fix: sync disable/enable state correctly

- Disable: sync volc_login_allowed=False - Enable: sync volc_login_allowed from actual LoginProfile state - Sync: check AK status to detect AirGate-disabled accounts (all AKs inactive = disabled, even if user Status=active) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-28 22:09:14 +08:00 · 2026-03-28 22:09:14 +08:00 · bae68ea6a1
commit bae68ea6a1
parent 9cfd550485
1 changed files with 15 additions and 7 deletions
--- a/backend/apps/monitor/views.py
+++ b/backend/apps/monitor/views.py
@ -213,14 +213,20 @@ def iam_user_sync_view(request):
            except Exception:
                pass

-            # Sync account status from Volcengine user status (not login profile)
+            # Sync account status: check both user status and AK status
            volc_status = u.get("Status", "active")
-            if volc_status == "active":
-                obj.status = IAMUser.Status.ACTIVE
-            elif volc_status == "disabled":
+            if volc_status != "active":
                obj.status = IAMUser.Status.DISABLED
            else:
-                obj.status = IAMUser.Status.UNKNOWN
+                # User is active, but check if all AKs are inactive (stopped by AirGate)
+                all_inactive = False
+                try:
+                    keys = svc.list_access_keys(username)
+                    if keys and all(k.get("Status") == "inactive" for k in keys):
+                        all_inactive = True
+                except Exception:
+                    pass
+                obj.status = IAMUser.Status.DISABLED if all_inactive else IAMUser.Status.ACTIVE

            # Sync volc login status separately
            try:
@ -579,7 +585,8 @@ def iam_user_disable_view(request, pk):

        user.status = IAMUser.Status.DISABLED
        user.saved_policies_on_disable = saved_policies
-        user.save(update_fields=['status', 'saved_policies_on_disable'])
+        user.volc_login_allowed = False
+        user.save(update_fields=['status', 'saved_policies_on_disable', 'volc_login_allowed'])

        policy_count = len(saved_policies)
        error_info = f"，移除失败: {detach_errors}" if detach_errors else ""
@ -629,7 +636,8 @@ def iam_user_enable_view(request, pk):

        user.status = IAMUser.Status.ACTIVE
        user.saved_policies_on_disable = []
-        user.save(update_fields=['status', 'saved_policies_on_disable'])
+        user.volc_login_allowed = svc._has_login_profile(user.username)
+        user.save(update_fields=['status', 'saved_policies_on_disable', 'volc_login_allowed'])

        error_info = f"，恢复失败: {restore_errors}" if restore_errors else ""
        AlertRecord.objects.create(