perf: merge with dev

2025-09-16 15:28:38 +00:00 · 2022-07-17 14:28:55 +08:00
parent e2f199606e fd94713583
commit 93a89509d6
413 changed files with 11109 additions and 10465 deletions
--- a/apps/rbac/models/menu.py
+++ b/apps/rbac/models/menu.py
@@ -14,7 +14,7 @@ class MenuPermission(models.Model):
        permissions = [
            ('view_console', _('Can view console view')),
            ('view_audit', _('Can view audit view')),
-            ('view_workspace', _('Can view workspace view')),
+            ('view_workbench', _('Can view workbench view')),
            ('view_webterminal', _('Can view web terminal')),
            ('view_filemanager', _('Can view file manager')),
        ]
--- a/apps/rbac/models/permission.py
+++ b/apps/rbac/models/permission.py
@@ -90,4 +90,3 @@ class Permission(DjangoPermission):
        permissions = cls.objects.all()
        permissions = cls.clean_permissions(permissions, scope=scope)
        return permissions
-
--- a/apps/rbac/models/role.py
+++ b/apps/rbac/models/role.py
@@ -121,6 +121,20 @@ class Role(JMSBaseModel):
    def is_org(self):
        return self.scope == const.Scope.org

+    @classmethod
+    def get_roles_by_perm(cls, perm):
+        app_label, codename = perm.split('.')
+        p = Permission.objects.filter(
+            codename=codename,
+            content_type__app_label=app_label
+        ).first()
+        if not p:
+            return p.roles.none()
+        role_ids = list(p.roles.all().values_list('id', flat=True))
+        admin_ids = [BuiltinRole.system_admin.id, BuiltinRole.org_admin.id]
+        role_ids += admin_ids
+        return cls.objects.filter(id__in=role_ids)
+

 class SystemRole(Role):
    objects = SystemRoleManager()
--- a/apps/rbac/models/rolebinding.py
+++ b/apps/rbac/models/rolebinding.py
@@ -1,12 +1,13 @@
 from django.utils.translation import gettext_lazy as _
 from django.db import models
 from django.db.models import Q
+from django.conf import settings
 from django.core.exceptions import ValidationError
 from rest_framework.serializers import ValidationError

 from common.db.models import JMSBaseModel
 from common.utils import lazyproperty
-from orgs.utils import current_org
+from orgs.utils import current_org, tmp_to_root_org
 from .role import Role
 from ..const import Scope

@@ -100,6 +101,36 @@ class RoleBinding(JMSBaseModel):
    def is_scope_org(self):
        return self.scope == Scope.org

+    @classmethod
+    def get_user_has_the_perm_orgs(cls, perm, user):
+        from orgs.models import Organization
+
+        roles = Role.get_roles_by_perm(perm)
+        with tmp_to_root_org():
+            bindings = list(cls.objects.root_all().filter(role__in=roles, user=user))
+
+        system_bindings = [b for b in bindings if b.scope == Role.Scope.system.value]
+        # 工作台仅限于自己加入的组织
+        if perm == 'rbac.view_workbench':
+            all_orgs = user.orgs.all().distinct()
+        else:
+            all_orgs = Organization.objects.all()
+
+        if not settings.XPACK_ENABLED:
+            all_orgs = all_orgs.filter(id=Organization.DEFAULT_ID)
+
+        # 有系统级别的绑定，就代表在所有组织有这个权限
+        if system_bindings:
+            orgs = all_orgs
+        else:
+            org_ids = [b.org.id for b in bindings if b.org]
+            orgs = all_orgs.filter(id__in=org_ids)
+
+        # 全局组织
+        if orgs and perm != 'rbac.view_workbench' and user.has_perm('orgs.view_rootorg'):
+            orgs = [Organization.root(), *list(orgs)]
+        return orgs
+

 class OrgRoleBindingManager(RoleBindingManager):
    def get_queryset(self):