ci: add import linter

.github/workflows/python.yml

@@ -37,5 +37,7 @@ jobs:
       run: bandit -c saas/pyproject.toml -r saas
     - name: Lint with mypy
       run:  mypy --config-file=saas/pyproject.toml saas
+    - name: Import Linter
+      run: cd saas && lint-imports --config=./.importlinter && cd ..
     - name: Test with pytest
       run: pytest -c saas/pyproject.toml saas

saas/.importlinter

@@ -0,0 +1,35 @@
+[importlinter]
+root_package = backend
+include_external_packages = True
+
+[importlinter:contract:layers-apps-service-biz]
+name=apps service biz component
+type=layers
+layers =
+    backend.apps
+    backend.trans
+    backend.biz
+    backend.service
+    backend.component
+ignore_imports =
+    backend.trans.* -> backend.apps.*.models
+    backend.biz.* -> backend.apps.*.models
+    backend.biz.*.* -> backend.apps.*.models
+    backend.service.* -> backend.apps.*.models
+    backend.service.*.* -> backend.apps.*.models
+    backend.biz.org_sync.syncer -> backend.apps.organization.tasks
+    backend.biz.application -> backend.apps.role.tasks
+    backend.biz.application -> backend.audit.audit
+    backend.biz.handover -> backend.audit.audit
+
+[importlinter:contract:layers-api-service-biz]
+name=api service biz component
+type=layers
+layers =
+    backend.api
+    backend.trans
+    backend.biz
+    backend.service
+    backend.component
+ignore_imports =
+    backend.biz.model_event -> backend.api.authorization.models

saas/.pre-commit-config.yaml

@@ -36,6 +36,11 @@ repos:
         language: python
         pass_filenames: false
         entry: mypy --config-file=saas/pyproject.toml saas
+      - id: import-linter
+        name: import-linter
+        language: python
+        pass_filenames: false
+        entry: cd saas && lint-imports --config=./.importlinter && cd ..
       - id: pytest
         name: pytest
         language: python

saas/Makefile

@@ -25,6 +25,7 @@ lint:
 	pflake8 --config=./pyproject.toml .
 	bandit -c ./pyproject.toml -r .
 	mypy --config-file=./pyproject.toml .
+	lint-imports --config .importlinter
 
 fmt:
 	isort --settings-path=./pyproject.toml .

saas/backend/apps/group/views.py

@@ -26,14 +26,14 @@
 from backend.apps.group import tasks  # noqa
 from backend.apps.group.models import Group
 from backend.apps.policy.serializers import PolicyDeleteSLZ, PolicySLZ, PolicySystemSLZ
-from backend.apps.role.constants import PermissionTypeEnum
 from backend.apps.role.models import Role, RoleRelatedObject
 from backend.apps.subject_template.models import SubjectTemplate, SubjectTemplateGroup
 from backend.apps.template.audit import TemplateMemberDeleteAuditProvider
 from backend.apps.template.filters import TemplateFilter
 from backend.apps.template.models import PermTemplate, PermTemplatePolicyAuthorized, PermTemplatePreUpdateLock
 from backend.apps.template.serializers import TemplateListSchemaSLZ, TemplateListSLZ
 from backend.audit.audit import audit_context_setter, log_api_event, view_audit_decorator
+from backend.biz.constants import PermissionTypeEnum
 from backend.biz.group import GroupBiz, GroupCheckBiz, GroupMemberExpiredAtBean
 from backend.biz.permission_audit import QueryAuthorizedSubjects
 from backend.biz.policy import PolicyBean, PolicyOperationBiz, PolicyQueryBiz

saas/backend/apps/handover/constants.py

@@ -32,25 +32,6 @@ class HandoverStatus(ChoicesEnum, LowerStrEnum):
     )
 
 
-class HandoverTaskStatus(ChoicesEnum, LowerStrEnum):
-    """权限交接具体任务的执行状态"""
-
-    RUNNING = auto()
-    SUCCEED = auto()
-    FAILED = auto()
-
-    _choices_labels = skip(
-        (
-            (RUNNING, _("正在交接")),
-            (SUCCEED, _("交接成功")),
-            (
-                FAILED,
-                _("交接失败"),
-            ),
-        )
-    )
-
-
 class HandoverObjectType(ChoicesEnum, LowerStrEnum):
     """交接的权限类型"""
 

saas/backend/apps/handover/models.py

@@ -10,7 +10,8 @@
 """
 from django.db import models
 
-from backend.apps.handover.constants import HandoverObjectType, HandoverStatus, HandoverTaskStatus
+from backend.apps.handover.constants import HandoverObjectType, HandoverStatus
+from backend.biz.constants import HandoverTaskStatus
 from backend.common.models import TimestampedModel
 
 

saas/backend/apps/organization/constants.py

@@ -55,6 +55,3 @@ class TriggerType(ChoicesEnum, LowerStrEnum):
 
 
 SYNC_TASK_DEFAULT_EXECUTOR = "periodic_task"
-
-# 新用户自动同步的用户数量
-NEW_USER_AUTO_SYNC_COUNT_LIMIT = 50

saas/backend/apps/organization/models.py

@@ -25,13 +25,28 @@
     TriggerType,
 )
 from backend.apps.organization.managers import SyncErrorLogManager
-from backend.biz.organization import get_category_name
+from backend.common.cache import cached
 from backend.common.models import TimestampedModel
+from backend.component import usermgr
 from backend.util.json import json_dumps
 
 logger = logging.getLogger("app")
 
 
+@cached(timeout=5 * 60)
+def _get_category_dict() -> Dict[int, str]:
+    """获取所有目录的ID与Name映射"""
+    # TODO: 需要修改为直接读取DB数据，避免因为usermgr的及时变更引起未同步前的数据不一致问题
+    categories = usermgr.list_category()
+    return {i["id"]: i["display_name"] for i in categories}
+
+
+def get_category_name(category_id: int):
+    """获取目录名称"""
+    category_dict = _get_category_dict()
+    return category_dict.get(category_id) or "默认目录"
+
+
 class Category(models.Model):
     id = models.IntegerField("目录ID", primary_key=True)
     type = models.CharField("类型", max_length=32)

saas/backend/apps/role/constants.py

@@ -10,11 +10,7 @@
 """
 from enum import Enum
 
-from aenum import LowerStrEnum, auto, skip
-from django.utils.translation import gettext as _
-
 from backend.service.constants import PermissionCodeEnum, RoleType
-from backend.util.enum import ChoicesEnum
 
 # 角色默认权限
 DEFAULT_ROLE_PERMISSIONS = {  # 超级管理员不能操作子集管理员
@@ -59,16 +55,6 @@
 }
 
 
-class PermissionTypeEnum(ChoicesEnum, LowerStrEnum):
-    """权限类型"""
-
-    CUSTOM = auto()
-    TEMPLATE = auto()
-    RESOURCE_INSTANCE = auto()
-
-    _choices_labels = skip(((CUSTOM, _("自定义权限")), (TEMPLATE, _("模板权限")), (RESOURCE_INSTANCE, _("资源实例"))))
-
-
 class ManagementCommonActionNameEnum(Enum):
     OPS = "业务运维"
     READ = "业务只读"

saas/backend/apps/role/serializers.py

@@ -19,6 +19,7 @@
 from backend.apps.organization.models import Department, User
 from backend.apps.policy.serializers import ConditionSLZ, InstanceSLZ, ResourceGroupSLZ, ResourceSLZ, ResourceTypeSLZ
 from backend.apps.role.models import Role, RoleCommonAction, RoleRelation, RoleUser
+from backend.biz.constants import PermissionTypeEnum
 from backend.biz.role import RoleBiz
 from backend.biz.subject import SubjectInfoList
 from backend.common.serializers import GroupMemberSLZ, GroupSearchSLZ, ResourceInstancesSLZ
@@ -33,8 +34,6 @@
     SubjectType,
 )
 
-from .constants import PermissionTypeEnum
-
 
 class RoleScopeSubjectSLZ(serializers.Serializer):
     type = serializers.ChoiceField(label="成员类型", choices=RoleScopeSubjectType.get_choices())

saas/backend/apps/user/tasks.py

@@ -20,12 +20,12 @@
 from django.template.loader import render_to_string
 from django.utils import timezone
 
-from backend.apps.organization.constants import StaffStatus
 from backend.apps.organization.models import User
 from backend.apps.policy.models import Policy
 from backend.apps.subject.audit import log_user_cleanup_policy_audit_event
 from backend.apps.subject_template.models import SubjectTemplateRelation
 from backend.apps.user.models import UserPermissionCleanupRecord
+from backend.biz.constants import StaffStatus
 from backend.biz.group import GroupBiz
 from backend.biz.helper import RoleWithPermGroupBiz
 from backend.biz.policy import PolicyOperationBiz, PolicyQueryBiz

saas/backend/apps/user/views.py

@@ -22,11 +22,11 @@
 from backend.apps.group.models import Group
 from backend.apps.group.serializers import GroupSearchSLZ
 from backend.apps.policy.serializers import PolicySLZ
-from backend.apps.role.constants import PermissionTypeEnum
 from backend.apps.role.serializers import RoleCommonActionSLZ
 from backend.apps.subject.serializers import SubjectGroupSLZ, UserRelationSLZ
 from backend.apps.user.models import UserProfile
 from backend.audit.audit import audit_context_setter, view_audit_decorator
+from backend.biz.constants import PermissionTypeEnum
 from backend.biz.group import GroupBiz
 from backend.biz.permission_audit import QueryAuthorizedSubjects
 from backend.biz.policy import ConditionBean, InstanceBean, PathNodeBeanList, PolicyOperationBiz, PolicyQueryBiz

