Skip to content

Commit

Permalink
Merge pull request #1306 from longguikeji/feature-402
Browse files Browse the repository at this point in the history
入口权限修改正确,能够开放租户内权限
  • Loading branch information
hanbinloop committed Sep 23, 2022
2 parents 561155e + 38414eb commit 9a1a9de
Show file tree
Hide file tree
Showing 8 changed files with 413 additions and 5 deletions.
1 change: 1 addition & 0 deletions api/v1/schema/permission_group.py
Original file line number Diff line number Diff line change
Expand Up @@ -97,6 +97,7 @@ class PermissionListSchemaOut(Schema):
id: UUID = Field(title=_("id"))
name: str = Field(title=_("名称"))
is_open: bool = Field(item_action={"path":"/api/v1/tenant/{tenant_id}/permission/{id}/toggle_open", "method":actions.FrontActionMethod.POST.value}, title=_("是否授权给其它租户"))
is_open_other_user: bool = Field(item_action={"path":"/api/v1/tenant/{tenant_id}/permission/{id}/toggle_other_user_open", "method":actions.FrontActionMethod.POST.value}, title=_("是否租户内所有人可见"))
is_system: bool = Field(title=_("是否是系统权限 "))
# class Config:
# model = SystemPermission
Expand Down
85 changes: 84 additions & 1 deletion api/v1/views/permission.py
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,8 @@
REMOVE_USER_SYSTEM_PERMISSION, REMOVE_USER_APP_PERMISSION, OPEN_APP_PERMISSION,
OPEN_SYSTEM_PERMISSION, CLOSE_SYSTEM_PERMISSION, CLOSE_APP_PERMISSION,
ADD_USER_MANY_PERMISSION, ADD_USERGROUP_MANY_PERMISSION, REMOVE_USERGROUP_SYSTEM_PERMISSION,
REMOVE_USERGROUP_APP_PERMISSION,
REMOVE_USERGROUP_APP_PERMISSION, OPEN_OTHER_USER_APP_PERMISSION, OPEN_OTHER_USER_SYSTEM_PERMISSION,
CLOSE_OTHER_USER_SYSTEM_PERMISSION, CLOSE_OTHER_USER_APP_PERMISSION,
)
from arkid.core.constants import NORMAL_USER, TENANT_ADMIN, PLATFORM_ADMIN
from api.v1.schema.permission import *
Expand Down Expand Up @@ -554,5 +555,87 @@ def permission_toggle_open(request, tenant_id: str, permission_id: str):
else:
dispatch_event(Event(tag=OPEN_APP_PERMISSION, tenant=request.tenant, request=request, data=None))
return {'error': ErrorCode.OK.value}
else:
return ErrorDict(ErrorCode.PERMISSION_EXISTS_ERROR)


@api.post("/tenant/{tenant_id}/permission/{permission_id}/toggle_other_user_open", tags=['权限'])
@operation(roles=[TENANT_ADMIN, PLATFORM_ADMIN])
def permission_toggle_other_user_open(request, tenant_id: str, permission_id: str):
'''
切换权限是否开放给本租户其它用户
'''
permission = SystemPermission.valid_objects.filter(
id=permission_id
).first()
if permission and permission.tenant is None:
return ErrorDict(ErrorCode.SYSTEM_PERMISSION_NOT_OPERATION)
if permission is None:
permission = Permission.valid_objects.filter(tenant_id=tenant_id, id=permission_id).first()
if permission:
is_open_other_user = permission.is_open_other_user
if is_open_other_user:
# 原来是打开,现在是关闭
# 需要检查是否是分组如果是分组,需要多加几个
ids = []
if str(permission.id) not in ids:
ids.append(str(permission.id))
if permission.category == 'group' and permission.container.all():
for item in permission.container.all():
if str(item.id) not in ids:
ids.append(str(item.id))
if isinstance(permission, SystemPermission):
permissions = SystemPermission.valid_objects.filter(id__in=ids)
else:
permissions = Permission.valid_objects.filter(id__in=ids)
# 多加几个结束
permissions.update(is_open_other_user=False)
if isinstance(permission, SystemPermission):
system_permissions_info = {
'tenant_id': tenant_id,
'self_user_id': str(request.user.id)
}
sort_ids = []
for permission in permissions:
sort_ids.append(permission.sort_id)
system_permissions_info['sort_ids'] = sort_ids
dispatch_event(Event(tag=CLOSE_OTHER_USER_SYSTEM_PERMISSION, tenant=request.tenant, request=request, data=system_permissions_info))
else:
app_permissions_info = {
'app_id': permission.app_id,
'tenant_id': tenant_id,
'self_user_id': str(request.user.id),
}
sort_ids = []
for permission in permissions:
sort_ids.append(permission.sort_id)
app_permissions_info['sort_ids'] = sort_ids
dispatch_event(Event(tag=CLOSE_OTHER_USER_APP_PERMISSION, tenant=request.tenant, request=request, data=app_permissions_info))
else:
# 原来是关闭,现在是打开
# 需要检查是否是分组如果是分组,需要多加几个
ids = []
if str(permission.id) not in ids:
ids.append(str(permission.id))
if permission.category == 'group' and permission.container.all():
for item in permission.container.all():
if str(item.id) not in ids:
ids.append(str(item.id))
data = {
'ids': ids,
'tenant_id': tenant_id
}
if isinstance(permission, SystemPermission):
permissions = SystemPermission.valid_objects.filter(id__in=ids)
else:
permissions = Permission.valid_objects.filter(id__in=ids)
data['app_id'] = str(permission.app.id)
# 多加几个结束
permissions.update(is_open_other_user=True)
if isinstance(permission, SystemPermission):
dispatch_event(Event(tag=OPEN_OTHER_USER_SYSTEM_PERMISSION, tenant=request.tenant, request=request, data=data))
else:
dispatch_event(Event(tag=OPEN_OTHER_USER_APP_PERMISSION, tenant=request.tenant, request=request, data=data))
return {'error': ErrorCode.OK.value}
else:
return ErrorDict(ErrorCode.PERMISSION_EXISTS_ERROR)
14 changes: 14 additions & 0 deletions arkid/core/event.py
Original file line number Diff line number Diff line change
Expand Up @@ -321,10 +321,17 @@ def unlisten_event(tag, func, **kwargs):
REMOVE_USER_APP_PERMISSION = 'REMOVE_USER_APP_PERMISSION'
REMOVE_USERGROUP_SYSTEM_PERMISSION = 'REMOVE_USERGROUP_SYSTEM_PERMISSION'
REMOVE_USERGROUP_APP_PERMISSION = 'REMOVE_USERGROUP_APP_PERMISSION'

OPEN_APP_PERMISSION = 'OPEN_APP_PERMISSION'
OPEN_SYSTEM_PERMISSION = 'OPEN_SYSTEM_PERMISSION'
CLOSE_SYSTEM_PERMISSION = 'CLOSE_SYSTEM_PERMISSION'
CLOSE_APP_PERMISSION = 'CLOSE_APP_PERMISSION'

OPEN_OTHER_USER_APP_PERMISSION = 'OPEN_OTHER_USER_APP_PERMISSION'
OPEN_OTHER_USER_SYSTEM_PERMISSION = 'OPEN_OTHER_USER_SYSTEM_PERMISSION'
CLOSE_OTHER_USER_SYSTEM_PERMISSION = 'CLOSE_OTHER_USER_SYSTEM_PERMISSION'
CLOSE_OTHER_USER_APP_PERMISSION = 'CLOSE_OTHER_USER_APP_PERMISSION'

UPDATE_ADMIN_ALL_PERMISSION = 'UPDATE_ADMIN_ALL_PERMISSION'
APP_SYNC_PERMISSION = 'APP_SYNC_PERMISSION'

Expand Down Expand Up @@ -440,10 +447,17 @@ def unlisten_event(tag, func, **kwargs):
register_event(CREATE_AUTO_AUTH_CONFIG, _('Create Auto Auth', '添加自动登录'))
register_event(UPDATE_AUTO_AUTH_CONFIG, _('Update Auto Auth', '更新自动登录'))
register_event(DELETE_AUTO_AUTH_CONFIG, _('Delete Auto Auth', '删除自动登录'))

register_event(OPEN_APP_PERMISSION, _('open app permission', '开放应用权限'))
register_event(OPEN_SYSTEM_PERMISSION, _('open system permission', '开放系统权限'))
register_event(CLOSE_SYSTEM_PERMISSION, _('close system permission', '关闭系统权限'))
register_event(CLOSE_APP_PERMISSION, _('close app permission', '关闭应用权限'))

register_event(OPEN_OTHER_USER_APP_PERMISSION, _('open other user app permission', '开放本租户其它用户应用权限'))
register_event(OPEN_OTHER_USER_SYSTEM_PERMISSION, _('open other user system permission', '开放本租户其它用户系统权限'))
register_event(CLOSE_OTHER_USER_SYSTEM_PERMISSION, _('close other user system permission', '关闭本租户其它用户系统权限'))
register_event(CLOSE_OTHER_USER_APP_PERMISSION, _('close other user app permission', '关闭本租户其它用户应用权限'))

register_event(UPDATE_ADMIN_ALL_PERMISSION, _('update admin all permission', '更新所有管理员权限'))
register_event(CREATE_TENANT, _('create tenant', '创建租户'))
register_event(GET_AUTH_RESULT, _('get auth result', '获得权限鉴定结果'))
Expand Down
23 changes: 23 additions & 0 deletions arkid/core/migrations/0029_auto_20220921_1617.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
# Generated by Django 3.2.13 on 2022-09-21 08:17

from django.db import migrations, models


class Migration(migrations.Migration):

dependencies = [
('core', '0028_approverequest_tenant'),
]

operations = [
migrations.AddField(
model_name='permission',
name='is_open_other_user',
field=models.BooleanField(default=False, verbose_name='is open other user'),
),
migrations.AddField(
model_name='systempermission',
name='is_open_other_user',
field=models.BooleanField(default=False, verbose_name='is open other user'),
),
]
4 changes: 4 additions & 0 deletions arkid/core/models.py
Original file line number Diff line number Diff line change
Expand Up @@ -306,6 +306,10 @@ class Meta(object):
is_open = models.BooleanField(
default=False, verbose_name=_('is open', '是否开放给其它租户访问'),
)
is_open_other_user = models.BooleanField(
default=False, verbose_name=_('is open other user', '是否开放给本租户其它用户访问'),
)


def __str__(self):
return '%s' % (self.name)
Expand Down
35 changes: 33 additions & 2 deletions arkid/core/perm/event_listener.py
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,8 @@
UPDATE_ADMIN_ALL_PERMISSION, ADD_USER_MANY_PERMISSION, ADD_USERGROUP_MANY_PERMISSION,
REMOVE_USERGROUP_SYSTEM_PERMISSION, REMOVE_USERGROUP_APP_PERMISSION,
UPDATE_GROUP_PERMISSION, CREATE_TENANT, APP_SYNC_PERMISSION,
OPEN_OTHER_USER_APP_PERMISSION, OPEN_OTHER_USER_SYSTEM_PERMISSION, CLOSE_OTHER_USER_SYSTEM_PERMISSION,
CLOSE_OTHER_USER_APP_PERMISSION,
)
import uuid

Expand Down Expand Up @@ -115,11 +117,17 @@ def __init__(self):
core_event.listen_event(REMOVE_USER_APP_PERMISSION, self.remove_user_app_permission)
core_event.listen_event(REMOVE_USERGROUP_SYSTEM_PERMISSION, self.remove_system_permission_to_usergroup)
core_event.listen_event(REMOVE_USERGROUP_APP_PERMISSION, self.remove_app_permission_to_usergroup)

core_event.listen_event(OPEN_APP_PERMISSION, self.update_open_app_permission_admin)
core_event.listen_event(OPEN_SYSTEM_PERMISSION, self.update_open_system_permission_admin)
core_event.listen_event(CLOSE_APP_PERMISSION, self.update_close_app_permission_user)
core_event.listen_event(CLOSE_SYSTEM_PERMISSION, self.update_close_system_permission_user)

core_event.listen_event(OPEN_OTHER_USER_APP_PERMISSION, self.update_open_other_user_app_permission)
core_event.listen_event(OPEN_OTHER_USER_SYSTEM_PERMISSION, self.update_open_other_user_system_permission)
core_event.listen_event(CLOSE_OTHER_USER_SYSTEM_PERMISSION, self.update_close_other_user_system_permission)
core_event.listen_event(CLOSE_OTHER_USER_APP_PERMISSION, self.update_close_other_user_app_permission)

# def register(self, event, **kwargs):
# from arkid.core.tasks.tasks import update_single_user_system_permission_and_app_permisssion
# user = event.data
Expand All @@ -129,10 +137,9 @@ def __init__(self):
def create_tenant(self, event, **kwargs):
tenant = event.tenant
user = event.data
# 创建管理员权限和初始化各种权限
from arkid.core.tasks.tasks import create_tenant_init_manager
create_tenant_init_manager.delay(tenant.id, user.id)
# permissiondata = PermissionData()
# permissiondata.create_tenant_user_admin_permission(tenant, user)

def app_start(self, event, **kwargs):
from arkid.core.tasks.tasks import update_system_permission
Expand Down Expand Up @@ -296,6 +303,30 @@ def update_open_system_app_permission_admin(self, event, **kwargs):
update_open_system_app_permission_admin.delay()
return True

def update_open_other_user_app_permission(self, event, **kwargs):
data = event.data
from arkid.core.tasks.tasks import update_open_other_user_app_permission
update_open_other_user_app_permission.delay(data)
return True

def update_open_other_user_system_permission(self, event, **kwargs):
data = event.data
from arkid.core.tasks.tasks import update_open_other_user_system_permission
update_open_other_user_system_permission.delay(data)
return True

def update_close_other_user_app_permission(self, event, **kwargs):
data = event.data
from arkid.core.tasks.tasks import update_close_other_user_app_permission
update_close_other_user_app_permission.delay(data)
return True

def update_close_other_user_system_permission(self, event, **kwargs):
data = event.data
from arkid.core.tasks.tasks import update_close_other_user_system_permission
update_close_other_user_system_permission.delay(data)
return True

def update_group_permission_permission(self, event, **kwargs):
permission = event.data
tenant = event.tenant
Expand Down
Loading

0 comments on commit 9a1a9de

Please sign in to comment.