From bb9d32dc189cc7c9b481568f68bd6607022ae93b Mon Sep 17 00:00:00 2001
From: ibuler <ibuler@qq.com>
Date: Mon, 18 Jul 2022 13:44:20 +0800
Subject: [PATCH] =?UTF-8?q?perf:=20=E4=BF=AE=E6=94=B9=E6=89=80=E6=9C=89?=
 =?UTF-8?q?=E7=BB=84=E7=BB=87=E5=90=8D=E7=A7=B0?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 apps/locale/ja/LC_MESSAGES/django.mo          |  4 +-
 apps/locale/ja/LC_MESSAGES/django.po          | 74 ++++++++++---------
 apps/locale/zh/LC_MESSAGES/django.mo          |  4 +-
 apps/locale/zh/LC_MESSAGES/django.po          | 74 ++++++++++---------
 .../0013_alter_organization_options.py        | 17 +++++
 apps/orgs/models.py                           |  1 +
 apps/rbac/builtin.py                          |  5 +-
 apps/rbac/models/rolebinding.py               | 11 ++-
 8 files changed, 117 insertions(+), 73 deletions(-)
 create mode 100644 apps/orgs/migrations/0013_alter_organization_options.py

diff --git a/apps/locale/ja/LC_MESSAGES/django.mo b/apps/locale/ja/LC_MESSAGES/django.mo
index 789260264..e6d644bf9 100644
--- a/apps/locale/ja/LC_MESSAGES/django.mo
+++ b/apps/locale/ja/LC_MESSAGES/django.mo
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:4d5cc27fc996896f8cba5773c99de59ff854f7ef1ae8c470d5c74bb6b371e6ed
-size 128472
+oid sha256:94dbd28454eaced93affd6baeb1f7c2cb1b2c28a7144ccdcef6963a2fad92616
+size 128666
diff --git a/apps/locale/ja/LC_MESSAGES/django.po b/apps/locale/ja/LC_MESSAGES/django.po
index 54c5c70f0..e832dc06d 100644
--- a/apps/locale/ja/LC_MESSAGES/django.po
+++ b/apps/locale/ja/LC_MESSAGES/django.po
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2022-07-15 17:15+0800\n"
+"POT-Creation-Date: 2022-07-18 14:01+0800\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -88,8 +88,8 @@ msgstr "ログイン確認"
 #: acls/models/login_acl.py:24 acls/models/login_asset_acl.py:20
 #: assets/models/cmd_filter.py:30 assets/models/label.py:15 audits/models.py:37
 #: audits/models.py:62 audits/models.py:87 audits/serializers.py:100
-#: authentication/models.py:54 authentication/models.py:78 orgs/models.py:214
-#: perms/models/base.py:84 rbac/builtin.py:117 rbac/models/rolebinding.py:41
+#: authentication/models.py:54 authentication/models.py:78 orgs/models.py:215
+#: perms/models/base.py:84 rbac/builtin.py:120 rbac/models/rolebinding.py:41
 #: terminal/backends/command/models.py:20
 #: terminal/backends/command/serializers.py:13 terminal/models/session.py:44
 #: terminal/models/sharing.py:33 terminal/notifications.py:91
@@ -363,7 +363,7 @@ msgstr "タイプ表示"
 #: assets/serializers/account.py:18 assets/serializers/cmd_filter.py:28
 #: assets/serializers/cmd_filter.py:48 common/db/models.py:114
 #: common/mixins/models.py:50 ops/models/adhoc.py:39 ops/models/command.py:30
-#: orgs/models.py:67 orgs/models.py:217 perms/models/base.py:92
+#: orgs/models.py:67 orgs/models.py:218 perms/models/base.py:92
 #: users/models/group.py:18 users/models/user.py:922
 #: xpack/plugins/cloud/models.py:125
 msgid "Date created"
@@ -373,7 +373,7 @@ msgstr "作成された日付"
 #: assets/models/gathered_user.py:20 assets/serializers/account.py:21
 #: assets/serializers/cmd_filter.py:29 assets/serializers/cmd_filter.py:49
 #: common/db/models.py:115 common/mixins/models.py:51 ops/models/adhoc.py:40
-#: orgs/models.py:218
+#: orgs/models.py:219
 msgid "Date updated"
 msgstr "更新日"
 
