feat: modify fields in model

TencentBlueKing · Oct 17, 2024 · aaf5a63 · aaf5a63
1 parent 739e2ce
commit aaf5a63
Show file tree

Hide file tree

Showing 7 changed files with 105 additions and 126 deletions.
diff --git a/src/bk-user/bkuser/apis/web/data_source/views.py b/src/bk-user/bkuser/apis/web/data_source/views.py
@@ -45,7 +45,7 @@
     LocalDataSourceImportInputSLZ,
 )
 from bkuser.apis.web.mixins import CurrentUserTenantMixin
-from bkuser.apps.audit.constants import OperationEnum, OperationTarget
+from bkuser.apps.audit.constants import OperationTarget, OperationType
 from bkuser.apps.audit.service import add_operation_audit_record
 from bkuser.apps.data_source.constants import DataSourceTypeEnum
 from bkuser.apps.data_source.models import (
@@ -74,7 +74,6 @@
 from bkuser.idp_plugins.constants import BuiltinIdpPluginEnum
 from bkuser.plugins.base import get_default_plugin_cfg, get_plugin_cfg_schema_map, get_plugin_cls
 from bkuser.plugins.constants import DataSourcePluginEnum
-from bkuser.utils.ip import get_client_ip
 
 from .schema import get_data_source_plugin_cfg_json_schema
 
@@ -183,10 +182,11 @@ def post(self, request, *args, **kwargs):
 
         add_operation_audit_record(
             operator=current_user,
-            ip=get_client_ip(request),
-            target=OperationTarget.DATA_SOURCE,
-            operation=OperationEnum.CREATE_DATA_SOURCE,
-            instance={"data_source": ds.id, "data_source_plugin": ds.plugin_id},
+            operation_target=OperationTarget.DATA_SOURCE,
+            operation_type=OperationType.CREATE_DATA_SOURCE,
+            tenant_id=current_tenant_id,
+            data_source_id=ds.id,
+            extras={"data_source_plugin_id": ds.plugin_id},
         )
 
         return Response(
@@ -241,11 +241,6 @@ def put(self, request, *args, **kwargs):
         slz.is_valid(raise_exception=True)
         data = slz.validated_data
 
-        data_before = {
-            "plugin_config": data_source.plugin_config,
-            "field_mapping": data_source.field_mapping,
-            "sync_config": data_source.sync_config,
-        }
         with transaction.atomic():
             data_source.field_mapping = data["field_mapping"]
             data_source.sync_config = data.get("sync_config") or {}
@@ -256,16 +251,18 @@ def put(self, request, *args, **kwargs):
 
         add_operation_audit_record(
             operator=data_source.updater,
-            ip=get_client_ip(request),
-            target=OperationTarget.DATA_SOURCE,
-            operation=OperationEnum.MODIFY_DATA_SOURCE,
-            instance={"data_source": data_source.id, "data_source_plugin": data_source.plugin_id},
-            data_before=data_before,
-            data_after={
-                "plugin_config": data_source.plugin_config,
-                "field_mapping": data_source.field_mapping,
-                "sync_config": data_source.sync_config,
+            operation_target=OperationTarget.DATA_SOURCE,
+            operation_type=OperationType.MODIFY_DATA_SOURCE,
+            data_change={
+                "data_after": {
+                    "plugin_config": data_source.plugin_config,
+                    "field_mapping": data_source.field_mapping,
+                    "sync_config": data_source.sync_config,
+                }
             },
+            tenant_id=data_source.owner_tenant_id,
+            data_source_id=data_source.id,
+            extras={"data_source_plugin_id": data_source.plugin_id},
         )
 
         return Response(status=status.HTTP_204_NO_CONTENT)
@@ -285,7 +282,7 @@ def delete(self, request, *args, **kwargs):
         slz = DataSourceDestroyInputSLZ(data=request.query_params)
         slz.is_valid(raise_exception=True)
         is_delete_idp = slz.validated_data["is_delete_idp"]
-        instance = {"data_source": data_source.id, "data_source_plugin": data_source.plugin_id}
+        data_source_id = data_source.id
 
         with transaction.atomic():
             if is_delete_idp:
@@ -315,10 +312,11 @@ def delete(self, request, *args, **kwargs):
 
