Commit 9cefc625 authored by jym503558564's avatar jym503558564

[Update] 审计员分管组织审计

parent 42547751
......@@ -69,6 +69,10 @@ class UserAuthApi(RootOrgViewMixin, APIView):
logger.info(msg)
return Response({'msg': msg}, status=401)
if user.is_auditor:
msg = _("Auditors are not authorized to log in")
return Response({'msg': msg}, status=401)
if not user.otp_enabled:
self.send_auth_signal(success=True, user=user)
# 登陆成功,清除原来的缓存计数
......
......@@ -13,11 +13,15 @@ class OrgMiddleware:
def set_permed_org_if_need(request):
if request.path.startswith('/api'):
return
if not (request.user.is_authenticated and request.user.is_org_admin):
if not request.user.is_authenticated:
return
if not (request.user.is_org_admin or request.user.is_org_auditor):
return
org = get_org_from_request(request)
if org.can_admin_by(request.user):
return
if org.can_auditor_by(request.user):
return
admin_orgs = Organization.get_user_admin_orgs(request.user)
if admin_orgs:
request.session['oid'] = str(admin_orgs[0].id)
......
......@@ -11,6 +11,7 @@ class Organization(models.Model):
name = models.CharField(max_length=128, unique=True, verbose_name=_("Name"))
users = models.ManyToManyField('users.User', related_name='orgs', blank=True)
admins = models.ManyToManyField('users.User', related_name='admin_orgs', blank=True)
auditors = models.ManyToManyField('users.User', related_name='auditor_orgs', blank=True)
created_by = models.CharField(max_length=32, null=True, blank=True, verbose_name=_('Created by'))
date_created = models.DateTimeField(auto_now_add=True, null=True, blank=True, verbose_name=_('Date created'))
comment = models.TextField(max_length=128, default='', blank=True, verbose_name=_('Comment'))
......@@ -69,7 +70,7 @@ class Organization(models.Model):
def get_org_users(self, include_app=False):
from users.models import User
if self.is_real():
users = self.users.all()
users = self.users.all() | self.auditors.all()
else:
users = User.objects.all()
if not include_app:
......@@ -81,6 +82,11 @@ class Organization(models.Model):
return self.admins.all()
return []
def get_org_auditors(self):
if self.is_real():
return self.auditors.all()
return []
def can_admin_by(self, user):
if user.is_superuser:
return True
......@@ -88,6 +94,11 @@ class Organization(models.Model):
return True
return False
def can_auditor_by(self, user):
if user in list(self.get_org_auditors()):
return True
return False
def is_real(self):
return self.id not in (self.DEFAULT_NAME, self.ROOT_ID)
......@@ -96,11 +107,15 @@ class Organization(models.Model):
admin_orgs = []
if user.is_anonymous:
return admin_orgs
elif user.is_superuser or user.is_auditor:
elif user.is_superuser:
admin_orgs = list(cls.objects.all())
admin_orgs.append(cls.default())
elif user.is_org_admin:
admin_orgs = user.admin_orgs.all()
elif user.is_auditor:
admin_orgs = user.auditor_orgs.all()
if not admin_orgs:
admin_orgs = [cls.default()]
return admin_orgs
@classmethod
......
......@@ -52,7 +52,11 @@ class UserViewSet(IDInCacheFilterMixin, BulkModelViewSet):
if isinstance(users, User):
users = [users]
if current_org and current_org.is_real():
current_org.users.add(*users)
for user in users:
if user.is_auditor:
current_org.auditors.add(user)
else:
current_org.users.add(user)
self.send_created_signal(users)
def get_queryset(self):
......
......@@ -67,14 +67,8 @@ class UserCreateUpdateFormMixin(OrgModelForm):
# Org admin user
else:
user = kwargs.get('instance')
# Update
if user:
role = kwargs.get('instance').role
roles.append((role, dict(User.ROLE_CHOICES).get(role)))
# Create
else:
roles.append((User.ROLE_USER, dict(User.ROLE_CHOICES).get(User.ROLE_USER)))
roles.append((User.ROLE_USER, dict(User.ROLE_CHOICES).get(User.ROLE_USER)))
roles.append((User.ROLE_AUDITOR, dict(User.ROLE_CHOICES).get(User.ROLE_AUDITOR)))
field = self.fields['role']
field.choices = set(roles)
......
......@@ -164,6 +164,18 @@ class RoleMixin:
def is_auditor(self):
return self.role == 'Auditor'
@property
def auditor_orgs(self):
from orgs.models import Organization
return Organization.get_user_admin_orgs(self)
@property
def is_org_auditor(self):
if self.is_auditor and self.auditor_orgs.exists():
return True
else:
return False
@property
def is_common_user(self):
if self.is_org_admin:
......
......@@ -50,7 +50,7 @@ class UserSerializer(BulkSerializerMixin, serializers.ModelSerializer):
def validate_role(self, value):
request = self.context.get('request')
if not request.user.is_superuser and value != User.ROLE_USER:
if not request.user.is_org_admin and value != User.ROLE_USER:
role_display = dict(User.ROLE_CHOICES)[User.ROLE_USER]
msg = _("Role limit to {}".format(role_display))
raise serializers.ValidationError(msg)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment