ESB 组件权限建单、查询，同网关 bk-esb 权限单、数据关联起来 (#399)

src/dashboard/apigateway/apigateway/apis/open/esb/permission/views.py

@@ -19,23 +19,18 @@
 import logging
 import operator
 
-from blue_krill.async_utils.django_utils import apply_async_on_commit
 from django.db import transaction
 from drf_yasg.utils import swagger_auto_schema
 from rest_framework import status, viewsets
 
 from apigateway.apis.open.esb.permission import serializers
-from apigateway.apis.open.esb.permission.helpers import ComponentPermissionBuilder
 from apigateway.apps.esb.bkcore.models import (
-    AppComponentPermission,
     AppPermissionApplyRecord,
-    AppPermissionApplyStatus,
     ComponentSystem,
     ESBChannel,
 )
 from apigateway.apps.esb.permission.serializers import AppPermissionApplyRecordDetailSLZ
-from apigateway.apps.permission.constants import ApplyStatusEnum
-from apigateway.apps.permission.tasks import send_mail_for_perm_apply
+from apigateway.biz.esb.permissions import ComponentPermissionManager
 from apigateway.common.error_codes import error_codes
 from apigateway.utils.responses import V1OKJsonResponse
 
@@ -57,16 +52,14 @@ def list(self, request, system_id: int, *args, **kwargs):
         queryset = ESBChannel.objects.filter_active_and_public_components(system_id=system_id)
         components = ESBChannel.objects.get_components(queryset)
 
-        component_permissions = ComponentPermissionBuilder(
-            system_id,
-            slz.validated_data["target_app_code"],
-        ).build(components)
+        manager = ComponentPermissionManager.get_manager()
+        component_permissions = manager.list_permissions(slz.validated_data["target_app_code"], system_id, components)
 
-        slz = self.get_serializer(
+        output_slz = self.get_serializer(
             sorted(component_permissions, key=operator.itemgetter("permission_level", "name")),
             many=True,
         )
-        return V1OKJsonResponse("OK", data=slz.data)
+        return V1OKJsonResponse("OK", data=output_slz.data)
 
 
 class AppPermissionApplyV1APIView(viewsets.GenericViewSet):
@@ -90,37 +83,15 @@ def apply(self, request, system_id: int, *args, **kwargs):
 
         data = slz.validated_data
 
-        for component_ids in ESBChannel.objects.group_by_permission_level(data["component_ids"]):
-            instance = AppPermissionApplyRecord.objects.create_record(
-                board=system.board,
-                bk_app_code=data["target_app_code"],
-                applied_by=request.user.username,
-                system=system,
-                component_ids=component_ids,
-                status=ApplyStatusEnum.PENDING.value,
-                reason=data["reason"],
-                expire_days=data["expire_days"],
-            )
-
-            if AppPermissionApplyStatus is not None:
-                # 删除应用-组件申请状态的历史记录，方便下面批量插入
-                AppPermissionApplyStatus.objects.filter(
-                    bk_app_code=data["target_app_code"],
-                    system=system,
-                    component_id__in=component_ids,
-                ).delete()
-                AppPermissionApplyStatus.objects.batch_create(
-                    record=instance,
-                    bk_app_code=data["target_app_code"],
-                    system=system,
-                    component_ids=component_ids,
-                    status=ApplyStatusEnum.PENDING.value,
-                )
-
-            try:
-                apply_async_on_commit(send_mail_for_perm_apply, args=[instance.id])
-            except Exception:
-                logger.exception("send mail to gateway manager fail. apply_record_id=%s", instance.id)
+        manager = ComponentPermissionManager.get_manager()
+        manager.create_apply_record(
+            data["target_app_code"],
+            system,
+            data["component_ids"],
+            data["reason"],
+            data["expire_days"],
+            request.user.username,
+        )
 
         return V1OKJsonResponse("OK")
 
@@ -138,7 +109,8 @@ def renew(self, request, *args, **kwargs):
 
         data = slz.validated_data
 
-        AppComponentPermission.objects.renew_permissions(
+        manager = ComponentPermissionManager.get_manager()
+        manager.renew_permission(
             data["target_app_code"],
             data["component_ids"],
             data["expire_days"],
@@ -155,20 +127,11 @@ def list(self, request, *args, **kwargs):
 
         data = slz.validated_data
 
-        component_ids = AppComponentPermission.objects.filter_component_ids(
-            bk_app_code=data["target_app_code"],
-            expire_days_range=data.get("expire_days_range"),
-        )
-        queryset = ESBChannel.objects.filter_active_and_public_components(
-            ids=component_ids,
-            allow_apply_permission=True,
-        )
-        components = ESBChannel.objects.get_components(queryset)
-
-        component_permissions = ComponentPermissionBuilder(
-            None,
+        manager = ComponentPermissionManager.get_manager()
+        component_permissions = manager.list_applied_permissions(
             data["target_app_code"],
-        ).build(components)
+            data.get("expire_days_range"),
+        )
 
         slz = serializers.AppPermissionComponentSLZ(component_permissions, many=True)
         return V1OKJsonResponse("OK", data=sorted(slz.data, key=operator.itemgetter("system_name", "name")))
@@ -195,7 +158,11 @@ def list(self, request, *args, **kwargs):
             order_by="-id",
         )
 
