Merge pull request #1215 from longguikeji/v2.5-dev

V2.5 dev
longguikeji · Aug 29, 2022 · 90144d3 · 90144d3
2 parents 9fe0bf3 + 87a8f87
commit 90144d3
Show file tree

Hide file tree

Showing 7 changed files with 28 additions and 16 deletions.
diff --git a/api/v1/views/app.py b/api/v1/views/app.py
@@ -109,7 +109,7 @@ def get_app(request, tenant_id: str, id: str):
     return {"data":app}
 
 @api.get("/tenant/{tenant_id}/apps/{app_id}/openapi_version/", response=ConfigOpenApiVersionDataSchemaOut, tags=['应用'])
-@operation(roles=[TENANT_ADMIN, PLATFORM_ADMIN, NORMAL_USER])
+@operation(roles=[PLATFORM_ADMIN, NORMAL_USER])
 def get_app_openapi_version(request, tenant_id: str, app_id: str):
     '''
     获取app的openapi地址和版本

diff --git a/arkid/common/arkstore.py b/arkid/common/arkstore.py
@@ -66,9 +66,15 @@ def get_arkstore_access_token(tenant, token, use_cache=True):
     """
     获取插件商店access_token
     """
-    saas_token, saas_tenant_id, saas_tenant_slug = get_saas_token(tenant, token, use_cache=use_cache)
-    return get_arkstore_access_token_with_saas_token(saas_tenant_slug, saas_tenant_id, saas_token, 
-        use_cache=use_cache, local_tenant=tenant, local_token=token)
+    try:
+        saas_token, saas_tenant_id, saas_tenant_slug = get_saas_token(tenant, token, use_cache=use_cache)
+        return get_arkstore_access_token_with_saas_token(saas_tenant_slug, saas_tenant_id, saas_token, 
+            use_cache=use_cache, local_tenant=tenant, local_token=token)
+    except Exception as e:
+        logger.error(f'get_arkstore_access_token failed: {str(e)}, give it a retry')
+        saas_token, saas_tenant_id, saas_tenant_slug = get_saas_token(tenant, token, use_cache=False)
+        return get_arkstore_access_token_with_saas_token(saas_tenant_slug, saas_tenant_id, saas_token, 
+            use_cache=False, local_tenant=tenant, local_token=token)
 
 
 arkstore_access_token_saas_cache = {}
@@ -102,8 +108,12 @@ def get_arkstore_access_token_with_saas_token(saas_tenant_slug, saas_tenant_id,
     resp = requests.get(app_login_url, params=params)
     if resp.status_code != 200:
         arkstore_access_token_saas_cache.pop(key, None)
-        raise Exception(f'Error get_arkstore_access_token_with_saas_token: {resp.status_code}')
-    resp = resp.json()
+        raise Exception(f'Error get_arkstore_access_token_with_saas_token: {resp.status_code}, url: {resp.url}')
+    try:
+        resp = resp.json()
+    except:
+        from urllib.parse import urlencode, unquote
+        raise Exception(f'Error get_arkstore_access_token_with_saas_token: {resp.status_code}, url: {unquote(resp.url)}')
     arkstore_access_token_saas_cache[key] = resp['access_token']
     return arkstore_access_token_saas_cache[key] 
 

diff --git a/arkid/core/perm/permission_data.py b/arkid/core/perm/permission_data.py
@@ -2099,7 +2099,6 @@ def check_app_entry_permission(self, request, type, kwargs):
         permission = app.entry_permission
         if not permission:
             return False, '没有找到入口权限'
-
         result = self.permission_check_by_sortid(permission, user, app, tenant_id)
         if not result:
             return False, '没有获得授权使用'

diff --git a/arkid/core/routers.py b/arkid/core/routers.py
@@ -158,7 +158,7 @@ def unregister_front_routers(routers, primary: FrontRouter = None):
         primary (str, optional): 主路由. Defaults to ''.
     """
     if not isinstance(routers, tuple) or not isinstance(routers, list):
-        routers = list(routers)
+        routers = [routers]
 
