From b72abee86dfca217ca24772e9d4ce5397060f604 Mon Sep 17 00:00:00 2001 From: guohelu <19503896967@163.com> Date: Thu, 19 Dec 2024 16:19:10 +0800 Subject: [PATCH 1/5] =?UTF-8?q?fix:=20=E5=A2=9E=E5=8A=A0=E9=A1=B9=E7=9B=AE?= =?UTF-8?q?=E9=89=B4=E6=9D=83=20#7626?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../views/copy_template_across_project.py | 3 ++ .../view_interceptors/apigw/__init__.py | 15 ++++---- .../apigw/copy_template_across_project.py | 34 +++++++++++++++++++ 3 files changed, 45 insertions(+), 7 deletions(-) create mode 100644 gcloud/iam_auth/view_interceptors/apigw/copy_template_across_project.py diff --git a/gcloud/apigw/views/copy_template_across_project.py b/gcloud/apigw/views/copy_template_across_project.py index ad8f411e90..5e05a38d82 100644 --- a/gcloud/apigw/views/copy_template_across_project.py +++ b/gcloud/apigw/views/copy_template_across_project.py @@ -25,10 +25,12 @@ ) from gcloud.apigw.views.utils import logger +from gcloud.iam_auth.intercept import iam_intercept from gcloud.contrib.template_market.models import TemplateSharedRecord from gcloud.tasktmpl3.models import TaskTemplate from gcloud.template_base.utils import format_import_result_to_response_data from gcloud.utils.decorators import request_validate +from gcloud.iam_auth.view_interceptors.apigw import CopyTemplateInterceptor from gcloud.apigw.validators.copy_template_across_project import CopyTemplateAcrossProjectValidator @@ -40,6 +42,7 @@ @project_inject @request_validate(CopyTemplateAcrossProjectValidator) @mark_request_whether_is_trust +@iam_intercept(CopyTemplateInterceptor()) def copy_template_across_project(request, project_id): if not request.is_trust: return { diff --git a/gcloud/iam_auth/view_interceptors/apigw/__init__.py b/gcloud/iam_auth/view_interceptors/apigw/__init__.py index b3e9eee452..d0c3c669ba 100644 --- a/gcloud/iam_auth/view_interceptors/apigw/__init__.py +++ b/gcloud/iam_auth/view_interceptors/apigw/__init__.py @@ -11,17 +11,18 @@ specific language governing permissions and limitations under the License. """ +from .claim_functionalization_task import FunctionTaskInterceptor # noqa +from .common_flow_view import CommonFlowViewInterceptor # noqa +from .copy_template_across_project import CopyTemplateInterceptor # noqa from .create_periodic_task import CreatePeriodicTaskInterceptor # noqa from .create_task import CreateTaskInterceptor # noqa from .fast_create_task import FastCreateTaskInterceptor # noqa -from .common_flow_view import CommonFlowViewInterceptor # noqa +from .flow_view import FlowViewInterceptor # noqa +from .functionalization_task_view import FunctionViewInterceptor # noqa from .get_periodic_task_info import GetPeriodicTaskInfoInterceptor # noqa +from .get_template_info import GetTemplateInfoInterceptor # noqa +from .periodic_task_edit import PeriodicTaskEditInterceptor # noqa from .project_view import ProjectViewInterceptor # noqa -from .task_view import TaskViewInterceptor # noqa from .task_edit import TaskEditInterceptor # noqa from .task_operate import TaskOperateInterceptor # noqa -from .get_template_info import GetTemplateInfoInterceptor # noqa -from .flow_view import FlowViewInterceptor # noqa -from .periodic_task_edit import PeriodicTaskEditInterceptor # noqa -from .functionalization_task_view import FunctionViewInterceptor # noqa -from .claim_functionalization_task import FunctionTaskInterceptor # noqa +from .task_view import TaskViewInterceptor # noqa diff --git a/gcloud/iam_auth/view_interceptors/apigw/copy_template_across_project.py b/gcloud/iam_auth/view_interceptors/apigw/copy_template_across_project.py new file mode 100644 index 0000000000..a618ce4738 --- /dev/null +++ b/gcloud/iam_auth/view_interceptors/apigw/copy_template_across_project.py @@ -0,0 +1,34 @@ +# -*- coding: utf-8 -*- +""" +Tencent is pleased to support the open source community by making 蓝鲸智云PaaS平台社区版 (BlueKing PaaS Community +Edition) available. +Copyright (C) 2017 THL A29 Limited, a Tencent company. All rights reserved. +Licensed under the MIT License (the "License"); you may not use this file except in compliance with the