def build_group_rawdata(db_executer, role_manager): """ 调用dingsdk生成供Group使用的raw数据 """ role_list_index = 0 role_list_continue = True root_group = Group.valid_objects.get_queryset().get(uid=GROUP_ROOT_UID) while role_list_continue: role_list_detail = role_manager.get_roles_list(PAGE_DEFAULT_SIZE, role_list_index) role_list_continue = role_list_detail['result']['hasMore'] role_list_index += PAGE_DEFAULT_SIZE for group in role_list_detail['result']['list']: group_info = { 'name': group['name'], 'parent': None, 'accept_user': False, 'ding_group': { 'uid': group['groupId'], 'subject': 'role', 'is_group': True, } } exist_group = Group.valid_objects.get_queryset().filter(ding_group__uid=group['groupId'], ding_group__subject='role', ding_group__is_group=True).first() if exist_group: group_without_user = db_executer.update_group(exist_group, group_info) else: group_info['uid'] = gen_uid(group_info['name'], cls=Group) group_without_user = db_executer.create_group(group_info) db_executer.add_group_to_group(group_without_user, root_group) for role in group['roles']: role_info = { 'name': role['name'], 'parent': group['groupId'], 'accept_user': True, 'ding_group': { 'uid': role['id'], 'subject': 'role', 'is_group': False, } } exist_child_group = Group.valid_objects.get_queryset().filter(ding_group__uid=role['id'], ding_group__subject='role', ding_group__is_group=False).first() if exist_child_group: group_accept_user = db_executer.update_group(exist_child_group, role_info) else: role_info['uid'] = gen_uid(role_info['name'], cls=Group) group_accept_user = db_executer.create_group(role_info) if group_accept_user.parent != group_without_user: db_executer.add_group_to_group(group_accept_user, group_without_user) build_user_group_rawdata(db_executer, role_manager, role['id'], group_accept_user)
def test_gen_uid(self): uid = gen_uid('测试ab1') self.assertEqual('ceshiab1', uid) uid = gen_uid('测试', prefix='pre', suffix='suf') self.assertEqual('preceshisuf', uid) uid = gen_uid('测试', cls=Perm) self.assertEqual('ceshi', uid) Perm.valid_objects.create(uid=uid) uid = gen_uid('测试', cls=Perm) self.assertEqual('ceshi1', uid) uid = gen_uid('用 户', cls=Perm) self.assertEqual('yonghu', uid) uid = gen_uid('f用 abc1 户', cls=Perm) self.assertEqual('fyongabc1hu', uid) uid = gen_uid('a用 abc1 (户)', cls=Perm) self.assertEqual('ayongabc1hu', uid) uid = gen_uid('A', cls=Perm) self.assertEqual('a', uid)
def create_department_meta(db_executer, department): """ 创建department记录 :param department: 一条dingdept数据 :return: """ dept_info = { 'name': department.get('name'), 'ding_dept': { 'uid': department.get('id'), 'data': json.dumps({ 'order': department.get('order', ''), 'createDeptGroup': department.get('createDeptGroup', True), 'deptHiding': department.get('deptHiding', False), 'userpermit': department.get('userPermit', ''), 'outerdep': department.get('outerDept', False), 'outerpermitdepts': department.get('outerPermitDepts', ''), 'outerpermitusers': department.get('outerPermitUsers', ''), 'outerdeponlyself': department.get('outerDeptOnlySelf', False), 'sourceIdentifier': department.get('sourceIdentifier', ''), }) } } exist_ding_dept = DingDept.valid_objects.filter(uid=department.get('id')).first() if exist_ding_dept: return db_executer.update_dept(exist_ding_dept.dept, dept_info) dept_info['uid'] = gen_uid(dept_info['name'], cls=Dept) return db_executer.create_dept(dept_info)
def create(self, request, *args, **kwargs): # pylint: disable=unused-argument ''' 添加子组,从无到有 [POST] ''' parent_group = self.get_object() group_data = request.data uid = group_data.get('uid', '') if 'manager_group' in group_data: if parent_group.uid == 'manager': if not group_data.get('name', ''): name = "".join( random.choice(string.ascii_lowercase) for _ in range(8)) group_data.update(name=name) else: group_data.pop('manager_group') if not uid: name = group_data.get('name') if not name: raise ValidationError({'name': ['this field is required']}) uid = gen_uid(name=name, cls=Group) group_data['uid'] = uid cli = CLI() group_data.update(parent_uid=self.kwargs['uid']) child_group = cli.create_group(group_data) cli.add_group_to_group(child_group, parent_group) if parent_group.uid == 'intra': self._auto_create_manager_group(request, child_group) transaction.on_commit( lambda: WebhookManager.group_created(child_group)) return Response(GroupDetailSerializer(child_group).data, status=status.HTTP_201_CREATED)
def create(self, validated_data): scope = validated_data.get('scope') name = validated_data.get('name') prefix = f'app_{scope}_' uid = gen_uid(name, cls=Perm, prefix=prefix) action = uid.replace(prefix, '', 1) return Perm.objects.create(name=name, scope=scope, action=action)
def create(self, validated_data): ''' create app create oauth_app if provided create oidc_app if provided create http_app if provided create saml_app if provided ''' if 'uid' not in validated_data: validated_data['uid'] = gen_uid(validated_data['name'], cls=self.Meta.model) oauth_app_data = validated_data.pop('oauth_app', None) oidc_app_data = validated_data.pop('oidc_app', None) saml_app_data = validated_data.pop('saml_app', None) ldap_app_data = validated_data.pop('ldap_app', None) http_app_data = validated_data.pop('http_app', None) app = APP.objects.create(**validated_data) if oauth_app_data is not None: oauth_app_serializer = OAuthAPPSerializer(data=oauth_app_data) oauth_app_serializer.is_valid(raise_exception=True) oauth_app_serializer.save(app=app, name=app.name) if ldap_app_data is not None: serializer = LDAPAPPSerializer(data=ldap_app_data) serializer.is_valid(raise_exception=True) serializer.save(app=app) if http_app_data is not None: serializer = HTTPAPPSerializer(data=http_app_data) serializer.is_valid(raise_exception=True) serializer.save(app=app) if oidc_app_data is not None: oidc_app_serializer = OIDCAPPSerializer(data=oidc_app_data) oidc_app_serializer.is_valid(raise_exception=True) oidc_app_serializer.save(app=app, name=app.name) if saml_app_data is not None: saml_app_data['app'] = app serializer = SAMLAPPSerializer(data=saml_app_data) serializer.is_valid(raise_exception=True) serializer.save(app=app) return app
def create(self, request, *args, **kwargs): # pylint: disable=unused-argument ''' 添加子部门,从无到有 [POST] ''' parent_dept = self.get_object() dept_data = json.loads(request.body.decode('utf-8')) uid = dept_data.get('uid', '') if not uid: name = dept_data.get('name') uid = gen_uid(name=name, cls=Dept) dept_data['uid'] = uid dept_data.update(parent_uid=self.kwargs['uid']) cli = CLI() child_dept = cli.create_dept(dept_data) cli.add_dept_to_dept(child_dept, parent_dept) return Response(DeptDetailSerializer(child_dept).data, status=status.HTTP_201_CREATED)
def _auto_create_manager_group(request, app): ''' 当创建应用时,自动创建子管理员组 成员只有创建者一人,节点管理范围为空,人员管理范围仅自己,应用管理范围仅此一个应用 ''' cli = CLI() data = { 'uid': gen_uid(name=uuid_utils.uuid4().hex[:6], cls=Group), 'name': f'管理应用{app.name}', 'manager_group': { 'apps': [app.uid], 'users': [request.user.username], 'scope_subject': 2, } } manager_group = cli.create_group(data) parent, _ = Group.valid_objects.get_or_create(uid='manager') cli.add_group_to_group(manager_group, parent) cli.add_users_to_group([request.user], manager_group)
def _auto_create_manager_group(request, child_group): ''' 当创建大类时,自动创建子管理员组 成员只有创建者一人,节点范围仅此大类,人员管理范围仅自己,应用管理范围为空 ''' cli = CLI() data = { 'uid': gen_uid(name=uuid_utils.uuid4().hex[:6], cls=Group), 'name': f'管理分组{child_group.name}', 'manager_group': { 'nodes': [child_group.node_uid], 'users': [request.user.username], 'scope_subject': 2, }, } manager_group = cli.create_group(data) parent, _ = Group.valid_objects.get_or_create(uid='manager') cli.add_group_to_group(manager_group, parent) cli.add_users_to_group([request.user], manager_group)
def create(self, validated_data): kwargs = {} scope = validated_data.get('scope') kwargs['scope'] = scope sub_account_data = validated_data.pop('sub_account', None) if sub_account_data: app = APP.valid_objects.filter(uid=scope).first() if not app: raise ValidationError({'scope': 'not found'}) serializer = SubAccountSerializer(data=sub_account_data) serializer.is_valid(raise_exception=True) sub_account = serializer.save() username = sub_account_data['username'] kwargs['name'] = f'以 "{username}" 身份访问 {app.name}' kwargs['action'] = 'access' + uuid.uuid4().hex[:10] kwargs['sub_account'] = sub_account else: name = validated_data.get('name') prefix = f'app_{scope}_' uid = gen_uid(name, cls=Perm, prefix=prefix) kwargs['name'] = name kwargs['action'] = uid.replace(prefix, '', 1) return Perm.objects.create(**kwargs)
