def set_test_data(self):
"""
テストデータの作成
"""
RuleType(
rule_type_id=9999,
rule_type_name='pytest_name',
summary=None,
rule_table_name='pytest_table',
generation_limit=5,
group_id='pytest_com',
artifact_id='pytest_oase',
container_id_prefix_staging='test',
container_id_prefix_product='prod',
current_container_id_staging=None,
current_container_id_product=None,
label_count=1,
unknown_event_notification='1',
mail_address='*****@*****.**',
disuse_flag='0',
last_update_timestamp=datetime.datetime(
2020, 6, 4, 12, 0, 0, tzinfo=datetime.timezone.utc),
last_update_user='******',
).save(force_insert=True)
Group(
group_id=1,
group_name='pytest管理者',
summary='',
ad_data_flag='0',
last_update_timestamp=datetime.datetime(
2020, 6, 4, 12, 0, 0, tzinfo=datetime.timezone.utc),
last_update_user='******',
).save(force_insert=True)
def set_test_data():
now = datetime.datetime.now(pytz.timezone('UTC'))
group = Group(
group_id=1,
group_name='単体テストチーム',
summary='単体テスト用権限',
ad_data_flag='0',
last_update_timestamp=now,
last_update_user='******',
)
group.save()
group = Group(
group_id=2,
group_name='結合テストチーム',
summary='結合テスト用権限',
ad_data_flag='0',
last_update_timestamp=now,
last_update_user='******',
)
group.save()
cipher = AESCipher(settings.AES_KEY)
encrypted_password = cipher.encrypt('pytest')
ita_driver = ItaDriver(
ita_driver_id=1,
ita_disp_name='Action43',
protocol='https',
hostname='pytest-host-name',
port='443',
username='******',
password=encrypted_password,
last_update_user='******',
last_update_timestamp=now,
)
ita_driver.save(force_insert=True)
ita_driver = ItaDriver(
ita_driver_id=2,
ita_disp_name='Action44',
protocol='https',
hostname='pytest-host-name2',
port='443',
username='******',
password=encrypted_password,
last_update_user='******',
last_update_timestamp=now,
)
ita_driver.save(force_insert=True)
itapermission = ItaPermission(
ita_permission_id=1,
ita_driver_id=1,
group_id=998,
permission_type_id=1,
last_update_timestamp=now,
last_update_user='******',
)
itapermission.save(force_insert=True)
user_group = UserGroup(
user_group_id=1,
user_id=1,
group_id=1,
ad_data_flag='0',
last_update_timestamp=datetime.datetime.now(pytz.timezone('UTC')),
last_update_user='******',
)
user_group.save(force_insert=True)
user_group = UserGroup(
user_group_id=2,
user_id=1,
group_id=998,
ad_data_flag='0',
last_update_timestamp=datetime.datetime.now(pytz.timezone('UTC')),
last_update_user='******',
)
user_group.save(force_insert=True)
def modify(request):
"""
[メソッド概要]
グループのDB更新処理
"""
logger.logic_log('LOSI00001', 'None', request=request)
msg = ''
error_msg = {}
now = datetime.datetime.now(pytz.timezone('UTC'))
try:
with transaction.atomic():
json_str = json.loads(request.POST.get('json_str', '{}'))
if 'json_str' not in json_str:
msg = get_message('MOSJA23019',
request.user.get_lang_mode(),
showMsgId=False)
logger.user_log('LOSM04000', 'json_str', request=request)
raise Exception()
# 更新前にレコードロック
group_update_list = [
rq['group_id'] for rq in json_str['json_str']
if int(rq['ope']) in (defs.DABASE_OPECODE.OPE_UPDATE,
defs.DABASE_OPECODE.OPE_DELETE)
]
Group.objects.select_for_update().filter(pk__in=group_update_list)
error_flag, error_msg = _validate(json_str['json_str'], request)
if error_flag:
raise Exception('validation error.')
# 更新データ作成
group_id_list_reg = []
group_id_list_mod = []
sorted_data = sorted(json_str['json_str'],
key=lambda x: x['group_id'])
upd_data = list(
filter(
lambda x: int(x['ope']) == defs.DABASE_OPECODE.OPE_UPDATE,
sorted_data))
del_data = list(
filter(
lambda x: int(x['ope']) == defs.DABASE_OPECODE.OPE_DELETE,
sorted_data))
ins_data = list(
filter(
lambda x: int(x['ope']) == defs.DABASE_OPECODE.OPE_INSERT,
sorted_data))
for rq in upd_data:
group_id_list_mod = Group.objects.filter(
group_id=rq['group_id'])
if len(group_id_list_mod) <= 0:
logger.logic_log('LOSI04000',
rq['group_name'],
request=request)
continue
# システム管理者はグループ名の更新不可
if int(rq['group_id']) != 1:
group_id_list_mod[0].group_name = rq['group_name']
group_id_list_mod[0].summary = rq['summary']
group_id_list_mod[0].last_update_user = request.user.user_name
group_id_list_mod[0].last_update_timestamp = now
group_id_list_mod[0].save(force_update=True)
group_id_list_del = [
rq['group_id'] for rq in del_data if int(rq['group_id']) != 1
]
for rq in ins_data:
group_info = Group(group_name=rq['group_name'],
summary=rq['summary'],
last_update_user=request.user.user_name,
last_update_timestamp=now)
group_id_list_reg.append(group_info)
# 追加
Group.objects.bulk_create(group_id_list_reg)
# 権限を追加
_bulk_create_access_permission(
request.user.user_name,
[i.group_name for i in group_id_list_reg],
now,
)
# 削除対象グループを削除
Group.objects.filter(pk__in=group_id_list_del).delete()
# 削除対象ユーザグループに該当するユーザIDを取得
before_user_list = list(
UserGroup.objects.filter(
group_id__in=group_id_list_del).values_list(
'user_id', flat=True).distinct())
# ユーザグループを削除
UserGroup.objects.filter(group_id__in=group_id_list_del).delete()
# どのグループにも所属しないユーザを検索
after_user_list = list(
UserGroup.objects.filter(
user_id__in=before_user_list).values_list(
'user_id', flat=True).distinct())
delete_user_list = list(
set(before_user_list) ^ set(after_user_list))
# ユーザ、パスワード履歴、アクセス権限を削除
User.objects.filter(pk__in=delete_user_list).delete()
PasswordHistory.objects.filter(
user_id__in=delete_user_list).delete()
AccessPermission.objects.filter(
group_id__in=group_id_list_del).delete()
except Exception as e:
logger.logic_log('LOSI00005', traceback.format_exc(), request=request)
msg = get_message('MOSJA23021',
request.user.get_lang_mode()) + '\\n' + str(e.args)
response = {}
response['status'] = 'failure'
response['msg'] = msg
response['error_msg'] = error_msg
response_json = json.dumps(response)
return HttpResponse(response_json, content_type="application/json")
redirect_url = '/oase_web/system/group'
response_json = '{"status": "success", "redirect_url": "%s"}' % redirect_url
logger.logic_log('LOSI00002', 'None', request=request)
return HttpResponse(response_json, content_type="application/json")
def _collaborate_data(self, ad_data):
"""
[概要]
AD データ連携処理
[引数]
ad_data: 連携するADデータ
# ad_data['group'] = [groupname]
# ad_data['user'] = ad_users
# ad_users[login_id] = {
# 'login_id' : login_id,
# 'display_name': display_name,
# 'mail' : mail,
# 'group' : [adgp],
# }
"""
self.__logger.logic_log('LOSI00001',
'ad_data: %s' % json.dumps(ad_data))
# --------------------------------
# データ整理
# --------------------------------
### システム設定のグループ名変換(AD_attribute->OASE_group_name) ###
system_confs_group_list = System.objects.get(
config_id='TARGET_GROUP_LIST').value
groups_list = ast.literal_eval(system_confs_group_list)
groups_dict = {}
for g in groups_list:
groups_dict.update(g)
### グループ ###
cur_ad_grp_name_set = set(
[groups_dict[ad_gname] for ad_gname in ad_data['group']])
oase_ad_group = list(Group.objects.filter(ad_data_flag='1'))
oase_ad_grp_dict = {grp.group_name: grp for grp in oase_ad_group}
