From 9ffa13f44dc607e3ab73caffef69cd94b4976125 Mon Sep 17 00:00:00 2001
From: seaislee1209 <seaislee129@gmail.com>
Date: Sat, 28 Mar 2026 22:41:35 +0800
Subject: [PATCH] fix: separate global and project-level policies in frontend
 display

- Global policy view: filter out project-scoped policies, only show Global
- Project list view: filter out global policies, only show Project-scoped
- Fixes: same policy appearing in both global and project views

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 backend/apps/monitor/views.py | 25 ++++++++++++++++++-------
 1 file changed, 18 insertions(+), 7 deletions(-)

diff --git a/backend/apps/monitor/views.py b/backend/apps/monitor/views.py
index c059ef1..2de7aee 100644
--- a/backend/apps/monitor/views.py
+++ b/backend/apps/monitor/views.py
@@ -709,8 +709,15 @@ def iam_user_policies_view(request, pk):
     svc = IAMService(ak, sk)
     try:
         resp = svc.list_attached_user_policies(user.username)
-        policies = resp.get("Result", {}).get("AttachedPolicyMetadata", [])
-        return Response({'policies': policies})
+        all_policies = resp.get("Result", {}).get("AttachedPolicyMetadata", [])
+        # 只返回全局策略（过滤项目级的）
+        global_policies = []
+        for p in all_policies:
+            scopes = p.get('PolicyScope', [])
+            is_global = not scopes or any(s.get('PolicyScopeType') == 'Global' for s in scopes)
+            if is_global:
+                global_policies.append(p)
+        return Response({'policies': global_policies})
     except VolcengineAPIError as e:
         return Response({'error': 'api_error', 'message': str(e)},
                         status=status.HTTP_502_BAD_GATEWAY)
@@ -794,7 +801,7 @@ def iam_user_project_list_view(request, pk):
 
     projects = user.projects.all()
 
-    # 实时从火山查询每个项目的策略，同步到本地
+    # 实时从火山查询每个项目的策略，同步到本地（只取项目级的，过滤全局的）
     account, ak, sk = _get_volc_account(user.volc_account_id)
     if ak:
         svc = IAMService(ak, sk)
@@ -804,10 +811,14 @@ def iam_user_project_list_view(request, pk):
                     'UserName': user.username,
                     'ProjectName': proj.project_name,
                 })
-                volc_policies = [
-                    p.get('PolicyName', '')
-                    for p in resp.get('Result', {}).get('AttachedPolicyMetadata', [])
-                ]
+                # 只保留 PolicyScopeType=Project 的策略，过滤掉全局的
+                volc_policies = []
+                for p in resp.get('Result', {}).get('AttachedPolicyMetadata', []):
+                    scopes = p.get('PolicyScope', [])
+                    for s in scopes:
+                        if s.get('PolicyScopeType') == 'Project' and s.get('ProjectName') == proj.project_name:
+                            volc_policies.append(p.get('PolicyName', ''))
+                            break
                 if set(volc_policies) != set(proj.attached_policies or []):
                     proj.attached_policies = volc_policies
                     proj.save(update_fields=['attached_policies'])