[Feature] 应用授权: DatabasePermission 添加用户授权树APIView，用户组授权APIView

57a805e0 · BaiJiangJie · b74650c2 · 57a805e0 · 57a805e0 · 57a805e0
Commit 57a805e0 authored Aug 06, 2019 by BaiJiangJie
5 changed files
--- a/apps/perms/api/__init__.py
+++ b/apps/perms/api/__init__.py
@@ -8,3 +8,4 @@ from .remote_app_permission import *
 from .user_remote_app_permission import *
 from .database_permission import *
 from .user_database_permission import *
+from .user_group_database_permission import *
--- a/apps/perms/api/user_database_permission.py
+++ b/apps/perms/api/user_database_permission.py
@@ -7,15 +7,17 @@ from rest_framework.generics import ListAPIView

 from rest_framework.pagination import LimitOffsetPagination

+from common.tree import TreeNodeSerializer
 from common.permissions import IsOrgAdminOrAppUser, IsValidUser
 from ..hands import User, DatabaseSerializer
 from ..utils import (
-    DatabasePermissionUtil,
+    DatabasePermissionUtil, construct_databases_tree_root,
+    parse_database_to_tree_node,
 )
 from ..mixins import DatabasesFilterMixin

 __all__ = [
-    'UserGrantedDatabasesApi',
+    'UserGrantedDatabasesApi', 'UserGrantedDatabasesAsTreeApi'
 ]


@@ -42,3 +44,34 @@ class UserGrantedDatabasesApi(DatabasesFilterMixin, ListAPIView):
        if self.kwargs.get('pk') is None:
            self.permission_classes = (IsValidUser,)
        return super().get_permissions()
+
+
+class UserGrantedDatabasesAsTreeApi(ListAPIView):
+    serializer_class = TreeNodeSerializer
+    permission_classes = (IsOrgAdminOrAppUser,)
+
+    def get_object(self):
+        user_id = self.kwargs.get('pk', '')
+        if not user_id:
+            user = self.request.user
+        else:
+            user = get_object_or_404(User, id=user_id)
+        return user
+
+    def get_queryset(self):
+        queryset = []
+        tree_root = construct_databases_tree_root()
+        queryset.append(tree_root)
+
+        util = DatabasePermissionUtil(self.get_object())
+        databases = util.get_databases()
+        for database in databases:
+            node = parse_database_to_tree_node(tree_root, database)
+            queryset.append(node)
+        queryset = sorted(queryset)
+        return queryset
+
+    def get_permissions(self):
+        if self.kwargs.get('pk') is None:
+            self.permission_classes = (IsValidUser,)
+        return super().get_permissions()
--- a/apps/perms/api/user_group_database_permission.py
+++ b/apps/perms/api/user_group_database_permission.py
+# coding: utf-8
+#
+
+
+from rest_framework.generics import (
+    ListAPIView, get_object_or_404
+)
+
+from common.permissions import IsOrgAdminOrAppUser
+
+from ..utils import DatabasePermissionUtil
+from ..hands import UserGroup, DatabaseSerializer
+
+__all__ = [
+    'UserGroupGrantedDatabasesApi'
+]
+
+
+class UserGroupGrantedDatabasesApi(ListAPIView):
+    permission_classes = (IsOrgAdminOrAppUser,)
+    serializer_class = DatabaseSerializer
+
+    def get_queryset(self):
+        queryset = []
+        user_group_id = self.kwargs.get('pk')
+        if not user_group_id:
+            return queryset
+        user_group = get_object_or_404(UserGroup, id=user_group_id)
+        util = DatabasePermissionUtil(user_group)
+        queryset = util.get_databases()
+        return queryset
--- a/apps/perms/urls/api_urls.py
+++ b/apps/perms/urls/api_urls.py
@@ -91,6 +91,13 @@ database_permission_urlpatterns = [
    path('users/<uuid:pk>/databases/', api.UserGrantedDatabasesApi.as_view(), name='user-databases'),
    path('users/databases/', api.UserGrantedDatabasesApi.as_view(), name='my-databases'),

+    # 查询用户授权的Database树
+    path('users/<uuid:pk>/databases/tree/', api.UserGrantedDatabasesAsTreeApi.as_view(), name='user-databases-as-tree'),
+    path('users/databases/tree/', api.UserGrantedDatabasesAsTreeApi.as_view(), name='my-databases-as-tree'),
+
+    # 查询用户组授权的Database
+    path('user-groups/<uuid:pk>/databases/', api.UserGroupGrantedDatabasesApi.as_view(), name='user-group=databases'),
+
    # 用户和Database变更
    path('database-permissions/<uuid:pk>/user/add/', api.DatabasePermissionAddUserApi.as_view(), name='database-permission-add-user'),
    path('database-permissions/<uuid:pk>/user/remove/', api.DatabasePermissionRemoveUserApi.as_view(), name='database-permission-remove-user'),

--- a/apps/perms/utils/database_permission.py
+++ b/apps/perms/utils/database_permission.py
@@ -4,12 +4,16 @@

 from django.db.models import Q

+from common.tree import TreeNode
 from orgs.utils import set_to_root_org

 from ..models import DatabasePermission

 __all__ = [
    'DatabasePermissionUtil',
+    'construct_databases_tree_root',
+    'parse_database_to_tree_node'
+
 ]


@@ -54,3 +58,31 @@ class DatabasePermissionUtil:
        for perm in self.permissions:
            databases.update(list(perm.databases.all()))
        return databases
+
+
+def construct_databases_tree_root():
+    tree_root = {
+        'id': 'ID_DATABASE_ROOT',
+        'name': 'Database',
+        'title': 'Database',
+        'pId': '',
+        'open': False,
+        'isParent': True,
+        'iconSkin': '',
+        'meta': {'type': 'database'}
+    }
+    return TreeNode(**tree_root)
+
+
+def parse_database_to_tree_node(parent, database):
+    tree_node = {
+        'id': database.id,
+        'name': database.name,
+        'title': database.name,
+        'pId': parent.id,
+        'open': False,
+        'isParent': False,
+        'iconSkin': 'file',
+        'meta': {'type': 'database'}
+    }
+    return TreeNode(**tree_node)