def get_queryset(self): queryset = super().get_queryset() if current_org.is_root(): return queryset users = self.get_org_members() queryset = queryset.filter(username__in=users) return queryset
def get_queryset(self): queryset = super(RoleBindingManager, self).get_queryset() q = Q(scope=Scope.system, org__isnull=True) if not current_org.is_root(): q |= Q(org_id=current_org.id, scope=Scope.org) queryset = queryset.filter(q) return queryset
def get_queryset(self): queryset = super(RoleBindingManager, self).get_queryset() if current_org.is_root(): queryset = queryset.none() else: queryset = queryset.filter(org_id=current_org.id, scope=Scope.org) return queryset
def remove(self): if current_org.is_root(): return kwargs = dict(sender=self.__class__, user=self, org=current_org) pre_user_leave_org.send(**kwargs) self.org_roles.clear() post_user_leave_org.send(**kwargs)
def add(self, *roles): if not roles: return roles = self._clean_roles(roles) old_ids = self.role_bindings.values_list('role', flat=True) need_adds = [r for r in roles if r.id not in old_ids] items = [] for role in need_adds: kwargs = {'role': role, 'user': self.user, 'scope': self.scope} if self.scope == Scope.org: if current_org.is_root(): continue else: kwargs['org_id'] = current_org.id items.append(self.role_binding_cls(**kwargs)) try: result = bulk_create_with_signal(self.role_binding_cls, items, ignore_conflicts=True) self.user.expire_users_rbac_perms_cache() return result except Exception as e: logger.error('Create role binding error: {}'.format(e))
def all(self): kwargs = self.get_annotate() filters = self.get_filter() qs = self.model.objects.all().annotate(**kwargs) if not current_org.is_root(): filters['org_id'] = current_org.org_id() qs = qs.filter(**filters) qs = self.qs_to_values(qs) return qs
def get_queryset(self): queryset = super().get_queryset().prefetch_related('groups') if not current_org.is_root(): # 为在列表中计算用户在真实组织里的角色 queryset = queryset.prefetch_related( Prefetch('m2m_org_members', queryset=OrganizationMember.objects.filter( org__id=current_org.id))) return queryset
def get_queryset(self): queryset = self.model.objects.all() if not current_org.is_root(): org_id = current_org.org_id() queryset = queryset.filter(systemuser__org_id=org_id) queryset = queryset.annotate( systemuser_display=Concat(F('systemuser__name'), Value('('), F('systemuser__username'), Value(')'))) return queryset
def set_users_to_org(users, org_roles, update=False): # 只有真实存在的组织才真正关联用户 if not current_org or current_org.is_root(): return for user, roles in zip(users, org_roles): if update and roles is None: continue if not roles: # 当前组织创建的用户,至少是该组织的`User` roles = [ORG_ROLE.USER] OrganizationMember.objects.set_user_roles(current_org, user, roles)
def current_org_roles(self): from orgs.models import OrganizationMember, ROLE as ORG_ROLE if current_org.is_root(): if self.is_superuser: return [ORG_ROLE.ADMIN] else: return [ORG_ROLE.USER] roles = list(set(OrganizationMember.objects.filter( org_id=current_org.id, user=self ).values_list('role', flat=True))) return roles
def invite(self, request): if not current_org or current_org.is_root(): error = {"error": "Not a valid org"} return Response(error, status=400) serializer_cls = self.get_serializer_class() serializer = serializer_cls(data=request.data) serializer.is_valid(raise_exception=True) validated_data = serializer.validated_data users = validated_data['users'] org_roles = validated_data['org_roles'] for user in users: user.org_roles.set(org_roles) return Response(serializer.data, status=201)
def get_object(self): pk = self.kwargs.get('pk') or self.request.query_params.get('id') key = self.request.query_params.get("key") if not pk and not key: self.is_initial = True if current_org.is_root(): node = None else: node = Node.org_root() return node if pk: node = get_object_or_404(Node, pk=pk) else: node = get_object_or_404(Node, key=key) return node
def add(self, *roles): from rbac.models import RoleBinding items = [] for role in roles: kwargs = {'role': role, 'user': self.user, 'scope': role.scope} if self.scope and role.scope != self.scope: continue if not current_org.is_root( ) and role.scope == RoleBinding.Scope.org: kwargs['org_id'] = current_org.id items.append(RoleBinding(**kwargs)) try: RoleBinding.objects.bulk_create(items, ignore_conflicts=True) except Exception as e: logger.error('Create role binding error: {}'.format(e))
