管理员允许指定工单提交人，但是提交人也必须在指定资源组内

sql_api/serializers.py

@@ -312,13 +312,24 @@ def to_internal_value(self, data):
             data["run_date_end"] = None
         return super().to_internal_value(data)
 
-    def validate_group_id(self, group_id):
+    @staticmethod
+    def validate_group_id(group_id):
         try:
             ResourceGroup.objects.get(pk=group_id)
         except ResourceGroup.DoesNotExist:
             raise serializers.ValidationError({"errors": f"不存在该资源组：{group_id}"})
         return group_id
 
+    def validate_engineer(self, engineer):
+        """仅管理员做engineer校验"""
+        user = self.context["request"].user
+        if user.is_superuser:
+            try:
+                Users.objects.get(username=engineer)
+            except Users.DoesNotExist:
+                raise serializers.ValidationError({"errors": f"不存在用户：{engineer}"})
+        return engineer
+
     class Meta:
         model = SqlWorkflow
         fields = "__all__"
@@ -330,11 +341,11 @@ class Meta:
             "group_name",
             "finish_time",
             "is_manual",
-            "engineer",
         ]
         extra_kwargs = {
             "demand_url": {"required": False},
             "is_backup": {"required": False},
+            "engineer": {"required": False},
         }
 
 
@@ -346,10 +357,17 @@ def create(self, validated_data):
         workflow_data = validated_data.pop("workflow")
         instance = workflow_data["instance"]
         sql_content = validated_data["sql_content"].strip()
-        user = self.context["request"].user  # 只能提交自己负责的资源
         group = ResourceGroup.objects.get(pk=workflow_data["group_id"])
+        engineer = workflow_data.get("engineer")
+
+        # 管理员可以指定提交人信息
+        if self.context["request"].user.is_superuser:
+            user = Users.objects.get(username=engineer)
+        # 提交人只能是自己
+        else:
+            user = self.context["request"].user
 
-        # 验证组权限（用户是否在该组、该组是否有指定实例）
+        # 验证提交用户的组权限（用户是否在该组、该组是否有指定实例）
         try:
             user_instances(user, tag_codes=["can_write"]).get(id=instance.id)
         except instance.DoesNotExist:

sql_api/tests.py

@@ -549,7 +549,6 @@ def test_submit_workflow(self):
                 "demand_url": "test",
                 "group_id": 1,
                 "db_name": "test_db",
-                "engineer": self.user.username,
                 "instance": self.ins.id,
             },
             "sql_content": "alter table abc add column note varchar(64);",
@@ -560,6 +559,31 @@ def test_submit_workflow(self):
         self.assertEqual(r.json()["workflow"]["engineer"], self.user.username)
         self.assertEqual(r.json()["workflow"]["engineer_display"], self.user.display)
 
+    def test_submit_workflow_super(self):
+        """测试管理员提交SQL上线工单，可以指定用户"""
+        User.objects.filter(id=self.user.id).update(is_superuser=1)
+        user2 = User.objects.create(
+            username="test_user2", display="测试用户2", is_active=True
+        )
+        user2.groups.add(self.group.id)
+        user2.resource_group.add(self.res_group.group_id)
+        json_data = {
+            "workflow": {
+                "workflow_name": "上线工单1",
+                "demand_url": "test",
+                "group_id": 1,
+                "db_name": "test_db",
+                "engineer": "test_user2",
+                "instance": self.ins.id,
+            },
+            "sql_content": "alter table abc add column note varchar(64);",
+        }
+        r = self.client.post("/api/v1/workflow/", json_data, format="json")
+        self.assertEqual(r.status_code, status.HTTP_201_CREATED)
+        self.assertEqual(r.json()["workflow"]["workflow_name"], "上线工单1")
+        self.assertEqual(r.json()["workflow"]["engineer"], user2.username)
+        self.assertEqual(r.json()["workflow"]["engineer_display"], user2.display)
+
     def test_submit_param_is_None(self):
         """测试SQL提交，参数内容为空"""
         json_data = {