Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

入口权限修改正确,能够开放租户内权限 #1306

Merged
merged 4 commits into from
Sep 23, 2022
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions api/v1/schema/permission_group.py
Original file line number Diff line number Diff line change
Expand Up @@ -97,6 +97,7 @@ class PermissionListSchemaOut(Schema):
id: UUID = Field(title=_("id"))
name: str = Field(title=_("名称"))
is_open: bool = Field(item_action={"path":"/api/v1/tenant/{tenant_id}/permission/{id}/toggle_open", "method":actions.FrontActionMethod.POST.value}, title=_("是否授权给其它租户"))
is_open_other_user: bool = Field(item_action={"path":"/api/v1/tenant/{tenant_id}/permission/{id}/toggle_other_user_open", "method":actions.FrontActionMethod.POST.value}, title=_("是否租户内所有人可见"))
is_system: bool = Field(title=_("是否是系统权限 "))
# class Config:
# model = SystemPermission
Expand Down
85 changes: 84 additions & 1 deletion api/v1/views/permission.py
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,8 @@
REMOVE_USER_SYSTEM_PERMISSION, REMOVE_USER_APP_PERMISSION, OPEN_APP_PERMISSION,
OPEN_SYSTEM_PERMISSION, CLOSE_SYSTEM_PERMISSION, CLOSE_APP_PERMISSION,
ADD_USER_MANY_PERMISSION, ADD_USERGROUP_MANY_PERMISSION, REMOVE_USERGROUP_SYSTEM_PERMISSION,
REMOVE_USERGROUP_APP_PERMISSION,
REMOVE_USERGROUP_APP_PERMISSION, OPEN_OTHER_USER_APP_PERMISSION, OPEN_OTHER_USER_SYSTEM_PERMISSION,
CLOSE_OTHER_USER_SYSTEM_PERMISSION, CLOSE_OTHER_USER_APP_PERMISSION,
)
from arkid.core.constants import NORMAL_USER, TENANT_ADMIN, PLATFORM_ADMIN
from api.v1.schema.permission import *
Expand Down Expand Up @@ -554,5 +555,87 @@ def permission_toggle_open(request, tenant_id: str, permission_id: str):
else:
dispatch_event(Event(tag=OPEN_APP_PERMISSION, tenant=request.tenant, request=request, data=None))
return {'error': ErrorCode.OK.value}
else:
return ErrorDict(ErrorCode.PERMISSION_EXISTS_ERROR)


@api.post("/tenant/{tenant_id}/permission/{permission_id}/toggle_other_user_open", tags=['权限'])
@operation(roles=[TENANT_ADMIN, PLATFORM_ADMIN])
def permission_toggle_other_user_open(request, tenant_id: str, permission_id: str):
'''
切换权限是否开放给本租户其它用户
'''
permission = SystemPermission.valid_objects.filter(
id=permission_id
).first()
if permission and permission.tenant is None:
return ErrorDict(ErrorCode.SYSTEM_PERMISSION_NOT_OPERATION)
if permission is None:
permission = Permission.valid_objects.filter(tenant_id=tenant_id, id=permission_id).first()
if permission:
is_open_other_user = permission.is_open_other_user
if is_open_other_user:
# 原来是打开,现在是关闭
# 需要检查是否是分组如果是分组,需要多加几个
ids = []
if str(permission.id) not in ids:
ids.append(str(permission.id))
if permission.category == 'group' and permission.container.all():
for item in permission.container.all():
if str(item.id) not in ids:
ids.append(str(item.id))
if isinstance(permission, SystemPermission):
permissions = SystemPermission.valid_objects.filter(id__in=ids)
else:
permissions = Permission.valid_objects.filter(id__in=ids)
# 多加几个结束
permissions.update(is_open_other_user=False)
if isinstance(permission, SystemPermission):
system_permissions_info = {
'tenant_id': tenant_id,
'self_user_id': str(request.user.id)
}
sort_ids = []
for permission in permissions:
sort_ids.append(permission.sort_id)
system_permissions_info['sort_ids'] = sort_ids
dispatch_event(Event(tag=CLOSE_OTHER_USER_SYSTEM_PERMISSION, tenant=request.tenant, request=request, data=system_permissions_info))
else:
app_permissions_info = {
'app_id': permission.app_id,
'tenant_id': tenant_id,
'self_user_id': str(request.user.id),
}
sort_ids = []
for permission in permissions:
sort_ids.append(permission.sort_id)
app_permissions_info['sort_ids'] = sort_ids
dispatch_event(Event(tag=CLOSE_OTHER_USER_APP_PERMISSION, tenant=request.tenant, request=request, data=app_permissions_info))
else:
# 原来是关闭,现在是打开
# 需要检查是否是分组如果是分组,需要多加几个
ids = []
if str(permission.id) not in ids:
ids.append(str(permission.id))
if permission.category == 'group' and permission.container.all():
for item in permission.container.all():
if str(item.id) not in ids:
ids.append(str(item.id))
data = {
'ids': ids,
'tenant_id': tenant_id
}
if isinstance(permission, SystemPermission):
permissions = SystemPermission.valid_objects.filter(id__in=ids)
else:
permissions = Permission.valid_objects.filter(id__in=ids)
data['app_id'] = str(permission.app.id)
# 多加几个结束
permissions.update(is_open_other_user=True)
if isinstance(permission, SystemPermission):
dispatch_event(Event(tag=OPEN_OTHER_USER_SYSTEM_PERMISSION, tenant=request.tenant, request=request, data=data))
else:
dispatch_event(Event(tag=OPEN_OTHER_USER_APP_PERMISSION, tenant=request.tenant, request=request, data=data))
return {'error': ErrorCode.OK.value}
else:
return ErrorDict(ErrorCode.PERMISSION_EXISTS_ERROR)
14 changes: 14 additions & 0 deletions arkid/core/event.py
Original file line number Diff line number Diff line change
Expand Up @@ -321,10 +321,17 @@ def unlisten_event(tag, func, **kwargs):
REMOVE_USER_APP_PERMISSION = 'REMOVE_USER_APP_PERMISSION'
REMOVE_USERGROUP_SYSTEM_PERMISSION = 'REMOVE_USERGROUP_SYSTEM_PERMISSION'
REMOVE_USERGROUP_APP_PERMISSION = 'REMOVE_USERGROUP_APP_PERMISSION'

