perf: merage yanxiang perm

Signed-off-by: 张启航 <[email protected]>
goodrain · Jul 2, 2024 · 23fd343 · 23fd343
1 parent 4daa0c0
commit 23fd343
Show file tree

Hide file tree

Showing 4 changed files with 100 additions and 25 deletions.
diff --git a/console/models/main.py b/console/models/main.py
@@ -80,8 +80,6 @@ class Meta:
  desc = models.CharField(max_length=100, null=True, blank=True, default="", help_text="描述")
  enable = models.BooleanField(default=True, help_text="是否生效")
  create_time = models.DateTimeField(auto_now_add=True, blank=True, help_text="创建时间")
- enterprise_id = models.CharField(max_length=32, help_text="eid", default="")
-
 
 class RainbondCenterApp(BaseModel):
  """云市应用包(组)"""

diff --git a/console/repositories/config_repo.py b/console/repositories/config_repo.py
@@ -52,7 +52,6 @@ def create_token_record(self, key, value, eid):
  type="string",
  desc="helm对接集群唯一标识",
  enable=True,
- enterprise_id=eid,
  create_time=datetime.now().strftime('%Y-%m-%d %H:%M:%S'))
 
 

diff --git a/console/services/config_service.py b/console/services/config_service.py
@@ -90,16 +90,15 @@ def delete_config(self, key):
  return self.delete_config_by_key(key)
 
  def add_config(self, key, default_value, type, enable=True, desc=""):
- if not ConsoleSysConfig.objects.filter(key=key, enterprise_id=self.enterprise_id).exists():
+ if not ConsoleSysConfig.objects.filter(key=key).exists():
  create_time = datetime.now().strftime('%Y-%m-%d %H:%M:%S')
  config = ConsoleSysConfig.objects.create(
  key=key,
  type=type,
  value=default_value,
  desc=desc,
  create_time=create_time,
- enable=enable,
- enterprise_id=self.enterprise_id)
+ enable=enable)
  custom_settings.reload()
  return config
  else:
@@ -126,13 +125,13 @@ def update_config_by_key(self, key, data):
  def update_config_enable_status(self, key, enable):
  self.init_base_config_value()
  ConsoleSysConfig.objects.filter(key=key).update(enable=enable)
- config = ConsoleSysConfig.objects.get(key=key, enterprise_id=self.enterprise_id)
+ config = ConsoleSysConfig.objects.get(key=key)
  if key in self.base_cfg_keys:
  return {key.lower(): {"enable": enable, "value": self.base_cfg_keys_value[key]["value"]}}
  return {key.lower(): {"enable": enable, "value": (eval(config.value) if config.type == "json" else config.value)}}
 
  def update_config_value(self, key, value):
- config = ConsoleSysConfig.objects.get(key=key, enterprise_id=self.enterprise_id)
+ config = ConsoleSysConfig.objects.get(key=key)
  config.value = value
  if isinstance(value, (dict, list)):
  type = "json"
@@ -143,7 +142,7 @@ def update_config_value(self, key, value):
  return {key.lower(): {"enable": True, "value": config.value}}
 
  def delete_config_by_key(self, key):
- rst = ConsoleSysConfig.objects.get(key=key, enterprise_id=self.enterprise_id)
+ rst = ConsoleSysConfig.objects.get(key=key)
  rst.enable = self.cfg_keys_value[key]["enable"]
  rst.value = self.cfg_keys_value[key]["value"]
  rst.desc = self.cfg_keys_value[key]["desc"]
@@ -407,7 +406,7 @@ def add_config_without_reload(self, key, default_value, type, desc=""):
  if not ConsoleSysConfig.objects.filter(key=key).exists():
  create_time = datetime.now().strftime('%Y-%m-%d %H:%M:%S')
  config = ConsoleSysConfig.objects.create(
- key=key, type=type, value=default_value, desc=desc, create_time=create_time, enterprise_id="")
+ key=key, type=type, value=default_value, desc=desc, create_time=create_time)
  return config
  else:
  raise ConfigExistError("配置{}已存在".format(key))

