From d78d55091c82d4e8f3fd728d68d927cea0b3f8de Mon Sep 17 00:00:00 2001
From: Bai <baijiangjie@gmail.com>
Date: Wed, 3 Apr 2024 15:48:40 +0800
Subject: [PATCH] =?UTF-8?q?fix:=20=E4=BF=AE=E5=A4=8D=E8=BF=87=E6=BB=A4?=
 =?UTF-8?q?=E7=94=A8=E6=88=B7=E7=BB=84=E7=BB=87=E8=A7=92=E8=89=B2=E4=B8=8D?=
 =?UTF-8?q?=E7=94=9F=E6=95=88=E7=9A=84=E9=97=AE=E9=A2=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 apps/users/filters.py | 29 ++++++++++++++---------------
 1 file changed, 14 insertions(+), 15 deletions(-)

diff --git a/apps/users/filters.py b/apps/users/filters.py
index 9715a14af..dec174d16 100644
--- a/apps/users/filters.py
+++ b/apps/users/filters.py
@@ -3,8 +3,9 @@ from django_filters import rest_framework as filters
 
 from common.drf.filters import BaseFilterSet
 from common.utils import is_uuid
-from rbac.models import Role
+from rbac.models import Role, OrgRoleBinding, SystemRoleBinding
 from users.models.user import User
+from orgs.utils import current_org
 
 
 class UserFilter(BaseFilterSet):
@@ -25,7 +26,7 @@ class UserFilter(BaseFilterSet):
         )
 
     @staticmethod
-    def get_role(value):
+    def _get_role(value):
         from rbac.builtin import BuiltinRole
         roles = BuiltinRole.get_roles()
         for role in roles.values():
@@ -37,22 +38,20 @@ class UserFilter(BaseFilterSet):
         else:
             return Role.objects.filter(name=value).first()
 
-    def filter_system_roles(self, queryset, name, value):
-        role = self.get_role(value)
+    def _filter_roles(self, queryset, value, scope):
+        role = self._get_role(value)
         if not role:
             return queryset.none()
-        queryset = queryset.prefetch_related('role_bindings') \
-            .filter(role_bindings__role_id=role.id) \
-            .filter(role_bindings__role__scope='system') \
-            .distinct()
+        
+        rb_model = SystemRoleBinding if scope == Role.Scope.system.value else OrgRoleBinding
+        user_ids = rb_model.objects.filter(role_id=role.id).values_list('user_id', flat=True)
+        queryset = queryset.filter(id__in=user_ids).distinct()
+        return queryset
+
+    def filter_system_roles(self, queryset, name, value):
+        queryset = self._filter_roles(queryset=queryset, value=value, scope=Role.Scope.system.value)
         return queryset
 
     def filter_org_roles(self, queryset, name, value):
-        role = self.get_role(value)
-        if not role:
-            return queryset.none()
-        queryset = queryset.prefetch_related('role_bindings') \
-            .filter(role_bindings__role_id=role.id) \
-            .filter(role_bindings__role__scope='org') \
-            .distinct()
+        queryset = self._filter_roles(queryset=queryset, value=value, scope=Role.Scope.org.value)
         return queryset