OPEN_APP_PERMISSION = 'OPEN_APP_PERMISSION'
OPEN_SYSTEM_PERMISSION = 'OPEN_SYSTEM_PERMISSION'
CLOSE_SYSTEM_PERMISSION = 'CLOSE_SYSTEM_PERMISSION'
CLOSE_APP_PERMISSION = 'CLOSE_APP_PERMISSION'

OPEN_OTHER_USER_APP_PERMISSION = 'OPEN_OTHER_USER_APP_PERMISSION'
OPEN_OTHER_USER_SYSTEM_PERMISSION = 'OPEN_OTHER_USER_SYSTEM_PERMISSION'
CLOSE_OTHER_USER_SYSTEM_PERMISSION = 'CLOSE_OTHER_USER_SYSTEM_PERMISSION'
CLOSE_OTHER_USER_APP_PERMISSION = 'CLOSE_OTHER_USER_APP_PERMISSION'

UPDATE_ADMIN_ALL_PERMISSION = 'UPDATE_ADMIN_ALL_PERMISSION'
APP_SYNC_PERMISSION = 'APP_SYNC_PERMISSION'

Expand Down Expand Up @@ -440,10 +447,17 @@ def unlisten_event(tag, func, **kwargs):
register_event(CREATE_AUTO_AUTH_CONFIG, _('Create Auto Auth', '添加自动登录'))
register_event(UPDATE_AUTO_AUTH_CONFIG, _('Update Auto Auth', '更新自动登录'))
register_event(DELETE_AUTO_AUTH_CONFIG, _('Delete Auto Auth', '删除自动登录'))

register_event(OPEN_APP_PERMISSION, _('open app permission', '开放应用权限'))
register_event(OPEN_SYSTEM_PERMISSION, _('open system permission', '开放系统权限'))
register_event(CLOSE_SYSTEM_PERMISSION, _('close system permission', '关闭系统权限'))
register_event(CLOSE_APP_PERMISSION, _('close app permission', '关闭应用权限'))

register_event(OPEN_OTHER_USER_APP_PERMISSION, _('open other user app permission', '开放本租户其它用户应用权限'))
register_event(OPEN_OTHER_USER_SYSTEM_PERMISSION, _('open other user system permission', '开放本租户其它用户系统权限'))
register_event(CLOSE_OTHER_USER_SYSTEM_PERMISSION, _('close other user system permission', '关闭本租户其它用户系统权限'))
register_event(CLOSE_OTHER_USER_APP_PERMISSION, _('close other user app permission', '关闭本租户其它用户应用权限'))

register_event(UPDATE_ADMIN_ALL_PERMISSION, _('update admin all permission', '更新所有管理员权限'))
register_event(CREATE_TENANT, _('create tenant', '创建租户'))
register_event(GET_AUTH_RESULT, _('get auth result', '获得权限鉴定结果'))
Expand Down
23 changes: 23 additions & 0 deletions arkid/core/migrations/0029_auto_20220921_1617.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
# Generated by Django 3.2.13 on 2022-09-21 08:17

from django.db import migrations, models


class Migration(migrations.Migration):

dependencies = [
('core', '0028_approverequest_tenant'),
]

