def get_team_by_team_id(self, team_id):
team = team_repo.get_team_by_team_id(team_id=team_id)
if team is None:
raise Tenants.DoesNotExist()
user = user_repo.get_by_user_id(team.creater)
team.creater = user.nick_name
return team
def create_applicants(self, user_id, team_name):
applicant = apply_repo.get_applicants_by_id_team_name(user_id=user_id, team_name=team_name)
if not applicant:
team = team_repo.get_team_by_team_name(team_name=team_name)
user = user_repo.get_by_user_id(user_id=user_id)
info = {
"user_id": user_id,
"user_name": user.get_username(),
"team_id": team.tenant_id,
"team_name": team_name,
"team_alias": team.tenant_alias,
"apply_time": datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S')
}
return apply_repo.create_apply_info(**info)
if applicant[0].is_pass == 0:
raise ServiceHandleException(msg="already applied for it", msg_show="该团队已经申请过")
if applicant[0].is_pass == 1:
teams = team_repo.get_tenants_by_user_id(user_id)
tnames = [team.tenant_name for team in teams]
if team_name in tnames:
raise ServiceHandleException(msg="already join for it", msg_show="您已加入该团队")
applicant[0].apply_time = datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S')
applicant[0].is_pass = 0
applicant[0].save()
return applicant
def list_users_by_tenant_id(self,
tenant_id,
page=None,
size=None,
query=""):
result = user_repo.list_users_by_tenant_id(tenant_id,
query=query,
page=page,
size=size)
users = []
for item in result:
user = user_repo.get_by_user_id(item.get("user_id"))
role_infos = user_kind_role_service.get_user_roles(
kind="team", kind_id=tenant_id, user=user)
users.append({
"user_id": item.get("user_id"),
"nick_name": item.get("nick_name"),
"email": item.get("email"),
"phone": item.get("phone"),
"is_active": item.get("is_active"),
"enterprise_id": item.get("enterprise_id"),
"role_infos": role_infos["roles"],
})
total = user_repo.count_users_by_tenant_id(tenant_id, query=query)
return users, total
def get_user_service_perm_info(self, service):
"""获取应用下的成员及对应的权限"""
user_id_list = service_perm_repo.get_user_id_in_service(service.ID)
user_id_list = list(set(user_id_list))
perm_list = []
for user_id in user_id_list:
user_obj = user_repo.get_by_user_id(user_id)
if not user_obj:
continue
user_info = {}
user_perm_list = []
perm_id_list = service_perm_repo.get_perms_by_user_id_service_id(
user_id=user_id, service_id=service.ID)
for perm_id in perm_id_list:
perm_obj = role_perm_repo.get_perm_obj_by_perm_id(
perm_id=perm_id)
if not perm_obj:
continue
perm_info = dict()
perm_info["id"] = perm_obj.ID
perm_info["codename"] = perm_obj.codename
perm_info["perm_info"] = perm_obj.per_info
user_perm_list.append(perm_info)
user_info["user_id"] = user_obj.user_id
user_info["nick_name"] = user_obj.nick_name
user_info["email"] = user_obj.email
user_info["service_perms"] = user_perm_list
perm_list.append(user_info)
return perm_list
def get(self, request, *args, **kwargs):
page = int(request.GET.get("page_num", 1))
page_size = int(request.GET.get("page_size", 10))
enterprise_id = request.GET.get("eid", None)
admins_num = EnterpriseUserPerm.objects.filter(
enterprise_id=enterprise_id).count()
admin_list = []
start = (page - 1) * 10
remaining_num = admins_num - (page - 1) * 10
end = 10
if remaining_num < page_size:
end = remaining_num
cursor = connection.cursor()
cursor.execute(
"select user_id from enterprise_user_perm where enterprise_id='{0}' order by user_id desc LIMIT {1},{2};"
.format(enterprise_id, start, end))
admin_tuples = cursor.fetchall()
for admin in admin_tuples:
user = user_repo.get_by_user_id(user_id=admin[0])
bean = dict()
if user:
bean["nick_name"] = user.nick_name
bean["phone"] = user.phone
bean["email"] = user.email
bean["create_time"] = time_to_str(user.create_time,
"%Y-%m-%d %H:%M:%S")
bean["user_id"] = user.user_id
admin_list.append(bean)
result = {"list": admin_list, "total": admins_num}
return Response(result, status.HTTP_200_OK)
