diff --git a/apps/assets/api/admin_user.py b/apps/assets/api/admin_user.py index 74c44b48b..968cd6594 100644 --- a/apps/assets/api/admin_user.py +++ b/apps/assets/api/admin_user.py @@ -37,19 +37,19 @@ class AdminUserViewSet(IDInFilterMixin, BulkModelViewSet): """ Admin user api set, for add,delete,update,list,retrieve resource """ - queryset = AdminUser.objects + queryset = AdminUser.objects.all() serializer_class = serializers.AdminUserSerializer permission_classes = (IsSuperUser,) class AdminUserAuthApi(generics.UpdateAPIView): - queryset = AdminUser.objects + queryset = AdminUser.objects.all() serializer_class = serializers.AdminUserAuthSerializer permission_classes = (IsSuperUser,) class ReplaceNodesAdminUserApi(generics.UpdateAPIView): - queryset = AdminUser.objects + queryset = AdminUser.objects.all() serializer_class = serializers.ReplaceNodeAdminUserSerializer permission_classes = (IsSuperUser,) @@ -74,7 +74,7 @@ class AdminUserTestConnectiveApi(generics.RetrieveAPIView): """ Test asset admin user connectivity """ - queryset = AdminUser.objects + queryset = AdminUser.objects.all() permission_classes = (IsSuperUser,) def retrieve(self, request, *args, **kwargs): diff --git a/apps/assets/api/asset.py b/apps/assets/api/asset.py index ad42aeeba..8c1f3d726 100644 --- a/apps/assets/api/asset.py +++ b/apps/assets/api/asset.py @@ -36,7 +36,7 @@ class AssetViewSet(IDInFilterMixin, LabelFilter, BulkModelViewSet): filter_fields = ("hostname", "ip") search_fields = filter_fields ordering_fields = ("hostname", "ip", "port", "cpu_cores") - queryset = Asset.objects + queryset = Asset.objects.all() serializer_class = serializers.AssetSerializer pagination_class = LimitOffsetPagination permission_classes = (IsSuperUserOrAppUser,) @@ -65,7 +65,7 @@ class AssetViewSet(IDInFilterMixin, LabelFilter, BulkModelViewSet): if node_id and not show_current_asset: node = get_object_or_404(Node, id=node_id) if node.is_root(): - queryset = Asset.objects + queryset = Asset.objects.all() else: queryset = queryset.filter( nodes__key__regex='^{}(:[0-9]+)*$'.format(node.key), @@ -77,7 +77,7 @@ class AssetListUpdateApi(IDInFilterMixin, ListBulkCreateUpdateDestroyAPIView): """ Asset bulk update api """ - queryset = Asset.objects + queryset = Asset.objects.all() serializer_class = serializers.AssetSerializer permission_classes = (IsSuperUser,) @@ -86,7 +86,7 @@ class AssetRefreshHardwareApi(generics.RetrieveAPIView): """ Refresh asset hardware info """ - queryset = Asset.objects + queryset = Asset.objects.all() serializer_class = serializers.AssetSerializer permission_classes = (IsSuperUser,) @@ -101,7 +101,7 @@ class AssetAdminUserTestApi(generics.RetrieveAPIView): """ Test asset admin user connectivity """ - queryset = Asset.objects + queryset = Asset.objects.all() permission_classes = (IsSuperUser,) def retrieve(self, request, *args, **kwargs): @@ -112,7 +112,7 @@ class AssetAdminUserTestApi(generics.RetrieveAPIView): class AssetGatewayApi(generics.RetrieveAPIView): - queryset = Asset.objects + queryset = Asset.objects.all() permission_classes = (IsSuperUserOrAppUser,) def retrieve(self, request, *args, **kwargs): diff --git a/apps/assets/api/domain.py b/apps/assets/api/domain.py index 88a5ba2e0..5114b5561 100644 --- a/apps/assets/api/domain.py +++ b/apps/assets/api/domain.py @@ -18,7 +18,7 @@ __all__ = ['DomainViewSet', 'GatewayViewSet', "GatewayTestConnectionApi"] class DomainViewSet(BulkModelViewSet): - queryset = Domain.objects + queryset = Domain.objects.all() permission_classes = (IsSuperUser,) serializer_class = serializers.DomainSerializer @@ -36,7 +36,7 @@ class DomainViewSet(BulkModelViewSet): class GatewayViewSet(BulkModelViewSet): filter_fields = ("domain",) search_fields = filter_fields - queryset = Gateway.objects + queryset = Gateway.objects.all() permission_classes = (IsSuperUser,) serializer_class = serializers.GatewaySerializer diff --git a/apps/assets/api/node.py b/apps/assets/api/node.py index 8cd9c557e..e5ace021e 100644 --- a/apps/assets/api/node.py +++ b/apps/assets/api/node.py @@ -40,7 +40,7 @@ __all__ = [ class NodeViewSet(BulkModelViewSet): - queryset = Node.objects + queryset = Node.objects.all() permission_classes = (IsSuperUser,) serializer_class = serializers.NodeSerializer @@ -79,7 +79,7 @@ class NodeViewSet(BulkModelViewSet): class NodeChildrenApi(mixins.ListModelMixin, generics.CreateAPIView): - queryset = Node.objects + queryset = Node.objects.all() permission_classes = (IsSuperUser,) serializer_class = serializers.NodeSerializer instance = None @@ -166,7 +166,7 @@ class NodeAssetsApi(generics.ListAPIView): class NodeAddChildrenApi(generics.UpdateAPIView): - queryset = Node.objects + queryset = Node.objects.all() permission_classes = (IsSuperUser,) serializer_class = serializers.NodeAddChildrenSerializer instance = None @@ -184,7 +184,7 @@ class NodeAddChildrenApi(generics.UpdateAPIView): class NodeAddAssetsApi(generics.UpdateAPIView): serializer_class = serializers.NodeAssetsSerializer - queryset = Node.objects + queryset = Node.objects.all() permission_classes = (IsSuperUser,) instance = None @@ -196,7 +196,7 @@ class NodeAddAssetsApi(generics.UpdateAPIView): class NodeRemoveAssetsApi(generics.UpdateAPIView): serializer_class = serializers.NodeAssetsSerializer - queryset = Node.objects + queryset = Node.objects.all() permission_classes = (IsSuperUser,) instance = None @@ -212,7 +212,7 @@ class NodeRemoveAssetsApi(generics.UpdateAPIView): class NodeReplaceAssetsApi(generics.UpdateAPIView): serializer_class = serializers.NodeAssetsSerializer - queryset = Node.objects + queryset = Node.objects.all() permission_classes = (IsSuperUser,) instance = None diff --git a/apps/assets/api/system_user.py b/apps/assets/api/system_user.py index 1fb77f01f..66d62232d 100644 --- a/apps/assets/api/system_user.py +++ b/apps/assets/api/system_user.py @@ -35,7 +35,7 @@ class SystemUserViewSet(BulkModelViewSet): """ System user api set, for add,delete,update,list,retrieve resource """ - queryset = SystemUser.objects + queryset = SystemUser.objects.all() serializer_class = serializers.SystemUserSerializer permission_classes = (IsSuperUserOrAppUser,) @@ -44,7 +44,7 @@ class SystemUserAuthInfoApi(generics.RetrieveUpdateDestroyAPIView): """ Get system user auth info """ - queryset = SystemUser.objects + queryset = SystemUser.objects.all() permission_classes = (IsSuperUserOrAppUser,) serializer_class = serializers.SystemUserAuthSerializer @@ -58,7 +58,7 @@ class SystemUserPushApi(generics.RetrieveAPIView): """ Push system user to cluster assets api """ - queryset = SystemUser.objects + queryset = SystemUser.objects.all() permission_classes = (IsSuperUser,) def retrieve(self, request, *args, **kwargs): @@ -74,7 +74,7 @@ class SystemUserTestConnectiveApi(generics.RetrieveAPIView): """ Push system user to cluster assets api """ - queryset = SystemUser.objects + queryset = SystemUser.objects.all() permission_classes = (IsSuperUser,) def retrieve(self, request, *args, **kwargs): diff --git a/apps/assets/forms/asset.py b/apps/assets/forms/asset.py index 1f32219a7..516ce4afc 100644 --- a/apps/assets/forms/asset.py +++ b/apps/assets/forms/asset.py @@ -93,7 +93,7 @@ class AssetUpdateForm(forms.ModelForm): class AssetBulkUpdateForm(forms.ModelForm): assets = forms.ModelMultipleChoiceField( required=True, help_text='* required', - label=_('Select assets'), queryset = Asset.objects, + label=_('Select assets'), queryset=Asset.objects.all(), widget=forms.SelectMultiple( attrs={ 'class': 'select2', @@ -105,7 +105,7 @@ class AssetBulkUpdateForm(forms.ModelForm): label=_('Port'), required=False, min_value=1, max_value=65535, ) admin_user = forms.ModelChoiceField( - required=False, queryset = AdminUser.objects, + required=False, queryset=AdminUser.objects, label=_("Admin user"), widget=forms.Select( attrs={ diff --git a/apps/assets/forms/domain.py b/apps/assets/forms/domain.py index 2ad06fd78..ec3af8f2e 100644 --- a/apps/assets/forms/domain.py +++ b/apps/assets/forms/domain.py @@ -11,7 +11,7 @@ __all__ = ['DomainForm', 'GatewayForm'] class DomainForm(forms.ModelForm): assets = forms.ModelMultipleChoiceField( - queryset = Asset.objects, label=_('Asset'), required=False, + queryset=Asset.objects.all(), label=_('Asset'), required=False, widget=forms.SelectMultiple( attrs={'class': 'select2', 'data-placeholder': _('Select assets')} ) diff --git a/apps/assets/forms/label.py b/apps/assets/forms/label.py index 8d7ef4c44..ebdc9384e 100644 --- a/apps/assets/forms/label.py +++ b/apps/assets/forms/label.py @@ -10,7 +10,7 @@ __all__ = ['LabelForm'] class LabelForm(forms.ModelForm): assets = forms.ModelMultipleChoiceField( - queryset = Asset.objects, label=_('Asset'), required=False, + queryset=Asset.objects.all(), label=_('Asset'), required=False, widget=forms.SelectMultiple( attrs={'class': 'select2', 'data-placeholder': _('Select assets')} ) diff --git a/apps/assets/serializers/admin_user.py b/apps/assets/serializers/admin_user.py index f7156f049..e1ecdf1c3 100644 --- a/apps/assets/serializers/admin_user.py +++ b/apps/assets/serializers/admin_user.py @@ -58,7 +58,7 @@ class ReplaceNodeAdminUserSerializer(serializers.ModelSerializer): 管理用户更新关联到的集群 """ nodes = serializers.PrimaryKeyRelatedField( - many=True, queryset = Node.objects + many=True, queryset = Node.objects.all() ) class Meta: diff --git a/apps/assets/serializers/node.py b/apps/assets/serializers/node.py index a5788e229..0352dfecc 100644 --- a/apps/assets/serializers/node.py +++ b/apps/assets/serializers/node.py @@ -78,7 +78,7 @@ class NodeSerializer(serializers.ModelSerializer): class NodeAssetsSerializer(serializers.ModelSerializer): - assets = serializers.PrimaryKeyRelatedField(many=True, queryset = Asset.objects) + assets = serializers.PrimaryKeyRelatedField(many=True, queryset = Asset.objects.all()) class Meta: model = Node diff --git a/apps/assets/views/admin_user.py b/apps/assets/views/admin_user.py index 053e54e39..7d7878e88 100644 --- a/apps/assets/views/admin_user.py +++ b/apps/assets/views/admin_user.py @@ -90,7 +90,7 @@ class AdminUserAssetsView(AdminUserRequiredMixin, SingleObjectMixin, ListView): object = None def get(self, request, *args, **kwargs): - self.object = self.get_object(queryset = AdminUser.objects) + self.object = self.get_object(queryset=AdminUser.objects.all()) return