Merge pull request #1306 from longguikeji/feature-402

入口权限修改正确，能够开放租户内权限
longguikeji · Sep 23, 2022 · 9a1a9de · 9a1a9de
2 parents 561155e + 38414eb
commit 9a1a9de
Show file tree

Hide file tree

Showing 8 changed files with 413 additions and 5 deletions.
diff --git a/api/v1/schema/permission_group.py b/api/v1/schema/permission_group.py
@@ -97,6 +97,7 @@ class PermissionListSchemaOut(Schema):
     id: UUID = Field(title=_("id"))
     name: str = Field(title=_("名称"))
     is_open: bool = Field(item_action={"path":"/api/v1/tenant/{tenant_id}/permission/{id}/toggle_open", "method":actions.FrontActionMethod.POST.value}, title=_("是否授权给其它租户"))
+    is_open_other_user: bool = Field(item_action={"path":"/api/v1/tenant/{tenant_id}/permission/{id}/toggle_other_user_open", "method":actions.FrontActionMethod.POST.value}, title=_("是否租户内所有人可见"))
     is_system: bool = Field(title=_("是否是系统权限 "))
     # class Config:
     #     model = SystemPermission

diff --git a/api/v1/views/permission.py b/api/v1/views/permission.py
@@ -14,7 +14,8 @@
     REMOVE_USER_SYSTEM_PERMISSION, REMOVE_USER_APP_PERMISSION, OPEN_APP_PERMISSION,
     OPEN_SYSTEM_PERMISSION, CLOSE_SYSTEM_PERMISSION, CLOSE_APP_PERMISSION,
     ADD_USER_MANY_PERMISSION, ADD_USERGROUP_MANY_PERMISSION, REMOVE_USERGROUP_SYSTEM_PERMISSION,
-    REMOVE_USERGROUP_APP_PERMISSION,
+    REMOVE_USERGROUP_APP_PERMISSION, OPEN_OTHER_USER_APP_PERMISSION, OPEN_OTHER_USER_SYSTEM_PERMISSION,
+    CLOSE_OTHER_USER_SYSTEM_PERMISSION, CLOSE_OTHER_USER_APP_PERMISSION,
 )
 from arkid.core.constants import NORMAL_USER, TENANT_ADMIN, PLATFORM_ADMIN
 from api.v1.schema.permission import *
@@ -554,5 +555,87 @@ def permission_toggle_open(request, tenant_id: str, permission_id: str):
             else:
                 dispatch_event(Event(tag=OPEN_APP_PERMISSION, tenant=request.tenant, request=request, data=None))
         return {'error': ErrorCode.OK.value}
+    else:
+        return ErrorDict(ErrorCode.PERMISSION_EXISTS_ERROR)
+
+
+@api.post("/tenant/{tenant_id}/permission/{permission_id}/toggle_other_user_open", tags=['权限'])
+@operation(roles=[TENANT_ADMIN, PLATFORM_ADMIN])
+def permission_toggle_other_user_open(request, tenant_id: str, permission_id: str):
+    '''
+    切换权限是否开放给本租户其它用户
+    '''
+    permission = SystemPermission.valid_objects.filter(
+        id=permission_id
+    ).first()
+    if permission and permission.tenant is None:
+        return ErrorDict(ErrorCode.SYSTEM_PERMISSION_NOT_OPERATION)
+    if permission is None:
+        permission = Permission.valid_objects.filter(tenant_id=tenant_id, id=permission_id).first()
+    if permission:
+        is_open_other_user = permission.is_open_other_user
+        if is_open_other_user:
+            # 原来是打开，现在是关闭
+            # 需要检查是否是分组如果是分组，需要多加几个
+            ids = []
+            if str(permission.id) not in ids:
+                ids.append(str(permission.id))
+            if permission.category == 'group' and permission.container.all():
+                for item in permission.container.all():
+                    if str(item.id) not in ids:
+                        ids.append(str(item.id))
+            if isinstance(permission, SystemPermission):
+                permissions = SystemPermission.valid_objects.filter(id__in=ids)
+            else:
+                permissions = Permission.valid_objects.filter(id__in=ids)
+            # 多加几个结束
+            permissions.update(is_open_other_user=False)
+            if isinstance(permission, SystemPermission):
+                system_permissions_info = {
+                    'tenant_id': tenant_id,
+                    'self_user_id': str(request.user.id)
+                }
+                sort_ids = []
+                for permission in permissions:
+                    sort_ids.append(permission.sort_id)
+                system_permissions_info['sort_ids'] = sort_ids
+                dispatch_event(Event(tag=CLOSE_OTHER_USER_SYSTEM_PERMISSION, tenant=request.tenant, request=request, data=system_permissions_info))
+            else:
+                app_permissions_info = {
+                    'app_id': permission.app_id,
+                    'tenant_id': tenant_id,
+                    'self_user_id': str(request.user.id),
+                }
+                sort_ids = []
+                for permission in permissions:
+                    sort_ids.append(permission.sort_id)
+                app_permissions_info['sort_ids'] = sort_ids
+                dispatch_event(Event(tag=CLOSE_OTHER_USER_APP_PERMISSION, tenant=request.tenant, request=request, data=app_permissions_info))
+        else:
+            # 原来是关闭，现在是打开
+            # 需要检查是否是分组如果是分组，需要多加几个
+            ids = []
+            if str(permission.id) not in ids:
+                ids.append(str(permission.id))
+            if permission.category == 'group' and permission.container.all():
+                for item in permission.container.all():
+                    if str(item.id) not in ids:
+                        ids.append(str(item.id))
+            data = {
+                'ids': ids,
+                'tenant_id': tenant_id
+            }
+            if isinstance(permission, SystemPermission):
+                permissions = SystemPermission.valid_objects.filter(id__in=ids)
+            else:
+                permissions = Permission.valid_objects.filter(id__in=ids)
+                data['app_id'] = str(permission.app.id)
+            # 多加几个结束
+            permissions.update(is_open_other_user=True)
+            if isinstance(permission, SystemPermission):
+                dispatch_event(Event(tag=OPEN_OTHER_USER_SYSTEM_PERMISSION, tenant=request.tenant, request=request, data=data))
+            else:
+                dispatch_event(Event(tag=OPEN_OTHER_USER_APP_PERMISSION, tenant=request.tenant, request=request, data=data))
+        return {'error': ErrorCode.OK.value}
     else:
         return ErrorDict(ErrorCode.PERMISSION_EXISTS_ERROR)
diff --git a/arkid/core/event.py b/arkid/core/event.py
@@ -321,10 +321,17 @@ def unlisten_event(tag, func, **kwargs):
 REMOVE_USER_APP_PERMISSION = 'REMOVE_USER_APP_PERMISSION'
 REMOVE_USERGROUP_SYSTEM_PERMISSION = 'REMOVE_USERGROUP_SYSTEM_PERMISSION'
 REMOVE_USERGROUP_APP_PERMISSION = 'REMOVE_USERGROUP_APP_PERMISSION'
+
 OPEN_APP_PERMISSION = 'OPEN_APP_PERMISSION'
 OPEN_SYSTEM_PERMISSION = 'OPEN_SYSTEM_PERMISSION'
 CLOSE_SYSTEM_PERMISSION = 'CLOSE_SYSTEM_PERMISSION'
 CLOSE_APP_PERMISSION = 'CLOSE_APP_PERMISSION'
+
+OPEN_OTHER_USER_APP_PERMISSION = 'OPEN_OTHER_USER_APP_PERMISSION'
+OPEN_OTHER_USER_SYSTEM_PERMISSION = 'OPEN_OTHER_USER_SYSTEM_PERMISSION'
+CLOSE_OTHER_USER_SYSTEM_PERMISSION = 'CLOSE_OTHER_USER_SYSTEM_PERMISSION'
+CLOSE_OTHER_USER_APP_PERMISSION = 'CLOSE_OTHER_USER_APP_PERMISSION'
+
 UPDATE_ADMIN_ALL_PERMISSION = 'UPDATE_ADMIN_ALL_PERMISSION'
 APP_SYNC_PERMISSION = 'APP_SYNC_PERMISSION'
 
@@ -440,10 +447,17 @@ def unlisten_event(tag, func, **kwargs):
 register_event(CREATE_AUTO_AUTH_CONFIG, _('Create Auto Auth', '添加自动登录'))
 register_event(UPDATE_AUTO_AUTH_CONFIG, _('Update Auto Auth', '更新自动登录'))
 register_event(DELETE_AUTO_AUTH_CONFIG, _('Delete Auto Auth', '删除自动登录'))
+
 register_event(OPEN_APP_PERMISSION, _('open app permission', '开放应用权限'))
 register_event(OPEN_SYSTEM_PERMISSION, _('open system permission', '开放系统权限'))
 register_event(CLOSE_SYSTEM_PERMISSION, _('close system permission', '关闭系统权限'))
 register_event(CLOSE_APP_PERMISSION, _('close app permission', '关闭应用权限'))
+
+register_event(OPEN_OTHER_USER_APP_PERMISSION, _('open other user app permission', '开放本租户其它用户应用权限'))
+register_event(OPEN_OTHER_USER_SYSTEM_PERMISSION, _('open other user system permission', '开放本租户其它用户系统权限'))
+register_event(CLOSE_OTHER_USER_SYSTEM_PERMISSION, _('close other user system permission', '关闭本租户其它用户系统权限'))
+register_event(CLOSE_OTHER_USER_APP_PERMISSION, _('close other user app permission', '关闭本租户其它用户应用权限'))
+
 register_event(UPDATE_ADMIN_ALL_PERMISSION, _('update admin all permission', '更新所有管理员权限'))
 register_event(CREATE_TENANT, _('create tenant', '创建租户'))
 register_event(GET_AUTH_RESULT, _('get auth result', '获得权限鉴定结果'))

