From d9fa2c8d6c0dd66e7fab3ace5e56ce25b9c631d5 Mon Sep 17 00:00:00 2001
From: ping <1017253325@qq.com>
Date: Thu, 28 May 2026 16:51:05 +0800
Subject: [PATCH] =?UTF-8?q?=E7=AE=A1=E7=90=86=E5=91=98token=E6=8A=A5?=
 =?UTF-8?q?=E8=A1=A8?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 b/cntoai/model_usage_admin_report.dspy | 102 ++++++++++++++++++++++---
 1 file changed, 91 insertions(+), 11 deletions(-)

diff --git a/b/cntoai/model_usage_admin_report.dspy b/b/cntoai/model_usage_admin_report.dspy
index 847d188..e16f2b0 100644
--- a/b/cntoai/model_usage_admin_report.dspy
+++ b/b/cntoai/model_usage_admin_report.dspy
@@ -1,3 +1,26 @@
+async def get_user_role(ns={}):
+    sor = ns['sor']
+    ns['del_flg'] = '0'
+    res_role = await sor.R('userrole', ns)
+    if res_role:
+        user_role = res_role[0]
+    else:
+        return {
+            'status': False,
+            'msg': 'userrole table, user id can not find...',
+        }
+    roleid = user_role.get('roleid')
+    role_name = await sor.R('role', {'id': roleid})
+    if role_name:
+        role = role_name[0].get('role')
+    else:
+        return {
+            'status': False,
+            'msg': 'role table, can not get role name',
+        }
+    return role
+
+
 def _escape(value):
     if value is None:
         return None
@@ -182,18 +205,74 @@ async def _enrich_usage_rows(sor, rows):
     return items
 
 
-async def _fetch_customer_users(sor, orgid, customerid=None):
-    """获取机构下客户及其用户映射。"""
-    org_rows = await sor.R('organization', {'parentid': orgid, 'del_flg': '0'})
-    if customerid:
-        org_rows = [row for row in org_rows if row.get('id') == customerid]
-    org_map = {row['id']: row for row in org_rows}
+async def _resolve_scope_orgid(sor, user_orgid, user_role):
+    """
+    解析报表统计范围的机构 id。
+    运营/运营管理员：users.orgid 即所在机构 id。
+    其他管理员：users.orgid 为用户机构 id，所在机构为 organization.parentid。
+    """
+    if user_role in ('运营', '运营管理员'):
+        return user_orgid
+    org_rows = await sor.R('organization', {'id': user_orgid, 'del_flg': '0'})
+    if org_rows and org_rows[0].get('parentid'):
+        return org_rows[0]['parentid']
+    return user_orgid
 
+
+async def _fetch_customer_users(sor, institution_orgid, customerid=None):
+    """
+    获取机构下辖用户。
+    普通用户：users.orgid = organization.id，organization.parentid = 机构 id。
+    管理/运营：users.orgid 直接等于机构 id。
+    邀请注册可能存在二级 organization（parentid 指向上级客户机构）。
+    """
+    inst_esc = _escape(institution_orgid)
+    if customerid:
+        cid_esc = _escape(customerid)
+        if customerid == institution_orgid:
+            user_scope = """(
+                o.parentid = '%s'
+                OR o.parentid IN (
+                    SELECT id FROM organization WHERE parentid = '%s' AND del_flg = '0'
+                )
+                OR u.orgid = '%s'
+            )""" % (inst_esc, inst_esc, inst_esc)
+        else:
+            user_scope = "(u.orgid = '%s' OR o.parentid = '%s')" % (cid_esc, cid_esc)
+    else:
+        user_scope = """(
+            o.parentid = '%s'
+            OR o.parentid IN (
+                SELECT id FROM organization WHERE parentid = '%s' AND del_flg = '0'
+            )
+            OR u.orgid = '%s'
+        )""" % (inst_esc, inst_esc, inst_esc)
+
+    sql = """
+        SELECT u.id, u.username, u.name, u.orgid, o.orgname, o.parentid AS org_parentid
+        FROM users u
+        INNER JOIN organization o ON u.orgid = o.id AND o.del_flg = '0'
+        WHERE u.del_flg = '0' AND %s
+    """ % user_scope
+    rows = await sor.sqlExe(sql, {})
+
+    org_map = {}
     user_map = {}
-    for oid in org_map:
-        user_rows = await sor.R('users', {'orgid': oid, 'del_flg': '0'})
-        for user in user_rows:
-            user_map[user['id']] = user
+    for row in rows:
+        uid = row['id']
+        oid = row.get('orgid')
+        user_map[uid] = {
+            'id': uid,
+            'username': row.get('username'),
+            'name': row.get('name'),
+            'orgid': oid,
+        }
+        if oid and oid not in org_map:
+            org_map[oid] = {
+                'id': oid,
+                'orgname': row.get('orgname'),
+                'parentid': row.get('org_parentid'),
+            }
     return org_map, user_map
 
 
@@ -423,11 +502,12 @@ async def model_usage_admin_report(ns={}):
             if not user_rows:
                 return {'status': False, 'msg': '用户不存在'}
 
-            orgid = user_rows[0].get('orgid')
+            user_orgid = user_rows[0].get('orgid')
             user_role = await get_user_role({'userid': userid, 'sor': sor})
             if user_role not in ('管理员', '运营', '运营管理员'):
                 return {'status': False, 'msg': '无权限，仅机构管理员可查看'}
 
+            orgid = await _resolve_scope_orgid(sor, user_orgid, user_role)
             org_map, user_map = await _fetch_customer_users(sor, orgid, customerid)
             user_ids = list(user_map.keys())
             if not user_ids: