Python get_user_perm_identitys_in_permtenantの例、console.services.team_services.team_services.get_user_perm_identitys_in_permtenant Pythonの例

コード例 #1

0

ファイルを表示

ファイル: app_manage.py プロジェクト: jangocheng/rainbond-console

    def delete(self, request, *args, **kwargs):
        """
        二次确认删除应用
        ---
        parameters:
            - name: tenantName
              description: 租户名
              required: true
              type: string
              paramType: path
            - name: service_id
              description: 应用id
              required: true
              type: string
              paramType: form
        """
        service_id = request.data.get("service_id", None)
        identitys = team_services.get_user_perm_identitys_in_permtenant(
            user_id=self.user.user_id, tenant_name=self.tenant_name)
        perm_tuple = team_services.get_user_perm_in_tenant(user_id=self.user.user_id, tenant_name=self.tenant_name)
        if "delete_service" not in perm_tuple and "owner" not in identitys and "admin" \
                not in identitys and "developer" not in identitys:
            return Response(general_message(400, "Permission denied", "没有删除应用权限"), status=400)
        service = service_repo.get_service_by_service_id(service_id)
        code, msg = app_manage_service.delete_again(self.user, self.tenant, service, is_force=True)
        bean = {}
        if code != 200:
            return Response(general_message(code, "delete service error", msg, bean=bean), status=code)
        result = general_message(code, "success", "操作成功", bean=bean)

        return Response(result, status=result["code"])

コード例 #2

0

ファイルを表示

 def get(self, request, team_name, *args, **kwargs):
     """
     退出当前团队
     ---
     parameters:
         - name: team_name
           description: 当前所在的团队
           required: true
           type: string
           paramType: path
     """
     if "owner" in team_services.get_user_perm_identitys_in_permtenant(
             user_id=request.user.user_id, tenant_name=team_name):
         result = general_message(409, "not allow exit.",
                                  "您是当前团队最高管理员，不能退出此团队")
     else:
         try:
             code, msg_show = team_services.exit_current_team(
                 team_name=team_name, user_id=request.user.user_id)
             if code == 200:
                 result = general_message(code=code,
                                          msg="success",
                                          msg_show=msg_show)
             else:
                 result = general_message(code=code,
                                          msg="failed",
                                          msg_show=msg_show)
         except Exception as e:
             logger.exception(e)
             result = error_message(e.message)
     return Response(result, status=result["code"])

コード例 #3

0

ファイルを表示

 def put(self, request, team_name, *args, **kwargs):
     """管理员审核用户"""
     try:
         # 判断角色
         identity_list = team_services.get_user_perm_identitys_in_permtenant(
             user_id=request.user.user_id, tenant_name=team_name)
         if "owner" or "admin" in identity_list:
             user_id = request.data.get("user_id")
             action = request.data.get("action")
             join = apply_repo.get_applicants_by_id_team_name(
                 user_id=user_id, team_name=team_name)
             if action is True:
                 join.update(is_pass=1)
                 team = team_repo.get_team_by_team_name(team_name=team_name)
                 team_services.add_user_to_team_by_viewer(tenant=team,
                                                          user_id=user_id)
                 return Response(general_message(200, "join success",
                                                 "加入成功"),
                                 status=200)
             else:
                 join.update(is_pass=2)
                 return Response(general_message(200, "join rejected",
                                                 "拒绝成功"),
                                 status=200)
     except Exception as e:
         logger.exception(e)
         result = error_message(e.message)
         return Response(result, status=result["code"])

コード例 #4

0

ファイルを表示

ファイル: app_manage.py プロジェクト: akingde/rainbond-ui

    def post(self, request, *args, **kwargs):
        """
        批量操作服务
        ---
        parameters:
            - name: tenantName
              description: 租户名
              required: true
              type: string
              paramType: path
            - name: action
              description: 操作名称 stop| start|restart
              required: true
              type: string
              paramType: form
            - name: service_ids
              description: 批量操作的服务ID 多个以英文逗号分隔
              required: true
              type: string
              paramType: form

        """
        try:
            action = request.data.get("action", None)
            service_ids = request.data.get("service_ids", None)
            if action not in ("stop", "start", "restart"):
                return Response(general_message(400, "param error", "操作类型错误"),
                                status=400)
            identitys = team_services.get_user_perm_identitys_in_permtenant(
                user_id=self.user.user_id, tenant_name=self.tenant_name)
            perm_tuple = team_services.get_user_perm_in_tenant(
                user_id=self.user.user_id, tenant_name=self.tenant_name)

            if action == "stop":
                if "stop_service" not in perm_tuple and "owner" not in identitys and "admin" not in identitys and "developer" not in identitys:
                    return Response(general_message(400, "Permission denied",
                                                    "没有关闭应用权限"),
                                    status=400)
            if action == "start":
                if "start_service" not in perm_tuple and "owner" not in identitys and "admin" not in identitys and "developer" not in identitys:
                    return Response(general_message(400, "Permission denied",
                                                    "没有启动应用权限"),
                                    status=400)
            if action == "restart":
                if "restart_service" not in perm_tuple and "owner" not in identitys and "admin" not in identitys and "developer" not in identitys:
                    return Response(general_message(400, "Permission denied",
                                                    "没有重启应用权限"),
                                    status=400)

            service_id_list = service_ids.split(",")
            code, msg = app_manage_service.batch_action(
                self.tenant, self.user, action, service_id_list)
            if code != 200:
                result = general_message(code, "batch manage error", msg)
            else:
                result = general_message(200, "success", "操作成功")
        except Exception as e:
            logger.exception(e)
            result = error_message(e.message)
        return Response(result, status=result["code"])

コード例 #5

0

ファイルを表示

    def list_users_by_tenant_id(self, tenant_id, page=None, size=None, query=""):
        result = user_repo.list_users_by_tenant_id(tenant_id, query=query, page=page, size=size)
        users = []
        for item in result:
            # 获取一个用户在一个团队中的身份列表
            perms_identitys = team_services.get_user_perm_identitys_in_permtenant(
                user_id=item.get("user_id"), tenant_name=tenant_id)
            # 获取一个用户在一个团队中的角色ID列表
            perms_role_list = team_services.get_user_perm_role_id_in_permtenant(
                user_id=item.get("user_id"), tenant_name=tenant_id)

            role_infos = []

            for identity in perms_identitys:
                if identity == "access":
                    role_infos.append({"role_name": identity, "role_id": None})
                else:
                    role_id = role_repo.get_role_id_by_role_name(identity)
                    role_infos.append({"role_name": identity, "role_id": role_id})
            for role in perms_role_list:
                role_name = role_repo.get_role_name_by_role_id(role)
                role_infos.append({"role_name": role_name, "role_id": role})

            users.append({
                "user_id": item.get("user_id"),
                "nick_name": item.get("nick_name"),
                "email": item.get("email"),
                "phone": item.get("phone"),
                "is_active": item.get("is_active"),
                "enterprise_id": item.get("enterprise_id"),
                "role_infos": role_infos,
            })

        total = user_repo.count_users_by_tenant_id(tenant_id, query=query)
        return users, total

