[Update] 修改一些问题

4631d7de · jym503558564 · b9bb755c · 4631d7de · 4631d7de · 4631d7de
Commit 4631d7de authored Aug 15, 2019 by jym503558564
10 changed files
--- a/apps/audits/views.py
+++ b/apps/audits/views.py
@@ -234,7 +234,7 @@ class CommandExecutionListView(UserCommandExecutionListView):
        return queryset

    def get_user_list(self):
-        users = current_org.get_org_members_exclude_auditors()
+        users = current_org.get_org_members(include_auditors=False)
        return users

    def get_context_data(self, **kwargs):

--- a/apps/common/permissions.py
+++ b/apps/common/permissions.py
@@ -161,15 +161,11 @@ class NeedMFAVerify(permissions.BasePermission):

 class CanUpdateDeleteSuperUser(permissions.BasePermission):
    def has_object_permission(self, request, view, obj):
-        if request.method in ['GET', 'OPTIONS']:
-            return True
-        elif request.method == 'DELETE' and str(request.user.id) == str(obj.id):
+        if request.method == 'DELETE' and request.user.id == str(obj.id):
            return False
-        elif request.method in ('DELETE', 'PATCH', 'PUT') and \
+        if request.method not in ('GET', 'OPTIONS') and \
                not request.user.is_superuser and obj.is_auditor:
                return False
-        elif request.user.is_superuser:
-            return True
        if hasattr(obj, 'is_superuser') and obj.is_superuser:
            return False
        return True
--- a/apps/orgs/models.py
+++ b/apps/orgs/models.py
@@ -67,16 +67,6 @@ class Organization(models.Model):
            org = cls.default() if default else None
        return org

-    # def get_org_users(self, include_app=False):
-    #     from users.models import User
-    #     if self.is_real():
-    #         users = self.users.all()
-    #     else:
-    #         users = User.objects.all()
-    #     if not include_app:
-    #         users = users.exclude(role=User.ROLE_APP)
-    #     return users
-
    def get_org_users(self):
        if self.is_real():
            return self.users.all()
@@ -92,22 +82,18 @@ class Organization(models.Model):
            return self.auditors.all()
        return []

-    def get_org_members(self, include_app=False):
+    def get_org_members(self, include_app=False, include_auditors=True):
        from users.models import User
        if self.is_real():
-            members = self.users.all() | self.auditors.all()
+            members = self.get_org_users() | self.get_org_auditors()
        else:
            members = User.objects.all()
        if not include_app:
            members = members.exclude(role=User.ROLE_APP)
+        if not include_auditors:
+            members = members.exclude(role=User.ROLE_AUDITOR)
        return members

-    def get_org_members_exclude_auditors(self, include_app=False):
-        from users.models import User
-        members = self.get_org_members(include_app=include_app)
-        members_exclude_auditors = members.exclude(role=User.ROLE_AUDITOR)
-        return members_exclude_auditors
-
    def can_admin_by(self, user):
        if user.is_superuser:
            return True
@@ -140,6 +126,13 @@ class Organization(models.Model):
                admin_orgs.append(cls.default())
        return admin_orgs

+    @classmethod
+    def get_user_audit_orgs(cls, user):
+        audit_orgs = []
+        if user.is_auditor:
+            audit_orgs = user.audit_orgs.all()
+        return audit_orgs
+
    @classmethod
    def default(cls):
        return cls(id=cls.DEFAULT_ID, name=cls.DEFAULT_NAME)

--- a/apps/perms/forms/asset_permission.py
+++ b/apps/perms/forms/asset_permission.py
@@ -39,7 +39,7 @@ class AssetPermissionForm(OrgModelForm):
    def __init__(self, *args, **kwargs):
        super().__init__(*args, **kwargs)
        users_field = self.fields.get('users')
-        users_field.queryset = current_org.get_org_members_exclude_auditors()
+        users_field.queryset = current_org.get_org_members(include_auditors=False)

        nodes_field = self.fields['nodes']
        nodes_field.choices = ((n.id, n.full_value) for n in Node.get_queryset())

--- a/apps/perms/forms/remote_app_permission.py
+++ b/apps/perms/forms/remote_app_permission.py
@@ -19,7 +19,7 @@ class RemoteAppPermissionCreateUpdateForm(OrgModelForm):
        super().__init__(*args, **kwargs)
        users_field = self.fields.get('users')
        if hasattr(users_field, 'queryset'):
-            users_field.queryset = current_org.get_org_members_exclude_auditors()
+            users_field.queryset = current_org.get_org_members(include_auditors=False)

    class Meta:
        model = RemoteAppPermission

--- a/apps/perms/views/asset_permission.py
+++ b/apps/perms/views/asset_permission.py
@@ -135,7 +135,7 @@ class AssetPermissionUserView(PermissionsMixin,
        context = {
            'app': _('Perms'),
            'action': _('Asset permission user list'),
-            'users_remain': current_org.get_org_members_exclude_auditors().exclude(
+            'users_remain': current_org.get_org_members(include_auditors=False).exclude(
                assetpermission=self.object
            ),
            'user_groups_remain': UserGroup.objects.exclude(

--- a/apps/perms/views/remote_app_permission.py
+++ b/apps/perms/views/remote_app_permission.py
@@ -107,7 +107,7 @@ class RemoteAppPermissionUserView(PermissionsMixin,
        context = {
            'app': _('Perms'),
            'action': _('RemoteApp permission user list'),
-            'users_remain': current_org.get_org_members_exclude_auditors().exclude(
+            'users_remain': current_org.get_org_members(include_auditors=False).exclude(
                remoteapppermission=self.object
            ),
            'user_groups_remain': UserGroup.objects.exclude(

--- a/apps/users/forms.py
+++ b/apps/users/forms.py
@@ -335,7 +335,7 @@ class UserGroupForm(OrgModelForm):
            return
        users_field = self.fields.get('users')
        if hasattr(users_field, 'queryset'):
-            users_field.queryset = current_org.get_org_members_exclude_auditors()
+            users_field.queryset = current_org.get_org_members(include_auditors=False)

    def save(self, commit=True):
        group = super().save(commit=commit)

--- a/apps/users/models/user.py
+++ b/apps/users/models/user.py
@@ -167,7 +167,7 @@ class RoleMixin:
    @property
    def audit_orgs(self):
        from orgs.models import Organization
-        return Organization.get_user_admin_orgs(self)
+        return Organization.get_user_audit_orgs(self)

    @property
    def is_org_auditor(self):

--- a/apps/users/views/group.py
+++ b/apps/users/views/group.py
@@ -76,7 +76,7 @@ class UserGroupDetailView(PermissionsMixin, DetailView):
    permission_classes = [IsOrgAdmin]

    def get_context_data(self, **kwargs):
-        users = current_org.get_org_members_exclude_auditors().exclude(id__in=self.object.users.all())
+        users = current_org.get_org_members(include_auditors=False).exclude(id__in=self.object.users.all())
        context = {
            'app': _('Users'),
            'action': _('User group detail'),