From 23fd343bf4cdfbb2964706da71f7d4b54903ba5f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BC=A0=E5=90=AF=E8=88=AA?= <101104760+ZhangSetSail@users.noreply.github.com> Date: Tue, 2 Jul 2024 17:01:10 +0800 Subject: [PATCH] perf: merage yanxiang perm MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 张启航 <101104760+ZhangSetSail@users.noreply.github.com> --- console/models/main.py | 2 - console/repositories/config_repo.py | 1 - console/services/config_service.py | 13 ++-- console/views/base.py | 109 ++++++++++++++++++++++++---- 4 files changed, 100 insertions(+), 25 deletions(-) diff --git a/console/models/main.py b/console/models/main.py index 5d85e2a863..75a5ca1b4f 100644 --- a/console/models/main.py +++ b/console/models/main.py @@ -80,8 +80,6 @@ class Meta: desc = models.CharField(max_length=100, null=True, blank=True, default="", help_text="描述") enable = models.BooleanField(default=True, help_text="是否生效") create_time = models.DateTimeField(auto_now_add=True, blank=True, help_text="创建时间") - enterprise_id = models.CharField(max_length=32, help_text="eid", default="") - class RainbondCenterApp(BaseModel): """云市应用包(组)""" diff --git a/console/repositories/config_repo.py b/console/repositories/config_repo.py index 6eabcacf98..9a3709c6e5 100644 --- a/console/repositories/config_repo.py +++ b/console/repositories/config_repo.py @@ -52,7 +52,6 @@ def create_token_record(self, key, value, eid): type="string", desc="helm对接集群唯一标识", enable=True, - enterprise_id=eid, create_time=datetime.now().strftime('%Y-%m-%d %H:%M:%S')) diff --git a/console/services/config_service.py b/console/services/config_service.py index 8b8ed38f72..6d3cf8f91e 100644 --- a/console/services/config_service.py +++ b/console/services/config_service.py @@ -90,7 +90,7 @@ def delete_config(self, key): return self.delete_config_by_key(key) def add_config(self, key, default_value, type, enable=True, desc=""): - if not ConsoleSysConfig.objects.filter(key=key, enterprise_id=self.enterprise_id).exists(): + if not ConsoleSysConfig.objects.filter(key=key).exists(): create_time = datetime.now().strftime('%Y-%m-%d %H:%M:%S') config = ConsoleSysConfig.objects.create( key=key, @@ -98,8 +98,7 @@ def add_config(self, key, default_value, type, enable=True, desc=""): value=default_value, desc=desc, create_time=create_time, - enable=enable, - enterprise_id=self.enterprise_id) + enable=enable) custom_settings.reload() return config else: @@ -126,13 +125,13 @@ def update_config_by_key(self, key, data): def update_config_enable_status(self, key, enable): self.init_base_config_value() ConsoleSysConfig.objects.filter(key=key).update(enable=enable) - config = ConsoleSysConfig.objects.get(key=key, enterprise_id=self.enterprise_id) + config = ConsoleSysConfig.objects.get(key=key) if key in self.base_cfg_keys: return {key.lower(): {"enable": enable, "value": self.base_cfg_keys_value[key]["value"]}} return {key.lower(): {"enable": enable, "value": (eval(config.value) if config.type == "json" else config.value)}} def update_config_value(self, key, value): - config = ConsoleSysConfig.objects.get(key=key, enterprise_id=self.enterprise_id) + config = ConsoleSysConfig.objects.get(key=key) config.value = value if isinstance(value, (dict, list)): type = "json" @@ -143,7 +142,7 @@ def update_config_value(self, key, value): return {key.lower(): {"enable": True, "value": config.value}} def delete_config_by_key(self, key): - rst = ConsoleSysConfig.objects.get(key=key, enterprise_id=self.enterprise_id) + rst = ConsoleSysConfig.objects.get(key=key) rst.enable = self.cfg_keys_value[key]["enable"] rst.value = self.cfg_keys_value[key]["value"] rst.desc = self.cfg_keys_value[key]["desc"] @@ -407,7 +406,7 @@ def add_config_without_reload(self, key, default_value, type, desc=""): if not ConsoleSysConfig.objects.filter(key=key).exists(): create_time = datetime.now().strftime('%Y-%m-%d %H:%M:%S') config = ConsoleSysConfig.objects.create( - key=key, type=type, value=default_value, desc=desc, create_time=create_time, enterprise_id="") + key=key, type=type, value=default_value, desc=desc, create_time=create_time) return config else: raise ConfigExistError("配置{}已存在".format(key)) diff --git a/console/views/base.py b/console/views/base.py index 2ce3a9f3c2..32a414d669 100644 --- a/console/views/base.py +++ b/console/views/base.py @@ -295,14 +295,33 @@ def __init__(self, *args, **kwargs): self.perm_apps = [] def get_perms(self): + """ + 获取用户的权限列表。 + + 用户权限由以下几部分组成: + 1. 用户拥有的管理员角色的权限; + 2. 如果用户是团队所有者,则包含团队权限和团队所有者权限; + 3. 如果用户是团队成员,则根据其角色获取相应的权限; + 4. 如果用户有指定的应用权限,则添加该应用的权限; + 5. 如果用户有指定的应用组权限,则添加该应用组的权限。 + + Returns: + list: 用户的权限列表。 + """ + # 初始化用户权限列表 self.user_perms = [] + + # 获取用户拥有的管理员角色 admin_roles = user_services.list_roles(self.user.enterprise_id, self.user.user_id) self.user_perms = list(perms.list_enterprise_perm_codes_by_roles(admin_roles)) + + # 如果用户是团队所有者,添加团队权限和团队所有者权限 if self.is_team_owner: team_perms = list(PermsInfo.objects.filter(kind="team").values_list("code", flat=True)) self.user_perms.extend(team_perms) self.user_perms.append(100001) else: + # 获取团队角色 team_roles = RoleInfo.objects.filter(kind="team", kind_id=self.tenant.tenant_id) if team_roles: role_ids = team_roles.values_list("ID", flat=True) @@ -315,23 +334,51 @@ def get_perms(self): self.user_perms.extend(list(global_team_role_perms.values_list("perm_code", flat=True))) if global_team_role_perms.filter(perm_code=300002): self.perm_apps = [-1] - if self.perm_app_id: - app_role_perms = team_role_perms.filter(app_id=self.perm_app_id) - self.user_perms.extend(list(app_role_perms.values_list("perm_code", flat=True))) - if not self.perm_apps and team_role_perms.filter(perm_code=300002).exclude(app_id=-1): - self.perm_apps = team_role_perms.filter(perm_code=300002).exclude(app_id=-1).values_list( - "app_id", flat=True) + if self.perm_app_id or self.perm_app_id == 0: + app = ServiceGroup.objects.filter(ID=self.perm_app_id) + if self.perm_app_id == 0 or (app and app[0].username == self.user.username): + app_perms = get_perms(copy.deepcopy(APP), "app", "app") + code = [a[2] for a in app_perms] + self.user_perms.extend(code) + else: + app_role_perms = team_role_perms.filter(app_id=self.perm_app_id) + self.user_perms.extend(list(app_role_perms.values_list("perm_code", flat=True))) + if not self.perm_apps: + self.perm_apps = list( + team_role_perms.filter(perm_code=300002).exclude(app_id=-1).values_list("app_id", + flat=True)) + app = ServiceGroup.objects.filter(tenant_id=self.tenant.tenant_id, + username=self.user.username).values_list("ID", flat=True) + self.perm_apps.extend(app) + self.perm_apps = list(set(self.perm_apps)) self.user_perms = list(set(self.user_perms)) def initial(self, request, *args, **kwargs): + """ + 初始化请求相关的实例变量,包括用户信息、企业信息、团队信息和权限信息。 + + Args: + request (Request): 请求对象。 + *args: 其他位置参数。 + **kwargs: 其他关键字参数。 + + Raises: + AbortRequest: 如果无法找到team_name或tenant,则抛出请求中止异常。 + """ + # 设置当前用户 self.user = request.user + + # 根据用户的enterprise_id获取企业信息 self.enterprise = TenantEnterprise.objects.filter(enterprise_id=self.user.enterprise_id).first() + + # 根据企业ID和用户ID获取用户权限信息,设置企业管理员标识 enterprise_user_perms = EnterpriseUserPerm.objects.filter( enterprise_id=self.user.enterprise_id, user_id=self.user.user_id).first() if enterprise_user_perms: self.is_enterprise_admin = True - self.tenant_name = kwargs.get("tenantName", None) + # 获取租户名称 + self.tenant_name = kwargs.get("tenantName", None) if not self.tenant_name: self.tenant_name = kwargs.get("team_name", None) if not self.tenant_name: @@ -343,32 +390,64 @@ def initial(self, request, *args, **kwargs): if not self.tenant_name: self.tenant_name = self.request.GET.get('team_name', None) self.team_name = self.tenant_name - if not self.tenant_name: - raise AbortRequest("team_name not found !") + raise AbortRequest(msg="team_name not found!", msg_show="请求参数缺少team_name", status_code=404) + try: + # 尝试根据租户名称获取租户信息 self.tenant = Tenants.objects.get(tenant_name=self.tenant_name) self.team = self.tenant except Tenants.DoesNotExist: try: + # 如果根据租户名称获取失败,尝试根据租户ID获取租户信息 self.tenant = Tenants.objects.get(tenant_id=self.tenant_name) self.team = self.tenant except Tenants.DoesNotExist: - raise AbortRequest(msg="tenant {0} not found".format(self.tenant_name), msg_show="团队不存在", status_code=404) + raise AbortRequest(msg="tenant {0} not found".format(self.tenant_name), msg_show="团队不存在", + status_code=404) + + # 获取权限应用ID if kwargs.get("app_id"): - self.perm_app_id = kwargs.get("app_id") + try: + self.perm_app_id = int(kwargs.get("app_id")) + except Exception as e: + self.perm_app_id = -1 if request.GET.get("group_id"): - self.perm_app_id = request.GET.get("group_id") + try: + self.perm_app_id = int(request.GET.get("group_id")) + except Exception as e: + self.perm_app_id = -1 if request.GET.get("app_id"): - self.perm_app_id = request.GET.get("group_id") + try: + self.perm_app_id = int(request.GET.get("app_id")) + except Exception as e: + self.perm_app_id = -1 if kwargs.get("group_id"): - self.perm_app_id = kwargs.get("group_id") + try: + self.perm_app_id = int(kwargs.get("group_id")) + except Exception as e: + self.perm_app_id = -1 + if request.data.get("group_id"): + if request.data.get("is_demo"): + self.perm_app_id = -1 + else: + try: + self.perm_app_id = int(request.data.get("group_id")) + except Exception as e: + self.perm_app_id = -1 + if request.data.get("app_id"): + try: + self.perm_app_id = int(request.data.get("app_id")) + except Exception as e: + self.perm_app_id = -1 + # 根据服务别名获取服务信息,并设置权限应用ID if kwargs.get("serviceAlias"): service_alias = kwargs.get("serviceAlias") services = TenantServiceInfo.objects.filter(service_alias=service_alias, tenant_id=self.tenant.tenant_id) if services: s_groups = group_service.get_service_group_info(services[0].service_id) - self.perm_app_id = s_groups.ID + if s_groups: + self.perm_app_id = s_groups.ID if self.user.user_id == self.tenant.creater: self.is_team_owner = True