diff --git a/cmdb-api/api/tasks/acl.py b/cmdb-api/api/tasks/acl.py index 1e86d362..d9eb6a92 100644 --- a/cmdb-api/api/tasks/acl.py +++ b/cmdb-api/api/tasks/acl.py @@ -25,10 +25,8 @@ from api.models.acl import Trigger -@celery.task(base=QueueOnce, - name="acl.role_rebuild", - queue=ACL_QUEUE, - once={"graceful": True, "unlock_before_run": True}) +@celery.task(name="acl.role_rebuild", + queue=ACL_QUEUE,) @flush_db @reconnect_db def role_rebuild(rids, app_id): diff --git a/cmdb-api/api/views/cmdb/ci_type.py b/cmdb-api/api/views/cmdb/ci_type.py index 275db220..65dadcce 100644 --- a/cmdb-api/api/views/cmdb/ci_type.py +++ b/cmdb-api/api/views/cmdb/ci_type.py @@ -472,7 +472,9 @@ def post(self, type_id, rid): from api.lib.perm.acl.const import ACL_QUEUE app_id = AppCache.get('cmdb').id + current_app.logger.info((rid, app_id)) role_rebuild.apply_async(args=(rid, app_id), queue=ACL_QUEUE) + current_app.logger.info('done') return self.jsonify(code=200) @@ -500,18 +502,18 @@ def post(self, type_id, rid): if PermEnum.READ in perms or not perms: resource = CIFilterPermsCRUD().delete(type_id=type_id, rid=rid) - users = RoleRelationCRUD.get_users_by_rid(rid, app_id) - for i in (users or []): - if i.get('role', {}).get('id') and not RoleCRUD.has_permission( - i.get('role').get('id'), type_name, ResourceTypeEnum.CI_TYPE, app_id, PermEnum.READ): - PreferenceManager.delete_by_type_id(type_id, i.get('uid')) - if not resource: from api.tasks.acl import role_rebuild from api.lib.perm.acl.const import ACL_QUEUE role_rebuild.apply_async(args=(rid, app_id), queue=ACL_QUEUE) + users = RoleRelationCRUD.get_users_by_rid(rid, app_id) + for i in (users or []): + if i.get('role', {}).get('id') and not RoleCRUD.has_permission( + i.get('role').get('id'), type_name, ResourceTypeEnum.CI_TYPE, app_id, PermEnum.READ): + PreferenceManager.delete_by_type_id(type_id, i.get('uid')) + return self.jsonify(type_id=type_id, rid=rid)