diff --git a/arkid/core/migrations/0029_auto_20220921_1617.py b/arkid/core/migrations/0029_auto_20220921_1617.py
@@ -0,0 +1,23 @@
+# Generated by Django 3.2.13 on 2022-09-21 08:17
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('core', '0028_approverequest_tenant'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='permission',
+            name='is_open_other_user',
+            field=models.BooleanField(default=False, verbose_name='is open other user'),
+        ),
+        migrations.AddField(
+            model_name='systempermission',
+            name='is_open_other_user',
+            field=models.BooleanField(default=False, verbose_name='is open other user'),
+        ),
+    ]
diff --git a/arkid/core/models.py b/arkid/core/models.py
@@ -306,6 +306,10 @@ class Meta(object):
     is_open = models.BooleanField(
         default=False, verbose_name=_('is open', '是否开放给其它租户访问'),
     )
+    is_open_other_user = models.BooleanField(
+        default=False, verbose_name=_('is open other user', '是否开放给本租户其它用户访问'),
+    )
+
 
     def __str__(self):
         return '%s' % (self.name)

diff --git a/arkid/core/perm/event_listener.py b/arkid/core/perm/event_listener.py
@@ -18,6 +18,8 @@
     UPDATE_ADMIN_ALL_PERMISSION, ADD_USER_MANY_PERMISSION, ADD_USERGROUP_MANY_PERMISSION,
     REMOVE_USERGROUP_SYSTEM_PERMISSION, REMOVE_USERGROUP_APP_PERMISSION,
     UPDATE_GROUP_PERMISSION, CREATE_TENANT, APP_SYNC_PERMISSION,
+    OPEN_OTHER_USER_APP_PERMISSION, OPEN_OTHER_USER_SYSTEM_PERMISSION, CLOSE_OTHER_USER_SYSTEM_PERMISSION,
+    CLOSE_OTHER_USER_APP_PERMISSION,
 )
 import uuid
 
@@ -115,11 +117,17 @@ def __init__(self):
         core_event.listen_event(REMOVE_USER_APP_PERMISSION, self.remove_user_app_permission)
         core_event.listen_event(REMOVE_USERGROUP_SYSTEM_PERMISSION, self.remove_system_permission_to_usergroup)
         core_event.listen_event(REMOVE_USERGROUP_APP_PERMISSION, self.remove_app_permission_to_usergroup)
+
         core_event.listen_event(OPEN_APP_PERMISSION, self.update_open_app_permission_admin)
         core_event.listen_event(OPEN_SYSTEM_PERMISSION, self.update_open_system_permission_admin)
         core_event.listen_event(CLOSE_APP_PERMISSION, self.update_close_app_permission_user)
         core_event.listen_event(CLOSE_SYSTEM_PERMISSION, self.update_close_system_permission_user)
 
+        core_event.listen_event(OPEN_OTHER_USER_APP_PERMISSION, self.update_open_other_user_app_permission)
+        core_event.listen_event(OPEN_OTHER_USER_SYSTEM_PERMISSION, self.update_open_other_user_system_permission)
+        core_event.listen_event(CLOSE_OTHER_USER_SYSTEM_PERMISSION, self.update_close_other_user_system_permission)
+        core_event.listen_event(CLOSE_OTHER_USER_APP_PERMISSION, self.update_close_other_user_app_permission)
+
     # def register(self, event, **kwargs):
     #     from arkid.core.tasks.tasks import update_single_user_system_permission_and_app_permisssion
     #     user = event.data
@@ -129,10 +137,9 @@ def __init__(self):
     def create_tenant(self, event, **kwargs):
         tenant = event.tenant
         user = event.data
+        # 创建管理员权限和初始化各种权限
         from arkid.core.tasks.tasks import create_tenant_init_manager
         create_tenant_init_manager.delay(tenant.id, user.id)
-        # permissiondata = PermissionData()
-        # permissiondata.create_tenant_user_admin_permission(tenant, user)
 
     def app_start(self, event, **kwargs):
         from arkid.core.tasks.tasks import update_system_permission
@@ -296,6 +303,30 @@ def update_open_system_app_permission_admin(self, event, **kwargs):
         update_open_system_app_permission_admin.delay()
         return True
 
+    def update_open_other_user_app_permission(self, event, **kwargs):
+        data = event.data
+        from arkid.core.tasks.tasks import update_open_other_user_app_permission
+        update_open_other_user_app_permission.delay(data)
+        return True
+
+    def update_open_other_user_system_permission(self, event, **kwargs):
+        data = event.data
+        from arkid.core.tasks.tasks import update_open_other_user_system_permission
+        update_open_other_user_system_permission.delay(data)
+        return True
+
+    def update_close_other_user_app_permission(self, event, **kwargs):
+        data = event.data
+        from arkid.core.tasks.tasks import update_close_other_user_app_permission
+        update_close_other_user_app_permission.delay(data)
+        return True
+
+    def update_close_other_user_system_permission(self, event, **kwargs):
+        data = event.data
+        from arkid.core.tasks.tasks import update_close_other_user_system_permission
+        update_close_other_user_system_permission.delay(data)
+        return True
+
     def update_group_permission_permission(self, event, **kwargs):
         permission = event.data
         tenant = event.tenant