Merge pull request #1745 from TencentBlueKing/develop

v1.9.7

release.md

@@ -1,3 +1,8 @@
+# V1.9.7
+
+### 缺陷修复
+* 操作权限删除部分实例报错
+
 # V1.9.6
 
 ### 缺陷修复

saas/VERSION

@@ -1 +1 @@
-1.9.6
+1.9.7

saas/backend/account/backends.py

@@ -124,7 +124,7 @@ def verify_bk_token(bk_token):
         try:
             data = login.verify_bk_token(bk_token)
         except Exception:  # pylint: disable=broad-except
-            logger.exception("Abnormal error in verify_bk_token...")
+            logger.warn("Abnormal error in verify_bk_token...", exc_info=True)
             return False, None
 
         return True, data["username"]

saas/backend/api/application/serializers.py

@@ -98,3 +98,15 @@ def validate(self, data):
 
 class AccessSystemApplicationUrlSLZ(serializers.Serializer):
     url = serializers.URLField()
+
+
+class AccessSystemApplicationCustomPolicySLZ(AccessSystemApplicationSLZ):
+    """接入系统创建自定义申请单"""
+
+    applicant = serializers.CharField(label="申请者的用户名", max_length=32)
+    reason = serializers.CharField(label="申请理由", max_length=255)
+
+
+class AccessSystemApplicationCustomPolicyResultSLZ(serializers.Serializer):
+    id = serializers.CharField(label="申请单据ID")
+    sn = serializers.CharField(label="ITSM审批单SN")

saas/backend/api/application/urls.py

@@ -14,4 +14,5 @@
 
 urlpatterns = [
     path("", views.ApplicationView.as_view(), name="open.application"),
+    path("policies/", views.ApplicationCustomPolicyView.as_view(), name="open.application_policy"),
 ]

saas/backend/api/application/views.py

@@ -18,11 +18,18 @@
 from rest_framework.viewsets import views
 
 from backend.api.authentication import ESBAuthentication
+from backend.biz.application import ApplicationBiz
 from backend.biz.open import ApplicationPolicyListCache
+from backend.service.constants import ApplicationTypeEnum
 from backend.trans.open_application import AccessSystemApplicationTrans
 from backend.util.url import url_join
 
-from .serializers import AccessSystemApplicationSLZ, AccessSystemApplicationUrlSLZ
+from .serializers import (
+    AccessSystemApplicationCustomPolicyResultSLZ,
+    AccessSystemApplicationCustomPolicySLZ,
+    AccessSystemApplicationSLZ,
+    AccessSystemApplicationUrlSLZ,
+)
 
 
 class ApplicationView(views.APIView):
@@ -33,7 +40,7 @@ class ApplicationView(views.APIView):
     authentication_classes = [ESBAuthentication]
     permission_classes = [IsAuthenticated]
 
-    access_system_application_biz = AccessSystemApplicationTrans()
+    access_system_application_trans = AccessSystemApplicationTrans()
     application_policy_list_cache = ApplicationPolicyListCache()
 
     @swagger_auto_schema(
@@ -51,7 +58,7 @@ def post(self, request):
         system_id = data["system"]
 
         # 将申请的数据转换为PolicyBeanList数据结构，同时需要进行数据检查
-        policy_list = self.access_system_application_biz.to_policy_list(data)
+        policy_list = self.access_system_application_trans.to_policy_list(data)
 
         # 保存到cache中
         cache_id = self.application_policy_list_cache.set(policy_list)
@@ -62,3 +69,36 @@ def post(self, request):
         url = url + "?" + urlencode(params)
 
         return Response({"url": url})
+
+
+class ApplicationCustomPolicyView(views.APIView):
+    """
+    创建自定义权限申请单
+    """
+
+    authentication_classes = [ESBAuthentication]
+    permission_classes = [IsAuthenticated]
+
+    access_system_application_trans = AccessSystemApplicationTrans()
+    application_biz = ApplicationBiz()
+
+    @swagger_auto_schema(
+        operation_description="创建自定义权限申请单",
+        request_body=AccessSystemApplicationCustomPolicySLZ(label="创建自定义权限申请单"),
+        responses={status.HTTP_200_OK: AccessSystemApplicationCustomPolicyResultSLZ(label="申请单信息")},
+        tags=["open"],
+    )
+    def post(self, request):
+        # 校验数据
+        serializer = AccessSystemApplicationCustomPolicySLZ(data=request.data)
+        serializer.is_valid(raise_exception=True)
+
+        data = serializer.validated_data
+        username = data["applicant"]
+
+        # 将Dict数据转换为创建单据所需的数据结构
+        application_data = self.access_system_application_trans.from_grant_policy_application(username, data)
+        # 创建单据
+        applications = self.application_biz.create_for_policy(ApplicationTypeEnum.GRANT_ACTION.value, application_data)
+
+        return Response({"id": applications[0].id, "sn": applications[0].sn})

saas/backend/service/policy/query.py

@@ -154,9 +154,7 @@ def list_temporary_system_counter_by_subject(self, subject: Subject) -> List[Sys
     def get_policy_system_by_id(self, policy_id: int, subject: Subject) -> str:
         """根据策略ID获取system"""
         try:
-            p = PolicyModel.objects.get(id=policy_id, subject_type=subject.type, subject_id=subject.id).only(
-                "system_id"
-            )
+            p = PolicyModel.objects.get(id=policy_id, subject_type=subject.type, subject_id=subject.id)
         except PolicyModel.DoesNotExist:
             raise error_codes.NOT_FOUND_ERROR.format("saas policy not found, id=%d", policy_id)
 

saas/backend/trans/open_application.py

@@ -12,12 +12,14 @@
 
 from pydantic.tools import parse_obj_as
 
+from backend.biz.application import ActionApplicationDataBean
 from backend.biz.policy import PolicyBeanList
+from backend.trans.application import ApplicationDataTrans
 
 from .open import OpenCommonTrans, OpenPolicy
 
 
-class AccessSystemApplicationTrans(OpenCommonTrans):
+class AccessSystemApplicationTrans(OpenCommonTrans, ApplicationDataTrans):
     """接入系统请求自定义权限的申请链接的请求数据"""
 
     def to_policy_list(self, data: Dict) -> PolicyBeanList:
@@ -80,3 +82,19 @@ def to_policy_list(self, data: Dict) -> PolicyBeanList:
             open_policy.fill_instance_name()
 
         return self._to_policy_list(system_id, open_policies)
+
+    def from_grant_policy_application(self, applicant: str, data: Dict) -> ActionApplicationDataBean:
+        """来着自定义权限申请的数据转换"""
+
+        # 1. 转换数据结构
+        policy_list = self.to_policy_list(data)
+
+        # 2. 只对新增的策略进行申请，所以需要移除掉已有的权限
+        application_policy_list = self._gen_need_apply_policy_list(applicant, data["system"], policy_list)
+
+        # 3. 转换为ApplicationBiz创建申请单所需数据结构
+        application_data = ActionApplicationDataBean(
+            applicant=applicant, policy_list=application_policy_list, reason=data["reason"]
+        )
+
+        return application_data

saas/resources/version_log/V1.9.7_2022-12-22.md

@@ -0,0 +1,4 @@
+# V1.9.7 版本更新日志
+
+### 缺陷修复
+* 操作权限删除部分实例报错

saas/resources/version_log/V1.9.7_2022-12-22_en.md

@@ -0,0 +1,4 @@
+# V1.9.7 ChangeLog
+
+### Bug Fixes
+* An error is reported when the operation authority deletes some instances