jumpserver/apps/orgs/api.py

# -*- coding: utf-8 -*-
#

from django.utils.translation import ugettext as _
from django.db.models import Q
from rest_framework import status, generics
from rest_framework.views import Response
from rest_framework_bulk import BulkModelViewSet
from rest_framework.mixins import CreateModelMixin

from common.permissions import IsSuperUserOrAppUser
from common.drf.api import JMSBulkRelationModelViewSet
from .models import Organization, ROLE
from .serializers import (
    OrgSerializer, OrgReadSerializer,
    OrgRetrieveSerializer, OrgMemberSerializer
)
from users.models import User, UserGroup
from assets.models import Asset, Domain, AdminUser, SystemUser, Label
from perms.models import AssetPermission
from orgs.utils import current_org
from common.utils import get_logger
from .filters import OrgMemberRelationFilterSet
from .models import OrganizationMember


logger = get_logger(__file__)


class OrgViewSet(BulkModelViewSet):
    filter_fields = ('name',)
    search_fields = ('name', 'comment')
    queryset = Organization.objects.all()
    serializer_class = OrgSerializer
    permission_classes = (IsSuperUserOrAppUser,)
    org = None

    def get_serializer_class(self):
        mapper = {
            'list': OrgReadSerializer,
            'retrieve': OrgRetrieveSerializer
        }
        return mapper.get(self.action, super().get_serializer_class())

    def get_data_from_model(self, model):
        if model == User:
            data = model.objects.filter(orgs__id=self.org.id, m2m_org_members__role=ROLE.USER)
        else:
            data = model.objects.filter(org_id=self.org.id)
        return data

    def destroy(self, request, *args, **kwargs):
        self.org = self.get_object()
        models = [
            User, UserGroup,
            Asset, Domain, AdminUser, SystemUser, Label,
            AssetPermission,
        ]
        for model in models:
            data = self.get_data_from_model(model)
            if data:
                msg = _('Organization contains undeleted resources')
                return Response(data={'error': msg}, status=status.HTTP_403_FORBIDDEN)
        else:
            if str(current_org) == str(self.org):
                msg = _('The current organization cannot be deleted')
                return Response(data={'error': msg}, status=status.HTTP_403_FORBIDDEN)
            self.org.delete()
            return Response({'msg': True}, status=status.HTTP_200_OK)


class OrgMemberRelationBulkViewSet(JMSBulkRelationModelViewSet):
    permission_classes = (IsSuperUserOrAppUser,)
    m2m_field = Organization.members.field
    serializer_class = OrgMemberSerializer
    filterset_class = OrgMemberRelationFilterSet

    @staticmethod
    def clear_request_data(request):
        data = request.data

        ignore_already_exist = request.query_params.get('ignore_already_exist')
        if not ignore_already_exist:
            return data

        query_params = Q()
        for _data in data:
            query_fields = {}
            org = _data.get('org')
            if org:
                query_fields.update({'org': org})
            user = _data.get('user')
            if user:
                query_fields.update({'user': user})
            role = _data.get('role')
            if role:
                query_fields.update({'role': role})
            query_params |= Q(**query_fields)

        if not query_params:
            return data

        members = OrganizationMember.objects.filter(query_params)
        members = [
            {'org': str(member.org_id), 'user': str(member.user_id), 'role': member.role}
            for member in members
        ]
        if not members:
            return data

        for member in members:
            if member in data:
                data.remove(member)
        return data

    def create(self, request, *args, **kwargs):
        bulk = isinstance(request.data, list)

        if not bulk:
            return CreateModelMixin.create(self, request, *args, **kwargs)

        else:
            data = self.clear_request_data(request)
            serializer = self.get_serializer(data=data, many=True)
            serializer.is_valid(raise_exception=True)
            self.perform_bulk_create(serializer)
            return Response(serializer.data, status=status.HTTP_201_CREATED)

    def perform_bulk_destroy(self, queryset):
        objs = list(queryset.all().prefetch_related('user', 'org'))
        queryset.delete()
        self.send_m2m_changed_signal(objs, action='post_remove')
Tmp org (#1579) * [Update] 添加org api, 升级到django 2.0 * [Update] fix some bug * [Update] 修改一些bug 6 years ago			`# -- coding: utf-8 --`
			`#`

