def delete(self, request, *args, **kwargs): """ 二次确认删除应用 --- parameters: - name: tenantName description: 租户名 required: true type: string paramType: path - name: service_id description: 应用id required: true type: string paramType: form """ service_id = request.data.get("service_id", None) identitys = team_services.get_user_perm_identitys_in_permtenant( user_id=self.user.user_id, tenant_name=self.tenant_name) perm_tuple = team_services.get_user_perm_in_tenant(user_id=self.user.user_id, tenant_name=self.tenant_name) if "delete_service" not in perm_tuple and "owner" not in identitys and "admin" \ not in identitys and "developer" not in identitys: return Response(general_message(400, "Permission denied", "没有删除应用权限"), status=400) service = service_repo.get_service_by_service_id(service_id) code, msg = app_manage_service.delete_again(self.user, self.tenant, service, is_force=True) bean = {} if code != 200: return Response(general_message(code, "delete service error", msg, bean=bean), status=code) result = general_message(code, "success", "操作成功", bean=bean) return Response(result, status=result["code"])
def post(self, request, *args, **kwargs): """ 批量操作服务 --- parameters: - name: tenantName description: 租户名 required: true type: string paramType: path - name: action description: 操作名称 stop| start|restart required: true type: string paramType: form - name: service_ids description: 批量操作的服务ID 多个以英文逗号分隔 required: true type: string paramType: form """ try: action = request.data.get("action", None) service_ids = request.data.get("service_ids", None) if action not in ("stop", "start", "restart"): return Response(general_message(400, "param error", "操作类型错误"), status=400) identitys = team_services.get_user_perm_identitys_in_permtenant( user_id=self.user.user_id, tenant_name=self.tenant_name) perm_tuple = team_services.get_user_perm_in_tenant( user_id=self.user.user_id, tenant_name=self.tenant_name) if action == "stop": if "stop_service" not in perm_tuple and "owner" not in identitys and "admin" not in identitys and "developer" not in identitys: return Response(general_message(400, "Permission denied", "没有关闭应用权限"), status=400) if action == "start": if "start_service" not in perm_tuple and "owner" not in identitys and "admin" not in identitys and "developer" not in identitys: return Response(general_message(400, "Permission denied", "没有启动应用权限"), status=400) if action == "restart": if "restart_service" not in perm_tuple and "owner" not in identitys and "admin" not in identitys and "developer" not in identitys: return Response(general_message(400, "Permission denied", "没有重启应用权限"), status=400) service_id_list = service_ids.split(",") code, msg = app_manage_service.batch_action( self.tenant, self.user, action, service_id_list) if code != 200: result = general_message(code, "batch manage error", msg) else: result = general_message(200, "success", "操作成功") except Exception as e: logger.exception(e) result = error_message(e.message) return Response(result, status=result["code"])
def get(self, request, team_name, *args, **kwargs): """ 获取团队详情 --- parameters: - name: team_name description: team name required: true type: string paramType: path """ try: tenant = team_services.get_tenant_by_tenant_name(team_name) if not tenant: return Response(general_message(404, "team not exist", "团队{0}不存在".format(team_name)), status=404) user_team_perm = team_services.get_user_perms_in_permtenant(self.user.user_id, team_name) tenant_info = dict() team_region_list = region_services.get_region_list_by_team_name(request=request, team_name=team_name) p = PermActions() tenant_info["team_id"] = tenant.ID tenant_info["team_name"] = tenant.tenant_name tenant_info["team_alias"] = tenant.tenant_alias tenant_info["limit_memory"] = tenant.limit_memory tenant_info["pay_level"] = tenant.pay_level tenant_info["region"] = team_region_list tenant_info["creater"] = tenant.creater tenant_info["create_time"] = tenant.create_time if not user_team_perm: if not self.user.is_sys_admin and team_name != "grdemo": return Response(general_message(403, "you right to see this team", "您无权查看此团队"), 403) else: perms_list = team_services.get_user_perm_identitys_in_permtenant(user_id=self.user.user_id, tenant_name=tenant.tenant_name) role_name_list = team_services.get_user_perm_role_in_permtenant(user_id=self.user.user_id, tenant_name=tenant.tenant_name) role_perms_tuple = team_services.get_user_perm_in_tenant(user_id=self.user.user_id, tenant_name=tenant.tenant_name) tenant_actions = () tenant_info["identity"] = perms_list + role_name_list if perms_list: final_identity = get_highest_identity(perms_list) perms = p.keys('tenant_{0}_actions'.format(final_identity)) tenant_actions += perms tenant_actions += role_perms_tuple tenant_info["tenant_actions"] = tuple(set(tenant_actions)) return Response(general_message(200, "success", "查询成功", bean=tenant_info), status=200) except Exception as e: logger.exception(e) result = error_message(e.message) return Response(result, status=result["code"])
def post(self, request, team_name, *args, **kwargs): """ 修改团队名 --- parameters: - name: team_name description: 旧团队名 required: true type: string paramType: path - name: new_team_alias description: 新团队名 required: true type: string paramType: body """ try: perms = team_services.get_user_perm_identitys_in_permtenant( user_id=request.user.user_id, tenant_name=team_name) perm_tuple = team_services.get_user_perm_in_tenant( user_id=request.user.user_id, tenant_name=team_name) no_auth = True if "owner" in perms or "modify_team_name" in perm_tuple: no_auth = False if no_auth: code = 400 result = general_message(code, "no identity", "权限不足不能修改团队名") else: new_team_alias = request.data.get("new_team_alias", "") if new_team_alias: try: code = 200 team = team_services.update_tenant_alias( tenant_name=team_name, new_team_alias=new_team_alias) result = general_message(code, "update success", "团队名修改成功", bean=team.to_dict()) except Exception as e: code = 500 result = general_message(code, "update failed", "团队名修改失败") logger.exception(e) else: result = general_message(400, "failed", "修改的团队名不能为空") code = 400 except Exception as e: code = 500 result = general_message(code, "update failed", "团队名修改失败") logger.exception(e) return Response(result, status=code)
def delete(self, request, team_name, *args, **kwargs): """ 删除当前团队 --- parameters: - name: team_name description: 要删除的团队 required: true type: string paramType: path """ code = 200 identity_list = team_services.get_user_perm_identitys_in_permtenant( user_id=request.user.user_id, tenant_name=team_name) perm_tuple = team_services.get_user_perm_in_tenant( user_id=request.user.user_id, tenant_name=team_name) team = team_services.get_tenant_by_tenant_name(team_name) if not user_services.is_user_admin_in_current_enterprise( request.user, team.enterprise_id): if "owner" not in identity_list and "drop_tenant" not in perm_tuple: code = 400 result = general_message(code, "no identity", "您不是最高管理员,不能删除团队") return Response(result, status=code) try: service_count = team_services.get_team_service_count_by_team_name( team_name=team_name) if service_count >= 1: result = general_message(400, "failed", "当前团队内有应用,不可以删除") return Response(result, status=400) status = team_services.delete_tenant(tenant_name=team_name) if not status: result = general_message(code, "delete a tenant successfully", "删除团队成功") else: code = 400 result = general_message(code, "delete a tenant failed", "删除团队失败") except Tenants.DoesNotExist as e: code = 400 logger.exception(e) result = generate_result(code, "tenant not exist", "{}团队不存在".format(team_name)) except Exception as e: code = 500 result = general_message(code, "sys exception", "系统异常") logger.exception(e) return Response(result, status=code)
def delete(self, request, *args, **kwargs): """ 批量删除应用 --- parameters: - name: tenantName description: 租户名 required: true type: string paramType: path - name: service_ids description: 批量操作的服务ID 多个以英文逗号分隔 required: true type: string paramType: form """ try: service_ids = request.data.get("service_ids", None) identitys = team_services.get_user_perm_identitys_in_permtenant( user_id=self.user.user_id, tenant_name=self.tenant_name) perm_tuple = team_services.get_user_perm_in_tenant( user_id=self.user.user_id, tenant_name=self.tenant_name) if "delete_service" not in perm_tuple and "owner" not in identitys and "admin" \ not in identitys and "developer" not in identitys: return Response(general_message(400, "Permission denied", "没有删除应用权限"), status=400) service_id_list = service_ids.split(",") services = service_repo.get_services_by_service_ids( service_id_list) msg_list = [] for service in services: code, msg = app_manage_service.batch_delete(self.user, self.tenant, service, is_force=True) msg_dict = dict() msg_dict['status'] = code msg_dict['msg'] = msg msg_dict['service_id'] = service.service_id msg_dict['service_cname'] = service.service_cname msg_list.append(msg_dict) code = 200 result = general_message(code, "success", "操作成功", list=msg_list) return Response(result, status=result['code']) except Exception as e: logger.exception(e)
def delete(self, request, team_name, *args, **kwargs): """ 删除租户内的用户 (可批量可单个) --- parameters: - name: team_name description: 团队名称 required: true type: string paramType: path - name: user_ids description: 用户名 user_id1,user_id2 ... required: true type: string paramType: body """ try: identitys = team_services.get_user_perm_identitys_in_permtenant( user_id=request.user.user_id, tenant_name=team_name ) perm_tuple = team_services.get_user_perm_in_tenant(user_id=request.user.user_id, tenant_name=team_name) if "owner" not in identitys and "admin" not in identitys and "manage_team_member_permissions" not in perm_tuple: code = 400 result = general_message(code, "no identity", "没有权限") return Response(result, status=code) user_ids = str(request.data.get("user_ids", None)) if not user_ids: result = general_message(400, "failed", "删除成员不能为空") return Response(result, status=400) try: user_id_list = [int(user_id) for user_id in user_ids.split(",")] except Exception as e: logger.exception(e) result = general_message(200, "Incorrect parameter format", "参数格式不正确") return Response(result, status=400) if request.user.user_id in user_id_list: result = general_message(400, "failed", "不能删除自己") return Response(result, status=400) for user_id in user_id_list: print user_id role_name_list = team_services.get_user_perm_role_in_permtenant(user_id=user_id, tenant_name=team_name) identity_list = team_services.get_user_perm_identitys_in_permtenant(user_id=user_id, tenant_name=team_name) print role_name_list if "owner" in role_name_list or "owner" in identity_list: result = general_message(400, "failed", "不能删除团队创建者!") return Response(result, status=400) try: user_services.batch_delete_users(team_name, user_id_list) result = general_message(200, "delete the success", "删除成功") except Tenants.DoesNotExist as e: logger.exception(e) result = generate_result(400, "tenant not exist", "{}团队不存在".format(team_name)) except Exception as e: logger.exception(e) result = error_message(e.message) return Response(result) except Exception as e: code = 500 logger.exception(e) result = error_message(e.message) return Response(result, status=code)
def post(self, request, team_name, *args, **kwargs): """ 团队中添加新用户 --- parameters: - name: team_name description: 团队名称 required: true type: string paramType: path - name: user_ids description: 添加成员id 格式 {'user_ids':'1,2'} required: true type: string paramType: body - name: identitys description: 选择权限(当前用户是管理员'admin'或者创建者'owner'就展示权限选择列表,不是管理员就没有这个选项, 默认被邀请用户权限是'access') 格式{"identitys": "viewer,access"} required: true type: string paramType: body """ perm_list = team_services.get_user_perm_identitys_in_permtenant( user_id=request.user.user_id, tenant_name=team_name ) # 根据用户在一个团队的角色来获取这个角色对应的所有权限操作 role_perm_tuple = team_services.get_user_perm_in_tenant(user_id=request.user.user_id, tenant_name=team_name) if perm_list: no_auth = ("owner" not in perm_list) and ("admin" not in perm_list) else: no_auth = "manage_team_member_permissions" not in role_perm_tuple if no_auth: code = 400 result = general_message(code, "no identity", "您不是管理员,没有权限做此操作") return Response(result, status=code) try: user_ids = request.data.get('user_ids', None) identitys = request.data.get('identitys', None) identitys = identitys.split(',') if identitys else [] if not user_ids: raise ParamsError("用户名为空") code = 200 team = team_services.get_tenant_by_tenant_name(tenant_name=team_name, exception=True) user_ids = user_ids.split(',') if identitys: team_services.add_user_to_team(request=request, tenant=team, user_ids=user_ids, identitys=identitys) result = general_message(code, "success", "用户添加到{}成功".format(team_name)) else: team_services.add_user_to_team(request=request, tenant=team, user_ids=user_ids, identitys='access') result = general_message(code, "success", "用户添加到{}成功".format(team_name)) except PermTenantsExistError as e: code = 400 result = general_message(code, "permtenant exist", e.message) except ParamsError as e: logging.exception(e) code = 400 result = general_message(code, "params user_id is empty", e.message) except UserNotExistError as e: code = 400 result = general_message(code, "user not exist", e.message) except Tenants.DoesNotExist as e: code = 400 logger.exception(e) result = general_message(code, "tenant not exist", "{}团队不存在".format(team_name)) except UserExistError as e: logger.exception(e) code = 400 result = general_message(code, "user already exist", e.message) except Exception as e: code = 500 logger.exception(e) print(str(e)) result = general_message(code, "system error", "系统异常") return Response(result, status=code)
def post(self, request, team_name, *args, **kwargs): """ 团队中添加新用户给用户分配一个角色 --- parameters: - name: team_name description: 团队名称 required: true type: string paramType: path - name: user_ids description: 添加成员id 格式 {'user_ids':'1,2'} required: true type: string paramType: body - name: role_ids description: 选择角色 格式{"role_ids": "1,2,3"} required: true type: string paramType: body """ perm_list = team_services.get_user_perm_identitys_in_permtenant( user_id=request.user.user_id, tenant_name=team_name) # 根据用户在一个团队的角色来获取这个角色对应的所有权限操作 role_perm_tuple = team_services.get_user_perm_in_tenant( user_id=request.user.user_id, tenant_name=team_name) no_auth = ("owner" not in perm_list) and ( "admin" not in perm_list ) and "manage_team_member_permissions" not in role_perm_tuple if no_auth: code = 400 result = general_message(code, "no identity", "您没有权限做此操作") return Response(result, status=code) try: user_ids = request.data.get('user_ids', None) role_ids = request.data.get('role_ids', None) if not user_ids: raise ParamsError("用户名为空") if not role_ids: raise ParamsError("角色ID为空") try: user_ids = [int(user_id) for user_id in user_ids.split(",")] role_ids = [int(user_id) for user_id in role_ids.split(",")] except Exception as e: code = 400 logger.exception(e) result = general_message(code, "Incorrect parameter format", "参数格式不正确") return Response(result, status=code) for role_id in role_ids: if role_id not in team_services.get_all_team_role_id( tenant_name=team_name): code = 400 result = general_message(code, "The role does not exist", "该角色在团队中不存在") return Response(result, status=code) user_id = team_services.user_is_exist_in_team( user_list=user_ids, tenant_name=team_name) if user_id: user_obj = user_services.get_user_by_user_id(user_id=user_id) code = 400 result = general_message(code, "user already exist", "用户{}已经存在".format(user_obj.nick_name)) return Response(result, status=code) code = 200 team = team_services.get_tenant(tenant_name=team_name) team_services.add_user_role_to_team(request=request, tenant=team, user_ids=user_ids, role_ids=role_ids) result = general_message(code, "success", "用户添加到{}成功".format(team_name)) except ParamsError as e: logging.exception(e) code = 400 result = general_message(code, "params is empty", e.message) except UserNotExistError as e: code = 400 result = general_message(code, "user not exist", e.message) except Tenants.DoesNotExist as e: code = 400 logger.exception(e) result = general_message(code, "tenant not exist", "{}团队不存在".format(team_name)) except Exception as e: code = 500 logger.exception(e) print(str(e)) result = general_message(code, "system error", "系统异常") return Response(result, status=code)
def post(self, request, team_name, user_id, *args, **kwargs): """ 修改团队成员角色 --- parameters: - name: team_name description: 团队名 required: true type: string paramType: path - name: user_id description: 被修改权限的团队成员id required: true type: string paramType: path - name: role_ids description: 角色 格式 {"role_ids": "1,2,3"} required: true type: string paramType: body """ try: perm_list = team_services.get_user_perm_identitys_in_permtenant( user_id=request.user.user_id, tenant_name=team_name) perm_tuple = team_services.get_user_perm_in_tenant( user_id=request.user.user_id, tenant_name=team_name) no_auth = ("owner" not in perm_list) and ( "admin" not in perm_list ) and "manage_team_member_permissions" not in perm_tuple if no_auth: code = 400 result = general_message(code, "no identity", "您没有权限做此操作") else: code = 200 role_ids = request.data.get("role_ids", None) if role_ids: try: role_id_list = [int(id) for id in role_ids.split(",")] except Exception as e: logger.exception(e) code = 400 result = general_message(code, "params is empty", "参数格式不正确") return Response(result, status=code) other_user = user_repo.get_user_by_user_id( user_id=int(user_id)) if other_user.user_id == request.user.user_id: result = general_message(400, "failed", "您不能修改自己的权限!") return Response(result, status=400) for id in role_id_list: if id not in team_services.get_all_team_role_id( tenant_name=team_name): code = 400 result = general_message( code, "The role does not exist", "该角色在团队中不存在") return Response(result, status=code) identity_list = team_services.get_user_perm_identitys_in_permtenant( user_id=other_user.user_id, tenant_name=team_name) role_name_list = team_services.get_user_perm_role_in_permtenant( user_id=other_user.user_id, tenant_name=team_name) if "owner" in identity_list or "owner" in role_name_list: result = general_message(400, "failed", "您不能修改创建者的权限!") return Response(result, status=400) team_services.change_tenant_role( user_id=other_user.user_id, tenant_name=team_name, role_id_list=role_id_list) result = general_message( code, "identity modify success", "{}角色修改成功".format(other_user.nick_name)) else: result = general_message(400, "identity failed", "修改角色时,角色不能为空") except UserNotExistError as e: logger.exception(e) code = 400 result = general_message(code, "users not exist", "该用户不存在") except Exception as e: logger.exception(e) code = 500 result = error_message(e.message) return Response(result, status=code)
def post(self, request, team_name, user_name, *args, **kwargs): """ 修改成员权限 --- parameters: - name: team_name description: 团队名 required: true type: string paramType: path - name: user_name description: 被修改权限的团队成员 required: true type: string paramType: path - name: identitys description: 权限 格式 {"identitys": "viewer,access"} required: true type: string paramType: body """ try: perm_list = team_services.get_user_perm_identitys_in_permtenant( user_id=request.user.user_id, tenant_name=team_name) perm_tuple = team_services.get_user_perm_in_tenant( user_id=request.user.user_id, tenant_name=team_name) no_auth = ("owner" not in perm_list) and ("admin" not in perm_list) if no_auth: code = 400 result = general_message(code, "no identity", "您不是管理员,没有权限做此操作") else: code = 200 new_identitys = request.data.get("identitys", None) if new_identitys: new_identitys = new_identitys.split( ',') if new_identitys else [] other_user = user_services.get_user_by_username( user_name=user_name) if other_user.user_id == request.user.user_id: result = general_message(400, "failed", "您不能修改自己的权限!") return Response(result, status=400) team_services.change_tenant_identity( user_id=other_user.user_id, tenant_name=team_name, new_identitys=new_identitys) result = general_message(code, "identity modify success", "{}权限修改成功".format(user_name)) else: result = general_message(400, "identity failed", "修改权限时,权限不能为空") except SameIdentityError as e: logger.exception(e) code = 400 result = general_message(code, "identity exist", "该用户已拥有此权限") except UserNotExistError as e: logger.exception(e) code = 400 result = general_message(code, "users not exist", "该用户不存在") except Exception as e: logger.exception(e) code = 500 result = error_message(e.message) return Response(result, status=code)
def post(self, request, *args, **kwargs): """ --- parameters: - name: tenantName description: 租户名 required: true type: string paramType: path - name: action description: 操作名称 stop| start|upgrade|deploy required: true type: string paramType: form - name: group_id description: 组id required: true type: string paramType: path """ try: action = request.data.get("action", None) group_id = int(kwargs.get("group_id", None)) services = group_service_relation_repo.get_services_obj_by_group( group_id) if not services: result = general_message(400, "not service", "当前组内无应用,无法操作") return Response(result) service_ids = [service.service_id for service in services] if action not in ("stop", "start", "upgrade", "deploy"): return Response(general_message(400, "param error", "操作类型错误"), status=400) # 去除掉三方服务 for service_id in service_ids: service_obj = service_repo.get_service_by_service_id( service_id) if service_obj: if service_obj.service_source == "third_party": service_ids.remove(service_id) # 校验权限 identitys = team_services.get_user_perm_identitys_in_permtenant( user_id=self.user.user_id, tenant_name=self.tenant_name) perm_tuple = team_services.get_user_perm_in_tenant( user_id=self.user.user_id, tenant_name=self.tenant_name) if action == "stop": if "stop_service" not in perm_tuple and "owner" not in identitys and "admin" not in identitys and "developer" not in identitys: return Response(general_message(400, "Permission denied", "没有关闭应用权限"), status=400) if action == "start": if "start_service" not in perm_tuple and "owner" not in identitys and "admin" not in identitys and "developer" not in identitys: return Response(general_message(400, "Permission denied", "没有启动应用权限"), status=400) if action == "upgrade": if "restart_service" not in perm_tuple and "owner" not in identitys and "admin" not in identitys and "developer" not in identitys: return Response(general_message(400, "Permission denied", "没有更新应用权限"), status=400) if action == "deploy": if "deploy_service" not in perm_tuple and "owner" not in identitys and "admin" not in identitys and "developer" not in identitys: return Response(general_message(400, "Permission denied", "没有重新构建权限"), status=400) # 批量操作 code, msg = app_manage_service.batch_operations( self.tenant, self.user, action, service_ids) if code != 200: result = general_message(code, "batch manage error", msg) else: result = general_message(200, "success", "操作成功") except Exception as e: logger.exception(e) result = error_message(e.message) return Response(result, status=result["code"])