mirror of https://github.com/jumpserver/jumpserver
perf: 修复 org role binding 在root组织下看到的可能不对
ibuler
Jiangjie.Bai
parent
efb26132f6
commit
7eed7b32cc
|
|
@ -22,9 +22,10 @@ class RoleBindingViewSet(OrgBulkModelViewSet):
|
||||||
'user__name', 'user__username', 'role__name'
|
'user__name', 'user__username', 'role__name'
|
||||||
]
|
]
|
||||||
|
|
||||||
def get_queryset(self):
|
@staticmethod
|
||||||
queryset = super().get_queryset() \
|
def annotate_queryset(queryset):
|
||||||
.prefetch_related('user', 'role') \
|
queryset = queryset \
|
||||||
|
.prefetch_related('user', 'role', 'org') \
|
||||||
.annotate(
|
.annotate(
|
||||||
user_display=Concat(
|
user_display=Concat(
|
||||||
F('user__name'), Value('('),
|
F('user__name'), Value('('),
|
||||||
|
|
@ -34,6 +35,11 @@ class RoleBindingViewSet(OrgBulkModelViewSet):
|
||||||
)
|
)
|
||||||
return queryset
|
return queryset
|
||||||
|
|
||||||
|
def get_queryset(self):
|
||||||
|
queryset = super().get_queryset()
|
||||||
|
queryset = self.annotate_queryset(queryset)
|
||||||
|
return queryset
|
||||||
|
|
||||||
|
|
||||||
class SystemRoleBindingViewSet(RoleBindingViewSet):
|
class SystemRoleBindingViewSet(RoleBindingViewSet):
|
||||||
model = SystemRoleBinding
|
model = SystemRoleBinding
|
||||||
|
|
@ -49,9 +55,13 @@ class SystemRoleBindingViewSet(RoleBindingViewSet):
|
||||||
|
|
||||||
|
|
||||||
class OrgRoleBindingViewSet(RoleBindingViewSet):
|
class OrgRoleBindingViewSet(RoleBindingViewSet):
|
||||||
model = OrgRoleBinding
|
|
||||||
serializer_class = serializers.OrgRoleBindingSerializer
|
serializer_class = serializers.OrgRoleBindingSerializer
|
||||||
|
|
||||||
|
def get_queryset(self):
|
||||||
|
queryset = OrgRoleBinding.objects.root_all()
|
||||||
|
queryset = self.annotate_queryset(queryset)
|
||||||
|
return queryset
|
||||||
|
|
||||||
def perform_bulk_create(self, serializer):
|
def perform_bulk_create(self, serializer):
|
||||||
validated_data = serializer.validated_data
|
validated_data = serializer.validated_data
|
||||||
bindings = [
|
bindings = [
|
||||||
|
|
|
||||||
|
|
@ -103,7 +103,6 @@ only_system_permissions = (
|
||||||
('terminal', 'replaystorage', '*', '*'),
|
('terminal', 'replaystorage', '*', '*'),
|
||||||
('terminal', 'status', '*', '*'),
|
('terminal', 'status', '*', '*'),
|
||||||
('terminal', 'task', '*', '*'),
|
('terminal', 'task', '*', '*'),
|
||||||
('tickets', '*', '*', '*'),
|
|
||||||
('authentication', '*', '*', '*'),
|
('authentication', '*', '*', '*'),
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -15,12 +15,18 @@ __all__ = ['RoleBinding', 'SystemRoleBinding', 'OrgRoleBinding']
|
||||||
class RoleBindingManager(models.Manager):
|
class RoleBindingManager(models.Manager):
|
||||||
def get_queryset(self):
|
def get_queryset(self):
|
||||||
queryset = super(RoleBindingManager, self).get_queryset()
|
queryset = super(RoleBindingManager, self).get_queryset()
|
||||||
q = Q(scope=Scope.system)
|
q = Q(scope=Scope.system, org__isnull=True)
|
||||||
if not current_org.is_root():
|
if not current_org.is_root():
|
||||||
q |= Q(org_id=current_org.id, scope=Scope.org)
|
q |= Q(org_id=current_org.id, scope=Scope.org)
|
||||||
queryset = queryset.filter(q)
|
queryset = queryset.filter(q)
|
||||||
return queryset
|
return queryset
|
||||||
|
|
||||||
|
def root_all(self):
|
||||||
|
queryset = super().get_queryset()
|
||||||
|
if current_org.is_root():
|
||||||
|
return queryset
|
||||||
|
return self.get_queryset()
|
||||||
|
|
||||||
|
|
||||||
class RoleBinding(JMSModel):
|
class RoleBinding(JMSModel):
|
||||||
Scope = Scope
|
Scope = Scope
|
||||||
|
|
@ -53,6 +59,12 @@ class RoleBinding(JMSModel):
|
||||||
display += ' | {org}'.format(org=self.org)
|
display += ' | {org}'.format(org=self.org)
|
||||||
return display
|