@@ -624,7 +624,7 @@ msgstr "ラベル"
 #: assets/models/cluster.py:28 assets/models/cmd_filter.py:52
 #: assets/models/cmd_filter.py:99 assets/models/group.py:21
 #: common/db/models.py:112 common/mixins/models.py:49 orgs/models.py:66
-#: orgs/models.py:219 perms/models/base.py:91 users/models/user.py:706
+#: orgs/models.py:220 perms/models/base.py:91 users/models/user.py:706
 #: users/serializers/group.py:33
 #: xpack/plugins/change_auth_plan/models/base.py:48
 #: xpack/plugins/cloud/models.py:122 xpack/plugins/gathered_user/models.py:30
@@ -735,7 +735,7 @@ msgid "Trigger mode"
 msgstr "トリガーモード"
 
 #: assets/models/backup.py:119 audits/models.py:127
-#: terminal/models/sharing.py:106
+#: terminal/models/sharing.py:108
 #: xpack/plugins/change_auth_plan/models/base.py:201
 #: xpack/plugins/change_auth_plan/serializers/app.py:66
 #: xpack/plugins/change_auth_plan/serializers/asset.py:180
@@ -1435,7 +1435,7 @@ msgid "Symlink"
 msgstr "Symlink"
 
 #: audits/models.py:38 audits/models.py:66 audits/models.py:89
-#: terminal/models/session.py:51 terminal/models/sharing.py:94
+#: terminal/models/session.py:51 terminal/models/sharing.py:96
 msgid "Remote addr"
 msgstr "リモートaddr"
 
@@ -1447,7 +1447,7 @@ msgstr "操作"
 msgid "Filename"
 msgstr "ファイル名"
 
-#: audits/models.py:43 audits/models.py:117 terminal/models/sharing.py:102
+#: audits/models.py:43 audits/models.py:117 terminal/models/sharing.py:104
 #: tickets/views/approve.py:115
 #: xpack/plugins/change_auth_plan/serializers/app.py:87
 #: xpack/plugins/change_auth_plan/serializers/asset.py:198
@@ -3025,7 +3025,7 @@ msgid "App organizations"
 msgstr "アプリ組織"
 
 #: orgs/mixins/models.py:57 orgs/mixins/serializers.py:25 orgs/models.py:80
-#: orgs/models.py:211 rbac/const.py:7 rbac/models/rolebinding.py:48
+#: orgs/models.py:212 rbac/const.py:7 rbac/models/rolebinding.py:48
 #: rbac/serializers/rolebinding.py:40 settings/serializers/auth/ldap.py:62
 #: tickets/models/ticket/general.py:300 tickets/serializers/ticket/ticket.py:71
 msgid "Organization"
@@ -3039,7 +3039,11 @@ msgstr "グローバル組織"
 msgid "Can view root org"
 msgstr "グローバル組織を表示できます"
 
-#: orgs/models.py:216 rbac/models/role.py:46 rbac/models/rolebinding.py:44
+#: orgs/models.py:83
+msgid "Can view all joined org"
+msgstr "参加しているすべての組織を表示できます"
+
+#: orgs/models.py:217 rbac/models/role.py:46 rbac/models/rolebinding.py:44
 #: users/models/user.py:671
 msgid "Role"
 msgstr "ロール"
@@ -3260,27 +3264,27 @@ msgstr "{} 少なくとも1つのシステムロール"
 msgid "RBAC"
 msgstr "RBAC"
 
-#: rbac/builtin.py:108
+#: rbac/builtin.py:111
 msgid "SystemAdmin"
 msgstr "システム管理者"
 
-#: rbac/builtin.py:111
+#: rbac/builtin.py:114
 msgid "SystemAuditor"
 msgstr "システム監査人"
 
