perf: merge with dev

apps/rbac/models/rolebinding.py

@@ -1,12 +1,13 @@
 from django.utils.translation import gettext_lazy as _
 from django.db import models
 from django.db.models import Q
+from django.conf import settings
 from django.core.exceptions import ValidationError
 from rest_framework.serializers import ValidationError
 
 from common.db.models import JMSBaseModel
 from common.utils import lazyproperty
-from orgs.utils import current_org
+from orgs.utils import current_org, tmp_to_root_org
 from .role import Role
 from ..const import Scope
 
@@ -100,6 +101,36 @@ class RoleBinding(JMSBaseModel):
     def is_scope_org(self):
         return self.scope == Scope.org
 
+    @classmethod
+    def get_user_has_the_perm_orgs(cls, perm, user):
+        from orgs.models import Organization
+
+        roles = Role.get_roles_by_perm(perm)
+        with tmp_to_root_org():
+            bindings = list(cls.objects.root_all().filter(role__in=roles, user=user))
+
+        system_bindings = [b for b in bindings if b.scope == Role.Scope.system.value]
+        # 工作台仅限于自己加入的组织
+        if perm == 'rbac.view_workbench':
+            all_orgs = user.orgs.all().distinct()
+        else:
+            all_orgs = Organization.objects.all()
+
+        if not settings.XPACK_ENABLED:
+            all_orgs = all_orgs.filter(id=Organization.DEFAULT_ID)
+
+        # 有系统级别的绑定，就代表在所有组织有这个权限
+        if system_bindings:
+            orgs = all_orgs
+        else:
+            org_ids = [b.org.id for b in bindings if b.org]
+            orgs = all_orgs.filter(id__in=org_ids)
+
+        # 全局组织
+        if orgs and perm != 'rbac.view_workbench' and user.has_perm('orgs.view_rootorg'):
+            orgs = [Organization.root(), *list(orgs)]
+        return orgs
+
 
 class OrgRoleBindingManager(RoleBindingManager):
     def get_queryset(self):