refactor: app permission (#145)

* refactor: app permission * fix(urls.py): delete old urls(apis), use (gateways) instead (#151)
TencentBlueKing · Jul 31, 2023 · 1c4e827 · 1c4e827
1 parent f73ca4c
commit 1c4e827
Show file tree

Hide file tree

Showing 30 changed files with 1,868 additions and 1,784 deletions.
diff --git a/src/dashboard/apigateway/apigateway/apis/controller/views.py b/src/dashboard/apigateway/apigateway/apis/controller/views.py
@@ -189,7 +189,10 @@ def _get_resource_permissions(
             return resource_permissions
 
         name_mappings = self._get_released_resource_name_mappings(release)
-        for permission in AppResourcePermission.objects.filter_permission(api_gateway, bk_app_codes=app_code_list):
+        queryset = AppResourcePermission.objects.filter(api=api_gateway)
+        if app_code_list:
+            queryset = queryset.filter(bk_app_code__in=app_code_list)
+        for permission in queryset:
             # 因为 resource_version 为下发生效的真实版本，因此没有匹配的权限无需下发
             if permission.resource_id not in name_mappings:
                 continue
@@ -207,7 +210,9 @@ def _get_resource_permissions(
         return resource_permissions
 
     def _get_api_permissions(self, api_gateway: Gateway, app_code_list: Optional[List[str]]):
-        qs = AppAPIPermission.objects.filter_permission(api_gateway, bk_app_codes=app_code_list)
+        qs = AppAPIPermission.objects.filter(api=api_gateway)
+        if app_code_list:
+            qs = qs.filter(bk_app_code__in=app_code_list)
 
         return qs
 

diff --git a/src/dashboard/apigateway/apigateway/apis/open/permission/helpers.py b/src/dashboard/apigateway/apigateway/apis/open/permission/helpers.py
@@ -31,6 +31,15 @@
 from apigateway.core.models import Gateway, ReleasedResource, Resource
 
 
+class AppPermissionHelper:
+    def get_permission_model(self, dimension: str):
+        if dimension == GrantDimensionEnum.API.value:
+            return AppAPIPermission
+        elif dimension == GrantDimensionEnum.RESOURCE.value:
+            return AppResourcePermission
+        raise ValueError(f"unsupported dimension: {dimension}")
+
+
 class ResourcePermission(BaseModel):
     class Config:
         arbitrary_types_allowed = True
@@ -142,16 +151,16 @@ def build(self, resources: list) -> list:
         return [perm.as_dict() for perm in resource_permissions]
 
     def _get_api_permission(self):
-        return AppAPIPermission.objects.filter_permission(
-            gateway=self.gateway,
+        return AppAPIPermission.objects.filter(
+            api=self.gateway,
             bk_app_code=self.target_app_code,
         ).first()
 
     def _get_resource_permission_map(self):
         return {
             perm.resource_id: perm
-            for perm in AppResourcePermission.objects.filter_permission(
-                gateway=self.gateway,
+            for perm in AppResourcePermission.objects.filter(
+                api=self.gateway,
                 bk_app_code=self.target_app_code,
             )
         }

diff --git a/src/dashboard/apigateway/apigateway/apis/open/permission/serializers.py b/src/dashboard/apigateway/apigateway/apis/open/permission/serializers.py
@@ -30,8 +30,8 @@
     PermissionApplyExpireDaysEnum,
     PermissionStatusEnum,
 )
-from apigateway.apps.permission.helpers import PermissionDimensionManager
 from apigateway.apps.permission.models import AppPermissionRecord
+from apigateway.biz.permission import PermissionDimensionManager
 from apigateway.common.fields import TimestampField
 from apigateway.core.validators import BKAppCodeValidator, ResourceIDValidator
 from apigateway.utils import time

diff --git a/src/dashboard/apigateway/apigateway/apis/open/permission/views.py b/src/dashboard/apigateway/apigateway/apis/open/permission/views.py
@@ -26,16 +26,20 @@
 from rest_framework import status, viewsets
 from rest_framework.views import APIView
 
-from apigateway.apis.open.permission.helpers import AppPermissionBuilder, ResourcePermissionBuilder
+from apigateway.apis.open.permission.helpers import (
+    AppPermissionBuilder,
+    AppPermissionHelper,
+    ResourcePermissionBuilder,
+)
 from apigateway.apps.permission.constants import (
     ApplyStatusEnum,
     GrantDimensionEnum,
     GrantTypeEnum,
     PermissionApplyExpireDaysEnum,
 )
-from apigateway.apps.permission.helpers import AppPermissionHelper, PermissionDimensionManager
 from apigateway.apps.permission.models import AppPermissionApply, AppPermissionRecord, AppResourcePermission
 from apigateway.apps.permission.tasks import send_mail_for_perm_apply
+from apigateway.biz.permission import PermissionDimensionManager
 from apigateway.biz.resource_version import ResourceVersionHandler
 from apigateway.common.error_codes import error_codes
 from apigateway.common.permissions import GatewayRelatedAppPermission
@@ -81,7 +85,6 @@ def list(self, request, *args, **kwargs):
 
 
 class AppGatewayPermissionViewSet(viewsets.GenericViewSet):
-
     api_permission_exempt = True
 
     def allow_apply_by_gateway(self, request, *args, **kwargs):
@@ -235,10 +238,10 @@ def revoke(self, request, *args, **kwargs):
         data = slz.validated_data
 
         permission_model = AppPermissionHelper().get_permission_model(data["grant_dimension"])
-        permission_model.objects.delete_permission(
-            gateway=request.gateway,
-            bk_app_codes=data["target_app_codes"],
-        )
+        permission_model.objects.filter(
+            api=request.gateway,
+            bk_app_code__in=data["target_app_codes"],
+        ).delete()
 
         return OKJsonResponse("OK")
 