         add_operation_audit_record(
             operator=request.user.username,
-            ip=get_client_ip(request),
-            target=OperationTarget.DATA_SOURCE,
-            operation=OperationEnum.DELETE_DATA_SOURCE,
-            instance=instance,
+            operation_target=OperationTarget.DATA_SOURCE,
+            operation_type=OperationType.DELETE_DATA_SOURCE,
+            tenant_id=self.get_current_tenant_id(),
+            data_source_id=data_source_id,
+            extras={"data_source_plugin_id": data_source.plugin_id, "is_delete_idp": is_delete_idp},
         )
 
         return Response(status=status.HTTP_204_NO_CONTENT)
@@ -516,10 +514,24 @@ def post(self, request, *args, **kwargs):
 
         add_operation_audit_record(
             operator=request.user.username,
-            ip=get_client_ip(request),
-            target=OperationTarget.DATA_SOURCE,
-            operation=OperationEnum.IMPORT_DATA_SOURCE,
-            instance={"data_source": data_source.id, "data_source_plugin": data_source.plugin_id},
+            operation_target=OperationTarget.DATA_SOURCE,
+            operation_type=OperationType.IMPORT_DATA_SOURCE,
+            tenant_id=data_source.owner_tenant_id,
+            data_source_id=data_source.id,
+        )
+
+        add_operation_audit_record(
+            operator=task.operator,
+            operation_target=OperationTarget.DATA_SOURCE,
+            operation_type=OperationType.SYNC_DATA_SOURCE,
+            tenant_id=data_source.owner_tenant_id,
+            data_source_id=data_source.id,
+            extras={
+                "task_id": task.id,
+                "overwrite": data["overwrite"],
+                "incremental": data["incremental"],
+                "data_source_plugin_id": data_source.plugin_id,
+            },
         )
 
         return Response(
@@ -565,6 +577,20 @@ def post(self, request, *args, **kwargs):
             logger.exception("创建下发数据源 %s 同步任务失败", data_source.id)
             raise error_codes.DATA_SOURCE_SYNC_TASK_CREATE_FAILED.f(str(e))
 
+        add_operation_audit_record(
+            operator=task.operator,
+            operation_target=OperationTarget.DATA_SOURCE,
+            operation_type=OperationType.SYNC_DATA_SOURCE,
+            tenant_id=data_source.owner_tenant_id,
+            data_source_id=data_source.id,
+            extras={
+                "task_id": task.id,
+                "overwrite": True,
+                "incremental": False,
+                "data_source_plugin_id": data_source.plugin_id,
+            },
+        )
+
         return Response(
             DataSourceImportOrSyncOutputSLZ(
                 instance={"task_id": task.id, "status": task.status, "summary": task.summary}

diff --git a/src/bk-user/bkuser/apps/audit/constants.py b/src/bk-user/bkuser/apps/audit/constants.py
@@ -17,15 +17,15 @@ class OperationTarget(str, StructuredEnum):
     """操作对象"""
 
     DATA_SOURCE = EnumField("data_source", label=_("数据源"))
-    IDP = EnumField("idp", label=_("IDP（认证源）"))
+    IDP = EnumField("idp", label=_("认证源"))
     USER = EnumField("user", label=_("用户"))
     ORGANIZATION = EnumField("organization", label=_("组织"))
-    PLATFORM_MANAGEMENT = EnumField("platform_management", label=_("平台管理"))
+    MANAGEMENT_PLATFORM = EnumField("management_platform", label=_("管理平台"))
     TENANT = EnumField("tenant", label=_("租户"))
     VIRTUAL_USER = EnumField("virtual_user", label=_("虚拟用户"))
 
 
-class OperationEnum(str, StructuredEnum):
+class OperationType(str, StructuredEnum):
     """操作类型"""
 
