def _add_privilege_for_zone(self, new_zone):
"""Add privilege for the new zone."""
access_privilege_name = 'ZONE#' + new_zone.name + \
'#' + OPERATION_STR_MAPPING[Operation.ACCESS]
update_privilege_name = 'ZONE#' + new_zone.name + \
'#' + OPERATION_STR_MAPPING[Operation.UPDATE]
delete_privilege_name = 'ZONE#' + new_zone.name + \
'#' + OPERATION_STR_MAPPING[Operation.DELETE]
access_privilege = DBPrivilege(name=access_privilege_name,
resource_type=ResourceType.ZONE,
operation=Operation.ACCESS,
resource_id=new_zone.id)
update_privilege = DBPrivilege(name=update_privilege_name,
resource_type=ResourceType.ZONE,
operation=Operation.UPDATE,
resource_id=new_zone.id)
delete_privilege = DBPrivilege(name=delete_privilege_name,
resource_type=ResourceType.ZONE,
operation=Operation.DELETE,
resource_id=new_zone.id)
db.session.add(access_privilege)
db.session.add(update_privilege)
db.session.add(delete_privilege)
db.session.flush()
for role in ['admin', 'zone_admin', 'zone_guest']:
role_access = DBRolePrivilege(role_id=ROLE_MAPPINGS[role],
privilege_id=access_privilege.id)
db.session.add(role_access)
if role not in ['zone_guest']:
role_update = DBRolePrivilege(role_id=ROLE_MAPPINGS[role],
privilege_id=update_privilege.id)
role_delete = DBRolePrivilege(role_id=ROLE_MAPPINGS[role],
privilege_id=delete_privilege.id)
db.session.add(role_update)
db.session.add(role_delete)
def _add_privilege_for_record(self, current_zone, new_record):
"""Add privilege for the new record."""
access_privilege_name = new_record.view_name + '#' + current_zone.name + \
'#' + new_record.host + '#' + str(Operation.ACCESS)
update_privilege_name = new_record.view_name + '#' + current_zone.name + \
'#' + new_record.host + '#' + str(Operation.UPDATE)
delete_privilege_name = new_record.view_name + '#' + current_zone.name + \
'#' + new_record.host + '#' + str(Operation.DELETE)
access_privilege = DBPrivilege(name=access_privilege_name,
resource_type=ResourceType.RECORD,
operation=Operation.ACCESS,
resource_id=new_record.id)
update_privilege = DBPrivilege(name=update_privilege_name,
resource_type=ResourceType.RECORD,
operation=Operation.UPDATE,
resource_id=new_record.id)
delete_privilege = DBPrivilege(name=delete_privilege_name,
resource_type=ResourceType.RECORD,
operation=Operation.DELETE,
resource_id=new_record.id)
db.session.add(access_privilege)
db.session.add(update_privilege)
db.session.add(delete_privilege)
db.session.flush()
admin_access = DBRolePrivilege(role_id=1,
privilege_id=access_privilege.id)
admin_update = DBRolePrivilege(role_id=1,
privilege_id=update_privilege.id)
admin_delete = DBRolePrivilege(role_id=1,
privilege_id=delete_privilege.id)
db.session.add(admin_access)
db.session.add(admin_update)
db.session.add(admin_delete)
def init_privilege():
"""init the default privilege data when you first time start the app."""
privilege_count = db.session.query(DBPrivilege).count()
if privilege_count < 1:
print('initing the default privileges...')
default_privileges = [
DefaultPrivilege.SERVER_ADD, DefaultPrivilege.ZONE_ADD,
DefaultPrivilege.VIEW_ADD, DefaultPrivilege.BIND_CONF_EDIT
]
for p in default_privileges:
new_p = DBPrivilege(name=p)
db.session.add(new_p)
db.session.flush()
admin_rp = DBRolePrivilege(role_id=ROLE_MAPPINGS['admin'],
privilege_id=new_p.id)
db.session.add(admin_rp)
if p == DefaultPrivilege.SERVER_ADD:
server_admim_rp = DBRolePrivilege(
role_id=ROLE_MAPPINGS['server_admin'],
privilege_id=new_p.id)
db.session.add(server_admim_rp)
if p == DefaultPrivilege.ZONE_ADD:
zone_admin_rp = DBRolePrivilege(
role_id=ROLE_MAPPINGS['zone_admin'], privilege_id=new_p.id)
db.session.add(zone_admin_rp)
if p == DefaultPrivilege.VIEW_ADD:
view_admin_rp = DBRolePrivilege(
role_id=ROLE_MAPPINGS['view_admin'], privilege_id=new_p.id)
db.session.add(view_admin_rp)
def post(self):
"""Create new privilege."""
args = dns_privilege_common_parser.parse_args()
privilege_name = args['name']
operation = args['operation']
resource_type = args['resource_type']
resource_id = args['resource_id']
comment = args.get('comment', '')
uniq_privilege = DBPrivilege.query.filter_by(name=privilege_name).first()
if uniq_privilege:
return get_response(RequestCode.OTHER_FAILED, "{e} 权限名已存在!".format(e=str(uniq_privilege.name)))
try:
new_privilege = DBPrivilege(
name=privilege_name,
operation=operation,
resource_type=resource_type,
resource_id=resource_id,
comment=comment
)
db.session.add(new_privilege)
db.session.flush()
new_rp = DBRolePrivilege(
role_id=1,
privilege_id=new_privilege.id
)
db.session.add(new_rp)
db.session.commit()
except Exception as e:
db.session.rollback()
return get_response(RequestCode.OTHER_FAILED, '创建失败!\n{e}'.format(e=str(e)))
return get_response(RequestCode.SUCCESS, '创建成功!')
def post(self):
"""
功能: 创建新的权限
---
security:
- UserSecurity: []
tags:
- Privilege
definitions:
Privilege_Parm:
properties:
name:
type: string
default: p123
description: privilege name
operation:
type: integer
default: 100
description: the value of operation
resource_type:
type: integer
default: 100
description: the type of resource
resource_id:
type: integer
default: 0
description: the id of resource
comment:
type: string
default: 权限修改
description: the comment of privilege
parameters:
- in: body
name: body
schema:
id: Add_Privilege
required:
- name
$ref: "#/definitions/Privilege_Parm"
responses:
200:
description: 请求结果
schema:
properties:
code:
type: integer
description: response code
msg:
type: string
description: response message
data:
type: string
examples:
{
"code": 100000,
"msg": "添加成功",
"data": null
}
"""
args = request.json
privilege_name = args['name']
operation = args.get(
'operation') if args.get('operation') != '' else 100
resource_type = args.get(
'resource_type') if args.get('resource_type') != '' else 100
resource_id = args.get(
'resource_id') if args.get('resource_id') != '' else 0
comment = args.get('comment') if args.get('comment') else ''
# print(privilege_name, operation, resource_type, resource_id, comment)
uniq_privilege = DBPrivilege.query.filter_by(
name=privilege_name).first()
if uniq_privilege:
return get_response(
RequestCode.OTHER_FAILED,
"{e} 权限名已存在!".format(e=str(uniq_privilege.name)))
try:
new_privilege = DBPrivilege(name=privilege_name,
operation=operation,
resource_type=resource_type,
resource_id=resource_id,
comment=comment)
db.session.add(new_privilege)
db.session.flush()
new_rp = DBRolePrivilege(role_id=1, privilege_id=new_privilege.id)
db.session.add(new_rp)
db.session.commit()
except Exception as e:
db.session.rollback()
return get_response(RequestCode.OTHER_FAILED, '创建失败!')
return get_response(RequestCode.SUCCESS, '创建成功!')