-#: rbac/builtin.py:114
+#: rbac/builtin.py:117
 msgid "SystemComponent"
 msgstr "システムコンポーネント"
 
-#: rbac/builtin.py:120
+#: rbac/builtin.py:123
 msgid "OrgAdmin"
 msgstr "組織管理者"
 
-#: rbac/builtin.py:123
+#: rbac/builtin.py:126
 msgid "OrgAuditor"
 msgstr "監査員を組織する"
 
-#: rbac/builtin.py:126
+#: rbac/builtin.py:129
 msgid "OrgUser"
 msgstr "組織ユーザー"
 
@@ -3336,18 +3340,22 @@ msgstr "組織の役割"
 msgid "Role binding"
 msgstr "ロールバインディング"
 
-#: rbac/models/rolebinding.py:159
+#: rbac/models/rolebinding.py:137
+msgid "All organizations"
+msgstr "全ての組織"
+
+#: rbac/models/rolebinding.py:166
 msgid ""
 "User last role in org, can not be delete, you can remove user from org "
 "instead"
 msgstr ""
 "ユーザーの最後のロールは削除できません。ユーザーを組織から削除できます。"
 
-#: rbac/models/rolebinding.py:166
+#: rbac/models/rolebinding.py:173
 msgid "Organization role binding"
 msgstr "組織の役割バインディング"
 
-#: rbac/models/rolebinding.py:181
+#: rbac/models/rolebinding.py:188
 msgid "System role binding"
 msgstr "システムロールバインディング"
 
@@ -4775,7 +4783,7 @@ msgid "Output"
 msgstr "出力"
 
 #: terminal/backends/command/models.py:25 terminal/models/replay.py:9
-#: terminal/models/sharing.py:19 terminal/models/sharing.py:76
+#: terminal/models/sharing.py:19 terminal/models/sharing.py:78
 #: terminal/templates/terminal/_msg_command_alert.html:10
 #: tickets/models/ticket/command_confirm.py:20
 msgid "Session"
@@ -4897,7 +4905,7 @@ msgstr "セッションのリプレイをアップロードできます"
 msgid "Can download session replay"
 msgstr "セッション再生をダウンロードできます"
 
-#: terminal/models/session.py:50 terminal/models/sharing.py:99
+#: terminal/models/session.py:50 terminal/models/sharing.py:101
 msgid "Login from"
 msgstr "ログイン元"
 
@@ -4933,7 +4941,7 @@ msgstr "セッションアクションのパーマを検証できます"
 msgid "Creator"
 msgstr "作成者"
 
-#: terminal/models/sharing.py:26 terminal/models/sharing.py:78
+#: terminal/models/sharing.py:26 terminal/models/sharing.py:80
 msgid "Verify code"
 msgstr "コードの確認"
 
@@ -4941,7 +4949,7 @@ msgstr "コードの確認"
 msgid "Expired time (min)"
 msgstr "期限切れ時間 (分)"
 
-#: terminal/models/sharing.py:37 terminal/models/sharing.py:81
+#: terminal/models/sharing.py:37 terminal/models/sharing.py:83
 msgid "Session sharing"
 msgstr "セッション共有"
 
@@ -4949,40 +4957,40 @@ msgstr "セッション共有"
 msgid "Can add super session sharing"
 msgstr "スーパーセッション共有を追加できます"
 
-#: terminal/models/sharing.py:64
+#: terminal/models/sharing.py:66
 msgid "Link not active"
 msgstr "リンクがアクティブでない"
 
-#: terminal/models/sharing.py:66
+#: terminal/models/sharing.py:68
 msgid "Link expired"
 msgstr "リンク期限切れ"
 
-#: terminal/models/sharing.py:68
+#: terminal/models/sharing.py:70
 msgid "User not allowed to join"
 msgstr "ユーザーはセッションに参加できません"
 
-#: terminal/models/sharing.py:85 terminal/serializers/sharing.py:59
+#: terminal/models/sharing.py:87 terminal/serializers/sharing.py:59
 msgid "Joiner"
 msgstr "ジョイナー"
 
