Commit 329f8446 authored by BaiJiangJie's avatar BaiJiangJie

[Feature] 应用授权: DatabasePermission 添加Model、APIView

parent 4688ff2d
......@@ -14,8 +14,8 @@ class DatabaseSerializer(BulkOrgResourceModelSerializer):
list_serializer_class = AdaptedBulkListSerializer
fields = [
'id', 'name', 'login_mode', 'type', 'host', 'port', 'user',
'password', 'database', 'comment', 'created_by', 'date_created',
'date_updated',
'password', 'database', 'created_by', 'date_created',
'date_updated', 'comment',
]
read_only_fields = [
......@@ -24,3 +24,18 @@ class DatabaseSerializer(BulkOrgResourceModelSerializer):
extra_kwargs = {
'password': {'write_only': True},
}
@staticmethod
def clean_password(validated_data):
password = validated_data.get('password')
if not password:
validated_data.pop('password', None)
def create(self, validated_data):
self.clean_password(validated_data)
return super().create(validated_data)
def update(self, instance, validated_data):
self.clean_password(validated_data)
return super().update(instance, validated_data)
......@@ -6,3 +6,4 @@ from .user_permission import *
from .user_group_permission import *
from .remote_app_permission import *
from .user_remote_app_permission import *
from .database_permission import *
# coding: utf-8
#
from rest_framework import viewsets, generics
from rest_framework.pagination import LimitOffsetPagination
from rest_framework.views import Response
from common.permissions import IsOrgAdmin
from ..models import DatabasePermission
from ..serializers import (
DatabasePermissionSerializer,
DatabasePermissionUpdateUserSerializer,
DatabasePermissionUpdateDatabaseSerializer,
)
__all__ = [
'DatabasePermissionViewSet',
'DatabasePermissionRemoveUserApi', 'DatabasePermissionAddUserApi',
'DatabasePermissionRemoveDatabaseApi', 'DatabasePermissionAddDatabaseApi',
]
class DatabasePermissionViewSet(viewsets.ModelViewSet):
filter_fields = ('name', )
search_fields = filter_fields
queryset = DatabasePermission.objects.all()
serializer_class = DatabasePermissionSerializer
pagination_class = LimitOffsetPagination
permission_classes = (IsOrgAdmin,)
class DatabasePermissionAddUserApi(generics.RetrieveUpdateAPIView):
permission_classes = (IsOrgAdmin,)
serializer_class = DatabasePermissionUpdateUserSerializer
queryset = DatabasePermission.objects.all()
def update(self, request, *args, **kwargs):
perm = self.get_object()
serializer = self.serializer_class(data=request.data)
if serializer.is_valid():
users = serializer.validated_data.get('users')
if users:
perm.users.add(*tuple(users))
return Response({"msg": "ok"})
else:
return Response({"error": serializer.errors})
class DatabasePermissionRemoveUserApi(generics.RetrieveUpdateAPIView):
permission_classes = (IsOrgAdmin,)
serializer_class = DatabasePermissionUpdateUserSerializer
queryset = DatabasePermission.objects.all()
def update(self, request, *args, **kwargs):
perm = self.get_object()
serializer = self.serializer_class(data=request.data)
if serializer.is_valid():
users = serializer.validated_data.get('users')
if users:
perm.users.remove(*tuple(users))
return Response({"msg": "ok"})
else:
return Response({"error": serializer.errors})
class DatabasePermissionAddDatabaseApi(generics.RetrieveUpdateAPIView):
permission_classes = (IsOrgAdmin,)
serializer_class = DatabasePermissionUpdateDatabaseSerializer
queryset = DatabasePermission.objects.all()
def update(self, request, *args, **kwargs):
perm = self.get_object()
serializer = self.serializer_class(data=request.data)
if serializer.is_valid():
databases = serializer.validated_data.get('databases')
if databases:
perm.databases.add(*tuple(databases))
return Response({"msg": "ok"})
else:
return Response({"error": serializer.errors})
class DatabasePermissionRemoveDatabaseApi(generics.RetrieveUpdateAPIView):
permission_classes = (IsOrgAdmin,)
serializer_class = DatabasePermissionUpdateDatabaseSerializer
queryset = DatabasePermission.objects.all()
def update(self, request, *args, **kwargs):
perm = self.get_object()
serializer = self.serializer_class(data=request.data)
if serializer.is_valid():
databases = serializer.validated_data.get('databases')
if databases:
perm.databases.remove(*tuple(databases))
return Response({"msg": "ok"})
else:
return Response({"error": serializer.errors})
......@@ -3,3 +3,4 @@
from .asset_permission import *
from .remote_app_permission import *
from .database_permission import *
# coding: utf-8
#
from django.db import models
from django.utils.translation import ugettext_lazy as _
from .base import BasePermission
__all__ = [
'DatabasePermission',
]
class DatabasePermission(BasePermission):
databases = models.ManyToManyField(
'applications.Database', related_name='granted_by_permissions',
blank=True, verbose_name=_("Database")
)
class Meta:
unique_together = [('org_id', 'name')]
verbose_name = _('Database permission')
ordering = ('name',)
def get_all_databases(self):
return set(self.databases.all())
......@@ -12,7 +12,10 @@ __all__ = [
class RemoteAppPermission(BasePermission):
remote_apps = models.ManyToManyField('applications.RemoteApp', related_name='granted_by_permissions', blank=True, verbose_name=_("RemoteApp"))
remote_apps = models.ManyToManyField(
'applications.RemoteApp', related_name='granted_by_permissions',
blank=True, verbose_name=_("RemoteApp")
)
class Meta:
unique_together = [('org_id', 'name')]
......
......@@ -4,3 +4,4 @@
from .asset_permission import *
from .user_permission import *
from .remote_app_permission import *
from .database_permission import *
# coding: utf-8
#
from rest_framework import serializers
from common.serializers import AdaptedBulkListSerializer
from orgs.mixins import BulkOrgResourceModelSerializer
from ..models import DatabasePermission
__all__ = [
'DatabasePermissionSerializer',
'DatabasePermissionUpdateUserSerializer',
'DatabasePermissionUpdateDatabaseSerializer'
]
class DatabasePermissionSerializer(BulkOrgResourceModelSerializer):
class Meta:
model = DatabasePermission
list_serializer_class = AdaptedBulkListSerializer
fields = [
'id', 'name', 'users', 'user_groups', 'databases', 'comment',
'is_active', 'date_start', 'date_expired', 'is_valid',
'created_by', 'date_created',
]
read_only_fields = ['created_by', 'date_created']
class DatabasePermissionUpdateUserSerializer(serializers.ModelSerializer):
class Meta:
model = DatabasePermission
fields = ['id', 'users']
class DatabasePermissionUpdateDatabaseSerializer(serializers.ModelSerializer):
class Meta:
model = DatabasePermission
fields = ['id', 'databases']
......@@ -10,6 +10,7 @@ app_name = 'perms'
router = routers.DefaultRouter()
router.register('asset-permissions', api.AssetPermissionViewSet, 'asset-permission')
router.register('remote-app-permissions', api.RemoteAppPermissionViewSet, 'remote-app-permission')
router.register('database-permissions', api.DatabasePermissionViewSet, 'database-permission')
asset_permission_urlpatterns = [
......@@ -85,11 +86,20 @@ remote_app_permission_urlpatterns = [
path('remote-app-permissions/<uuid:pk>/remote-app/add/', api.RemoteAppPermissionAddRemoteAppApi.as_view(), name='remote-app-permission-add-remote-app'),
]
database_permission_urlpatterns = [
# 用户和Database变更
path('database-permissions/<uuid:pk>/user/add/', api.DatabasePermissionAddUserApi.as_view(), name='database-permission-add-user'),
path('database-permissions/<uuid:pk>/user/remove/', api.DatabasePermissionRemoveUserApi.as_view(), name='database-permission-remove-user'),
path('database-permissions/<uuid:pk>/database/remove/', api.DatabasePermissionRemoveDatabaseApi.as_view(), name='database-permission-remove-database'),
path('database-permissions/<uuid:pk>/database/add/', api.DatabasePermissionAddDatabaseApi.as_view(), name='database-permission-add-database'),
]
old_version_urlpatterns = [
re_path('(?P<resource>user|user-group|asset-permission|remote-app-permission)/.*', capi.redirect_plural_name_api)
re_path('(?P<resource>user|user-group|asset-permission|remote-app-permission|database-permission)/.*', capi.redirect_plural_name_api)
]
urlpatterns = asset_permission_urlpatterns + remote_app_permission_urlpatterns + old_version_urlpatterns
urlpatterns = asset_permission_urlpatterns + remote_app_permission_urlpatterns + database_permission_urlpatterns + old_version_urlpatterns
urlpatterns += router.urls
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment