2020-10-22 09:05:47 +00:00
|
|
|
# -*- coding: utf-8 -*-
|
|
|
|
|
#
|
|
|
|
|
import uuid
|
|
|
|
|
from django.shortcuts import get_object_or_404
|
2021-02-03 04:01:18 +00:00
|
|
|
from django.utils.decorators import method_decorator
|
2020-10-22 09:05:47 +00:00
|
|
|
from rest_framework.views import APIView, Response
|
|
|
|
|
from rest_framework.generics import (
|
|
|
|
|
ListAPIView, get_object_or_404
|
|
|
|
|
)
|
|
|
|
|
|
2021-02-03 04:01:18 +00:00
|
|
|
from orgs.utils import tmp_to_root_org
|
2020-10-22 09:05:47 +00:00
|
|
|
from applications.models import Application
|
2020-10-22 10:13:14 +00:00
|
|
|
from perms.utils.application.permission import (
|
2021-02-23 06:37:42 +00:00
|
|
|
has_application_system_permission,
|
2020-10-22 09:05:47 +00:00
|
|
|
get_application_system_users_id
|
|
|
|
|
)
|
2021-02-05 05:29:29 +00:00
|
|
|
from perms.api.asset.user_permission.mixin import RoleAdminMixin, RoleUserMixin
|
2020-10-22 09:05:47 +00:00
|
|
|
from common.permissions import IsOrgAdminOrAppUser
|
2020-10-22 10:13:14 +00:00
|
|
|
from perms.hands import User, SystemUser
|
|
|
|
|
from perms import serializers
|
2020-10-22 09:05:47 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
__all__ = [
|
|
|
|
|
'UserGrantedApplicationSystemUsersApi',
|
|
|
|
|
'MyGrantedApplicationSystemUsersApi',
|
|
|
|
|
'ValidateUserApplicationPermissionApi'
|
|
|
|
|
]
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class GrantedApplicationSystemUsersMixin(ListAPIView):
|
|
|
|
|
serializer_class = serializers.ApplicationSystemUserSerializer
|
|
|
|
|
only_fields = serializers.ApplicationSystemUserSerializer.Meta.only_fields
|
|
|
|
|
user: None
|
|
|
|
|
|
|
|
|
|
def get_application_system_users_id(self, application):
|
|
|
|
|
return get_application_system_users_id(self.user, application)
|
|
|
|
|
|
|
|
|
|
def get_queryset(self):
|
|
|
|
|
application_id = self.kwargs.get('application_id')
|
|
|
|
|
application = get_object_or_404(Application, id=application_id)
|
|
|
|
|
system_users_id = self.get_application_system_users_id(application)
|
|
|
|
|
system_users = SystemUser.objects.filter(id__in=system_users_id)\
|
|
|
|
|
.only(*self.only_fields).order_by('priority')
|
|
|
|
|
return system_users
|
|
|
|
|
|
|
|
|
|
|
2021-02-05 05:29:29 +00:00
|
|
|
class UserGrantedApplicationSystemUsersApi(RoleAdminMixin, GrantedApplicationSystemUsersMixin):
|
2020-10-22 09:05:47 +00:00
|
|
|
pass
|
|
|
|
|
|
|
|
|
|
|
2021-02-05 05:29:29 +00:00
|
|
|
class MyGrantedApplicationSystemUsersApi(RoleUserMixin, GrantedApplicationSystemUsersMixin):
|
2020-10-22 09:05:47 +00:00
|
|
|
pass
|
|
|
|
|
|
|
|
|
|
|
2021-02-03 04:01:18 +00:00
|
|
|
@method_decorator(tmp_to_root_org(), name='get')
|
2020-10-22 09:05:47 +00:00
|
|
|
class ValidateUserApplicationPermissionApi(APIView):
|
|
|
|
|
permission_classes = (IsOrgAdminOrAppUser,)
|
|
|
|
|
|
|
|
|
|
def get(self, request, *args, **kwargs):
|
|
|
|
|
user_id = request.query_params.get('user_id', '')
|
|
|
|
|
application_id = request.query_params.get('application_id', '')
|
|
|
|
|
system_user_id = request.query_params.get('system_user_id', '')
|
|
|
|
|
|
|
|
|
|
try:
|
|
|
|
|
user_id = uuid.UUID(user_id)
|
|
|
|
|
application_id = uuid.UUID(application_id)
|
|
|
|
|
system_user_id = uuid.UUID(system_user_id)
|
|
|
|
|
except ValueError:
|
|
|
|
|
return Response({'msg': False}, status=403)
|
|
|
|
|
|
|
|
|
|
user = get_object_or_404(User, id=user_id)
|
|
|
|
|
application = get_object_or_404(Application, id=application_id)
|
|
|
|
|
system_user = get_object_or_404(SystemUser, id=system_user_id)
|
|
|
|
|
|
2021-02-23 06:37:42 +00:00
|
|
|
if has_application_system_permission(user, application, system_user):
|
2020-10-22 09:05:47 +00:00
|
|
|
return Response({'msg': True}, status=200)
|
|
|
|
|
|
|
|
|
|
return Response({'msg': False}, status=403)
|