super().get(request, *args, **kwargs) def get_queryset(self): diff --git a/apps/audits/api.py b/apps/audits/api.py index 9161ed7f3..0d583d246 100644 --- a/apps/audits/api.py +++ b/apps/audits/api.py @@ -9,6 +9,6 @@ from .serializers import FTPLogSerializer class FTPLogViewSet(viewsets.ModelViewSet): - queryset = FTPLog.objects + queryset = FTPLog.objects.all() serializer_class = FTPLogSerializer permission_classes = (IsSuperUserOrAppUser,) diff --git a/apps/jumpserver/settings.py b/apps/jumpserver/settings.py index 77a37839d..de79cd97b 100644 --- a/apps/jumpserver/settings.py +++ b/apps/jumpserver/settings.py @@ -78,6 +78,7 @@ INSTALLED_APPS = [ ] MIDDLEWARE = [ + 'orgs.middleware.OrgPreMiddleware', 'django.middleware.security.SecurityMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.locale.LocaleMiddleware', diff --git a/apps/ops/api.py b/apps/ops/api.py index 5480ef5e7..35c9b8dc5 100644 --- a/apps/ops/api.py +++ b/apps/ops/api.py @@ -16,13 +16,13 @@ from .tasks import run_ansible_task class TaskViewSet(viewsets.ModelViewSet): - queryset = Task.objects + queryset = Task.objects.all() serializer_class = TaskSerializer permission_classes = (IsSuperUser,) class TaskRun(generics.RetrieveAPIView): - queryset = Task.objects + queryset = Task.objects.all() serializer_class = TaskViewSet permission_classes = (IsSuperUser,) @@ -33,7 +33,7 @@ class TaskRun(generics.RetrieveAPIView): class AdHocViewSet(viewsets.ModelViewSet): - queryset = AdHoc.objects + queryset = AdHoc.objects.all() serializer_class = AdHocSerializer permission_classes = (IsSuperUser,) @@ -46,7 +46,7 @@ class AdHocViewSet(viewsets.ModelViewSet): class AdHocRunHistorySet(viewsets.ModelViewSet): - queryset = AdHocRunHistory.objects + queryset = AdHocRunHistory.objects.all() serializer_class = AdHocRunHistorySerializer permission_classes = (IsSuperUser,) @@ -68,7 +68,7 @@ class CeleryTaskLogApi(generics.RetrieveAPIView): permission_classes = (IsSuperUser,) buff_size = 1024 * 10 end = False - queryset = CeleryTask.objects + queryset = CeleryTask.objects.all() def get(self, request, *args, **kwargs): mark = request.query_params.get("mark") or str(uuid.uuid4()) diff --git a/apps/orgs/middleware.py b/apps/orgs/middleware.py index 04a2d6f7a..102178575 100644 --- a/apps/orgs/middleware.py +++ b/apps/orgs/middleware.py @@ -2,6 +2,17 @@ # from .utils import get_org_from_request, set_current_org +from .models import Organization + + +class OrgPreMiddleware: + def __init__(self, get_response): + self.get_response = get_response + + def __call__(self, request): + set_current_org(Organization.root()) + response = self.get_response(request) + return response class OrgMiddleware: diff --git a/apps/orgs/mixins.py b/apps/orgs/mixins.py index a0e2bc3d8..d9f55d301 100644 --- a/apps/orgs/mixins.py +++ b/apps/orgs/mixins.py @@ -2,18 +2,26 @@ # from django.db import models from django.shortcuts import redirect +import warnings from django.contrib.auth import get_user_model +from django.forms import ModelForm from common.utils import get_logger -from .utils import get_current_org, get_model_by_db_table +from .utils import get_current_org, get_model_by_db_table, set_current_org logger = get_logger(__file__) -__all__ = ['OrgManager', 'OrgViewGenericMixin', 'OrgModelMixin'] +__all__ = [ + 'OrgManager', 'OrgViewGenericMixin', 'OrgModelMixin', 'OrgModelForm' +] class OrgManager(models.Manager): + def __init__(self, *args, **kwargs): + print("INit manager") + super().__init__(*args, **kwargs) + def get_queryset(self): print("GET CURR") current_org = get_current_org() @@ -22,9 +30,9 @@ class OrgManager(models.Manager): print("Get queryset ") print(current_org) + print(self.model) if not current_org: - return super().get_queryset().filter(**kwargs) - kwargs['id'] = None + pass elif current_org.is_real(): kwargs['org'] = current_org elif current_org.is_default(): @@ -34,6 +42,19 @@ class OrgManager(models.Manager): print(queryset) return queryset + def all(self): + current_org = get_current_org() + if not current_org: + msg = 'You should `objects.set_current_org(org).all()` then run it' + warnings.warn(msg) + return self + else: + return super().all() + + def set_current_org(self, org): + set_current_org(org) + return self + class OrgModelMixin(models.Model): org = models.ForeignKey('orgs.Organization', on_delete=models.PROTECT, null=True) @@ -55,3 +76,17 @@ class OrgViewGenericMixin: if not current_org: return redirect('orgs:switch-a-org') return super().dispatch(request, *args, **kwargs) + + +class OrgModelForm(ModelForm): + def __init__(self, *args, **kwargs): + super().__init__(*args, **kwargs) + if 'initial' not in kwargs: + return + for name, field in self.fields.items(): + if not hasattr(field, 'queryset'): + continue + print(field) + model = field.queryset.model + field.queryset = model.objects.all() + diff --git a/apps/perms/api.py b/apps/perms/api.py index 50b81c22d..40366a19b 100644 --- a/apps/perms/api.py +++ b/apps/perms/api.py @@ -19,7 +19,7 @@ class AssetPermissionViewSet(viewsets.ModelViewSet): """ 资产授权列表的增删改查api """ - queryset = AssetPermission.objects + queryset = AssetPermission.objects.all() serializer_class = serializers.AssetPermissionCreateUpdateSerializer permission_classes = (IsSuperUser,) @@ -268,7 +268,7 @@ class AssetPermissionRemoveUserApi(RetrieveUpdateAPIView): """ permission_classes = (IsSuperUser,) serializer_class = serializers.AssetPermissionUpdateUserSerializer - queryset = AssetPermission.objects + queryset = AssetPermission.objects.all() def update(self, request, *args, **kwargs): perm = self.get_object() @@ -285,7 +285,7 @@ class AssetPermissionRemoveUserApi(RetrieveUpdateAPIView): class AssetPermissionAddUserApi(RetrieveUpdateAPIView): permission_classes = (IsSuperUser,) serializer_class = serializers.AssetPermissionUpdateUserSerializer - queryset = AssetPermission.objects + queryset = AssetPermission.objects.all() def update(self, request, *args, **kwargs): perm = self.get_object() @@ -305,7 +305,7 @@ class AssetPermissionRemoveAssetApi(RetrieveUpdateAPIView): """ permission_classes = (IsSuperUser,) serializer_class = serializers.AssetPermissionUpdateAssetSerializer - queryset = AssetPermission.objects + queryset = AssetPermission.objects.all() def update(self, request, *args, **kwargs): perm = self.get_object() @@ -322,7 +322,7 @@ class AssetPermissionRemoveAssetApi(RetrieveUpdateAPIView): class AssetPermissionAddAssetApi(RetrieveUpdateAPIView): permission_classes = (IsSuperUser,) serializer_class = serializers.AssetPermissionUpdateAssetSerializer - queryset = AssetPermission.objects + queryset = AssetPermission.objects.all() def update(self, request, *args, **kwargs): perm = self.get_object() diff --git a/apps/perms/views.py b/apps/perms/views.py index 1a1b5cccd..a0095a3a5 100644 --- a/apps/perms/views.py +++ b/apps/perms/views.py @@ -108,7 +108,7 @@ class AssetPermissionUserView(AdminUserRequiredMixin, object = None def get(self, request, *args, **kwargs): - self.object = self.get_object(queryset = AssetPermission.objects) + self.object = self.get_object(queryset = AssetPermission.objects.all()) return super().get(request, *args, **kwargs) def get_queryset(self): @@ -138,7 +138,7 @@ class AssetPermissionAssetView(AdminUserRequiredMixin, object = None def get(self, request, *args, **kwargs): - self.object = self.get_object(queryset = AssetPermission.objects) + self.object = self.get_object(queryset = AssetPermission.objects.all()) return super().get(request, *args, **kwargs) def get_queryset(self): diff --git a/apps/terminal/api.py b/apps/terminal/api.py index a7b2217c2..f5c76a73f 100644 --- a/apps/terminal/api.py +++ b/apps/terminal/api.py @@ -102,7 +102,7 @@ class TerminalTokenApi(APIView): class StatusViewSet(viewsets.ModelViewSet): - queryset = Status.objects + queryset = Status.objects.all() serializer_class = StatusSerializer permission_classes = (IsSuperUserOrAppUser,) session_serializer_class = SessionSerializer @@ -174,7 +174,7 @@ class StatusViewSet(viewsets.ModelViewSet): class SessionViewSet(viewsets.ModelViewSet): - queryset = Session.objects + queryset = Session.objects.all() serializer_class = SessionSerializer permission_classes = (IsSuperUserOrAppUser,) @@ -192,7 +192,7 @@ class SessionViewSet(viewsets.ModelViewSet): class TaskViewSet(BulkModelViewSet): - queryset = Task.objects + queryset = Task.objects.all() serializer_class = TaskSerializer permission_classes = (IsSuperUserOrAppUser,) diff --git a/apps/users/api.py b/apps/users/api.py index b53db1884..28e2e95d8 100644 --- a/apps/users/api.py +++ b/apps/users/api.py @@ -9,7 +9,6 @@ from rest_framework import generics from rest_framework.permissions import AllowAny, IsAuthenticated from rest_framework.response import Response from rest_framework.views import APIView -from rest_framework import viewsets from rest_framework_bulk import BulkModelViewSet from .serializers import UserSerializer, UserGroupSerializer, \ @@ -53,7 +52,7 @@ class UserViewSet(IDInFilterMixin, BulkModelViewSet): class ChangeUserPasswordApi(generics.RetrieveUpdateAPIView): permission_classes = (IsSuperUser,) - queryset = User.objects + queryset = User.objects.all() serializer_class = ChangeUserPasswordSerializer def perform_update(self, serializer): @@ -63,13 +62,13 @@ class ChangeUserPasswordApi(generics.RetrieveUpdateAPIView): class UserUpdateGroupApi(generics.RetrieveUpdateAPIView): - queryset = User.objects + queryset = User.objects.all() serializer_class = UserUpdateGroupSerializer permission_classes = (IsSuperUser,) class UserResetPasswordApi(generics.UpdateAPIView): - queryset = User.objects + queryset = User.objects.all() serializer_class = UserSerializer permission_classes = (IsAuthenticated,) @@ -84,7 +83,7 @@ class UserResetPasswordApi(generics.UpdateAPIView): class UserResetPKApi(generics.UpdateAPIView): - queryset = User.objects + queryset = User.objects.all() serializer_class = UserSerializer permission_classes = (IsAuthenticated,) @@ -97,7 +96,7 @@ class UserResetPKApi(generics.UpdateAPIView): class UserUpdatePKApi(generics.UpdateAPIView): - queryset = User.objects + queryset = User.objects.all() serializer_class = UserPKUpdateSerializer permission_classes = (IsCurrentUserOrReadOnly,) @@ -108,13 +107,13 @@ class