perf: ROOT Org show orgs-and-roles in user-detail page

.gitignore

@@ -43,3 +43,4 @@ releashe
 data/*
 test.py
 .history/
+.test/

apps/rbac/models/rolebinding.py

@@ -56,6 +56,7 @@ class RoleBinding(JMSBaseModel):
         on_delete=models.CASCADE, verbose_name=_('Organization')
     )
     objects = RoleBindingManager()
+    objects_raw = models.Manager()
 
     class Meta:
         verbose_name = _('Role binding')

apps/users/api/user.py

@@ -22,8 +22,7 @@ from ..models import User
 from ..notifications import ResetMFAMsg
 from ..permissions import UserObjectPermission
 from ..serializers import (
-    UserSerializer,
-    MiniUserSerializer, InviteSerializer
+    UserSerializer, MiniUserSerializer, InviteSerializer, UserRetrieveSerializer
 )
 from ..signals import post_user_create
 
@@ -43,6 +42,7 @@ class UserViewSet(CommonApiMixin, UserQuerysetMixin, SuggestionMixin, BulkModelV
         'default': UserSerializer,
         'suggestion': MiniUserSerializer,
         'invite': InviteSerializer,
+        'retrieve': UserRetrieveSerializer,
     }
     rbac_perms = {
         'match': 'users.match_user',

apps/users/models/user.py

@@ -5,6 +5,7 @@ import base64
 import datetime
 import uuid
 from typing import Callable
+from collections import defaultdict
 
 import sshpubkeys
 from django.conf import settings
@@ -27,6 +28,7 @@ from common.utils import (
 from labels.mixins import LabeledMixin
 from orgs.utils import current_org
 from rbac.const import Scope
+from rbac.models import RoleBinding
 from ..signals import (
     post_user_change_password, post_user_leave_org, pre_user_leave_org
 )
@@ -926,6 +928,14 @@ class User(AuthMixin, TokenMixin, RoleMixin, MFAMixin, LabeledMixin, JSONFilterM
     def is_local(self):
         return self.source == self.Source.local.value
 
+    @property
+    def orgs_roles(self):
+        orgs_roles = defaultdict(set)
+        rbs = RoleBinding.objects_raw.filter(user=self, scope='org').prefetch_related('role', 'org')
+        for rb in rbs:
+            orgs_roles[rb.org_name].add(str(rb.role.display_name))
+        return orgs_roles
+
     def is_password_authenticate(self):
         cas = self.Source.cas
         saml2 = self.Source.saml2

apps/users/serializers/user.py

@@ -12,6 +12,7 @@ from common.serializers.fields import (
 )
 from common.utils import pretty_string, get_logger
 from common.validators import PhoneValidator
+from orgs.utils import current_org
 from rbac.builtin import BuiltinRole
 from rbac.models import OrgRoleBinding, SystemRoleBinding, Role
 from rbac.permissions import RBACPermission
@@ -23,6 +24,7 @@ __all__ = [
     "MiniUserSerializer",
     "InviteSerializer",
     "ServiceAccountSerializer",
+    "UserRetrieveSerializer",
 ]
 
 logger = get_logger(__file__)
@@ -46,6 +48,7 @@ class RolesSerializerMixin(serializers.Serializer):
         label=_("Org roles"), many=True, required=False,
         default=default_org_roles
     )
+    orgs_roles = serializers.JSONField(read_only=True, label=_("Organization and roles relations"))
 
     def pop_roles_if_need(self, fields):
         request = self.context.get("request")
@@ -58,7 +61,7 @@ class RolesSerializerMixin(serializers.Serializer):
 
         model_cls_field_mapper = {
             SystemRoleBinding: ["system_roles"],
-            OrgRoleBinding: ["org_roles"],
+            OrgRoleBinding: ["org_roles", "orgs_roles"],
         }
 
         update_actions = ("partial_bulk_update", "bulk_update", "partial_update", "update")
@@ -156,6 +159,7 @@ class UserSerializer(RolesSerializerMixin, CommonBulkSerializerMixin, ResourceLa
             "is_first_login", "wecom_id", "dingtalk_id",
             "feishu_id", "lark_id", "date_api_key_last_used",
         ]
+        fields_only_root_org = ["orgs_roles"]
         disallow_self_update_fields = ["is_active", "system_roles", "org_roles"]
         extra_kwargs = {
             "password": {
@@ -177,7 +181,18 @@ class UserSerializer(RolesSerializerMixin, CommonBulkSerializerMixin, ResourceLa
             "is_otp_secret_key_bound": {"label": _("Is OTP bound")},
             'mfa_level': {'label': _("MFA level")},
         }
+    
+    def get_fields(self):
+        fields = super().get_fields()
+        self.pop_fields_if_need(fields)
+        return fields
 
+    def pop_fields_if_need(self, fields):
+        # pop only root org fields
+        if not current_org.is_root():
+            for f in self.Meta.fields_only_root_org:
+                fields.pop(f, None)
+    
     def validate_password(self, password):
         password_strategy = self.initial_data.get("password_strategy")
         if self.instance is None and password_strategy != PasswordStrategy.custom:
@@ -273,7 +288,7 @@ class UserRetrieveSerializer(UserSerializer):
     )
 
     class Meta(UserSerializer.Meta):
-        fields = UserSerializer.Meta.fields + ["login_confirm_settings"]
+        fields = UserSerializer.Meta.fields + ["login_confirm_settings", "orgs_roles"]
 
 
 class MiniUserSerializer(serializers.ModelSerializer):