return display
|
||||||
|
|
||||||
|
@property
|
||||||
|
def org_name(self):
|
||||||
|
if self.org:
|
||||||
|
return self.org.name
|
||||||
|
return ''
|
||||||
|
|
||||||
def save(self, *args, **kwargs):
|
def save(self, *args, **kwargs):
|
||||||
self.scope = self.role.scope
|
self.scope = self.role.scope
|
||||||
return super().save(*args, **kwargs)
|
return super().save(*args, **kwargs)
|
||||||
|
|
@ -65,7 +77,7 @@ class RoleBinding(JMSModel):
|
||||||
@classmethod
|
@classmethod
|
||||||
def get_role_users(cls, role):
|
def get_role_users(cls, role):
|
||||||
from users.models import User
|
from users.models import User
|
||||||
bindings = cls.objects.filter(role=role, scope=role.scope)
|
bindings = cls.objects.root_all().filter(role=role, scope=role.scope)
|
||||||
user_ids = bindings.values_list('user', flat=True).distinct()
|
user_ids = bindings.values_list('user', flat=True).distinct()
|
||||||
return User.objects.filter(id__in=user_ids)
|
return User.objects.filter(id__in=user_ids)
|
||||||
|
|
||||||
|
|
@ -84,13 +96,13 @@ class RoleBinding(JMSModel):
|
||||||
return self.role.display_name
|
return self.role.display_name
|
||||||
|
|
||||||
|
|
||||||
class OrgRoleBindingManager(models.Manager):
|
class OrgRoleBindingManager(RoleBindingManager):
|
||||||
def get_queryset(self):
|
def get_queryset(self):
|
||||||
queryset = super().get_queryset()
|
queryset = super(RoleBindingManager, self).get_queryset()
|
||||||
if current_org.is_root():
|
if current_org.is_root():
|
||||||
queryset = queryset.filter(scope=Scope.org)
|
queryset = queryset.none()
|
||||||
else:
|
else:
|
||||||
queryset = queryset.filter(org=current_org.id, scope=Scope.org)
|
queryset = queryset.filter(org_id=current_org.id, scope=Scope.org)
|
||||||
return queryset
|
return queryset
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -118,9 +130,10 @@ class OrgRoleBinding(RoleBinding):
|
||||||
verbose_name = _('Organization role binding')
|
verbose_name = _('Organization role binding')
|
||||||
|
|
||||||
|
|
||||||
class SystemRoleBindingManager(models.Manager):
|
class SystemRoleBindingManager(RoleBindingManager):
|
||||||
def get_queryset(self):
|
def get_queryset(self):
|
||||||
queryset = super().get_queryset().filter(scope=Scope.system)
|
queryset = super(RoleBindingManager, self).get_queryset()\
|
||||||
|
.filter(scope=Scope.system)
|
||||||
return queryset
|
return queryset
|
||||||
|
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -2,7 +2,6 @@ from rest_framework import serializers
|
||||||
from django.utils.translation import ugettext_lazy as _
|
from django.utils.translation import ugettext_lazy as _
|
||||||
|
|
||||||
from orgs.serializers import CurrentOrgDefault
|
from orgs.serializers import CurrentOrgDefault
|
||||||
from orgs.utils import current_org
|
|
||||||
from ..models import RoleBinding, SystemRoleBinding, OrgRoleBinding
|
from ..models import RoleBinding, SystemRoleBinding, OrgRoleBinding
|
||||||
|
|
||||||
__all__ = [
|
__all__ = [
|
||||||
|
|
@ -15,12 +14,13 @@ class RoleBindingSerializer(serializers.ModelSerializer):
|
||||||
model = RoleBinding
|
model = RoleBinding
|
||||||
fields = [
|
fields = [
|
||||||
'id', 'user', 'user_display', 'role', 'role_display',
|
'id', 'user', 'user_display', 'role', 'role_display',
|
||||||
'scope', 'org',
|
'scope', 'org', 'org_name',
|
||||||
]
|
]
|
||||||
read_only_fields = ['scope']
|
read_only_fields = ['scope']
|
||||||
extra_kwargs = {
|
extra_kwargs = {
|
||||||
'user_display': {'label': _('User display')},
|
'user_display': {'label': _('User display')},
|
||||||
'role_display': {'label': _('Role display')},
|
'role_display': {'label': _('Role display')},
|
||||||
|
'org_name': {'label': _("Org name")}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue