fix(open v2 api): fetch user department 404 when user is virtual user (…

…#1891)
TencentBlueKing · Aug 14, 2024 · 2ceb914 · 2ceb914
1 parent 243b3e8
commit 2ceb914
Show file tree

Hide file tree

Showing 4 changed files with 24 additions and 16 deletions.
diff --git a/src/bk-login/bklogin/authentication/views.py b/src/bk-login/bklogin/authentication/views.py
@@ -63,7 +63,7 @@ def _get_redirect_url(self, request):
         url_is_safe = url_has_allowed_host_and_scheme(
             url=redirect_to,
             allowed_hosts={*settings.ALLOWED_REDIRECT_HOSTS},
-            require_https=settings.BK_DOMAIN_SCHEME == "https",
+            require_https=settings.REDIRECT_URL_REQUIRE_HTTPS,
         )
         return redirect_to if url_is_safe else self.default_redirect_to
 

diff --git a/src/bk-login/bklogin/settings.py b/src/bk-login/bklogin/settings.py
@@ -8,6 +8,7 @@
 an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
 specific language governing permissions and limitations under the License.
 """
+
 import hashlib
 import os
 from pathlib import Path
@@ -149,6 +150,7 @@
 #  (4) 精确域名&端口匹配，比如 example.com:9000 只可匹配 example.com:9000
 # 默认蓝鲸体系域名都可以匹配
 ALLOWED_REDIRECT_HOSTS = env.list("BK_LOGIN_ALLOWED_REDIRECT_HOSTS", default=[BK_COOKIE_DOMAIN])
+REDIRECT_URL_REQUIRE_HTTPS = env.bool("BK_LOGIN_REDIRECT_URL_REQUIRE_HTTPS", default=bool(BK_DOMAIN_SCHEME == "https"))
 # 语言Cookie（蓝鲸体系共享）
 LANGUAGE_COOKIE_DOMAIN = BK_COOKIE_DOMAIN
 

diff --git a/src/bk-user/bkuser/apis/open_v2/views/departments.py b/src/bk-user/bkuser/apis/open_v2/views/departments.py
@@ -360,18 +360,25 @@ def get(self, request, *args, **kwargs):
         params = slz.validated_data
 
         # 注：兼容 v2 的 OpenAPI 只提供默认租户的数据（包括默认租户本身数据源的数据 & 其他租户协同过来的数据）
-        filters = {
-            "tenant_id": self.default_tenant.id,
-            "data_source__type": DataSourceTypeEnum.REAL,
-        }
+        lookup_filter = {}
         if params["lookup_field"] == "username":
             # username 其实就是新的租户用户 ID，形式如 admin / [email protected] / uuid4
-            filters["id"] = kwargs["lookup_value"]
+            lookup_filter["id"] = kwargs["lookup_value"]
         else:
             # 用户 ID 即为数据源用户 ID
-            filters["data_source_user__id"] = kwargs["lookup_value"]
-
-        tenant_user = TenantUser.objects.select_related("data_source_user").filter(**filters).first()
+            lookup_filter["data_source_user__id"] = kwargs["lookup_value"]
+
+        tenant_user = (
+            TenantUser.objects.select_related("data_source_user")
+            .filter(
+                Q(**lookup_filter),
+                Q(tenant_id=self.default_tenant.id),
+                # Note: 兼容 v2 仅仅允许默认租户下的虚拟账号输出
+                Q(data_source__type=DataSourceTypeEnum.REAL)
+                | Q(data_source__owner_tenant_id=self.default_tenant.id, data_source__type=DataSourceTypeEnum.VIRTUAL),
+            )
+            .first()
+        )
         if not tenant_user:
             raise Http404(f"user {params['lookup_field']}:{kwargs['lookup_value']} not found")
 

diff --git a/src/bk-user/bkuser/apis/open_v2/views/profilers.py b/src/bk-user/bkuser/apis/open_v2/views/profilers.py
@@ -481,15 +481,12 @@ def get(self, request, *args, **kwargs):
         slz.is_valid(raise_exception=True)
         params = slz.validated_data
 
-        # 路径参数
-        lookup_value = kwargs["lookup_value"]
-
         lookup_filter = {}
         if params["lookup_field"] == "username":
             # username 其实就是新的租户用户 ID，形式如 admin / [email protected] / uuid4
-            lookup_filter["id"] = lookup_value
+            lookup_filter["id"] = kwargs["lookup_value"]
         else:
-            lookup_filter["data_source_user__id"] = lookup_value
+            lookup_filter["data_source_user__id"] = kwargs["lookup_value"]
 
         # 注：兼容 v2 的 OpenAPI 只提供默认租户的数据（包括默认租户本身数据源的数据 & 其他租户协同过来的数据）
         tenant_user = (
@@ -703,9 +700,11 @@ def put(self, request, *args, **kwargs):
         slz = ProfileLanguageUpdateInputSLZ(data=request.data)
         slz.is_valid(raise_exception=True)
 
-        # Note: 由于虚拟账号并不支持登录，所以不存在设置语言的场景
         tenant_user = TenantUser.objects.filter(
-            id=kwargs["username"], tenant=self.default_tenant, data_source__type=DataSourceTypeEnum.REAL
+            Q(id=kwargs["username"]),
+            Q(tenant=self.default_tenant),
+            Q(data_source__type=DataSourceTypeEnum.REAL)
+            | Q(data_source__owner_tenant_id=self.default_tenant.id, data_source__type=DataSourceTypeEnum.VIRTUAL),
         ).first()
         if not tenant_user:
             raise Http404(f"user username:{kwargs['username']} not found")