15308555518/ MaxKB
1
0
Fork 0
mirror of https://github.com/1Panel-dev/MaxKB.git synced 2025-12-25 17:22:55 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

feat: Filter user by role
Some checks are pending
sync2gitee / repo-sync (push) Waiting to run
Details
Typos Check / Spell Check with Typos (push) Waiting to run
Details

This commit is contained in:
zhangzhanwei 2025-11-25 15:19:49 +08:00 committed by zhanweizhang7
parent 197d514cb4
commit 7da64a2268
4 changed files with 72 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
apps/system_manage/serializers/user_resource_permission.py
View File

@ -9,6 +9,7 @@
import json
import os
from django.contrib.postgres.fields import ArrayField
from django.core.cache import cache
from django.db import models
from django.db.models import QuerySet, Q, TextField
@ -343,10 +344,13 @@ class ResourceUserPermissionSerializer(serializers.Serializer):
"role": models.CharField(),
"role_setting.type": models.CharField(),
"user_role_relation.workspace_id": models.CharField(),
'tmp.type_list': ArrayField(models.CharField()),
'tmp.role_name_list_str': models.CharField()
}))
nick_name = instance.get('nick_name')
username = instance.get('username')
role_name = instance.get('role')
permission = instance.get('permission')
query_p_list = [None if p == "NOT_AUTH" else p for p in permission]
@ -375,15 +379,31 @@ class ResourceUserPermissionSerializer(serializers.Serializer):
**{"u.id__in": QuerySet(workspace_user_role_mapping_model).filter(
workspace_id=self.data.get('workspace_id')).values("user_id")})
if is_x_pack_ee:
user_query_set = user_query_set.filter(
**{'role_setting.type': "USER", 'user_role_relation.workspace_id': self.data.get('workspace_id')})
user_query_set = user_query_set.filter(**{
"tmp.type_list__contains": ["USER"]
})
role_name_and_type_query_set = QuerySet(model=get_dynamics_model({
'user_role_relation.workspace_id': models.CharField(),
})).filter(**{
"user_role_relation.workspace_id": self.data.get('workspace_id'),
})
if role_name:
user_query_set = user_query_set.filter(
**{'tmp.role_name_list_str__icontains': str(role_name)}
)
return {
'workspace_user_resource_permission_query_set': workspace_user_resource_permission_query_set,
'user_query_set': user_query_set,
'role_name_and_type_query_set': role_name_and_type_query_set
}
else:
user_query_set = user_query_set.filter(
**{'role': "USER"})
return {
'workspace_user_resource_permission_query_set': workspace_user_resource_permission_query_set,
'user_query_set': user_query_set
}
return {
'workspace_user_resource_permission_query_set': workspace_user_resource_permission_query_set,
'user_query_set': user_query_set
}
def list(self, instance, with_valid=True):
if with_valid:

55
apps/system_manage/sql/get_resource_user_permission_detail_ee.sql
View File

@ -1,34 +1,41 @@
SELECT
distinct(u.id),
DISTINCT u.id,
u.nick_name,
u.username,
case
when
wurp."permission" is null then 'NOT_AUTH'
else wurp."permission"
end
tmp.role_name_list AS role_name,
CASE
WHEN wurp."permission" IS NULL THEN 'NOT_AUTH'
ELSE wurp."permission"
END AS permission
FROM
public."user" u
LEFT JOIN (
SELECT
user_id ,
(case
when auth_type = 'ROLE'
and 'ROLE' = any( permission_list) then 'ROLE'
when auth_type = 'RESOURCE_PERMISSION_GROUP'
and 'MANAGE'= any(permission_list) then 'MANAGE'
when auth_type = 'RESOURCE_PERMISSION_GROUP'
and 'VIEW' = any( permission_list) then 'VIEW'
else null
end) as "permission"
user_id,
CASE
WHEN auth_type = 'ROLE'
AND 'ROLE' = ANY(permission_list) THEN 'ROLE'
WHEN auth_type = 'RESOURCE_PERMISSION_GROUP'
AND 'MANAGE' = ANY(permission_list) THEN 'MANAGE'
WHEN auth_type = 'RESOURCE_PERMISSION_GROUP'
AND 'VIEW' = ANY(permission_list) THEN 'VIEW'
ELSE NULL
END AS "permission"
FROM
workspace_user_resource_permission
${workspace_user_resource_permission_query_set}
) wurp
ON
u.id = wurp.user_id
left join user_role_relation user_role_relation
on user_role_relation.user_id = u.id
left join role_setting role_setting
on role_setting.id = user_role_relation.role_id
${workspace_user_resource_permission_query_set}
) wurp ON u.id = wurp.user_id
LEFT JOIN (
SELECT
ARRAY_AGG(role_setting.role_name) AS role_name_list,
ARRAY_AGG(role_setting.role_name)::text AS role_name_list_str,
ARRAY_AGG(role_setting.type) AS type_list,
user_role_relation.user_id
FROM user_role_relation user_role_relation
LEFT JOIN role_setting role_setting
ON role_setting.id = user_role_relation.role_id
${role_name_and_type_query_set}
GROUP BY
user_role_relation.user_id) tmp
ON u.id = tmp.user_id
${user_query_set}

