def _add_privilege_for_zone(self, new_zone): """Add privilege for the new zone.""" access_privilege_name = 'ZONE#' + new_zone.name + \ '#' + OPERATION_STR_MAPPING[Operation.ACCESS] update_privilege_name = 'ZONE#' + new_zone.name + \ '#' + OPERATION_STR_MAPPING[Operation.UPDATE] delete_privilege_name = 'ZONE#' + new_zone.name + \ '#' + OPERATION_STR_MAPPING[Operation.DELETE] access_privilege = DBPrivilege(name=access_privilege_name, resource_type=ResourceType.ZONE, operation=Operation.ACCESS, resource_id=new_zone.id) update_privilege = DBPrivilege(name=update_privilege_name, resource_type=ResourceType.ZONE, operation=Operation.UPDATE, resource_id=new_zone.id) delete_privilege = DBPrivilege(name=delete_privilege_name, resource_type=ResourceType.ZONE, operation=Operation.DELETE, resource_id=new_zone.id) db.session.add(access_privilege) db.session.add(update_privilege) db.session.add(delete_privilege) db.session.flush() for role in ['admin', 'zone_admin', 'zone_guest']: role_access = DBRolePrivilege(role_id=ROLE_MAPPINGS[role], privilege_id=access_privilege.id) db.session.add(role_access) if role not in ['zone_guest']: role_update = DBRolePrivilege(role_id=ROLE_MAPPINGS[role], privilege_id=update_privilege.id) role_delete = DBRolePrivilege(role_id=ROLE_MAPPINGS[role], privilege_id=delete_privilege.id) db.session.add(role_update) db.session.add(role_delete)
def _add_privilege_for_record(self, current_zone, new_record): """Add privilege for the new record.""" access_privilege_name = new_record.view_name + '#' + current_zone.name + \ '#' + new_record.host + '#' + str(Operation.ACCESS) update_privilege_name = new_record.view_name + '#' + current_zone.name + \ '#' + new_record.host + '#' + str(Operation.UPDATE) delete_privilege_name = new_record.view_name + '#' + current_zone.name + \ '#' + new_record.host + '#' + str(Operation.DELETE) access_privilege = DBPrivilege(name=access_privilege_name, resource_type=ResourceType.RECORD, operation=Operation.ACCESS, resource_id=new_record.id) update_privilege = DBPrivilege(name=update_privilege_name, resource_type=ResourceType.RECORD, operation=Operation.UPDATE, resource_id=new_record.id) delete_privilege = DBPrivilege(name=delete_privilege_name, resource_type=ResourceType.RECORD, operation=Operation.DELETE, resource_id=new_record.id) db.session.add(access_privilege) db.session.add(update_privilege) db.session.add(delete_privilege) db.session.flush() admin_access = DBRolePrivilege(role_id=1, privilege_id=access_privilege.id) admin_update = DBRolePrivilege(role_id=1, privilege_id=update_privilege.id) admin_delete = DBRolePrivilege(role_id=1, privilege_id=delete_privilege.id) db.session.add(admin_access) db.session.add(admin_update) db.session.add(admin_delete)
def init_privilege(): """init the default privilege data when you first time start the app.""" privilege_count = db.session.query(DBPrivilege).count() if privilege_count < 1: print('initing the default privileges...') default_privileges = [ DefaultPrivilege.SERVER_ADD, DefaultPrivilege.ZONE_ADD, DefaultPrivilege.VIEW_ADD, DefaultPrivilege.BIND_CONF_EDIT ] for p in default_privileges: new_p = DBPrivilege(name=p) db.session.add(new_p) db.session.flush() admin_rp = DBRolePrivilege(role_id=ROLE_MAPPINGS['admin'], privilege_id=new_p.id) db.session.add(admin_rp) if p == DefaultPrivilege.SERVER_ADD: server_admim_rp = DBRolePrivilege( role_id=ROLE_MAPPINGS['server_admin'], privilege_id=new_p.id) db.session.add(server_admim_rp) if p == DefaultPrivilege.ZONE_ADD: zone_admin_rp = DBRolePrivilege( role_id=ROLE_MAPPINGS['zone_admin'], privilege_id=new_p.id) db.session.add(zone_admin_rp) if p == DefaultPrivilege.VIEW_ADD: view_admin_rp = DBRolePrivilege( role_id=ROLE_MAPPINGS['view_admin'], privilege_id=new_p.id) db.session.add(view_admin_rp)
def post(self): """Create new privilege.""" args = dns_privilege_common_parser.parse_args() privilege_name = args['name'] operation = args['operation'] resource_type = args['resource_type'] resource_id = args['resource_id'] comment = args.get('comment', '') uniq_privilege = DBPrivilege.query.filter_by(name=privilege_name).first() if uniq_privilege: return get_response(RequestCode.OTHER_FAILED, "{e} 权限名已存在!".format(e=str(uniq_privilege.name))) try: new_privilege = DBPrivilege( name=privilege_name, operation=operation, resource_type=resource_type, resource_id=resource_id, comment=comment ) db.session.add(new_privilege) db.session.flush() new_rp = DBRolePrivilege( role_id=1, privilege_id=new_privilege.id ) db.session.add(new_rp) db.session.commit() except Exception as e: db.session.rollback() return get_response(RequestCode.OTHER_FAILED, '创建失败!\n{e}'.format(e=str(e))) return get_response(RequestCode.SUCCESS, '创建成功!')
def post(self): """ 功能: 创建新的权限 --- security: - UserSecurity: [] tags: - Privilege definitions: Privilege_Parm: properties: name: type: string default: p123 description: privilege name operation: type: integer default: 100 description: the value of operation resource_type: type: integer default: 100 description: the type of resource resource_id: type: integer default: 0 description: the id of resource comment: type: string default: 权限修改 description: the comment of privilege parameters: - in: body name: body schema: id: Add_Privilege required: - name $ref: "#/definitions/Privilege_Parm" responses: 200: description: 请求结果 schema: properties: code: type: integer description: response code msg: type: string description: response message data: type: string examples: { "code": 100000, "msg": "添加成功", "data": null } """ args = request.json privilege_name = args['name'] operation = args.get( 'operation') if args.get('operation') != '' else 100 resource_type = args.get( 'resource_type') if args.get('resource_type') != '' else 100 resource_id = args.get( 'resource_id') if args.get('resource_id') != '' else 0 comment = args.get('comment') if args.get('comment') else '' # print(privilege_name, operation, resource_type, resource_id, comment) uniq_privilege = DBPrivilege.query.filter_by( name=privilege_name).first() if uniq_privilege: return get_response( RequestCode.OTHER_FAILED, "{e} 权限名已存在!".format(e=str(uniq_privilege.name))) try: new_privilege = DBPrivilege(name=privilege_name, operation=operation, resource_type=resource_type, resource_id=resource_id, comment=comment) db.session.add(new_privilege) db.session.flush() new_rp = DBRolePrivilege(role_id=1, privilege_id=new_privilege.id) db.session.add(new_rp) db.session.commit() except Exception as e: db.session.rollback() return get_response(RequestCode.OTHER_FAILED, '创建失败!') return get_response(RequestCode.SUCCESS, '创建成功!')