fix: fix rbac to dev (#7636)

* feat: 添加 RBAC 应用模块 * feat: 添加 RBAC Model、API * feat: 添加 RBAC Model、API 2 * feat: 添加 RBAC Model、API 3 * feat: 添加 RBAC Model、API 4 * feat: RBAC * feat: RBAC * feat: RBAC * feat: RBAC * feat: RBAC * feat: RBAC 整理权限位 * feat: RBAC 整理权限位2 * feat: RBAC 整理权限位2 * feat: RBAC 整理权限位 * feat: RBAC 添加默认角色 * feat: RBAC 添加迁移文件；迁移用户角色->用户角色绑定 * feat: RBAC 添加迁移文件；迁移用户角色->用户角色绑定 * feat: RBAC 修改用户模块API * feat: RBAC 添加组织模块迁移文件 & 修改组织模块API * feat: RBAC 添加组织模块迁移文件 & 修改组织模块API * feat: RBAC 修改用户角色属性的使用 * feat: RBAC No.1 * xxx * perf: 暂存 * perf: ... * perf(rbac): 添加 perms 到 profile serializer 中 * stash * perf: 使用init * perf: 修改migrations * perf: rbac * stash * stash * pref: 修改rbac * stash it * stash: 先去修复其他bug * perf: 修改 role 添加 users * pref: 修改 RBAC Model * feat: 添加权限的 tree api * stash: 暂存一下 * stash: 暂存一下 * perf: 修改 model verbose name * feat: 添加model各种 verbose name * perf: 生成 migrations * perf: 优化权限位 * perf: 添加迁移脚本 * feat: 添加组织角色迁移 * perf: 添加迁移脚本 * stash * perf: 添加migrateion * perf: 暂存一下 * perf: 修改rbac * perf: stash it * fix: 迁移冲突 * fix: 迁移冲突 * perf: 暂存一下 * perf: 修改 rbac 逻辑 * stash: 暂存一下 * perf: 修改内置角色 * perf: 解决 root 组织的问题 * perf: stash it * perf: 优化 rbac * perf: 优化 rolebinding 处理 * perf: 完成用户离开组织的问题 * perf: 暂存一下 * perf: 修改翻译 * perf: 去掉了 IsSuperUser * perf: IsAppUser 去掉完成 * perf: 修改 connection token 的权限 * perf: 去掉导入的问题 * perf: perms define 格式，修改 app 用户的全新啊 * perf: 修改 permission * perf: 去掉一些 org admin * perf: 去掉部分 org admin * perf: 再去掉点 org admin role * perf: 再去掉部分 org admin * perf: user 角色搜索 * perf: 去掉很多 js * perf: 添加权限位 * perf: 修改权限 * perf: 去掉一个 todo * merge: with dev * fix: 修复冲突 Co-authored-by: Bai <bugatti_it@163.com> Co-authored-by: Michael Bai <baijiangjie@gmail.com> Co-authored-by: ibuler <ibuler@qq.com>
2025-09-04 17:01:09 +00:00 · 2022-02-17 20:13:31 +08:00
parent b088362ae3
commit e259d2a9e9
263 changed files with 3049 additions and 62465 deletions
--- a/apps/users/filters.py
+++ b/apps/users/filters.py
@@ -1,63 +1,37 @@
 from django_filters import rest_framework as filters
-from django.db.models import Q
-from rest_framework.compat import coreapi, coreschema
-from rest_framework.filters import BaseFilterBackend

 from common.drf.filters import BaseFilterSet
 from users.models.user import User
-from users.const import SystemOrOrgRole
-from orgs.utils import current_org
-
-
-class OrgRoleUserFilterBackend(BaseFilterBackend):
-    def filter_queryset(self, request, queryset, view):
-        org_role = request.query_params.get('org_role')
-        if not org_role:
-            return queryset
-
-        if org_role == 'admins':
-            return queryset & (current_org.admins | User.objects.filter(role=User.ROLE.ADMIN))
-        elif org_role == 'auditors':
-            return queryset & current_org.auditors
-        elif org_role == 'users':
-            return queryset & current_org.users
-        elif org_role == 'members':
-            return queryset & current_org.get_members()
-
-    def get_schema_fields(self, view):
-        return [
-            coreapi.Field(
-                name='org_role', location='query', required=False, type='string',
-                schema=coreschema.String(
-                    title='Organization role users',
-                    description='Organization role users can be {admins|auditors|users|members}'
-                )
-            )
-        ]
+from rbac.models import Role


 class UserFilter(BaseFilterSet):
-    system_or_org_role = filters.ChoiceFilter(choices=SystemOrOrgRole.choices, method='filter_system_or_org_role')
+    system_roles = filters.ModelChoiceFilter(
+        queryset=Role.objects.filter(scope='system'), method='filter_system_roles'
+    )
+    org_roles = filters.ModelChoiceFilter(
+        queryset=Role.objects.filter(scope='org'), method='filter_org_roles'
+    )

    class Meta:
        model = User
        fields = (
-            'id', 'username', 'email', 'name', 'source', 'system_or_org_role'
+            'id', 'username', 'email', 'name', 'source',
+            'org_roles', 'system_roles',
        )

-    def filter_system_or_org_role(self, queryset, name, value):
-        value = value.split('_')
-        if len(value) == 1:
-            role_type, value = None, value[0]
-        else:
-            role_type, value = value
-        value = value.title()
-        system_queries = Q(role=value)
-        org_queries = Q(m2m_org_members__role=value, m2m_org_members__org_id=current_org.id)
-        if not role_type:
-            queries = system_queries | org_queries
-        elif role_type == 'system':
-            queries = system_queries
-        elif role_type == 'org':
-            queries = org_queries
-        return queryset.filter(queries)
+    @staticmethod
+    def filter_system_roles(queryset, name, value):
+        queryset = queryset.prefetch_related('role_bindings')\
+            .filter(role_bindings__role_id=value.id)\
+            .distinct()
+        return queryset
+
+    @staticmethod
+    def filter_org_roles(queryset, name, value):
+        queryset = queryset.prefetch_related('role_bindings') \
+            .filter(role_bindings__role_id=value.id) \
+            .distinct()
+        return queryset
+
+