zhouyuhuan
/
Cloudpods


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228
							// Copyright 2019 Yunion
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package db

import (
	"context"
	"database/sql"

	"yunion.io/x/jsonutils"
	"yunion.io/x/pkg/errors"
	"yunion.io/x/pkg/util/rbacscope"
	"yunion.io/x/pkg/util/reflectutils"
	"yunion.io/x/sqlchemy"

	"yunion.io/x/onecloud/pkg/apis"
	"yunion.io/x/onecloud/pkg/apis/identity"
	"yunion.io/x/onecloud/pkg/cloudcommon/consts"
	"yunion.io/x/onecloud/pkg/cloudcommon/policy"
	"yunion.io/x/onecloud/pkg/httperrors"
	"yunion.io/x/onecloud/pkg/mcclient"
	"yunion.io/x/onecloud/pkg/util/stringutils2"
	"yunion.io/x/onecloud/pkg/util/tagutils"
)

type SDomainizedResourceBaseManager struct {
}

type SDomainizedResourceBase struct {
	// 域Id
	DomainId string `width:"64" charset:"ascii" default:"default" nullable:"false" index:"true" list:"user" json:"domain_id"`
}

func (manager *SDomainizedResourceBaseManager) NamespaceScope() rbacscope.TRbacScope {
	if consts.IsDomainizedNamespace() {
		return rbacscope.ScopeDomain
	} else {
		return rbacscope.ScopeSystem
	}
}

func (manager *SDomainizedResourceBaseManager) ResourceScope() rbacscope.TRbacScope {
	return rbacscope.ScopeDomain
}

func (manager *SDomainizedResourceBaseManager) FilterByOwner(ctx context.Context, q *sqlchemy.SQuery, man FilterByOwnerProvider, userCred mcclient.TokenCredential, owner mcclient.IIdentityProvider, scope rbacscope.TRbacScope) *sqlchemy.SQuery {
	if owner != nil {
		switch scope {
		case rbacscope.ScopeProject, rbacscope.ScopeDomain:
			q = q.Equals("domain_id", owner.GetProjectDomainId())
			if userCred != nil {
				result := policy.PolicyManager.Allow(scope, userCred, consts.GetServiceType(), man.KeywordPlural(), policy.PolicyActionList)
				if !result.ObjectTags.IsEmpty() {
					policyTagFilters := tagutils.STagFilters{}
					policyTagFilters.AddFilters(result.ObjectTags)
					q = ObjectIdQueryWithTagFilters(ctx, q, "id", man.Keyword(), policyTagFilters)
				}
			}
		case rbacscope.ScopeSystem:
			if userCred != nil {
				result := policy.PolicyManager.Allow(scope, userCred, consts.GetServiceType(), man.KeywordPlural(), policy.PolicyActionList)
				if !result.DomainTags.IsEmpty() {
					policyFilters := tagutils.STagFilters{}
					policyFilters.AddFilters(result.DomainTags)
					q = ObjectIdQueryWithTagFilters(ctx, q, "domain_id", "domain", policyFilters)
				}
				if !result.ObjectTags.IsEmpty() {
					policyTagFilters := tagutils.STagFilters{}
					policyTagFilters.AddFilters(result.ObjectTags)
					q = ObjectIdQueryWithTagFilters(ctx, q, "id", man.Keyword(), policyTagFilters)
				}
			}
		}
	}
	return q
}

func (manager *SDomainizedResourceBaseManager) FetchOwnerId(ctx context.Context, data jsonutils.JSONObject) (mcclient.IIdentityProvider, error) {
	return FetchDomainInfo(ctx, data)
}

func (model *SDomainizedResourceBase) GetOwnerId() mcclient.IIdentityProvider {
	owner := SOwnerId{DomainId: model.DomainId}
	return &owner
}

// returns candiate domain Id list that the resource can change owner to
// nil or empty means any domain
func (model *SDomainizedResourceBase) GetChangeOwnerCandidateDomainIds() []string {
	return nil
}

func (model *SDomainizedResourceBase) GetChangeOwnerRequiredDomainIds() []string {
	return nil
}

func ValidateCreateDomainId(domainId string) error {
	if !consts.GetNonDefaultDomainProjects() && domainId != identity.DEFAULT_DOMAIN_ID {
		return httperrors.NewForbiddenError("project in non-default domain is prohibited")
	}
	return nil
}

func (manager *SDomainizedResourceBaseManager) QueryDistinctExtraField(q *sqlchemy.SQuery, field string) (*sqlchemy.SQuery, error) {
	switch field {
	case "domain":
		tenantCacheQuery := TenantCacheManager.getTable() // GetDomainQuery("name", "id").SubQuery()
		q = q.AppendField(tenantCacheQuery.Field("name", "domain")).Distinct()
		q = q.Join(tenantCacheQuery, sqlchemy.Equals(q.Field("domain_id"), tenantCacheQuery.Field("id")))
		return q, nil
	}
	return q, httperrors.ErrNotFound
}

