diff --git a/api/api_v1/authz/authz.py b/api/api_v1/authz/authz.py index 87faf79..a3a4368 100644 --- a/api/api_v1/authz/authz.py +++ b/api/api_v1/authz/authz.py @@ -18,7 +18,7 @@ router = APIRouter() @router.post("/add_role_domain") async def add_role_domain( request: Request, - data_in: schemas.AddRoleForUserInDomain, + data_in: schemas.AddRoleForUsersInDomain, db: AsyncIOMotorDatabase = Depends(get_database), current_user: schemas.UserDB = Depends(deps.get_current_user)): """ @@ -26,13 +26,14 @@ async def add_role_domain( """ # username role dom - is_exists_role = await crud.role.check(db, _id=data_in.role_id, game=data_in.game) - if not is_exists_role: - return schemas.Msg(code='-1', msg='角色不存在') - casbin_enforcer.add_role_for_user_in_domain(user=data_in.username, - role=data_in.role_id, - domain=data_in.game) - return schemas.Msg(code='-1', msg='添加成功') + for item in data_in.data: + is_exists_role = await crud.role.check(db, _id=item.role_id, game=item.game) + if not is_exists_role: + continue + casbin_enforcer.add_role_for_user_in_domain(user=item.username, + role=item.role_id, + domain=item.game) + return schemas.Msg(code=0, msg='添加成功') @router.post("/get_permissions_for_user_in_domain") @@ -72,7 +73,7 @@ async def del_role_domain( res = casbin_enforcer.delete_roles_for_user_in_domain(user=data_in.username, role=data_in.role_id, domain=data_in.game) - await crud.role.delete_id(db, data_in.role_id) + # await crud.role.delete_id(db, data_in.role_id) return schemas.Msg(code=0, msg='ok', data=res) diff --git a/api/api_v1/endpoints/project.py b/api/api_v1/endpoints/project.py index 7b8edea..e372902 100644 --- a/api/api_v1/endpoints/project.py +++ b/api/api_v1/endpoints/project.py @@ -10,6 +10,7 @@ from db import get_database from db.ckdb import CKDrive, get_ck_db from schemas.project import ProjectCreate # from utils import casbin_enforcer +from utils import casbin_enforcer router = APIRouter() @@ -161,45 +162,42 @@ async def members(request: Request, current_user: schemas.UserDB = Depends(deps.get_current_user) ): """查看项目成员""" - roles = await crud.authority.find_many(db, {'ptype': 'g', 'v2': game}) - data = dict() - data_auth_ids = set() - for item in roles: - data[item['v0']] = {'name': item['v0'], - 'role': item['v1'], - 'data_auth_id': item.get('data_auth_id') - } - if item.get('data_auth_id'): - data_auth_ids.add(ObjectId(item.get('data_auth_id'))) - - data_auth = {str(m['_id']): m['title'] async for m in - crud.data_auth.find(db, {'_id': {'$in': list(data_auth_ids)}}, {'title': 1})} - - data['root'] = {'name': 'root', 'role': '超级管理员'} - users = await crud.user.get_by_users(db, name={'$in': list(data.keys())}) + data = casbin_enforcer.get_all_users_by_domain(game) + names = [] + role_ids = [] + for item in data: + names.append(item['username']) + role_ids.append(item['role_id']) + users = await crud.user.get_by_users(db, {'name': {'$in': names}}) + roles = await crud.role.find_ids(db,role_ids) + users = {item.name: item.dict() for item in users.data} + roles = {item['_id']: item['name'] for item in roles} res = [] - for user in users.data: + for item in data: + username = item['username'] + role_id = item['role_id'] res.append({ - **user.dict(), - 'role': data[user.name]['role'], - 'data_auth': data_auth.get(data[user.name].get('data_auth_id'), '全部事件') + **users[username], + 'role': roles[role_id], + 'role_id': role_id, + }) return schemas.Msg(code=0, msg='ok', data=res) -@router.post("/del_member") -async def members(request: Request, - game: str, - data_in: schemas.ProjectDelMember, - db: AsyncIOMotorDatabase = Depends(get_database), - current_user: schemas.UserDB = Depends(deps.get_current_user) - ): - """删除项目成员""" - # casbin_enforcer.delete_roles_for_user_in_domain(data_in.username, data_in.role, game) - await crud.project.del_members(db, data_in) - # await crud.authority.delete(db, ptype='g', v2=game, v0=data_in.username) - return schemas.Msg(code=0, msg='ok') +# @router.post("/del_member") +# async def members(request: Request, +# game: str, +# data_in: schemas.ProjectDelMember, +# db: AsyncIOMotorDatabase = Depends(get_database), +# current_user: schemas.UserDB = Depends(deps.get_current_user) +# ): +# """删除项目成员""" +# # casbin_enforcer.delete_roles_for_user_in_domain(data_in.username, data_in.role, game) +# await crud.project.del_members(db, data_in) +# # await crud.authority.delete(db, ptype='g', v2=game, v0=data_in.username) +# return schemas.Msg(code=0, msg='ok') @router.post("/kanban") diff --git a/api/api_v1/endpoints/user.py b/api/api_v1/endpoints/user.py index c64f1bb..3621904 100644 --- a/api/api_v1/endpoints/user.py +++ b/api/api_v1/endpoints/user.py @@ -127,3 +127,27 @@ async def all_account(page: int = 1, limit: int = 10, db: AsyncIOMotorDatabase = data = [schemas.UserDB(**user) async