     # 数据源
@@ -34,29 +34,29 @@ class OperationEnum(str, StructuredEnum):
     DELETE_DATA_SOURCE = EnumField("delete_data_source", label=_("删除数据源"))
     SYNC_DATA_SOURCE = EnumField("sync_data_source", label=_("同步数据源"))
     IMPORT_DATA_SOURCE = EnumField("import_data_source", label=_("导入数据源"))
-    # IDP（认证源）
-    CREATE_IDP = EnumField("create_idp", label=_("创建 IDP（认证源）"))
-    MODIFY_IDP = EnumField("modify_idp", label=_("修改 IDP（认证源）"))
-    MODIFY_IDP_STATUS = EnumField("modify_idp_status", label=_("修改 IDP（认证源）状态"))
+    # 认证源
+    CREATE_IDP = EnumField("create_idp", label=_("创建认证源"))
+    MODIFY_IDP = EnumField("modify_idp", label=_("修改认证源"))
+    MODIFY_IDP_STATUS = EnumField("modify_idp_status", label=_("修改认证源状态"))
     # 用户
     CREATE_USER = EnumField("create_user", label=_("创建用户"))
     MODIFY_USER = EnumField("modify_user", label=_("修改用户信息"))
     DELETE_USER = EnumField("delete_user", label=_("删除用户"))
-    MODIFY_DEPARTMENT_USER_RELATIONS = EnumField("modify_department_user_relations", label=_("修改用户所属部门"))
+    MODIFY_USER_ORGANIZATION_RELATIONS = EnumField("modify_user_organization_relations", label=_("修改用户所属组织"))
     MODIFY_USER_STATUS = EnumField("modify_user_status", label=_("修改用户状态"))
     MODIFY_ACCOUNT_EXPIRED_AT = EnumField("modify_account_expired_at", label=_("修改账户过期时间"))
-    MODIFY_LEADERS = EnumField("modify_leaders", label=_("修改用户上级"))
+    MODIFY_USER_LEADERS = EnumField("modify_user_leaders", label=_("修改用户上级"))
     MODIFY_USER_PASSWORD = EnumField("modify_user_password", label=_("重置用户密码"))
-    MODIFY_EMAIL = EnumField("modify_email", label=_("修改邮箱"))
-    MODIFY_PHONE = EnumField("modify_phone", label=_("修改电话号码"))
+    MODIFY_USER_EMAIL = EnumField("modify_user_email", label=_("修改用户邮箱"))
+    MODIFY_USER_PHONE = EnumField("modify_user_phone", label=_("修改用户电话号码"))
     SEND_EMAIL_VERIFICATION_CODE = EnumField("send_email_verification_code", label=_("发送邮箱验证码"))
     SEND_PHONE_VERIFICATION_CODE = EnumField("send_phone_verification_code", label=_("发送手机验证码"))
     # 组织
     CREATE_ORGANIZATION = EnumField("create_organization", label=_("创建组织"))
     MODIFY_ORGANIZATION = EnumField("modify_organization", label=_("修改组织名称"))
     DELETE_ORGANIZATION = EnumField("delete_organization", label=_("删除组织"))
     MODIFY_PARENT_ORGANIZATION = EnumField("modify_parent_organization", label=_("修改上级组织"))
-    # 平台管理
+    # 管理平台
     CREATE_TENANT = EnumField("create_tenant", label=_("创建租户"))
     MODIFY_TENANT = EnumField("modify_tenant", label=_("修改租户信息"))
     DELETE_TENANT = EnumField("delete_tenant", label=_("删除租户"))

diff --git a/src/bk-user/bkuser/apps/audit/migrations/0001_initial.py b/src/bk-user/bkuser/apps/audit/migrations/0001_initial.py
@@ -1,4 +1,4 @@
-# Generated by Django 3.2.25 on 2024-10-14 06:58
+# Generated by Django 3.2.25 on 2024-10-17 07:20
 