func (manager *SDomainizedResourceBaseManager) ListItemFilter(
	ctx context.Context,
	q *sqlchemy.SQuery,
	userCred mcclient.TokenCredential,
	query apis.DomainizedResourceListInput,
) (*sqlchemy.SQuery, error) {
	if len(query.ProjectDomainIds) > 0 {
		// make sure ids are not utf8 string
		idList := stringutils2.RemoveUtf8Strings(query.ProjectDomainIds)
		tenants := DefaultDomainQuery().SubQuery()
		// tenants := TenantCacheManager.GetDomainQuery().SubQuery()
		subq := tenants.Query(tenants.Field("id")).Filter(sqlchemy.OR(
			sqlchemy.In(tenants.Field("id"), idList),
			sqlchemy.In(tenants.Field("name"), query.ProjectDomainIds),
		)).SubQuery()
		q = q.In("domain_id", subq)
	}
	tagFilters := tagutils.STagFilters{}
	if !query.DomainTags.IsEmpty() {
		tagFilters.AddFilters(query.DomainTags)
	}
	if !query.NoDomainTags.IsEmpty() {
		tagFilters.AddNoFilters(query.NoDomainTags)
	}
	q = ObjectIdQueryWithTagFilters(ctx, q, "domain_id", "domain", tagFilters)
	return q, nil
}

func (manager *SDomainizedResourceBaseManager) OrderByExtraFields(
	ctx context.Context,
	q *sqlchemy.SQuery,
	userCred mcclient.TokenCredential,
	query apis.DomainizedResourceListInput,
) (*sqlchemy.SQuery, error) {
	subq := TenantCacheManager.GetDomainQuery("id", "name").SubQuery()
	if NeedOrderQuery([]string{query.OrderByDomain}) {
		q = q.LeftJoin(subq, sqlchemy.Equals(q.Field("domain_id"), subq.Field("id")))
		q = OrderByFields(q, []string{query.OrderByDomain}, []sqlchemy.IQueryField{subq.Field("name")})
		return q, nil
	}
	return q, nil
}

func (manager *SDomainizedResourceBaseManager) FetchCustomizeColumns(
	ctx context.Context,
	userCred mcclient.TokenCredential,
	query jsonutils.JSONObject,
	objs []interface{},
	fields stringutils2.SSortedStrings,
	isList bool,
) []apis.DomainizedResourceInfo {
	ret := make([]apis.DomainizedResourceInfo, len(objs))
	for i := range objs {
		ret[i] = apis.DomainizedResourceInfo{}
	}
	if len(fields) == 0 || fields.Contains("project_domain") {
		domainIds := stringutils2.SSortedStrings{}
		for i := range objs {
			var base *SDomainizedResourceBase
			reflectutils.FindAnonymouStructPointer(objs[i], &base)
			if base != nil && len(base.DomainId) > 0 {
				domainIds = stringutils2.Append(domainIds, base.DomainId)
			}
		}
		domains := DefaultProjectsFetcher(ctx, domainIds, true)
		if domains != nil {
			for i := range objs {
				var base *SDomainizedResourceBase
				reflectutils.FindAnonymouStructPointer(objs[i], &base)
				if base != nil && len(base.DomainId) > 0 {
					if proj, ok := domains[base.DomainId]; ok {
						if len(fields) == 0 || fields.Contains("project_domain") {
							ret[i].ProjectDomain = proj.Name
						}
					}
				}
			}
		}
	}
	return ret
}

func ValidateDomainizedResourceInput(ctx context.Context, input apis.DomainizedResourceInput) (*STenant, apis.DomainizedResourceInput, error) {
	domain, err := DefaultDomainFetcher(ctx, input.ProjectDomainId)
	if err != nil {
		if errors.Cause(err) == sql.ErrNoRows {
			return nil, input, httperrors.NewResourceNotFoundError2("domain", input.ProjectDomainId)
		} else {
			return nil, input, errors.Wrap(err, "TenantCacheManager.FetchDomainByIdOrName")
		}
	}
	input.ProjectDomainId = domain.GetId()
	return domain, input, nil
}

func (manager *SDomainizedResourceBaseManager) ListItemExportKeys(ctx context.Context, q *sqlchemy.SQuery, userCred mcclient.TokenCredential, keys stringutils2.SSortedStrings) (*sqlchemy.SQuery, error) {
	if keys.Contains("project_domain") {
		domainsQ := DefaultDomainQuery().SubQuery()
		q = q.LeftJoin(domainsQ, sqlchemy.Equals(q.Field("domain_id"), domainsQ.Field("id")))
		q = q.AppendField(domainsQ.Field("name", "project_domain"))
	}
	return q, nil
}