diff --git a/console/views/base.py b/console/views/base.py
@@ -295,14 +295,33 @@ def __init__(self, *args, **kwargs):
  self.perm_apps = []
 
  def get_perms(self):
+ """
+ 获取用户的权限列表。
+
+ 用户权限由以下几部分组成：
+ 1. 用户拥有的管理员角色的权限；
+ 2. 如果用户是团队所有者，则包含团队权限和团队所有者权限；
+ 3. 如果用户是团队成员，则根据其角色获取相应的权限；
+ 4. 如果用户有指定的应用权限，则添加该应用的权限；
+ 5. 如果用户有指定的应用组权限，则添加该应用组的权限。
+
+ Returns:
+ list: 用户的权限列表。
+ """
+ # 初始化用户权限列表
  self.user_perms = []
+
+ # 获取用户拥有的管理员角色
  admin_roles = user_services.list_roles(self.user.enterprise_id, self.user.user_id)
  self.user_perms = list(perms.list_enterprise_perm_codes_by_roles(admin_roles))
+
+ # 如果用户是团队所有者，添加团队权限和团队所有者权限
  if self.is_team_owner:
  team_perms = list(PermsInfo.objects.filter(kind="team").values_list("code", flat=True))
  self.user_perms.extend(team_perms)
  self.user_perms.append(100001)
  else:
+ # 获取团队角色
  team_roles = RoleInfo.objects.filter(kind="team", kind_id=self.tenant.tenant_id)
  if team_roles:
  role_ids = team_roles.values_list("ID", flat=True)
@@ -315,23 +334,51 @@ def get_perms(self):
  self.user_perms.extend(list(global_team_role_perms.values_list("perm_code", flat=True)))
  if global_team_role_perms.filter(perm_code=300002):
  self.perm_apps = [-1]
- if self.perm_app_id:
- app_role_perms = team_role_perms.filter(app_id=self.perm_app_id)
- self.user_perms.extend(list(app_role_perms.values_list("perm_code", flat=True)))
- if not self.perm_apps and team_role_perms.filter(perm_code=300002).exclude(app_id=-1):
- self.perm_apps = team_role_perms.filter(perm_code=300002).exclude(app_id=-1).values_list(
- "app_id", flat=True)
+ if self.perm_app_id or self.perm_app_id == 0:
+ app = ServiceGroup.objects.filter(ID=self.perm_app_id)
+ if self.perm_app_id == 0 or (app and app[0].username == self.user.username):
+ app_perms = get_perms(copy.deepcopy(APP), "app", "app")
+ code = [a[2] for a in app_perms]
+ self.user_perms.extend(code)
+ else:
+ app_role_perms = team_role_perms.filter(app_id=self.perm_app_id)
+ self.user_perms.extend(list(app_role_perms.values_list("perm_code", flat=True)))
+ if not self.perm_apps:
+ self.perm_apps = list(
+ team_role_perms.filter(perm_code=300002).exclude(app_id=-1).values_list("app_id",
+ flat=True))
+ app = ServiceGroup.objects.filter(tenant_id=self.tenant.tenant_id,
+ username=self.user.username).values_list("ID", flat=True)
+ self.perm_apps.extend(app)
+ self.perm_apps = list(set(self.perm_apps))
  self.user_perms = list(set(self.user_perms))
 
