def wrapper(request, *args, **kwargs): if not getattr(request, 'is_trust', False): get_filters = {} for kwarg, filter_arg in get_kwargs.items(): get_filters[filter_arg] = kwargs.get(kwarg) # project_id value replace if 'project_id' in get_filters: obj_id = get_filters['project_id'] scope = _get_project_scope_from_request(request) try: project = get_project_with(obj_id=obj_id, scope=scope) except Project.DoesNotExist: return JsonResponse({ 'result': False, 'message': 'project{id} with scope{scope} does not exist.'. format(id=obj_id, scope=scope) }) get_filters['project_id'] = project.id instance = auth_resource.resource_cls.objects.get( **get_filters) verify_or_raise_auth_failed( principal_type='user', principal_id=request.user.username, resource=auth_resource, action_ids=[act.id for act in actions], instance=instance, status=200) return view_func(request, *args, **kwargs)
def test_verify_or_raise_auth_failed__pass(self): shortcuts.verify_or_raise_auth_failed( principal_type=self.principal_type, principal_id=self.principal_id, resource=self.resource, action_ids=self.action_ids, instance=self.instance, scope_id=self.scope_id, status=self.status) shortcuts.verify_or_return_insufficient_perms \ .assert_called_once_with(self.principal_type, self.principal_id, [(self.resource, self.action_ids, self.instance)], self.scope_id)
def test_verify_or_raise_auth_failed__failed(self): try: shortcuts.verify_or_raise_auth_failed( principal_type=self.principal_type, principal_id=self.principal_id, resource=self.resource, action_ids=self.action_ids, instance=self.instance, scope_id=self.scope_id, status=self.status) except AuthFailedException as e: self.assertEqual(e.permissions, self.permissions) self.assertEqual(e.status, self.status) shortcuts.verify_or_return_insufficient_perms \ .assert_called_once_with(self.principal_type, self.principal_id, [(self.resource, self.action_ids, self.instance)], self.scope_id)
def get_common_template_info(request, template_id): try: tmpl = CommonTemplate.objects.select_related('pipeline_template').get(id=template_id, is_deleted=False) auth_resource = common_template_resource except CommonTemplate.DoesNotExist: result = { 'result': False, 'message': 'common template[id={template_id}] does not exist'.format(template_id=template_id) } return JsonResponse(result) if not request.is_trust: verify_or_raise_auth_failed(principal_type='user', principal_id=request.user.username, resource=auth_resource, action_ids=[auth_resource.actions.view.id], instance=tmpl, status=200) return JsonResponse({'result': True, 'data': format_template_data(template=tmpl)})
def get_template_info(request, template_id, project_id): project = request.project template_source = request.GET.get('template_source', PROJECT) if template_source in {BUSINESS, PROJECT}: try: tmpl = TaskTemplate.objects.select_related('pipeline_template').get(id=template_id, project_id=project.id, is_deleted=False) auth_resource = task_template_resource except TaskTemplate.DoesNotExist: result = { 'result': False, 'message': 'template[id={template_id}] of project[project_id={project_id}, biz_id={biz_id}] ' 'does not exist'.format(template_id=template_id, project_id=project.id, biz_id=project.bk_biz_id)} return JsonResponse(result) else: try: tmpl = CommonTemplate.objects.select_related('pipeline_template').get(id=template_id, is_deleted=False) auth_resource = common_template_resource except CommonTemplate.DoesNotExist: result = { 'result': False, 'message': 'common template[id={template_id}] does not exist'.format(template_id=template_id) } return JsonResponse(result) if not request.is_trust: verify_or_raise_auth_failed(principal_type='user', principal_id=request.user.username, resource=auth_resource, action_ids=[auth_resource.actions.view.id], instance=tmpl, status=200) return JsonResponse({'result': True, 'data': format_template_data(tmpl, project)})
def wrapper(request, *args, **kwargs): if not getattr(request, 'is_trust', False): project = getattr(request, 'project', None) if not project: obj_id = kwargs.get('project_id') try: obj_scope = _get_project_scope_from_request(request) except Exception: return JsonResponse({ 'result': False, 'message': 'invalid param format' }) try: project = get_project_with(obj_id=obj_id, scope=obj_scope) except Project.DoesNotExist: return JsonResponse({ 'result': False, 'message': 'project{id} with scope{scope} does not exist.'. format(id=obj_id, scope=obj_scope) }) verify_or_raise_auth_failed( principal_type='user', principal_id=request.user.username, resource=project_resource, action_ids=[act.id for act in actions], instance=project, status=200) return view_func(request, *args, **kwargs)
def create_task(request, template_id, project_id): try: params = json.loads(request.body) except Exception: return JsonResponse({ 'result': False, 'message': 'invalid json format' }) project = request.project template_source = params.get('template_source', PROJECT) logger.info('apigw create_task info, template_id: {template_id}, project_id: {project_id}, params: {params}'.format( template_id=template_id, project_id=project.id, params=params)) # 兼容老版本的接口调用 if template_source in {BUSINESS, PROJECT}: try: tmpl = TaskTemplate.objects.select_related('pipeline_template').get(id=template_id, project_id=project.id, is_deleted=False) if not request.is_trust: verify_or_raise_auth_failed(principal_type='user', principal_id=request.user.username, resource=task_template_resource, action_ids=[task_template_resource.actions.create_task.id], instance=tmpl, status=200) except TaskTemplate.DoesNotExist: result = { 'result': False, 'message': 'template[id={template_id}] of project[project_id={project_id} , biz_id{biz_id}] ' 'does not exist'.format(template_id=template_id, project_id=project.id, biz_id=project.bk_biz_id)} return JsonResponse(result) else: try: tmpl = CommonTemplate.objects.select_related('pipeline_template').get(id=template_id, is_deleted=False) if not request.is_trust: perms_tuples = [(project_resource, [project_resource.actions.use_common_template.id], project), (common_template_resource, [common_template_resource.actions.create_task.id], tmpl)] batch_verify_or_raise_auth_failed(principal_type='user', principal_id=request.user.username, perms_tuples=perms_tuples, status=200) except CommonTemplate.DoesNotExist: result = { 'result': False, 'message': 'common template[id={template_id}] does not exist'.format(template_id=template_id) } return JsonResponse(result) try: params.setdefault('flow_type', 'common') params.setdefault('constants', {}) params.setdefault('exclude_task_nodes_id', []) jsonschema.validate(params, APIGW_CREATE_TASK_PARAMS) except jsonschema.ValidationError as e: logger.warning(u"apigw create_task raise prams error: %s" % e) message = 'task params is invalid: %s' % e return JsonResponse({'result': False, 'message': message}) app_code = getattr(request.jwt.app, settings.APIGW_APP_CODE_KEY) if not app_code: message = 'app_code cannot be empty, make sure api gateway has sent correct params' return JsonResponse({'result': False, 'message': message}) pipeline_instance_kwargs = { 'name': params['name'], 'creator': request.user.username, } if 'description' in params: pipeline_instance_kwargs['description'] = params['description'] try: result, data = TaskFlowInstance.objects.create_pipeline_instance_exclude_task_nodes( tmpl, pipeline_instance_kwargs, params['constants'], params['exclude_task_nodes_id']) except PipelineException as e: return JsonResponse({'result': False, 'message': e.message}) if not result: return JsonResponse({'result': False, 'message': data}) task = TaskFlowInstance.objects.create( project=project, pipeline_instance=data, category=tmpl.category, template_id=template_id, create_method='api', create_info=app_code, flow_type=params.get('flow_type', 'common'), current_flow='execute_task' if params.get('flow_type', 'common') == 'common' else 'func_claim', ) return JsonResponse({ 'result': True, 'data': { 'task_id': task.id, 'task_url': task.url, 'pipeline_tree': task.pipeline_tree }})
def collect(request, project_id): template_id = request.POST.get('template_id') template_list = json.loads(request.POST.get('template_list', '[]')) if template_id: method = request.POST.get('method', 'add') try: template = TaskTemplate.objects.get(pk=template_id, project_id=project_id, is_deleted=False) except TaskTemplate.DoesNotExist: return JsonResponse({ 'result': False, 'message': 'flow[id=%s] does not exist' % template_id }) verify_or_raise_auth_failed( principal_type='user', principal_id=request.user.username, resource=task_template_resource, action_ids=[task_template_resource.actions.view.id], instance=template) ctx = template.user_collect(request.user.username, method) return JsonResponse(ctx) if template_list: if len(template_list) > 10: return JsonResponse({ 'result': False, 'message': u"template list must not larger than 10" }) user_model = get_user_model() user = user_model.objects.get(username=request.user.username) try: templates = TaskTemplate.objects.filter(pk__in=template_list, project_id=project_id, is_deleted=False) perms_tuples = [(task_template_resource, [task_template_resource.actions.view.id], t) for t in templates] batch_verify_or_raise_auth_failed( principal_type='user', principal_id=request.user.username, perms_tuples=perms_tuples) collected_template = user.tasktemplate_set.filter( project_id=project_id) user.tasktemplate_set.remove(*collected_template) user.tasktemplate_set.add(*templates) except Exception as e: message = u"collect template error: %s" % e ctx = {'result': False, 'message': message} else: ctx = {'result': True, 'data': ''} return JsonResponse(ctx) else: try: user_model = get_user_model() user = user_model.objects.get(username=request.user.username) collected_template = user.tasktemplate_set.filter( project_id=project_id) user.tasktemplate_set.remove(*collected_template) except Exception as e: message = u"collect template error: %s" % e ctx = {'result': False, 'message': message} else: ctx = {'result': True, 'data': ''} return JsonResponse(ctx)
def save_app_maker(self, project_id, app_params, fake=False): """ @summary: @param project_id: 项目 ID @param app_params: App maker参数 @param fake: 为True则不会真正调用API创建轻应用 @return: """ logger.info('save_app_maker params: %s' % app_params) app_id = app_params['id'] if app_id == '0' or not app_id: app_id = None template_id = app_params['template_id'] app_params['name'] = name_handler(app_params['name'], 20) app_params['desc'] = name_handler(app_params.get('desc', ''), 30) proj = Project.objects.get(id=project_id) try: task_template = TaskTemplate.objects.get(pk=template_id, project_id=project_id, is_deleted=False) except TaskTemplate.DoesNotExist: return False, _(u"保存失败,引用的流程模板不存在!") # create appmaker from gcloud.contrib.appmaker.permissions import mini_app_resource if not app_id: verify_or_raise_auth_failed( principal_type='user', principal_id=app_params['username'], resource=task_template_resource, action_ids=[task_template_resource.actions.create_mini_app.id], instance=task_template) fields = { 'project': proj, 'name': app_params['name'], 'code': '', 'desc': app_params['desc'], 'logo_url': '', 'link': app_params['link_prefix'], 'creator': app_params['username'], 'editor': app_params['username'], 'task_template': task_template, # 生成一个删除状态的对象,以便拼接轻应用访问链接 'is_deleted': True, } if app_params.get('template_scheme_id'): fields['template_scheme_id'] = app_params['template_scheme_id'] app_maker_obj = AppMaker.objects.create(**fields) # update app link app_id = app_maker_obj.id app_link = '{appmaker_prefix}{app_id}/newtask/{project_id}/selectnode/?template_id={template_id}'.format( appmaker_prefix=app_params['link_prefix'], app_id=app_id, project_id=project_id, template_id=template_id) app_maker_obj.link = app_link if fake: app_maker_obj.code = '%s%s' % (settings.APP_CODE, time_now_str()) app_maker_obj.is_deleted = False app_maker_obj.save() return True, app_maker_obj # create app on blueking desk app_create_result = create_maker_app( app_params['username'], app_params['name'], app_link, app_params['username'], task_template.category, app_params['desc'], ) if not app_create_result['result']: return False, _(u"创建轻应用失败:%s") % app_create_result['message'] app_code = app_create_result['data']['bk_light_app_code'] app_maker_obj.code = app_code app_maker_obj.is_deleted = False # edit appmaker else: try: app_maker_obj = AppMaker.objects.get( id=app_id, project_id=project_id, task_template__id=template_id, is_deleted=False) except AppMaker.DoesNotExist: return False, _(u"保存失败,当前操作的轻应用不存在或已删除!") verify_or_raise_auth_failed( principal_type='user', principal_id=app_params['username'], resource=mini_app_resource, action_ids=[mini_app_resource.actions.edit.id], instance=app_maker_obj) app_code = app_maker_obj.code creator = app_maker_obj.creator link = app_maker_obj.link if not fake: # edit app on blueking app_edit_result = edit_maker_app( creator, app_code, app_params['name'], link, creator, task_template.category, app_params['desc'], ) if not app_edit_result['result']: return False, _(u"编辑轻应用失败:%s") % app_edit_result['message'] app_maker_obj.name = app_params['name'] app_maker_obj.desc = app_params['desc'] app_maker_obj.editor = app_params['username'] if 'template_scheme_id' in app_params: app_maker_obj.template_scheme_id = app_params[ 'template_scheme_id'] # upload app logo if not fake and app_params['logo_content']: logo = base64.b64encode(app_params['logo_content']) app_logo_result = modify_app_logo(app_maker_obj.creator, app_code, logo) if not app_logo_result['result']: logger.warning(u"AppMaker[id=%s] upload logo failed: %s" % (app_maker_obj.id, app_logo_result['message'])) # update app maker info app_maker_obj.logo_url = get_app_logo_url(app_code=app_code) app_maker_obj.save() return True, app_maker_obj