oase_ad_grp_name_set = set(oase_ad_grp_dict.keys())
### ユーザ ###
cur_ad_user_dict = ad_data['user']
cur_ad_user_login_id_set = set(cur_ad_user_dict.keys())
oase_ad_user = list(
User.objects.filter(ad_data_flag='1', disuse_flag='0'))
oase_ad_user_dict = {user.login_id: user for user in oase_ad_user}
oase_ad_user_login_id_set = set(oase_ad_user_dict.keys())
### ユーザグループ ###
user_group_link = []
for login_id, user_info in ad_data['user'].items():
for user_group_name in user_info['group']:
user_group_link.append(login_id + ':' +
groups_dict[user_group_name])
cur_ad_user_grp_key_set = set(user_group_link)
oase_ad_user_group = list(UserGroup.objects.filter(ad_data_flag='1'))
oase_ad_user_user_id_dict = {
user.user_id: user.login_id
for user in oase_ad_user
}
oase_ad_grp_grp_id_dict = {
grp.group_id: grp.group_name
for grp in oase_ad_group
}
oase_ad_user_grp_dict = { # {login_id+group_name: user_group_id} としたい
oase_ad_user_user_id_dict[usrgrp.user_id] + ':' +
oase_ad_grp_grp_id_dict[usrgrp.group_id]: usrgrp
for usrgrp in oase_ad_user_group
}
oase_ad_user_grp_key_set = set(oase_ad_user_grp_dict.keys())
now = datetime.datetime.now(pytz.timezone('UTC'))
modified_user_id_link_user_grp = []
# --------------------------------
# 追加系(グループ → ユーザ → ユーザグループ)
# --------------------------------
### グループ ###
add_target_grp = cur_ad_grp_name_set - oase_ad_grp_name_set
add_grp_bulk_list = []
tmp_grp = None
for agrp_name in add_target_grp:
tmp_grp = Group(group_name=agrp_name,
summary='',
ad_data_flag='1',
last_update_user=BACKYARD_USER.user_name,
last_update_timestamp=now)
add_grp_bulk_list.append(copy.deepcopy(tmp_grp))
self.__logger.logic_log(
'LOSI11000', 'add_grp_bulk_list: %s' %
','.join([g.group_name for g in add_grp_bulk_list]))
if len(add_grp_bulk_list) > 0:
Group.objects.bulk_create(add_grp_bulk_list)
# 権限を追加
# 選択されたグループを取得
inserted_group_name = []
for group in add_grp_bulk_list:
inserted_group_name.append(group.group_name)
inserted_group_list = Group.objects.filter(
group_name__in=inserted_group_name)
permission_list = []
permission_record = None
for inserted_group in inserted_group_list:
for menu_id in defs.MENU:
permission_record = AccessPermission(
group_id=inserted_group.group_id,
menu_id=menu_id,
permission_type_id=defs.ALLOWED_MENTENANCE
if menu_id == 2141003001 else defs.NO_AUTHORIZATION,
last_update_user=BACKYARD_USER.user_name,
last_update_timestamp=now)
permission_list.append(copy.deepcopy(permission_record))
AccessPermission.objects.bulk_create(permission_list)
### ユーザ ###
add_target_user_login_id = cur_ad_user_login_id_set - oase_ad_user_login_id_set
add_user_bulk_list = []
tmp_user = None
for auser_login_id in add_target_user_login_id:
ad_user_info = cur_ad_user_dict[auser_login_id]
tmp_user = User(
login_id=ad_user_info['login_id'],
user_name=ad_user_info['display_name'],
password='******', # 仮...ログインでは使われない
mail_address=ad_user_info['mail'] if
len(ad_user_info['mail']) > 0 else 'oase_ad_collaboration_' +
ad_user_info['login_id'],
lang_mode_id=defs.LANG_MODE.JP,
disp_mode_id=defs.DISP_MODE.DEFAULT,
ad_data_flag='1',
disuse_flag='0',
last_update_user=BACKYARD_USER.user_name,
last_update_timestamp=now)
add_user_bulk_list.append(copy.deepcopy(tmp_user))
self.__logger.logic_log(
'LOSI11000', 'add_user_bulk_list: %s' % ','.join([
u.user_name + '(' + u.login_id + ')'
for u in add_user_bulk_list
]))
if len(add_user_bulk_list) > 0:
User.objects.bulk_create(add_user_bulk_list)
### ユーザグループ ###
# ユーザとグループは新規分も考慮して再取得
oase_ad_user_after = list(
User.objects.filter(ad_data_flag='1', disuse_flag='0'))
oase_ad_user_dict_after = {
user.login_id: user
for user in oase_ad_user_after
}
oase_ad_group_after = list(Group.objects.filter(ad_data_flag='1'))
