porsche/vmis
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

revert: all tenants (including manager) need NC+OO containers

Browse Source 
Manager tenant is a real company tenant with employees who need
NC Drive + OO. is_manager only controls admin portal access and
Traefik route inclusion, not whether NC/OO infrastructure is needed.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
VMIS Developer
2026-03-15 22:33:25 +08:00
parent 3ee7f72f52
commit cf1e26c2e9
2 changed files with 155 additions and 174 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
backend/app/services/scheduler/schedule_account.py
View File

@@ -77,13 +77,6 @@ def run_account_check(schedule_log_id: int, db: Session):
result.mailbox_done_at = now_tw() result.mailbox_done_at = now_tw()
fail_reasons.append(f"mailbox: {e}") fail_reasons.append(f"mailbox: {e}")
# [3] NC user + Mailmanager 租戶無 NC container跳過
if tenant.is_manager:
result.nc_result = True
result.nc_done_at = now_tw()
result.nc_mail_result = True
result.nc_mail_done_at = now_tw()
else:
# [3] NC user check # [3] NC user check
try: try:
from app.core.config import settings as _cfg from app.core.config import settings as _cfg
@@ -94,7 +87,6 @@ def run_account_check(schedule_log_id: int, db: Session):
else: else:
created = nc.create_user(account.sso_account, account.default_password, account.quota_limit) created = nc.create_user(account.sso_account, account.default_password, account.quota_limit)
result.nc_result = created result.nc_result = created
# 確保 quota 設定正確(無論新建或已存在)
if result.nc_result and account.quota_limit: if result.nc_result and account.quota_limit:
nc.set_user_quota(account.sso_account, account.quota_limit) nc.set_user_quota(account.sso_account, account.quota_limit)
result.nc_done_at = now_tw() result.nc_done_at = now_tw()

13
backend/app/services/scheduler/schedule_tenant.py
View File

@@ -946,13 +946,6 @@ def run_tenant_check(schedule_log_id: int, db: Session):
# ── [4] NC container + DB 驗證 + OIDC 設定 ───────────────────────── # ── [4] NC container + DB 驗證 + OIDC 設定 ─────────────────────────
pg_db = f"nc_{tenant.code}_db" pg_db = f"nc_{tenant.code}_db"
if tenant.is_manager:
# Manager 租戶無需 NC/OO 容器,直接標記成功
result.nc_result = True
result.nc_done_at = now_tw()
result.office_result = True
result.office_done_at = now_tw()
else:
try: try:
nc_state = docker.check_container_ssh(nc_name) nc_state = docker.check_container_ssh(nc_name)
if nc_state is None: if nc_state is None:
@@ -965,7 +958,6 @@ def run_tenant_check(schedule_log_id: int, db: Session):
if not ok: if not ok:
fail_reasons.append("nc: deploy failed") fail_reasons.append("nc: deploy failed")
else: else:
# 部署成功後驗證 NC 是否正確使用 PostgreSQL
if not _nc_db_check(nc_name, pg_host, pg_db, tenant.domain, pg_port): if not _nc_db_check(nc_name, pg_host, pg_db, tenant.domain, pg_port):
result.nc_result = False result.nc_result = False
fail_reasons.append("nc: installed but not using pgsql") fail_reasons.append("nc: installed but not using pgsql")
@@ -977,7 +969,7 @@ def run_tenant_check(schedule_log_id: int, db: Session):
if not ok: if not ok:
fail_reasons.append("nc: start failed") fail_reasons.append("nc: start failed")
else: else:
# 容器正常運行 → 驗證 DB 類型(防止 sqlite3 殘留問題) # 容器正常運行 → 驗證 DB 類型
db_ok = _nc_db_check(nc_name, pg_host, pg_db, tenant.domain, pg_port) db_ok = _nc_db_check(nc_name, pg_host, pg_db, tenant.domain, pg_port)
if not db_ok: if not db_ok:
result.nc_result = False result.nc_result = False
@@ -986,7 +978,6 @@ def run_tenant_check(schedule_log_id: int, db: Session):
result.nc_result = True result.nc_result = True
if kc_drive_secret: if kc_drive_secret:
if not _nc_initialized(nc_name): if not _nc_initialized(nc_name):
# 首次初始化:語言 + Apps + OIDC + SSO 強制模式 + OO 整合
oo_url = (f"https://office-{tenant.code}.ease.taipei" if is_active oo_url = (f"https://office-{tenant.code}.ease.taipei" if is_active
else f"https://office-{tenant.code}.lab.taipei") else f"https://office-{tenant.code}.lab.taipei")
ok = _nc_initialize(nc_name, kc_host, realm, kc_drive_secret, tenant.domain, ok = _nc_initialize(nc_name, kc_host, realm, kc_drive_secret, tenant.domain,
@@ -994,7 +985,6 @@ def run_tenant_check(schedule_log_id: int, db: Session):
if not ok: if not ok:
fail_reasons.append("nc: initialization failed") fail_reasons.append("nc: initialization failed")
else: else:
# 已初始化:僅同步 OIDC secret確保與 KC 一致)
ok = _configure_nc_oidc(nc_name, kc_host, realm, kc_drive_secret, tenant.domain) ok = _configure_nc_oidc(nc_name, kc_host, realm, kc_drive_secret, tenant.domain)
if not ok: if not ok:
fail_reasons.append("nc: OIDC sync failed") fail_reasons.append("nc: OIDC sync failed")
@@ -1026,7 +1016,6 @@ def run_tenant_check(schedule_log_id: int, db: Session):
fail_reasons.append(f"oo: {e}") fail_reasons.append(f"oo: {e}")
# ── [6] Quota (OO disk + PG DB size) ──────────────────────────────── # ── [6] Quota (OO disk + PG DB size) ────────────────────────────────
if not tenant.is_manager:
try: try:
oo_gb = docker.get_oo_disk_usage_gb(oo_name) or 0.0 oo_gb = docker.get_oo_disk_usage_gb(oo_name) or 0.0
pg_gb = _get_pg_db_size_gb(pg_host, pg_db, pg_port) or 0.0 pg_gb = _get_pg_db_size_gb(pg_host, pg_db, pg_port) or 0.0