def get(self, request, team_name, *args, **kwargs):
"""
获取团队详情
---
parameters:
- name: team_name
description: team name
required: true
type: string
paramType: path
"""
try:
tenant = team_services.get_tenant_by_tenant_name(team_name)
if not tenant:
return Response(general_message(404, "team not exist", "团队{0}不存在".format(team_name)), status=404)
user_team_perm = team_services.get_user_perms_in_permtenant(self.user.user_id, team_name)
tenant_info = dict()
team_region_list = region_services.get_region_list_by_team_name(request=request,
team_name=team_name)
p = PermActions()
tenant_info["team_id"] = tenant.ID
tenant_info["team_name"] = tenant.tenant_name
tenant_info["team_alias"] = tenant.tenant_alias
tenant_info["limit_memory"] = tenant.limit_memory
tenant_info["pay_level"] = tenant.pay_level
tenant_info["region"] = team_region_list
tenant_info["creater"] = tenant.creater
tenant_info["create_time"] = tenant.create_time
if not user_team_perm:
if not self.user.is_sys_admin and team_name != "grdemo":
return Response(general_message(403, "you right to see this team", "您无权查看此团队"), 403)
else:
perms_list = team_services.get_user_perm_identitys_in_permtenant(user_id=self.user.user_id,
tenant_name=tenant.tenant_name)
role_name_list = team_services.get_user_perm_role_in_permtenant(user_id=self.user.user_id,
tenant_name=tenant.tenant_name)
role_perms_tuple = team_services.get_user_perm_in_tenant(user_id=self.user.user_id,
tenant_name=tenant.tenant_name)
tenant_actions = ()
tenant_info["identity"] = perms_list + role_name_list
if perms_list:
final_identity = get_highest_identity(perms_list)
perms = p.keys('tenant_{0}_actions'.format(final_identity))
tenant_actions += perms
tenant_actions += role_perms_tuple
tenant_info["tenant_actions"] = tuple(set(tenant_actions))
return Response(general_message(200, "success", "查询成功", bean=tenant_info), status=200)
except Exception as e:
logger.exception(e)
result = error_message(e.message)
return Response(result, status=result["code"])
def get(self, request, team_name, *args, **kwargs):
"""
退出当前团队
---
parameters:
- name: team_name
description: 当前所在的团队
required: true
type: string
paramType: path
"""
identity_list = team_services.get_user_perm_identitys_in_permtenant(
user_id=request.user.user_id, tenant_name=team_name)
role_name_list = team_services.get_user_perm_role_in_permtenant(
user_id=request.user.user_id, tenant_name=team_name)
if "owner" in identity_list:
result = general_message(409, "not allow exit.",
"您是当前团队创建者,不能退出此团队")
return Response(result, status=409)
if "admin" in identity_list:
result = general_message(409, "not allow exit.",
"您是当前团队管理员,不能退出此团队")
return Response(result, status=409)
if "owner" in role_name_list:
result = general_message(409, "not allow exit.",
"您是当前团队创建者,不能退出此团队")
return Response(result, status=409)
if "admin" in role_name_list:
result = general_message(409, "not allow exit.",
"您是当前团队管理员,不能退出此团队")
return Response(result, status=409)
try:
if request.user.nick_name == "rainbond-demo" and team_name == "a5qw69mz":
return Response(general_message(403, "permission denied!",
"您无法退出此团队"),
status=403)
code, msg_show = team_services.exit_current_team(
team_name=team_name, user_id=request.user.user_id)
if code == 200:
result = general_message(code=code,
msg="success",
msg_show=msg_show)
else:
result = general_message(code=code,
msg="failed",
msg_show=msg_show)
except Exception as e:
logger.exception(e)
result = error_message(e.message)
return Response(result, status=result["code"])
def get(self, request, *args, **kwargs):
"""
团队管理员可以获取公有云的数据中心列表
---
parameters:
- name: enterprise_id
description: 企业id
required: true
type: string
paramType: path
- name: team_name
description: 当前团队名字
required: true
type: string
paramType: query
"""
try:
team_name = request.GET.get("team_name", None)
if not team_name:
return Response(general_message(400, "params error", "参数错误"),
status=400)
perm_list = team_services.get_user_perm_identitys_in_permtenant(
