github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

perf: 处理 acl 后台 check 逻辑

pull/9134/head
Bai 2022-11-30 17:11:36 +08:00
parent 25b9739ce3
commit 2dea891b15
2 changed files with 31 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
apps/acls/api/login_asset_check.py
View File

@ -20,34 +20,41 @@ class LoginAssetCheckAPI(CreateAPIView):
return LoginAssetACL.objects.all()
def create(self, request, *args, **kwargs):
is_need_confirm, response_data = self.check_if_need_confirm()
return Response(data=response_data, status=200)
data = self.check_confirm()
return Response(data=data, status=200)
def check_if_need_confirm(self):
@lazyproperty
def serializer(self):
serializer = self.get_serializer(data=self.request.data)
serializer.is_valid(raise_exception=True)
return serializer
def check_confirm(self):
queries = {
'user': self.serializer.user, 'asset': self.serializer.asset,
'account_username': self.serializer.username,
'user': self.serializer.user,
'asset': self.serializer.asset,
'account_username': self.serializer.account_username,
'action': LoginAssetACL.ActionChoices.login_confirm
}
with tmp_to_org(self.serializer.org):
with tmp_to_org(self.serializer.asset.org):
acl = LoginAssetACL.filter(**queries).valid().first()
if not acl:
is_need_confirm = False
response_data = {}
else:
is_need_confirm = True
if acl:
need_confirm = True
response_data = self._get_response_data_of_need_confirm(acl)
response_data['need_confirm'] = is_need_confirm
return is_need_confirm, response_data
else:
need_confirm = False
response_data = {}
response_data['need_confirm'] = need_confirm
return response_data
def _get_response_data_of_need_confirm(self, acl):
def _get_response_data_of_need_confirm(self, acl) -> dict:
ticket = LoginAssetACL.create_login_asset_confirm_ticket(
user=self.serializer.user,
asset=self.serializer.asset,
account_username=self.serializer.username,
account_username=self.serializer.account_username,
assignees=acl.reviewers.all(),
org_id=self.serializer.org.id,
org_id=self.serializer.asset.org.id,
)
confirm_status_url = reverse(
view_name='api-tickets:super-ticket-status',
@ -68,10 +75,3 @@ class LoginAssetCheckAPI(CreateAPIView):
'ticket_id': str(ticket.id)
}
return data
@lazyproperty
def serializer(self):
serializer = self.get_serializer(data=self.request.data)
serializer.is_valid(raise_exception=True)
return serializer

30
apps/acls/serializers/login_asset_check.py
View File

@ -16,34 +16,20 @@ class LoginAssetCheckSerializer(serializers.Serializer):
super().__init__(*args, **kwargs)
self.user = None
self.asset = None
self.username = None
def validate_user_id(self, user_id):
self.user = self.validate_object_exist(User, user_id)
self.user = self.get_object(User, user_id)
return user_id
def validate_asset_id(self, asset_id):
self.asset = self.validate_object_exist(Asset, asset_id)
self.asset = self.get_object(Asset, asset_id)
return asset_id
@staticmethod
def validate_object_exist(model, field_id):
def get_object(model, pk):
with tmp_to_root_org():
obj = get_object_or_none(model, pk=field_id)
if not obj:
error = '{} Model object does not exist'.format(model.__name__)
raise serializers.ValidationError(error)
return obj
def validate_account_username(self, account_username):
asset_id = self.initial_data.get('asset_id')
account = Account.objects.filter(username=account_username, asset_id=asset_id).first()
if not account:
error = 'Account username does not exist'
raise serializers.ValidationError(error)
self.username = account_username
return account_username
@lazyproperty
def org(self):
return self.asset.org
obj = get_object_or_none(model, pk=pk)
if obj:
return obj
error = '{} Model object does not exist'.format(model.__name__)
raise serializers.ValidationError(error)