def list_teams_by_user_id(self, eid, user_id, query=None, page=None, page_size=None):
tenants = team_repo.list_by_user_id(eid, user_id, query, page, page_size)
total = team_repo.count_by_user_id(eid, user_id, query)
user = user_repo.get_by_user_id(user_id)
for tenant in tenants:
roles = user_kind_role_service.get_user_roles(kind="team", kind_id=tenant["tenant_id"], user=user)
tenant["role_infos"] = roles["roles"]
return tenants, total
def add_user_role_to_team(self, tenant, user_ids, role_ids):
"""在团队中添加一个用户并给用户分配一个角色"""
enterprise = enterprise_services.get_enterprise_by_enterprise_id(enterprise_id=tenant.enterprise_id)
if enterprise:
for user_id in user_ids:
# for role_id in role_ids:
PermRelTenant.objects.update_or_create(user_id=user_id, tenant_id=tenant.pk, enterprise_id=enterprise.pk)
user = user_repo.get_by_user_id(user_id)
user_kind_role_service.update_user_roles(kind="team", kind_id=tenant.tenant_id, user=user, role_ids=role_ids)
def put(self, req, team_id, user_id):
if req.user.user_id == user_id:
raise serializers.ValidationError("您不能修改自己的权限!", status.HTTP_400_BAD_REQUEST)
serializer = CreateTeamUserReqSerializer(data=req.data)
serializer.is_valid(raise_exception=True)
role_ids = req.data["role_ids"].replace(" ", "").split(",")
user = user_repo.get_by_user_id(user_id)
user_kind_role_service.update_user_roles(kind="team", kind_id=self.team.tenant_id, user=user, role_ids=role_ids)
return Response(None, status.HTTP_200_OK)
def add_user_to_team(self, tenant, user_id, role_ids=None):
user = user_repo.get_by_user_id(user_id)
if not user:
raise ServiceHandleException(msg="user not found", msg_show="用户不存在", status_code=404)
exist_team_user = PermRelTenant.objects.filter(tenant_id=tenant.ID, user_id=user.user_id)
enterprise = enterprise_services.get_enterprise_by_enterprise_id(enterprise_id=tenant.enterprise_id)
if exist_team_user:
raise ServiceHandleException(msg="user exist", msg_show="用户已经加入此团队")
PermRelTenant.objects.create(tenant_id=tenant.ID, user_id=user.user_id, identity="", enterprise_id=enterprise.ID)
if role_ids:
user_kind_role_service.update_user_roles(kind="team", kind_id=tenant.tenant_id, user=user, role_ids=role_ids)
def get_service_perm(self, service):
service_perms = service_perm_repo.get_service_perms(service.ID)
perm_list = []
for service_perm in service_perms:
perm = {}
u = user_repo.get_by_user_id(service_perm.user_id)
perm["user_id"] = service_perm.user_id
perm["identity"] = service_perm.identity
perm["nick_name"] = u.nick_name
perm["email"] = u.email
perm_list.append(perm)
return perm_list
def get(self, request, *args, **kwargs):
"""指定用户可以加入哪些团队"""
try:
tenants = team_repo.get_tenants_by_user_id(
user_id=self.user.user_id)
team_names = tenants.values("tenant_name")
team_name_list = [
t_name.get("tenant_name") for t_name in team_names
]
user_id = request.GET.get("user_id", None)
if user_id:
enterprise_id = user_repo.get_by_user_id(
user_id=user_id).enterprise_id
team_list = team_repo.get_teams_by_enterprise_id(enterprise_id)
apply_team = apply_repo.get_applicants_team(user_id=user_id)
else:
enterprise_id = user_repo.get_by_user_id(
user_id=self.user.user_id).enterprise_id
team_list = team_repo.get_teams_by_enterprise_id(enterprise_id)
apply_team = apply_repo.get_applicants_team(
user_id=self.user.user_id)
applied_team = [
team_repo.get_team_by_team_name(team_name=team_name) for
team_name in [team_name.team_name for team_name in apply_team]
]
join_list = []
for join_team in team_list:
if join_team not in applied_team and join_team.tenant_name not in team_name_list:
join_list.append(join_team)
join_list = [{
"team_name": j_team.tenant_name,
"team_alias": j_team.tenant_alias,
"team_id": j_team.tenant_id
} for j_team in join_list]
result = general_message(200, "success", "查询成功", list=join_list)
except Exception as e:
logger.exception(e)
result = error_message(e.message)
return Response(result, status=result["code"])
def exit_current_team(self, team_name, user_id):