-#: terminal/models/sharing.py:88
+#: terminal/models/sharing.py:90
 msgid "Date joined"
 msgstr "参加日"
 
-#: terminal/models/sharing.py:91
+#: terminal/models/sharing.py:93
 msgid "Date left"
 msgstr "日付が残っています"
 
-#: terminal/models/sharing.py:109 tickets/const.py:26
+#: terminal/models/sharing.py:111 tickets/const.py:26
 #: xpack/plugins/change_auth_plan/models/base.py:192
 msgid "Finished"
 msgstr "終了"
 
-#: terminal/models/sharing.py:114
+#: terminal/models/sharing.py:116
 msgid "Session join record"
 msgstr "セッション参加記録"
 
-#: terminal/models/sharing.py:130
+#: terminal/models/sharing.py:132
 msgid "Invalid verification code"
 msgstr "検証コードが無効"
 
diff --git a/apps/locale/zh/LC_MESSAGES/django.mo b/apps/locale/zh/LC_MESSAGES/django.mo
index acdae1731..3f244b4f6 100644
--- a/apps/locale/zh/LC_MESSAGES/django.mo
+++ b/apps/locale/zh/LC_MESSAGES/django.mo
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:7ee69ce22224f6cae615752c034e495c29d93ed9dbe86767f044d5c0f663b8cc
-size 105904
+oid sha256:3803a3c5301b92b11e1478dc674d8a95525203ff9636e8ab99914b660005aa37
+size 106048
diff --git a/apps/locale/zh/LC_MESSAGES/django.po b/apps/locale/zh/LC_MESSAGES/django.po
index 15cb33b57..42deeb5ba 100644
--- a/apps/locale/zh/LC_MESSAGES/django.po
+++ b/apps/locale/zh/LC_MESSAGES/django.po
@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: JumpServer 0.3.3\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2022-07-15 17:15+0800\n"
+"POT-Creation-Date: 2022-07-18 14:01+0800\n"
 "PO-Revision-Date: 2021-05-20 10:54+0800\n"
 "Last-Translator: ibuler <ibuler@qq.com>\n"
 "Language-Team: JumpServer team<ibuler@qq.com>\n"
@@ -87,8 +87,8 @@ msgstr "登录复核"
 #: acls/models/login_acl.py:24 acls/models/login_asset_acl.py:20
 #: assets/models/cmd_filter.py:30 assets/models/label.py:15 audits/models.py:37
 #: audits/models.py:62 audits/models.py:87 audits/serializers.py:100
-#: authentication/models.py:54 authentication/models.py:78 orgs/models.py:214
-#: perms/models/base.py:84 rbac/builtin.py:117 rbac/models/rolebinding.py:41
+#: authentication/models.py:54 authentication/models.py:78 orgs/models.py:215
+#: perms/models/base.py:84 rbac/builtin.py:120 rbac/models/rolebinding.py:41
 #: terminal/backends/command/models.py:20
 #: terminal/backends/command/serializers.py:13 terminal/models/session.py:44
 #: terminal/models/sharing.py:33 terminal/notifications.py:91
@@ -358,7 +358,7 @@ msgstr "类型名称"
 #: assets/serializers/account.py:18 assets/serializers/cmd_filter.py:28
 #: assets/serializers/cmd_filter.py:48 common/db/models.py:114
 #: common/mixins/models.py:50 ops/models/adhoc.py:39 ops/models/command.py:30
-#: orgs/models.py:67 orgs/models.py:217 perms/models/base.py:92
+#: orgs/models.py:67 orgs/models.py:218 perms/models/base.py:92
 #: users/models/group.py:18 users/models/user.py:922
 #: xpack/plugins/cloud/models.py:125
 msgid "Date created"
@@ -368,7 +368,7 @@ msgstr "创建日期"
 #: assets/models/gathered_user.py:20 assets/serializers/account.py:21
 #: assets/serializers/cmd_filter.py:29 assets/serializers/cmd_filter.py:49
 #: common/db/models.py:115 common/mixins/models.py:51 ops/models/adhoc.py:40
-#: orgs/models.py:218
+#: orgs/models.py:219
 msgid "Date updated"
 msgstr "更新日期"
 