fix(orgs): 删除组织失败时返回对应错误信息 4 years ago			`from django.utils.translation import ugettext as _`
feat(orgs): 修改OrgMemberRelationAPI，支持通过查询参数控制是否忽略已存在的数据 (#4720) * feat(orgs): 修改OrgMemberRelationAPI，支持通过查询参数控制是否忽略已存在的数据 * feat(orgs): 修改构建数据库查询参数的问题 Co-authored-by: Bai <bugatti_it@163.com> 4 years ago			`from django.db.models import Q`
[Update] 添加组织详情->组织用户tab页，解决组织详情页面加载超时问题 5 years ago			`from rest_framework import status, generics`
[Update] 更新组织管理api (#1986) * [Update] 更新组织管理api * [Update] 重写-组织管理员/用户API，采用through类 * [Update] 修改OrgMembershipSerializerMixin目录 * [Update] 修改组织管理API，限制http method * [Update] 修改rpm依赖 6 years ago			`from rest_framework.views import Response`
			`from rest_framework_bulk import BulkModelViewSet`
feat(orgs): 修改OrgMemberRelationAPI，支持通过查询参数控制是否忽略已存在的数据 (#4720) * feat(orgs): 修改OrgMemberRelationAPI，支持通过查询参数控制是否忽略已存在的数据 * feat(orgs): 修改构建数据库查询参数的问题 Co-authored-by: Bai <bugatti_it@163.com> 4 years ago			`from rest_framework.mixins import CreateModelMixin`
Tmp org (#1579) * [Update] 添加org api, 升级到django 2.0 * [Update] fix some bug * [Update] 修改一些bug 6 years ago
Tmp org (#1583) * [Update] 修改一些内容 * [Update] 修改datatable 支持process * [Bugfix] 修复asset queryset 没有valid方法的bug 6 years ago			`from common.permissions import IsSuperUserOrAppUser`
refactor(orgs): 重构组织与用户关系接口 4 years ago			`from common.drf.api import JMSBulkRelationModelViewSet`
refactor(orgs): 重构组织表结构 4 years ago			`from .models import Organization, ROLE`
refactor(orgs): 重构组织与用户关系接口 4 years ago			`from .serializers import (`
			`OrgSerializer, OrgReadSerializer,`
			`OrgRetrieveSerializer, OrgMemberSerializer`
			`)`
[Update] 更新组织管理api (#1986) * [Update] 更新组织管理api * [Update] 重写-组织管理员/用户API，采用through类 * [Update] 修改OrgMembershipSerializerMixin目录 * [Update] 修改组织管理API，限制http method * [Update] 修改rpm依赖 6 years ago			`from users.models import User, UserGroup`
			`from assets.models import Asset, Domain, AdminUser, SystemUser, Label`
			`from perms.models import AssetPermission`
			`from orgs.utils import current_org`
			`from common.utils import get_logger`
refactor(orgs): 重构组织与用户关系接口 4 years ago			`from .filters import OrgMemberRelationFilterSet`
feat(orgs): 修改OrgMemberRelationAPI，支持通过查询参数控制是否忽略已存在的数据 (#4720) * feat(orgs): 修改OrgMemberRelationAPI，支持通过查询参数控制是否忽略已存在的数据 * feat(orgs): 修改构建数据库查询参数的问题 Co-authored-by: Bai <bugatti_it@163.com> 4 years ago			`from .models import OrganizationMember`

Tmp org (#1579) * [Update] 添加org api, 升级到django 2.0 * [Update] fix some bug * [Update] 修改一些bug 6 years ago
[Update] 更新组织管理api (#1986) * [Update] 更新组织管理api * [Update] 重写-组织管理员/用户API，采用through类 * [Update] 修改OrgMembershipSerializerMixin目录 * [Update] 修改组织管理API，限制http method * [Update] 修改rpm依赖 6 years ago			`logger = get_logger(__file__)`
Tmp org (#1579) * [Update] 添加org api, 升级到django 2.0 * [Update] fix some bug * [Update] 修改一些bug 6 years ago
[Update] 更新组织管理api (#1986) * [Update] 更新组织管理api * [Update] 重写-组织管理员/用户API，采用through类 * [Update] 修改OrgMembershipSerializerMixin目录 * [Update] 修改组织管理API，限制http method * [Update] 修改rpm依赖 6 years ago
			`class OrgViewSet(BulkModelViewSet):`
feat(Cloud): 组织管理ViewSet添加搜索字段 4 years ago			`filter_fields = ('name',)`
			`search_fields = ('name', 'comment')`
Tmp org (#1579) * [Update] 添加org api, 升级到django 2.0 * [Update] fix some bug * [Update] 修改一些bug 6 years ago			`queryset = Organization.objects.all()`
			`serializer_class = OrgSerializer`
Tmp org (#1583) * [Update] 修改一些内容 * [Update] 修改datatable 支持process * [Bugfix] 修复asset queryset 没有valid方法的bug 6 years ago			`permission_classes = (IsSuperUserOrAppUser,)`
[Update] 更新组织管理api (#1986) * [Update] 更新组织管理api * [Update] 重写-组织管理员/用户API，采用through类 * [Update] 修改OrgMembershipSerializerMixin目录 * [Update] 修改组织管理API，限制http method * [Update] 修改rpm依赖 6 years ago			`org = None`

