github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

fix: 修复过滤用户组织角色不生效的问题

pull/12938/head
Bai 2024-04-03 15:48:40 +08:00 committed by Bryan
parent 3b8aab8c25
commit d78d55091c
1 changed files with 14 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
apps/users/filters.py
View File

@ -3,8 +3,9 @@ from django_filters import rest_framework as filters
from common.drf.filters import BaseFilterSet
from common.utils import is_uuid
from rbac.models import Role
from rbac.models import Role, OrgRoleBinding, SystemRoleBinding
from users.models.user import User
from orgs.utils import current_org
class UserFilter(BaseFilterSet):
@ -25,7 +26,7 @@ class UserFilter(BaseFilterSet):
)
@staticmethod
def get_role(value):
def _get_role(value):
from rbac.builtin import BuiltinRole
roles = BuiltinRole.get_roles()
for role in roles.values():
@ -37,22 +38,20 @@ class UserFilter(BaseFilterSet):
else:
return Role.objects.filter(name=value).first()
def filter_system_roles(self, queryset, name, value):
role = self.get_role(value)
def _filter_roles(self, queryset, value, scope):
role = self._get_role(value)
if not role:
return queryset.none()
queryset = queryset.prefetch_related('role_bindings') \
.filter(role_bindings__role_id=role.id) \
.filter(role_bindings__role__scope='system') \
.distinct()
rb_model = SystemRoleBinding if scope == Role.Scope.system.value else OrgRoleBinding
user_ids = rb_model.objects.filter(role_id=role.id).values_list('user_id', flat=True)
queryset = queryset.filter(id__in=user_ids).distinct()
return queryset
def filter_system_roles(self, queryset, name, value):
queryset = self._filter_roles(queryset=queryset, value=value, scope=Role.Scope.system.value)
return queryset
def filter_org_roles(self, queryset, name, value):
role = self.get_role(value)
if not role:
return queryset.none()
queryset = queryset.prefetch_related('role_bindings') \
.filter(role_bindings__role_id=role.id) \
.filter(role_bindings__role__scope='org') \
.distinct()
queryset = self._filter_roles(queryset=queryset, value=value, scope=Role.Scope.org.value)
return queryset