github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

fix: Validate input data for account status updates

pull/15070/head
wangruidong 2025-03-19 14:43:09 +08:00 committed by w940853815
parent e68d5564c6
commit 2a31a7d444
2 changed files with 13 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
apps/accounts/api/automations/gather_account.py
View File

@ -90,14 +90,16 @@ class GatheredAccountViewSet(OrgBulkModelViewSet):
@action(methods=["put"], detail=False, url_path="status") @action(methods=["put"], detail=False, url_path="status")
def status(self, request, *args, **kwargs): def status(self, request, *args, **kwargs):
ids = request.data.get('ids', []) serializer = self.get_serializer(data=request.data)
new_status = request.data.get("status") if not serializer.is_valid():
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
validated_data = serializer.validated_data
ids = validated_data.get('ids', [])
new_status = validated_data.get('status')
updated_instances = GatheredAccount.objects.filter(id__in=ids).select_related('asset') updated_instances = GatheredAccount.objects.filter(id__in=ids).select_related('asset')
if new_status == "confirmed": if new_status == "confirmed":
GatheredAccount.sync_accounts(updated_instances) GatheredAccount.sync_accounts(updated_instances)
updated_instances.update(present=True) updated_instances.update(present=True)
updated_instances.update(status=new_status) updated_instances.update(status=new_status)
return Response(status=status.HTTP_200_OK) return Response(status=status.HTTP_200_OK)

10
apps/accounts/serializers/automations/gather_account.py
View File

@ -7,6 +7,7 @@ from accounts.models import GatherAccountsAutomation
from accounts.models import GatheredAccount from accounts.models import GatheredAccount
from accounts.serializers.account.account import AccountAssetSerializer as _AccountAssetSerializer from accounts.serializers.account.account import AccountAssetSerializer as _AccountAssetSerializer
from accounts.serializers.account.base import BaseAccountSerializer from accounts.serializers.account.base import BaseAccountSerializer
from common.const import ConfirmOrIgnore
from orgs.mixins.serializers import BulkOrgResourceModelSerializer from orgs.mixins.serializers import BulkOrgResourceModelSerializer
from .base import BaseAutomationSerializer from .base import BaseAutomationSerializer
@ -63,9 +64,12 @@ class DiscoverAccountSerializer(BulkOrgResourceModelSerializer):
return queryset return queryset
class DiscoverAccountActionSerializer(DiscoverAccountSerializer): class DiscoverAccountActionSerializer(serializers.Serializer):
class Meta(DiscoverAccountSerializer.Meta): ids = serializers.ListField(child=serializers.UUIDField(), required=True)
read_only_fields = list(set(DiscoverAccountSerializer.Meta.read_only_fields) - {'status'}) status = serializers.ChoiceField(choices=ConfirmOrIgnore.choices, default=ConfirmOrIgnore.pending, allow_blank=True)
class Meta:
fields = ['ids', 'status']
class DiscoverAccountDetailsSerializer(serializers.Serializer): class DiscoverAccountDetailsSerializer(serializers.Serializer):