def get_team_permission(user, team_id):
'''
用户可以查看所能管理的用户在其他资源上的角色
:param user: 调用者
:param target_user_id: 被查看者
:return:
'''
pm_list_sys = InternalAPI.get_user_permissions_on_resource(user, RS_SYS)
status, errmsg, team = TeamAPI.get(user, team_id)
if not status:
return False, '获取团队出错', None
pm_list_org = []
if team.organization:
pm_list_org = InternalAPI.get_user_permissions_on_resource(
user=user,
resource_type=RS_ORG,
resource_id=team.organization.id
)
# 系统管理员 或者 组织管理员
if pm_list_sys[PM_RETRIEVE_SYSTEM_ROLE] or (
len(pm_list_org) != 0 and
pm_list_org[PM_RETRIEVE_ORGANIZATION_ROLE]):
ret = {}
return True, None, ret
return False, ARK_ERRMSG_CONTENT[1201], None
def create(user, organization_id, name, description=None):
try:
errmsg = list()
if organization_id == None:
errmsg.append('组织ID不能为空')
if name == None or len(name) == 0:
errmsg.append('团队名字不能为空')
if len(errmsg) != 0:
return False, ','.join(errmsg), None
pm_list = InternalAPI.get_user_permissions_on_resource(
user, RS_ORG, organization_id
)
if not pm_list[PM_CREATE_TEAM]:
return False, ARK_ERRMSG_CONTENT[1201]
org = Organization.objects.get(id=organization_id)
team = Team(name=name, organization=org)
if description is not None:
team.description = description
with transaction.atomic():
team.save()
InternalAPI.update_resource_and_roles_relationship(
RS_TEAM, team.id
)
return True, None
except Exception as e:
return False, str(e)
def create(user,
organization_id,
name,
url,
username,
scm_type,
description=None,
branch=None,
revision=None):
try:
errmsg = list()
if organization_id == None:
errmsg.append('组织ID不能为空')
if name == None or len(name) == 0:
errmsg.append('项目名字不能为空')
if url == None or len(url) == 0:
errmsg.append('URL不能为空')
if username == None or len(username) == 0:
errmsg.append('项目的用户名不能为空')
if scm_type == None:
errmsg.append('源码管理类型不能为空')
if len(errmsg) != 0:
return False, ','.join(errmsg), None
pm_list = InternalAPI.get_user_permissions_on_resource(
user, RS_ORG, organization_id)
if not pm_list[PM_CREATE_PROJECT]:
return False, ARK_ERRMSG_CONTENT[1201]
org = Organization.objects.get(id=organization_id)
pro = Project(name=name,
url=url,
username=username,
scm_type=scm_type,
organization=org)
if description is not None and len(description) != 0:
pro.description = description
else:
pro.description = ''
if branch is not None and len(branch) != 0:
pro.branch = branch
else:
pro.branch = 'master'
if revision is not None:
pro.revision = revision
with transaction.atomic():
pro.save()
InternalAPI.update_resource_and_roles_relationship(
RS_PRO, pro.id)
return True, None, pro
except Exception as e:
return False, str(e)
def update(user, organization_id, name=None, description=None):
try:
if organization_id == None:
return False, '组织id传入不合法'
if name == None or len(name) == 0:
return False, '组织名字不能为空'
pm_list = InternalAPI.get_user_permissions_on_resource(
user, RS_ORG, organization_id)
if not pm_list[PM_UPDATE_ORGANIZATION]:
return False, ARK_ERRMSG_CONTENT[1201]
org = Organization.objects.get(id=organization_id)
if name is not None:
org.name = name
if description is not None:
org.description = description
org.save()
return True, None
except Exception as e:
return False, str(e)
def launch(user, template_id):
try:
pm_list = InternalAPI.get_user_permissions_on_resource(
user, RS_TEM, template_id)
if not pm_list[PM_LAUNCH_TEMPLATE]:
return False, ARK_ERRMSG_CONTENT[1201]
tem = JobTemplate.objects.get(id=template_id)
# 先在数据库里创建一条job记录,再向gearman发一个任务
job = Job.objects.create(
name=tem.name,
description='play',
status='pending',
start_time=timezone.now(),
#end_time=timezone.now(),
extra_variables=tem.extra_variables,
result='',
user=user,
job_template=tem,
)
client = gear.Client()
client.addServer(settings.GEARMAN_SERVER, 4730)
client.waitForServer()
job.status = 'running'
job.save()
inv = tem.inventory
inv_file = os.path.join(settings.INVENTORY_DIR,
