fix: 删除组织时，确保没有跟节点之外的其他节点。以及组织删除后，将跟节点删除

apps/orgs/api.py

@@ -18,9 +18,13 @@ from .serializers import (
     CurrentOrgSerializer
 )
 from users.models import User, UserGroup
-from assets.models import Asset, Domain, AdminUser, SystemUser, Label
-from perms.models import AssetPermission
-from orgs.utils import current_org
+from assets.models import (
+    Asset, Domain, AdminUser, SystemUser, Label, Node, Gateway,
+    CommandFilter, CommandFilterRule, GatheredUser
+)
+from applications.models import Application
+from perms.models import AssetPermission, ApplicationPermission
+from orgs.utils import current_org, tmp_to_root_org
 from common.utils import get_logger
 from .filters import OrgMemberRelationFilterSet
 from .models import OrganizationMember
@@ -29,6 +33,15 @@ from .models import OrganizationMember
 logger = get_logger(__file__)
 
 
+# 部分 org 相关的 model，需要清空这些数据之后才能删除该组织
+org_related_models = [
+    User, UserGroup, Asset, Label, Domain, Gateway, Node, AdminUser, SystemUser, Label,
+    CommandFilter, CommandFilterRule, GatheredUser,
+    AssetPermission, ApplicationPermission,
+    Application,
+]
+
+
 class OrgViewSet(BulkModelViewSet):
     filterset_fields = ('name',)
     search_fields = ('name', 'comment')
@@ -44,24 +57,23 @@ class OrgViewSet(BulkModelViewSet):
         }
         return mapper.get(self.action, super().get_serializer_class())
 
+    @tmp_to_root_org()
     def get_data_from_model(self, model):
         if model == User:
             data = model.objects.filter(orgs__id=self.org.id, m2m_org_members__role=ROLE.USER)
+        elif model == Node:
+            # 跟节点不能手动删除，所以排除检查
+            data = model.objects.filter(org_id=self.org.id).exclude(parent_key='', key__regex=r'^[0-9]+$')
         else:
             data = model.objects.filter(org_id=self.org.id)
         return data
 
     def destroy(self, request, *args, **kwargs):
         self.org = self.get_object()
-        models = [
-            User, UserGroup,
-            Asset, Domain, AdminUser, SystemUser, Label,
-            AssetPermission,
-        ]
-        for model in models:
+        for model in org_related_models:
             data = self.get_data_from_model(model)
             if data:
-                msg = _('Organization contains undeleted resources')
+                msg = _(f'Have `{model._meta.verbose_name}` exists, Please delete')
                 return Response(data={'error': msg}, status=status.HTTP_403_FORBIDDEN)
         else:
             if str(current_org) == str(self.org):

apps/orgs/signals_handler/common.py

@@ -7,7 +7,8 @@ from functools import partial
 from django.dispatch import receiver
 from django.utils.functional import LazyObject
 from django.db.models.signals import m2m_changed
-from django.db.models.signals import post_save, post_delete
+from django.db.models.signals import post_save, post_delete, pre_delete
+from django.utils.translation import ugettext as _
 
 from orgs.utils import tmp_to_org
 from orgs.models import Organization, OrganizationMember
@@ -18,6 +19,7 @@ from common.const.signals import PRE_REMOVE, POST_REMOVE
 from common.signals import django_ready
 from common.utils import get_logger
 from common.utils.connection import RedisPubSub
+from common.exceptions import JMSException
 
 
 logger = get_logger(__file__)
@@ -75,6 +77,15 @@ def on_org_delete(sender, **kwargs):
     expire_orgs_mapping_for_memory()
 
 
+@receiver(pre_delete, sender=Organization)
+def on_org_delete(sender, instance, **kwargs):
+    # 删除该组织下所有 节点
+    with tmp_to_org(instance):
+        root_node = Node.org_root()
+        if root_node:
+            root_node.delete()
+
+
 def _remove_users(model, users, org):
     with tmp_to_org(org):
         if not isinstance(users, (tuple, list, set)):