     if primary:
         for router in routers:

diff --git a/arkid/core/tasks/tasks.py b/arkid/core/tasks/tasks.py
@@ -154,6 +154,8 @@ def create_tenant_init_manager(tenant_id, user_id):
     user = User.objects.filter(id=user_id).first()
     permissiondata = PermissionData()
     permissiondata.create_tenant_user_admin_permission(tenant, user)
+    permissiondata.update_open_system_permission_admin()
+    permissiondata.update_open_app_permission_admin()
 
 @app.task
 def init_core_code():

diff --git a/oauth2_provider/oauth2_backends.py b/oauth2_provider/oauth2_backends.py
@@ -118,6 +118,7 @@ def create_authorization_response(self, request, scopes, credentials, allow):
                 raise oauth2.AccessDeniedError(state=credentials.get("state", None))
 
             # add current user to credentials. this will be used by OAUTH2_VALIDATOR_CLASS
+            request.user.current_tenant = request.tenant
             credentials["user"] = request.user
 
             headers, body, status = self.server.create_authorization_response(

diff --git a/oauth2_provider/oauth2_validators.py b/oauth2_provider/oauth2_validators.py
@@ -395,7 +395,7 @@ def validate_bearer_token(self, token, scopes, request):
         if access_token and access_token.is_valid(scopes):
             request.client = access_token.application
             request.user = access_token.user
-            request.user.tenant = access_token.tenant
+            request.user.current_tenant = access_token.tenant
             request.scopes = scopes
 
             # this is needed by django rest framework
@@ -411,7 +411,7 @@ def validate_code(self, client_id, code, client, request, *args, **kwargs):
             if not grant.is_expired():
                 request.scopes = grant.scope.split(" ")
                 request.user = grant.user
-                request.user.tenant = grant.tenant
+                request.user.current_tenant = grant.tenant
                 if grant.nonce:
                     request.nonce = grant.nonce
                 if grant.claims:
@@ -612,7 +612,7 @@ def _create_access_token(self, expires, request, token, source_refresh_token=Non
             id_token = IDToken.objects.get(token=id_token)
         return AccessToken.objects.create(
             user=request.user,
-            tenant=request.user.tenant,
+            tenant=request.user.current_tenant,
             scope=token["scope"],
             expires=expires,
             token=token["access_token"],
@@ -627,7 +627,7 @@ def _create_authorization_code(self, request, code, expires=None):
         return Grant.objects.create(
             application=request.client,
             user=request.user,
-            tenant=request.user.tenant,
+            tenant=request.user.current_tenant,
             code=code["code"],
             expires=expires,
             redirect_uri=request.redirect_uri,
@@ -724,7 +724,7 @@ def _save_id_token(self, token, request, expires, *args, **kwargs):
 
         id_token = IDToken.objects.create(
             user=request.user,
-            tenant=request.user.tenant,
+            tenant=request.user.current_tenant,
             scope=scopes,
             expires=expires,
             token=token,
@@ -910,7 +910,7 @@ def get_userinfo_claims(self, request):
     def get_additional_claims(self, request):
         groups = []
         user = request.user
-        tenant = user.tenant
+        tenant = user.current_tenant
         # for group in user.groups.all():
         #     groups.append(group.name)
         if tenant.has_admin_perm(user) and 'tenant_admin' not in groups:
@@ -924,6 +924,6 @@ def get_additional_claims(self, request):
             # 'family_name': request.user.last_name,
             # 'email': request.user.email,
             'groups': groups,
-            'tenant_id': str(request.user.tenant.id),
-            "tenant_slug": request.user.tenant.slug,
+            'tenant_id': str(request.user.current_tenant.id),
+            "tenant_slug": request.user.current_tenant.slug,
         }