user_id=request.user.user_id, tenant_name=team_name)
role_name_list = team_services.get_user_perm_role_in_permtenant(
user_id=request.user.user_id, tenant_name=team_name)
perm = "owner" not in perm_list and "admin" not in perm_list
if perm and "owner" not in role_name_list and "admin" not in role_name_list:
code = 400
result = general_message(code, "no identity",
"您不是owner或admin,没有权限做此操作")
return Response(result, status=code)
team = team_services.get_tenant_by_tenant_name(
tenant_name=team_name, exception=True)
res, data = market_api.get_public_regions_list(
tenant_id=team.tenant_id, enterprise_id=team.enterprise_id)
if res["status"] == 200:
code = 200
result = general_message(
code,
"query the data center is successful.",
"公有云数据中心获取成功",
list=data)
else:
code = 400
result = general_message(code,
msg="query the data center failed",
msg_show="公有云数据中心获取失败")
except Exception as e:
code = 500
logger.exception(e)
result = error_message(e.message)
return Response(result, status=code)
def post(self, request, team_name, *args, **kwargs):
"""
移交团队管理权
---
parameters:
- name: team_name
description: 团队名
required: true
type: string
paramType: path
- name: user_name
description: 被赋予权限的用户名
required: true
type: string
paramType: body
"""
try:
perm_list = team_services.get_user_perm_identitys_in_permtenant(
user_id=request.user.user_id, tenant_name=team_name)
role_list = team_services.get_user_perm_role_in_permtenant(
user_id=request.user.user_id, tenant_name=team_name)
no_auth = "owner" not in perm_list and "owner" not in role_list
if no_auth:
code = 400
result = general_message(code, "no identity", "你不是最高管理员")
else:
user_name = request.data.get("user_name", None)
other_user = user_services.get_user_by_username(
user_name=user_name)
if other_user.nick_name != user_name:
code = 400
result = general_message(code, "identity modify failed",
"{}不能修改自己的权限".format(user_name))
else:
code, msg = team_services.change_tenant_admin(
user_id=request.user.user_id,
other_user_id=other_user.user_id,
tenant_name=team_name)
if code == 200:
result = general_message(code,
"identity modify success",
msg)
else:
result = general_message(code, "Authorization failure",
"授权失败")
except Exception as e:
code = 500
result = error_message(e.message)
logger.exception(e)
return Response(result, status=code)
def get(self, request, team_name, user_name, *args, **kwargs):
"""
用户详情
---
parameters:
- name: team_name
description: 团队名
required: true
type: string
paramType: path
- name: user_name
description: 用户名
required: true
type: string
paramType: path
"""
try:
# u, perms = user_services.get_user_detail(tenant_name=team_name, nick_name=user_name)
team = team_services.get_tenant_by_tenant_name(team_name)
is_user_enter_amdin = user_services.is_user_admin_in_current_enterprise(
self.user, team.enterprise_id)
perms = team_services.get_user_perm_identitys_in_permtenant(
self.user.user_id, team_name)
role_list = team_services.get_user_perm_role_in_permtenant(
user_id=self.user.user_id, tenant_name=team_name)
# teams = [{"team_identity": perm.identity} for perm in perms]
data = dict()
data["nick_name"] = self.user.nick_name
data["email"] = self.user.email
# data["teams_identity"] = teams[0]["team_identity"]
data["teams_identity"] = perms + role_list
data["is_user_enter_amdin"] = is_user_enter_amdin
code = 200
result = general_message(code,
"user details query success.",
"用户详情获取成功",
bean=data)
return Response(result, status=code)
except UserNotExistError as e:
logger.exception(e)
code = 400
result = general_message(code,
"this user does not exist on this team.",
"该用户不存在这个团队")
return Response(result, status=code)
except Exception as e:
logger.exception(e)
result = error_message(e.message)
return Response(result, status=500)
def delete(self, request, team_name, *args, **kwargs):
"""
删除租户内的用户
(可批量可单个)
---
parameters:
- name: team_name
description: 团队名称
required: true
type: string
paramType: path
- name: user_ids
description: 用户名 user_id1,user_id2 ...
