def user_delete(appname, uid): """ this api is used to delete user. Request URL: /auth/user/delete HTTP Method: POST Parameters: { "uids": 3 } Return: { "status":0 "data":{} "msg":"delete successfully" } """ uid = int(uid) user = User.find_one_user(appname, {"_id": uid}, None) if user: User.del_user(appname, uid) return json_response_ok({"id": uid}, msg="delete user success") else: return json_response_error(PARAM_ERROR, msg="id:%s is invalid" % uid)
def user_mod(appname, uid, data): """ this api is used to modify one user Request URL: /auth/user/{uid} HTTP Method:POST Parameters: None Return : { "status":0 "data":{ "perm_list":[1,2,3,4], "disable_list":[1,2,3,4], "id": 1 } "msg":"" } """ cond = {"_id": uid} user = User.find_one_user(appname, cond, None) if not user: return json_response_error(PARAM_ERROR, msg="id:%s is invalid" % uid) user_name = data["user_name"] old_user = Group.find_one_group(appname, {"user_name": user_name}) if old_user and old_user["_id"] != uid: return json_response_error(PARAM_ERROR, msg="the user name exist") group_id = [int(gid) for gid in data["group_id"]] user_data = {"user_name": user_name, "mark": data["mark"], "group_id": group_id} User.update_user(appname, cond, user_data) return json_response_ok({})
def user_chpasswd(appname, uid, old_pwd, new_pwd): usr = User.find_one_user(appname, {"_id": int(uid)}, None) if usr: if usr.get("password") == old_pwd: User.update_user(appname, {"_id": int(uid)}, {"password": new_pwd}) return json_response_ok() else: _LOGGER.error("old_pwd err") return json_response_error(AUTH_ERROR) else: return json_response_error(AUTH_ERROR)
def user_list(appname, page=0, page_size=PAGE_SIZE, searchKeyword=None): """ list api for show user list. Request URL: /appname/auth/user/list Http Method: GET Parameters : None Return : { "status":0 "data":{ "items":[ { "_id":"2", "user_name":"admin", "email":"*****@*****.**", "permission_list":[19,20,21,22] }, { "_id":4, "user_name":"translator", "email":"*****@*****.**", "permission_list":[22,23] } ] } } """ cond = {} if searchKeyword: cond = search_cond(appname, searchKeyword) fields = {"password": 0, "super": 0, "permission_list": 0, "department": 0, "is_superuser": 0} sort = [("last_login", -1)] user_cursor = User.find_users(appname, cond, fields) if sort is not None: user_cursor = user_cursor.sort(sort) user_cursor = user_cursor.skip(page * page_size).limit(page_size) total = User.find_users(appname, cond).count() users = [] for item in user_cursor: item["id"] = item.pop("_id") item["last_login"] = unixto_string(item.get("last_login")) item["role"] = get_role(appname, item["group_id"]) users.append(item) data = {} data.setdefault("items", users) data.setdefault("total", total) return json_response_ok(data)
def user_create(appname, user_data): """ create api to add user. """ user_name = user_data["user_name"] password = user_data.get("password", "123456") superuser = user_data.get("super") groups = [int(gid) for gid in user_data["group_id"]] mark = user_data.get("mark") if User.find_one_user(appname, {"user_name": user_name}): return json_response_error(PARAM_ERROR, msg="the user name exist") user_instance = User.new(user_name, password, superuser, groups, mark=mark) User.save(appname, user_instance) return json_response_ok()
def _send_email_to_user( appname, projectname, module, uid, submit_uid, id, mark): user_info = User.find_one( appname, {"_id": submit_uid}, {"user_name": 1, "_id": 0}) subject = u"Check result" template = os.path.join(TEMPLATE_ROOT, "check_info.html") mail_to = [user_info.get("user_name")] from_to = User.find_one( appname, {"_id": uid}, {"user_name": 1}).get("user_name") mail_to.append("*****@*****.**") module = get_module_value(appname, projectname, module) projectname = get_project_value(projectname) send_email( subject, template, mail_to, from_to, projectname, module, id, mark)
def _send_email_to_assessor(appname, projectname, module, uid, uids, ids): subject = u"Submit check list" from_info = User.find_one(appname, {"_id": uid}, {"user_name": 1}) from_to = from_info.get("user_name") mail_to = [] for uid in uids: user_info = User.find_one( appname, {"_id": uid}, {"user_name": 1, "_id": 0}) mail_to.append(user_info.get("user_name")) mail_to.append("*****@*****.**") template = os.path.join(TEMPLATE_ROOT, "submit_checklist.html") module = get_module_value(appname, projectname, module) projectname = get_project_value(projectname) send_email(subject, template, mail_to, from_to, projectname, module, ids)
