perf: 优化权限位 (#8110)

* perf: 优化权限位 * perf: 优化返回的组织 * perf: 保证结果是 ok * perf: 去掉 distinct * perf: tree count Co-authored-by: ibuler <ibuler@qq.com>
2026-01-29 21:51:31 +00:00 · 2022-04-20 18:50:53 +08:00
parent b0b379e5a9
commit e61bae5ee4
4 changed files with 120 additions and 74 deletions
--- a/apps/rbac/models/rolebinding.py
+++ b/apps/rbac/models/rolebinding.py
@@ -107,19 +107,23 @@ class RoleBinding(JMSModel):
        roles = Role.get_roles_by_perm(perm)
        with tmp_to_root_org():
            bindings = list(cls.objects.root_all().filter(role__in=roles, user=user))
-        system_bindings = [b for b in bindings if b.scope == Role.Scope.system.value]

+        system_bindings = [b for b in bindings if b.scope == Role.Scope.system.value]
+        # 工作台仅限于自己加入的组织
        if perm == 'rbac.view_workbench':
            all_orgs = user.orgs.all()
        else:
            all_orgs = Organization.objects.all()

+        # 有系统级别的绑定，就代表在所有组织有这个权限
        if system_bindings:
            orgs = all_orgs
        else:
            org_ids = [b.org.id for b in bindings if b.org]
            orgs = all_orgs.filter(id__in=org_ids)
-        if orgs and user.has_perm('orgs.view_rootorg'):
+
+        # 全局组织
+        if orgs and perm != 'rbac.view_workbench' and user.has_perm('orgs.view_rootorg'):
            orgs = [Organization.root(), *list(orgs)]
        return orgs