s_id = transaction.savepoint()
try:
tenant = self.get_tenant_by_tenant_name(tenant_name=team_name)
team_repo.get_user_perms_in_permtenant(user_id=user_id, tenant_id=tenant.ID).delete()
user = user_repo.get_by_user_id(user_id)
user_kind_role_service.delete_user_roles(kind="team", kind_id=tenant.tenant_id, user=user)
transaction.savepoint_commit(s_id)
return 200, "退出团队成功"
except Exception as e:
logger.exception(e)
transaction.savepoint_rollback(s_id)
return 400, "退出团队失败"
def get_user_perm_identitys_in_permtenant(self, user_id, tenant_name):
"""获取用户在一个团队的身份列表"""
user = user_repo.get_by_user_id(user_id)
try:
tenant = self.get_tenant(tenant_name=tenant_name)
except Tenants.DoesNotExist:
tenant = self.get_team_by_team_id(tenant_name)
if tenant is None:
raise Tenants.DoesNotExist()
user_roles = user_kind_role_service.get_user_roles(kind_id=tenant.ID, kind="team", user=user)
if tenant.creater == user_id:
user_roles["roles"].append("owner")
return user_roles
def create_applicants(self, user_id, team_name):
applicant = apply_repo.get_applicants_by_id_team_name(user_id=user_id, team_name=team_name)
if not applicant:
team = team_repo.get_team_by_team_name(team_name=team_name)
user = user_repo.get_by_user_id(user_id=user_id)
info = {
"user_id": user_id,
"user_name": user.get_username(),
"team_id": team.tenant_id,
"team_name": team_name,
"team_alias": team.tenant_alias,
"apply_time": datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S')
}
apply_repo.create_apply_info(**info)
return info
else:
return None
def get(self, request, *args, **kwargs):
"""
管理后台查询控制台企业下的企业管理员
:param request:
:param args:
:param kwargs:
:return:
"""
try:
page = int(request.GET.get("page_num", 1))
page_size = int(request.GET.get("page_size", 10))
admins_num = EnterpriseUserPerm.objects.count()
admin_list = []
start = (page - 1) * 10
remaining_num = admins_num - (page - 1) * 10
end = 10
if remaining_num < page_size:
end = remaining_num
cursor = connection.cursor()
cursor.execute(
"select * from enterprise_user_perm order by user_id desc LIMIT {0},{1};"
.format(start, end))
admin_tuples = cursor.fetchall()
logger.debug(
'---------admin-------------->{0}'.format(admin_tuples))
for admin in admin_tuples:
user = user_repo.get_by_user_id(user_id=admin[1])
bean = dict()
if user:
bean["nick_name"] = user.nick_name
bean["phone"] = user.phone
bean["email"] = user.email
bean["create_time"] = time_to_str(user.create_time,
"%Y-%m-%d %H:%M:%S")
bean["user_id"] = user.user_id
admin_list.append(bean)
result = generate_result("0000",
"success",
"查询成功",
list=admin_list,
total=admins_num)
except Exception as e:
logger.exception(e)
result = generate_error_result()
return Response(result)
def get(self, request, enterprise_id, *args, **kwargs):
code = 200
new_join_team = []
request_join_team = []
try:
tenants = enterprise_repo.get_enterprise_user_teams(enterprise_id, request.user.user_id)
join_tenants = enterprise_repo.get_enterprise_user_join_teams(enterprise_id, request.user.user_id)
active_tenants = enterprise_repo.get_enterprise_user_active_teams(enterprise_id, request.user.user_id)
request_tenants = enterprise_repo.get_enterprise_user_request_join(enterprise_id, request.user.user_id)
if tenants:
for tenant in tenants[:3]:
region_name_list = []
region_name_list = team_repo.get_team_region_names(tenant.tenant_id)
user_role_list = user_kind_role_service.get_user_roles(
kind="team", kind_id=tenant.tenant_id, user=request.user)
roles = [x["role_name"] for x in user_role_list["roles"]]
if tenant.creater == request.user.user_id:
roles.append("owner")
owner = user_repo.get_by_user_id(tenant.creater)
if len(region_name_list) > 0:
team_item = {
"team_name": tenant.tenant_name,
"team_alias": tenant.tenant_alias,
"team_id": tenant.tenant_id,
"create_time": tenant.create_time,
"region": region_name_list[0], # first region is default
"region_list": region_name_list,
"enterprise_id": tenant.enterprise_id,
