feat: added operation audit for idp and user

src/bk-user/bkuser/apis/web/idp/views.py

@@ -159,6 +159,7 @@ def post(self, request, *args, **kwargs):
             object_type=ObjectTypeEnum.IDP,
             object_id=idp.id,
             extras={
+                "name": idp.name,
                 "status": idp.status,
                 "plugin_config": idp.plugin_config,
                 "data_source_match_rules": idp.data_source_match_rules,
@@ -235,8 +236,8 @@ def put(self, request, *args, **kwargs):
         data_before = {
             "name": idp.name,
             "status": idp.status,
-            "data_source_match_rules": idp.data_source_match_rules,
             "plugin_config": idp.plugin_config,
+            "data_source_match_rules": idp.data_source_match_rules,
         }
 
         with transaction.atomic():
@@ -353,6 +354,7 @@ def post(self, request, *args, **kwargs):
             object_type=ObjectTypeEnum.IDP,
             object_id=idp.id,
             extras={
+                "name": idp.name,
                 "status": idp.status,
                 "plugin_config": idp.plugin_config,
                 "data_source_match_rules": idp.data_source_match_rules,

src/bk-user/bkuser/apis/web/organization/views/relations.py

@@ -129,23 +129,24 @@ def put(self, request, *args, **kwargs):
         tenant_users = TenantUser.objects.filter(tenant_id=cur_tenant_id, id__in=data["user_ids"]).values(
             "id", "data_source_user_id"
         )
-        tenant_users_map = {user["data_source_user_id"]: user["id"] for user in tenant_users}
 
+        # 【审计】获取用户与部门之间的映射
         user_department_relations = DataSourceDepartmentUserRelation.objects.filter(
             user_id__in=data_source_user_ids
         ).values("department_id", "user_id")
         user_departments_map = defaultdict(list)
 
-        # 将用户的所有部门存储在列表中
+        # 【审计】将用户的所有部门存储在列表中
         for relation in user_department_relations:
             user_departments_map[relation["user_id"]].append(relation["department_id"])
 
         # 【审计】批量创建审计对象
         objects = [
             AuditObject(
-                id=tenant_users_map[user_id], extras={"data_before": {"departments": user_departments_map[user_id]}}
+                id=user["id"],
+                extras={"data_before": {"departments": user_departments_map[user["data_source_user_id"]]}},
             )
-            for user_id in data_source_user_ids
+            for user in tenant_users
         ]
 
         # 移动操作：为数据源部门 & 用户添加关联边，但是会删除这批用户所有的存量关联边

src/bk-user/bkuser/apis/web/organization/views/users.py

@@ -516,7 +516,7 @@ def put(self, request, *args, **kwargs):
             "extras": data_source_user.extras,
             "departments": list(departments),
             "leaders": list(leaders),
-            "account_expired_at": tenant_user.account_expired_at.isoformat(),
+            "account_expired_at": tenant_user.account_expired_at.strftime("%Y-%m-%d %H:%M:%S"),
         }
 
         with transaction.atomic():
@@ -609,7 +609,7 @@ def delete(self, request, *args, **kwargs):
                 "extras": extras,
                 "departments": list(departments),
                 "leaders": list(leaders),
-                "account_expired_at": account_expired_at.isoformat(),
+                "account_expired_at": account_expired_at.strftime("%Y-%m-%d %H:%M:%S"),
             },
         )
 
@@ -644,7 +644,7 @@ def put(self, request, *args, **kwargs):
 
         # 【审计】记录变更前数据
         data_before = {
-            "account_expired_at": tenant_user.account_expired_at.isoformat(),
+            "account_expired_at": tenant_user.account_expired_at.strftime("%Y-%m-%d %H:%M:%S"),
             "status": tenant_user.status,
         }
 
@@ -918,17 +918,19 @@ def post(self, request, *args, **kwargs):
             # 批量创建租户用户（含协同）
             self._bulk_create_tenant_users(cur_tenant_id, tenant_dept, data_source, data_source_users)
 
