zyc/AirGate
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: separate global and project-level policies in frontend display

Browse Source 
- Global policy view: filter out project-scoped policies, only show Global
- Project list view: filter out global policies, only show Project-scoped
- Fixes: same policy appearing in both global and project views

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
seaislee1209 2026-03-28 22:41:35 +08:00
parent d0d48ceb19
commit 9ffa13f44d
1 changed files with 18 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
backend/apps/monitor/views.py
View File

@ -709,8 +709,15 @@ def iam_user_policies_view(request, pk):
svc = IAMService(ak, sk) svc = IAMService(ak, sk)
try: try:
resp = svc.list_attached_user_policies(user.username) resp = svc.list_attached_user_policies(user.username)
policies = resp.get("Result", {}).get("AttachedPolicyMetadata", []) all_policies = resp.get("Result", {}).get("AttachedPolicyMetadata", [])
return Response({'policies': policies}) # 只返回全局策略(过滤项目级的)
global_policies = []
for p in all_policies:
scopes = p.get('PolicyScope', [])
is_global = not scopes or any(s.get('PolicyScopeType') == 'Global' for s in scopes)
if is_global:
global_policies.append(p)
return Response({'policies': global_policies})
except VolcengineAPIError as e: except VolcengineAPIError as e:
return Response({'error': 'api_error', 'message': str(e)}, return Response({'error': 'api_error', 'message': str(e)},
status=status.HTTP_502_BAD_GATEWAY) status=status.HTTP_502_BAD_GATEWAY)
@ -794,7 +801,7 @@ def iam_user_project_list_view(request, pk):
projects = user.projects.all() projects = user.projects.all()
# 实时从火山查询每个项目的策略,同步到本地 # 实时从火山查询每个项目的策略,同步到本地(只取项目级的,过滤全局的)
account, ak, sk = _get_volc_account(user.volc_account_id) account, ak, sk = _get_volc_account(user.volc_account_id)
if ak: if ak:
svc = IAMService(ak, sk) svc = IAMService(ak, sk)
@ -804,10 +811,14 @@ def iam_user_project_list_view(request, pk):
'UserName': user.username, 'UserName': user.username,
'ProjectName': proj.project_name, 'ProjectName': proj.project_name,
}) })
volc_policies = [ # 只保留 PolicyScopeType=Project 的策略,过滤掉全局的
p.get('PolicyName', '') volc_policies = []
for p in resp.get('Result', {}).get('AttachedPolicyMetadata', []) for p in resp.get('Result', {}).get('AttachedPolicyMetadata', []):
] scopes = p.get('PolicyScope', [])
for s in scopes:
if s.get('PolicyScopeType') == 'Project' and s.get('ProjectName') == proj.project_name:
volc_policies.append(p.get('PolicyName', ''))
break
if set(volc_policies) != set(proj.attached_policies or []): if set(volc_policies) != set(proj.attached_policies or []):
proj.attached_policies = volc_policies proj.attached_policies = volc_policies
proj.save(update_fields=['attached_policies']) proj.save(update_fields=['attached_policies'])