From bae68ea6a1df25f8e29c2440f5ed3009aa686aa8 Mon Sep 17 00:00:00 2001
From: seaislee1209 <seaislee129@gmail.com>
Date: Sat, 28 Mar 2026 22:09:14 +0800
Subject: [PATCH] fix: sync disable/enable state correctly

- Disable: sync volc_login_allowed=False
- Enable: sync volc_login_allowed from actual LoginProfile state
- Sync: check AK status to detect AirGate-disabled accounts
  (all AKs inactive = disabled, even if user Status=active)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 backend/apps/monitor/views.py | 22 +++++++++++++++-------
 1 file changed, 15 insertions(+), 7 deletions(-)

diff --git a/backend/apps/monitor/views.py b/backend/apps/monitor/views.py
index 2a16e17..94a112a 100644
--- a/backend/apps/monitor/views.py
+++ b/backend/apps/monitor/views.py
@@ -213,14 +213,20 @@ def iam_user_sync_view(request):
             except Exception:
                 pass
 
-            # Sync account status from Volcengine user status (not login profile)
+            # Sync account status: check both user status and AK status
             volc_status = u.get("Status", "active")
-            if volc_status == "active":
-                obj.status = IAMUser.Status.ACTIVE
-            elif volc_status == "disabled":
+            if volc_status != "active":
                 obj.status = IAMUser.Status.DISABLED
             else:
-                obj.status = IAMUser.Status.UNKNOWN
+                # User is active, but check if all AKs are inactive (stopped by AirGate)
+                all_inactive = False
+                try:
+                    keys = svc.list_access_keys(username)
+                    if keys and all(k.get("Status") == "inactive" for k in keys):
+                        all_inactive = True
+                except Exception:
+                    pass
+                obj.status = IAMUser.Status.DISABLED if all_inactive else IAMUser.Status.ACTIVE
 
             # Sync volc login status separately
             try:
@@ -579,7 +585,8 @@ def iam_user_disable_view(request, pk):
 
         user.status = IAMUser.Status.DISABLED
         user.saved_policies_on_disable = saved_policies
-        user.save(update_fields=['status', 'saved_policies_on_disable'])
+        user.volc_login_allowed = False
+        user.save(update_fields=['status', 'saved_policies_on_disable', 'volc_login_allowed'])
 
         policy_count = len(saved_policies)
         error_info = f"，移除失败: {detach_errors}" if detach_errors else ""
@@ -629,7 +636,8 @@ def iam_user_enable_view(request, pk):
 
         user.status = IAMUser.Status.ACTIVE
         user.saved_policies_on_disable = []
-        user.save(update_fields=['status', 'saved_policies_on_disable'])
+        user.volc_login_allowed = svc._has_login_profile(user.username)
+        user.save(update_fields=['status', 'saved_policies_on_disable', 'volc_login_allowed'])
 
         error_info = f"，恢复失败: {restore_errors}" if restore_errors else ""
         AlertRecord.objects.create(