str(inv.id) + '_' + str(job.id) + '.yaml')
with open(inv_file, 'w') as f:
f.write(inv.gen_content())
job_data = {
'callback_url':
settings.CALLBACK_HOST +
reverse('job:remote_update', kwargs={'job_id': job.id}),
'inventory_file':
inv_file,
'playbook_file':
os.path.join(settings.PROJECT_DIR, str(tem.project.id),
tem.playbook),
'args': {
'extra_variables': json.loads(tem.extra_variables),
'limit': tem.limit,
'forks': str(tem.forks),
'job_tags': tem.job_tags if tem.job_tags != '' else None,
'verbosity': '2',
"check": False,
},
}
gearman_job = gear.Job('run_playbook',
bytes(json.dumps(job_data), 'utf-8'))
client.submitJob(gearman_job, background=True)
return True, None
except Exception as e:
return False, str(e)
def templates_view(request):
try:
status, msg, tems = TemplateAPI.all(request.user)
if not status:
return HttpResponse(msg)
templates = []
for i in tems:
templates.append({
'template':
i,
'pm':
InternalAPI.get_user_permissions_on_resource(
request.user, RS_TEM, i.id),
})
context = {
'app': template_app,
'templates': templates,
}
return render(request, 'project/templates.html', context)
except Exception as e:
return HttpResponse(str(e))
def add_into_group(user, host_id, group_id):
try:
host = Host.objects.get(id=host_id)
pm_list = InternalAPI.get_user_permissions_on_resource(
user, RS_INV, host.inventory.id
)
if not pm_list.get(PM_ADD_HOST_INTO_GROUP):
return False, ARK_ERRMSG_CONTENT[1201]
group = Group.objects.get(id=group_id)
if host.inventory != group.inventory:
return False, 'host and group are not in the same inventory'
# 判断是否是一个叶子组
if not GroupAPI._can_be_leaf_group(group):
return False, '主机不能加入加入到非叶子组'
if not group.host_set.filter(id=host.id).exists():
group.host_set.add(host)
return True, None
except Exception as e:
return False, str(e)
def add_into_group(user, cgid, pgid):
try:
cg = Group.objects.get(id=cgid)
pm_list = InternalAPI.get_user_permissions_on_resource(
user, RS_INV, cg.inventory.id
)
if not pm_list.get(PM_ADD_GROUP_INTO_GROUP):
return False, ARK_ERRMSG_CONTENT[1201]
pg = Group.objects.get(id=pgid)
if cg.inventory != pg.inventory:
return False, 'child group and parent group' \
'are not in the same inventory'
if cg == pg:
return False, 'cannot add group to itself'
if GroupAPI.__is_leaf_group(pg):
return False, 'parent主机组不能是叶子主机组'
if cg.parent_groups.filter(id=pg.id).exists():
return True, None
if cg in pg.ancestors:
return False, '形成环了'
cg.parent_groups.add(pg)
return True, None
except Exception as e:
return False, str(e)
def remove_from_group(user, cgid, pgid):
try:
cg = Group.objects.get(id=cgid)
pm_list = InternalAPI.get_user_permissions_on_resource(
user, RS_INV, cg.inventory.id
)
if not pm_list.get(PM_REMOVE_GROUP_FROM_GROUP):
return False, ARK_ERRMSG_CONTENT[1201]
pg = Group.objects.get(id=pgid)
if cg.inventory != pg.inventory:
return False, 'child group and parent group' \
'are not in the same inventory'
if cg == pg:
return False, 'cannot delete group from itself'
if not cg.parent_groups.filter(id=pg.id).exists():
return False, 'child group does not belong to parent group'
cg.parent_groups.remove(pg)
return True, None
except Exception as e:
return False, str(e)
def inventories_view(request):
try:
status, msg, orgs = OrganizationAPI.all(request.user)
if not status:
return HttpResponse(msg)
filted_orgs = []
for org in orgs:
if InternalAPI.get_user_permissions_on_resource(
request.user, RS_ORG, org.id
).get(PM_CREATE_INVENTORY):
filted_orgs.append(org)
context = {
'app': app,
'organizations': filted_orgs,
'path_api_inventories': reverse('inventory:api_inventories'),
'path_api_inventory_create': reverse('inventory:api_inventory_create')
}
return render(request, 'inventory/inventories.html', context)
except Exception as e:
return HttpResponse(str(e))
def organizations_view(request):
user = request.user
try:
