Skip to content

Commit

Permalink
Merge pull request #364 from yjinjo/master
Browse files Browse the repository at this point in the history 
Update user_count when removing workspace from workspace_group
  • Loading branch information
@yjinjo
yjinjo authored Sep 23, 2024
2 parents 4aff469 + 0ad6e6f commit bd04fe8
Show file tree
Hide file tree
Showing 2 changed files with 34 additions and 44 deletions.
31 changes: 1 addition & 30 deletions src/spaceone/identity/service/workspace_group_service.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,7 @@
from datetime import datetime
from typing import Dict, List, Union

from spaceone.core.error import (
ERROR_INVALID_PARAMETER,
ERROR_NOT_FOUND,
ERROR_PERMISSION_DENIED,
)
from spaceone.core.error import ERROR_INVALID_PARAMETER, ERROR_NOT_FOUND
from spaceone.core.service import (
BaseService,
authentication_handler,
Expand Down Expand Up @@ -169,10 +165,6 @@ def add_users(
Returns:
WorkspaceGroupResponse:
"""
role_type = self.transaction.get_meta("authorization.role_type")
if role_type != "DOMAIN_ADMIN":
raise ERROR_PERMISSION_DENIED()

new_users_info_list: List[Dict[str, str]] = params.users
workspace_group_id = params.workspace_group_id
domain_id = params.domain_id
Expand Down Expand Up @@ -241,10 +233,6 @@ def remove_users(
Returns:
WorkspaceGroupResponse:
"""
role_type = self.transaction.get_meta("authorization.role_type")
if role_type != "DOMAIN_ADMIN":
raise ERROR_PERMISSION_DENIED()

workspace_group_id = params.workspace_group_id
users = params.users
domain_id = params.domain_id
Expand Down Expand Up @@ -295,10 +283,6 @@ def update_role(
Returns:
WorkspaceGroupResponse:
"""
role_type = self.transaction.get_meta("authorization.role_type")
if role_type != "DOMAIN_ADMIN":
raise ERROR_PERMISSION_DENIED()

workspace_group_id = params.workspace_group_id
user_id = params.user_id
role_id = params.role_id
Expand Down Expand Up @@ -348,10 +332,6 @@ def get(
Returns:
WorkspaceGroupResponse:
"""
role_type = self.transaction.get_meta("authorization.role_type")
if role_type != "DOMAIN_ADMIN":
raise ERROR_PERMISSION_DENIED()

workspace_group_id = params.workspace_group_id
domain_id = params.domain_id

Expand Down Expand Up @@ -395,10 +375,6 @@ def list(
Returns:
WorkspaceGroupsResponse:
"""
role_type = self.transaction.get_meta("authorization.role_type")
if role_type != "DOMAIN_ADMIN":
raise ERROR_PERMISSION_DENIED()

query = params.query

workspace_group_vos, total_count = (
Expand Down Expand Up @@ -447,11 +423,6 @@ def stat(self, params: WorkspaceGroupStatQueryRequest) -> dict:
'total_count': 'int'
}
"""

role_type = self.transaction.get_meta("authorization.role_type")
if role_type != "DOMAIN_ADMIN":
raise ERROR_PERMISSION_DENIED()

query = params.query

return self.workspace_group_mgr.stat_workspace_group(query)
Expand Down
47 changes: 33 additions & 14 deletions src/spaceone/identity/service/workspace_service.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,9 +12,12 @@
from spaceone.identity.manager.project_manager import ProjectManager
from spaceone.identity.manager.resource_manager import ResourceManager
from spaceone.identity.manager.role_binding_manager import RoleBindingManager
from spaceone.identity.manager.service_account_manager import ServiceAccountManager
from spaceone.identity.manager.trusted_account_manager import TrustedAccountManager
from spaceone.identity.manager.workspace_group_manager import WorkspaceGroupManager
from spaceone.identity.manager.service_account_manager import \
ServiceAccountManager
from spaceone.identity.manager.trusted_account_manager import \
TrustedAccountManager
from spaceone.identity.manager.workspace_group_manager import \
WorkspaceGroupManager
from spaceone.identity.manager.workspace_manager import WorkspaceManager
from spaceone.identity.model import Workspace
from spaceone.identity.model.workspace.request import *
Expand All @@ -37,6 +40,7 @@ def __init__(self, *args, **kwargs):
self.resource_mgr = ResourceManager()
self.workspace_mgr = WorkspaceManager()
self.service_account_mgr = ServiceAccountManager()
self.rb_mgr = RoleBindingManager()
self.workspace_group_mgr = WorkspaceGroupManager()

@transaction(permission="identity:Workspace.write", role_types=["DOMAIN_ADMIN"])
Expand Down Expand Up @@ -450,22 +454,37 @@ def _remove_workspace_from_group(
workspace_vo = self.workspace_mgr.get_workspace(
workspace_id=workspace_id, domain_id=domain_id
)
workspace_vo.changed_at = datetime.utcnow()
workspace_vo.workspace_group_id = None
self.workspace_mgr.update_workspace_by_vo(
{"changed_at": workspace_vo.changed_at, "workspace_group_id": None},
workspace_vo,
)
if workspace_vo:
workspace_vo.changed_at = datetime.utcnow()
workspace_vo.workspace_group_id = None

user_rb_ids = self.rb_mgr.stat_role_bindings(
query={
"distinct": "user_id",
"filter": [
{"k": "workspace_id", "v": workspace_id, "o": "eq"},
{"k": "domain_id", "v": domain_id, "o": "eq"},
],
}
).get("results", [])
user_rb_total_count = len(user_rb_ids)

self.workspace_mgr.update_workspace_by_vo(
{
"user_count": user_rb_total_count,
"changed_at": workspace_vo.changed_at,
"workspace_group_id": None,
},
workspace_vo,
)

@staticmethod
def _delete_role_bindings(existing_workspace_group_id: str, domain_id: str):
rb_mgr = RoleBindingManager()
rb_vos = rb_mgr.filter_role_bindings(
def _delete_role_bindings(self, existing_workspace_group_id: str, domain_id: str):
rb_vos = self.rb_mgr.filter_role_bindings(
workspace_group_id=existing_workspace_group_id,
domain_id=domain_id,
)
for rb_vo in rb_vos:
rb_mgr.delete_role_binding_by_vo(rb_vo)
self.rb_mgr.delete_role_binding_by_vo(rb_vo)

@staticmethod
def _create_role_bindings(
Expand Down

0 comments on commit bd04fe8

Please sign in to comment.