@@ -619,7 +619,7 @@ msgstr "标签管理"
 #: assets/models/cluster.py:28 assets/models/cmd_filter.py:52
 #: assets/models/cmd_filter.py:99 assets/models/group.py:21
 #: common/db/models.py:112 common/mixins/models.py:49 orgs/models.py:66
-#: orgs/models.py:219 perms/models/base.py:91 users/models/user.py:706
+#: orgs/models.py:220 perms/models/base.py:91 users/models/user.py:706
 #: users/serializers/group.py:33
 #: xpack/plugins/change_auth_plan/models/base.py:48
 #: xpack/plugins/cloud/models.py:122 xpack/plugins/gathered_user/models.py:30
@@ -730,7 +730,7 @@ msgid "Trigger mode"
 msgstr "触发模式"
 
 #: assets/models/backup.py:119 audits/models.py:127
-#: terminal/models/sharing.py:106
+#: terminal/models/sharing.py:108
 #: xpack/plugins/change_auth_plan/models/base.py:201
 #: xpack/plugins/change_auth_plan/serializers/app.py:66
 #: xpack/plugins/change_auth_plan/serializers/asset.py:180
@@ -1423,7 +1423,7 @@ msgid "Symlink"
 msgstr "建立软链接"
 
 #: audits/models.py:38 audits/models.py:66 audits/models.py:89
-#: terminal/models/session.py:51 terminal/models/sharing.py:94
+#: terminal/models/session.py:51 terminal/models/sharing.py:96
 msgid "Remote addr"
 msgstr "远端地址"
 
@@ -1435,7 +1435,7 @@ msgstr "操作"
 msgid "Filename"
 msgstr "文件名"
 
-#: audits/models.py:43 audits/models.py:117 terminal/models/sharing.py:102
+#: audits/models.py:43 audits/models.py:117 terminal/models/sharing.py:104
 #: tickets/views/approve.py:115
 #: xpack/plugins/change_auth_plan/serializers/app.py:87
 #: xpack/plugins/change_auth_plan/serializers/asset.py:198
@@ -2985,7 +2985,7 @@ msgid "App organizations"
 msgstr "组织管理"
 
 #: orgs/mixins/models.py:57 orgs/mixins/serializers.py:25 orgs/models.py:80
-#: orgs/models.py:211 rbac/const.py:7 rbac/models/rolebinding.py:48
+#: orgs/models.py:212 rbac/const.py:7 rbac/models/rolebinding.py:48
 #: rbac/serializers/rolebinding.py:40 settings/serializers/auth/ldap.py:62
 #: tickets/models/ticket/general.py:300 tickets/serializers/ticket/ticket.py:71
 msgid "Organization"
@@ -2999,7 +2999,11 @@ msgstr "全局组织"
 msgid "Can view root org"
 msgstr "可以查看全局组织"
 
-#: orgs/models.py:216 rbac/models/role.py:46 rbac/models/rolebinding.py:44
+#: orgs/models.py:83
+msgid "Can view all joined org"
+msgstr "可以查看所有加入的组织"
+
+#: orgs/models.py:217 rbac/models/role.py:46 rbac/models/rolebinding.py:44
 #: users/models/user.py:671
 msgid "Role"
 msgstr "角色"
@@ -3218,27 +3222,27 @@ msgstr "{} 至少有一个系统角色"
 msgid "RBAC"
 msgstr "RBAC"
 
-#: rbac/builtin.py:108
+#: rbac/builtin.py:111
 msgid "SystemAdmin"
 msgstr "系统管理员"
 
-#: rbac/builtin.py:111
+#: rbac/builtin.py:114
 msgid "SystemAuditor"
 msgstr "系统审计员"
 
-#: rbac/builtin.py:114
+#: rbac/builtin.py:117
 msgid "SystemComponent"
 msgstr "系统组件"
 