status, errmsg, orgs = OrganizationAPI.all(user=user)
if not status:
return render(request, 'error.html', {ARK_ERRMSG: errmsg})
pm_list = InternalAPI.get_user_permissions_on_resource(
user=user, resource_type=RS_SYS)
if PM_CREATE_ORGANIZATION not in pm_list:
pm_create_org = False
else:
pm_create_org = pm_list[PM_CREATE_ORGANIZATION]
if PM_DELETE_ORGANIZATION not in pm_list:
pm_delete_org = False
else:
pm_delete_org = pm_list[PM_DELETE_ORGANIZATION]
context = {
'app': app,
'pm_create_org': pm_create_org,
'pm_delete_org': pm_delete_org,
'organizations': orgs,
}
return render(request, 'organization/organization_list.html', context)
except Exception as e:
return render(request, 'error.html', {ARK_ERRMSG: str(e)})
def inventory_host_detail_view(request, inventory_id, host_id):
try:
status, msg, inv = InventoryAPI.get(request.user, inventory_id)
if not status:
return HttpResponse(msg)
status, msg, host = HostAPI.get(request.user, host_id)
if not status:
return HttpResponse(msg)
if host.inventory != inv:
return HttpResponse(ARK_ERRMSG_CONTENT[1201])
context = {
'app': app,
'inventory': inv,
'pm': InternalAPI.get_user_permissions_on_resource(
request.user, RS_INV, inv.id
),
'host': host,
'path_api_edit': reverse('inventory:api_host_edit', kwargs={'host_id': host.id})
}
return render(request, 'inventory/inventory_host_detail.html', context)
except Exception as e:
return HttpResponse(str(e))
def team_info_user_view(request, team_id):
'''
团队内用户的view
:param request:
:param team_id:
:return:
'''
user = request.user
try:
if request.method == 'GET':
status, errmsg, team = TeamAPI.get(user=user, team_id=team_id)
if not status:
return HttpResponse(errmsg)
status, errmsg, team_users = TeamAPI.get_team_users(user, team_id)
if not status:
return HttpResponse(errmsg)
pm_list = InternalAPI.get_user_permissions_on_resource(
user=user, resource_type=RS_TEAM, resource_id=team.id)
if PM_ADD_TEAM_ROLE not in pm_list:
pm_add_team_role = False
else:
pm_add_team_role = pm_list[PM_ADD_TEAM_ROLE]
# 不能添加团队角色 相当于不能给团队添加用户 也就是该user是个普通用户
if not pm_add_team_role:
team_users = team_users.exclude(
roles__name__in=[RO_SYS_ADMIN, RO_ORG_ADMIN])
team_users_with_role = list()
for user_item in team_users:
user_role_on_team = InternalAPI.get_user_roles_on_resource(
user=user_item, resource_type=RS_TEAM, resource_id=team_id)
team_users_with_role.append([user_item, user_role_on_team])
system_admin = Helper.is_system_admin(user)
context = {
'app': app,
'team': team,
'pm_add_team_role': pm_add_team_role,
'team_users': team_users_with_role,
'system_admin': system_admin
}
return render(request, 'organization/team_info_user.html', context)
except Exception as e:
return HttpResponse(str(e))
def all(user):
try:
orgs = InternalAPI.get_user_resources_by_resource_type(
user, RS_ORG)
orgs = orgs.distinct()
return True, None, orgs
except Exception as e:
return False, str(e), None
def create(user, organization_id, name, description=None, vars=None):
try:
pm_list = InternalAPI.get_user_permissions_on_resource(
user, RS_ORG, organization_id
)
if not pm_list.get(PM_CREATE_INVENTORY):
return False, ARK_ERRMSG_CONTENT[1201]
org = Organization.objects.get(id=organization_id)
if not name or len(name)<4 or len(name)>32:
return False, '名称长度必须为4~32个字符'
if Inventory.objects.filter(name=name, organization=org).exists():
return False, '组织中已存在同名仓库'
inv = Inventory(name=name, organization=org)
if description is not None:
if len(description) > 128:
return False, '描述长度必须小于等于128个字符'
inv.description = description
if vars is not None:
if vars != '':
try:
tmp_vars = json.loads(vars)
if not isinstance(tmp_vars, dict):
return False, '变量必须为对象形式的数据'
except json.decoder.JSONDecodeError:
return False, '变量必须为JSON格式的数据'
inv.vars = vars
with transaction.atomic():
inv.save()
InternalAPI.update_resource_and_roles_relationship(
RS_INV, inv.id
)
return True, None
except Exception as e:
return False, str(e) if settings.DEBUG else '未知的错误'
def all(user):
try:
tems = InternalAPI.get_user_resources_by_resource_type(
user, RS_TEM)
return True, None, tems
except Exception as e:
return False, str(e), None
def update(
user, host_id,
name=None, ip=None, description=None, status=None, vars=None
):
try:
host = Host.objects.get(id=host_id)
pm_list = InternalAPI.get_user_permissions_on_resource(
user, RS_INV, host.inventory.id
)
if not pm_list.get(PM_UPDATE_HOST):
return False, ARK_ERRMSG_CONTENT[1201]
if name is not None:
if len(name)<4 or len(name)>64:
return False, '名称长度必须为4~64个字符'
if Host.objects.filter(name=name, inventory=host.inventory).exclude(id=host.id).exists():
return False, '仓库中已存在同名主机'
host.name = name
if ip is not None:
if not ip:
return False, '必须填写IP地址'
if not is_valid_ip_address(ip):
return False, 'IP地址非法'
host.ip = ip
if description is not None:
if len(description) > 128:
return False, '描述长度必须小于等于128个字符'
host.description = description
if status is not None:
host.status = status
if vars is not None:
if vars != '':
try:
tmp_vars = json.loads(vars)
if not isinstance(tmp_vars, dict):
return False, '变量必须为对象形式的数据'
except json.decoder.JSONDecodeError:
return False, '变量必须为JSON格式的数据'
host.vars = vars
host.save()
return True, None
except Exception as e:
return False, str(e)
def all(user):
try:
tems = InternalAPI.get_user_resources_by_resource_type(
user, RS_TEM)
jobs = Job.objects.filter(job_template__in=tems)
return True, None, jobs
except Exception as e:
return False, str(e), None
def team_info_detail_view(request, team_id):
context = dict()
user = request.user
try:
if request.method == 'GET':
status, errmsg, team = TeamAPI.get(user=user, team_id=team_id)
if not status:
return HttpResponse(errmsg)
choices = [(team.organization.id, team.organization.name)]
team_info_form = TeamInfoForm(initial={
'name': team.name,
'description': team.description
})
team_info_form.fields['organization'].choices = choices
pm_list = InternalAPI.get_user_permissions_on_resource(
user=user, resource_type=RS_TEAM, resource_id=team.id)
if PM_UPDATE_TEAM not in pm_list:
pm_update_team = False
else:
pm_update_team = pm_list[PM_UPDATE_TEAM]
if not pm_update_team:
fields = ['name', 'description', 'organization']
for field in fields:
team_info_form.fields[field].widget.attrs.update(
{'disabled': 'true'})
context = {
'app': app,
'team': team,
'team_info_form': team_info_form,
'pm_update_team': pm_update_team
}
return render(request, 'organization/team_info_detail.html',
context)
elif request.method == 'POST':
team_info_form = TeamInfoForm(request.POST)
if team_info_form.is_valid():
team_info_form = team_info_form.cleaned_data
name = team_info_form.get('name')
description = team_info_form.get('description')
status, errmsg = TeamAPI.update(user=user,
team_id=team_id,
name=name,
description=description)
if not status:
return HttpResponse(errmsg)
else:
return HttpResponseRedirect(
reverse('organization:team_info_detail',
kwargs={'team_id': team_id}))
else:
context[ARK_ERRMSG] = team_info_form.errors
return render(request, 'error.html', context)
except Exception as e:
context[ARK_ERRMSG] = str(e)
return render(request, 'error.html', context)
def team_info_user_add_view(request, team_id):
'''
向团队内添加用户的view
:param request:
:param team_id:
:return:
'''
user = request.user
try:
if request.method == 'GET':
status, errmsg, team = TeamAPI.get(user=user, team_id=team_id)
if not status:
return HttpResponse(errmsg)
org_users = team.organization.users
# 列出该组织内没有团队的用户
all_teams = Team.objects.all()
org_users_not_has_team = org_users.exclude(
roles__team__in=all_teams).all()
pm_list = InternalAPI.get_user_permissions_on_resource(
user=user, resource_type=RS_TEAM, resource_id=team.id)
if PM_ADD_TEAM_ROLE not in pm_list:
pm_add_team_role = False
else:
pm_add_team_role = pm_list[PM_ADD_TEAM_ROLE]
if not pm_add_team_role:
return HttpResponse(ARK_ERRMSG_CONTENT[1201])
context = {
'app': app,
'organization': team.organization,
'organization_id': team.organization.id,
'team': team,
'org_users_not_has_team': org_users_not_has_team,
}
return render(request, 'organization/team_info_user_add.html',
context)
else:
if request.is_ajax() and request.method == 'POST':
ajax_data = request.POST.get('data')
data = json.loads(ajax_data)
user_ids = data.get('user_ids')
team_role = int(data.get('team_role'))
for user_id in user_ids:
status, errmsg = UserAndTeamRoleAPI.add_role_to_user(
user=user,
target_user_id=int(user_id),
role_id=team_role)
if not status:
return JsonResponse({
ARK_STATUS: False,
ARK_ERRMSG: errmsg
})
else:
return JsonResponse({ARK_STATUS: True})
except Exception as e:
return HttpResponse(str(e))
def create(
user, inventory_id, name, ip,
description=None, status=None, vars=None
):
try:
pm_list = InternalAPI.get_user_permissions_on_resource(
user, RS_INV, inventory_id
)
if not pm_list.get(PM_CREATE_HOST):
return False, ARK_ERRMSG_CONTENT[1201]
inv = Inventory.objects.get(id=inventory_id)
if not name or len(name)<4 or len(name)>64:
return False, '名称长度必须为4~64个字符'
if Host.objects.filter(name=name, inventory=inv).exists():
return False, '仓库中已存在同名主机'
if not ip:
return False, '必须填写IP地址'
if not is_valid_ip_address(ip):
return False, 'IP地址非法'
if Host.objects.filter(ip=ip, inventory=inv).exists():
return False, '仓库中已存在相同IP地址'
host = Host(name=name, ip=ip, inventory=inv)
if description is not None:
if len(description) > 128:
return False, '描述长度必须小于等于128个字符'
host.description = description
if vars is not None:
if vars != '':
try:
tmp_vars = json.loads(vars)
if not isinstance(tmp_vars, dict):
return False, '变量必须为对象形式的数据'
except json.decoder.JSONDecodeError:
return False, '变量必须为JSON格式的数据'
host.vars = vars
if status is not None:
host.status = status
host.save()
return True, None
except Exception as e:
return False, str(e) if settings.DEBUG else '未知的错误'
def organization_detail_view(request, organization_id):
user = request.user
try:
if request.method == 'GET':
status, errmsg, organization = OrganizationAPI.get(
user=user, organization_id=organization_id)
if not status:
return HttpResponse(errmsg)
pm_list = InternalAPI.get_user_permissions_on_resource(
user, RS_ORG, organization_id)
if PM_UPDATE_ORGANIZATION not in pm_list:
pm_update_org = False
else:
pm_update_org = pm_list[PM_UPDATE_ORGANIZATION]
# 组织信息
org_info_form = OrganizationInfoForm(
initial={
'name': organization.name,
'description': organization.description
})
if not pm_update_org:
org_info_form.fields['name'].widget.attrs.update(
{'disabled': 'true'})
org_info_form.fields['description'].widget.attrs.update(
{'disabled': 'true'})
context = {
'app': app,
'org_info_form': org_info_form,
'organization': organization,
'pm_update_org': pm_update_org,
'organization_id': organization_id,
}
return render(request,
'organization/organization_info_detail.html',
context)
elif request.method == 'POST':
data = request.POST
org_info_form = OrganizationInfoForm(data)
if org_info_form.is_valid():
data = org_info_form.cleaned_data
name = data.get('name')
description = data.get('description')
status, errmsg = OrganizationAPI.update(
user=user,
organization_id=organization_id,
name=name,
description=description)
if not status:
return HttpResponse(errmsg)
return HttpResponseRedirect(
reverse('organization:organization_detail',
kwargs={'organization_id': organization_id}))
else:
return HttpResponse(org_info_form.errors)
except Exception as e:
return HttpResponse(str(e))
def organization_user_add_view(request, organization_id):
user = request.user
try:
if request.method == 'GET':
status, errmsg, organization = OrganizationAPI.get(
user=user, organization_id=organization_id)
if not status:
return HttpResponse(errmsg)
org_users = organization.users
pm_list = InternalAPI.get_user_permissions_on_resource(
user=user, resource_type=RS_ORG, resource_id=organization.id)
if PM_ADD_ORGANIZATION_ROLE not in pm_list:
pm_add_organization_role = False
else:
pm_add_organization_role = pm_list[PM_ADD_ORGANIZATION_ROLE]
# 列出没有组织的普通用户
users_not_has_org = None
all_orgs = Organization.objects.all()
if pm_add_organization_role:
users_not_has_org = User.objects.\
exclude(roles__organization__in=all_orgs).\
exclude(roles__name=RO_SYS_ADMIN).all().distinct()
else:
return HttpResponse(ARK_ERRMSG_CONTENT[1201])
context = {
'app': app,
'organization': organization,
'organization_id': organization_id,
'org_users': org_users,
'users_not_has_org': users_not_has_org
}
return render(request,
'organization/organization_info_user_add.html',
context)
else:
if request.is_ajax() and request.method == 'POST':
ajax_data = request.POST.get('data')
data = json.loads(ajax_data)
user_ids = data.get('user_ids')
org_role = int(data.get('org_role'))
for user_id in user_ids:
status, errmsg, = UserAndTeamRoleAPI.add_role_to_user(
user=user,
target_user_id=int(user_id),
role_id=org_role)
if not status:
return JsonResponse({
ARK_STATUS: False,
ARK_ERRMSG: errmsg
})
else:
return JsonResponse({ARK_STATUS: True})
except Exception as e:
return HttpResponse(str(e))
def project_roles_view(request, project_id):
try:
status, errmsg, pro = ProjectAPI.get(request.user, project_id)
if not status:
return render(request, 'error.html', {ARK_ERRMSG: errmsg})
users = pro.users
users_with_roles = list()
for user in users:
status, errmsg, roles = \
UserAndTeamRoleAPI.get_user_roles_on_resource(
user=request.user,
target_user_id=user.id,
resource_type=RS_PROJECT,
resource_id=project_id
)
if status:
users_with_roles.append([user, roles])
teams = pro.teams
teams_with_roles = list()
for team in teams:
status, errmsg, roles = \
UserAndTeamRoleAPI.get_team_roles_on_resource(
user=request.user,
target_team_id=team.id,
resource_type=RS_PROJECT,
resource_id=project_id
)
if status:
teams_with_roles.append([team, roles])
all_users = pro.organization.users
all_teams = pro.organization.team_set.all()
pm_list = InternalAPI.get_user_permissions_on_resource(
user=request.user, resource_type=RS_PROJECT, resource_id=pro.id)
context = {
'app': project_app,
'project': pro,
'pm': pm_list,
'users_with_roles': users_with_roles,
'teams_with_roles': teams_with_roles,
'all_users': all_users,
'all_teams': all_teams,
'roles': pro.roles.filter(resource_type=RS_PROJECT),
}
return render(request, 'project/project_roles.html', context)
except Exception as e:
return render(request, 'error.html', {ARK_ERRMSG: str(e)})
def template_roles_view(request, template_id):
try:
status, msg, tem = TemplateAPI.get(request.user, template_id)
if not status:
return HttpResponse(msg)
users = tem.users
users_with_roles = []
for user in users:
status, msg, roles = UserAndTeamRoleAPI.get_user_roles_on_resource(
request.user, user.id, RS_TEM, template_id)
if status:
users_with_roles.append([user, roles])
teams = tem.teams
teams_with_roles = []
for team in teams:
status, msg, roles = UserAndTeamRoleAPI.get_team_roles_on_resource(
request.user, team.id, RS_TEM, template_id)
if status:
teams_with_roles.append([team, roles])
all_users = tem.organization.users
context = {
'app':
template_app,
'template':
tem,
'pm':
InternalAPI.get_user_permissions_on_resource(
request.user, RS_TEM, tem.id),
'users_with_roles':
users_with_roles,
'teams_with_roles':
teams_with_roles,
'all_users':
all_users,
'all_teams':
tem.organization.team_set.all(),
'roles':
tem.roles.filter(resource_type=RS_TEM),
}
return render(request, 'project/template_roles.html', context)
except Exception as e:
return HttpResponse(str(e))
def team_info_role_view(request, team_id):
context = dict()
user = request.user
try:
if request.method == 'GET':
status, errmsg, result = UserAndTeamRoleAPI.get_team_role(
user=user, team_id=team_id)
if not status:
context = {'errmsg': errmsg}
return render(request, 'error.html', context)
status, errmsg, team = TeamAPI.get(user=user, team_id=team_id)
if not status:
context = {'errmsg': errmsg}
return render(request, 'error.html', context)
# is_system_admin = Helper.is_system_admin(target_user)
pm_list = InternalAPI.get_user_permissions_on_resource(
user=user, resource_type=RS_SYS)
if PM_ADD_SYSTEM_ROLE in pm_list:
pm_add_system_role = pm_list[PM_ADD_SYSTEM_ROLE]
else:
pm_add_system_role = False
pm_add_team_role = False
team_pm_list = InternalAPI.get_user_permissions_on_resource(
user=user, resource_type=RS_TEAM, resource_id=team_id)
if PM_ADD_TEAM_ROLE in team_pm_list:
pm_add_team_role = team_pm_list[PM_ADD_TEAM_ROLE]
context = {
'app': app,
'team_role': result,
'team': team,
'pm_add_system_role': pm_add_system_role,
'pm_add_team_role': pm_add_team_role
}
return render(request, 'organization/team_info_role.html', context)
except Exception as e:
context[ARK_ERRMSG] = str(e)
return render(request, 'error.html', context)
def get(user, job_id):
try:
job = Job.objects.get(id=job_id)
pm_list = InternalAPI.get_user_permissions_on_resource(
user, RS_TEM, job.job_template.id)
if not pm_list[PM_RETRIEVE_JOB]:
return False, ARK_ERRMSG_CONTENT[1201], None
return True, None, job
except Exception as e:
return False, str(e), None
def update(user,
project_id,
name=None,
url=None,
username=None,
scm_type=None,
description=None,
branch=None,
revision=None):
try:
errmsg = list()
if project_id == None:
errmsg.append('项目ID不能为空')
if len(errmsg) != 0:
return False, ','.join(errmsg), None
pm_list = InternalAPI.get_user_permissions_on_resource(
user, RS_PRO, project_id)
if not pm_list[PM_UPDATE_PROJECT]:
return False, ARK_ERRMSG_CONTENT[1201]
pro = Project.objects.get(id=project_id)
if name is not None:
pro.name = name
if description is not None and len(description) != 0:
pro.description = description
else:
pro.description = ''
if url is not None and len(url):
pro.url = url
if branch is not None and len(branch):
pro.branch = branch
if revision is not None and len(revision):
pro.revision = revision
if username is not None and len(username):
pro.username = username
if scm_type is not None:
pro.scm_type = scm_type
pro.save()
return True, None
except Exception as e:
return False, str(e)
def sync(user, project_id, password):
try:
pm_list = InternalAPI.get_user_permissions_on_resource(
user, RS_PRO, project_id)
if not pm_list[PM_SYNC_PROJECT]:
return False, ARK_ERRMSG_CONTENT[1201]
pro = Project.objects.get(id=project_id)
# 先在数据库里创建一条job记录,再向gearman发一个任务
job = Job.objects.create(
name='update_repo',
description='sync git',
status='pending',
start_time=timezone.now(),
end_time=timezone.now(),
result='',
user=user,
job_template=None,
)
client = gear.Client()
client.addServer(settings.GEARMAN_SERVER, 4730)
client.waitForServer()
job.status = 'running'
job.save()
pro.last_sync_job = job
pro.save()
job_data = {
'callback_url':
settings.CALLBACK_HOST +
reverse('job:remote_update', kwargs={'job_id': job.id}),
'inventory_file':
settings.GIT_SYNC_INVENTORY,
'playbook_file':
settings.GIT_SYNC_PLAYBOOK,
'args': {
'extra_variables': {
'gituser': pro.username,
'gitpassword': password,
'giturl': pro.url.replace('https://', ''),
'gitbranch': pro.branch,
},
},
}
gearman_job = gear.Job('run_playbook',
bytes(json.dumps(job_data), 'utf-8'))
client.submitJob(gearman_job, background=True)
return True, None
except Exception as e:
return False, str(e)
def get(user, template_id):
try:
pm_list = InternalAPI.get_user_permissions_on_resource(
user, RS_TEM, template_id)
if not pm_list[PM_RETRIEVE_TEMPLATE]:
return False, ARK_ERRMSG_CONTENT[1201], None
tem = JobTemplate.objects.get(id=template_id)
return True, None, tem
except Exception as e:
return False, str(e), None
