def get_app_list(self, tenant_pk, user, tenant_id, region): user_pk = user.pk services = [] if user.is_sys_admin: services = TenantServiceInfo.objects.filter(tenant_id=tenant_id, service_region=region) else: perm = perms_repo.get_user_tenant_perm(tenant_pk, user_pk) if not perm: if tenant_pk == 5073: services = TenantServiceInfo.objects.filter(tenant_id=tenant_id, service_region=region).order_by( 'service_alias') else: if perm.identity in ('admin', 'developer', 'viewer', 'gray', 'owner'): services = TenantServiceInfo.objects.filter(tenant_id=tenant_id, service_region=region).order_by( 'service_alias') else: dsn = BaseConnection() add_sql = '' query_sql = ''' select s.* from tenant_service s, service_perms sp where s.tenant_id = "{tenant_id}" and sp.user_id = {user_id} and sp.service_id = s.ID and s.service_region = "{region}" {add_sql} order by s.service_alias '''.format(tenant_id=tenant_id, user_id=user_pk, region=region, add_sql=add_sql) services = dsn.query(query_sql) return services
def add_service_perm(self, current_user, user_id, tenant, service, identity): if current_user.user_id == user_id: return 409, u"不能给自己添加应用权限", None user = user_repo.get_user_by_user_id(user_id) if not user: return 404, "用户{0}不存在".format(user_id), None service_perm = service_perm_repo.get_service_perm_by_user_pk( service.ID, user_id) if service_perm: return 409, "用户{0}已有权限,无需添加".format(user.nick_name), None service_perm = service_perm_repo.add_service_perm( user_id, service.ID, identity) perm_tenant = perms_repo.get_user_tenant_perm(tenant.ID, user_id) enterprise = None try: enterprise = enterprise_repo.get_enterprise_by_enterprise_id( tenant.enterprise_id) except Exception as e: pass if not perm_tenant: perm_info = { "user_id": user.user_id, "tenant_id": tenant.ID, "identity": "access", "enterprise_id": enterprise.ID if enterprise else 0 } perm_tenant = perms_repo.add_user_tenant_perm(perm_info) logger.debug("service_perm {0} , perm_tenant {1}".format( service_perm, perm_tenant)) return 200, "已向用户{0}授权".format(user.nick_name), service_perm
def get_app_list(self, tenant_pk, user, tenant_id, region, query=""): user_pk = user.pk services = [] def list_services(): q = Q(tenant_id=tenant_id, service_region=region) if query: q &= Q(service_cname__contains=query) return TenantServiceInfo.objects.filter(q) if user.is_sys_admin: services = list_services() else: perm = perms_repo.get_user_tenant_perm(tenant_pk, user_pk) if not perm: if tenant_pk == 5073: services = list_services().order_by('service_alias') else: role_name = role_repo.get_role_name_by_role_id(perm.role_id) if role_name in ('admin', 'developer', 'viewer', 'gray', 'owner'): services = list_services().order_by('service_alias') else: dsn = BaseConnection() add_sql = '' where = """ WHERE s.tenant_id = "{tenant_id}" AND sp.user_id = { user_id } AND sp.service_id = s.ID AND s.service_cname LIKE "%{query}%" AND s.service_region = "{region}" { add_sql }""".format( tenant_id=tenant_id, user_id=user_pk, region=region, query=query, add_sql=add_sql) query_sql = ''' SELECT s.* FROM tenant_service s, service_perms sp {where} ORDER BY s.service_alias'''.format(where=where) services = dsn.query(query_sql) return services
def get_app_list(self, tenant_pk, user, tenant_id, region): user_pk = user.pk services = [] if user.is_sys_admin: services = TenantServiceInfo.objects.filter(tenant_id=tenant_id, service_region=region) else: perm = perms_repo.get_user_tenant_perm(tenant_pk, user_pk) if not perm: if tenant_pk == 5073: services = TenantServiceInfo.objects.filter( tenant_id=tenant_id, service_region=region).order_by('service_alias') else: role_name = role_repo.get_role_name_by_role_id(perm.role_id) if role_name in ('admin', 'developer', 'viewer', 'gray', 'owner'): services = TenantServiceInfo.objects.filter( tenant_id=tenant_id, service_region=region).order_by('service_alias') else: dsn = BaseConnection() add_sql = '' query_sql = ''' SELECT s.* FROM tenant_service s, service_perms sp WHERE s.tenant_id = "{tenant_id}" AND sp.user_id = { user_id } AND sp.service_id = s.ID AND s.service_region = "{region}" { add_sql } ORDER BY s.service_alias'''.format(tenant_id=tenant_id, user_id=user_pk, region=region, add_sql=add_sql) services = dsn.query(query_sql) return services
def add_user_service_perm(self, current_user, user_list, tenant, service, perm_list): """添加用户在一个应用中的权限""" if current_user.user_id in user_list: return 409, u"不能给自己添加应用权限", None for user_id in user_list: user = user_repo.get_user_by_user_id(user_id) if not user: return 404, "用户{0}不存在".format(user_id), None service_perm = service_perm_repo.get_service_perm_by_user_pk_service_pk( service_pk=service.ID, user_pk=user_id) if service_perm: return 409, "用户{0}已有权限,无需添加".format(user.nick_name), None service_perm_repo.add_user_service_perm(user_ids=user_list, service_pk=service.ID, perm_ids=perm_list) enterprise = None try: enterprise = enterprise_repo.get_enterprise_by_enterprise_id( tenant.enterprise_id) except Exception as e: logger.exception(e) pass for user_id in user_list: perm_tenant = perms_repo.get_user_tenant_perm(tenant.ID, user_id) if not perm_tenant: perm_info = { "user_id": user_id, "tenant_id": tenant.ID, "role_id": role_repo.get_role_id_by_role_name("viewer"), "enterprise_id": enterprise.ID if enterprise else 0 } perm_tenant = perms_repo.add_user_tenant_perm(perm_info) return 200, "添加用户应用权限成功", None
def get_user_tenant_perm(self, tenant_pk, user_id): return perms_repo.get_user_tenant_perm(tenant_pk, user_id)