コード例 #6

0

ファイルを表示

 def get(self, request, team_name, *args, **kwargs):
     """
     获取某团队下的所有用户(每页展示八个用户)
     ---
     parameters:
         - name: team_name
           description: 团队名称
           required: true
           type: string
           paramType: path
         - name: page
           description: 页数
           required: true
           type: string
           paramType: query
     """
     try:
         code = 200
         page = request.GET.get("page", 1)
         user_list = team_services.get_tenant_users_by_tenant_name(
             tenant_name=team_name)
         users_list = list()
         for user in user_list:
             perms_list = team_services.get_user_perm_identitys_in_permtenant(
                 user_id=user.user_id, tenant_name=team_name)
             users_list.append({
                 "user_id": user.user_id,
                 "user_name": user.nick_name,
                 "email": user.email,
                 "identity": perms_list
             })
         paginator = Paginator(users_list, 8)
         try:
             users = paginator.page(page).object_list
         except PageNotAnInteger:
             users = paginator.page(1).object_list
         except EmptyPage:
             users = paginator.page(paginator.num_pages).object_list
         result = general_message(code,
                                  "team members query success",
                                  "查询成功",
                                  list=users,
                                  total=paginator.count)
     except UserNotExistError as e:
         code = 400
         logger.exception(e)
         result = general_message(code, "user not exist", e.message)
     except TenantNotExistError as e:
         code = 400
         logger.exception(e)
         result = general_message(code, "tenant not exist",
                                  "{}团队不存在".format(team_name))
     except Exception as e:
         code = 500
         logger.exception(e)
         result = general_message(code, "system error", "系统异常")
     return Response(data=result, status=code)

コード例 #7

0

ファイルを表示

    def get(self, request, team_name, *args, **kwargs):
        """
        获取团队详情
        ---
        parameters:
            - name: team_name
              description: team name
              required: true
              type: string
              paramType: path
        """
        try:

            tenant = team_services.get_tenant_by_tenant_name(team_name)
            if not tenant:
                return Response(general_message(404, "team not exist", "团队{0}不存在".format(team_name)), status=404)
            user_team_perm = team_services.get_user_perms_in_permtenant(self.user.user_id, team_name)
            tenant_info = dict()
            team_region_list = region_services.get_region_list_by_team_name(request=request,
                                                                            team_name=team_name)
            p = PermActions()
            tenant_info["team_id"] = tenant.ID
            tenant_info["team_name"] = tenant.tenant_name
            tenant_info["team_alias"] = tenant.tenant_alias
            tenant_info["limit_memory"] = tenant.limit_memory
            tenant_info["pay_level"] = tenant.pay_level
            tenant_info["region"] = team_region_list
            tenant_info["creater"] = tenant.creater
            tenant_info["create_time"] = tenant.create_time

            if not user_team_perm:
                if not self.user.is_sys_admin and team_name != "grdemo":
                    return Response(general_message(403, "you right to see this team", "您无权查看此团队"), 403)
            else:
                perms_list = team_services.get_user_perm_identitys_in_permtenant(user_id=self.user.user_id,
                                                                                 tenant_name=tenant.tenant_name)
                role_name_list = team_services.get_user_perm_role_in_permtenant(user_id=self.user.user_id,
                                                                                tenant_name=tenant.tenant_name)

                role_perms_tuple = team_services.get_user_perm_in_tenant(user_id=self.user.user_id,
                                                                         tenant_name=tenant.tenant_name)

                tenant_actions = ()
                tenant_info["identity"] = perms_list + role_name_list
                if perms_list:
                    final_identity = get_highest_identity(perms_list)
                    perms = p.keys('tenant_{0}_actions'.format(final_identity))
                    tenant_actions += perms
                tenant_actions += role_perms_tuple
                tenant_info["tenant_actions"] = tuple(set(tenant_actions))

            return Response(general_message(200, "success", "查询成功", bean=tenant_info), status=200)

        except Exception as e:
            logger.exception(e)
            result = error_message(e.message)
            return Response(result, status=result["code"])

コード例 #8

0

ファイルを表示

    def get(self, request, team_name, *args, **kwargs):
        """
        退出当前团队
        ---
        parameters:
            - name: team_name
              description: 当前所在的团队
              required: true
              type: string
              paramType: path
        """

        identity_list = team_services.get_user_perm_identitys_in_permtenant(
            user_id=request.user.user_id, tenant_name=team_name)

        role_name_list = team_services.get_user_perm_role_in_permtenant(
            user_id=request.user.user_id, tenant_name=team_name)

        if "owner" in identity_list:
            result = general_message(409, "not allow exit.",
                                     "您是当前团队创建者，不能退出此团队")
            return Response(result, status=409)
        if "admin" in identity_list:
            result = general_message(409, "not allow exit.",
                                     "您是当前团队管理员，不能退出此团队")
            return Response(result, status=409)

        if "owner" in role_name_list:
            result = general_message(409, "not allow exit.",
                                     "您是当前团队创建者，不能退出此团队")
            return Response(result, status=409)
        if "admin" in role_name_list:
            result = general_message(409, "not allow exit.",
                                     "您是当前团队管理员，不能退出此团队")
            return Response(result, status=409)

        try:
            if request.user.nick_name == "rainbond-demo" and team_name == "a5qw69mz":
                return Response(general_message(403, "permission denied!",
                                                "您无法退出此团队"),
                                status=403)

            code, msg_show = team_services.exit_current_team(
                team_name=team_name, user_id=request.user.user_id)
            if code == 200:
                result = general_message(code=code,
                                         msg="success",
                                         msg_show=msg_show)
            else:
                result = general_message(code=code,
                                         msg="failed",
                                         msg_show=msg_show)
        except Exception as e:
            logger.exception(e)
            result = error_message(e.message)
        return Response(result, status=result["code"])