 from django.db import migrations, models
 import uuid
@@ -15,18 +15,20 @@ class Migration(migrations.Migration):
         migrations.CreateModel(
             name='OperationAuditRecord',
             fields=[
-                ('event_id', models.UUIDField(auto_created=True, default=uuid.uuid4, editable=False, primary_key=True, serialize=False, unique=True, verbose_name='事件 id')),
-                ('operator', models.CharField(max_length=32, verbose_name='操作用户')),
-                ('ip', models.CharField(blank=True, max_length=32, null=True, verbose_name='来源 ip')),
-                ('operate_time', models.DateTimeField(auto_now_add=True, db_index=True, verbose_name='操作时间')),
-                ('target', models.CharField(choices=[('data_source', '数据源'), ('idp', 'IDP（认证源）'), ('user', '用户'), ('organization', '组织'), ('platform_management', '平台管理'), ('tenant', '租户'), ('virtual_user', '虚拟用户')], max_length=32, verbose_name='操作对象')),
-                ('operation', models.CharField(choices=[('create_data_source', '创建数据源'), ('modify_data_source', '修改数据源'), ('delete_data_source', '删除数据源'), ('sync_data_source', '同步数据源'), ('import_data_source', '导入数据源'), ('create_idp', '创建 IDP（认证源）'), ('modify_idp', '修改 IDP（认证源）'), ('modify_idp_status', '修改 IDP（认证源）状态'), ('create_user', '创建用户'), ('modify_user', '修改用户信息'), ('delete_user', '删除用户'), ('modify_department_user_relations', '修改用户所属部门'), ('modify_user_status', '修改用户状态'), ('modify_account_expired_at', '修改账户过期时间'), ('modify_leaders', '修改用户上级'), ('modify_user_password', '重置用户密码'), ('modify_email', '修改邮箱'), ('modify_phone', '修改电话号码'), ('send_email_verification_code', '发送邮箱验证码'), ('send_phone_verification_code', '发送手机验证码'), ('create_organization', '创建组织'), ('modify_organization', '修改组织名称'), ('delete_organization', '删除组织'), ('modify_parent_organization', '修改上级组织'), ('create_tenant', '创建租户'), ('modify_tenant', '修改租户信息'), ('delete_tenant', '删除租户'), ('modify_tenant_status', '修改租户状态'), ('create_real_manager', '创建实名管理员'), ('delete_real_manager', '删除实名管理员'), ('modify_validity_period_config', '修改租户账户有效期配置'), ('create_virtual_user', '创建虚拟用户'), ('modify_virtual_user', '修改虚拟用户信息'), ('delete_virtual_user', '删除虚拟用户')], max_length=32, verbose_name='操作类型')),
-                ('data_before', models.JSONField(blank=True, null=True, verbose_name='操作前的数据')),
-                ('data_after', models.JSONField(blank=True, null=True, verbose_name='操作后的数据')),
-                ('instance', models.JSONField(blank=True, null=True, verbose_name='操作对象实例')),
+                ('id', models.UUIDField(auto_created=True, default=uuid.uuid4, editable=False, primary_key=True, serialize=False, unique=True, verbose_name='事件 id')),
+                ('created_at', models.DateTimeField(auto_now_add=True)),
+                ('updated_at', models.DateTimeField(auto_now=True)),
+                ('creator', models.CharField(blank=True, max_length=128, null=True)),
+                ('updater', models.CharField(blank=True, max_length=128, null=True)),
+                ('operation_target', models.CharField(max_length=32, verbose_name='操作对象')),
+                ('operation_type', models.CharField(max_length=32, verbose_name='操作类型')),
+                ('tenant_id', models.CharField(max_length=32, verbose_name='操作对象所属的租户 id')),
+                ('data_change', models.JSONField(blank=True, max_length=32, null=True, verbose_name='操作数据变更')),
+                ('data_source_id', models.CharField(blank=True, max_length=32, null=True, verbose_name='操作对象所属的数据源 id')),
+                ('extras', models.JSONField(blank=True, null=True, verbose_name='操作额外信息')),
             ],
             options={
-                'ordering': ['-operate_time'],
+                'ordering': ['-created_at'],
             },
         ),
     ]
diff --git a/src/bk-user/bkuser/apps/audit/models.py b/src/bk-user/bkuser/apps/audit/models.py
@@ -13,21 +13,19 @@
 
 from django.db import models
 
-from bkuser.apps.audit.constants import OperationEnum, OperationTarget
+from bkuser.common.models import AuditedModel
 
