From ddb3fde164ca8a8af2217fbf886f62a83995d496 Mon Sep 17 00:00:00 2001 From: qizhicheng Date: Mon, 4 Dec 2023 18:41:53 +0800 Subject: [PATCH 1/2] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E5=88=9B=E5=BB=BA?= =?UTF-8?q?=E5=B7=A5=E5=8D=95=E6=97=B6,=20=E5=B7=A5=E5=8D=95=E8=87=AA?= =?UTF-8?q?=E5=8A=A8=E9=80=9A=E8=BF=87=E6=97=B6=E7=9A=84=E6=8A=A5=E9=94=99?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- sql/utils/workflow_audit.py | 65 ++++++++++++++++++++++--------------- sql/views.py | 6 ++-- sql_api/serializers.py | 7 ++-- 3 files changed, 45 insertions(+), 33 deletions(-) diff --git a/sql/utils/workflow_audit.py b/sql/utils/workflow_audit.py index 3e87b0bcc4..9e1d32c2e8 100644 --- a/sql/utils/workflow_audit.py +++ b/sql/utils/workflow_audit.py @@ -205,7 +205,7 @@ def is_auto_review(self) -> bool: if self.workflow.instance.db_type not in auto_review_db_type: return False if not self.workflow.instance.instance_tag.filter( - tag_code__in=auto_review_tags + tag_code__in=auto_review_tags ).exists(): return False @@ -229,7 +229,7 @@ def is_auto_review(self) -> bool: # 影响行数加测, 总语句影响行数超过指定数量则需要人工审核 all_affected_rows += int(review_result.affected_rows) if all_affected_rows > int( - self.sys_config.get("auto_review_max_update_rows", 50) + self.sys_config.get("auto_review_max_update_rows", 50) ): # 影响行数超规模, 需要人工审核 return False @@ -237,7 +237,7 @@ def is_auto_review(self) -> bool: def generate_audit_setting(self) -> AuditSetting: if self.is_auto_review(): - return AuditSetting(auto_pass=True, audit_auth_groups=["无需审批"]) + return AuditSetting(auto_pass=True) if self.workflow_type in [WorkflowType.SQL_REVIEW, WorkflowType.QUERY]: group_id = self.workflow.group_id @@ -370,7 +370,7 @@ def can_operate(self, action: WorkflowAction, actor: Users): return True # 看是否本人审核 if actor.username == self.audit.create_user and self.sys_config.get( - "ban_self_audit" + "ban_self_audit" ): raise AuditException("当前配置禁止本人审核自己的工单") # 确认用户权限 @@ -396,7 +396,7 @@ def can_operate(self, action: WorkflowAction, actor: Users): raise AuditException(f"不支持的操作, 无法判断权限") def operate( - self, action: WorkflowAction, actor: Users, remark: str + self, action: WorkflowAction, actor: Users, remark: str ) -> WorkflowAuditDetail: """操作已提交的工单""" if not self.audit: @@ -540,7 +540,18 @@ def get_review_info(self) -> ReviewInfo: ) ) continue - g = int(g) + try: + g = int(g) + except ValueError: # pragma: no cover + # 脏数据, 当成自动通过 + # 兼容代码, 一般是空值代表自动通过 + review_nodes.append( + ReviewNode( + node_type=ReviewNodeType.AUTO_PASS, + is_passed_node=True, + ) + ) + continue group_in_db = Group.objects.get(id=g) if self.audit.current_status != WorkflowStatus.WAITING: # 总体状态不是待审核, 不设置详细的属性 @@ -671,9 +682,9 @@ def get_workflow_applicant(workflow_id, workflow_type): applicant = get_workflow_applicant(workflow_id, workflow_type) if ( - user.username == applicant - and not user.is_superuser - and SysConfig().get("ban_self_audit") + user.username == applicant + and not user.is_superuser + and SysConfig().get("ban_self_audit") ): return result # 只有待审核状态数据才可以审核 @@ -686,10 +697,10 @@ def get_workflow_applicant(workflow_id, workflow_type): except Exception: raise Exception("当前审批auth_group_id不存在,请检查并清洗历史数据") if ( - user.is_superuser - or auth_group_users([audit_auth_group], group_id) - .filter(id=user.id) - .exists() + user.is_superuser + or auth_group_users([audit_auth_group], group_id) + .filter(id=user.id) + .exists() ): if workflow_type == 1: if user.has_perm("sql.query_review"): @@ -705,12 +716,12 @@ def get_workflow_applicant(workflow_id, workflow_type): # 新增工单日志 @staticmethod def add_log( - audit_id, - operation_type, - operation_type_desc, - operation_info, - operator, - operator_display, + audit_id, + operation_type, + operation_type_desc, + operation_info, + operator, + operator_display, ): log = WorkflowLog( audit_id=audit_id, @@ -730,14 +741,14 @@ def logs(audit_id): def get_auditor( - # workflow 对象有可能是还没有在数据库中创建的对象, 这里需要注意 - workflow: Union[SqlWorkflow, ArchiveConfig, QueryPrivilegesApply] = None, - sys_config: SysConfig = None, - audit: WorkflowAudit = None, - workflow_type: WorkflowType = WorkflowType.SQL_REVIEW, - # 归档表中没有下面两个参数, 所以对归档表来说一下两参数必传 - resource_group: str = "", - resource_group_id: int = 0, + # workflow 对象有可能是还没有在数据库中创建的对象, 这里需要注意 + workflow: Union[SqlWorkflow, ArchiveConfig, QueryPrivilegesApply] = None, + sys_config: SysConfig = None, + audit: WorkflowAudit = None, + workflow_type: WorkflowType = WorkflowType.SQL_REVIEW, + # 归档表中没有下面两个参数, 所以对归档表来说一下两参数必传 + resource_group: str = "", + resource_group_id: int = 0, ) -> AuditV2: current_auditor = settings.CURRENT_AUDITOR module, o = current_auditor.split(":") diff --git a/sql/views.py b/sql/views.py index ae849fee06..05b58a052a 100644 --- a/sql/views.py +++ b/sql/views.py @@ -31,7 +31,7 @@ AuditEntry, TwoFactorAuthConfig, ) -from sql.utils.workflow_audit import Audit, AuditV2, AuditException, ReviewNodeType +from sql.utils.workflow_audit import Audit, AuditV2, AuditException from sql.utils.sql_review import ( can_execute, can_timingtask, @@ -40,7 +40,7 @@ can_rollback, ) from common.utils.const import Const, WorkflowType, WorkflowAction -from sql.utils.resource_group import user_groups, user_instances, auth_group_users +from sql.utils.resource_group import user_groups, user_instances import logging @@ -501,7 +501,7 @@ def config(request): # 获取所有实例标签 instance_tags = InstanceTag.objects.all() # 支持自动审核的数据库类型 - db_type = ["mysql", "oracle", "mongo", "clickhouse"] + db_type = ["mysql", "oracle", "mongo", "clickhouse", "redis"] # 获取所有配置项 all_config = Config.objects.all().values("item", "value") sys_config = {} diff --git a/sql_api/serializers.py b/sql_api/serializers.py index 9bffb5166f..56dfc31c72 100644 --- a/sql_api/serializers.py +++ b/sql_api/serializers.py @@ -419,12 +419,13 @@ def create(self, validated_data): with transaction.atomic(): workflow = SqlWorkflow(**workflow_data) validated_data["review_content"] = check_result.json() - # 自动创建工作流 - auditor = get_auditor(workflow=workflow) - auditor.create_audit() + workflow.save() workflow_content = SqlWorkflowContent.objects.create( workflow=workflow, **validated_data ) + # 自动创建工作流 + auditor = get_auditor(workflow=workflow) + auditor.create_audit() except Exception as e: logger.error(f"提交工单报错,错误信息:{traceback.format_exc()}") raise serializers.ValidationError({"errors": str(e)}) From a7b1098c30d2c9384685111d83ef8e7085de903c Mon Sep 17 00:00:00 2001 From: qizhicheng Date: Mon, 4 Dec 2023 18:47:58 +0800 Subject: [PATCH 2/2] b --- sql/utils/workflow_audit.py | 50 ++++++++++++++++++------------------- 1 file changed, 25 insertions(+), 25 