mirror of https://github.com/jumpserver/jumpserver
fix: 修复过滤用户组织角色不生效的问题
parent
3b8aab8c25
commit
d78d55091c
|
@ -3,8 +3,9 @@ from django_filters import rest_framework as filters
|
||||||
|
|
||||||
from common.drf.filters import BaseFilterSet
|
from common.drf.filters import BaseFilterSet
|
||||||
from common.utils import is_uuid
|
from common.utils import is_uuid
|
||||||
from rbac.models import Role
|
from rbac.models import Role, OrgRoleBinding, SystemRoleBinding
|
||||||
from users.models.user import User
|
from users.models.user import User
|
||||||
|
from orgs.utils import current_org
|
||||||
|
|
||||||
|
|
||||||
class UserFilter(BaseFilterSet):
|
class UserFilter(BaseFilterSet):
|
||||||
|
@ -25,7 +26,7 @@ class UserFilter(BaseFilterSet):
|
||||||
)
|
)
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def get_role(value):
|
def _get_role(value):
|
||||||
from rbac.builtin import BuiltinRole
|
from rbac.builtin import BuiltinRole
|
||||||
roles = BuiltinRole.get_roles()
|
roles = BuiltinRole.get_roles()
|
||||||
for role in roles.values():
|
for role in roles.values():
|
||||||
|
@ -37,22 +38,20 @@ class UserFilter(BaseFilterSet):
|
||||||
else:
|
else:
|
||||||
return Role.objects.filter(name=value).first()
|
return Role.objects.filter(name=value).first()
|
||||||
|
|
||||||
def filter_system_roles(self, queryset, name, value):
|
def _filter_roles(self, queryset, value, scope):
|
||||||
role = self.get_role(value)
|
role = self._get_role(value)
|
||||||
if not role:
|
if not role:
|
||||||
return queryset.none()
|
return queryset.none()
|
||||||
queryset = queryset.prefetch_related('role_bindings') \
|
|
||||||
.filter(role_bindings__role_id=role.id) \
|
rb_model = SystemRoleBinding if scope == Role.Scope.system.value else OrgRoleBinding
|
||||||
.filter(role_bindings__role__scope='system') \
|
user_ids = rb_model.objects.filter(role_id=role.id).values_list('user_id', flat=True)
|
||||||
.distinct()
|
queryset = queryset.filter(id__in=user_ids).distinct()
|
||||||
|
return queryset
|
||||||
|
|
||||||
|
def filter_system_roles(self, queryset, name, value):
|
||||||
|
queryset = self._filter_roles(queryset=queryset, value=value, scope=Role.Scope.system.value)
|
||||||
return queryset
|
return queryset
|
||||||
|
|
||||||
def filter_org_roles(self, queryset, name, value):
|
def filter_org_roles(self, queryset, name, value):
|
||||||
role = self.get_role(value)
|
queryset = self._filter_roles(queryset=queryset, value=value, scope=Role.Scope.org.value)
|
||||||
if not role:
|
|
||||||
return queryset.none()
|
|
||||||
queryset = queryset.prefetch_related('role_bindings') \
|
|
||||||
.filter(role_bindings__role_id=role.id) \
|
|
||||||
.filter(role_bindings__role__scope='org') \
|
|
||||||
.distinct()
|
|
||||||
return queryset
|
return queryset
|
||||||
|
|
Loading…
Reference in New Issue