License. +You may obtain a copy of the License at +http://opensource.org/licenses/MIT +Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on +an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the +specific language governing permissions and limitations under the License. +""" +import json + +from iam import Action, Subject +from iam.shortcuts import allow_or_raise_auth_failed + +from gcloud.iam_auth import IAMMeta +from gcloud.iam_auth import get_iam_client +from gcloud.iam_auth import res_factory +from gcloud.iam_auth.intercept import ViewInterceptor + +iam = get_iam_client() + + +class CopyTemplateInterceptor(ViewInterceptor): + def process(self, request, *args, **kwargs): + data = json.loads(request.body) + new_project_id = data.get("new_project_id") + subject = Subject("user", request.user.username) + + action = Action(IAMMeta.PROJECT_EDIT_ACTION) + resources = res_factory.resources_for_project(new_project_id) + allow_or_raise_auth_failed(iam, IAMMeta.SYSTEM_ID, subject, action, resources, cache=True) From 43520780238e55479fabc69b35e6f4bf09f507cf Mon Sep 17 00:00:00 2001 From: guohelu <19503896967@163.com> Date: Thu, 19 Dec 2024 17:31:56 +0800 Subject: [PATCH 2/5] =?UTF-8?q?fix:=20=E4=BF=AE=E6=94=B9=E5=8F=98=E9=87=8F?= =?UTF-8?q?=E5=BC=80=E5=85=B3=20#7626?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- env.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/env.py b/env.py index b0bb447746..6f0173a7a3 100644 --- a/env.py +++ b/env.py @@ -155,7 +155,7 @@ BK_AUDIT_DATA_TOKEN = os.getenv("BK_AUDIT_DATA_TOKEN", None) # 流程商店 -ENABLE_TEMPLATE_MARKET = False if os.getenv("ENABLE_TEMPLATE_MARKET") is None else True +ENABLE_TEMPLATE_MARKET = int(os.getenv("ENABLE_TEMPLATE_MARKET"), 0) # 流程商店 API 地址 TEMPLATE_MARKET_API_URL = os.getenv("TEMPLATE_MARKET_API_URL", "") # 模板市场路由 From 5395a3b83075957d31315a7dce122b90416f7b88 Mon Sep 17 00:00:00 2001 From: guohelu <19503896967@163.com> Date: Thu, 19 Dec 2024 17:36:08 +0800 Subject: [PATCH 3/5] =?UTF-8?q?fix:=20=E4=BF=AE=E5=A4=8D=E8=AF=AD=E6=B3=95?= =?UTF-8?q?=E9=94=99=E8=AF=AF=20#7626?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- env.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/env.py b/env.py index 6f0173a7a3..3538d76c13 100644 --- a/env.py +++ b/env.py @@ -155,7 +155,7 @@ BK_AUDIT_DATA_TOKEN = os.getenv("BK_AUDIT_DATA_TOKEN", None) # 流程商店 -ENABLE_TEMPLATE_MARKET = int(os.getenv("ENABLE_TEMPLATE_MARKET"), 0) +ENABLE_TEMPLATE_MARKET = int(os.getenv("ENABLE_TEMPLATE_MARKET", 0)) # 流程商店 API 地址 TEMPLATE_MARKET_API_URL = os.getenv("TEMPLATE_MARKET_API_URL", "") # 模板市场路由 From 1004801fd284a178d0f18fe6ab5fecc09d8923df Mon Sep 17 00:00:00 2001 From: guohelu <19503896967@163.com> Date: Thu, 19 Dec 2024 18:08:01 +0800 Subject: [PATCH 4/5] =?UTF-8?q?fix:=20=E5=8E=BB=E9=99=A4=E6=95=B0=E6=8D=AE?= =?UTF-8?q?json=E5=8C=96=20#7626?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- gcloud/contrib/template_market/viewsets.py | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/gcloud/contrib/template_market/viewsets.py b/gcloud/contrib/template_market/viewsets.py index 156028be66..38436c6684 100644 --- a/gcloud/contrib/template_market/viewsets.py +++ b/gcloud/contrib/template_market/viewsets.py @@ -10,7 +10,6 @@ an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. """ -import json import logging from rest_framework import viewsets @@ -65,7 +64,7 @@ class TemplateSceneViewSet(viewsets.ViewSet): def _build_template_data(self, serializer, **kwargs): templates = TaskTemplate.objects.filter(id__in=serializer.validated_data["template_ids"], is_deleted=False) template_info = [{"id": template.id, "name": template.name} for template in templates] - data = {"source_system": settings.APP_CODE, "templates": json.dumps(template_info), **serializer.validated_data} + data = {"source_system": settings.APP_CODE, "templates": template_info, **serializer.validated_data} market_record_id = kwargs.get("market_record_id") if market_record_id: data["id"] = market_record_id @@ -186,9 +185,7 @@ def partial_update(self, request, *args, **kwargs): detail_response = self._handle_response(existing_records, "Failed