@@ -270,7 +273,7 @@ def post(self, request, *args, **kwargs):
                 resource_ids=resource_ids,
             )
 
-            AppResourcePermission.objects.renew_permission(
+            AppResourcePermission.objects.renew_by_resource_ids(
                 gateway=gateway,
                 bk_app_code=data["target_app_code"],
                 resource_ids=resource_ids,
@@ -311,7 +314,6 @@ def list(self, request, *args, **kwargs):
             status=data.get("apply_status"),
             query=data.get("query"),
             order_by="-id",
-            fuzzy=False,
         )
 
         page = self.paginate_queryset(queryset)

diff --git a/src/dashboard/apigateway/apigateway/apis/web/permission/__init__.py b/src/dashboard/apigateway/apigateway/apis/web/permission/__init__.py
@@ -0,0 +1,17 @@
+#
+# TencentBlueKing is pleased to support the open source community by making
+# 蓝鲸智云 - API 网关(BlueKing - APIGateway) available.
+# Copyright (C) 2017 THL A29 Limited, a Tencent company. All rights reserved.
+# Licensed under the MIT License (the "License"); you may not use this file except
+# in compliance with the License. You may obtain a copy of the License at
+#
+#     http://opensource.org/licenses/MIT
+#
+# Unless required by applicable law or agreed to in writing, software distributed under
+# the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+# either express or implied. See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# We undertake not to change the open source license (MIT license) applicable
+# to the current version of the project delivered to anyone in the future.
+#
diff --git a/src/dashboard/apigateway/apigateway/apis/web/permission/filters.py b/src/dashboard/apigateway/apigateway/apis/web/permission/filters.py
@@ -0,0 +1,107 @@
+# -*- coding: utf-8 -*-
+#
+# TencentBlueKing is pleased to support the open source community by making
+# 蓝鲸智云 - API 网关(BlueKing - APIGateway) available.
+# Copyright (C) 2017 THL A29 Limited, a Tencent company. All rights reserved.
+# Licensed under the MIT License (the "License"); you may not use this file except
+# in compliance with the License. You may obtain a copy of the License at
+#
+#     http://opensource.org/licenses/MIT
+#
+# Unless required by applicable law or agreed to in writing, software distributed under
+# the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+# either express or implied. See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# We undertake not to change the open source license (MIT license) applicable
+# to the current version of the project delivered to anyone in the future.
+#
+from django_filters import rest_framework as filters
+
+from apigateway.apps.permission.constants import GrantDimensionEnum, GrantTypeEnum
+from apigateway.apps.permission.models import (
+    AppAPIPermission,
+    AppPermissionApply,
+    AppPermissionRecord,
+    AppResourcePermission,
+)
+
+
+class AppResourcePermissionFilter(filters.FilterSet):
+    bk_app_code = filters.CharFilter()
+    query = filters.CharFilter(method="query_filter")
+    grant_type = filters.ChoiceFilter(choices=GrantTypeEnum.choices())
+    resource_id = filters.NumberFilter()
+    order_by = filters.OrderingFilter(
+        choices=[(field, field) for field in ["bk_app_code", "-bk_app_code", "expires", "-expires"]]
+    )
+
+    class Meta:
+        model = AppResourcePermission
+        fields = [
+            "bk_app_code",
+            "query",
+            "grant_type",
+            "resource_id",
+            "order_by",
+        ]
+
+    def query_filter(self, queryset, name, value):
+        return queryset.filter(bk_app_code__icontains=value)
+
+
+class AppPermissionApplyFilter(filters.FilterSet):
+    bk_app_code = filters.CharFilter(lookup_expr="icontains")
+    applied_by = filters.CharFilter()
+    grant_dimension = filters.OrderingFilter(choices=GrantDimensionEnum.get_choices())
+
+    class Meta:
+        model = AppPermissionApply
+        fields = [
+            "bk_app_code",
+            "applied_by",
+            "grant_dimension",
+        ]
+
+
+class AppGatewayPermissionFilter(filters.FilterSet):
+    bk_app_code = filters.CharFilter()
+    query = filters.CharFilter(method="query_filter")
+    resource_id = filters.NumberFilter()
+    order_by = filters.OrderingFilter(
+        choices=[(field, field) for field in ["bk_app_code", "-bk_app_code", "expires", "-expires"]]
+    )
+
+    class Meta:
+        model = AppAPIPermission
+        fields = [
+            "bk_app_code",
+            "query",
+            "resource_id",
+            "order_by",
+        ]
+
+    def query_filter(self, queryset, name, value):
+        return queryset.filter(bk_app_code__icontains=value)
+
+
+class AppPermissionRecordFilter(filters.FilterSet):
+    time_start = filters.DateTimeFilter(method="time_start_filter")
+    time_end = filters.DateTimeFilter(method="time_end_filter")
+    bk_app_code = filters.CharFilter()
+    grant_dimension = filters.OrderingFilter(choices=GrantDimensionEnum.get_choices())
+
+    class Meta:
+        model = AppPermissionRecord
+        fields = [
+            "time_start",
+            "time_end",
+            "bk_app_code",
+            "grant_dimension",
+        ]
+
+    def time_start_filter(self, queryset, name, value):
+        return queryset.filter(handled_time__gte=value)
+
+    def time_end_filter(self, queryset, name, value):
+        return queryset.filter(handled_time__lt=value)