jumpserver/apps/rbac/serializers/rolebinding.py

from rest_framework import serializers
from django.utils.translation import ugettext_lazy as _

from orgs.serializers import CurrentOrgDefault
from orgs.utils import current_org
from ..models import RoleBinding, SystemRoleBinding, OrgRoleBinding

__all__ = [
    'RoleBindingSerializer', 'OrgRoleBindingSerializer',  'SystemRoleBindingSerializer'
]


class RoleBindingSerializer(serializers.ModelSerializer):
    class Meta:
        model = RoleBinding
        fields = [
            'id', 'user',  'user_display', 'role', 'role_display',
            'scope', 'org',
        ]
        read_only_fields = ['scope']
        extra_kwargs = {
            'user_display': {'label': _('User display')},
            'role_display': {'label': _('Role display')},
        }


class SystemRoleBindingSerializer(RoleBindingSerializer):
    org = None

    class Meta(RoleBindingSerializer.Meta):
        model = SystemRoleBinding

    def get_field_names(self, *args):
        names = super().get_field_names(*args)
        return list(set(names) - {'org'})


class OrgRoleBindingSerializer(RoleBindingSerializer):
    org = serializers.PrimaryKeyRelatedField(
        default=CurrentOrgDefault(), label=_("Organization"), read_only=True
    )

    class Meta(RoleBindingSerializer.Meta):
        model = OrgRoleBinding
        validators = []

    def validate(self, attrs):
        data = self.initial_data
        many = isinstance(data, list)
        if not many:
            user = attrs.get('user')
            role = attrs.get('role')
            role_bindings = OrgRoleBinding.objects.filter(user=user, role=role)

            if not self.instance and role_bindings.exists():
                raise serializers.ValidationError({'role': _('Has bound this role')})
        return attrs
fix: fix rbac to dev (#7636) * feat: 添加 RBAC 应用模块 * feat: 添加 RBAC Model、API * feat: 添加 RBAC Model、API 2 * feat: 添加 RBAC Model、API 3 * feat: 添加 RBAC Model、API 4 * feat: RBAC * feat: RBAC * feat: RBAC * feat: RBAC * feat: RBAC * feat: RBAC 整理权限位 * feat: RBAC 整理权限位2 * feat: RBAC 整理权限位2 * feat: RBAC 整理权限位 * feat: RBAC 添加默认角色 * feat: RBAC 添加迁移文件；迁移用户角色->用户角色绑定 * feat: RBAC 添加迁移文件；迁移用户角色->用户角色绑定 * feat: RBAC 修改用户模块API * feat: RBAC 添加组织模块迁移文件 & 修改组织模块API * feat: RBAC 添加组织模块迁移文件 & 修改组织模块API * feat: RBAC 修改用户角色属性的使用 * feat: RBAC No.1 * xxx * perf: 暂存 * perf: ... * perf(rbac): 添加 perms 到 profile serializer 中 * stash * perf: 使用init * perf: 修改migrations * perf: rbac * stash * stash * pref: 修改rbac * stash it * stash: 先去修复其他bug * perf: 修改 role 添加 users * pref: 修改 RBAC Model * feat: 添加权限的 tree api * stash: 暂存一下 * stash: 暂存一下 * perf: 修改 model verbose name * feat: 添加model各种 verbose name * perf: 生成 migrations * perf: 优化权限位 * perf: 添加迁移脚本 * feat: 添加组织角色迁移 * perf: 添加迁移脚本 * stash * perf: 添加migrateion * perf: 暂存一下 * perf: 修改rbac * perf: stash it * fix: 迁移冲突 * fix: 迁移冲突 * perf: 暂存一下 * perf: 修改 rbac 逻辑 * stash: 暂存一下 * perf: 修改内置角色 * perf: 解决 root 组织的问题 * perf: stash it * perf: 优化 rbac * perf: 优化 rolebinding 处理 * perf: 完成用户离开组织的问题 * perf: 暂存一下 * perf: 修改翻译 * perf: 去掉了 IsSuperUser * perf: IsAppUser 去掉完成 * perf: 修改 connection token 的权限 * perf: 去掉导入的问题 * perf: perms define 格式，修改 app 用户的全新啊 * perf: 修改 permission * perf: 去掉一些 org admin * perf: 去掉部分 org admin * perf: 再去掉点 org admin role * perf: 再去掉部分 org admin * perf: user 角色搜索 * perf: 去掉很多 js * perf: 添加权限位 * perf: 修改权限 * perf: 去掉一个 todo * merge: with dev * fix: 修复冲突 Co-authored-by: Bai <bugatti_it@163.com> Co-authored-by: Michael Bai <baijiangjie@gmail.com> Co-authored-by: ibuler <ibuler@qq.com> 3 years ago			`from rest_framework import serializers`
			`from django.utils.translation import ugettext_lazy as _`

			`from orgs.serializers import CurrentOrgDefault`
			`from orgs.utils import current_org`
			`from ..models import RoleBinding, SystemRoleBinding, OrgRoleBinding`

			`__all__ = [`
			`'RoleBindingSerializer', 'OrgRoleBindingSerializer', 'SystemRoleBindingSerializer'`
			`]`


			`class RoleBindingSerializer(serializers.ModelSerializer):`
			`class Meta:`
			`model = RoleBinding`
			`fields = [`
			`'id', 'user', 'user_display', 'role', 'role_display',`
			`'scope', 'org',`
			`]`
			`read_only_fields = ['scope']`
			`extra_kwargs = {`
			`'user_display': {'label': _('User display')},`
			`'role_display': {'label': _('Role display')},`
			`}`


			`class SystemRoleBindingSerializer(RoleBindingSerializer):`
			`org = None`

			`class Meta(RoleBindingSerializer.Meta):`
			`model = SystemRoleBinding`

			`def get_field_names(self, *args):`
			`names = super().get_field_names(*args)`
			`return list(set(names) - {'org'})`


			`class OrgRoleBindingSerializer(RoleBindingSerializer):`
			`org = serializers.PrimaryKeyRelatedField(`
			`default=CurrentOrgDefault(), label=_("Organization"), read_only=True`
			`)`

			`class Meta(RoleBindingSerializer.Meta):`
			`model = OrgRoleBinding`
			`validators = []`

			`def validate(self, attrs):`
			`data = self.initial_data`
			`many = isinstance(data, list)`
			`if not many:`
			`user = attrs.get('user')`
			`role = attrs.get('role')`
			`role_bindings = OrgRoleBinding.objects.filter(user=user, role=role)`

			`if not self.instance and role_bindings.exists():`
			`raise serializers.ValidationError({'role': _('Has bound this role')})`
			`return attrs`