			`def get_serializer_class(self):`
[Update] org retrieve api 5 years ago			`mapper = {`
			`'list': OrgReadSerializer,`
			`'retrieve': OrgRetrieveSerializer`
			`}`
			`return mapper.get(self.action, super().get_serializer_class())`
[Update] 更新组织管理api (#1986) * [Update] 更新组织管理api * [Update] 重写-组织管理员/用户API，采用through类 * [Update] 修改OrgMembershipSerializerMixin目录 * [Update] 修改组织管理API，限制http method * [Update] 修改rpm依赖 6 years ago
			`def get_data_from_model(self, model):`
			`if model == User:`
refactor(orgs): 重构组织表结构 4 years ago			`data = model.objects.filter(orgs__id=self.org.id, m2m_org_members__role=ROLE.USER)`
[Update] 更新组织管理api (#1986) * [Update] 更新组织管理api * [Update] 重写-组织管理员/用户API，采用through类 * [Update] 修改OrgMembershipSerializerMixin目录 * [Update] 修改组织管理API，限制http method * [Update] 修改rpm依赖 6 years ago			`else:`
			`data = model.objects.filter(org_id=self.org.id)`
			`return data`

			`def destroy(self, request, args, *kwargs):`
			`self.org = self.get_object()`
			`models = [`
			`User, UserGroup,`
			`Asset, Domain, AdminUser, SystemUser, Label,`
			`AssetPermission,`
			`]`
			`for model in models:`
			`data = self.get_data_from_model(model)`
			`if data:`
fix(orgs): 删除组织失败时返回对应错误信息 4 years ago			`msg = _('Organization contains undeleted resources')`
			`return Response(data={'error': msg}, status=status.HTTP_403_FORBIDDEN)`
[Update] 更新组织管理api (#1986) * [Update] 更新组织管理api * [Update] 重写-组织管理员/用户API，采用through类 * [Update] 修改OrgMembershipSerializerMixin目录 * [Update] 修改组织管理API，限制http method * [Update] 修改rpm依赖 6 years ago			`else:`
			`if str(current_org) == str(self.org):`
fix(orgs): 删除组织失败时返回对应错误信息 4 years ago			`msg = _('The current organization cannot be deleted')`
			`return Response(data={'error': msg}, status=status.HTTP_403_FORBIDDEN)`
[Update] 更新组织管理api (#1986) * [Update] 更新组织管理api * [Update] 重写-组织管理员/用户API，采用through类 * [Update] 修改OrgMembershipSerializerMixin目录 * [Update] 修改组织管理API，限制http method * [Update] 修改rpm依赖 6 years ago			`self.org.delete()`
			`return Response({'msg': True}, status=status.HTTP_200_OK)`


refactor(orgs): 重构组织与用户关系接口 4 years ago			`class OrgMemberRelationBulkViewSet(JMSBulkRelationModelViewSet):`
[Update] 添加组织详情->组织用户tab页，解决组织详情页面加载超时问题 5 years ago			`permission_classes = (IsSuperUserOrAppUser,)`
refactor(orgs): 重构组织与用户关系接口 4 years ago			`m2m_field = Organization.members.field`
			`serializer_class = OrgMemberSerializer`
			`filterset_class = OrgMemberRelationFilterSet`
[Update] 添加组织详情->组织用户tab页，解决组织详情页面加载超时问题 5 years ago
feat(orgs): 修改OrgMemberRelationAPI，支持通过查询参数控制是否忽略已存在的数据 (#4720) * feat(orgs): 修改OrgMemberRelationAPI，支持通过查询参数控制是否忽略已存在的数据 * feat(orgs): 修改构建数据库查询参数的问题 Co-authored-by: Bai <bugatti_it@163.com> 4 years ago			`@staticmethod`
			`def clear_request_data(request):`
			`data = request.data`

			`ignore_already_exist = request.query_params.get('ignore_already_exist')`
			`if not ignore_already_exist:`
			`return data`

			`query_params = Q()`
			`for _data in data:`
			`query_fields = {}`
			`org = _data.get('org')`
			`if org:`
			`query_fields.update({'org': org})`
			`user = _data.get('user')`
			`if user:`
			`query_fields.update({'user': user})`
			`role = _data.get('role')`
			`if role:`
			`query_fields.update({'role': role})`
			`query_params \|= Q(**query_fields)`

			`if not query_params:`
			`return data`

			`members = OrganizationMember.objects.filter(query_params)`
			`members = [`
			`{'org': str(member.org_id), 'user': str(member.user_id), 'role': member.role}`
			`for member in members`
			`]`
			`if not members:`
			`return data`

			`for member in members:`
			`if member in data:`
			`data.remove(member)`
			`return data`

			`def create(self, request, args, *kwargs):`
			`bulk = isinstance(request.data, list)`

			`if not bulk:`
			`return CreateModelMixin.create(self, request, args, *kwargs)`

			`else:`
			`data = self.clear_request_data(request)`
			`serializer = self.get_serializer(data=data, many=True)`
			`serializer.is_valid(raise_exception=True)`
			`self.perform_bulk_create(serializer)`
			`return Response(serializer.data, status=status.HTTP_201_CREATED)`

refactor(orgs): 重构组织与用户关系接口 4 years ago			`def perform_bulk_destroy(self, queryset):`
			`objs = list(queryset.all().prefetch_related('user', 'org'))`
			`queryset.delete()`
			`self.send_m2m_changed_signal(objs, action='post_remove')`