UserUpdatePKApi(generics.UpdateAPIView): class UserGroupViewSet(IDInFilterMixin, OrgViewGenericMixin, BulkModelViewSet): - queryset = UserGroup.objects + queryset = UserGroup.objects.all() serializer_class = UserGroupSerializer permission_classes = (IsSuperUser,) class UserGroupUpdateUserApi(generics.RetrieveUpdateAPIView): - queryset = UserGroup.objects + queryset = UserGroup.objects.all() serializer_class = UserGroupUpdateMemeberSerializer permission_classes = (IsSuperUser,) diff --git a/apps/users/forms.py b/apps/users/forms.py index 5b45abf6c..f30997c4c 100644 --- a/apps/users/forms.py +++ b/apps/users/forms.py @@ -6,6 +6,8 @@ from django.utils.translation import gettext_lazy as _ from captcha.fields import CaptchaField from common.utils import validate_ssh_public_key +from orgs.mixins import OrgModelForm +from orgs.utils import get_current_org from .models import User, UserGroup @@ -39,7 +41,7 @@ class UserCheckOtpCodeForm(forms.Form): otp_code = forms.CharField(label=_('MFA code'), max_length=6) -class UserCreateUpdateForm(forms.ModelForm): +class UserCreateUpdateForm(OrgModelForm): role_choices = ((i, n) for i, n in User.ROLE_CHOICES if i != User.ROLE_APP) password = forms.CharField( label=_('Password'), widget=forms.PasswordInput, @@ -54,15 +56,6 @@ class UserCreateUpdateForm(forms.ModelForm): widget=forms.Textarea(attrs={'placeholder': _('ssh-rsa AAAA...')}), help_text=_('Paste user id_rsa.pub here.') ) - # groups = forms.ModelMultipleChoiceField( - # queryset=UserGroup.objects, required=False, label=_("Groups"), - # widget=forms.SelectMultiple( - # attrs={ - # 'class': 'select2', - # 'data-placeholder': _('Join user groups') - # } - # ) - # ) class Meta: model = User @@ -77,6 +70,12 @@ class UserCreateUpdateForm(forms.ModelForm): } widgets = { 'otp_level': forms.RadioSelect(), + 'groups': forms.SelectMultiple( + attrs={ + 'class': 'select2', + 'data-placeholder': _('Join user groups') + } + ) } def clean_public_key(self): @@ -240,7 +239,7 @@ class UserBulkUpdateForm(forms.ModelForm): required=True, help_text='* required', label=_('Select users'), - queryset = User.objects, + queryset = User.objects.all(), widget=forms.SelectMultiple( attrs={ 'class': 'select2', @@ -279,6 +278,11 @@ class UserBulkUpdateForm(forms.ModelForm): return users +def user_limit_to(): + org = get_current_org() + return {"orgs": org} + + class UserGroupForm(forms.ModelForm): users = forms.ModelMultipleChoiceField( queryset=User.objects.exclude(role=User.ROLE_APP), @@ -290,6 +294,7 @@ class UserGroupForm(forms.ModelForm): } ), required=False, + limit_choices_to=user_limit_to ) def __init__(self, **kwargs): @@ -318,30 +323,12 @@ class UserGroupForm(forms.ModelForm): } -# class UserGroupPrivateAssetPermissionForm(forms.ModelForm): -# def save(self, commit=True): -# self.instance = super(UserGroupPrivateAssetPermissionForm, self)\ -# .save(commit=commit) -# self.instance.user_groups = [self.user_group] -# self.instance.save() -# return self.instance -# -# class Meta: -# model = AssetPermission -# fields = [ -# 'assets', 'asset_groups', 'system_users', 'name', -# ] -# widgets = { -# 'assets': forms.SelectMultiple( -# attrs={'class': 'select2', -# 'data-placeholder': _('Select assets')}), -# 'asset_groups': forms.SelectMultiple( -# attrs={'class': 'select2', -# 'data-placeholder': _('Select asset groups')}), -# 'system_users': forms.SelectMultiple( -# attrs={'class': 'select2', -# 'data-placeholder': _('Select system users')}), -# } +class OrgUserField(forms.ModelMultipleChoiceField): + + def get_limit_choices_to(self): + + return {"orgs"} + class FileForm(forms.Form): diff --git a/apps/users/models/user.py b/apps/users/models/user.py index 172a8fcde..a61d5e10b 100644 --- a/apps/users/models/user.py +++ b/apps/users/models/user.py @@ -15,6 +15,7 @@ from django.shortcuts import reverse from common.utils import get_signer, date_expired_default from common.models import Setting +from orgs.mixins import OrgManager from orgs.utils import get_current_org diff --git a/apps/users/serializers.py b/apps/users/serializers.py index 5fbeebe4e..21103c6a8 100644 --- a/apps/users/serializers.py +++ b/apps/users/serializers.py @@ -14,7 +14,7 @@ signer = get_signer() class UserSerializer(BulkSerializerMixin, serializers.ModelSerializer): groups_display = serializers.SerializerMethodField() - groups = serializers.PrimaryKeyRelatedField(many=True, queryset = UserGroup.objects, required=False) + groups = serializers.PrimaryKeyRelatedField(many=True, queryset = UserGroup.objects.all(), required=False) class Meta: model = User @@ -50,7 +50,7 @@ class UserPKUpdateSerializer(serializers.ModelSerializer): class UserUpdateGroupSerializer(serializers.ModelSerializer): - groups = serializers.PrimaryKeyRelatedField(many=True, queryset = UserGroup.objects) + groups = serializers.PrimaryKeyRelatedField(many=True, queryset=UserGroup.objects.all()) class Meta: model = User @@ -71,7 +71,7 @@ class UserGroupSerializer(BulkSerializerMixin, serializers.ModelSerializer): class UserGroupUpdateMemeberSerializer(serializers.ModelSerializer): - users = serializers.PrimaryKeyRelatedField(many=True, queryset = User.objects) + users = serializers.PrimaryKeyRelatedField(many=True, queryset = User.objects.all()) class Meta: model = UserGroup diff --git a/apps/users/views/login.py b/apps/users/views/login.py index 94071924f..7cbf4dfed 100644 --- a/apps/users/views/login.py +++ b/apps/users/views/login.py @@ -23,7 +23,7 @@ from django.conf import settings from common.utils import get_object_or_none from common.mixins import DatetimeSearchMixin, AdminUserRequiredMixin -from common.models import Setting +from orgs.utils import get_current_org from ..models import User, LoginLog from ..utils import send_reset_password_mail, check_otp_code, get_login_ip, \ redirect_user_first_login_or_index, get_user_or_tmp_user, \ @@ -365,11 +365,17 @@ class LoginLogListView(AdminUserRequiredMixin, DatetimeSearchMixin, ListView): user = keyword = "" date_to = date_from = None + def get_allow_users(self): + current_org = get_current_org() + users = current_org.get_org_users().values_list('username', flat=True) + return users + def get_queryset(self): + users = self.get_allow_users() + queryset = super().get_queryset().filter(username__in=users) self.user = self.request.GET.get('user', '') self.keyword = self.request.GET.get("keyword", '') - queryset = super().get_queryset() queryset = queryset.filter( datetime__gt=self.date_from, datetime__lt=self.date_to ) @@ -391,9 +397,7 @@ class LoginLogListView(AdminUserRequiredMixin, DatetimeSearchMixin, ListView): 'date_to': self.date_to, 'user': self.user, 'keyword': self.keyword, - 'user_list': set( - LoginLog.objects.all().values_list('username', flat=True) - ) + 'user_list': self.get_allow_users(), } kwargs.update(context) return super().get_context_data(**kwargs) \ No newline at end of file