[Feature] 应用授权: DatabasePermission 添加校验用户对数据库的权限API

dcd1c119 · BaiJiangJie · 2268fc5b · dcd1c119 · dcd1c119
Commit dcd1c119 authored Aug 06, 2019 by BaiJiangJie
Hide whitespace changes
Inline Side-by-side

Showing with 23 additions and 3 deletions

user_database_permission.py apps/perms/api/user_database_permission.py +20 -3

api_urls.py apps/perms/urls/api_urls.py +3 -0

No files found.
--- a/apps/perms/api/user_database_permission.py
+++ b/apps/perms/api/user_database_permission.py
@@ -4,12 +4,12 @@

 from django.shortcuts import get_object_or_404
 from rest_framework.generics import ListAPIView
-
+from rest_framework.views import APIView, Response
 from rest_framework.pagination import LimitOffsetPagination

 from common.tree import TreeNodeSerializer
 from common.permissions import IsOrgAdminOrAppUser, IsValidUser
-from ..hands import User, DatabaseSerializer
+from ..hands import User, Database, DatabaseSerializer
 from ..utils import (
    DatabasePermissionUtil, construct_databases_tree_root,
    parse_database_to_tree_node,
@@ -17,7 +17,8 @@ from ..utils import (
 from ..mixins import DatabasesFilterMixin

 __all__ = [
-    'UserGrantedDatabasesApi', 'UserGrantedDatabasesAsTreeApi'
+    'UserGrantedDatabasesApi', 'UserGrantedDatabasesAsTreeApi',
+    'ValidateUserDatabasePermissionApi',
 ]


@@ -75,3 +76,19 @@ class UserGrantedDatabasesAsTreeApi(ListAPIView):
        if self.kwargs.get('pk') is None:
            self.permission_classes = (IsValidUser,)
        return super().get_permissions()
+
+
+class ValidateUserDatabasePermissionApi(APIView):
+    permission_classes = (IsOrgAdminOrAppUser,)
+
+    def get(self, request, *args, **kwargs):
+        user_id = request.query_params.get('user_id', '')
+        database_id = request.query_params.get('database_id', '')
+        user = get_object_or_404(User, id=user_id)
+        database = get_object_or_404(Database, id=database_id)
+
+        util = DatabasePermissionUtil(user)
+        databases = util.get_databases()
+        if database not in databases:
+            return Response({'msg': False}, status=403)
+        return Response({'msg': True}, status=200)
--- a/apps/perms/urls/api_urls.py
+++ b/apps/perms/urls/api_urls.py
@@ -95,6 +95,9 @@ database_permission_urlpatterns = [
    path('users/<uuid:pk>/databases/tree/', api.UserGrantedDatabasesAsTreeApi.as_view(), name='user-databases-as-tree'),
    path('users/databases/tree/', api.UserGrantedDatabasesAsTreeApi.as_view(), name='my-databases-as-tree'),

+    # 校验用户对Database的权限
+    path('database-permissions/user/validate/', api.ValidateUserDatabasePermissionApi.as_view(), name='validate-user-database-permission'),
+
    # 查询用户组授权的Database
    path('user-groups/<uuid:pk>/databases/', api.UserGroupGrantedDatabasesApi.as_view(), name='user-group=databases'),