-        page = self.paginate_queryset(queryset)
+        page = list(self.paginate_queryset(queryset))
+
+        manager = ComponentPermissionManager.get_manager()
+        manager.patch_permission_apply_records(page)
+
         slz = serializers.AppPermissionApplyRecordV1SLZ(page, many=True)
         return V1OKJsonResponse("OK", data=self.paginator.get_paginated_data(slz.data))
 
@@ -210,5 +177,8 @@ def retrieve(self, request, record_id: int, *args, **kwargs):
         except AppPermissionApplyRecord.DoesNotExist:
             raise error_codes.NOT_FOUND
 
+        manager = ComponentPermissionManager.get_manager()
+        manager.patch_permission_apply_records([record])
+
         slz = AppPermissionApplyRecordDetailSLZ(record)
         return V1OKJsonResponse("OK", data=slz.data)

src/dashboard/apigateway/apigateway/apis/open/permission/views.py

@@ -31,14 +31,12 @@
     ResourcePermissionBuilder,
 )
 from apigateway.apps.permission.constants import (
-    ApplyStatusEnum,
     GrantDimensionEnum,
     GrantTypeEnum,
     PermissionApplyExpireDaysEnum,
 )
 from apigateway.apps.permission.models import (
     AppGatewayPermission,
-    AppPermissionApply,
     AppPermissionRecord,
     AppResourcePermission,
 )
@@ -50,7 +48,6 @@
 from apigateway.common.permissions import GatewayRelatedAppPermission
 from apigateway.core.models import Gateway, Resource
 from apigateway.utils.responses import V1OKJsonResponse
-from apigateway.utils.time import now_datetime
 
 from . import serializers
 
@@ -140,43 +137,21 @@ def post(self, request, *args, **kwargs):
 
         data = slz.validated_data
 
-        record = AppPermissionRecord.objects.create(
-            bk_app_code=data["target_app_code"],
-            applied_by=request.user.username,
-            applied_time=now_datetime(),
-            reason=data["reason"],
-            expire_days=data.get("expire_days", PermissionApplyExpireDaysEnum.FOREVER.value),
-            gateway=request.gateway,
-            resource_ids=data.get("resource_ids", []),
-            grant_dimension=data["grant_dimension"],
-            status=ApplyStatusEnum.PENDING.value,
-        )
-
-        instance = AppPermissionApply.objects.create(
-            bk_app_code=data["target_app_code"],
-            applied_by=request.user.username,
-            gateway=request.gateway,
-            resource_ids=data.get("resource_ids", []),
-            grant_dimension=data["grant_dimension"],
-            status=ApplyStatusEnum.PENDING.value,
-            reason=data["reason"],
-            expire_days=data.get("expire_days", PermissionApplyExpireDaysEnum.FOREVER.value),
-            apply_record_id=record.id,
-        )
-
         manager = PermissionDimensionManager.get_manager(data["grant_dimension"])
-        manager.save_permission_apply_status(
-            bk_app_code=data["target_app_code"],
-            gateway=request.gateway,
-            apply=instance,
-            status=ApplyStatusEnum.PENDING.value,
-            resources=Resource.objects.filter(gateway=request.gateway, id__in=data.get("resource_ids") or []),
+        record = manager.create_apply_record(
+            data["target_app_code"],
+            request.gateway,
+            data.get("resource_ids") or [],
+            data["grant_dimension"],
+            data["reason"],
+            data.get("expire_days", PermissionApplyExpireDaysEnum.FOREVER.value),
+            request.user.username,
         )
 
         try:
-            apply_async_on_commit(send_mail_for_perm_apply, args=[instance.id])
+            apply_async_on_commit(send_mail_for_perm_apply, args=[record.id])
         except Exception:
-            logger.exception("send mail to gateway manager fail. apply_record_id=%s", instance.id)
+            logger.exception("send mail to gateway manager fail. apply_record_id=%s", record.id)
 
         return V1OKJsonResponse(
             "OK",

src/dashboard/apigateway/apigateway/apps/permission/tasks.py

@@ -37,7 +37,6 @@
 )
 from apigateway.apps.permission.models import (
     AppGatewayPermission,
-    AppPermissionApply,
     AppPermissionRecord,
     AppResourcePermission,
 )
@@ -61,7 +60,7 @@ def send_mail_for_perm_apply(record_id):
     """
     申请权限，发送邮件通知管理员审批
     """
-    record = AppPermissionApply.objects.get(id=record_id)
+    record = AppPermissionRecord.objects.get(id=record_id)
 
     apigw_domain = getattr(settings, "DASHBOARD_FE_URL", "").rstrip("/")
     manager = PermissionDimensionManager.get_manager(record.grant_dimension)