def add_service_perm(self, current_user, user_id, tenant, service,
identity):
if current_user.user_id == user_id:
return 409, u"不能给自己添加应用权限", None
user = user_repo.get_user_by_user_id(user_id)
if not user:
return 404, "用户{0}不存在".format(user_id), None
service_perm = service_perm_repo.get_service_perm_by_user_pk(
service.ID, user_id)
if service_perm:
return 409, "用户{0}已有权限,无需添加".format(user.nick_name), None
service_perm = service_perm_repo.add_service_perm(
user_id, service.ID, identity)
perm_tenant = perms_repo.get_user_tenant_perm(tenant.ID, user_id)
enterprise = None
try:
enterprise = enterprise_repo.get_enterprise_by_enterprise_id(
tenant.enterprise_id)
except Exception as e:
pass
if not perm_tenant:
perm_info = {
"user_id": user.user_id,
"tenant_id": tenant.ID,
"identity": "access",
"enterprise_id": enterprise.ID if enterprise else 0
}
perm_tenant = perms_repo.add_user_tenant_perm(perm_info)
logger.debug("service_perm {0} , perm_tenant {1}".format(
service_perm, perm_tenant))
return 200, "已向用户{0}授权".format(user.nick_name), service_perm
def add_user_service_perm(self, current_user, user_list, tenant, service,
perm_list):
"""添加用户在一个应用中的权限"""
if current_user.user_id in user_list:
return 409, u"不能给自己添加应用权限", None
for user_id in user_list:
user = user_repo.get_user_by_user_id(user_id)
if not user:
return 404, "用户{0}不存在".format(user_id), None
service_perm = service_perm_repo.get_service_perm_by_user_pk_service_pk(
service_pk=service.ID, user_pk=user_id)
if service_perm:
return 409, "用户{0}已有权限,无需添加".format(user.nick_name), None
service_perm_repo.add_user_service_perm(user_ids=user_list,
service_pk=service.ID,
perm_ids=perm_list)
enterprise = None
try:
enterprise = enterprise_repo.get_enterprise_by_enterprise_id(
tenant.enterprise_id)
except Exception as e:
logger.exception(e)
pass
for user_id in user_list:
perm_tenant = perms_repo.get_user_tenant_perm(tenant.ID, user_id)
if not perm_tenant:
perm_info = {
"user_id": user_id,
"tenant_id": tenant.ID,
"role_id": role_repo.get_role_id_by_role_name("viewer"),
"enterprise_id": enterprise.ID if enterprise else 0
}
perm_tenant = perms_repo.add_user_tenant_perm(perm_info)
return 200, "添加用户应用权限成功", None
def post(self, request, *args, **kwargs):
"""
注册用户、需要先访问captcha路由来获取验证码
---
parameters:
- name: user_name
description: 用户名
required: true
type: string
paramType: body
- name: email
description: 邮箱
required: true
type: string
paramType: body
- name: password
description: 密码,最少八位
required: true
type: string
paramType: body
- name: password_repeat
description: 确认密码
required: true
type: string
paramType: body
- name: captcha_code
description: 验证码
required: true
type: string
paramType: body
- name: register_type
description: 注册方式 暂: 邀请注册 invitation 其它方式暂无 有拓展再修改
required: false
type: string
paramType: body
- name: value
description: 数值 此处需要 team_id
required: false
type: string
paramType: body
- name: enter_name
description: 企业名称
required: false
type: string
paramType: body
"""
try:
import copy
querydict = copy.copy(request.data)
captcha_code = request.session.get("captcha_code")
querydict.update({u'real_captcha_code': captcha_code})
client_ip = request.META.get("REMOTE_ADDR", None)
register_form = RegisterForm(querydict)
if register_form.is_valid():
nick_name = register_form.cleaned_data["user_name"]
email = register_form.cleaned_data["email"]
password = register_form.cleaned_data["password"]
# 创建一个用户
user_info = dict()
user_info["email"] = email
user_info["nick_name"] = nick_name
user_info["client_ip"] = client_ip
user_info["is_active"] = 1
user = Users(**user_info)
user.set_password(password)
user.save()
enterprise = enterprise_services.get_enterprise_first()
if not enterprise:
enter_name = request.data.get("enter_name", None)
enterprise = enterprise_services.create_enterprise(
enter_name, enter_name)
# 创建用户在企业的权限
user_services.make_user_as_admin_for_enterprise(
user.user_id, enterprise.enterprise_id)
user.enterprise_id = enterprise.enterprise_id
user.save()
if Users.objects.count() == 1:
SuperAdminUser.objects.create(user_id=user.user_id)
enterprise = enterprise_services.get_enterprise_first()
register_type = request.data.get("register_type", None)
value = request.data.get("value", None)
if register_type == "invitation":
perm = perms_repo.add_user_tenant_perm(
perm_info={
"user_id": user.user_id,
"tenant_id": value,
"identity": "viewer",
"enterprise_id": enterprise.ID
})
if not perm:
result = general_message(400, "invited failed",
"团队关联失败,注册失败")
return Response(result, status=400)
data = dict()
data["user_id"] = user.user_id
data["nick_name"] = user.nick_name
data["email"] = user.email
data["enterprise_id"] = user.enterprise_id
payload = jwt_payload_handler(user)
token = jwt_encode_handler(payload)
data["token"] = token
result = general_message(200,
"register success",
"注册成功",
bean=data)
response = Response(result, status=200)
return response
else:
error = {
"error":
list(json.loads(
register_form.errors.as_json()).values())[0][0].get(
"message", "参数错误")
}
result = general_message(400, "failed",
"{}".format(error["error"]))
return Response(result, status=400)
except Exception as e:
logger.exception(e)
result = error_message(e.message)
return Response(result, status=500)
def test_list_users_by_tenant_id():
from console.services.user_services import user_services
from console.repositories.team_repo import team_repo
from console.repositories.perm_repo import perms_repo
from console.repositories.user_repo import user_repo
eid = "bb2f17abc58b328374351e9c92abd400"
tenant_id = "374351e9c92abd400bb2f17abc58b328"
params = {
"tenant_id": tenant_id,
"tenant_name": "xxxxxxxx",
"creater": 1,
"region": "rainbond",
"tenant_alias": "foobar team",
"enterprise_id": eid,
}
team = team_repo.create_tenant(**params)
userinfo = [{
"nick_name": "foo",
"email": "*****@*****.**",
"password": "******",
"eid": eid
}, {
"nick_name": "bar",
"email": "*****@*****.**",
"password": "******",
"eid": eid
}, {
"nick_name": "dummy",
"email": "*****@*****.**",
"password": "******",
"eid": eid
}]
for item in userinfo:
user = user_services.create(item)
perminfo = {
"user_id": user.user_id,
"tenant_id": team.ID,
"identity": "owner",
"enterprise_id": 1
}
perms_repo.add_user_tenant_perm(perminfo)
testcases = [
{
"tenant_id": tenant_id,
"query": "",
"page": None,
"size": None,
"count": 3,
"user_id": 1
},
{
"tenant_id": tenant_id,
"query": "bar",
"page": None,
"size": None,
"count": 1,
"user_id": 2
},
{
"tenant_id": tenant_id,
"query": "*****@*****.**",
"page": None,
"size": None,
"count": 1,
"user_id": 1
},
{
"tenant_id": tenant_id,
"query": "",
"page": 2,
"size": 2,
"count": 1,
"user_id": 3
},
{
"tenant_id": tenant_id,
"query": "nothing",
"page": None,
"size": None,
"count": 0,
"user_id": 0
},
{
"tenant_id": tenant_id,
"query": "",
"page": -1,
"size": None,
"count": 3,
"user_id": 1
},
]
for tc in testcases:
result = user_repo.list_users_by_tenant_id(tc["tenant_id"],
tc["query"], tc["page"],
tc["size"])
print result
assert len(result) == tc["count"]
if len(result) > 0:
assert result[0].get("user_id") == tc["user_id"]
def add_user_tenant_perm(self, perm_info):
return perms_repo.add_user_tenant_perm(perm_info=perm_info)
def post(self, request, *args, **kwargs):
"""
新建团队
---
parameters:
- name: team_alias
description: 团队名
required: true
type: string
paramType: body
- name: useable_regions
description: 可用数据中心 ali-sh,ali-hz
required: false
type: string
paramType: body
"""
try:
user = request.user
team_alias = request.data.get("team_alias", None)
useable_regions = request.data.get("useable_regions", "")
regions = []
if not team_alias:
result = general_message(400, "failed", "团队名不能为空")
return Response(result, status=400)
if useable_regions:
regions = useable_regions.split(",")
if Tenants.objects.filter(tenant_alias=team_alias).exists():
result = general_message(400, "failed", "该团队名已存在")
return Response(result, status=400)
else:
enterprise = enterprise_services.get_enterprise_first()
code, msg, team = team_services.add_team(team_alias=team_alias,
user=user,
region_names=regions)
if team:
perm = perms_repo.add_user_tenant_perm(
perm_info={
"user_id": user.user_id,
"tenant_id": team.ID,
"identity": "owner",
"enterprise_id": enterprise.ID
})
if not perm:
result = general_message(400, "invited failed",
"团队关联失败,注册失败")
return Response(result, status=400)
if code == "200":
data = {
"team_name": team.tenant_name,
"team_id": team.tenant_id,
"team_ID": team.ID,
"team_alisa": team.tenant_alias,
"creater": team.creater,
"user_num": 1,
"enterprise_id": team.enterprise_id
}
result = general_message(code,
"create new team success",
"新建团队成功",
bean=data)
return Response(result, status=code)
else:
result = general_message(code, 'failed', msg_show=msg)
return Response(result, status=code)
except TenantExistError as e:
logger.exception(e)
code = 400
result = general_message(code, "team already exists", "该团队已存在")
return Response(result, status=code)
except NoEnableRegionError as e:
logger.exception(e)
code = 400
result = general_message(code, "no enable region", "无可用数据中心")
return Response(result, status=code)
except Exception as e:
logger.exception(e)
result = error_message(e.message)
return Response(result, status=500)
