data, DEFAULT_CACHE_TIME_FOR_CC)
elif result.get('code') in ('20101', 20101):
raise exceptions.Unauthorized(result['message'])
elif result.get('code') in ('20103', 20103, '20201', 20201, '20202',
20202):
raise exceptions.Forbidden(result['message'])
else:
raise exceptions.APIError(
'cc', 'search_business',
result.get('detail_message', result['message']))
return data
def update_user_info(request, cc_id, use_cache=True):
cache_key = "%s_update_user_info_%s" % (CACHE_PREFIX, cc_id)
data = cache.get(cache_key)
if not (use_cache and data):
result = get_user_info(request)
if result['result']:
_update_user_info(result['data'])
elif result['code'] in ('20101', 20101):
raise exceptions.Unauthorized(result['message'])
elif result['code'] in ('20103', 20103):
raise exceptions.Forbidden(result['message'])
else:
raise exceptions.APIError(
settings.ESB_AUTH_COMPONENT_SYSTEM, 'get_user',
result.get('detail_message', result['message']))
cache.set(cache_key, True, DEFAULT_CACHE_TIME_FOR_CC)
def process_view(self, request, view_func, view_args, view_kwargs):
"""
If a request path contains biz_cc_id parameter, check if current
user has perm view_business or return http 403.
"""
if getattr(view_func, 'login_exempt', False):
return None
biz_cc_id = view_kwargs.get(
'biz_cc_id') or self._get_biz_cc_id_in_rest_request(request)
if biz_cc_id and str(biz_cc_id) != '0':
try:
business = prepare_business(request, cc_id=biz_cc_id)
except exceptions.Unauthorized:
# permission denied for target business (irregular request)
return HttpResponse(status=401)
except exceptions.Forbidden:
# target business does not exist (irregular request)
return HttpResponseForbidden()
except exceptions.APIError as e:
ctx = {
'system': e.system,
'api': e.api,
'message': e.message,
}
logger.error(json.dumps(ctx))
return HttpResponse(status=503, content=json.dumps(ctx))
# set time_zone of business
if business.time_zone:
request.session['blueking_timezone'] = business.time_zone
try:
if not request.user.has_perm('view_business', business):
raise exceptions.Unauthorized(
'user[{username}] has no perm view_business of business[{biz}]'
.format(username=request.user.username,
biz=business.cc_id))
except Exception as e:
logger.exception(
'user[username={username},type={user_type}] has_perm raise error[{error}]'
.format(username=request.user.username,
user_type=type(request.user),
error=e))
return HttpResponseForbidden(e.message)
def _get_business_info(request, app_id, use_cache=True, use_maintainer=False):
"""Get detail infomations for a exact app_id.
@param object request: django request object.
@param int app_id: cc_id of core.business model.
@param use_maintainer: 使用运维身份请求
"""
username = request.user.username
business = Business.objects.get(cc_id=app_id)
cache_key = "%s_get_business_info_%s_%s" % (CACHE_PREFIX, app_id, username)
data = cache.get(cache_key)
if not (use_cache and data):
if use_maintainer:
client = get_client_by_user_and_biz_id(username, app_id)
else:
client = settings.ESB_GET_CLIENT_BY_REQUEST(request)
result = client.cc.search_business({
'bk_supplier_account': business.cc_owner,
'condition': {
'bk_biz_id': int(app_id)
}
})
if result['result']:
if not result['data']['info']:
raise exceptions.Forbidden()
data = result['data']['info'][0]
elif result.get('code') in ('20101', 20101):
raise exceptions.Unauthorized(result['message'])
elif result.get('code') in ('20103', 20103, '20201', 20201,
'20202', 20202):
raise exceptions.Forbidden(result['message'])
else:
raise exceptions.APIError(
'cc',
'get_app_by_id',
result.get('detail_message', result['message'])
)
cache.set(cache_key, data, DEFAULT_CACHE_TIME_FOR_CC)
return data
def _get_business_info(request, app_id, use_cache=True, use_maintainer=False):
"""Get detail infomations for a exact app_id.
@param object request: django request object.
@param int app_id: cc_id of core.business model.
@param use_maintainer: 使用运维身份请求
"""
username = request.user.username
cache_key = "%s_get_business_info_%s_%s" % (CACHE_PREFIX, app_id, username)
data = cache.get(cache_key)
if not (use_cache and data):
if use_maintainer:
client = get_client_by_user_and_biz_id(username, app_id)
else:
client = settings.ESB_GET_CLIENT_BY_REQUEST(request)
result = client.cc.get_app_by_id({
'app_id':
app_id,
'uin_to_openid_column':
','.join(roles.CC_ROLES),
})
if result['result']:
data = result['data'][0]
elif result['code'] in ('20101', 20101):
raise exceptions.Unauthorized(result['message'])
elif result['code'] in ('20103', 20103, '20201', 20201, '20202',
20202):
raise exceptions.Forbidden(result['message'])
else:
raise exceptions.APIError(
'cc', 'get_app_by_id',
result.get('detail_message', result['message']))
cache.set(cache_key, data, DEFAULT_CACHE_TIME_FOR_CC)
return data