def create_user_meta(db_executer, user): """ 创建user记录 :param user:一条dinguser数据 :return: """ # 手机号码校验 # 手机号存在且非中国号码时,需将区号 # 以 `+852 98765432` 的形式附上 mobile = user.get('mobile', '') mobile = f"+{user.get('stateCode', '')} {mobile}" if mobile and not is_cn_mobile( mobile) else mobile user_info = { 'password': '', 'name': user.get('name'), 'private_email': user.get('email', ''), 'email': user.get('orgEmail', ''), 'mobile': mobile, 'employee_number': user.get('jobnumber', ''), 'gender': UNKNOWN_GENDER, 'ding_user': { 'uid': user.get('userid'), 'account': user.get('mobile', ''), 'data': json.dumps({ 'uname': user.get('name'), 'position': user.get('position', ''), 'tel': user.get('tel', ''), 'workplace': user.get('workPlace', ''), 'remark': user.get('remark', ''), 'email': user.get('email', ''), 'orgemail': user.get('orgEmail', ''), 'jobnumber': user.get('jobnumber', ''), 'ishide': user.get('isHide', ''), 'issenior': user.get('issenior', ''), }) } } # 通过钉钉uid匹配 exist_ding_user = DingUser.valid_objects.filter( uid=user.get('userid')).first() if exist_ding_user: return db_executer.update_user(exist_ding_user.user, user_info) # 通过手机号匹配 exist_mobile_user = User.valid_objects.filter(mobile=mobile).first() if exist_mobile_user: return db_executer.update_user(exist_mobile_user, user_info) # 通过私人邮箱匹配 private_email = user.get('email', '') if private_email != '': exist_private_email_user = User.valid_objects.filter( private_email=private_email).first() if exist_private_email_user: return db_executer.update_user(exist_private_email_user, user_info) # 通过企业邮箱匹配 email = user.get('orgEmail', '') if email != '': exist_email_user = User.valid_objects.filter(email=email).first() if exist_email_user: return db_executer.update_user(exist_email_user, user_info) user_info['username'] = gen_uid(user_info['name'], cls=User, uid_field='username') return db_executer.create_user(user_info)
def update(self, instance, validated_data): # pylint: disable=too-many-locals, too-many-statements, too-many-branches company_config_data = validated_data.pop('company_config', None) if company_config_data: if not Dept.valid_objects.filter(parent__uid='root').exists(): uid = gen_uid(name=company_config_data.get('name_cn', ''), cls=Dept) parent_dept = Dept.valid_objects.filter(uid='root').first() cli = CLI() dept_data = { 'parent_uid': 'root', 'name': company_config_data.get('name_cn', ''), 'uid': uid, } child_dept = cli.create_dept(dept_data) cli.add_dept_to_dept(child_dept, parent_dept) else: company_dept = Dept.valid_objects.filter( parent__uid='root').first() company_dept.name = company_config_data.get('name_cn', '') company_dept.save() serializer = CompanyConfigSerializer(CompanyConfig.get_current(), company_config_data) serializer.is_valid(raise_exception=True) serializer.save() account_config_data = validated_data.pop('account_config', None) if account_config_data: serializer = AccountConfigSerializer(AccountConfig.get_current(), account_config_data, partial=True) serializer.is_valid(raise_exception=True) serializer.save() ding_config_data = validated_data.pop('ding_config', None) if ding_config_data: serializer = DingConfigSerializer(DingConfig.get_current(), ding_config_data, partial=True) serializer.is_valid(raise_exception=True) serializer.save() sms_config_data = validated_data.pop('sms_config', None) if sms_config_data: access_secret = sms_config_data.pop('access_secret', '') config = SMSConfig.get_current() serializer = SMSConfigSerializer(config, sms_config_data, partial=True) serializer.is_valid(raise_exception=True) # pylint: disable=not-callable config.__dict__.update(serializer.validated_data) if access_secret: config.access_secret = access_secret if not config.check_valid(): raise ValidationError({'sms': ['invalid']}) config.is_valid = True config.save() email_config_data = validated_data.pop('email_config', None) if email_config_data: access_secret = email_config_data.pop('access_secret', '') config = EmailConfig.get_current() serializer = EmailConfigSerializer(config, email_config_data, partial=True) serializer.is_valid(raise_exception=True) # pylint: disable=not-callable config.