deletions(-) diff --git a/sql/utils/workflow_audit.py b/sql/utils/workflow_audit.py index 9e1d32c2e8..4fbdf10f94 100644 --- a/sql/utils/workflow_audit.py +++ b/sql/utils/workflow_audit.py @@ -205,7 +205,7 @@ def is_auto_review(self) -> bool: if self.workflow.instance.db_type not in auto_review_db_type: return False if not self.workflow.instance.instance_tag.filter( - tag_code__in=auto_review_tags + tag_code__in=auto_review_tags ).exists(): return False @@ -229,7 +229,7 @@ def is_auto_review(self) -> bool: # 影响行数加测, 总语句影响行数超过指定数量则需要人工审核 all_affected_rows += int(review_result.affected_rows) if all_affected_rows > int( - self.sys_config.get("auto_review_max_update_rows", 50) + self.sys_config.get("auto_review_max_update_rows", 50) ): # 影响行数超规模, 需要人工审核 return False @@ -370,7 +370,7 @@ def can_operate(self, action: WorkflowAction, actor: Users): return True # 看是否本人审核 if actor.username == self.audit.create_user and self.sys_config.get( - "ban_self_audit" + "ban_self_audit" ): raise AuditException("当前配置禁止本人审核自己的工单") # 确认用户权限 @@ -396,7 +396,7 @@ def can_operate(self, action: WorkflowAction, actor: Users): raise AuditException(f"不支持的操作, 无法判断权限") def operate( - self, action: WorkflowAction, actor: Users, remark: str + self, action: WorkflowAction, actor: Users, remark: str ) -> WorkflowAuditDetail: """操作已提交的工单""" if not self.audit: @@ -682,9 +682,9 @@ def get_workflow_applicant(workflow_id, workflow_type): applicant = get_workflow_applicant(workflow_id, workflow_type) if ( - user.username == applicant - and not user.is_superuser - and SysConfig().get("ban_self_audit") + user.username == applicant + and not user.is_superuser + and SysConfig().get("ban_self_audit") ): return result # 只有待审核状态数据才可以审核 @@ -697,10 +697,10 @@ def get_workflow_applicant(workflow_id, workflow_type): except Exception: raise Exception("当前审批auth_group_id不存在,请检查并清洗历史数据") if ( - user.is_superuser - or auth_group_users([audit_auth_group], group_id) - .filter(id=user.id) - .exists() + user.is_superuser + or auth_group_users([audit_auth_group], group_id) + .filter(id=user.id) + .exists() ): if workflow_type == 1: if user.has_perm("sql.query_review"): @@ -716,12 +716,12 @@ def get_workflow_applicant(workflow_id, workflow_type): # 新增工单日志 @staticmethod def add_log( - audit_id, - operation_type, - operation_type_desc, - operation_info, - operator, - operator_display, + audit_id, + operation_type, + operation_type_desc, + operation_info, + operator, + operator_display, ): log = WorkflowLog( audit_id=audit_id, @@ -741,14 +741,14 @@ def logs(audit_id): def get_auditor( - # workflow 对象有可能是还没有在数据库中创建的对象, 这里需要注意 - workflow: Union[SqlWorkflow, ArchiveConfig, QueryPrivilegesApply] = None, - sys_config: SysConfig = None, - audit: WorkflowAudit = None, - workflow_type: WorkflowType = WorkflowType.SQL_REVIEW, - # 归档表中没有下面两个参数, 所以对归档表来说一下两参数必传 - resource_group: str = "", - resource_group_id: int = 0, + # workflow 对象有可能是还没有在数据库中创建的对象, 这里需要注意 + workflow: Union[SqlWorkflow, ArchiveConfig, QueryPrivilegesApply] = None, + sys_config: SysConfig = None, + audit: WorkflowAudit = None, + workflow_type: WorkflowType = WorkflowType.SQL_REVIEW, + # 归档表中没有下面两个参数, 所以对归档表来说一下两参数必传 + resource_group: str = "", + resource_group_id: int = 0, ) -> AuditV2: current_auditor = settings.CURRENT_AUDITOR module, o = current_auditor.split(":")