def get_app_list(self, tenant_pk, user, tenant_id, region):
user_pk = user.pk
services = []
if user.is_sys_admin:
services = TenantServiceInfo.objects.filter(tenant_id=tenant_id, service_region=region)
else:
perm = perms_repo.get_user_tenant_perm(tenant_pk, user_pk)
if not perm:
if tenant_pk == 5073:
services = TenantServiceInfo.objects.filter(tenant_id=tenant_id, service_region=region).order_by(
'service_alias')
else:
if perm.identity in ('admin', 'developer', 'viewer', 'gray', 'owner'):
services = TenantServiceInfo.objects.filter(tenant_id=tenant_id, service_region=region).order_by(
'service_alias')
else:
dsn = BaseConnection()
add_sql = ''
query_sql = '''
select s.* from tenant_service s, service_perms sp where s.tenant_id = "{tenant_id}"
and sp.user_id = {user_id} and sp.service_id = s.ID and s.service_region = "{region}" {add_sql} order by s.service_alias
'''.format(tenant_id=tenant_id, user_id=user_pk, region=region,
add_sql=add_sql)
services = dsn.query(query_sql)
return services
def add_service_perm(self, current_user, user_id, tenant, service,
identity):
if current_user.user_id == user_id:
return 409, u"不能给自己添加应用权限", None
user = user_repo.get_user_by_user_id(user_id)
if not user:
return 404, "用户{0}不存在".format(user_id), None
service_perm = service_perm_repo.get_service_perm_by_user_pk(
service.ID, user_id)
if service_perm:
return 409, "用户{0}已有权限,无需添加".format(user.nick_name), None
service_perm = service_perm_repo.add_service_perm(
user_id, service.ID, identity)
perm_tenant = perms_repo.get_user_tenant_perm(tenant.ID, user_id)
enterprise = None
try:
enterprise = enterprise_repo.get_enterprise_by_enterprise_id(
tenant.enterprise_id)
except Exception as e:
pass
if not perm_tenant:
perm_info = {
"user_id": user.user_id,
"tenant_id": tenant.ID,
"identity": "access",
"enterprise_id": enterprise.ID if enterprise else 0
}
perm_tenant = perms_repo.add_user_tenant_perm(perm_info)
logger.debug("service_perm {0} , perm_tenant {1}".format(
service_perm, perm_tenant))
return 200, "已向用户{0}授权".format(user.nick_name), service_perm
def get_app_list(self, tenant_pk, user, tenant_id, region, query=""):
user_pk = user.pk
services = []
def list_services():
q = Q(tenant_id=tenant_id, service_region=region)
if query:
q &= Q(service_cname__contains=query)
return TenantServiceInfo.objects.filter(q)
if user.is_sys_admin:
services = list_services()
else:
perm = perms_repo.get_user_tenant_perm(tenant_pk, user_pk)
if not perm:
if tenant_pk == 5073:
services = list_services().order_by('service_alias')
else:
role_name = role_repo.get_role_name_by_role_id(perm.role_id)
if role_name in ('admin', 'developer', 'viewer', 'gray',
'owner'):
services = list_services().order_by('service_alias')
else:
dsn = BaseConnection()
add_sql = ''
where = """
WHERE
s.tenant_id = "{tenant_id}"
AND sp.user_id = { user_id }
AND sp.service_id = s.ID
AND s.service_cname LIKE "%{query}%"
AND s.service_region = "{region}" { add_sql }""".format(
tenant_id=tenant_id,
user_id=user_pk,
region=region,
query=query,
add_sql=add_sql)
query_sql = '''
SELECT
s.*
FROM
tenant_service s,
service_perms sp
{where}
ORDER BY
s.service_alias'''.format(where=where)
services = dsn.query(query_sql)
return services
def get_app_list(self, tenant_pk, user, tenant_id, region):
user_pk = user.pk
services = []
if user.is_sys_admin:
services = TenantServiceInfo.objects.filter(tenant_id=tenant_id,
service_region=region)
else:
perm = perms_repo.get_user_tenant_perm(tenant_pk, user_pk)
if not perm:
if tenant_pk == 5073:
services = TenantServiceInfo.objects.filter(
tenant_id=tenant_id,
service_region=region).order_by('service_alias')
else:
role_name = role_repo.get_role_name_by_role_id(perm.role_id)
if role_name in ('admin', 'developer', 'viewer', 'gray',
'owner'):
services = TenantServiceInfo.objects.filter(
tenant_id=tenant_id,
service_region=region).order_by('service_alias')
else:
dsn = BaseConnection()
add_sql = ''
query_sql = '''
SELECT
s.*
FROM
tenant_service s,
service_perms sp
WHERE
s.tenant_id = "{tenant_id}"
AND sp.user_id = { user_id }
AND sp.service_id = s.ID
AND s.service_region = "{region}" { add_sql }
ORDER BY
s.service_alias'''.format(tenant_id=tenant_id,
user_id=user_pk,
region=region,
add_sql=add_sql)
services = dsn.query(query_sql)
return services
def add_user_service_perm(self, current_user, user_list, tenant, service,
perm_list):
"""添加用户在一个应用中的权限"""
if current_user.user_id in user_list:
return 409, u"不能给自己添加应用权限", None
for user_id in user_list:
user = user_repo.get_user_by_user_id(user_id)
if not user:
return 404, "用户{0}不存在".format(user_id), None
service_perm = service_perm_repo.get_service_perm_by_user_pk_service_pk(
service_pk=service.ID, user_pk=user_id)
if service_perm:
return 409, "用户{0}已有权限,无需添加".format(user.nick_name), None
service_perm_repo.add_user_service_perm(user_ids=user_list,
service_pk=service.ID,
perm_ids=perm_list)
enterprise = None
try:
enterprise = enterprise_repo.get_enterprise_by_enterprise_id(
tenant.enterprise_id)
except Exception as e:
logger.exception(e)
pass
for user_id in user_list:
perm_tenant = perms_repo.get_user_tenant_perm(tenant.ID, user_id)
if not perm_tenant:
perm_info = {
"user_id": user_id,
"tenant_id": tenant.ID,
"role_id": role_repo.get_role_id_by_role_name("viewer"),
"enterprise_id": enterprise.ID if enterprise else 0
}
perm_tenant = perms_repo.add_user_tenant_perm(perm_info)
return 200, "添加用户应用权限成功", None
def get_user_tenant_perm(self, tenant_pk, user_id):
return perms_repo.get_user_tenant_perm(tenant_pk, user_id)
