Skip to content

Commit

Permalink
Merge pull request #765 from longguikeji/dev/loopbing
Browse files Browse the repository at this point in the history
新的权限体系,以及删除用户的bug
  • Loading branch information
hanbinloop authored Apr 14, 2022
2 parents 8caddaf + a4dbbc3 commit 0148a96
Show file tree
Hide file tree
Showing 102 changed files with 10,951 additions and 770 deletions.
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -192,5 +192,6 @@ node_modules/
package-lock.json

db.sqlite3-journal
results.sqlite
djangosaml2idp/saml2_config/*.xml

1 change: 1 addition & 0 deletions Pipfile
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,7 @@ django-celery-beat = "*"
pypinyin = "*"
random-password-generator = "*"
kerberos = "*"
pyjwt = "*"

[requires]
python_version = "3.8"
259 changes: 259 additions & 0 deletions api/v1/pages/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,7 @@
)

from openapi.routers import root_add_routers, Router, PageRouter, UrlRouter
from openapi.describe import root_add_roles_describe

root_add_routers(
[
Expand Down Expand Up @@ -198,3 +199,261 @@
),
]
)

root_add_roles_describe({
'code':'arkid',
'name': 'ArkID',
'children':[
{
'code':'globaladmin',
'name':'超级管理员'
},
{
'code':'tenantadmin',
'name':'租户管理员'
},
{
'code':'generaluser',
'name':'普通用户'
},
{
'code':'appmanage',
'name':'应用管理'
},
{
'code':'usermanage',
'name':'用户管理',
'children': [
{
'code': 'userlist',
'name': '用户列表'
},
{
'code': 'groupmanage',
'name': '分组管理'
},
{
'code': 'tenantlist',
'name': '租户列表'
},
{
'code': 'devicemanage',
'name': '设备管理'
},
{
'code': 'fillformaccount',
'name': '表单代填账号'
}
]
},
{
'code':'authmanage',
'name':'授权管理',
'children': [
{
'code': 'permissionlist',
'name': '权限列表'
},
{
'code': 'permissiongroup',
'name': '权限分组'
},
{
'code': 'permissionmanage',
'name': '权限管理'
}
]
},
{
'code':'linkidentity',
'name':'连接身份源',
'children': [
{
'code': 'identityservice',
'name': '身份源服务'
},
{
'code': 'datasync',
'name': '数据同步'
}
]
},
{
'code':'authfactor',
'name':'认证因素',
'children': [
{
'code': 'factorconfig',
'name': '因素配置'
},
{
'code': 'thirdpartylogin',
'name': '第三方登录'
},
{
'code': 'backendauth',
'name': '后端认证'
},
{
'code': 'otherauthfactor',
'name': '其它认证因素'
},
{
'code': 'authrule',
'name': '认证规则'
}
]
},
{
'code':'expansionable',
'name':'扩展能力',
'children': [
{
'code': 'webhook',
'name': 'Webhook'
},
{
'code': 'apidocument',
'name': 'API文档'
}
]
},
{
'code':'logmanage',
'name':'日志管理',
'children': [
{
'code': 'useractionlog',
'name': '用户行为日志'
},
{
'code': 'manageractionlog',
'name': '管理员行为日志'
},
{
'code': 'logset',
'name': '日志设置'
}
]
},
{
'code':'statisticalgraph',
'name':'统计图表'
},
{
'code':'tenantset',
'name':'租户设置',
'children': [
{
'code': 'tenantconfig',
'name': '租户配置'
},
{
'code': 'childmanagerset',
'name': '子管理员设置'
}
]
},
{
'code':'userset',
'name':'用户设置',
'children': [
{
'code': 'desktopset',
'name': '桌面设置'
},
{
'code': 'contactsset',
'name': '通讯录设置'
},
{
'code': 'profileset',
'name': '个人资料设置'
}
]
},
{
'code':'pluginmanage',
'name':'插件管理',
'children': [
{
'code': 'pluginstore',
'name': '插件商店'
},
{
'code': 'pluginconfig',
'name': '插件配置'
}
]
},
{
'code':'platformmanage',
'name':'平台管理',
'children': [
{
'code': 'bindplatform',
'name': '绑定中心平台'
},
{
'code': 'platformconfig',
'name': '平台配置'
}
]
}
]
})

# root_add_roles_describe({
# # 基础角色
# 'globaladmin': '超级管理员',
# 'tenantadmin': '租户管理员',
# 'generaluser': '普通用户',
# # 菜单
# 'appmanage': '应用管理',