for user in cursor] return schemas.Msg(code=0, msg='ok', data=data) + + +@router.post("/add_account") +async def all_account( + data_in: schemas.CreateAccount, + db: AsyncIOMotorDatabase = Depends(get_database), + current_user: schemas.User = Depends(deps.get_current_user) +) -> schemas.Msg: + """ + 创建新账号 + """ + created = [] + for name in data_in.account_list: + if is_exists := await crud.user.exists(db, {'name': name}): + continue + else: + new_account = schemas.UserCreate(name=name, password='123') + created.append(name) + await crud.user.create(db, new_account) + res = { + 'created_account': created, + 'password': '123' + } + return schemas.Msg(code=0, msg='ok', data=res) diff --git a/crud/base.py b/crud/base.py index 059a905..559647c 100644 --- a/crud/base.py +++ b/crud/base.py @@ -17,6 +17,9 @@ class CRUDBase: async def find_one(self, db, filter=None, *args, **kwargs): return (await db[self.coll_name].find_one(filter, *args, **kwargs)) or dict() + async def exists(self, db, filter=None, *args, **kwargs): + return bool(await db[self.coll_name].find_one(filter, *args, **kwargs)) or False + async def read_have(self, db, v: str, **kwargs): where = {'members': v} where.update(kwargs) @@ -52,7 +55,7 @@ class CRUDBase: async def distinct(self, db, key, filter=None): return await db[self.coll_name].distinct(key, filter) - async def find_ids(self, db, ids, *args, **kwargs): + async def find_ids(self, db, ids:list, *args, **kwargs): return await self.find_many(db, {'_id': {'$in': ids}}, *args, **kwargs) # async def _create_index(self, db: AsyncIOMotorDatabase, *args, **kwargs): diff --git a/crud/crud_user.py b/crud/crud_user.py index 75baa48..df1993f 100644 --- a/crud/crud_user.py +++ b/crud/crud_user.py @@ -11,6 +11,8 @@ from schemas import UserCreate, UserDBRW __all__ = 'user', +from utils import get_uid + class CRUDUser(CRUDBase): @@ -18,11 +20,11 @@ class CRUDUser(CRUDBase): res = await db[self.coll_name].find_one({'name': name}) return res - async def edit_profile(self, db: AsyncIOMotorDatabase, data_id: schemas.UserProfileEdit,user_id): + async def edit_profile(self, db: AsyncIOMotorDatabase, data_id: schemas.UserProfileEdit, user_id): if data_id.nickname: - await self.update_one(db, {'_id': user_id}, {'$set': {'nickname':data_id.nickname}}) + await self.update_one(db, {'_id': user_id}, {'$set': {'nickname': data_id.nickname}}) if data_id.tel: - await self.update_one(db, {'_id': user_id}, {'$set': {'tel':data_id.tel}}) + await self.update_one(db, {'_id': user_id}, {'$set': {'tel': data_id.tel}}) async def update_login_time(self, db, name): await self.update_one(db, {'name': name}, @@ -36,7 +38,7 @@ class CRUDUser(CRUDBase): name=obj_in.name, is_superuser=obj_in.is_superuser, nickname=obj_in.nickname, - _id=uuid.uuid1().hex + _id=get_uid() ) return await db[self.coll_name].insert_one(db_obj.dict(by_alias=True)) @@ -53,8 +55,8 @@ class CRUDUser(CRUDBase): return None return user_obj - async def get_by_users(self, db, **kwargs) -> schemas.Users: - res = await self.find_many(db, **kwargs) + async def get_by_users(self, db, *args, **kwargs) -> schemas.Users: + res = await self.find_many(db, *args, **kwargs) return schemas.Users(data=res) async def get_all_user(self, db: AsyncIOMotorDatabase): diff --git a/schemas/authotity.py b/schemas/authotity.py index ef72d26..4358369 100644 --- a/schemas/authotity.py +++ b/schemas/authotity.py @@ -10,6 +10,10 @@ class AddRoleForUserInDomain(BaseModel): game: str +class AddRoleForUsersInDomain(BaseModel): + data: List[AddRoleForUserInDomain] + + class GetPermissionsForUserInDomain(BaseModel): role_id: str game: str diff --git a/schemas/user.py b/schemas/user.py index 37e0b4b..4b2880b 100644 --- a/schemas/user.py +++ b/schemas/user.py @@ -27,6 +27,10 @@ class Users(BaseModel): data: List[User] = [] +class CreateAccount(BaseModel): + account_list: List[str] = [] + + class UserLogin(BaseModel): username: str = ... password: str = ... diff --git a/utils/casbin/enforcer.py b/utils/casbin/enforcer.py index 678f682..9244846 100644 --- a/utils/casbin/enforcer.py +++ b/utils/casbin/enforcer.py @@ -1,6 +1,7 @@ from utils.casbin.management_enforcer import ManagementEnforcer from utils.casbin.util import join_slice, set_subtract + class Enforcer(ManagementEnforcer): """ Enforcer = ManagementEnforcer + RBAC_API + RBAC_WITH_DOMAIN_API @@ -209,3 +210,14 @@ class Enforcer(ManagementEnforcer): def get_permissions_for_user_in_domain(self, user, domain): """gets permissions for a user or role inside domain.""" return self.get_filtered_policy(0, user, domain) + + def get_all_users_by_domain(self, domain): + """获得所有与该域相关联的用户""" + data = self.get_filtered_grouping_policy(2, domain) + res = [] + for item in data: + res.append({ + 'username': item[0], + 'role_id': item[1] + }) + return res