-#: rbac/builtin.py:120
+#: rbac/builtin.py:123
 msgid "OrgAdmin"
 msgstr "组织管理员"
 
-#: rbac/builtin.py:123
+#: rbac/builtin.py:126
 msgid "OrgAuditor"
 msgstr "组织审计员"
 
-#: rbac/builtin.py:126
+#: rbac/builtin.py:129
 msgid "OrgUser"
 msgstr "组织用户"
 
@@ -3294,17 +3298,21 @@ msgstr "组织角色"
 msgid "Role binding"
 msgstr "角色绑定"
 
-#: rbac/models/rolebinding.py:159
+#: rbac/models/rolebinding.py:137
+msgid "All organizations"
+msgstr "所有组织"
+
+#: rbac/models/rolebinding.py:166
 msgid ""
 "User last role in org, can not be delete, you can remove user from org "
 "instead"
 msgstr "用户最后一个角色，不能删除，你可以将用户从组织移除"
 
-#: rbac/models/rolebinding.py:166
+#: rbac/models/rolebinding.py:173
 msgid "Organization role binding"
 msgstr "组织角色绑定"
 
-#: rbac/models/rolebinding.py:181
+#: rbac/models/rolebinding.py:188
 msgid "System role binding"
 msgstr "系统角色绑定"
 
@@ -4699,7 +4707,7 @@ msgid "Output"
 msgstr "输出"
 
 #: terminal/backends/command/models.py:25 terminal/models/replay.py:9
-#: terminal/models/sharing.py:19 terminal/models/sharing.py:76
+#: terminal/models/sharing.py:19 terminal/models/sharing.py:78
 #: terminal/templates/terminal/_msg_command_alert.html:10
 #: tickets/models/ticket/command_confirm.py:20
 msgid "Session"
@@ -4821,7 +4829,7 @@ msgstr "可以上传会话录像"
 msgid "Can download session replay"
 msgstr "可以下载会话录像"
 
-#: terminal/models/session.py:50 terminal/models/sharing.py:99
+#: terminal/models/session.py:50 terminal/models/sharing.py:101
 msgid "Login from"
 msgstr "登录来源"
 
@@ -4857,7 +4865,7 @@ msgstr "可以验证会话动作权限"
 msgid "Creator"
 msgstr "创建者"
 
-#: terminal/models/sharing.py:26 terminal/models/sharing.py:78
+#: terminal/models/sharing.py:26 terminal/models/sharing.py:80
 msgid "Verify code"
 msgstr "验证码"
 
@@ -4865,7 +4873,7 @@ msgstr "验证码"
 msgid "Expired time (min)"
 msgstr "过期时间 (分)"
 
-#: terminal/models/sharing.py:37 terminal/models/sharing.py:81
+#: terminal/models/sharing.py:37 terminal/models/sharing.py:83
 msgid "Session sharing"
 msgstr "会话分享"
 
@@ -4873,40 +4881,40 @@ msgstr "会话分享"
 msgid "Can add super session sharing"
 msgstr "可以创建超级会话分享"
 
-#: terminal/models/sharing.py:64
+#: terminal/models/sharing.py:66
 msgid "Link not active"
 msgstr "链接失效"
 
-#: terminal/models/sharing.py:66
+#: terminal/models/sharing.py:68
 msgid "Link expired"
 msgstr "链接过期"
 
-#: terminal/models/sharing.py:68
+#: terminal/models/sharing.py:70
 msgid "User not allowed to join"
 msgstr "该用户无权加入会话"
 
-#: terminal/models/sharing.py:85 terminal/serializers/sharing.py:59
+#: terminal/models/sharing.py:87 terminal/serializers/sharing.py:59
 msgid "Joiner"
 msgstr "加入者"
 
-#: terminal/models/sharing.py:88
+#: terminal/models/sharing.py:90
 msgid "Date joined"
 msgstr "加入日期"
 
-#: terminal/models/sharing.py:91
+#: terminal/models/sharing.py:93
 msgid "Date left"
 msgstr "结束日期"
 