"owner": tenant.creater,
"owner_name": (owner.get_name() if owner else None),
"roles": roles,
"is_pass": True,
}
new_join_team.append(team_item)
if join_tenants:
for tenant in join_tenants:
region_name_list = team_repo.get_team_region_names(tenant.team_id)
tenant_info = team_repo.get_team_by_team_id(tenant.team_id)
try:
user = user_repo.get_user_by_user_id(tenant_info.creater)
nick_name = user.nick_name
except UserNotExistError:
nick_name = None
if len(region_name_list) > 0:
team_item = {
"team_name": tenant.team_name,
"team_alias": tenant.team_alias,
"team_id": tenant.team_id,
"create_time": tenant_info.create_time,
"region": region_name_list[0],
"region_list": region_name_list,
"enterprise_id": tenant_info.enterprise_id,
"owner": tenant_info.creater,
"owner_name": nick_name,
"role": None,
"is_pass": tenant.is_pass,
}
new_join_team.append(team_item)
if request_tenants:
for request_tenant in request_tenants:
region_name_list = team_repo.get_team_region_names(request_tenant.team_id)
tenant_info = team_repo.get_team_by_team_id(request_tenant.team_id)
try:
user = user_repo.get_user_by_user_id(tenant_info.creater)
nick_name = user.nick_name
except UserNotExistError:
nick_name = None
if len(region_name_list) > 0:
team_item = {
"team_name": request_tenant.team_name,
"team_alias": request_tenant.team_alias,
"team_id": request_tenant.team_id,
"apply_time": request_tenant.apply_time,
"user_id": request_tenant.user_id,
"user_name": request_tenant.user_name,
"region": region_name_list[0],
"region_list": region_name_list,
"enterprise_id": enterprise_id,
"owner": tenant_info.creater,
"owner_name": nick_name,
"role": "viewer",
"is_pass": request_tenant.is_pass,
}
request_join_team.append(team_item)
data = {
"active_teams": active_tenants,
"new_join_team": new_join_team,
"request_join_team": request_join_team,
}
result = general_message(200, "success", None, bean=data)
except Exception as e:
logger.exception(e)
code = 400
result = general_message(code, "failed", "请求失败")
return Response(result, status=code)
def get_team_by_team_id(self, team_id):
team = team_repo.get_team_by_team_id(team_id=team_id)
if team:
user = user_repo.get_by_user_id(team.creater)
team.creater_name = user.get_name()
return team
def get(self, request, *args, **kwargs):
code = request.GET.get("code")
service_id = request.GET.get("service_id")
try:
oauth_service = oauth_repo.get_oauth_services_by_service_id(
service_id)
except Exception as e:
logger.debug(e)
rst = {
"data": {
"bean": None
},
"status": 404,
"msg_show": u"未找到oauth服务, 请检查该服务是否存在且属于开启状态"
}
return Response(rst, status=status.HTTP_200_OK)
try:
api = get_oauth_instance(oauth_service.oauth_type, oauth_service,
None)
except NoSupportOAuthType as e:
logger.debug(e)
rst = {
"data": {
"bean": None
},
"status": 404,
"msg_show": u"未找到oauth服务"
}
return Response(rst, status=status.HTTP_200_OK)
try:
user, access_token, refresh_token = api.get_user_info(code=code)
except Exception as e:
logger.debug(e.message)
rst = {
"data": {
"bean": None
},
"status": 404,
"msg_show": e.message
}
return Response(rst, status=status.HTTP_200_OK)
user_name = user.name
user_id = str(user.id)
user_email = user.email
authenticated_user = oauth_user_repo.user_oauth_exists(
service_id=service_id, oauth_user_id=user_id)
if authenticated_user is not None:
authenticated_user.oauth_user_id = user_id
authenticated_user.oauth_user_name = user_name
authenticated_user.oauth_user_email = user_email
authenticated_user.access_token = access_token
authenticated_user.refresh_token = refresh_token
authenticated_user.code = code
authenticated_user.save()
if authenticated_user.user_id is not None:
login_user = user_repo.get_by_user_id(
authenticated_user.user_id)
payload = jwt_payload_handler(login_user)
token = jwt_encode_handler(payload)
response = Response({"data": {
"bean": {
"token": token
}
}},
status=status.HTTP_200_OK)
if api_settings.JWT_AUTH_COOKIE:
expiration = (datetime.datetime.now() +
api_settings.JWT_EXPIRATION_DELTA)
response.set_cookie(api_settings.JWT_AUTH_COOKIE,
token,
expires=expiration,
httponly=True)
return response
else:
rst = {
"oauth_user_name": user_name,
"oauth_user_id": user_id,
"oauth_user_email": user_email,
"service_id": authenticated_user.service_id,
"oauth_type": oauth_service.oauth_type,
"is_authenticated": authenticated_user.is_authenticated,
"code": code,
}
msg = "user is not authenticated"
return Response(
{"data": {
"bean": {
"result": rst,
"msg": msg
}
}},
status=status.HTTP_200_OK)
else:
usr = oauth_user_repo.save_oauth(
oauth_user_id=user_id,
oauth_user_name=user_name,
oauth_user_email=user_email,
code=code,
service_id=service_id,
access_token=access_token,
refresh_token=refresh_token,
is_authenticated=True,
is_expired=False,
)
rst = {
"oauth_user_name": usr.oauth_user_name,
"oauth_user_id": usr.oauth_user_id,
"oauth_user_email": usr.oauth_user_email,
"service_id": usr.service_id,
"oauth_type": oauth_service.oauth_type,
"is_authenticated": usr.is_authenticated,
"code": code,
}
msg = "user is not authenticated"
return Response({"data": {
"bean": {
"result": rst,
"msg": msg
}
}},
status=status.HTTP_200_OK)
def set_oauth_user_relation(self,
api,
oauth_service,
oauth_user,
access_token,
refresh_token,
code,
user=None):
oauth_user.id = str(oauth_user.id)
if api.is_communication_oauth():
logger.debug(oauth_user.name)
user = user_repo.get_enterprise_user_by_username(
oauth_user.enterprise_id, oauth_user.name)
authenticated_user = oauth_user_repo.user_oauth_exists(
service_id=oauth_service.ID, oauth_user_id=oauth_user.id)
if authenticated_user is not None:
authenticated_user.oauth_user_id = oauth_user.id
authenticated_user.oauth_user_name = oauth_user.name
authenticated_user.oauth_user_email = oauth_user.email
authenticated_user.access_token = access_token
authenticated_user.refresh_token = refresh_token
authenticated_user.code = code
if user:
authenticated_user.user_id = user.user_id
authenticated_user.save()
if authenticated_user.user_id is not None:
login_user = user_repo.get_by_user_id(
authenticated_user.user_id)
payload = jwt_payload_handler(login_user)
token = jwt_encode_handler(payload)
response = Response({"data": {
"bean": {
"token": token
}
}},
status=200)
if api_settings.JWT_AUTH_COOKIE:
expiration = (datetime.datetime.now() +
datetime.timedelta(days=30))
response.set_cookie(api_settings.JWT_AUTH_COOKIE,
token,
expires=expiration)
return response
else:
rst = {
"oauth_user_name": oauth_user.name,
"oauth_user_id": oauth_user.id,
"oauth_user_email": oauth_user.email,
"service_id": authenticated_user.service_id,
"oauth_type": oauth_service.oauth_type,
"is_authenticated": authenticated_user.is_authenticated,
"code": code,
}
msg = "user is not authenticated"
return Response(
{"data": {
"bean": {
"result": rst,
"msg": msg
}
}},
status=200)
else:
usr = oauth_user_repo.save_oauth(
oauth_user_id=oauth_user.id,
oauth_user_name=oauth_user.name,
oauth_user_email=oauth_user.email,
user_id=(user.user_id if user else None),
code=code,
service_id=oauth_service.ID,
access_token=access_token,
refresh_token=refresh_token,
is_authenticated=True,
is_expired=False,
)
rst = {
"oauth_user_name": usr.oauth_user_name,
"oauth_user_id": usr.oauth_user_id,
"oauth_user_email": usr.oauth_user_email,
"service_id": usr.service_id,
"oauth_type": oauth_service.oauth_type,
"is_authenticated": usr.is_authenticated,
"code": code,
}
if user:
payload = jwt_payload_handler(user)
token = jwt_encode_handler(payload)
response = Response({"data": {
"bean": {
"token": token
}
}},
status=200)
if api_settings.JWT_AUTH_COOKIE:
expiration = (datetime.datetime.now() +
api_settings.JWT_EXPIRATION_DELTA)
response.set_cookie(api_settings.JWT_AUTH_COOKIE,
token,
expires=expiration,
httponly=True)
return response
msg = "user is not authenticated"
return Response({"data": {
"bean": {
"result": rst,
"msg": msg
}
}},
status=200)
