def apply_perms_url(request):
application = json.loads(request.body)
username = request.user.username
iam = get_iam_client()
try:
result, message, url = iam.get_apply_url(application,
bk_username=username)
except AuthInvalidRequest as e:
result = False
message = str(e)
url = None
return standard_response(result, message, {"url": url})
def is_allow(request):
data = json.loads(request.body)
action_id = data["action"]
resources = data.get("resources", [])
subject = Subject("user", request.user.username)
action = Action(action_id)
resource = [
Resource(r["system"], r["type"], str(r["id"]), r["attributes"])
for r in resources
]
iam = get_iam_client()
try:
is_allow = iam.is_allowed(
Request(conf.SYSTEM_ID, subject, action, resource, None))
except (AuthInvalidRequest, AuthAPIError) as e:
return standard_response(False, str(e))
return standard_response(True, "success", {"is_allow": is_allow})
from gcloud.core.resources import ProjectResource
from gcloud.contrib.appmaker.models import AppMaker
from gcloud.iam_auth import res_factory
from gcloud.iam_auth import IAMMeta, get_iam_client
from gcloud.iam_auth.resource_helpers import TaskResourceHelper
from gcloud.iam_auth.authorization_helpers import TaskIAMAuthorizationHelper
from gcloud.iam_auth.utils import (
get_flow_allowed_actions_for_user,
get_common_flow_allowed_actions_for_user,
check_project_or_admin_view_action_for_user,
)
from gcloud.contrib.operate_record.decorators import record_operation
from gcloud.contrib.operate_record.constants import RecordType, OperateType
logger = logging.getLogger("root")
iam = get_iam_client()
class ProjectBasedTaskFlowIAMAuthorization(CustomCreateCompleteListIAMAuthorization):
def read_list(self, object_list, bundle):
# 对于"我的动态"和"审计页面"请求进行特殊处理,不需要提供project_id,直接进行用户校验
user_type = bundle.request.GET.get("user_type")
if user_type:
func = getattr(self, f"query_{user_type}_list", None)
return object_list if func and func(bundle) else []
project_id = bundle.request.GET.get("project__id")
check_project_or_admin_view_action_for_user(project_id, bundle.request.user.username)
return object_list
@staticmethod
def query_user_list(bundle):
Tencent is pleased to support the open source community by making 蓝鲸智云PaaS平台社区版 (BlueKing PaaS Community
Edition) available.
Copyright (C) 2017-2022 THL A29 Limited, a Tencent company. All rights reserved.
Licensed under the MIT License (the "License"); you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://opensource.org/licenses/MIT
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
specific language governing permissions and limitations under the License.
"""
from gcloud.iam_auth import get_iam_client, IAMMeta
from gcloud.iam_auth.resource_helpers.base import SimpleSubjectEnvHelperMixin
from iam.contrib.tastypie.resource import IAMResourceHelper
iam_client = get_iam_client()
class ViewSetResourceHelper(SimpleSubjectEnvHelperMixin, IAMResourceHelper):
def __init__(self, resource_func, iam=iam_client, system=IAMMeta.SYSTEM_ID, id_field="id", *args, **kwargs):
self.resource_func = resource_func
self.id_field = id_field
super().__init__(iam, system, *args, **kwargs)
def get_resources(self, obj):
return self.resource_func(obj)
def get_resources_id(self, obj):
return getattr(obj, self.id_field)