-#: terminal/models/sharing.py:109 tickets/const.py:26
+#: terminal/models/sharing.py:111 tickets/const.py:26
 #: xpack/plugins/change_auth_plan/models/base.py:192
 msgid "Finished"
 msgstr "结束"
 
-#: terminal/models/sharing.py:114
+#: terminal/models/sharing.py:116
 msgid "Session join record"
 msgstr "会话加入记录"
 
-#: terminal/models/sharing.py:130
+#: terminal/models/sharing.py:132
 msgid "Invalid verification code"
 msgstr "验证码不正确"
 
diff --git a/apps/orgs/migrations/0013_alter_organization_options.py b/apps/orgs/migrations/0013_alter_organization_options.py
new file mode 100644
index 000000000..e868a87a3
--- /dev/null
+++ b/apps/orgs/migrations/0013_alter_organization_options.py
@@ -0,0 +1,17 @@
+# Generated by Django 3.2.12 on 2022-07-18 05:57
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('orgs', '0012_auto_20220118_1054'),
+    ]
+
+    operations = [
+        migrations.AlterModelOptions(
+            name='organization',
+            options={'permissions': (('view_rootorg', 'Can view root org'), ('view_alljoinedorg', 'Can view all joined org')), 'verbose_name': 'Organization'},
+        ),
+    ]
diff --git a/apps/orgs/models.py b/apps/orgs/models.py
index def83f509..c4208d7d0 100644
--- a/apps/orgs/models.py
+++ b/apps/orgs/models.py
@@ -80,6 +80,7 @@ class Organization(OrgRoleMixin, models.Model):
         verbose_name = _("Organization")
         permissions = (
             ('view_rootorg', _('Can view root org')),
+            ('view_alljoinedorg', _('Can view all joined org')),
         )
 
     def __str__(self):
diff --git a/apps/rbac/builtin.py b/apps/rbac/builtin.py
index f5b030d2b..93b058504 100644
--- a/apps/rbac/builtin.py
+++ b/apps/rbac/builtin.py
@@ -5,6 +5,9 @@ from .const import Scope, system_exclude_permissions, org_exclude_permissions
 _view_root_perms = (
     ('orgs', 'organization', 'view', 'rootorg'),
 )
+_view_all_joined_org_perms = (
+    ('orgs', 'organization', 'view', 'alljoinedorg'),
+)
 
 user_perms = (
     ('rbac', 'menupermission', 'view', 'workbench'),
@@ -24,7 +27,7 @@ system_user_perms = (
     ('authentication', 'temptoken', 'add,change,view', 'temptoken'),
     ('authentication', 'accesskey', '*', '*'),
     ('tickets', 'ticket', 'view', 'ticket'),
-) + user_perms + _view_root_perms
+) + user_perms + _view_all_joined_org_perms
 
 _auditor_perms = (
     ('rbac', 'menupermission', 'view', 'audit'),
diff --git a/apps/rbac/models/rolebinding.py b/apps/rbac/models/rolebinding.py
index 3caa83622..9b2256332 100644
--- a/apps/rbac/models/rolebinding.py
+++ b/apps/rbac/models/rolebinding.py
@@ -126,9 +126,16 @@ class RoleBinding(JMSModel):
             org_ids = [b.org.id for b in bindings if b.org]
             orgs = all_orgs.filter(id__in=org_ids)
 
+        workbench_perm = 'rbac.view_workbench'
         # 全局组织
-        if orgs and user.has_perm('orgs.view_rootorg'):
-            orgs = [Organization.root(), *list(orgs)]
+        if orgs and perm != workbench_perm and user.has_perm('orgs.view_rootorg'):
+            root_org = Organization.root()
+            orgs = [root_org, *list(orgs)]
+        elif orgs and perm == workbench_perm and user.has_perm('orgs.view_alljoinedorg'):
+            # Todo: 先复用组织
+            root_org = Organization.root()
+            root_org.name = _("All organizations")
+            orgs = [root_org, *list(orgs)]
         return orgs