  def initial(self, request, *args, **kwargs):
+ """
+ 初始化请求相关的实例变量，包括用户信息、企业信息、团队信息和权限信息。
+
+ Args:
+ request (Request): 请求对象。
+ *args: 其他位置参数。
+ **kwargs: 其他关键字参数。
+
+ Raises:
+ AbortRequest: 如果无法找到team_name或tenant，则抛出请求中止异常。
+ """
+ # 设置当前用户
  self.user = request.user
+
+ # 根据用户的enterprise_id获取企业信息
  self.enterprise = TenantEnterprise.objects.filter(enterprise_id=self.user.enterprise_id).first()
+
+ # 根据企业ID和用户ID获取用户权限信息，设置企业管理员标识
  enterprise_user_perms = EnterpriseUserPerm.objects.filter(
  enterprise_id=self.user.enterprise_id, user_id=self.user.user_id).first()
  if enterprise_user_perms:
  self.is_enterprise_admin = True
- self.tenant_name = kwargs.get("tenantName", None)
 
+ # 获取租户名称
+ self.tenant_name = kwargs.get("tenantName", None)
  if not self.tenant_name:
  self.tenant_name = kwargs.get("team_name", None)
  if not self.tenant_name:
@@ -343,32 +390,64 @@ def initial(self, request, *args, **kwargs):
  if not self.tenant_name:
  self.tenant_name = self.request.GET.get('team_name', None)
  self.team_name = self.tenant_name
-
  if not self.tenant_name:
- raise AbortRequest("team_name not found !")
+ raise AbortRequest(msg="team_name not found!", msg_show="请求参数缺少team_name", status_code=404)
+
  try:
+ # 尝试根据租户名称获取租户信息
  self.tenant = Tenants.objects.get(tenant_name=self.tenant_name)
  self.team = self.tenant
  except Tenants.DoesNotExist:
  try:
+ # 如果根据租户名称获取失败，尝试根据租户ID获取租户信息
  self.tenant = Tenants.objects.get(tenant_id=self.tenant_name)
  self.team = self.tenant
  except Tenants.DoesNotExist:
- raise AbortRequest(msg="tenant {0} not found".format(self.tenant_name), msg_show="团队不存在", status_code=404)
+ raise AbortRequest(msg="tenant {0} not found".format(self.tenant_name), msg_show="团队不存在",
+ status_code=404)
+
+ # 获取权限应用ID
  if kwargs.get("app_id"):
- self.perm_app_id = kwargs.get("app_id")
+ try:
+ self.perm_app_id = int(kwargs.get("app_id"))
+ except Exception as e:
+ self.perm_app_id = -1
  if request.GET.get("group_id"):
- self.perm_app_id = request.GET.get("group_id")
+ try:
+ self.perm_app_id = int(request.GET.get("group_id"))
+ except Exception as e:
+ self.perm_app_id = -1
  if request.GET.get("app_id"):
- self.perm_app_id = request.GET.get("group_id")
+ try:
+ self.perm_app_id = int(request.GET.get("app_id"))
+ except Exception as e:
+ self.perm_app_id = -1
  if kwargs.get("group_id"):
- self.perm_app_id = kwargs.get("group_id")
+ try:
+ self.perm_app_id = int(kwargs.get("group_id"))
+ except Exception as e:
+ self.perm_app_id = -1
+ if request.data.get("group_id"):
+ if request.data.get("is_demo"):
+ self.perm_app_id = -1
+ else:
+ try:
+ self.perm_app_id = int(request.data.get("group_id"))
+ except Exception as e:
+ self.perm_app_id = -1
+ if request.data.get("app_id"):
+ try:
+ self.perm_app_id = int(request.data.get("app_id"))
+ except Exception as e:
+ self.perm_app_id = -1
+ # 根据服务别名获取服务信息，并设置权限应用ID
  if kwargs.get("serviceAlias"):
  service_alias = kwargs.get("serviceAlias")
  services = TenantServiceInfo.objects.filter(service_alias=service_alias, tenant_id=self.tenant.tenant_id)
  if services:
  s_groups = group_service.get_service_group_info(services[0].service_id)
- self.perm_app_id = s_groups.ID
+ if s_groups:
+ self.perm_app_id = s_groups.ID
 
  if self.user.user_id == self.tenant.creater:
  self.is_team_owner = True