def user_login(appname, user_name, password, session): user_cond = {"user_name": user_name, "password": password} user_check = User.find_one_user(appname, user_cond, None) if not user_check: return json_response_error(AUTH_ERROR, {}, msg="username or password err") elif not user_check["is_active"]: return json_response_error(AUTH_ERROR, {}, msg="user is not active") else: session["uid"] = int(user_check["_id"]) uid = user_check["_id"] upt_dict = {"last_login": now_timestamp(), "total_login": user_check.get("total_login") + 1} User.update_user(appname, {"_id": uid}, upt_dict) # 业务相关拆分 # permissions = Permission.init_menu(uid) return json_response_ok({"uid": uid})
def user_right_mod(appname, projectname, uid, data): """ this api is used to modify one group Request URL: /auth/user/{gid} HTTP Method:POST Parameters: { "perm_list":[1,2,3,4] "disable_list":[1,2,3,4] } Return : { "status":0 "data":{} } """ # check if user id in db cond = {"_id": uid} fields = {"_id": 0} user_info = User.find_one_user(appname, cond, fields) if not user_info: return json_response_error(PARAM_ERROR, msg="the user not exist") # check if right id in db right_list = [int(rid) for rid in data["perm_list"]] right_list = list(set(right_list)) for rid in right_list: if not Right.find_one_right(appname, {"_id": rid}): return json_response_error(PARAM_ERROR, msg="the right id:%s not exist" % rid) group_perm_ids = [] gids = user_info.get("group_id") for gid in gids: group_info = Group.find_one_group(appname, {"_id": gid}, None) if group_info: perm_ids = group_info.get("permission_list") group_perm_ids += perm_ids.get(projectname, []) if group_perm_ids: group_perm_ids = list(set(group_perm_ids)) # update user right info user_right_list = [] for rid in right_list: if rid not in group_perm_ids: user_right_list.append(rid) user_info["permission_list"][projectname] = user_right_list User.update_user(appname, cond, user_info) return json_response_ok({}, msg="update user right success")
def get_check_uids( appname, projectname, applabel, module, action="checked", perm_lc="all"): # get perm id perm_name = '%s-%s-%s' % (applabel, module, action) right_cond = { 'perm_name': perm_name, 'app_name': projectname, "lc": perm_lc} perm = Right.find_one(appname, right_cond) if not perm: _LOGGER.error("the right:%s not exist" % perm_name) #get user who has this right check_ids = [] perm_id = perm["_id"] perm_key = "permission_list.%s" % projectname group_cond = {perm_key: perm_id} groups_info = Group.find(appname, group_cond) group_ids = [i["_id"] for i in groups_info] for gid in group_ids: group_info = user_info(appname, gid) user_ids = [i["id"] for i in group_info] check_ids += user_ids user_cond = {perm_key: perm_id} users_info = User.find(appname, user_cond) user_ids = [i["_id"] for i in users_info] check_ids += user_ids check_ids = list(set(check_ids)) return check_ids
def check_session(appname, module, opname, action, lc, uid): ''' check user right ''' rightids = [] perm_names = ['%s-%s-%s' % (opname, module, action), ] for perm_name in perm_names: perm = Right.find_one_right(appname, {'perm_name': perm_name}) if perm: if perm['_id'] not in rightids: rightids.append(perm['_id']) usr = User.find_one_user({'_id': uid}) usrights = usr['permission_list'] if not usr: return json_response_error(AUTH_ERROR) if usr['is_superuser']: return json_response_ok() usrgroup = usr['group_id'] for group in usrgroup: group_info = Group.find_one_group({'_id': group}) usrights.extend(group_info['permission_list']) for rightid in rightids: if rightid in usrights: return json_response_ok() return json_response_error(AUTH_ERROR)
def user_get(appname, user_id): """ this api is used to view one group Request URL: /auth/user/{gid} HTTP Method:GET Return: Parameters: None { "status":0 "data":{ "item":[ { "id":"2", "role":"admin", "last_login": "******" } } """ fields = {"group_id": 1, "_id": 1, "user_name": 1, "mark": 1} user_info = User.find_one_user(appname, {"_id": user_id}, fields) if user_info: user_info["id"] = user_info["_id"] _LOGGER.info(user_info) return json_response_ok(user_info) else: return json_response_error(PARAM_ERROR, msg="not user:%s" % user_id)
def navigate_list(appname, uid): try: uid = int(uid) except ValueError as expt: _LOGGER.error("get navigate para except:%s", expt) return json_response_error( PARAM_ERROR, msg="uid error,check parameters format") cond = {"_id": uid} user_info = User.find_one_user(appname, cond, None) if not user_info: return json_response_error(PARAM_ERROR, msg="the user not exist") nav = init_navigate_list(appname, uid) data = {} data.setdefault("navigate", nav) return json_response_ok(data)
def user_active(appname, data): """ this api is used to active one user Request URL: /auth/active/user/ HTTP Method:POST Parameters: None Return : { "status":0 "data":{ "is_active":False, "id": 1 } "msg":"" } """ user_id = int(data["id"]) cond = {"_id": user_id} user_info = User.find_one_user(appname, cond) if not user_info: return json_response_error(PARAM_ERROR, msg="the user id not exist") user_data = {"is_active": data["is_active"]} User.update_user(appname, cond, user_data) return json_response_ok(data)
