perf(orgs): 默认组织改为实体组织，并支持全局组织 (#5617)

* perf(orgs): 默认组织改为实体组织 * perf: 添加获取当前组织信息的api * perf: 资产列表在 root 组织下的表现 * fix: 修复 root 组织引起的问题 * perf: 优化OrgModelMixin save; org_root获取; org_roles获取; UserCanUseCurrentOrg权限类 Co-authored-by: ibuler <ibuler@qq.com> Co-authored-by: Bai <bugatti_it@163.com>
2025-09-09 11:19:08 +00:00 · 2021-03-02 14:57:48 +08:00
parent 51c9a89b1f
commit a56ac7b34e
19 changed files with 381 additions and 298 deletions
--- a/apps/users/api/mixins.py
+++ b/apps/users/api/mixins.py
@@ -8,7 +8,7 @@ from orgs.utils import current_org

 class UserQuerysetMixin:
    def get_queryset(self):
-        if self.request.query_params.get('all') or not current_org.is_real():
+        if self.request.query_params.get('all') or current_org.is_root():
            queryset = User.objects.exclude(role=User.ROLE.APP)
        else:
            queryset = utils.get_current_org_members()
--- a/apps/users/api/profile.py
+++ b/apps/users/api/profile.py
@@ -2,6 +2,7 @@
 import uuid

 from rest_framework import generics
+from common.permissions import IsOrgAdmin
 from rest_framework.permissions import IsAuthenticated
 from django.conf import settings

@@ -23,7 +24,7 @@ __all__ = [
 class UserResetPasswordApi(UserQuerysetMixin, generics.UpdateAPIView):
    queryset = User.objects.all()
    serializer_class = serializers.UserSerializer
-    permission_classes = (IsAuthenticated,)
+    permission_classes = (IsOrgAdmin,)

    def perform_update(self, serializer):
        # Note: we are not updating the user object here.
@@ -37,7 +38,7 @@ class UserResetPasswordApi(UserQuerysetMixin, generics.UpdateAPIView):

 class UserResetPKApi(UserQuerysetMixin, generics.UpdateAPIView):
    serializer_class = serializers.UserSerializer
-    permission_classes = (IsAuthenticated,)
+    permission_classes = (IsOrgAdmin,)

    def perform_update(self, serializer):
        from ..utils import send_reset_ssh_key_mail
--- a/apps/users/api/user.py
+++ b/apps/users/api/user.py
@@ -48,7 +48,7 @@ class UserViewSet(CommonApiMixin, UserQuerysetMixin, BulkModelViewSet):
        queryset = super().get_queryset().prefetch_related(
            'groups'
        )
-        if current_org.is_real():
+        if not current_org.is_root():
            # 为在列表中计算用户在真实组织里的角色
            queryset = queryset.prefetch_related(
                Prefetch(
@@ -67,7 +67,7 @@ class UserViewSet(CommonApiMixin, UserQuerysetMixin, BulkModelViewSet):
    @staticmethod
    def set_users_to_org(users, org_roles, update=False):
        # 只有真实存在的组织才真正关联用户
-        if not current_org or not current_org.is_real():
+        if not current_org or current_org.is_root():
            return
        for user, roles in zip(users, org_roles):
            if update and roles is None:
@@ -94,7 +94,7 @@ class UserViewSet(CommonApiMixin, UserQuerysetMixin, BulkModelViewSet):
        return super().get_permissions()

    def perform_destroy(self, instance):
-        if current_org.is_real():
+        if not current_org.is_root():
            instance.remove()
        else:
            return super().perform_destroy(instance)
@@ -150,7 +150,7 @@ class UserViewSet(CommonApiMixin, UserQuerysetMixin, BulkModelViewSet):
        data = request.data
        if not isinstance(data, list):
            data = [request.data]
-        if not current_org or not current_org.is_real():
+        if not current_org or current_org.is_root():
            error = {"error": "Not a valid org"}
            return Response(error, status=400)