to get details") if detail_response: return detail_response - existing_market_template_ids = set( - [template["id"] for template in json.loads(existing_records["data"]["templates"])] - ) + existing_market_template_ids = set([template["id"] for template in existing_records["data"]["templates"]]) data = self._build_template_data(serializer, market_record_id=market_record_id) response_data = client.patch_template_scene(data, market_record_id) From 4aa99b43af71c6c662a0a6f67025cb49a50ca7ca Mon Sep 17 00:00:00 2001 From: guohelu <19503896967@163.com> Date: Thu, 19 Dec 2024 19:27:09 +0800 Subject: [PATCH 5/5] =?UTF-8?q?fix:=20=E4=BF=AE=E5=A4=8D=E9=89=B4=E6=9D=83?= =?UTF-8?q?=E9=97=AE=E9=A2=98=20#7626?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- gcloud/apigw/views/copy_template_across_project.py | 11 ----------- .../apigw/copy_template_across_project.py | 11 ++++++++++- 2 files changed, 10 insertions(+), 12 deletions(-) diff --git a/gcloud/apigw/views/copy_template_across_project.py b/gcloud/apigw/views/copy_template_across_project.py index 5e05a38d82..6c8681f045 100644 --- a/gcloud/apigw/views/copy_template_across_project.py +++ b/gcloud/apigw/views/copy_template_across_project.py @@ -10,7 +10,6 @@ an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. """ -import logging import json from apigw_manager.apigw.decorators import apigw_require from blueapps.account.decorators import login_exempt @@ -26,7 +25,6 @@ from gcloud.apigw.views.utils import logger from gcloud.iam_auth.intercept import iam_intercept -from gcloud.contrib.template_market.models import TemplateSharedRecord from gcloud.tasktmpl3.models import TaskTemplate from gcloud.template_base.utils import format_import_result_to_response_data from gcloud.utils.decorators import request_validate @@ -55,15 +53,6 @@ def copy_template_across_project(request, project_id): new_project_id = params_data["new_project_id"] template_id = params_data["template_id"] - record = TemplateSharedRecord.objects.filter(project_id=request.project.id, template_id=template_id).first() - if record is None: - logging.warning("The specified template could not be found") - return { - "result": False, - "message": "The specified template could not be found", - "code": err_code.REQUEST_FORBIDDEN_INVALID.code, - } - try: export_data = TaskTemplate.objects.export_templates([template_id], is_full=False, project_id=request.project.id) import_result = TaskTemplate.objects.import_templates( diff --git a/gcloud/iam_auth/view_interceptors/apigw/copy_template_across_project.py b/gcloud/iam_auth/view_interceptors/apigw/copy_template_across_project.py index a618ce4738..9b6b300588 100644 --- a/gcloud/iam_auth/view_interceptors/apigw/copy_template_across_project.py +++ b/gcloud/iam_auth/view_interceptors/apigw/copy_template_across_project.py @@ -11,6 +11,7 @@ specific language governing permissions and limitations under the License. """ import json +import logging from iam import Action, Subject from iam.shortcuts import allow_or_raise_auth_failed @@ -19,6 +20,7 @@ from gcloud.iam_auth import get_iam_client from gcloud.iam_auth import res_factory from gcloud.iam_auth.intercept import ViewInterceptor +from gcloud.contrib.template_market.models import TemplateSharedRecord iam = get_iam_client() @@ -27,8 +29,15 @@ class CopyTemplateInterceptor(ViewInterceptor): def process(self, request, *args, **kwargs): data = json.loads(request.body) new_project_id = data.get("new_project_id") + template_id = data.get("template_id") subject = Subject("user", request.user.username) - action = Action(IAMMeta.PROJECT_EDIT_ACTION) + record = TemplateSharedRecord.objects.filter(project_id=request.project.id, template_id=template_id).first() + if record is None: + error_message = f"Unable to find template {template_id} in project {request.project.id}." + logging.error(error_message) + raise ValueError(error_message) + + action = Action(IAMMeta.FLOW_CREATE_ACTION) resources = res_factory.resources_for_project(new_project_id) allow_or_raise_auth_failed(iam, IAMMeta.SYSTEM_ID, subject, action, resources, cache=True)