def init_navigate_list(appname, uid): ''' return values like below: [ { "display_value":"环信", "value":"square_console" } ] ''' assert uid cond = {"_id": uid} user_info = User.find_one_user(appname, cond, None) app_names = [] if user_info.get("is_superuser"): app_names = Right.find_right( appname, {}, {"app_name": 1}, toarray=True) else: user_right_info = user_info.get("permission_list") # get user privately-owned right for app_name in user_right_info: if user_right_info.get(app_name): app_names.append(app_name) # get user publicly-owned right gids = user_info.get("group_id") if gids: for gid in gids: group_info = Group.find_one_group(appname, {"_id": gid}, None) if group_info: group_right_info = group_info.get("permission_list") for app_name in group_right_info: if group_right_info.get(app_name): app_names.append(app_name) else: _LOGGER.error("group id:%s error", gid) navigates = [] if app_names: app_names = list(set(app_names)) for app_name in app_names: app_dict = {} app_display = NAV_DICT.get(app_name) app_dict.setdefault("display_value", app_display) app_dict.setdefault("value", app_name) navigates.append(app_dict) return navigates
def menu_list(appname, projectname, uid): uid = int(uid) cond = {"_id": uid} user_info = User.find_one_user(appname, cond, None) if not user_info: return json_response_error(PARAM_ERROR, msg="the user not exist") menu = init_menu_list(appname, projectname, uid) permissions = init_perms_list(appname, projectname, uid) features = init_features(appname, projectname, uid) total_login = user_info.get("total_login") data = {} data.setdefault("menu", menu) data.setdefault("permissions", permissions) if total_login == 2: data.setdefault("need_changepwd", True) else: data.setdefault("need_changepwd", False) data.setdefault("features", features) return json_response_ok(data)
def user_right_get(appname, projectname, uid): """ this api is used to get user perm list Request URL: /auth/user/{uid} HTTP Method:POST Parameters: { "group_name":"xxx", "perm_list":[1,2,3,4] } Return : { "status":0 "data":{} "msg":"modify successfully" } """ cond = {"_id": uid} user_info = User.find_one_user(appname, cond, None) if not user_info: return json_response_error(PARAM_ERROR, msg="the user not exist") right_ids = [] disable_right_ids = [] if user_info: gids = user_info.get("group_id") user_perm_ids = user_info.get("permission_list") right_ids += user_perm_ids.get(projectname, []) for gid in gids: group_info = Group.find_one_group(appname, {"_id": gid}, None) if group_info: perm_ids = group_info.get("permission_list") perm_ids = perm_ids.get(projectname, []) right_ids.extend(perm_ids) disable_right_ids.extend(perm_ids) if right_ids: right_ids = list(set(right_ids)) if disable_right_ids: disable_right_ids = list(set(disable_right_ids)) rights = {} rights.setdefault("perm_list", right_ids) rights.setdefault("disable_list", disable_right_ids) rights.setdefault("id", uid) return json_response_ok(rights)
def get_perms_by_uid(appname, projectname, uid, perm_type="module"): right_ids = [] cond = {"_id": uid} user_info = User.find_one_user(appname, cond, None) perm_cond = {"app_name": projectname, "perm_type": perm_type} if user_info.get("is_superuser"): return Right.find_right(appname, perm_cond, {"_id": 1}, toarray=True) else: user_right_info = user_info.get("permission_list") right_ids = user_right_info.get(projectname, []) gids = user_info.get("group_id") if gids: for gid in gids: group_info = Group.find_one_group(appname, {"_id": gid}, None) if group_info: group_right_info = group_info.get("permission_list") right_ids += group_right_info.get(projectname, []) if right_ids: right_ids = list(set(right_ids)) return get_perms_by_ids(appname, projectname, right_ids, perm_type)
def user_info(appname, gid): """ get user info by group id Parameters : groupid Return : { "items":[ { "id":2, "user_name":"*****@*****.**", "role":[19,20,21,22], "last_login":"******", "total_login": 2, "mark": "" }, { "id":2, "user_name":"*****@*****.**", "role":[19,20,21,22], "last_login":"******", "total_login": 2, "mark": "" } ] } """ cond = {"group_id": gid} fields = {"password": 0, "super": 0, "permission_list": 0, "department": 0, "is_superuser": 0} sort = [("last_login", -1)] user_cursor = User.find_users(appname, cond, fields).sort(sort) users = [] for item in user_cursor: item["id"] = item.pop("_id") item["last_login"] = unixto_string(item.get("last_login")) item["role"] = get_role(appname, item["group_id"]) users.append(item) return users
def user_supervise(appname, uid): user_check = User.find_one_user(appname, {"_id": int(uid)}, None) if not user_check or not user_check["is_superuser"]: return False return True