 
-class OperationAuditRecord(models.Model):
-    event_id = models.UUIDField(
+class OperationAuditRecord(AuditedModel):
+    id = models.UUIDField(
         "事件 id", default=uuid.uuid4, primary_key=True, editable=False, auto_created=True, unique=True
     )
-    operator = models.CharField(max_length=32, verbose_name="操作用户")
-    ip = models.CharField(max_length=32, verbose_name="来源 ip", null=True, blank=True)
-    operate_time = models.DateTimeField(auto_now_add=True, verbose_name="操作时间", db_index=True)
-    target = models.CharField(max_length=32, verbose_name="操作对象", choices=OperationTarget.get_choices())
-    operation = models.CharField(max_length=32, verbose_name="操作类型", choices=OperationEnum.get_choices())
-    data_before = models.JSONField(verbose_name="操作前的数据", null=True, blank=True)
-    data_after = models.JSONField(verbose_name="操作后的数据", null=True, blank=True)
-    instance = models.JSONField(verbose_name="操作对象实例", null=True, blank=True)
+    operation_target = models.CharField(max_length=32, verbose_name="操作对象")
+    operation_type = models.CharField(max_length=32, verbose_name="操作类型")
+    tenant_id = models.CharField(max_length=32, verbose_name="操作对象所属的租户 id")
+    data_change = models.JSONField(max_length=32, verbose_name="操作数据变更", null=True, blank=True)
+    data_source_id = models.CharField(max_length=32, verbose_name="操作对象所属的数据源 id", null=True, blank=True)
+    extras = models.JSONField(verbose_name="操作额外信息", null=True, blank=True)
 
     class Meta:
-        ordering = ["-operate_time"]  # 按照 operate_time 字段降序排列
+        ordering = ["-created_at"]  # 按照 created_at 字段降序排列
diff --git a/src/bk-user/bkuser/apps/audit/service.py b/src/bk-user/bkuser/apps/audit/service.py
@@ -9,26 +9,27 @@
 specific language governing permissions and limitations under the License.
 """
 
-from typing import Optional
+from typing import Dict
 
+from .constants import OperationTarget, OperationType
 from .models import OperationAuditRecord
 
 
 def add_operation_audit_record(
     operator: str,
-    target: str,
-    operation: str,
-    ip: Optional[str] = None,
-    data_before: Optional[dict] = None,
-    data_after: Optional[dict] = None,
-    instance: Optional[dict] = None,
+    operation_target: OperationTarget,
+    operation_type: OperationType,
+    tenant_id: str,
+    data_change: Dict | None = None,
+    data_source_id: str | None = None,
+    extras: Dict | None = None,
 ) -> OperationAuditRecord:
     return OperationAuditRecord.objects.create(
-        operator=operator,
-        target=target,
-        operation=operation,
-        ip=ip,
-        data_before=data_before,
-        data_after=data_after,
-        instance=instance,
+        creator=operator,
+        operation_target=operation_target,
+        operation_type=operation_type,
+        tenant_id=tenant_id,
+        data_change=data_change,
+        data_source_id=data_source_id,
+        extras=extras,
     )
diff --git a/src/bk-user/bkuser/apps/sync/managers.py b/src/bk-user/bkuser/apps/sync/managers.py
@@ -14,8 +14,6 @@
 from django.conf import settings
 from django.utils import timezone
 
-from bkuser.apps.audit.constants import OperationEnum, OperationTarget
-from bkuser.apps.audit.service import add_operation_audit_record
 from bkuser.apps.data_source.models import DataSource
 from bkuser.apps.sync.constants import SyncTaskStatus
 from bkuser.apps.sync.data_models import DataSourceSyncOptions, TenantSyncOptions
@@ -64,17 +62,6 @@ def execute(self, plugin_init_extra_kwargs: Optional[Dict[str, Any]] = None) ->
             # 同步的方式，不需要序列化/反序列化，因此不需要检查基础类型
             DataSourceSyncTaskRunner(task, plugin_init_extra_kwargs).run()
 
-        add_operation_audit_record(
-            operator=task.operator,
-            target=OperationTarget.DATA_SOURCE,
-            operation=OperationEnum.SYNC_DATA_SOURCE,
-            instance={
-                "data_source": self.data_source.id,
-                "data_source_plugin": self.data_source.plugin_id,
-                "task": task.id,
-            },
-        )
-
         return task
 
     @staticmethod