-        # 【审计】获取批量创建的租户用户
-        tenant_users = TenantUser.objects.filter(
-            tenant_id=cur_tenant_id, data_source_user__in=data_source_users
-        ).values("id", "data_source_user")
-
-        tenant_users_map = {user["data_source_user"]: user["id"] for user in tenant_users}
+        # 【审计】创建数据源用户与租户用户之间的映射
+        tenant_user_map = {
+            user["data_source_user_id"]: user["id"]
+            for user in TenantUser.objects.filter(
+                data_source_user_in=data_source_users,
+                tenant_id=cur_tenant_id,
+            ).values("data_source_user_id", "id")
+        }
 
         # 【审计】批量创建审计对象
         objects = [
             AuditObject(
-                id=tenant_users_map[user],
+                id=tenant_user_map[user.id],
                 extras={
                     "username": user.username,
                     "full_name": user.full_name,
@@ -946,7 +948,7 @@ def post(self, request, *args, **kwargs):
         batch_add_audit_records(
             operator=request.user.username,
             tenant_id=cur_tenant_id,
-            operation=OperationEnum.MODIFY_USER_PASSWORD,
+            operation=OperationEnum.CREATE_USER,
             object_type=ObjectTypeEnum.USER,
             objects=objects,
         )
@@ -1069,38 +1071,46 @@ def delete(self, request, *args, **kwargs):
         # 【审计】记录变更前数据，数据删除后便无法获取
         data_source_users = DataSourceUser.objects.filter(id__in=data_source_user_ids)
 
-        # 获取租户用户与数据源用户映射
-        tenant_users = TenantUser.objects.filter(
-            data_source_user_id__in=data_source_user_ids,
-            tenant_id=cur_tenant_id,
-        ).values("id", "data_source_user_id")
-        tenant_users_map = {user["data_source_user_id"]: user["id"] for user in tenant_users}
+        # 【审计】获取数据源用户与租户用户之间的映射
+        tenant_user_map = {
+            user["data_source_user_id"]: user["id"]
+            for user in TenantUser.objects.filter(
+                data_source_user_id__in=data_source_user_ids,
+                tenant_id=cur_tenant_id,
+            ).values("data_source_user_id", "id")
+        }
 
-        # 获取用户与部门的映射
-        departments = DataSourceDepartmentUserRelation.objects.filter(user_id__in=data_source_user_ids).values(
-            "user_id", "department_id"
-        )
-        departments_map = {dept["user_id"]: dept["department_id"] for dept in departments}
+        # 【审计】获取用户与部门之间的映射
+        user_department_relations = DataSourceDepartmentUserRelation.objects.filter(
+            user_id__in=data_source_user_ids
+        ).values("user_id", "department_id")
+        user_department_map = defaultdict(list)
+        # 【审计】将用户的所有部门存储在列表中
+        for relation in user_department_relations:
+            user_department_map[relation["user_id"]].append(relation["department_id"])
 
-        # 获取用户与上级的映射
-        leaders = DataSourceUserLeaderRelation.objects.filter(user_id__in=data_source_user_ids).values(
+        # 【审计】获取用户与上级之间的映射
+        user_leader_relations = DataSourceUserLeaderRelation.objects.filter(user_id__in=data_source_user_ids).values(
             "user_id", "leader_id"
         )
-        leaders_map = {leader["user_id"]: leader["leader_id"] for leader in leaders}
+        user_leader_map = defaultdict(list)
+        # 【审计】将用户的所有上级存储在列表中
+        for relation in user_leader_relations:
+            user_leader_map[relation["user_id"]].append(relation["leader_id"])
 
         # 【审计】批量创建审计对象
         objects = [
             AuditObject(
-                id=tenant_users_map[user.id],
+                id=tenant_user_map[user.id],
                 extras={
                     "username": user.username,
                     "full_name": user.full_name,
                     "email": user.email,
                     "phone": user.phone,
                     "phone_country_code": user.phone_country_code,
                     "extras": user.extras,
-                    "department": departments_map[user.id],
-                    "leader": leaders_map.get(user.id, ""),
+                    "departments": user_department_map[user.id],
+                    "leaders": user_leader_map[user.id],
                 },
             )
             for user in data_source_users
@@ -1154,25 +1164,23 @@ def put(self, request, *args, **kwargs):
         slz.is_valid(raise_exception=True)
         data = slz.validated_data
 
+        # 【审计】记录变更前数据
         tenant_users = TenantUser.objects.filter(id__in=data["user_ids"], tenant_id=cur_tenant_id).values(
             "id", "status", "account_expired_at"
         )
 
-        # 【审计】记录变更前数据
-        tenant_users_map = {user["id"]: [user["account_expired_at"], user["status"]] for user in tenant_users}
-
         # 【审计】批量创建审计对象
         objects = [
             AuditObject(
-                id=user_id,
+                id=user["id"],
                 extras={
                     "data_before": {
-                        "account_expired_at": tenant_users_map[user_id][0].isoformat(),
-                        "status": tenant_users_map[user_id][1],
+                        "account_expired_at": user["account_expired_at"].strftime("%Y-%m-%d %H:%M:%S"),
+                        "status": user["status"],
                     }
                 },
             )
-            for user_id in data["user_ids"]
+            for user in tenant_users
         ]
 
         with transaction.atomic():
@@ -1227,14 +1235,8 @@ def put(self, request, *args, **kwargs):
         now = timezone.now()
         updater = request.user.username
 
-        # 【审计】记录变更前数据
-        tenant_users_map = {user.id: user.status for user in tenant_users}
-
         # 【审计】批量创建审计对象
-        objects = [
-            AuditObject(id=user_id, extras={"data_before": {"status": tenant_users_map[user_id]}})
-            for user_id in data["user_ids"]
-        ]
+        objects = [AuditObject(id=user.id, extras={"data_before": {"status": user.status}}) for user in tenant_users]
 
         # 停用的时候，正常 / 过期的租户用户都直接停用
         if data["status"] == TenantUserStatus.DISABLED:
@@ -1302,21 +1304,20 @@ def put(self, request, *args, **kwargs):
             "data_source_user_id", flat=True
         )
 
-        # 【审计】记录变更前数据
-        tenant_users = TenantUser.objects.filter(tenant_id=cur_tenant_id, id__in=data["user_ids"]).values(
-            "id", "data_source_user_id"
-        )
-
-        tenant_users_map = {user["data_source_user_id"]: user["id"] for user in tenant_users}
+        # 【审计】获取数据源用户与租户用户之间的映射
+        tenant_users = TenantUser.objects.filter(
+            data_source_user_id__in=data_source_user_ids,
+            tenant_id=cur_tenant_id,
+        ).values("data_source_user_id", "id")
 
         user_leader_relations = DataSourceUserLeaderRelation.objects.filter(user_id__in=data_source_user_ids).values(
-            "leader_id", "user_id"
+            "user_id", "leader_id"
         )
-        user_leaders_map = defaultdict(list)
+        user_leader_map = defaultdict(list)
 
-        # 将租户的所有 leader 存在列表中
+        # 【审计】将租户的所有 leader 存在列表中
         for relation in user_leader_relations:
-            user_leaders_map[relation["user_id"]].append(relation["leader_id"])
+            user_leader_map[relation["user_id"]].append(relation["leader_id"])
 
         # 新的用户 - 上级关系
         relations = [
@@ -1339,9 +1340,9 @@ def put(self, request, *args, **kwargs):
             object_type=ObjectTypeEnum.USER,
             objects=[
                 AuditObject(
-                    id=tenant_users_map[user_id], extras={"data_before": {"leaders": user_leaders_map[user_id]}}
+                    id=user["id"], extras={"data_before": {"leaders": user_leader_map[user["data_source_user_id"]]}}
                 )
-                for user_id in data_source_user_ids
+                for user in tenant_users
             ],
         )
 

src/bk-user/bkuser/apps/audit/constants.py

@@ -41,7 +41,6 @@ class OperationEnum(str, StructuredEnum):
     # 认证源
     CREATE_IDP = EnumField("create_idp", label=_("创建认证源"))
     MODIFY_IDP = EnumField("modify_idp", label=_("修改认证源"))
-    MODIFY_IDP_STATUS = EnumField("modify_idp_status", label=_("修改认证源状态"))
     # 用户
     CREATE_USER = EnumField("create_user", label=_("创建用户"))
     MODIFY_USER = EnumField("modify_user", label=_("修改用户信息"))