feat: add role search filter (#2094)

TencentBlueKing · Jul 17, 2023 · a431961 · a431961
1 parent 8d50307
commit a431961
Show file tree

Hide file tree

Showing 6 changed files with 62 additions and 4 deletions.
diff --git a/saas/VERSION b/saas/VERSION
@@ -1 +1 @@
-1.10.9
+1.10.10
diff --git a/saas/backend/apps/role/filters.py b/saas/backend/apps/role/filters.py
@@ -42,6 +42,7 @@ class Meta:
 
 class RoleSearchFilter(GradeMangerFilter):
     member = filters.CharFilter(label="成员", method="member_filter")
+    with_super = filters.BooleanFilter(method="with_super_filter", initial=False)
 
     class Meta:
         model = Role
@@ -50,3 +51,6 @@ class Meta:
     def member_filter(self, queryset, name, value):
         role_ids = list(RoleUser.objects.filter(username=value).values_list("role_id", flat=True))
         return queryset.filter(id__in=role_ids)
+
+    def with_super_filter(self, queryset, name, value):
+        return queryset
diff --git a/saas/backend/apps/role/tasks.py b/saas/backend/apps/role/tasks.py
@@ -837,5 +837,28 @@ def _init_project_auth_scope(self, data):
 
         return auth_scopes
 
+    def _create_groups(self, role, role_info, maintainers, viewers, project_name):
+        expired_at = int(time.time()) + 6 * 30 * DAY_SECONDS  # 过期时间半年
+
+        authorization_scopes = role_info.dict()["authorization_scopes"]
+        for name_suffix in [ManagementGroupNameSuffixEnum.OPS.value, ManagementGroupNameSuffixEnum.READ.value]:
+            description = "包含{}项目的容器、监控、日志系统的运维权限".format(project_name)
+            if name_suffix == ManagementGroupNameSuffixEnum.READ.value:
+                description = "仅包含{}项目的容器、监控、日志系统的只读权限".format(project_name)
+
+            members = maintainers if name_suffix == ManagementGroupNameSuffixEnum.OPS.value else viewers
+            users = User.objects.filter(username__in=members)  # 筛选出已同步存在的用户
+            group = self.group_biz.create_and_add_members(
+                role,
+                "BCS-{}-{}".format(project_name, name_suffix),
+                description=description,
+                creator=ADMIN_USER,
+                subjects=[Subject.from_username(u.username) for u in users],
+                expired_at=expired_at,  # 过期时间半年
+            )
+
+            templates = self._init_group_auth_info(authorization_scopes, name_suffix)
+            self.group_biz.grant(role, group, templates, need_check=False)
+
 
 current_app.tasks.register(InitBcsProjectManagerTask())
diff --git a/saas/backend/apps/role/views/role.py b/saas/backend/apps/role/views/role.py
@@ -12,7 +12,7 @@
 from itertools import groupby
 from typing import List
 
-from django.db.models import Q
+from django.db.models import Case, Q, Value, When
 from django.shortcuts import get_object_or_404
 from django.utils.translation import gettext as _
 from drf_yasg.utils import swagger_auto_schema
@@ -984,13 +984,22 @@ class RoleSearchViewSet(mixins.ListModelMixin, GenericViewSet):
     filterset_class = RoleSearchFilter
 
     def get_queryset(self):
+        queryset = self.queryset
+        if bool(self.request.query_params.get("with_super", False)):
+            type_order = Case(
+                When(type=RoleType.SUPER_MANAGER.value, then=Value(1)),
+                When(type=RoleType.SYSTEM_MANAGER.value, then=Value(2)),
+                default=Value(3),
+            )
+            queryset = Role.objects.alias(type_order=type_order).order_by("type_order", "-updated_time")
+
         # 作为超级管理员时，可以管理所有分级管理员
         if self.request.role.type == RoleType.SUPER_MANAGER.value:
-            return self.queryset
+            return queryset
 
         # 普通用户只能查询到自己加入的管理员
         role_ids = list(RoleUser.objects.filter(username=self.request.user.username).values_list("role_id", flat=True))
-        return self.queryset.filter(id__in=role_ids)
+        return queryset.filter(id__in=role_ids)
 
     @swagger_auto_schema(
         operation_description="管理员搜索",

diff --git a/saas/resources/version_log/change_log.md b/saas/resources/version_log/change_log.md
@@ -1,3 +1,14 @@
+<!-- 2023-07-17 -->
+# V1.10.10 版本更新日志
+
+### 新增功能
+* 用户组成员列表增加部门展示
+* 过期权限列表增加权限详情
+* 聚合操作选择可选任意
+* 一级管理员可直接进入二级管理员
+
+---
+
 <!-- 2023-07-07 -->
 # V1.10.9 版本更新日志
 

diff --git a/saas/resources/version_log/change_log_en.md b/saas/resources/version_log/change_log_en.md
@@ -1,3 +1,14 @@
+<!-- 2023-07-17 -->
+# V1.10.10 ChangeLog
+
+### New Features
+* Add department display to user group member list
+* Add permission details to expired permission list
+* Allow optional selection for aggregated operations
+* Allow level 1 administrators to directly access level 2 administrators
+
+---
+
 <!-- 2023-07-07 -->
 # V1.10.9 ChangeLog