required: true
type: string
paramType: body
"""
try:
identitys = team_services.get_user_perm_identitys_in_permtenant(
user_id=request.user.user_id,
tenant_name=team_name
)
perm_tuple = team_services.get_user_perm_in_tenant(user_id=request.user.user_id, tenant_name=team_name)
if "owner" not in identitys and "admin" not in identitys and "manage_team_member_permissions" not in perm_tuple:
code = 400
result = general_message(code, "no identity", "没有权限")
return Response(result, status=code)
user_ids = str(request.data.get("user_ids", None))
if not user_ids:
result = general_message(400, "failed", "删除成员不能为空")
return Response(result, status=400)
try:
user_id_list = [int(user_id) for user_id in user_ids.split(",")]
except Exception as e:
logger.exception(e)
result = general_message(200, "Incorrect parameter format", "参数格式不正确")
return Response(result, status=400)
if request.user.user_id in user_id_list:
result = general_message(400, "failed", "不能删除自己")
return Response(result, status=400)
for user_id in user_id_list:
print user_id
role_name_list = team_services.get_user_perm_role_in_permtenant(user_id=user_id, tenant_name=team_name)
identity_list = team_services.get_user_perm_identitys_in_permtenant(user_id=user_id,
tenant_name=team_name)
print role_name_list
if "owner" in role_name_list or "owner" in identity_list:
result = general_message(400, "failed", "不能删除团队创建者!")
return Response(result, status=400)
try:
user_services.batch_delete_users(team_name, user_id_list)
result = general_message(200, "delete the success", "删除成功")
except Tenants.DoesNotExist as e:
logger.exception(e)
result = generate_result(400, "tenant not exist", "{}团队不存在".format(team_name))
except Exception as e:
logger.exception(e)
result = error_message(e.message)
return Response(result)
except Exception as e:
code = 500
logger.exception(e)
result = error_message(e.message)
return Response(result, status=code)
def post(self, request, team_name, user_id, *args, **kwargs):
"""
修改团队成员角色
---
parameters:
- name: team_name
description: 团队名
required: true
type: string
paramType: path
- name: user_id
description: 被修改权限的团队成员id
required: true
type: string
paramType: path
- name: role_ids
description: 角色 格式 {"role_ids": "1,2,3"}
required: true
type: string
paramType: body
"""
try:
perm_list = team_services.get_user_perm_identitys_in_permtenant(
user_id=request.user.user_id, tenant_name=team_name)
perm_tuple = team_services.get_user_perm_in_tenant(
user_id=request.user.user_id, tenant_name=team_name)
no_auth = ("owner" not in perm_list) and (
"admin" not in perm_list
) and "manage_team_member_permissions" not in perm_tuple
if no_auth:
code = 400
result = general_message(code, "no identity", "您没有权限做此操作")
else:
code = 200
role_ids = request.data.get("role_ids", None)
if role_ids:
try:
role_id_list = [int(id) for id in role_ids.split(",")]
except Exception as e:
logger.exception(e)
code = 400
result = general_message(code, "params is empty",
"参数格式不正确")
return Response(result, status=code)
other_user = user_repo.get_user_by_user_id(
user_id=int(user_id))
if other_user.user_id == request.user.user_id:
result = general_message(400, "failed", "您不能修改自己的权限!")
return Response(result, status=400)
for id in role_id_list:
if id not in team_services.get_all_team_role_id(
tenant_name=team_name):
code = 400
result = general_message(
code, "The role does not exist", "该角色在团队中不存在")
return Response(result, status=code)
identity_list = team_services.get_user_perm_identitys_in_permtenant(
user_id=other_user.user_id, tenant_name=team_name)
role_name_list = team_services.get_user_perm_role_in_permtenant(
user_id=other_user.user_id, tenant_name=team_name)
if "owner" in identity_list or "owner" in role_name_list:
result = general_message(400, "failed", "您不能修改创建者的权限!")
return Response(result, status=400)
team_services.change_tenant_role(
user_id=other_user.user_id,
tenant_name=team_name,
role_id_list=role_id_list)
result = general_message(
code, "identity modify success",
"{}角色修改成功".format(other_user.nick_name))
else:
result = general_message(400, "identity failed",
"修改角色时,角色不能为空")
except UserNotExistError as e:
logger.exception(e)
code = 400
result = general_message(code, "users not exist", "该用户不存在")
except Exception as e:
logger.exception(e)
code = 500
result = error_message(e.message)
return Response(result, status=code)