saas/backend/biz/application.py

@@ -22,14 +22,14 @@
 
 from backend.apps.application.models import Application
 from backend.apps.group.models import Group
-from backend.apps.organization.constants import StaffStatus
 from backend.apps.organization.models import User as UserModel
 from backend.apps.policy.models import Policy
 from backend.apps.role.models import Role, RoleRelatedObject, RoleSource
 from backend.apps.role.tasks import sync_subset_manager_subject_scope
 from backend.apps.template.models import PermTemplatePolicyAuthorized
 from backend.audit.audit import log_group_event, log_role_event, log_user_event
 from backend.audit.constants import AuditSourceType, AuditType
+from backend.biz.constants import StaffStatus
 from backend.common.cache import cachedmethod
 from backend.common.error_codes import error_codes
 from backend.common.time import expired_at_display

saas/backend/biz/constants.py

@@ -8,7 +8,10 @@
 an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
 specific language governing permissions and limitations under the License.
 """
-from aenum import LowerStrEnum, auto
+from aenum import LowerStrEnum, StrEnum, auto, skip
+from django.utils.translation import gettext as _
+
+from backend.util.enum import ChoicesEnum
 
 
 class PolicyTag(LowerStrEnum):
@@ -34,3 +37,43 @@ class ActionTag(LowerStrEnum):
     CHECKED = auto()
     UNCHECKED = auto()
     DELETE = auto()
+
+
+# 新用户自动同步的用户数量
+NEW_USER_AUTO_SYNC_COUNT_LIMIT = 50
+
+
+class StaffStatus(ChoicesEnum, StrEnum):
+    IN = auto()
+    OUT = auto()
+
+    _choices_labels = skip(((IN, _("在职")), (OUT, _("离职"))))
+
+
+class HandoverTaskStatus(ChoicesEnum, LowerStrEnum):
+    """权限交接具体任务的执行状态"""
+
+    RUNNING = auto()
+    SUCCEED = auto()
+    FAILED = auto()
+
+    _choices_labels = skip(
+        (
+            (RUNNING, _("正在交接")),
+            (SUCCEED, _("交接成功")),
+            (
+                FAILED,
+                _("交接失败"),
+            ),
+        )
+    )
+
+
+class PermissionTypeEnum(ChoicesEnum, LowerStrEnum):
+    """权限类型"""
+
+    CUSTOM = auto()
+    TEMPLATE = auto()
+    RESOURCE_INSTANCE = auto()
+
+    _choices_labels = skip(((CUSTOM, _("自定义权限")), (TEMPLATE, _("模板权限")), (RESOURCE_INSTANCE, _("资源实例"))))

saas/backend/biz/handover.py

@@ -12,11 +12,11 @@
 from abc import ABC, abstractmethod
 from typing import List
 
-from backend.apps.handover.constants import HandoverTaskStatus
 from backend.apps.handover.models import HandoverTask
 from backend.apps.role.models import Role
 from backend.audit.audit import log_group_event, log_role_event, log_subject_template_event, log_user_event
 from backend.audit.constants import AuditSourceType, AuditType
+from backend.biz.constants import HandoverTaskStatus
 from backend.biz.group import GroupBiz
 from backend.biz.helper import RoleWithPermGroupBiz
 from backend.biz.policy import PolicyOperationBiz, PolicyQueryBiz

saas/backend/biz/org_sync/syncer.py

@@ -12,8 +12,8 @@
 """
 import datetime
 
-from backend.apps.organization.constants import NEW_USER_AUTO_SYNC_COUNT_LIMIT
 from backend.apps.organization.models import Department, DepartmentMember, SubjectToDelete, User
+from backend.biz.constants import NEW_USER_AUTO_SYNC_COUNT_LIMIT
 from backend.component import iam, usermgr
 from backend.service.constants import SubjectType
 

saas/backend/biz/permission_audit.py

@@ -15,8 +15,8 @@
 from openpyxl.styles import Font, colors
 
 from backend.apps.policy.models import Policy
-from backend.apps.role.constants import PermissionTypeEnum
 from backend.apps.template.models import PermTemplate, PermTemplatePolicyAuthorized
+from backend.biz.constants import PermissionTypeEnum
 from backend.biz.subject import SubjectInfoList
 from backend.biz.utils import fill_resources_attribute
 from backend.service.action import ActionService