diff --git a/api/v1/schema/permission_group.py b/api/v1/schema/permission_group.py index b8af78448..21bb96160 100644 --- a/api/v1/schema/permission_group.py +++ b/api/v1/schema/permission_group.py @@ -97,6 +97,7 @@ class PermissionListSchemaOut(Schema): id: UUID = Field(title=_("id")) name: str = Field(title=_("名称")) is_open: bool = Field(item_action={"path":"/api/v1/tenant/{tenant_id}/permission/{id}/toggle_open", "method":actions.FrontActionMethod.POST.value}, title=_("是否授权给其它租户")) + is_open_other_user: bool = Field(item_action={"path":"/api/v1/tenant/{tenant_id}/permission/{id}/toggle_other_user_open", "method":actions.FrontActionMethod.POST.value}, title=_("是否租户内所有人可见")) is_system: bool = Field(title=_("是否是系统权限 ")) # class Config: # model = SystemPermission diff --git a/api/v1/views/permission.py b/api/v1/views/permission.py index 818303aba..3d0873ce6 100644 --- a/api/v1/views/permission.py +++ b/api/v1/views/permission.py @@ -14,7 +14,8 @@ REMOVE_USER_SYSTEM_PERMISSION, REMOVE_USER_APP_PERMISSION, OPEN_APP_PERMISSION, OPEN_SYSTEM_PERMISSION, CLOSE_SYSTEM_PERMISSION, CLOSE_APP_PERMISSION, ADD_USER_MANY_PERMISSION, ADD_USERGROUP_MANY_PERMISSION, REMOVE_USERGROUP_SYSTEM_PERMISSION, - REMOVE_USERGROUP_APP_PERMISSION, + REMOVE_USERGROUP_APP_PERMISSION, OPEN_OTHER_USER_APP_PERMISSION, OPEN_OTHER_USER_SYSTEM_PERMISSION, + CLOSE_OTHER_USER_SYSTEM_PERMISSION, CLOSE_OTHER_USER_APP_PERMISSION, ) from arkid.core.constants import NORMAL_USER, TENANT_ADMIN, PLATFORM_ADMIN from api.v1.schema.permission import * @@ -554,5 +555,87 @@ def permission_toggle_open(request, tenant_id: str, permission_id: str): else: dispatch_event(Event(tag=OPEN_APP_PERMISSION, tenant=request.tenant, request=request, data=None)) return {'error': ErrorCode.OK.value} + else: + return ErrorDict(ErrorCode.PERMISSION_EXISTS_ERROR) + + +@api.post("/tenant/{tenant_id}/permission/{permission_id}/toggle_other_user_open", tags=['权限']) +@operation(roles=[TENANT_ADMIN, PLATFORM_ADMIN]) +def permission_toggle_other_user_open(request, tenant_id: str, permission_id: str): + ''' + 切换权限是否开放给本租户其它用户 + ''' + permission = SystemPermission.valid_objects.filter( + id=permission_id + ).first() + if permission and permission.tenant is None: + return ErrorDict(ErrorCode.SYSTEM_PERMISSION_NOT_OPERATION) + if permission is None: + permission = Permission.valid_objects.filter(tenant_id=tenant_id, id=permission_id).first() + if permission: + is_open_other_user = permission.is_open_other_user + if is_open_other_user: + # 原来是打开,现在是关闭 + # 需要检查是否是分组如果是分组,需要多加几个 + ids = [] + if str(permission.id) not in ids: + ids.append(str(permission.id)) + if permission.category == 'group' and permission.container.all(): + for item in permission.container.all(): + if str(item.id) not in ids: + ids.append(str(item.id)) + if isinstance(permission, SystemPermission): + permissions = SystemPermission.valid_objects.filter(id__in=ids) + else: + permissions = Permission.valid_objects.filter(id__in=ids) + # 多加几个结束 + permissions.update(is_open_other_user=False) + if isinstance(permission, SystemPermission): + system_permissions_info = { + 'tenant_id': tenant_id, + 'self_user_id': str(request.user.id) + } + sort_ids = [] + for permission in permissions: + sort_ids.append(permission.sort_id) + system_permissions_info['sort_ids'] = sort_ids + dispatch_event(Event(tag=CLOSE_OTHER_USER_SYSTEM_PERMISSION, tenant=request.tenant, request=request, data=system_permissions_info)) + else: + app_permissions_info = { + 'app_id': permission.app_id, + 'tenant_id': tenant_id, + 'self_user_id': str(request.user.id), + } + sort_ids = [] + for permission in permissions: + sort_ids.append(permission.sort_id) + app_permissions_info['sort_ids'] = sort_ids + dispatch_event(Event(tag=CLOSE_OTHER_USER_APP_PERMISSION, tenant=request.tenant, request=request, data=app_permissions_info)) + else: + # 原来是关闭,现在是打开 + # 需要检查是否是分组如果是分组,需要多加几个 + ids = [] + if str(permission.id) not in ids: + ids.append(str(permission.id)) + if permission.category == 'group' and permission.container.all(): + for item in permission.container.all(): + if str(item.id) not in ids: + ids.append(str(item.id)) + data = { + 'ids': ids, + 'tenant_id': tenant_id + } + if isinstance(permission, SystemPermission): + permissions = SystemPermission.valid_objects.filter(id__in=ids) + else: + permissions = Permission.valid_objects.filter(id__in=ids) + data['app_id'] = str(permission.app.id) + # 多加几个结束 + permissions.update(is_open_other_user=True) + if isinstance(permission, SystemPermission): + dispatch_event(Event(tag=OPEN_OTHER_USER_SYSTEM_PERMISSION, tenant=request.tenant, request=request, data=data)) + else: + dispatch_event(Event(tag=OPEN_OTHER_USER_APP_PERMISSION, tenant=request.tenant, request=request, data=data)) + return {'error': ErrorCode.OK.value} else: return ErrorDict(ErrorCode.PERMISSION_EXISTS_ERROR) \ No newline at end of file diff --git a/arkid/core/event.py b/arkid/core/event.py index 02dfc5026..cb7b165bf 100644 --- a/arkid/core/event.py +++ b/arkid/core/event.py @@ -321,10 +321,17 @@ def unlisten_event(tag, func, **kwargs): REMOVE_USER_APP_PERMISSION = 'REMOVE_USER_APP_PERMISSION' REMOVE_USERGROUP_SYSTEM_PERMISSION = 'REMOVE_USERGROUP_SYSTEM_PERMISSION' REMOVE_USERGROUP_APP_PERMISSION = 'REMOVE_USERGROUP_APP_PERMISSION' + OPEN_APP_PERMISSION = 'OPEN_APP_PERMISSION' OPEN_SYSTEM_PERMISSION = 'OPEN_SYSTEM_PERMISSION' CLOSE_SYSTEM_PERMISSION = 'CLOSE_SYSTEM_PERMISSION' CLOSE_APP_PERMISSION = 'CLOSE_APP_PERMISSION' + +OPEN_OTHER_USER_APP_PERMISSION = 'OPEN_OTHER_USER_APP_PERMISSION' +OPEN_OTHER_USER_SYSTEM_PERMISSION = 'OPEN_OTHER_USER_SYSTEM_PERMISSION' +CLOSE_OTHER_USER_SYSTEM_PERMISSION = 'CLOSE_OTHER_USER_SYSTEM_PERMISSION' +CLOSE_OTHER_USER_APP_PERMISSION = 'CLOSE_OTHER_USER_APP_PERMISSION' + UPDATE_ADMIN_ALL_PERMISSION = 'UPDATE_ADMIN_ALL_PERMISSION' APP_SYNC_PERMISSION = 'APP_SYNC_PERMISSION' @@ -440,10 +447,17 @@ def unlisten_event(tag, func, **kwargs): register_event(CREATE_AUTO_AUTH_CONFIG, _('Create Auto Auth', '添加自动登录')) register_event(UPDATE_AUTO_AUTH_CONFIG, _('Update Auto Auth', '更新自动登录')) register_event(DELETE_AUTO_AUTH_CONFIG, _('Delete Auto Auth', '删除自动登录')) + register_event(OPEN_APP_PERMISSION, _('open app permission', '开放应用权限')) register_event(OPEN_SYSTEM_PERMISSION, _('open system permission', '开放系统权限')) register_event(CLOSE_SYSTEM_PERMISSION, _('close system permission', '关闭系统权限')) register_event(CLOSE_APP_PERMISSION, _('close app permission', '关闭应用权限')) + +register_event(OPEN_OTHER_USER_APP_PERMISSION, _('open other user app permission', '开放本租户其它用户应用权限')) +register_event(OPEN_OTHER_USER_SYSTEM_PERMISSION, _('open other user