TencentBlueKing · zhu327 · Apr 16, 2024 · Apr 16, 2024 · Apr 16, 2024 · Apr 16, 2024
diff --git a/saas/backend/apps/template/serializers.py b/saas/backend/apps/template/serializers.py
@@ -275,3 +275,7 @@ def __init__(self, *args, **kwargs):
 
 class TemplatePreUpdateSchemaSLZ(serializers.Serializer):
     action_ids = serializers.ListField(label="操作策略", child=serializers.CharField(), allow_empty=False)
+
+
+class TemplateGroupSLZ(serializers.Serializer):
+    group_id = serializers.IntegerField(label="用户组id")
diff --git a/saas/backend/apps/template/urls.py b/saas/backend/apps/template/urls.py
@@ -59,6 +59,12 @@
                     views.TemplateUpdateCommitViewSet.as_view({"post": "create"}),
                     name="template.update_commit",
                 ),
+                # 转换成自定义权限
+                path(
+                    "convert_to_custom_policy/",
+                    views.TemplateConvertToCustomPolicyViewSet.as_view({"post": "create"}),
+                    name="template.convert_to_custom_policy",
+                ),
             ]
         ),
     ),

diff --git a/saas/backend/apps/template/views.py b/saas/backend/apps/template/views.py
@@ -25,6 +25,7 @@
 from backend.audit.audit import audit_context_setter, view_audit_decorator
 from backend.biz.action import ActionBiz, ActionCheckBiz, ActionResourceGroupForCheck
 from backend.biz.action_group import ActionGroupBiz
+from backend.biz.policy import PolicyBean, PolicyOperationBiz
 from backend.biz.role import RoleAuthorizationScopeChecker, RoleListQuery, RoleObjectRelationChecker
 from backend.biz.subject import SubjectInfoList
 from backend.biz.template import (
@@ -60,6 +61,7 @@
     TemplateGroupAuthorationPreUpdateSLZ,
     TemplateGroupPreViewSchemaSLZ,
     TemplateGroupPreViewSLZ,
+    TemplateGroupSLZ,
     TemplateIdSLZ,
     TemplateListSchemaSLZ,
     TemplateListSLZ,
@@ -540,3 +542,43 @@ def create(self, request, *args, **kwargs):
         audit_context_setter(template=template)
 
         return Response({})
+
+
+class TemplateConvertToCustomPolicyViewSet(TemplatePermissionMixin, GenericViewSet):
+    """
+    转换成自定义权限
+    """
+
+    lookup_field = "id"
+    queryset = PermTemplate.objects.all()
+
+    policy_biz = PolicyOperationBiz()
+    template_biz = TemplateBiz()
+
+    @swagger_auto_schema(
+        operation_description="模版权限转换成自定义权限",
+        responses={status.HTTP_200_OK: TemplateGroupSLZ()},
+        tags=["template"],
+    )
+    @view_audit_decorator(TemplateMemberDeleteAuditProvider)
+    def create(self, request, *args, **kwargs):
+        template = self.get_object()
+
+        slz = TemplateGroupSLZ(data=request.data)
+        slz.is_valid(raise_exception=True)
+        group_id = slz.validated_data["group_id"]
+
+        # 查询用户组关联的模版权限
+        subject = Subject.from_group_id(group_id)
+        authorized_template = PermTemplatePolicyAuthorized.objects.get_by_subject_template(subject, template.id)
+        template_policies = parse_obj_as(List[PolicyBean], authorized_template.data["actions"])
+
+        # 合并权限, 重新授权自定义权限
+        self.policy_biz.alter(template.system_id, subject, template_policies)
+
+        # 解除用户组与模版直接的关系
+        self.template_biz.revoke_subjects(template.system_id, template.id, [subject])
+
+        audit_context_setter(template=template, members=[subject.dict()])
+
+        return Response({})