def invite(self, request): data = request.data if not isinstance(data, list): data = [request.data] if not current_org or current_org.is_root(): error = {"error": "Not a valid org"} return Response(error, status=400) serializer_cls = self.get_serializer_class() serializer = serializer_cls(data=data, many=True) serializer.is_valid(raise_exception=True) validated_data = serializer.validated_data for i in validated_data: i['org_id'] = current_org.org_id() relations = [OrganizationMember(**i) for i in validated_data] OrganizationMember.objects.bulk_create(relations, ignore_conflicts=True) return Response(serializer.data, status=201)
def get_queryset(self): query_all = self.request.query_params.get("all", "0") == "all" if self.is_initial and current_org.is_root(): return self.get_org_root_queryset(query_all) if self.is_initial: with_self = True else: with_self = False if not self.instance: return Node.objects.none() if query_all: queryset = self.instance.get_all_children(with_self=with_self) else: queryset = self.instance.get_children(with_self=with_self) return queryset
def org_roles(self): from orgs.models import ROLE as ORG_ROLE if current_org.is_root(): # root 组织, 取 User 本身的角色 if self.is_superuser: roles = [ORG_ROLE.ADMIN] elif self.is_super_auditor: roles = [ORG_ROLE.AUDITOR] else: roles = [ORG_ROLE.USER] else: # 是真实组织, 取 OrganizationMember 中的角色 roles = [ org_member.role for org_member in self.m2m_org_members.all() if org_member.org_id == current_org.id ] roles.sort() return roles
def get_login_logs(cls, date_from=None, date_to=None, user=None, keyword=None): login_logs = cls.objects.all() if date_from and date_to: date_from = "{} {}".format(date_from, '00:00:00') date_to = "{} {}".format(date_to, '23:59:59') login_logs = login_logs.filter( datetime__gte=date_from, datetime__lte=date_to ) if user: login_logs = login_logs.filter(username=user) if keyword: login_logs = login_logs.filter( Q(ip__contains=keyword) | Q(city__contains=keyword) | Q(username__contains=keyword) ) if not current_org.is_root(): username_list = current_org.get_members().values_list('username', flat=True) login_logs = login_logs.filter(username__in=username_list) return login_logs
def invite(self, request): data = request.data if not isinstance(data, list): data = [request.data] if not current_org or current_org.is_root(): error = {"error": "Not a valid org"} return Response(error, status=400) serializer_cls = self.get_serializer_class() serializer = serializer_cls(data=data, many=True) serializer.is_valid(raise_exception=True) validated_data = serializer.validated_data users_by_role = defaultdict(list) for i in validated_data: users_by_role[i['role']].append(i['user']) OrganizationMember.objects.add_users_by_role( current_org, users=users_by_role[ORG_ROLE.USER], admins=users_by_role[ORG_ROLE.ADMIN], auditors=users_by_role[ORG_ROLE.AUDITOR]) return Response(serializer.data, status=201)
def get_queryset(self): queryset = super().get_queryset() if current_org.is_root(): return queryset queryset = queryset.filter(run_as__org_id=current_org.org_id()) return queryset
def remove(self): if current_org.is_root(): return org = Organization.get_instance(current_org.id) OrganizationMember.objects.remove_users(org, [self])
def on_user_global_create_refresh_cache(sender, instance, created, **kwargs): if created and current_org.is_root(): refresh_cache('users_amount', current_org)
def get_queryset(self): queryset = super().get_queryset() if not current_org.is_root(): org_id = current_org.org_id() queryset = queryset.filter(**{f'{self.from_field}__org_id': org_id}) return queryset
def perform_destroy(self, instance): if not current_org.is_root(): instance.remove() else: return super().perform_destroy(instance)
def root_all(self): queryset = super().get_queryset() if current_org.is_root(): return queryset return self.get_queryset()
def save(self, *args, **kwargs): if current_org.is_root() and not self.org_id: self.org_id = Organization.ROOT_ID return super(OperateLog, self).save(*args, **kwargs)
def create(self, request, *args, **kwargs): if current_org.is_root(): raise MethodNotAllowed('post', self.root_org_readonly_msg) return super().update(request, *args, **kwargs)