def add_service_perm(self, current_user, user_id, tenant, service, identity): if current_user.user_id == user_id: return 409, u"不能给自己添加应用权限", None user = user_repo.get_user_by_user_id(user_id) if not user: return 404, "用户{0}不存在".format(user_id), None service_perm = service_perm_repo.get_service_perm_by_user_pk( service.ID, user_id) if service_perm: return 409, "用户{0}已有权限,无需添加".format(user.nick_name), None service_perm = service_perm_repo.add_service_perm( user_id, service.ID, identity) perm_tenant = perms_repo.get_user_tenant_perm(tenant.ID, user_id) enterprise = None try: enterprise = enterprise_repo.get_enterprise_by_enterprise_id( tenant.enterprise_id) except Exception as e: pass if not perm_tenant: perm_info = { "user_id": user.user_id, "tenant_id": tenant.ID, "identity": "access", "enterprise_id": enterprise.ID if enterprise else 0 } perm_tenant = perms_repo.add_user_tenant_perm(perm_info) logger.debug("service_perm {0} , perm_tenant {1}".format( service_perm, perm_tenant)) return 200, "已向用户{0}授权".format(user.nick_name), service_perm
def add_user_service_perm(self, current_user, user_list, tenant, service, perm_list): """添加用户在一个应用中的权限""" if current_user.user_id in user_list: return 409, u"不能给自己添加应用权限", None for user_id in user_list: user = user_repo.get_user_by_user_id(user_id) if not user: return 404, "用户{0}不存在".format(user_id), None service_perm = service_perm_repo.get_service_perm_by_user_pk_service_pk( service_pk=service.ID, user_pk=user_id) if service_perm: return 409, "用户{0}已有权限,无需添加".format(user.nick_name), None service_perm_repo.add_user_service_perm(user_ids=user_list, service_pk=service.ID, perm_ids=perm_list) enterprise = None try: enterprise = enterprise_repo.get_enterprise_by_enterprise_id( tenant.enterprise_id) except Exception as e: logger.exception(e) pass for user_id in user_list: perm_tenant = perms_repo.get_user_tenant_perm(tenant.ID, user_id) if not perm_tenant: perm_info = { "user_id": user_id, "tenant_id": tenant.ID, "role_id": role_repo.get_role_id_by_role_name("viewer"), "enterprise_id": enterprise.ID if enterprise else 0 } perm_tenant = perms_repo.add_user_tenant_perm(perm_info) return 200, "添加用户应用权限成功", None
def post(self, request, *args, **kwargs): """ 注册用户、需要先访问captcha路由来获取验证码 --- parameters: - name: user_name description: 用户名 required: true type: string paramType: body - name: email description: 邮箱 required: true type: string paramType: body - name: password description: 密码,最少八位 required: true type: string paramType: body - name: password_repeat description: 确认密码 required: true type: string paramType: body - name: captcha_code description: 验证码 required: true type: string paramType: body - name: register_type description: 注册方式 暂: 邀请注册 invitation 其它方式暂无 有拓展再修改 required: false type: string paramType: body - name: value description: 数值 此处需要 team_id required: false type: string paramType: body - name: enter_name description: 企业名称 required: false type: string paramType: body """ try: import copy querydict = copy.copy(request.data) captcha_code = request.session.get("captcha_code") querydict.update({u'real_captcha_code': captcha_code}) client_ip = request.META.get("REMOTE_ADDR", None) register_form = RegisterForm(querydict) if register_form.is_valid(): nick_name = register_form.cleaned_data["user_name"] email = register_form.cleaned_data["email"] password = register_form.cleaned_data["password"] # 创建一个用户 user_info = dict() user_info["email"] = email user_info["nick_name"] = nick_name user_info["client_ip"] = client_ip user_info["is_active"] = 1 user = Users(**user_info) user.set_password(password) user.save() enterprise = enterprise_services.get_enterprise_first() if not enterprise: enter_name = request.data.get("enter_name", None) enterprise = enterprise_services.create_enterprise( enter_name, enter_name) # 创建用户在企业的权限 user_services.make_user_as_admin_for_enterprise( user.user_id, enterprise.enterprise_id) user.enterprise_id = enterprise.enterprise_id user.save() if Users.objects.count() == 1: SuperAdminUser.objects.create(user_id=user.user_id) enterprise = enterprise_services.get_enterprise_first() register_type = request.data.get("register_type", None) value = request.data.get("value", None) if register_type == "invitation": perm = perms_repo.add_user_tenant_perm( perm_info={ "user_id": user.user_id, "tenant_id": value, "identity": "viewer", "enterprise_id": enterprise.ID }) if not perm: result = general_message(400, "invited failed", "团队关联失败,注册失败") return Response(result, status=400) data = dict() data["user_id"] = user.user_id data["nick_name"] = user.nick_name data["email"] = user.email data["enterprise_id"] = user.enterprise_id payload = jwt_payload_handler(user) token = jwt_encode_handler(payload) data["token"] = token result = general_message(200, "register success", "注册成功", bean=data) response = Response(result, status=200) return response else: error = { "error": list(json.loads( register_form.errors.as_json()).values())[0][0].get( "message", "参数错误") } result = general_message(400, "failed", "{}".format(error["error"])) return Response(result, status=400) except Exception as e: logger.exception(e) result = error_message(e.message) return Response(result, status=500)
def test_list_users_by_tenant_id(): from console.services.user_services import user_services from console.repositories.team_repo import team_repo from console.repositories.perm_repo import perms_repo from console.repositories.user_repo import user_repo eid = "bb2f17abc58b328374351e9c92abd400" tenant_id = "374351e9c92abd400bb2f17abc58b328" params = { "tenant_id": tenant_id, "tenant_name": "xxxxxxxx", "creater": 1, "region": "rainbond", "tenant_alias": "foobar team", "enterprise_id": eid, } team = team_repo.create_tenant(**params) userinfo = [{ "nick_name": "foo", "email": "*****@*****.**", "password": "******", "eid": eid }, { "nick_name": "bar", "email": "*****@*****.**", "password": "******", "eid": eid }, { "nick_name": "dummy", "email": "*****@*****.**", "password": "******", "eid": eid }] for item in userinfo: user = user_services.create(item) perminfo = { "user_id": user.user_id, "tenant_id": team.ID, "identity": "owner", "enterprise_id": 1 } perms_repo.add_user_tenant_perm(perminfo) testcases = [ { "tenant_id": tenant_id, "query": "", "page": None, "size": None, "count": 3, "user_id": 1 }, { "tenant_id": tenant_id, "query": "bar", "page": None, "size": None, "count": 1, "user_id": 2 }, { "tenant_id": tenant_id, "query": "*****@*****.**", "page": None, "size": None, "count": 1, "user_id": 1 }, { "tenant_id": tenant_id, "query": "", "page": 2, "size": 2, "count": 1, "user_id": 3 }, { "tenant_id": tenant_id, "query": "nothing", "page": None, "size": None, "count": 0, "user_id": 0 }, { "tenant_id": tenant_id, "query": "", "page": -1, "size": None, "count": 3, "user_id": 1 }, ] for tc in testcases: result = user_repo.list_users_by_tenant_id(tc["tenant_id"], tc["query"], tc["page"], tc["size"]) print result assert len(result) == tc["count"] if len(result) > 0: assert result[0].get("user_id") == tc["user_id"]
def add_user_tenant_perm(self, perm_info): return perms_repo.add_user_tenant_perm(perm_info=perm_info)
def post(self, request, *args, **kwargs): """ 新建团队 --- parameters: - name: team_alias description: 团队名 required: true type: string paramType: body - name: useable_regions description: 可用数据中心 ali-sh,ali-hz required: false type: string paramType: body """ try: user = request.user team_alias = request.data.get("team_alias", None) useable_regions = request.data.get("useable_regions", "") regions = [] if not team_alias: result = general_message(400, "failed", "团队名不能为空") return Response(result, status=400) if useable_regions: regions = useable_regions.split(",") if Tenants.objects.filter(tenant_alias=team_alias).exists(): result = general_message(400, "failed", "该团队名已存在") return Response(result, status=400) else: enterprise = enterprise_services.get_enterprise_first() code, msg, team = team_services.add_team(team_alias=team_alias, user=user, region_names=regions) if team: perm = perms_repo.add_user_tenant_perm( perm_info={ "user_id": user.user_id, "tenant_id": team.ID, "identity": "owner", "enterprise_id": enterprise.ID }) if not perm: result = general_message(400, "invited failed", "团队关联失败,注册失败") return Response(result, status=400) if code == "200": data = { "team_name": team.tenant_name, "team_id": team.tenant_id, "team_ID": team.ID, "team_alisa": team.tenant_alias, "creater": team.creater, "user_num": 1, "enterprise_id": team.enterprise_id } result = general_message(code, "create new team success", "新建团队成功", bean=data) return Response(result, status=code) else: result = general_message(code, 'failed', msg_show=msg) return Response(result, status=code) except TenantExistError as e: logger.exception(e) code = 400 result = general_message(code, "team already exists", "该团队已存在") return Response(result, status=code) except NoEnableRegionError as e: logger.exception(e) code = 400 result = general_message(code, "no enable region", "无可用数据中心") return Response(result, status=code) except Exception as e: logger.exception(e) result = error_message(e.message) return Response(result, status=500)