diff --git a/apps/rbac/api/rolebinding.py b/apps/rbac/api/rolebinding.py index 677ef30bf..0dd431220 100644 --- a/apps/rbac/api/rolebinding.py +++ b/apps/rbac/api/rolebinding.py @@ -22,9 +22,10 @@ class RoleBindingViewSet(OrgBulkModelViewSet): 'user__name', 'user__username', 'role__name' ] - def get_queryset(self): - queryset = super().get_queryset() \ - .prefetch_related('user', 'role') \ + @staticmethod + def annotate_queryset(queryset): + queryset = queryset \ + .prefetch_related('user', 'role', 'org') \ .annotate( user_display=Concat( F('user__name'), Value('('), @@ -34,6 +35,11 @@ class RoleBindingViewSet(OrgBulkModelViewSet): ) return queryset + def get_queryset(self): + queryset = super().get_queryset() + queryset = self.annotate_queryset(queryset) + return queryset + class SystemRoleBindingViewSet(RoleBindingViewSet): model = SystemRoleBinding @@ -49,9 +55,13 @@ class SystemRoleBindingViewSet(RoleBindingViewSet): class OrgRoleBindingViewSet(RoleBindingViewSet): - model = OrgRoleBinding serializer_class = serializers.OrgRoleBindingSerializer + def get_queryset(self): + queryset = OrgRoleBinding.objects.root_all() + queryset = self.annotate_queryset(queryset) + return queryset + def perform_bulk_create(self, serializer): validated_data = serializer.validated_data bindings = [ diff --git a/apps/rbac/const.py b/apps/rbac/const.py index ff2534e72..2bac12c5d 100644 --- a/apps/rbac/const.py +++ b/apps/rbac/const.py @@ -103,7 +103,6 @@ only_system_permissions = ( ('terminal', 'replaystorage', '*', '*'), ('terminal', 'status', '*', '*'), ('terminal', 'task', '*', '*'), - ('tickets', '*', '*', '*'), ('authentication', '*', '*', '*'), ) diff --git a/apps/rbac/models/rolebinding.py b/apps/rbac/models/rolebinding.py index 3aa04955d..f7ee3881a 100644 --- a/apps/rbac/models/rolebinding.py +++ b/apps/rbac/models/rolebinding.py @@ -15,12 +15,18 @@ __all__ = ['RoleBinding', 'SystemRoleBinding', 'OrgRoleBinding'] class RoleBindingManager(models.Manager): def get_queryset(self): queryset = super(RoleBindingManager, self).get_queryset() - q = Q(scope=Scope.system) + q = Q(scope=Scope.system, org__isnull=True) if not current_org.is_root(): q |= Q(org_id=current_org.id, scope=Scope.org) queryset = queryset.filter(q) return queryset + def root_all(self): + queryset = super().get_queryset() + if current_org.is_root(): + return queryset + return self.get_queryset() + class RoleBinding(JMSModel): Scope = Scope @@ -53,6 +59,12 @@ class RoleBinding(JMSModel): display += ' | {org}'.format(org=self.org) return display + @property + def org_name(self): + if self.org: + return self.org.name + return '' + def save(self, *args, **kwargs): self.scope = self.role.scope return super().save(*args, **kwargs) @@ -65,7 +77,7 @@ class RoleBinding(JMSModel): @classmethod def get_role_users(cls, role): from users.models import User - bindings = cls.objects.filter(role=role, scope=role.scope) + bindings = cls.objects.root_all().filter(role=role, scope=role.scope) user_ids = bindings.values_list('user', flat=True).distinct() return User.objects.filter(id__in=user_ids) @@ -84,13 +96,13 @@ class RoleBinding(JMSModel): return self.role.display_name -class OrgRoleBindingManager(models.Manager): +class OrgRoleBindingManager(RoleBindingManager): def get_queryset(self): - queryset = super().get_queryset() + queryset = super(RoleBindingManager, self).get_queryset() if current_org.is_root(): - queryset = queryset.filter(scope=Scope.org) + queryset = queryset.none() else: - queryset = queryset.filter(org=current_org.id, scope=Scope.org) + queryset = queryset.filter(org_id=current_org.id, scope=Scope.org) return queryset @@ -118,9 +130,10 @@ class OrgRoleBinding(RoleBinding): verbose_name = _('Organization role binding') -class SystemRoleBindingManager(models.Manager): +class SystemRoleBindingManager(RoleBindingManager): def get_queryset(self): - queryset = super().get_queryset().filter(scope=Scope.system) + queryset = super(RoleBindingManager, self).get_queryset()\ + .filter(scope=Scope.system) return queryset diff --git a/apps/rbac/serializers/rolebinding.py b/apps/rbac/serializers/rolebinding.py index 75f0ed903..cfbf248b8 100644 --- a/apps/rbac/serializers/rolebinding.py +++ b/apps/rbac/serializers/rolebinding.py @@ -2,7 +2,6 @@ from rest_framework import serializers from django.utils.translation import ugettext_lazy as _ from orgs.serializers import CurrentOrgDefault -from orgs.utils import current_org from ..models import RoleBinding, SystemRoleBinding, OrgRoleBinding __all__ = [ @@ -15,12 +14,13 @@ class RoleBindingSerializer(serializers.ModelSerializer): model = RoleBinding fields = [ 'id', 'user', 'user_display', 'role', 'role_display', - 'scope', 'org', + 'scope', 'org', 'org_name', ] read_only_fields = ['scope'] extra_kwargs = { 'user_display': {'label': _('User display')}, 'role_display': {'label': _('Role display')}, + 'org_name': {'label': _("Org name")} }