oase_ad_grp_dict_after = {
grp.group_name: grp
for grp in oase_ad_group_after
}
add_target_user_grp_key = cur_ad_user_grp_key_set - oase_ad_user_grp_key_set
add_user_grp_bulk_list = []
for auser_grp_key in add_target_user_grp_key:
login_id, group_name = auser_grp_key.split(':')
tmp_user_group = UserGroup(
user_id=oase_ad_user_dict_after[login_id].user_id,
group_id=oase_ad_grp_dict_after[group_name].group_id,
ad_data_flag='1',
last_update_user=BACKYARD_USER.user_name,
last_update_timestamp=now)
add_user_grp_bulk_list.append(copy.deepcopy(tmp_user_group))
modified_user_id_link_user_grp.append(tmp_user_group.user_id)
self.__logger.logic_log(
'LOSI11000', 'add_user_grp_bulk_list: %s' % ','.join([
str(ug.user_id) + '-' + str(ug.group_id)
for ug in add_user_grp_bulk_list
]))
if len(add_user_grp_bulk_list) > 0:
UserGroup.objects.bulk_create(add_user_grp_bulk_list)
# --------------------------------
# 削除系(ユーザグループ → ユーザ → グループ)
# --------------------------------
### ユーザグループ ###
del_target_user_grp_key = oase_ad_user_grp_key_set - cur_ad_user_grp_key_set
del_user_grp_id_list = []
for user_grp_key in del_target_user_grp_key:
del_user_grp_id_list.append(
oase_ad_user_grp_dict[user_grp_key].user_group_id)
modified_user_id_link_user_grp.append(
oase_ad_user_grp_dict[user_grp_key].user_id)
self.__logger.logic_log(
'LOSI11000', 'del_user_grp_id_list: %s' %
','.join(map(str, del_user_grp_id_list)))
if len(del_user_grp_id_list) > 0:
UserGroup.objects.filter(ad_data_flag='1',
pk__in=del_user_grp_id_list).delete()
### ユーザ ###
del_target_user_login_id = oase_ad_user_login_id_set - cur_ad_user_login_id_set
del_user_id_list = [
oase_ad_user_dict[d].user_id for d in del_target_user_login_id
]
if len(del_user_id_list) > 0:
User.objects.filter(ad_data_flag='1',
pk__in=del_user_id_list).delete()
### グループ ###
del_target_grp_name = oase_ad_grp_name_set - cur_ad_grp_name_set
del_grp_id_list = [
oase_ad_grp_dict[d].group_id for d in del_target_grp_name
]
self.__logger.logic_log(
'LOSI11000',
'del_grp_id_list: %s' % ','.join(map(str, del_grp_id_list)))
if len(del_grp_id_list) > 0:
# delGrpQuerySet = Group.objects.filter(ad_data_flag='1',pk__in=del_grp_id_list)
# delGrpQuerySet._raw_delete(delGrpQuerySet.db)
AccessPermission.objects.filter(pk__in=del_grp_id_list).delete()
Group.objects.filter(ad_data_flag='1',
pk__in=del_grp_id_list).delete()
# --------------------------------
# 更新系(ユーザ)
# --------------------------------
### ユーザ ###
modify_target_user_login_id = oase_ad_user_login_id_set & cur_ad_user_login_id_set
self.__logger.logic_log(
'LOSI11000', 'modify_target_user_login_id: %s' %
','.join(map(str, modify_target_user_login_id)))
for user_login_id in modify_target_user_login_id:
db_user = oase_ad_user_dict[user_login_id]
ad_user = cur_ad_user_dict[user_login_id]
modify_flag = False
if db_user.user_name != ad_user['display_name']:
db_user.user_name = ad_user['display_name']
modify_flag = True
if db_user.mail_address != ad_user['mail']:
if not (db_user.mail_address.startswith(
'oase_ad_collaboration_')
and len(ad_user['mail']) == 0):
db_user.mail_address = ad_user['mail']
modify_flag = True
if modify_flag == True:
db_user.last_update_user = BACKYARD_USER.user_name
db_user.last_update_timestamp = now
db_user.save()
# 処理途中でユーザグループが変更されたユーザの最終更新日時を更新する
self.__logger.logic_log(
'LOSI11000', 'modified_user_id_link_user_grp: %s' %
','.join(map(str, modified_user_id_link_user_grp)))
if len(modified_user_id_link_user_grp) > 0:
User.objects.filter(ad_data_flag='1',pk__in=modified_user_id_link_user_grp) \
.update(
last_update_user = BACKYARD_USER.user_name,
last_update_timestamp = now
)
self.__logger.logic_log('LOSI00002', '')