system permission', '开放本租户其它用户系统权限')) +register_event(CLOSE_OTHER_USER_SYSTEM_PERMISSION, _('close other user system permission', '关闭本租户其它用户系统权限')) +register_event(CLOSE_OTHER_USER_APP_PERMISSION, _('close other user app permission', '关闭本租户其它用户应用权限')) + register_event(UPDATE_ADMIN_ALL_PERMISSION, _('update admin all permission', '更新所有管理员权限')) register_event(CREATE_TENANT, _('create tenant', '创建租户')) register_event(GET_AUTH_RESULT, _('get auth result', '获得权限鉴定结果')) diff --git a/arkid/core/migrations/0029_auto_20220921_1617.py b/arkid/core/migrations/0029_auto_20220921_1617.py new file mode 100644 index 000000000..cd19999d4 --- /dev/null +++ b/arkid/core/migrations/0029_auto_20220921_1617.py @@ -0,0 +1,23 @@ +# Generated by Django 3.2.13 on 2022-09-21 08:17 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('core', '0028_approverequest_tenant'), + ] + + operations = [ + migrations.AddField( + model_name='permission', + name='is_open_other_user', + field=models.BooleanField(default=False, verbose_name='is open other user'), + ), + migrations.AddField( + model_name='systempermission', + name='is_open_other_user', + field=models.BooleanField(default=False, verbose_name='is open other user'), + ), + ] diff --git a/arkid/core/models.py b/arkid/core/models.py index 61e18c9e5..28cd440e9 100644 --- a/arkid/core/models.py +++ b/arkid/core/models.py @@ -306,6 +306,10 @@ class Meta(object): is_open = models.BooleanField( default=False, verbose_name=_('is open', '是否开放给其它租户访问'), ) + is_open_other_user = models.BooleanField( + default=False, verbose_name=_('is open other user', '是否开放给本租户其它用户访问'), + ) + def __str__(self): return '%s' % (self.name) diff --git a/arkid/core/perm/event_listener.py b/arkid/core/perm/event_listener.py index 85ca78fa4..5e0c854aa 100644 --- a/arkid/core/perm/event_listener.py +++ b/arkid/core/perm/event_listener.py @@ -18,6 +18,8 @@ UPDATE_ADMIN_ALL_PERMISSION, ADD_USER_MANY_PERMISSION, ADD_USERGROUP_MANY_PERMISSION, REMOVE_USERGROUP_SYSTEM_PERMISSION, REMOVE_USERGROUP_APP_PERMISSION, UPDATE_GROUP_PERMISSION, CREATE_TENANT, APP_SYNC_PERMISSION, + OPEN_OTHER_USER_APP_PERMISSION, OPEN_OTHER_USER_SYSTEM_PERMISSION, CLOSE_OTHER_USER_SYSTEM_PERMISSION, + CLOSE_OTHER_USER_APP_PERMISSION, ) import uuid @@ -115,11 +117,17 @@ def __init__(self): core_event.listen_event(REMOVE_USER_APP_PERMISSION, self.remove_user_app_permission) core_event.listen_event(REMOVE_USERGROUP_SYSTEM_PERMISSION, self.remove_system_permission_to_usergroup) core_event.listen_event(REMOVE_USERGROUP_APP_PERMISSION, self.remove_app_permission_to_usergroup) + core_event.listen_event(OPEN_APP_PERMISSION, self.update_open_app_permission_admin) core_event.listen_event(OPEN_SYSTEM_PERMISSION, self.update_open_system_permission_admin) core_event.listen_event(CLOSE_APP_PERMISSION, self.update_close_app_permission_user) core_event.listen_event(CLOSE_SYSTEM_PERMISSION, self.update_close_system_permission_user) + core_event.listen_event(OPEN_OTHER_USER_APP_PERMISSION, self.update_open_other_user_app_permission) + core_event.listen_event(OPEN_OTHER_USER_SYSTEM_PERMISSION, self.update_open_other_user_system_permission) + core_event.listen_event(CLOSE_OTHER_USER_SYSTEM_PERMISSION, self.update_close_other_user_system_permission) + core_event.listen_event(CLOSE_OTHER_USER_APP_PERMISSION, self.update_close_other_user_app_permission) + # def register(self, event, **kwargs): # from arkid.core.tasks.tasks import update_single_user_system_permission_and_app_permisssion # user = event.data @@ -129,10 +137,9 @@ def __init__(self): def create_tenant(self, event, **kwargs): tenant = event.tenant user = event.data + # 创建管理员权限和初始化各种权限 from arkid.core.tasks.tasks import create_tenant_init_manager create_tenant_init_manager.delay(tenant.id, user.id) - # permissiondata = PermissionData() - # permissiondata.create_tenant_user_admin_permission(tenant, user) def app_start(self, event, **kwargs): from arkid.core.tasks.tasks import update_system_permission @@ -296,6 +303,30 @@ def update_open_system_app_permission_admin(self, event, **kwargs): update_open_system_app_permission_admin.delay() return True + def update_open_other_user_app_permission(self, event, **kwargs): + data = event.data + from arkid.core.tasks.tasks import update_open_other_user_app_permission + update_open_other_user_app_permission.delay(data) + return True + + def update_open_other_user_system_permission(self, event, **kwargs): + data = event.data + from arkid.core.tasks.tasks import update_open_other_user_system_permission + update_open_other_user_system_permission.delay(data) + return True + + def update_close_other_user_app_permission(self, event, **kwargs): + data = event.data + from arkid.core.tasks.tasks import update_close_other_user_app_permission + update_close_other_user_app_permission.delay(data) + return True + + def update_close_other_user_system_permission(self, event, **kwargs): + data = event.data + from arkid.core.tasks.tasks import update_close_other_user_system_permission + update_close_other_user_system_permission.delay(data) + return True + def update_group_permission_permission(self, event, **kwargs): permission = event.data tenant = event.tenant diff --git a/arkid/core/perm/permission_data.py b/arkid/core/perm/permission_data.py index 515c15875..818c23daf 100644 --- a/arkid/core/perm/permission_data.py +++ b/arkid/core/perm/permission_data.py @@ -671,6 +671,14 @@ def update_arkid_single_user_permission(self, tenant, auth_user, pass_permission if container: for item in container: data_dict.get(item).is_pass = 1 + elif data_item.is_open_other_user is True and data_item.tenant == auth_user.tenant: + data_item.is_pass = 1 + describe = data_item.describe + if describe: + container = describe.get('sort_ids', []) + if container: + for item in container: + data_dict.get(item).is_pass = 1 elif hasattr(data_item, 'is_pass') is False: data_item.is_pass = 0 else: @@ -1161,6 +1169,14 @@ def update_app_single_user_permission_detail(self, tenant, auth_user, app, pass_ if container: for item in container: data_dict.get(item).is_pass = 1 + elif data_item.is_open_other_user is True and data_item.tenant == auth_user.tenant: + data_item.is_pass = 1 + describe = data_item.describe + if describe: + container = describe.get('sort_ids', []) + if container: + for item in container: + data_dict.get(item).is_pass = 1 elif hasattr(data_item, 'is_pass') is False: data_item.is_pass = 0 else: @@ -1417,6 +1433,7 @@ def get_permissions_by_search(self, tenant_id, app_id, user_id, group_id, login_ if app_name: app_name = app_name.strip() permissions = permissions.filter(app__name__icontains=app_name) + systempermissions = systempermissions.filter(id__isnull=True) if category: category = category.strip() permissions = permissions.filter(category__icontains=category) @@ -1706,6 +1723,7 @@ def get_permissions_by_mine_search(self, tenant_id, app_id, user_id, group_id, l if app_name: app_name = app_name.strip() permissions = permissions.filter(app__name__icontains=app_name) + systempermissions = systempermissions.filter(id__isnull=True) if category: category = category.strip() permissions = permissions.filter(category__icontains=category) @@ -1877,6 +1895,7 @@ def get_group_permissions_by_search(self, tenant_id, select_usergroup_id, app_na if app_name: app_name = app_name.strip() permissions = permissions.filter(app__name__icontains=app_name) + systempermissions = systempermissions.filter(id__isnull=True) if category: category = category.strip() permissions = permissions.filter(category__icontains=category) @@ -2647,6 +2666,205 @@ def delete_child_man(self, user, tenant): userpermissionresult.save() return True + def update_open_other_user_app_permission(self, data): + ''' + 开放应用权限给本租户内的其他人 + data = { + 'ids': ids, + 'tenant_id': tenant_id, + 'app_id': app_id + } + ''' + tenant_id = data.get('tenant_id', None) + ids = data.get('ids', []) + app_id = data.get('app_id') + # 人员信息 + users = User.valid_objects.filter(tenant_id=tenant_id) + # 应用 + app = App.valid_objects.filter(id=app_id).first() + # 权限内容 + sort_ids = [] + permissions = Permission.objects.filter(app_id=app_id, id__in=ids).order_by('-sort_id') + max_sort_id = -1 + for permission in permissions: + sort_id = permission.sort_id + sort_ids.append(sort_id) + if sort_id > max_sort_id: + max_sort_id = sort_id + last_len = max_sort_id+1 + # 从小到大排序 + sort_ids.sort() + # 拿到所有的结果字符串 + userpermissionresults = UserPermissionResult.valid_objects.filter(app_id=app_id, tenant_id=tenant_id, user__in=users) + + if len(userpermissionresults) != len(users): + # 如果记录条数和用户数不一致,就证明需要新建几条有效记录 + temp_user_ids = [] + temp_userpermissionresults = [] + for user in users: + temp_user_ids.append(str(user.id)) + tenant = None + for userpermissionresult in userpermissionresults: + temp_user_ids.remove(str(userpermissionresult.user.id)) + ## 复制下有的记录 + temp_userpermissionresults.append(userpermissionresult) + tenant = userpermissionresult.tenant + if temp_user_ids: + temp_users = users.filter(id__in=temp_user_ids) + compress = Compress() + for temp_user in temp_users: + temp_userpermissionresult = UserPermissionResult() + temp_userpermissionresult.user = temp_user + temp_userpermissionresult.tenant = tenant + temp_userpermissionresult.app = app + ### 值只是临时存下 + temp_userpermissionresult.result = compress.encrypt("".join(map(str, [00000]))) + #### 放在值数组里 + temp_userpermissionresults.append(temp_userpermissionresult) + userpermissionresults = temp_userpermissionresults + + compress = Compress() + for userpermissionresult in userpermissionresults: + permission_result = compress.decrypt(userpermissionresult.result) + permission_result_arr = list(permission_result) + if len(permission_result_arr) < last_len: + diff = last_len - len(permission_result_arr) + for i in range(diff): + permission_result_arr.append(0) + for index,value in enumerate(permission_result_arr): + if index in sort_ids: + permission_result_arr[index] = 1 + # 拼接结果 + permission_result = "".join(map(str, permission_result_arr)) + compress_str_result = compress.encrypt(permission_result) + userpermissionresult.result = compress_str_result + userpermissionresult.save() + + def update_open_other_user_system_permission(self, data): + ''' + 开放系统权限给本租户内的其他人 + data = { + 'ids': ids, + 'tenant_id': tenant_id + } + ''' + tenant_id = data.get('tenant_id', None) + ids = data.get('ids', []) + # 人员信息 + users = User.valid_objects.filter(tenant_id=tenant_id) + sort_ids = [] + permissions = SystemPermission.objects.filter(id__in=ids).order_by('-sort_id') + max_sort_id = -1 + for permission in permissions: + sort_id = permission.sort_id + sort_ids.append(sort_id) + if sort_id > max_sort_id: + max_sort_id = sort_id + last_len = max_sort_id+1 + # 从小到大排序 + sort_ids.sort() + # 拿到所有的结果字符串 + userpermissionresults = UserPermissionResult.valid_objects.filter(tenant_id=tenant_id, user__in=users, app=None) + compress = Compress() + for userpermissionresult in userpermissionresults: + permission_result = compress.decrypt(userpermissionresult.result) + permission_result_arr = list(permission_result) + if len(permission_result_arr) < last_len: + diff = last_len - len(permission_result_arr) + for i in range(diff): + permission_result_arr.append(0) + for index,value in enumerate(permission_result_arr): + if index in sort_ids: + permission_result_arr[index] = 1 + # 拼接结果 + permission_result = "".join(map(str, permission_result_arr)) + compress_str_result = compress.encrypt(permission_result) + userpermissionresult.result = compress_str_result + userpermissionresult.save() + + def update_close_other_user_app_permission(self, app_permissions_info): + ''' + 关闭本租户内的其他人应用权限 + app_permissions_info = { + 'app_id': permission.app_id, + 'tenant_id': tenant_id, + 'sort_ids': sort_ids, + 'self_user_id': self_user_id + } + ''' + sort_ids = app_permissions_info.get('sort_ids', []) + tenant_id = app_permissions_info.get('tenant_id', None) + app_id = app_permissions_info.get('app_id') + self_user_id = app_permissions_info.get('self_user_id') + # 人员信息 + users = User.valid_objects.filter(tenant_id=tenant_id).exclude(id=self_user_id) + # 权限内容 + max_sort_id = -1 + for sort_id in sort_ids: + if sort_id > max_sort_id: + max_sort_id = sort_id + last_len = max_sort_id+1 + # 从小到大排序 + sort_ids.sort() + # 拿到所有的结果字符串 + userpermissionresults = UserPermissionResult.valid_objects.filter(app_id=app_id, tenant_id=tenant_id, user__in=users) + compress = Compress() + for userpermissionresult in userpermissionresults: + permission_result = compress.decrypt(userpermissionresult.result) + permission_result_arr = list(permission_result) + if len(permission_result_arr) < last_len: + diff = last_len - len(permission_result_arr) + for i in range(diff): + permission_result_arr.append(0) + for index,value in enumerate(permission_result_arr): + if index in sort_ids: + permission_result_arr[index] = 0 + # 拼接结果 + permission_result = "".join(map(str, permission_result_arr)) + compress_str_result = compress.encrypt(permission_result) + userpermissionresult.result = compress_str_result + userpermissionresult.save() + + def update_close_other_user_system_permission(self, system_permissions_info): + ''' + 关闭本租户内的其他人系统权限 + system_permissions_info = { + 'tenant_id': tenant_id, + 'sort_ids': sort_ids, + 