__dict__.update(serializer.validated_data) if access_secret: config.access_secret = access_secret if not config.check_valid(): raise ValidationError({'email': ['invalid']}) config.is_valid = True config.save() alipay_config_data = validated_data.pop('alipay_config', None) if alipay_config_data: if alipay_config_data["app_id"] != '': serializer = AlipayConfigSerializer(AlipayConfig.get_current(), alipay_config_data, partial=True) serializer.is_valid(raise_exception=True) serializer.save() qq_config_data = validated_data.pop('qq_config', None) if qq_config_data: serializer = QQConfigSerializer(QQConfig.get_current(), qq_config_data, partial=True) serializer.is_valid(raise_exception=True) serializer.save() work_wechat_config_data = validated_data.pop('work_wechat_config', None) if work_wechat_config_data: serializer = WorkWechatConfigSerializer(WorkWechatConfig.get_current(),\ work_wechat_config_data, partial=True) serializer.is_valid(raise_exception=True) serializer.save() wechat_config_data = validated_data.pop('wechat_config', None) if wechat_config_data: serializer = WechatConfigSerializer(WechatConfig.get_current(),\ wechat_config_data, partial=True) serializer.is_valid(raise_exception=True) serializer.save() password_config_data = validated_data.pop('password_config', None) if password_config_data: config = PasswordComplexityConfig.get_current() serializer = PasswordConfigSerializer(config, password_config_data, partial=True) serializer.is_valid(raise_exception=True) # pylint: disable=not-callable config.__dict__.update(serializer.validated_data) config.save() github_config = validated_data.pop('github_config', None) if github_config: config = GithubConfig.get_current() serializer = GithubConfigSerializer(config, github_config, partial=True) serializer.is_valid(raise_exception=True) serializer.save() instance.refresh_from_db() return instance
def update(self, instance, validated_data): company_config_data = validated_data.pop('company_config', None) if company_config_data: if not Dept.valid_objects.filter(parent__uid='root').exists(): uid = gen_uid(name=company_config_data.get('name_cn', ''), cls=Dept) parent_dept = Dept.valid_objects.filter(uid='root').first() cli = CLI() dept_data = { 'parent_uid': 'root', 'name': company_config_data.get('name_cn', ''), 'uid': uid, } child_dept = cli.create_dept(dept_data) cli.add_dept_to_dept(child_dept, parent_dept) else: company_dept = Dept.valid_objects.filter(parent__uid='root').first() company_dept.name = company_config_data.get('name_cn', '') company_dept.save() serializer = CompanyConfigSerializer(CompanyConfig.get_current(), company_config_data) serializer.is_valid(raise_exception=True) serializer.save() ding_config_data = validated_data.pop('ding_config', None) if ding_config_data: serializer = DingConfigSerializer(DingConfig.get_current(), ding_config_data, partial=True) serializer.is_valid(raise_exception=True) serializer.save() account_config_data = validated_data.pop('account_config', None) if account_config_data: serializer = AccountConfigSerializer(AccountConfig.get_current(), account_config_data, partial=True) serializer.is_valid(raise_exception=True) serializer.save() sms_config_data = validated_data.pop('sms_config', None) if sms_config_data: access_secret = sms_config_data.pop('access_secret', '') config = SMSConfig.get_current() serializer = SMSConfigSerializer(config, sms_config_data, partial=True) serializer.is_valid(raise_exception=True) # pylint: disable=not-callable config.__dict__.update(serializer.validated_data) if access_secret: config.access_secret = access_secret if not config.check_valid(): raise ValidationError({'sms': ['invalid']}) config.is_valid = True config.save() email_config_data = validated_data.pop('email_config', None) if email_config_data: access_secret = email_config_data.pop('access_secret', '') config = EmailConfig.get_current() serializer = EmailConfigSerializer(config, email_config_data, partial=True) serializer.is_valid(raise_exception=True) # pylint: disable=not-callable config.__dict__.update(serializer.validated_data) if access_secret: config.access_secret = access_secret if not config.check_valid(): raise ValidationError({'email': ['invalid']}) config.is_valid = True config.save() instance.refresh_from_db() return instance