コード例 #9

0

ファイルを表示

def check_perm(perm, user, tenantName=None, serviceAlias=None):
    if isinstance(user, AnonymousUser):
        raise PermissionDenied('this resource need login status', redirect_url='/login')

    if tenantName is None:
        raise UrlParseError(500, 'tenantName is None')

    if not hasattr(user, 'actions'):
        user.actions = UserActions()

        p = PermActions()

        try:
            tenant = Tenants.objects.get(tenant_name=tenantName)
            identitys = team_services.get_user_perm_identitys_in_permtenant(user_id=user.pk, tenant_name=tenant.tenant_name)
            role_id_list = team_services.get_user_perm_role_id_in_permtenant(user_id=user.pk, tenant_name=tenant.tenant_name)
            if not identitys and not role_id_list:
                raise PermRelTenant.DoesNotExist

            tenant_actions_tuple = ()
            if identitys:
                tenant_identity = get_highest_identity(identitys)
                tenant_actions = p.keys('tenant_{0}_actions'.format(tenant_identity))
                tenant_actions_tuple += tenant_actions
            if role_id_list:
                for role_id in role_id_list:
                    perm_tuple = role_perm_repo.get_perm_by_role_id(role_id=role_id)
                    tenant_actions_tuple += perm_tuple
            user.actions.set_actions('tenant', tuple(set(tenant_actions_tuple)))

            if serviceAlias is not None:
                service = TenantServiceInfo.objects.get(tenant_id=tenant.tenant_id, service_alias=serviceAlias)
                user_service_perms_id_list = ServiceRelPerms.objects.filter(
                    user_id=user.pk, service_id=service.pk).values_list(
                        "perm_id", flat=True)
                perm_codename_list = role_perm_repo.get_perm_list_by_perm_id_list(perm_id_list=user_service_perms_id_list)
                user.actions.set_actions('service', perm_codename_list)
        except Tenants.DoesNotExist:
            raise UrlParseError(404, 'no matching tenantName for {0}'.format(tenantName))
        except TenantServiceInfo.DoesNotExist:
            raise UrlParseError(404, 'no matching serviceAlias for {0}'.format(serviceAlias))
        except PermRelTenant.DoesNotExist:
            tenant = Tenants.objects.filter(tenant_name=tenantName)[0]
            if not user.is_sys_admin and tenantName != "grdemo":
                raise UrlParseError(403, 'no permissions for user {0} on tenant {1}'.format(user.nick_name, tenant.tenant_name))
            user.actions.set_actions('tenant', p.keys('tenant_viewer_actions'))
        except PermRelService.DoesNotExist:
            pass

    # if user.is_sys_admin:
    #     return True

    if perm in user.actions:
        return True
    raise BusinessException(Response(general_message(403, "you don't have enough permissions", "您无权限执行此操作"), status=403))

コード例 #10

0

ファイルを表示

    def post(self, request, team_name, *args, **kwargs):
        """
        修改团队名
        ---
        parameters:
            - name: team_name
              description: 旧团队名
              required: true
              type: string
              paramType: path
            - name: new_team_alias
              description: 新团队名
              required: true
              type: string
              paramType: body
        """
        try:
            perms = team_services.get_user_perm_identitys_in_permtenant(
                user_id=request.user.user_id, tenant_name=team_name)
            perm_tuple = team_services.get_user_perm_in_tenant(
                user_id=request.user.user_id, tenant_name=team_name)

            no_auth = True

            if "owner" in perms or "modify_team_name" in perm_tuple:
                no_auth = False

            if no_auth:
                code = 400
                result = general_message(code, "no identity", "权限不足不能修改团队名")
            else:
                new_team_alias = request.data.get("new_team_alias", "")
                if new_team_alias:
                    try:
                        code = 200
                        team = team_services.update_tenant_alias(
                            tenant_name=team_name,
                            new_team_alias=new_team_alias)
                        result = general_message(code,
                                                 "update success",
                                                 "团队名修改成功",
                                                 bean=team.to_dict())
                    except Exception as e:
                        code = 500
                        result = general_message(code, "update failed",
                                                 "团队名修改失败")
                        logger.exception(e)
                else:
                    result = general_message(400, "failed", "修改的团队名不能为空")
                    code = 400
        except Exception as e:
            code = 500
            result = general_message(code, "update failed", "团队名修改失败")
            logger.exception(e)
        return Response(result, status=code)

コード例 #11

0

ファイルを表示

    def get(self, request, *args, **kwargs):
        """
        团队管理员可以获取公有云的数据中心列表
        ---
        parameters:
            - name: enterprise_id
              description: 企业id
              required: true
              type: string
              paramType: path
            - name: team_name
              description: 当前团队名字
              required: true
              type: string
              paramType: query
        """
        try:
            team_name = request.GET.get("team_name", None)
            if not team_name:
                return Response(general_message(400, "params error", "参数错误"),
                                status=400)
            perm_list = team_services.get_user_perm_identitys_in_permtenant(
                user_id=request.user.user_id, tenant_name=team_name)

            role_name_list = team_services.get_user_perm_role_in_permtenant(
                user_id=request.user.user_id, tenant_name=team_name)
            perm = "owner" not in perm_list and "admin" not in perm_list
            if perm and "owner" not in role_name_list and "admin" not in role_name_list:
                code = 400
                result = general_message(code, "no identity",
                                         "您不是owner或admin，没有权限做此操作")
                return Response(result, status=code)

            team = team_services.get_tenant_by_tenant_name(
                tenant_name=team_name, exception=True)
            res, data = market_api.get_public_regions_list(
                tenant_id=team.tenant_id, enterprise_id=team.enterprise_id)
            if res["status"] == 200:
                code = 200
                result = general_message(
                    code,
                    "query the data center is successful.",
                    "公有云数据中心获取成功",
                    list=data)
            else:
                code = 400
                result = general_message(code,
                                         msg="query the data center failed",
                                         msg_show="公有云数据中心获取失败")
        except Exception as e:
            code = 500
            logger.exception(e)
            result = error_message(e.message)
        return Response(result, status=code)

