示例#1
0
    def add(cls, app_id, name, description, perms):
        ResourceType.get_by(name=name, app_id=app_id) and abort(
            400, "ResourceType <{0}> is already existed".format(name))

        rt = ResourceType.create(name=name, description=description, app_id=app_id)

        cls.update_perms(rt.id, perms, app_id)

        return rt
示例#2
0
def init_acl():
    _app = AppCache.get('cmdb') or App.create(name='cmdb')
    app_id = _app.id

    # 1. add resource type
    for resource_type in ResourceTypeEnum.all():
        try:
            ResourceTypeCRUD.add(app_id, resource_type, '', PermEnum.all())
        except AbortException:
            pass

    # 2. add role
    try:
        RoleCRUD.add_role(RoleEnum.CONFIG, app_id, True)
    except AbortException:
        pass
    try:
        RoleCRUD.add_role(RoleEnum.CMDB_READ_ALL, app_id, False)
    except AbortException:
        pass

    # 3. add resource and grant
    ci_types = CIType.get_by(to_dict=False)
    type_id = ResourceType.get_by(name=ResourceTypeEnum.CI,
                                  first=True,
                                  to_dict=False).id
    for ci_type in ci_types:
        try:
            ResourceCRUD.add(ci_type.name, type_id, app_id)
        except AbortException:
            pass

        ACLManager().grant_resource_to_role(ci_type.name,
                                            RoleEnum.CMDB_READ_ALL,
                                            ResourceTypeEnum.CI,
                                            [PermEnum.READ])

    relation_views = PreferenceRelationView.get_by(to_dict=False)
    type_id = ResourceType.get_by(name=ResourceTypeEnum.RELATION_VIEW,
                                  first=True,
                                  to_dict=False).id
    for view in relation_views:
        try:
            ResourceCRUD.add(view.name, type_id, app_id)
        except AbortException:
            pass

        ACLManager().grant_resource_to_role(view.name, RoleEnum.CMDB_READ_ALL,
                                            ResourceTypeEnum.RELATION_VIEW,
                                            [PermEnum.READ])
示例#3
0
    def has_permission(cls, rid, resource_name, resource_type, app_id, perm):
        resource_type = ResourceType.get_by(app_id=app_id,
                                            name=resource_type,
                                            first=True,
                                            to_dict=False)
        resource_type or abort(
            404, "ResourceType <{0}> is not found".format(resource_type))
        type_id = resource_type.id
        resource = Resource.get_by(name=resource_name,
                                   resource_type_id=type_id,
                                   first=True,
                                   to_dict=False)
        resource = resource or abort(
            403, "Resource <{0}> is not in ACL".format(resource_name))

        parent_ids = RoleRelationCRUD.recursive_parent_ids(rid)

        group_ids = cls.get_group_ids(resource.id)
        for parent_id in parent_ids:
            id2perms = RoleRelationCache.get_resources(parent_id)
            perms = id2perms['id2perms'].get(resource.id, [])
            if perms and {perm}.issubset(set(perms)):
                return True

            for group_id in group_ids:
                perms = id2perms['group2perms'].get(group_id, [])
                if perms and {perm}.issubset(set(perms)):
                    return True

        return False
示例#4
0
 def grant_resource_to_role(self, name, role, resource_type_name=None):
     resource_type = ResourceType.get_by(name=resource_type_name,
                                         first=True,
                                         to_dict=False)
     if resource_type:
         return abort(
             400, "ResourceType <{0}> cannot be found".format(
                 resource_type_name))
示例#5
0
文件: acl.py 项目: 13052020/cmdb
    def add_resource(self, name, resource_type_name=None):
        resource_type = ResourceType.get_by(name=resource_type_name,
                                            first=True,
                                            to_dict=False)
        resource_type or abort(
            404,
            "ResourceType <{0}> cannot be found".format(resource_type_name))

        ResourceCRUD.add(name, resource_type.id, self.app_id)
示例#6
0
文件: acl.py 项目: 13052020/cmdb
    def _get_resource(self, name, resource_type_name):
        resource_type = ResourceType.get_by(name=resource_type_name,
                                            first=True,
                                            to_dict=False)
        resource_type or abort(
            404,
            "ResourceType <{0}> cannot be found".format(resource_type_name))

        return Resource.get_by(resource_type_id=resource_type.id,
                               app_id=self.app_id,
                               name=name,
                               first=True,
                               to_dict=False)
示例#7
0
    def update(cls, rt_id, **kwargs):
        kwargs.pop('app_id', None)

        rt = ResourceType.get_by_id(rt_id) or abort(404, "ResourceType <{0}> is not found".format(rt_id))
        if 'name' in kwargs:
            other = ResourceType.get_by(name=kwargs['name'], app_id=rt.app_id, to_dict=False, first=True)
            if other and other.id != rt_id:
                return abort(400, "ResourceType <{0}> is duplicated".format(kwargs['name']))

        if 'perms' in kwargs:
            cls.update_perms(rt_id, kwargs.pop('perms'), rt.app_id)

        return rt.update(**kwargs)
示例#8
0
    def del_resource(self, name, resource_type_name=None):
        resource_type = ResourceType.get_by(name=resource_type_name,
                                            first=True,
                                            to_dict=False)
        if resource_type:
            return abort(
                400, "ResourceType <{0}> cannot be found".format(
                    resource_type_name))

        resource = Resource.get_by(resource_type_id=resource_type.id,
                                   app_id=self.app_id,
                                   name=name,
                                   first=True,
                                   to_dict=False)
        if resource:
            ResourceCRUD.delete(resource.id)