'self_user_id': self_user_id + } + ''' + sort_ids = system_permissions_info.get('sort_ids', []) + tenant_id = system_permissions_info.get('tenant_id', None) + self_user_id = system_permissions_info.get('self_user_id') + # 人员信息 + users = User.valid_objects.filter(tenant_id=tenant_id).exclude(id=self_user_id) + # 权限内容 + max_sort_id = -1 + for sort_id in sort_ids: + if sort_id > max_sort_id: + max_sort_id = sort_id + last_len = max_sort_id+1 + # 从小到大排序 + sort_ids.sort() + # 拿到所有的结果字符串 + userpermissionresults = UserPermissionResult.valid_objects.filter(app=None, tenant_id=tenant_id, user__in=users) + compress = Compress() + for userpermissionresult in userpermissionresults: + permission_result = compress.decrypt(userpermissionresult.result) + permission_result_arr = list(permission_result) + if len(permission_result_arr) < last_len: + diff = last_len - len(permission_result_arr) + for i in range(diff): + permission_result_arr.append(0) + for index,value in enumerate(permission_result_arr): + if index in sort_ids: + permission_result_arr[index] = 0 + # 拼接结果 + permission_result = "".join(map(str, permission_result_arr)) + compress_str_result = compress.encrypt(permission_result) + userpermissionresult.result = compress_str_result + userpermissionresult.save() def update_close_system_permission_user(self, system_permissions_info): ''' @@ -2924,7 +3142,8 @@ def get_all_user_app(self, tenant_id): ''' uprs = UserPermissionResult.valid_objects.filter( tenant_id=tenant_id, - app__isnull=False + app__isnull=False, + app__is_del=False ) items = [] for upr in uprs: diff --git a/arkid/core/tasks/tasks.py b/arkid/core/tasks/tasks.py index bc9dc96fd..672502c00 100644 --- a/arkid/core/tasks/tasks.py +++ b/arkid/core/tasks/tasks.py @@ -138,6 +138,37 @@ def update_close_app_permission_user(items): permissiondata = PermissionData() permissiondata.update_close_app_permission_user(items) +@app.task +def update_open_other_user_app_permission(data): + ''' + 开放应用权限给本租户内的其他人 + ''' + permissiondata = PermissionData() + permissiondata.update_open_other_user_app_permission(data) + +@app.task +def update_open_other_user_system_permission(data): + ''' + 开放系统权限给本租户内的其他人 + ''' + permissiondata = PermissionData() + permissiondata.update_open_other_user_system_permission(data) + +@app.task +def update_close_other_user_app_permission(items): + ''' + 关闭本租户内的其他人应用权限 + ''' + permissiondata = PermissionData() + permissiondata.update_close_other_user_app_permission(items) + +@app.task +def update_close_other_user_system_permission(items): + ''' + 关闭本租户内的其他人系统权限 + ''' + permissiondata = PermissionData() + permissiondata.update_close_other_user_system_permission(items) @app.task def update_system_permission(): @@ -156,6 +187,9 @@ def create_tenant_init_manager(tenant_id, user_id): permissiondata.create_tenant_user_admin_permission(tenant, user) permissiondata.update_open_system_permission_admin() permissiondata.update_open_app_permission_admin() + apps = App.valid_objects.filter(tenant=tenant) + for app in apps: + permissiondata.add_system_permission_to_user(str(tenant.id), str(user.id), str(app.entry_permission.id)) @app.task def init_core_code(): @@ -180,7 +214,6 @@ def init_core_code(): from django.conf import settings if not settings.IS_CENTRAL_ARKID: bind_arkid_saas_all_tenants() - @app.task