# 'usermanage': '用户管理',
# 'usermanage.userlist': '用户列表',
# 'usermanage.groupmanage': '分组管理',
# 'usermanage.tenantlist': '租户列表',
# 'usermanage.devicemanage': '设备管理',
# 'usermanage.fillformaccount': '表单代填账号',

# 'authmanage': '授权管理',
# 'authmanage.permissionlist': '权限列表',
# 'authmanage.permissiongroup': '权限分组',
# 'authmanage.permissionmanage': '权限管理',

# 'linkidentity': '连接身份源',
# 'linkidentity.identityservice': '身份源服务',
# 'linkidentity.datasync': '数据同步',

# 'authfactor': '认证因素',
# 'authfactor.factorconfig': '因素配置',
# 'authfactor.thirdpartylogin': '第三方登录',
# 'authfactor.backendauth': '后端认证',
# 'authfactor.otherauthfactor': '其它认证因素',

# 'expansionable': '扩展能力',
# 'expansionable.webhook': 'Webhook',
# 'expansionable.apidocument': 'API文档',

# 'logmanage': '日志管理',
# 'logmanage.useractionlog': '用户行为日志',
# 'logmanage.manageractionlog': '管理员行为日志',
# 'logmanage.logset': '日志设置',

# 'statisticalgraph': '统计图表',

# 'tenantset': '租户设置',
# 'tenantset.tenantconfig': '租户配置',
# 'tenantset.childmanagerset': '子管理员设置',

# 'userset': '用户设置',
# 'userset.desktopset': '桌面设置',
# 'userset.contactsset': '通讯录设置',
# 'userset.profileset': '个人资料设置',

# 'platformmanage': '平台管理',
# 'platformmanage.pluginconfig': '插件配置',
# 'platformmanage.platformconfig': '平台配置'
# })
10 changes: 9 additions & 1 deletion api/v1/pages/permission_group.py
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,9 @@
'icon': 'el-icon-delete'
},
'node': {
'next': 'permission_group.permission'
'next': 'permission_group.permission',
'path': '/api/v1/tenant/{tenant_uuid}/permission_group/?parent={id}',
'method': 'get'
}
}
}
Expand Down Expand Up @@ -98,6 +100,12 @@
'init': {
'path': '/api/v1/tenant/{tenant_uuid}/permission_group/',
'method': 'get'
},
'local': {
'node': {
'path': '/api/v1/tenant/{tenant_uuid}/permission_group/?parent={id}',
'method': 'get',
}
}
}
)
Expand Down
20 changes: 17 additions & 3 deletions api/v1/serializers/group.py
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
from inspect import Parameter
from common.serializer import BaseDynamicFieldModelSerializer
from inventory.models import Group, Permission
from inventory.models import Group, Permission, UserTenantPermissionAndPermissionGroup
from rest_framework import serializers
from drf_spectacular.utils import extend_schema, extend_schema_view
from api.v1.fields.custom import create_foreign_key_field, create_foreign_field
Expand All @@ -10,6 +10,8 @@
from webhook.manager import WebhookManager
from django.db import transaction

import uuid


class GroupBaseSerializer(serializers.ModelSerializer):
class Meta:
Expand Down Expand Up @@ -89,7 +91,6 @@ def create(self, validated_data):
parent = Group.valid_objects.filter(uuid=parent_uuid).first()

o: Group = Group.valid_objects.create(tenant=tenant, name=name, parent=parent)

# if set_permissions is not None:
# o.permissions.clear()
# for p_uuid in set_permissions:
Expand All @@ -116,6 +117,7 @@ def update(self, instance: Group, validated_data):
parent = Group.valid_objects.filter(uuid=parent_uuid).first()
instance.parent = parent

# 更新分组权限
# if set_permissions is not None:
# instance.permissions.clear()
# for p_uuid in set_permissions:
Expand All @@ -126,13 +128,25 @@ def update(self, instance: Group, validated_data):
# instance.permissions.clear()

instance.save()

transaction.on_commit(
lambda: WebhookManager.group_updated(self.context['tenant'].uuid, instance)
)
return instance

def get_children(self, instance):
qs = Group.valid_objects.filter(parent=instance).order_by('id')
userpermissions = UserTenantPermissionAndPermissionGroup.valid_objects.filter(
tenant=instance.tenant,
user=self.context['request'].user,
permission__group_info__isnull=False,
)
group_ids = []
for userpermission in userpermissions:
group_info = userpermission.permission.group_info
group_ids.append(group_info.id)
if len(group_ids) == 0:
group_ids.append(0)
qs = Group.valid_objects.filter(id__in=group_ids,parent=instance).order_by('id')
return [GroupBaseSerializer(q).data for q in qs]


Expand Down
Loading

0 comments on commit 0148a96

Please sign in to comment.