operations = [
migrations.AddField(
model_name='permission',
name='is_open_other_user',
field=models.BooleanField(default=False, verbose_name='is open other user'),
),
migrations.AddField(
model_name='systempermission',
name='is_open_other_user',
field=models.BooleanField(default=False, verbose_name='is open other user'),
),
]
4 changes: 4 additions & 0 deletions arkid/core/models.py
Original file line number Diff line number Diff line change
Expand Up @@ -306,6 +306,10 @@ class Meta(object):
is_open = models.BooleanField(
default=False, verbose_name=_('is open', '是否开放给其它租户访问'),
)
is_open_other_user = models.BooleanField(
default=False, verbose_name=_('is open other user', '是否开放给本租户其它用户访问'),
)


def __str__(self):
return '%s' % (self.name)
Expand Down
35 changes: 33 additions & 2 deletions arkid/core/perm/event_listener.py
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,8 @@
UPDATE_ADMIN_ALL_PERMISSION, ADD_USER_MANY_PERMISSION, ADD_USERGROUP_MANY_PERMISSION,
REMOVE_USERGROUP_SYSTEM_PERMISSION, REMOVE_USERGROUP_APP_PERMISSION,
UPDATE_GROUP_PERMISSION, CREATE_TENANT, APP_SYNC_PERMISSION,
OPEN_OTHER_USER_APP_PERMISSION, OPEN_OTHER_USER_SYSTEM_PERMISSION, CLOSE_OTHER_USER_SYSTEM_PERMISSION,
CLOSE_OTHER_USER_APP_PERMISSION,
)
import uuid

Expand Down Expand Up @@ -115,11 +117,17 @@ def __init__(self):
core_event.listen_event(REMOVE_USER_APP_PERMISSION, self.remove_user_app_permission)
core_event.listen_event(REMOVE_USERGROUP_SYSTEM_PERMISSION, self.remove_system_permission_to_usergroup)
core_event.listen_event(REMOVE_USERGROUP_APP_PERMISSION, self.remove_app_permission_to_usergroup)

core_event.listen_event(OPEN_APP_PERMISSION, self.update_open_app_permission_admin)
core_event.listen_event(OPEN_SYSTEM_PERMISSION, self.update_open_system_permission_admin)
core_event.listen_event(CLOSE_APP_PERMISSION, self.update_close_app_permission_user)
core_event.listen_event(CLOSE_SYSTEM_PERMISSION, self.update_close_system_permission_user)

core_event.listen_event(OPEN_OTHER_USER_APP_PERMISSION, self.update_open_other_user_app_permission)
core_event.listen_event(OPEN_OTHER_USER_SYSTEM_PERMISSION, self.update_open_other_user_system_permission)
core_event.listen_event(CLOSE_OTHER_USER_SYSTEM_PERMISSION, self.update_close_other_user_system_permission)
core_event.listen_event(CLOSE_OTHER_USER_APP_PERMISSION, self.update_close_other_user_app_permission)

# def register(self, event, **kwargs):
# from arkid.core.tasks.tasks import update_single_user_system_permission_and_app_permisssion
# user = event.data
Expand All @@ -129,10 +137,9 @@ def __init__(self):
def create_tenant(self, event, **kwargs):
tenant = event.tenant
user = event.data
# 创建管理员权限和初始化各种权限
from arkid.core.tasks.tasks import create_tenant_init_manager
create_tenant_init_manager.delay(tenant.id, user.id)
# permissiondata = PermissionData()
# permissiondata.create_tenant_user_admin_permission(tenant, user)

def app_start(self, event, **kwargs):
from arkid.core.tasks.tasks import update_system_permission
Expand Down Expand Up @@ -296,6 +303,30 @@ def update_open_system_app_permission_admin(self, event, **kwargs):
update_open_system_app_permission_admin.delay()
return True

def update_open_other_user_app_permission(self, event, **kwargs):
data = event.data
from arkid.core.tasks.tasks import update_open_other_user_app_permission
update_open_other_user_app_permission.delay(data)
return True

def update_open_other_user_system_permission(self, event, **kwargs):
data = event.data
from arkid.core.tasks.tasks import update_open_other_user_system_permission
update_open_other_user_system_permission.delay(data)
return True

def update_close_other_user_app_permission(self, event, **kwargs):
data = event.data
from arkid.core.tasks.tasks import update_close_other_user_app_permission
update_close_other_user_app_permission.delay(data)
return True

def update_close_other_user_system_permission(self, event, **kwargs):
data = event.data
from arkid.core.tasks.tasks import update_close_other_user_system_permission
update_close_other_user_system_permission.delay(data)
return True

def update_group_permission_permission(self, event, **kwargs):
permission = event.data
tenant = event.tenant
Expand Down
Loading