Skip to content

Commit 2f7b241

Browse files
zhanweizhang7zhanweizhang7
committed
rafactor: User resource permission read and edit
1 parent 5c07351 commit 2f7b241

9 files changed

+374
-131
lines changed

apps/system_manage/api/user_resource_permission.py

Lines changed: 125 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -12,15 +12,29 @@
1212
from django.utils.translation import gettext_lazy as _
1313

1414
from common.mixins.api_mixin import APIMixin
15-
from common.result import ResultSerializer, ResultPageSerializer
16-
from system_manage.serializers.user_resource_permission import UserResourcePermissionResponse, \
17-
UpdateUserResourcePermissionRequest, ResourceUserPermissionEditRequest
15+
from common.result import ResultSerializer, ResultPageSerializer, PageDataResponse
16+
from system_manage.serializers.user_resource_permission import ResourceUserPermissionEditRequest, UpdateTeamMemberItemPermissionSerializer
1817

1918

20-
class APIUserResourcePermissionResponse(ResultSerializer):
19+
class UserResourcePermissionResponse0(serializers.Serializer):
20+
id = serializers.UUIDField(required=True, label="主键id")
21+
name = serializers.CharField(required=True, label="资源名称")
22+
auth_target_type = serializers.CharField(required=True, label="授权资源")
23+
user_id = serializers.UUIDField(required=True, label="用户id")
24+
icon = serializers.CharField(required=True, label="资源图标")
25+
auth_type = serializers.CharField(required=True, label="授权类型")
26+
permission = serializers.ChoiceField(required=False, allow_null=True, allow_blank=True,
27+
choices=['NOT_AUTH', 'MANAGE', 'VIEW', 'ROLE'],
28+
label=_('permission'))
29+
30+
class NewAPIUserResourcePermissionResponse(ResultSerializer):
2131
def get_data(self):
22-
return UserResourcePermissionResponse(many=True)
32+
return UserResourcePermissionResponse0(many=True)
33+
34+
class NewAPIUserResourcePermissionPageResponse(ResultPageSerializer):
2335

36+
def get_data(self):
37+
return UserResourcePermissionResponse0(many=True)
2438

2539
class UserResourcePermissionAPI(APIMixin):
2640
@staticmethod
@@ -40,17 +54,61 @@ def get_parameters():
4054
location='path',
4155
required=True,
4256
),
57+
OpenApiParameter(
58+
name="name",
59+
description="名称",
60+
type=OpenApiTypes.STR,
61+
location='query',
62+
required=False
63+
),
64+
OpenApiParameter(
65+
name="permission",
66+
description="权限",
67+
type=OpenApiTypes.STR,
68+
location='query',
69+
required=False
70+
),
4371
]
4472

4573
@staticmethod
4674
def get_response():
47-
return APIUserResourcePermissionResponse
75+
return NewAPIUserResourcePermissionResponse
4876

4977

5078
class EditUserResourcePermissionAPI(APIMixin):
79+
@staticmethod
80+
def get_parameters():
81+
return [
82+
OpenApiParameter(
83+
name="workspace_id",
84+
description="工作空间id",
85+
type=OpenApiTypes.STR,
86+
location='path',
87+
required=True,
88+
),
89+
OpenApiParameter(
90+
name="user_id",
91+
description="用户id",
92+
type=OpenApiTypes.STR,
93+
location='path',
94+
required=True,
95+
),
96+
OpenApiParameter(
97+
name="resource",
98+
description="资源类型",
99+
type=OpenApiTypes.STR,
100+
location='path',
101+
required=True
102+
),
103+
]
104+
51105
@staticmethod
52106
def get_request():
53-
return UpdateUserResourcePermissionRequest()
107+
return UpdateTeamMemberItemPermissionSerializer(many=True)
108+
109+
@staticmethod
110+
def get_response():
111+
return NewAPIUserResourcePermissionResponse
54112

55113

56114
class ResourceUserPermissionResponse(serializers.Serializer):
@@ -117,10 +175,69 @@ def get_parameters():
117175
def get_response():
118176
return APIResourceUserPermissionResponse
119177

178+
class UserResourcePermissionPageAPI(APIMixin):
179+
@staticmethod
180+
def get_parameters():
181+
return [
182+
OpenApiParameter(
183+
name="workspace_id",
184+
description="工作空间id",
185+
type=OpenApiTypes.STR,
186+
location='path',
187+
required=True
188+
),
189+
OpenApiParameter(
190+
name="user_id",
191+
description="用户id",
192+
type=OpenApiTypes.STR,
193+
location='path',
194+
required=True
195+
),
196+
OpenApiParameter(
197+
name="resource",
198+
description="资源类型",
199+
type=OpenApiTypes.STR,
200+
location='path',
201+
required=True
202+
),
203+
OpenApiParameter(
204+
name="current_page",
205+
description=_("Current page"),
206+
type=OpenApiTypes.INT,
207+
location='path',
208+
required=True,
209+
),
210+
OpenApiParameter(
211+
name="page_size",
212+
description=_("Page size"),
213+
type=OpenApiTypes.INT,
214+
location='path',
215+
required=True,
216+
),
217+
OpenApiParameter(
218+
name="name",
219+
description="资源名称",
220+
type=OpenApiTypes.STR,
221+
location='query',
222+
required=False
223+
),
224+
OpenApiParameter(
225+
name="permission",
226+
description="权限",
227+
type=OpenApiTypes.STR,
228+
location='query',
229+
required=False
230+
),
231+
]
232+
233+
@staticmethod
234+
def get_response():
235+
return NewAPIUserResourcePermissionPageResponse
236+
120237

121238
class APIResourceUserPermissionPageResponse(ResultPageSerializer):
122239
def get_data(self):
123-
return ResourceUserPermissionResponse(many=True)
240+
return PageDataResponse(ResourceUserPermissionResponse(many=True))
124241

125242

126243
class ResourceUserPermissionPageAPI(APIMixin):

apps/system_manage/serializers/user_resource_permission.py

Lines changed: 66 additions & 47 deletions
Original file line numberDiff line numberDiff line change
@@ -44,10 +44,13 @@ class PermissionSerializer(serializers.Serializer):
4444
class UserResourcePermissionItemResponse(serializers.Serializer):
4545
id = serializers.UUIDField(required=True, label="主键id")
4646
name = serializers.CharField(required=True, label="资源名称")
47-
auth_target_type = serializers.ChoiceField(required=True, choices=AuthTargetType.choices, label="授权资源")
47+
auth_target_type = serializers.CharField(required=True, label="授权资源")
4848
user_id = serializers.UUIDField(required=True, label="用户id")
49-
auth_type = serializers.ChoiceField(required=True, choices=ResourceAuthType.choices, label="授权类型")
50-
permission = PermissionSerializer()
49+
icon = serializers.CharField(required=True, label="资源图标")
50+
auth_type = serializers.CharField(required=True, label="授权类型")
51+
permission = serializers.ChoiceField(required=False, allow_null=True, allow_blank=True,
52+
choices=['NOT_AUTH', 'MANAGE', 'VIEW', 'ROLE'],
53+
label=_('permission'))
5154

5255

5356
class UserResourcePermissionResponse(serializers.Serializer):
@@ -56,8 +59,9 @@ class UserResourcePermissionResponse(serializers.Serializer):
5659

5760
class UpdateTeamMemberItemPermissionSerializer(serializers.Serializer):
5861
target_id = serializers.CharField(required=True, label=_('target id'))
59-
auth_type = serializers.ChoiceField(required=True, choices=ResourceAuthType.choices, label="授权类型")
60-
permission = PermissionSerializer(required=True, many=False)
62+
permission = serializers.ChoiceField(required=False, allow_null=True, allow_blank=True,
63+
choices=['NOT_AUTH', 'MANAGE', 'VIEW', 'ROLE'],
64+
label=_('permission'))
6165

6266

6367
class UpdateUserResourcePermissionRequest(serializers.Serializer):
@@ -90,19 +94,38 @@ def is_valid(self, *, auth_target_type=None, workspace_id=None, raise_exception=
9094
'APPLICATION': 'get_application_user_resource_permission.sql'
9195
}
9296

97+
class UserResourcePermissionUserListRequest(serializers.Serializer):
98+
name = serializers.CharField(required=False, allow_null=True, allow_blank=True, label=_('resource name'))
99+
permission = serializers.ChoiceField(required=False, allow_null=True, allow_blank=True,choices=['NOT_AUTH', 'MANAGE', 'VIEW', 'ROLE'],
100+
label=_('permission'))
93101

94102
class UserResourcePermissionSerializer(serializers.Serializer):
95103
workspace_id = serializers.CharField(required=True, label=_('workspace id'))
96104
user_id = serializers.CharField(required=True, label=_('user id'))
97105
auth_target_type = serializers.CharField(required=True, label=_('resource'))
98106

99-
def get_queryset(self):
107+
def get_queryset(self, instance):
108+
resource_query_set = QuerySet(
109+
model=get_dynamics_model({
110+
'name': models.CharField(),
111+
"permission": models.CharField(),
112+
}))
113+
name = instance.get('name')
114+
permission = instance.get('permission')
115+
116+
if name:
117+
resource_query_set = resource_query_set.filter(name__contains=name)
118+
if permission:
119+
resource_query_set = resource_query_set.filter(
120+
permission=None if instance.get('permission') == 'NOT_AUTH' else instance.get('permission'))
121+
100122
return {
101123
'query_set': QuerySet(m_map.get(self.data.get('auth_target_type'))).filter(
102124
workspace_id=self.data.get('workspace_id')),
103125
'workspace_user_resource_permission_query_set': QuerySet(WorkspaceUserResourcePermission).filter(
104126
workspace_id=self.data.get('workspace_id'), user=self.data.get('user_id'),
105-
auth_target_type=self.data.get('auth_target_type'))
127+
auth_target_type=self.data.get('auth_target_type')),
128+
'resource_query_set': resource_query_set
106129
}
107130

108131
def is_auth(self, resource_id: str):
@@ -184,56 +207,56 @@ def auth_resource(self, resource_id: str):
184207
cache.delete(key, version=version)
185208
return True
186209

187-
def list(self, user, with_valid=True):
210+
def list(self, instance, user, with_valid=True):
188211
if with_valid:
189212
self.is_valid(raise_exception=True)
213+
UserResourcePermissionUserListRequest(data=instance).is_valid(raise_exception=True)
190214
workspace_id = self.data.get("workspace_id")
191215
user_id = self.data.get("user_id")
192216
# 用户权限列表
193-
user_resource_permission_list = native_search(self.get_queryset(), get_file_content(
217+
user_resource_permission_list = native_search(self.get_queryset(instance), get_file_content(
194218
os.path.join(PROJECT_DIR, "apps", "system_manage", 'sql', sql_map.get(self.data.get('auth_target_type')))))
195-
workspace_user_role_mapping_model = DatabaseModelManage.get_model("workspace_user_role_mapping")
196-
workspace_model = DatabaseModelManage.get_model("workspace_model")
197-
if workspace_user_role_mapping_model and workspace_model:
198-
workspace_user_role_mapping_list = QuerySet(workspace_user_role_mapping_model).filter(user_id=user_id,
199-
workspace_id=workspace_id)
200-
else:
201-
workspace_user_role_mapping_list = get_default_workspace_user_role_mapping_list([user.role])
202-
is_workspace_manage = any(
203-
[workspace_user_role_mapping for workspace_user_role_mapping in workspace_user_role_mapping_list if
204-
workspace_user_role_mapping.role_id == RoleConstants.WORKSPACE_MANAGE.value])
205-
# 如果当前用户是当前工作空间管理员那么就拥有所有权限
206-
if is_workspace_manage:
207-
user_resource_permission_list = list(
208-
map(lambda row: {**row,
209-
'permission': {ResourcePermission.VIEW.value: True,
210-
ResourcePermission.MANAGE.value: True,
211-
ResourcePermissionRole.ROLE.value: True}},
212-
user_resource_permission_list))
213-
return group_by([{**user_resource_permission, 'permission': {
214-
permission: True if user_resource_permission.get('permission_list').__contains__(permission) else False for
215-
permission in
216-
[ResourcePermission.VIEW.value, ResourcePermission.MANAGE.value,
217-
ResourcePermissionRole.ROLE.value]}}
218-
for user_resource_permission in user_resource_permission_list],
219-
key=lambda item: item.get('auth_target_type'))
219+
220+
return [{**user_resource_permission}
221+
for user_resource_permission in user_resource_permission_list]
222+
223+
224+
def page(self, instance, current_page: int, page_size: int,user, with_valid=True):
225+
if with_valid:
226+
self.is_valid(raise_exception=True)
227+
UserResourcePermissionUserListRequest(data=instance).is_valid(raise_exception=True)
228+
workspace_id = self.data.get("workspace_id")
229+
user_id = self.data.get("user_id")
230+
# 用户对应的资源权限分页列表
231+
user_resource_permission_page_list = native_page_search(current_page,page_size,self.get_queryset(instance),get_file_content(
232+
os.path.join(PROJECT_DIR, "apps", "system_manage", 'sql', sql_map.get(self.data.get('auth_target_type')))
233+
))
234+
235+
return user_resource_permission_page_list
236+
220237

221238
def edit(self, instance, user, with_valid=True):
222239
if with_valid:
223240
self.is_valid(raise_exception=True)
224-
UpdateUserResourcePermissionRequest(data=instance).is_valid(raise_exception=True,
241+
UpdateUserResourcePermissionRequest(data={'user_resource_permission_list':instance}).is_valid(raise_exception=True,
225242
auth_target_type=self.data.get(
226243
'auth_target_type'),
227244
workspace_id=self.data.get('workspace_id'))
228245
workspace_id = self.data.get("workspace_id")
229246
user_id = self.data.get("user_id")
230247
update_list = []
231248
save_list = []
232-
user_resource_permission_list = instance.get('user_resource_permission_list')
249+
targets = [ item['target_id'] for item in instance ]
233250
QuerySet(WorkspaceUserResourcePermission).filter(
234-
workspace_id=workspace_id, user_id=user_id, auth_target_type=self.data.get('auth_target_type')).delete()
251+
workspace_id=workspace_id,
252+
user_id=user_id,
253+
auth_target_type=self.data.get('auth_target_type'),
254+
target__in=targets
255+
).delete()
235256
workspace_user_resource_permission_exist_list = []
236-
for user_resource_permission in user_resource_permission_list:
257+
for user_resource_permission in instance:
258+
permission = user_resource_permission['permission']
259+
auth_type, permission_list = permission_map[permission]
237260
exist_list = [user_resource_permission_exist for user_resource_permission_exist in
238261
workspace_user_resource_permission_exist_list if
239262
user_resource_permission.get('target_id') == str(user_resource_permission_exist.target)]
@@ -245,14 +268,10 @@ def edit(self, instance, user, with_valid=True):
245268
else:
246269
save_list.append(WorkspaceUserResourcePermission(target=user_resource_permission.get('target_id'),
247270
auth_target_type=self.data.get('auth_target_type'),
248-
permission_list=[key for key in
249-
user_resource_permission.get(
250-
'permission').keys() if
251-
user_resource_permission.get(
252-
'permission').get(key)],
271+
permission_list=permission_list,
253272
workspace_id=workspace_id,
254273
user_id=user_id,
255-
auth_type=user_resource_permission.get('auth_type')))
274+
auth_type=auth_type))
256275
# 批量更新
257276
QuerySet(WorkspaceUserResourcePermission).bulk_update(update_list, ['permission_list', 'auth_type']) if len(
258277
update_list) > 0 else None
@@ -261,13 +280,13 @@ def edit(self, instance, user, with_valid=True):
261280
version = Cache_Version.PERMISSION_LIST.get_version()
262281
key = Cache_Version.PERMISSION_LIST.get_key(user_id=user_id)
263282
cache.delete(key, version=version)
264-
return True
283+
return instance
265284

266285

267286
class ResourceUserPermissionUserListRequest(serializers.Serializer):
268287
nick_name = serializers.CharField(required=False, allow_null=True, allow_blank=True, label=_('workspace id'))
269288
username = serializers.CharField(required=False, allow_null=True, allow_blank=True, label=_('workspace id'))
270-
permission = serializers.ChoiceField(required=True, choices=['NOT_AUTH', 'MANAGE', 'VIEW', 'ROLE'],
289+
permission = serializers.ChoiceField(required=False, allow_null=True, allow_blank=True, choices=['NOT_AUTH', 'MANAGE', 'VIEW', 'ROLE'],
271290
label=_('permission'))
272291

273292

@@ -381,4 +400,4 @@ def edit(self, instance, with_valid=True):
381400
for user_id in users_id:
382401
key = Cache_Version.PERMISSION_LIST.get_key(user_id=user_id)
383402
cache.delete(key, version=version)
384-
return True
403+
return instance

0 commit comments

Comments
 (0)