mirror of https://github.com/jumpserver/jumpserver
perf: 修复 org role binding 在root组织下看到的可能不对
ibuler
Jiangjie.Bai
parent
efb26132f6
commit
7eed7b32cc
|
|
@ -22,9 +22,10 @@ class RoleBindingViewSet(OrgBulkModelViewSet):
|
|||
'user__name', 'user__username', 'role__name'
|
||||
]
|
||||
|
||||
def get_queryset(self):
|
||||
queryset = super().get_queryset() \
|
||||
.prefetch_related('user', 'role') \
|
||||
@staticmethod
|
||||
def annotate_queryset(queryset):
|
||||
queryset = queryset \
|
||||
.prefetch_related('user', 'role', 'org') \
|
||||
.annotate(
|
||||
user_display=Concat(
|
||||
F('user__name'), Value('('),
|
||||
|
|
@ -34,6 +35,11 @@ class RoleBindingViewSet(OrgBulkModelViewSet):
|
|||
)
|
||||
return queryset
|
||||
|
||||
def get_queryset(self):
|
||||
queryset = super().get_queryset()
|
||||
queryset = self.annotate_queryset(queryset)
|
||||
return queryset
|
||||
|
||||
|
||||
class SystemRoleBindingViewSet(RoleBindingViewSet):
|
||||
model = SystemRoleBinding
|
||||
|
|
@ -49,9 +55,13 @@ class SystemRoleBindingViewSet(RoleBindingViewSet):
|
|||
|
||||
|
||||
class OrgRoleBindingViewSet(RoleBindingViewSet):
|
||||
model = OrgRoleBinding
|
||||
serializer_class = serializers.OrgRoleBindingSerializer
|
||||
|
||||
def get_queryset(self):
|
||||
queryset = OrgRoleBinding.objects.root_all()
|
||||
queryset = self.annotate_queryset(queryset)
|
||||
return queryset
|
||||
|
||||
def perform_bulk_create(self, serializer):
|
||||
validated_data = serializer.validated_data
|
||||
bindings = [
|
||||
|
|
|
|||
|
|
@ -103,7 +103,6 @@ only_system_permissions = (
|
|||
('terminal', 'replaystorage', '*', '*'),
|
||||
('terminal', 'status', '*', '*'),
|
||||
('terminal', 'task', '*', '*'),
|
||||
('tickets', '*', '*', '*'),
|
||||
('authentication', '*', '*', '*'),
|
||||
)
|
||||
|
||||
|
|
|
|||
|
|
@ -15,12 +15,18 @@ __all__ = ['RoleBinding', 'SystemRoleBinding', 'OrgRoleBinding']
|
|||
class RoleBindingManager(models.Manager):
|
||||
def get_queryset(self):
|
||||
queryset = super(RoleBindingManager, self).get_queryset()
|
||||
q = Q(scope=Scope.system)
|
||||
q = Q(scope=Scope.system, org__isnull=True)
|
||||
if not current_org.is_root():
|
||||
q |= Q(org_id=current_org.id, scope=Scope.org)
|
||||
queryset = queryset.filter(q)
|
||||
return queryset
|
||||
|
||||
def root_all(self):
|
||||
queryset = super().get_queryset()
|
||||
if current_org.is_root():
|
||||
return queryset
|
||||
return self.get_queryset()
|
||||
|
||||
|
||||
class RoleBinding(JMSModel):
|
||||
Scope = Scope
|
||||
|
|
@ -53,6 +59,12 @@ class RoleBinding(JMSModel):
|
|||
display += ' | {org}'.format(org=self.org)
|
||||
return display
|
||||
|
||||
@property
|
||||
def org_name(self):
|
||||
if self.org:
|
||||
return self.org.name
|
||||
return ''
|
||||
|
||||
def save(self, *args, **kwargs):
|
||||
self.scope = self.role.scope
|
||||
return super().save(*args, **kwargs)
|
||||
|
|
@ -65,7 +77,7 @@ class RoleBinding(JMSModel):
|
|||
@classmethod
|
||||
def get_role_users(cls, role):
|
||||
from users.models import User
|
||||
bindings = cls.objects.filter(role=role, scope=role.scope)
|
||||
bindings = cls.objects.root_all().filter(role=role, scope=role.scope)
|
||||
user_ids = bindings.values_list('user', flat=True).distinct()
|
||||
return User.objects.filter(id__in=user_ids)
|
||||
|
||||
|
|
@ -84,13 +96,13 @@ class RoleBinding(JMSModel):
|
|||
return self.role.display_name
|
||||
|
||||
|
||||
class OrgRoleBindingManager(models.Manager):
|
||||
class OrgRoleBindingManager(RoleBindingManager):
|
||||
def get_queryset(self):
|
||||
queryset = super().get_queryset()
|
||||
queryset = super(RoleBindingManager, self).get_queryset()
|
||||
if current_org.is_root():
|
||||
queryset = queryset.filter(scope=Scope.org)
|
||||
queryset = queryset.none()
|
||||
else:
|
||||
queryset = queryset.filter(org=current_org.id, scope=Scope.org)
|
||||
queryset = queryset.filter(org_id=current_org.id, scope=Scope.org)
|
||||
return queryset
|
||||
|
||||
|
||||
|
|
@ -118,9 +130,10 @@ class OrgRoleBinding(RoleBinding):
|
|||
verbose_name = _('Organization role binding')
|
||||
|
||||
|
||||
class SystemRoleBindingManager(models.Manager):
|
||||
class SystemRoleBindingManager(RoleBindingManager):
|
||||
def get_queryset(self):
|
||||
queryset = super().get_queryset().filter(scope=Scope.system)
|
||||
queryset = super(RoleBindingManager, self).get_queryset()\
|
||||
.filter(scope=Scope.system)
|
||||
return queryset
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -2,7 +2,6 @@ from rest_framework import serializers
|
|||
from django.utils.translation import ugettext_lazy as _
|
||||
|
||||
from orgs.serializers import CurrentOrgDefault
|
||||
from orgs.utils import current_org
|
||||
from ..models import RoleBinding, SystemRoleBinding, OrgRoleBinding
|
||||
|
||||
__all__ = [
|
||||
|
|
@ -15,12 +14,13 @@ class RoleBindingSerializer(serializers.ModelSerializer):
|
|||
model = RoleBinding
|
||||
fields = [
|
||||
'id', 'user', 'user_display', 'role', 'role_display',
|
||||
'scope', 'org',
|
||||
'scope', 'org', 'org_name',
|
||||
]
|
||||
read_only_fields = ['scope']
|
||||
extra_kwargs = {
|
||||
'user_display': {'label': _('User display')},
|
||||
'role_display': {'label': _('Role display')},
|
||||
'org_name': {'label': _("Org name")}
|
||||
}
|
||||
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue