feat: 添加应用用户API

apps/applications/api/__init__.py

@@ -1,3 +1,4 @@
 from .application import *
+from .application_user import *
 from .mixin import *
 from .remote_app import *

apps/applications/api/application.py

@@ -2,18 +2,13 @@
 #
 
 from orgs.mixins.api import OrgBulkModelViewSet
-from rest_framework import generics
 
-from ..hands import IsOrgAdminOrAppUser, IsOrgAdmin
-from .. import models, serializers
+from ..hands import IsOrgAdminOrAppUser
+from .. import serializers
 from ..models import Application
-from assets.models import SystemUser
-from assets.serializers import SystemUserListSerializer
-from perms.models import ApplicationPermission
-from ..const import ApplicationCategoryChoices
 
 
-__all__ = ['ApplicationViewSet', 'ApplicationUserListApi']
+__all__ = ['ApplicationViewSet']
 
 
 class ApplicationViewSet(OrgBulkModelViewSet):
@@ -22,29 +17,3 @@ class ApplicationViewSet(OrgBulkModelViewSet):
     search_fields = filterset_fields
     permission_classes = (IsOrgAdminOrAppUser,)
     serializer_class = serializers.ApplicationSerializer
-
-
-class ApplicationUserListApi(generics.ListAPIView):
-    permission_classes = (IsOrgAdmin, )
-    filterset_fields = ('name', 'username')
-    search_fields = filterset_fields
-    serializer_class = SystemUserListSerializer
-
-    def get_application(self):
-        application = None
-        app_id = self.request.query_params.get('application_id')
-        if app_id:
-            application = Application.objects.get(id=app_id)
-        return application
-
-    def get_queryset(self):
-        queryset = SystemUser.objects.none()
-        application = self.get_application()
-        if not application:
-            return queryset
-        system_user_ids = ApplicationPermission.objects.filter(applications=application)\
-            .values_list('system_users', flat=True)
-        if not system_user_ids:
-            return queryset
-        queryset = SystemUser.objects.filter(id__in=system_user_ids)
-        return queryset

apps/applications/api/application_user.py

@@ -0,0 +1,55 @@
+# coding: utf-8
+#
+
+from rest_framework import generics
+from django.conf import settings
+
+from ..hands import IsOrgAdminOrAppUser, IsOrgAdmin, NeedMFAVerify
+from .. import serializers
+from ..models import Application, ApplicationUser
+from perms.models import ApplicationPermission
+
+
+class ApplicationUserListApi(generics.ListAPIView):
+    permission_classes = (IsOrgAdmin, )
+    filterset_fields = ('name', 'username')
+    search_fields = filterset_fields
+    serializer_class = serializers.ApplicationUserSerializer
+    _application = None
+
+    @property
+    def application(self):
+        if self._application is None:
+            app_id = self.request.query_params.get('application_id')
+            if app_id:
+                self._application = Application.objects.get(id=app_id)
+        return self._application
+
+    def get_serializer_context(self):
+        context = super().get_serializer_context()
+        context.update({
+            'application': self.application
+        })
+        return context
+
+    def get_queryset(self):
+        queryset = ApplicationUser.objects.none()
+        if not self.application:
+            return queryset
+        system_user_ids = ApplicationPermission.objects.filter(applications=self.application)\
+            .values_list('system_users', flat=True)
+        if not system_user_ids:
+            return queryset
+        queryset = ApplicationUser.objects.filter(id__in=system_user_ids)
+        return queryset
+
+
+class ApplicationUserAuthInfoListApi(ApplicationUserListApi):
+    serializer_class = serializers.ApplicationUserWithAuthInfoSerializer
+    http_method_names = ['get']
+    permission_classes = [IsOrgAdminOrAppUser]
+
+    def get_permissions(self):
+        if settings.SECURITY_VIEW_AUTH_NEED_MFA:
+            self.permission_classes = [IsOrgAdminOrAppUser, NeedMFAVerify]
+        return super().get_permissions()