def get_queryset(self):
queryset = super().get_queryset()
if current_org.is_root():
return queryset
users = self.get_org_members()
queryset = queryset.filter(username__in=users)
return queryset
def get_queryset(self):
queryset = super(RoleBindingManager, self).get_queryset()
q = Q(scope=Scope.system, org__isnull=True)
if not current_org.is_root():
q |= Q(org_id=current_org.id, scope=Scope.org)
queryset = queryset.filter(q)
return queryset
def get_queryset(self):
queryset = super(RoleBindingManager, self).get_queryset()
if current_org.is_root():
queryset = queryset.none()
else:
queryset = queryset.filter(org_id=current_org.id, scope=Scope.org)
return queryset
def remove(self):
if current_org.is_root():
return
kwargs = dict(sender=self.__class__, user=self, org=current_org)
pre_user_leave_org.send(**kwargs)
self.org_roles.clear()
post_user_leave_org.send(**kwargs)
def add(self, *roles):
if not roles:
return
roles = self._clean_roles(roles)
old_ids = self.role_bindings.values_list('role', flat=True)
need_adds = [r for r in roles if r.id not in old_ids]
items = []
for role in need_adds:
kwargs = {'role': role, 'user': self.user, 'scope': self.scope}
if self.scope == Scope.org:
if current_org.is_root():
continue
else:
kwargs['org_id'] = current_org.id
items.append(self.role_binding_cls(**kwargs))
try:
result = bulk_create_with_signal(self.role_binding_cls,
items,
ignore_conflicts=True)
self.user.expire_users_rbac_perms_cache()
return result
except Exception as e:
logger.error('Create role binding error: {}'.format(e))
def all(self):
kwargs = self.get_annotate()
filters = self.get_filter()
qs = self.model.objects.all().annotate(**kwargs)
if not current_org.is_root():
filters['org_id'] = current_org.org_id()
qs = qs.filter(**filters)
qs = self.qs_to_values(qs)
return qs
def get_queryset(self):
queryset = super().get_queryset().prefetch_related('groups')
if not current_org.is_root():
# 为在列表中计算用户在真实组织里的角色
queryset = queryset.prefetch_related(
Prefetch('m2m_org_members',
queryset=OrganizationMember.objects.filter(
org__id=current_org.id)))
return queryset
def get_queryset(self):
queryset = self.model.objects.all()
if not current_org.is_root():
org_id = current_org.org_id()
queryset = queryset.filter(systemuser__org_id=org_id)
queryset = queryset.annotate(
systemuser_display=Concat(F('systemuser__name'), Value('('),
F('systemuser__username'), Value(')')))
return queryset
def set_users_to_org(users, org_roles, update=False):
# 只有真实存在的组织才真正关联用户
if not current_org or current_org.is_root():
return
for user, roles in zip(users, org_roles):
if update and roles is None:
continue
if not roles:
# 当前组织创建的用户,至少是该组织的`User`
roles = [ORG_ROLE.USER]
OrganizationMember.objects.set_user_roles(current_org, user, roles)
def current_org_roles(self):
from orgs.models import OrganizationMember, ROLE as ORG_ROLE
if current_org.is_root():
if self.is_superuser:
return [ORG_ROLE.ADMIN]
else:
return [ORG_ROLE.USER]
roles = list(set(OrganizationMember.objects.filter(
org_id=current_org.id, user=self
).values_list('role', flat=True)))
return roles
def invite(self, request):
if not current_org or current_org.is_root():
error = {"error": "Not a valid org"}
return Response(error, status=400)
serializer_cls = self.get_serializer_class()
serializer = serializer_cls(data=request.data)
serializer.is_valid(raise_exception=True)
validated_data = serializer.validated_data
users = validated_data['users']
org_roles = validated_data['org_roles']
for user in users:
user.org_roles.set(org_roles)
return Response(serializer.data, status=201)
def get_object(self):
pk = self.kwargs.get('pk') or self.request.query_params.get('id')
key = self.request.query_params.get("key")
if not pk and not key:
self.is_initial = True
if current_org.is_root():
node = None
else:
node = Node.org_root()
return node
if pk:
node = get_object_or_404(Node, pk=pk)
else:
node = get_object_or_404(Node, key=key)
return node
def add(self, *roles):
from rbac.models import RoleBinding
items = []
for role in roles:
kwargs = {'role': role, 'user': self.user, 'scope': role.scope}
if self.scope and role.scope != self.scope:
continue
if not current_org.is_root(
) and role.scope == RoleBinding.Scope.org:
kwargs['org_id'] = current_org.id
items.append(RoleBinding(**kwargs))
try:
RoleBinding.objects.bulk_create(items, ignore_conflicts=True)
except Exception as e:
logger.error('Create role binding error: {}'.format(e))
def invite(self, request):
data = request.data
if not isinstance(data, list):
data = [request.data]
if not current_org or current_org.is_root():
error = {"error": "Not a valid org"}
return Response(error, status=400)
serializer_cls = self.get_serializer_class()
serializer = serializer_cls(data=data, many=True)
serializer.is_valid(raise_exception=True)
validated_data = serializer.validated_data
for i in validated_data:
i['org_id'] = current_org.org_id()
relations = [OrganizationMember(**i) for i in validated_data]
OrganizationMember.objects.bulk_create(relations,
ignore_conflicts=True)
return Response(serializer.data, status=201)
def get_queryset(self):
query_all = self.request.query_params.get("all", "0") == "all"
if self.is_initial and current_org.is_root():
return self.get_org_root_queryset(query_all)
if self.is_initial:
with_self = True
else:
with_self = False
if not self.instance:
return Node.objects.none()
if query_all:
queryset = self.instance.get_all_children(with_self=with_self)
else:
queryset = self.instance.get_children(with_self=with_self)
return queryset
def org_roles(self):
from orgs.models import ROLE as ORG_ROLE
if current_org.is_root():
# root 组织, 取 User 本身的角色
if self.is_superuser:
roles = [ORG_ROLE.ADMIN]
elif self.is_super_auditor:
roles = [ORG_ROLE.AUDITOR]
else:
roles = [ORG_ROLE.USER]
else:
# 是真实组织, 取 OrganizationMember 中的角色
roles = [
org_member.role for org_member in self.m2m_org_members.all()
if org_member.org_id == current_org.id
]
roles.sort()
return roles
def get_login_logs(cls, date_from=None, date_to=None, user=None, keyword=None):
login_logs = cls.objects.all()
if date_from and date_to:
date_from = "{} {}".format(date_from, '00:00:00')
date_to = "{} {}".format(date_to, '23:59:59')
login_logs = login_logs.filter(
datetime__gte=date_from, datetime__lte=date_to
)
if user:
login_logs = login_logs.filter(username=user)
if keyword:
login_logs = login_logs.filter(
Q(ip__contains=keyword) |
Q(city__contains=keyword) |
Q(username__contains=keyword)
)
if not current_org.is_root():
username_list = current_org.get_members().values_list('username', flat=True)
login_logs = login_logs.filter(username__in=username_list)
return login_logs
def invite(self, request):
data = request.data
if not isinstance(data, list):
data = [request.data]
if not current_org or current_org.is_root():
error = {"error": "Not a valid org"}
return Response(error, status=400)
serializer_cls = self.get_serializer_class()
serializer = serializer_cls(data=data, many=True)
serializer.is_valid(raise_exception=True)
validated_data = serializer.validated_data
users_by_role = defaultdict(list)
for i in validated_data:
users_by_role[i['role']].append(i['user'])
OrganizationMember.objects.add_users_by_role(
current_org,
users=users_by_role[ORG_ROLE.USER],
admins=users_by_role[ORG_ROLE.ADMIN],
auditors=users_by_role[ORG_ROLE.AUDITOR])
return Response(serializer.data, status=201)
def get_queryset(self):
queryset = super().get_queryset()
if current_org.is_root():
return queryset
queryset = queryset.filter(run_as__org_id=current_org.org_id())
return queryset
def remove(self):
if current_org.is_root():
return
org = Organization.get_instance(current_org.id)
OrganizationMember.objects.remove_users(org, [self])
def on_user_global_create_refresh_cache(sender, instance, created, **kwargs):
if created and current_org.is_root():
refresh_cache('users_amount', current_org)
def get_queryset(self):
queryset = super().get_queryset()
if not current_org.is_root():
org_id = current_org.org_id()
queryset = queryset.filter(**{f'{self.from_field}__org_id': org_id})
return queryset
def perform_destroy(self, instance):
if not current_org.is_root():
instance.remove()
else:
return super().perform_destroy(instance)
def root_all(self):
queryset = super().get_queryset()
if current_org.is_root():
return queryset
return self.get_queryset()
def save(self, *args, **kwargs):
if current_org.is_root() and not self.org_id:
self.org_id = Organization.ROOT_ID
return super(OperateLog, self).save(*args, **kwargs)
def create(self, request, *args, **kwargs):
if current_org.is_root():
raise MethodNotAllowed('post', self.root_org_readonly_msg)
return super().update(request, *args, **kwargs)