コード例 #12

0

ファイルを表示

ファイル: user.py プロジェクト: sunshine2995/console

    def post(self, request, team_name, *args, **kwargs):
        """
        移交团队管理权
        ---
        parameters:
            - name: team_name
              description: 团队名
              required: true
              type: string
              paramType: path
            - name: user_name
              description: 被赋予权限的用户名
              required: true
              type: string
              paramType: body
        """
        try:
            perm_list = team_services.get_user_perm_identitys_in_permtenant(
                user_id=request.user.user_id, tenant_name=team_name)
            role_list = team_services.get_user_perm_role_in_permtenant(
                user_id=request.user.user_id, tenant_name=team_name)

            no_auth = "owner" not in perm_list and "owner" not in role_list

            if no_auth:
                code = 400
                result = general_message(code, "no identity", "你不是最高管理员")
            else:
                user_name = request.data.get("user_name", None)
                other_user = user_services.get_user_by_username(
                    user_name=user_name)
                if other_user.nick_name != user_name:
                    code = 400
                    result = general_message(code, "identity modify failed",
                                             "{}不能修改自己的权限".format(user_name))
                else:
                    code, msg = team_services.change_tenant_admin(
                        user_id=request.user.user_id,
                        other_user_id=other_user.user_id,
                        tenant_name=team_name)
                    if code == 200:
                        result = general_message(code,
                                                 "identity modify success",
                                                 msg)
                    else:
                        result = general_message(code, "Authorization failure",
                                                 "授权失败")
        except Exception as e:
            code = 500
            result = error_message(e.message)
            logger.exception(e)
        return Response(result, status=code)

コード例 #13

0

ファイルを表示

 def get(self, request, team_name, *args, **kwargs):
     """
     初始化团队和数据中心信息
     ---
     parameters:
         - name: team_name
           description: 团队别名
           required: true
           type: string
           paramType: path
         - name: page_num
           description: 页码
           required: false
           type: string
           paramType: query
         - name: page_size
           description: 每页数量
           required: false
           type: string
           paramType: query
     """
     try:
         # 判断角色
         identity_list = team_services.get_user_perm_identitys_in_permtenant(
             user_id=request.user.user_id, tenant_name=team_name)
         page_num = int(request.GET.get("page_num", 1))
         page_size = int(request.GET.get("page_size", 5))
         rt_list = []
         total = 0
         # 是管理员
         if "owner" or "admin" in identity_list:
             # 查询申请用户
             applicants = apply_repo.get_applicants(team_name=team_name)
             for applicant in applicants:
                 is_pass = applicant.is_pass
                 if is_pass == 0:
                     rt_list.append(applicant.to_dict())
             apc_paginator = JuncheePaginator(rt_list, int(page_size))
             total = apc_paginator.count
             page_aplic = apc_paginator.page(page_num)
             rt_list = [apc for apc in page_aplic]
         # 返回
         result = general_message(200,
                                  "success",
                                  "查询成功",
                                  list=rt_list,
                                  total=total)
     except Exception as e:
         logger.exception(e)
         result = error_message(e.message)
     return Response(result, status=result["code"])

コード例 #14

0

ファイルを表示

 def get(self, request, *args, **kwargs):
     """
     查询我的详情
     ---
     """
     try:
         p = PermActions()
         code = 200
         user = self.user
         user.actions = UserActions()
         tenants = team_services.get_current_user_tenants(
             user_id=user.user_id)
         user_detail = dict()
         user_detail["user_id"] = user.user_id
         user_detail["user_name"] = user.nick_name
         user_detail["email"] = user.email
         user_detail["enterprise_id"] = user.enterprise_id
         user_detail["phone"] = user.phone
         user_detail["git_user_id"] = user.git_user_id
         tenant_list = list()
         for tenant in tenants:
             tenant_info = dict()
             team_region_list = region_services.get_region_list_by_team_name(
                 request=request, team_name=tenant.tenant_name)
             tenant_info["team_id"] = tenant.ID
             tenant_info["team_name"] = tenant.tenant_name
             tenant_info["team_alias"] = tenant.tenant_alias
             tenant_info["limit_memory"] = tenant.limit_memory
             tenant_info["pay_level"] = tenant.pay_level
             tenant_info["region"] = team_region_list
             tenant_info["creater"] = tenant.creater
             tenant_info["create_time"] = tenant.create_time
             perms_list = team_services.get_user_perm_identitys_in_permtenant(
                 user_id=user.user_id, tenant_name=tenant.tenant_name)
             final_identity = perms.get_highest_identity(perms_list)
             tenant_info["identity"] = final_identity
             tenant_actions = p.keys(
                 'tenant_{0}_actions'.format(final_identity))
             user.actions.set_actions('tenant', tenant_actions)
             tenant_info["tenant_actions"] = user.actions.tenant_actions
             tenant_list.append(tenant_info)
         user_detail["teams"] = tenant_list
         result = general_message(code,
                                  "Obtain my details to be successful.",
                                  "获取我的详情成功",
                                  bean=user_detail)
     except Exception as e:
         code = 500
         logger.exception(e)
         result = error_message(e.message)
     return Response(result, status=code)

コード例 #15

0

ファイルを表示

    def delete(self, request, team_name, *args, **kwargs):
        """
        删除当前团队
        ---
        parameters:
            - name: team_name
              description: 要删除的团队
              required: true
              type: string
              paramType: path
        """
        code = 200

        identity_list = team_services.get_user_perm_identitys_in_permtenant(
            user_id=request.user.user_id, tenant_name=team_name)
        perm_tuple = team_services.get_user_perm_in_tenant(
            user_id=request.user.user_id, tenant_name=team_name)
        team = team_services.get_tenant_by_tenant_name(team_name)
        if not user_services.is_user_admin_in_current_enterprise(
                request.user, team.enterprise_id):
            if "owner" not in identity_list and "drop_tenant" not in perm_tuple:
                code = 400
                result = general_message(code, "no identity",
                                         "您不是最高管理员，不能删除团队")
                return Response(result, status=code)
        try:
            service_count = team_services.get_team_service_count_by_team_name(
                team_name=team_name)
            if service_count >= 1:
                result = general_message(400, "failed", "当前团队内有应用,不可以删除")
                return Response(result, status=400)
            status = team_services.delete_tenant(tenant_name=team_name)
            if not status:
                result = general_message(code, "delete a tenant successfully",
                                         "删除团队成功")
            else:
                code = 400
                result = general_message(code, "delete a tenant failed",
                                         "删除团队失败")
        except Tenants.DoesNotExist as e:
            code = 400
            logger.exception(e)
            result = generate_result(code, "tenant not exist",
                                     "{}团队不存在".format(team_name))
        except Exception as e:
            code = 500
            result = general_message(code, "sys exception", "系统异常")
            logger.exception(e)
        return Response(result, status=code)

コード例 #16

0

ファイルを表示

 def get(self, request, team_name, user_name, *args, **kwargs):
     """
     用户详情
     ---
     parameters:
         - name: team_name
           description: 团队名
           required: true
           type: string
           paramType: path
         - name: user_name
           description: 用户名
           required: true
           type: string
           paramType: path
     """
     try:
         # u, perms = user_services.get_user_detail(tenant_name=team_name, nick_name=user_name)
         team = team_services.get_tenant_by_tenant_name(team_name)
         is_user_enter_amdin = user_services.is_user_admin_in_current_enterprise(
             self.user, team.enterprise_id)
         perms = team_services.get_user_perm_identitys_in_permtenant(
             self.user.user_id, team_name)
         role_list = team_services.get_user_perm_role_in_permtenant(
             user_id=self.user.user_id, tenant_name=team_name)
         # teams = [{"team_identity": perm.identity} for perm in perms]
         data = dict()
         data["nick_name"] = self.user.nick_name
         data["email"] = self.user.email
         # data["teams_identity"] = teams[0]["team_identity"]
         data["teams_identity"] = perms + role_list
         data["is_user_enter_amdin"] = is_user_enter_amdin
         code = 200
         result = general_message(code,
                                  "user details query success.",
                                  "用户详情获取成功",
                                  bean=data)
         return Response(result, status=code)
     except UserNotExistError as e:
         logger.exception(e)
         code = 400
         result = general_message(code,
                                  "this user does not exist on this team.",
                                  "该用户不存在这个团队")
         return Response(result, status=code)
     except Exception as e:
         logger.exception(e)
         result = error_message(e.message)
         return Response(result, status=500)

コード例 #17

0

ファイルを表示

 def delete(self, request, team_name, *args, **kwargs):
     """
     删除租户内的用户
     (可批量可单个)
     ---
     parameters:
         - name: team_name
           description: 团队名称
           required: true
           type: string
           paramType: path
         - name: user_ids
           description: 用户名 user_id1,user_id2 ...
           required: true
           type: string
           paramType: body
     """
     try:
         no_auth = "owner" not in team_services.get_user_perm_identitys_in_permtenant(
             user_id=request.user.user_id, tenant_name=team_name)
         if no_auth:
             code = 400
             result = general_message(code, "no identity", "没有权限")
         else:
             user_ids = str(request.data.get("user_ids", None))
             if not user_ids:
                 result = general_message(400, "failed", "删除成员不能为空")
                 return Response(result, status=400)
             if str(request.user.user_id) in user_ids:
                 result = general_message(400, "failed", "不能删除自己")
                 return Response(result, status=400)
             try:
                 user_id_list = user_ids.split(",")
                 user_services.batch_delete_users(team_name, user_id_list)
                 result = general_message(200, "delete the success", "删除成功")
             except Tenants.DoesNotExist as e:
                 logger.exception(e)
                 result = generate_result(400, "tenant not exist",
                                          "{}团队不存在".format(team_name))
             except Exception as e:
                 logger.exception(e)
                 result = error_message(e.message)
             return Response(result)
     except Exception as e:
         code = 500
         logger.exception(e)
         result = error_message(e.message)
     return Response(result, status=code)

コード例 #18

0

ファイルを表示

 def delete(self, request, *args, **kwargs):
     """
     批量删除应用
     ---
     parameters:
         - name: tenantName
           description: 租户名
           required: true
           type: string
           paramType: path
         - name: service_ids
           description: 批量操作的服务ID 多个以英文逗号分隔
           required: true
           type: string
           paramType: form
     """
     try:
         service_ids = request.data.get("service_ids", None)
         identitys = team_services.get_user_perm_identitys_in_permtenant(
             user_id=self.user.user_id, tenant_name=self.tenant_name)
         perm_tuple = team_services.get_user_perm_in_tenant(
             user_id=self.user.user_id, tenant_name=self.tenant_name)
         if "delete_service" not in perm_tuple and "owner" not in identitys and "admin" \
                 not in identitys and "developer" not in identitys:
             return Response(general_message(400, "Permission denied",
                                             "没有删除应用权限"),
                             status=400)
         service_id_list = service_ids.split(",")
         services = service_repo.get_services_by_service_ids(
             service_id_list)
         msg_list = []
         for service in services:
             code, msg = app_manage_service.batch_delete(self.user,
                                                         self.tenant,
                                                         service,
                                                         is_force=True)
             msg_dict = dict()
             msg_dict['status'] = code
             msg_dict['msg'] = msg
             msg_dict['service_id'] = service.service_id
             msg_dict['service_cname'] = service.service_cname
             msg_list.append(msg_dict)
         code = 200
         result = general_message(code, "success", "操作成功", list=msg_list)
         return Response(result, status=result['code'])
     except Exception as e:
         logger.exception(e)

コード例 #19

0

ファイルを表示

 def get(self, request, team_name, *args, **kwargs):
     """
     团队管理员可以获取公有云的数据中心列表
     ---
     parameters:
         - name: team_name
           description: 当前团队名字
           required: true
           type: string
           paramType: path
     """
     try:
         perm_list = team_services.get_user_perm_identitys_in_permtenant(
             user_id=request.user.user_id, tenant_name=team_name)
         no_auth = ("owner" not in perm_list) and ("admin" not in perm_list)
         if no_auth:
             code = 400
             result = general_message(code, "no identity",
                                      "您不是管理员或拥有者，没有权限做此操作")
             return Response(result, status=code)
         else:
             team = team_services.get_tenant_by_tenant_name(
                 tenant_name=team_name, exception=True)
             res, data = open_api.get_public_regions_list(
                 tenant_id=team.tenant_id, enterprise_id=team.enterprise_id)
             if res["status"] == 200:
                 code = 200
                 result = generate_result(
                     code,
                     "query the data center is successful.",
                     "公有云数据中心获取成功",
                     list=data)
             else:
                 code = 400
                 result = general_message(
                     code,
                     msg="query the data center failed",
                     msg_show="公有云数据中心获取失败")
     except Exception as e:
         code = 500
         logger.exception(e)
         result = error_message(e.message)
     return Response(result, status=code)

コード例 #20

0

ファイルを表示

    def delete(self, request, team_name, *args, **kwargs):
        """
        删除租户内的用户
        (可批量可单个)
        ---
        parameters:
            - name: team_name
              description: 团队名称
              required: true
              type: string
              paramType: path
            - name: user_ids
              description: 用户名 user_id1,user_id2 ...
              required: true
              type: string
              paramType: body
        """
        try:
            identitys = team_services.get_user_perm_identitys_in_permtenant(
                user_id=request.user.user_id,
                tenant_name=team_name
            )

            perm_tuple = team_services.get_user_perm_in_tenant(user_id=request.user.user_id, tenant_name=team_name)

            if "owner" not in identitys and "admin" not in identitys and "manage_team_member_permissions" not in perm_tuple:
                code = 400
                result = general_message(code, "no identity", "没有权限")
                return Response(result, status=code)

            user_ids = str(request.data.get("user_ids", None))
            if not user_ids:
                result = general_message(400, "failed", "删除成员不能为空")
                return Response(result, status=400)

            try:
                user_id_list = [int(user_id) for user_id in user_ids.split(",")]
            except Exception as e:
                logger.exception(e)
                result = general_message(200, "Incorrect parameter format", "参数格式不正确")
                return Response(result, status=400)

            if request.user.user_id in user_id_list:
                result = general_message(400, "failed", "不能删除自己")
                return Response(result, status=400)

            for user_id in user_id_list:
                print user_id
                role_name_list = team_services.get_user_perm_role_in_permtenant(user_id=user_id, tenant_name=team_name)
                identity_list = team_services.get_user_perm_identitys_in_permtenant(user_id=user_id,
                                                                                    tenant_name=team_name)
                print role_name_list
                if "owner" in role_name_list or "owner" in identity_list:
                    result = general_message(400, "failed", "不能删除团队创建者！")
                    return Response(result, status=400)
            try:
                user_services.batch_delete_users(team_name, user_id_list)
                result = general_message(200, "delete the success", "删除成功")
            except Tenants.DoesNotExist as e:
                logger.exception(e)
                result = generate_result(400, "tenant not exist", "{}团队不存在".format(team_name))
            except Exception as e:
                logger.exception(e)
                result = error_message(e.message)
            return Response(result)
        except Exception as e:
            code = 500
            logger.exception(e)
            result = error_message(e.message)
        return Response(result, status=code)

コード例 #21

0

ファイルを表示

 def post(self, request, team_name, *args, **kwargs):
     """
     团队中添加新用户
     ---
     parameters:
         - name: team_name
           description: 团队名称
           required: true
           type: string
           paramType: path
         - name: user_ids
           description: 添加成员id 格式 {'user_ids':'1,2'}
           required: true
           type: string
           paramType: body
         - name: identitys
           description: 选择权限(当前用户是管理员'admin'或者创建者'owner'就展示权限选择列表，不是管理员就没有这个选项, 默认被邀请用户权限是'access') 格式{"identitys": "viewer,access"}
           required: true
           type: string
           paramType: body
     """
     perm_list = team_services.get_user_perm_identitys_in_permtenant(
         user_id=request.user.user_id,
         tenant_name=team_name
     )
     # 根据用户在一个团队的角色来获取这个角色对应的所有权限操作
     role_perm_tuple = team_services.get_user_perm_in_tenant(user_id=request.user.user_id, tenant_name=team_name)
     if perm_list:
         no_auth = ("owner" not in perm_list) and ("admin" not in perm_list)
     else:
         no_auth = "manage_team_member_permissions" not in role_perm_tuple
     if no_auth:
         code = 400
         result = general_message(code, "no identity", "您不是管理员，没有权限做此操作")
         return Response(result, status=code)
     try:
         user_ids = request.data.get('user_ids', None)
         identitys = request.data.get('identitys', None)
         identitys = identitys.split(',') if identitys else []
         if not user_ids:
             raise ParamsError("用户名为空")
         code = 200
         team = team_services.get_tenant_by_tenant_name(tenant_name=team_name, exception=True)
         user_ids = user_ids.split(',')
         if identitys:
             team_services.add_user_to_team(request=request, tenant=team, user_ids=user_ids, identitys=identitys)
             result = general_message(code, "success", "用户添加到{}成功".format(team_name))
         else:
             team_services.add_user_to_team(request=request, tenant=team, user_ids=user_ids, identitys='access')
             result = general_message(code, "success", "用户添加到{}成功".format(team_name))
     except PermTenantsExistError as e:
         code = 400
         result = general_message(code, "permtenant exist", e.message)
     except ParamsError as e:
         logging.exception(e)
         code = 400
         result = general_message(code, "params user_id is empty", e.message)
     except UserNotExistError as e:
         code = 400
         result = general_message(code, "user not exist", e.message)
     except Tenants.DoesNotExist as e:
         code = 400
         logger.exception(e)
         result = general_message(code, "tenant not exist", "{}团队不存在".format(team_name))
     except UserExistError as e:
         logger.exception(e)
         code = 400
         result = general_message(code, "user already exist", e.message)
     except Exception as e:
         code = 500
         logger.exception(e)
         print(str(e))
         result = general_message(code, "system error", "系统异常")
     return Response(result, status=code)

コード例 #22

0

ファイルを表示

ファイル: role_prems.py プロジェクト: vincentchen/rainbond-console

    def post(self, request, team_name, *args, **kwargs):
        """
        团队中添加新用户给用户分配一个角色
        ---
        parameters:
            - name: team_name
              description: 团队名称
              required: true
              type: string
              paramType: path
            - name: user_ids
              description: 添加成员id 格式 {'user_ids':'1,2'}
              required: true
              type: string
              paramType: body
            - name: role_ids
              description: 选择角色 格式{"role_ids": "1,2,3"}
              required: true
              type: string
              paramType: body
        """
        perm_list = team_services.get_user_perm_identitys_in_permtenant(
            user_id=request.user.user_id, tenant_name=team_name)
        # 根据用户在一个团队的角色来获取这个角色对应的所有权限操作
        role_perm_tuple = team_services.get_user_perm_in_tenant(
            user_id=request.user.user_id, tenant_name=team_name)

        no_auth = ("owner" not in perm_list) and (
            "admin" not in perm_list
        ) and "manage_team_member_permissions" not in role_perm_tuple

        if no_auth:
            code = 400
            result = general_message(code, "no identity", "您没有权限做此操作")
            return Response(result, status=code)
        try:
            user_ids = request.data.get('user_ids', None)
            role_ids = request.data.get('role_ids', None)
            if not user_ids:
                raise ParamsError("用户名为空")
            if not role_ids:
                raise ParamsError("角色ID为空")
            try:
                user_ids = [int(user_id) for user_id in user_ids.split(",")]
                role_ids = [int(user_id) for user_id in role_ids.split(",")]
            except Exception as e:
                code = 400
                logger.exception(e)
                result = general_message(code, "Incorrect parameter format",
                                         "参数格式不正确")
                return Response(result, status=code)
            for role_id in role_ids:
                if role_id not in team_services.get_all_team_role_id(
                        tenant_name=team_name):
                    code = 400
                    result = general_message(code, "The role does not exist",
                                             "该角色在团队中不存在")
                    return Response(result, status=code)

            user_id = team_services.user_is_exist_in_team(
                user_list=user_ids, tenant_name=team_name)
            if user_id:
                user_obj = user_services.get_user_by_user_id(user_id=user_id)
                code = 400
                result = general_message(code, "user already exist",
                                         "用户{}已经存在".format(user_obj.nick_name))
                return Response(result, status=code)

            code = 200
            team = team_services.get_tenant(tenant_name=team_name)

            team_services.add_user_role_to_team(request=request,
                                                tenant=team,
                                                user_ids=user_ids,
                                                role_ids=role_ids)
            result = general_message(code, "success",
                                     "用户添加到{}成功".format(team_name))

        except ParamsError as e:
            logging.exception(e)
            code = 400
            result = general_message(code, "params is empty", e.message)
        except UserNotExistError as e:
            code = 400
            result = general_message(code, "user not exist", e.message)
        except Tenants.DoesNotExist as e:
            code = 400
            logger.exception(e)
            result = general_message(code, "tenant not exist",
                                     "{}团队不存在".format(team_name))
        except Exception as e:
            code = 500
            logger.exception(e)
            print(str(e))
            result = general_message(code, "system error", "系统异常")
        return Response(result, status=code)

コード例 #23

0

ファイルを表示

ファイル: role_prems.py プロジェクト: vincentchen/rainbond-console

    def post(self, request, team_name, user_id, *args, **kwargs):
        """
        修改团队成员角色
        ---
        parameters:
            - name: team_name
              description: 团队名
              required: true
              type: string
              paramType: path
            - name: user_id
              description: 被修改权限的团队成员id
              required: true
              type: string
              paramType: path
            - name: role_ids
              description: 角色  格式 {"role_ids": "1,2,3"}
              required: true
              type: string
              paramType: body
        """
        try:
            perm_list = team_services.get_user_perm_identitys_in_permtenant(
                user_id=request.user.user_id, tenant_name=team_name)
            perm_tuple = team_services.get_user_perm_in_tenant(
                user_id=request.user.user_id, tenant_name=team_name)

            no_auth = ("owner" not in perm_list) and (
                "admin" not in perm_list
            ) and "manage_team_member_permissions" not in perm_tuple

            if no_auth:
                code = 400
                result = general_message(code, "no identity", "您没有权限做此操作")
            else:
                code = 200
                role_ids = request.data.get("role_ids", None)
                if role_ids:
                    try:
                        role_id_list = [int(id) for id in role_ids.split(",")]
                    except Exception as e:
                        logger.exception(e)
                        code = 400
                        result = general_message(code, "params is empty",
                                                 "参数格式不正确")
                        return Response(result, status=code)

                    other_user = user_repo.get_user_by_user_id(
                        user_id=int(user_id))
                    if other_user.user_id == request.user.user_id:
                        result = general_message(400, "failed", "您不能修改自己的权限！")
                        return Response(result, status=400)

                    for id in role_id_list:
                        if id not in team_services.get_all_team_role_id(
                                tenant_name=team_name):
                            code = 400
                            result = general_message(
                                code, "The role does not exist", "该角色在团队中不存在")
                            return Response(result, status=code)

                    identity_list = team_services.get_user_perm_identitys_in_permtenant(
                        user_id=other_user.user_id, tenant_name=team_name)

                    role_name_list = team_services.get_user_perm_role_in_permtenant(
                        user_id=other_user.user_id, tenant_name=team_name)
                    if "owner" in identity_list or "owner" in role_name_list:
                        result = general_message(400, "failed", "您不能修改创建者的权限！")
                        return Response(result, status=400)

                    team_services.change_tenant_role(
                        user_id=other_user.user_id,
                        tenant_name=team_name,
                        role_id_list=role_id_list)
                    result = general_message(
                        code, "identity modify success",
                        "{}角色修改成功".format(other_user.nick_name))
                else:
                    result = general_message(400, "identity failed",
                                             "修改角色时，角色不能为空")
        except UserNotExistError as e:
            logger.exception(e)
            code = 400
            result = general_message(code, "users not exist", "该用户不存在")
        except Exception as e:
            logger.exception(e)
            code = 500
            result = error_message(e.message)
        return Response(result, status=code)

コード例 #24

0

ファイルを表示

ファイル: user_operation.py プロジェクト: verylove/rainbond-console

    def get(self, request, *args, **kwargs):
        """
        查询我的详情
        ---
        """
        try:
            p = PermActions()
            code = 200
            user = self.user
            user.actions = UserActions()
            tenants = team_services.get_current_user_tenants(
                user_id=user.user_id)
            user_detail = dict()
            user_detail["user_id"] = user.user_id
            user_detail["user_name"] = user.nick_name
            user_detail["email"] = user.email
            user_detail["enterprise_id"] = user.enterprise_id
            user_detail["phone"] = user.phone
            user_detail["git_user_id"] = user.git_user_id
            user_detail["is_sys_admin"] = user.is_sys_admin
            enterprise = enterprise_services.get_enterprise_by_enterprise_id(
                user.enterprise_id)
            user_detail["is_enterprise_active"] = enterprise.is_active
            is_user_enter_amdin = user_services.is_user_admin_in_current_enterprise(
                self.user, user.enterprise_id)
            user_detail["is_user_enter_amdin"] = is_user_enter_amdin
            tenant_list = list()
            for tenant in tenants:
                tenant_info = dict()
                team_region_list = region_services.get_region_list_by_team_name(
                    request=request, team_name=tenant.tenant_name)
                tenant_info["team_id"] = tenant.ID
                tenant_info["team_name"] = tenant.tenant_name
                tenant_info["team_alias"] = tenant.tenant_alias
                tenant_info["limit_memory"] = tenant.limit_memory
                tenant_info["pay_level"] = tenant.pay_level
                tenant_info["region"] = team_region_list
                tenant_info["creater"] = tenant.creater
                tenant_info["create_time"] = tenant.create_time
                perms_list = team_services.get_user_perm_identitys_in_permtenant(
                    user_id=user.user_id, tenant_name=tenant.tenant_name)
                perms_role_id_list = team_services.get_user_perm_role_id_in_permtenant(
                    user_id=user.user_id, tenant_name=tenant.tenant_name)

                perms_tuple = ()

                if perms_list:
                    final_identity = perms.get_highest_identity(perms_list)
                    tenant_actions = p.keys(
                        'tenant_{0}_actions'.format(final_identity))
                    perms_tuple += tenant_actions
                else:
                    final_identity = []

                role_name_list = [
                    role_repo.get_role_name_by_role_id(role_id=role_id)
                    for role_id in perms_role_id_list
                ]

                for role_id in perms_role_id_list:
                    tenant_actions = role_perm_repo.get_perm_by_role_id(
                        role_id=role_id)
                    perms_tuple += tenant_actions
                if final_identity:
                    tenant_info["role_name_list"] = [final_identity
                                                     ] + role_name_list
                else:
                    tenant_info["role_name_list"] = role_name_list
                user.actions.set_actions('tenant', tuple(set(perms_tuple)))
                tenant_info["tenant_actions"] = user.actions.tenant_actions
                tenant_list.append(tenant_info)
            user_detail["teams"] = tenant_list
            result = general_message(code,
                                     "Obtain my details to be successful.",
                                     "获取我的详情成功",
                                     bean=user_detail)
        except Exception as e:
            code = 500
            logger.exception(e)
            result = error_message(e.message)
        return Response(result, status=code)

コード例 #25

0

ファイルを表示

ファイル: user.py プロジェクト: sunshine2995/console

 def post(self, request, team_name, user_name, *args, **kwargs):
     """
     修改成员权限
     ---
     parameters:
         - name: team_name
           description: 团队名
           required: true
           type: string
           paramType: path
         - name: user_name
           description: 被修改权限的团队成员
           required: true
           type: string
           paramType: path
         - name: identitys
           description: 权限  格式 {"identitys": "viewer,access"}
           required: true
           type: string
           paramType: body
     """
     try:
         perm_list = team_services.get_user_perm_identitys_in_permtenant(
             user_id=request.user.user_id, tenant_name=team_name)
         perm_tuple = team_services.get_user_perm_in_tenant(
             user_id=request.user.user_id, tenant_name=team_name)
         no_auth = ("owner" not in perm_list) and ("admin" not in perm_list)
         if no_auth:
             code = 400
             result = general_message(code, "no identity",
                                      "您不是管理员，没有权限做此操作")
         else:
             code = 200
             new_identitys = request.data.get("identitys", None)
             if new_identitys:
                 new_identitys = new_identitys.split(
                     ',') if new_identitys else []
                 other_user = user_services.get_user_by_username(
                     user_name=user_name)
                 if other_user.user_id == request.user.user_id:
                     result = general_message(400, "failed", "您不能修改自己的权限！")
                     return Response(result, status=400)
                 team_services.change_tenant_identity(
                     user_id=other_user.user_id,
                     tenant_name=team_name,
                     new_identitys=new_identitys)
                 result = general_message(code, "identity modify success",
                                          "{}权限修改成功".format(user_name))
             else:
                 result = general_message(400, "identity failed",
                                          "修改权限时，权限不能为空")
     except SameIdentityError as e:
         logger.exception(e)
         code = 400
         result = general_message(code, "identity exist", "该用户已拥有此权限")
     except UserNotExistError as e:
         logger.exception(e)
         code = 400
         result = general_message(code, "users not exist", "该用户不存在")
     except Exception as e:
         logger.exception(e)
         code = 500
         result = error_message(e.message)
     return Response(result, status=code)

コード例 #26

0

ファイルを表示

    def post(self, request, *args, **kwargs):
        """
        ---
        parameters:
            - name: tenantName
              description: 租户名
              required: true
              type: string
              paramType: path
            - name: action
              description: 操作名称 stop| start|upgrade|deploy
              required: true
              type: string
              paramType: form
            - name: group_id
              description: 组id
              required: true
              type: string
              paramType: path

        """
        try:
            action = request.data.get("action", None)

            group_id = int(kwargs.get("group_id", None))
            services = group_service_relation_repo.get_services_obj_by_group(
                group_id)
            if not services:
                result = general_message(400, "not service", "当前组内无应用，无法操作")
                return Response(result)
            service_ids = [service.service_id for service in services]
            if action not in ("stop", "start", "upgrade", "deploy"):
                return Response(general_message(400, "param error", "操作类型错误"),
                                status=400)
            # 去除掉三方服务
            for service_id in service_ids:
                service_obj = service_repo.get_service_by_service_id(
                    service_id)
                if service_obj:
                    if service_obj.service_source == "third_party":
                        service_ids.remove(service_id)

            # 校验权限
            identitys = team_services.get_user_perm_identitys_in_permtenant(
                user_id=self.user.user_id, tenant_name=self.tenant_name)
            perm_tuple = team_services.get_user_perm_in_tenant(
                user_id=self.user.user_id, tenant_name=self.tenant_name)

            if action == "stop":
                if "stop_service" not in perm_tuple and "owner" not in identitys and "admin" not in identitys and "developer" not in identitys:
                    return Response(general_message(400, "Permission denied",
                                                    "没有关闭应用权限"),
                                    status=400)
            if action == "start":
                if "start_service" not in perm_tuple and "owner" not in identitys and "admin" not in identitys and "developer" not in identitys:
                    return Response(general_message(400, "Permission denied",
                                                    "没有启动应用权限"),
                                    status=400)
            if action == "upgrade":
                if "restart_service" not in perm_tuple and "owner" not in identitys and "admin" not in identitys and "developer" not in identitys:
                    return Response(general_message(400, "Permission denied",
                                                    "没有更新应用权限"),
                                    status=400)
            if action == "deploy":
                if "deploy_service" not in perm_tuple and "owner" not in identitys and "admin" not in identitys and "developer" not in identitys:
                    return Response(general_message(400, "Permission denied",
                                                    "没有重新构建权限"),
                                    status=400)
                # 批量操作
            code, msg = app_manage_service.batch_operations(
                self.tenant, self.user, action, service_ids)
            if code != 200:
                result = general_message(code, "batch manage error", msg)
            else:
                result = general_message(200, "success", "操作成功")

        except Exception as e:
            logger.exception(e)
            result = error_message(e.message)
        return Response(result, status=result["code"])