1
apps/system_manage/views/user_resource_permission.py
View File

@ -196,6 +196,7 @@ class WorkspaceResourceUserPermissionView(APIView):
return result.success(ResourceUserPermissionSerializer(
data={'workspace_id': workspace_id, "target": target, 'auth_target_type': resource, }
).page({'username': request.query_params.get("username"),
'role': request.query_params.get("role"),
'nick_name': request.query_params.get("nick_name"),
'permission': request.query_params.getlist("permission[]")}, current_page, page_size,
))

32
ui/src/components/resource-authorization-drawer/index.vue
View File

@ -23,6 +23,7 @@
<el-option :label="$t('views.userManage.userForm.nick_name.label')" value="nick_name" />
<el-option :label="$t('views.login.loginForm.username.label')" value="username" />
<el-option :label="$t('views.model.modelForm.permissionType.label')" value="permission" />
<el-option v-if="hasPermission([EditionConst.IS_EE,EditionConst.IS_PE],'OR')" :label="$t('views.role.member.role')" value="role" />
</el-select>
<el-input
v-if="searchType === 'nick_name'"
@ -40,7 +41,14 @@
style="width: 220px"
clearable
/>
<el-input
v-if="searchType === 'role'"
v-model="searchForm.role"
@change="searchHandle"
:placeholder="$t('common.search')"
style="width: 220px"
clearable
/>
<el-select
v-else-if="searchType === 'permission'"
v-model="searchForm.permission"
@ -85,28 +93,15 @@
show-overflow-tooltip
:label="$t('views.login.loginForm.username.label')"
/>
<!-- <el-table-column prop="role_name" :label="$t('views.role.member.role')" width="210">
<el-table-column v-if="hasPermission([EditionConst.IS_EE,EditionConst.IS_PE],'OR')" prop="role_name" :label="$t('views.role.member.role')" width="210">
<template #default="{ row }">
<el-popover :width="400">
<template #reference>
<TagGroup
class="cursor"
style="width: fit-content"
:tags="row.role_name"
tooltipDisabled
/>
</template>
<template #default>
<el-table :data="row.role_workspace">
<el-table-column prop="role" :label="$t('views.role.member.role')">
</el-table-column>
<el-table-column prop="workspace" :label="$t('views.workspace.title')">
</el-table-column>
</el-table>
</template>
</el-popover>
</template>
</el-table-column> -->
</el-table-column>
<el-table-column :label="$t('common.operation')" align="left" width="340">
<template #default="{ row }">
<el-radio-group
@ -206,7 +201,7 @@ import { loadSharedApi } from '@/utils/dynamics-api/shared-api'
const route = useRoute()
import useStore from '@/stores'
import { hasPermission } from '@/utils/permission/index'
import { PermissionConst, RoleConst } from '@/utils/permission/data'
import { EditionConst, PermissionConst, RoleConst } from '@/utils/permission/data'
const { user } = useStore()
const props = defineProps<{
@ -338,11 +333,12 @@ const searchType = ref('nick_name')
const searchForm = ref<any>({
nick_name: '',
username: '',
role: '',
permission: undefined,
})
const search_type_change = () => {
searchForm.value = { nick_name: '', username: '', permission: undefined }
searchForm.value = { nick_name: '', username: '', role: '', permission: undefined }
}
const paginationConfig = reactive({