mirror of https://github.com/jumpserver/jumpserver
perf: 处理 acl 后台 check 逻辑
Bai
parent
25b9739ce3
commit
2dea891b15
|
|
@ -20,34 +20,41 @@ class LoginAssetCheckAPI(CreateAPIView):
|
||||||
return LoginAssetACL.objects.all()
|
return LoginAssetACL.objects.all()
|
||||||
|
|
||||||
def create(self, request, *args, **kwargs):
|
def create(self, request, *args, **kwargs):
|
||||||
is_need_confirm, response_data = self.check_if_need_confirm()
|
data = self.check_confirm()
|
||||||
return Response(data=response_data, status=200)
|
return Response(data=data, status=200)
|
||||||
|
|
||||||
def check_if_need_confirm(self):
|
@lazyproperty
|
||||||
|
def serializer(self):
|
||||||
|
serializer = self.get_serializer(data=self.request.data)
|
||||||
|
serializer.is_valid(raise_exception=True)
|
||||||
|
return serializer
|
||||||
|
|
||||||
|
def check_confirm(self):
|
||||||
queries = {
|
queries = {
|
||||||
'user': self.serializer.user, 'asset': self.serializer.asset,
|
'user': self.serializer.user,
|
||||||
'account_username': self.serializer.username,
|
'asset': self.serializer.asset,
|
||||||
|
'account_username': self.serializer.account_username,
|
||||||
'action': LoginAssetACL.ActionChoices.login_confirm
|
'action': LoginAssetACL.ActionChoices.login_confirm
|
||||||
}
|
}
|
||||||
with tmp_to_org(self.serializer.org):
|
with tmp_to_org(self.serializer.asset.org):
|
||||||
acl = LoginAssetACL.filter(**queries).valid().first()
|
acl = LoginAssetACL.filter(**queries).valid().first()
|
||||||
|
|
||||||
if not acl:
|
if acl:
|
||||||
is_need_confirm = False
|
need_confirm = True
|
||||||
response_data = {}
|
|
||||||
else:
|
|
||||||
is_need_confirm = True
|
|
||||||
response_data = self._get_response_data_of_need_confirm(acl)
|
response_data = self._get_response_data_of_need_confirm(acl)
|
||||||
response_data['need_confirm'] = is_need_confirm
|
else:
|
||||||
return is_need_confirm, response_data
|
need_confirm = False
|
||||||
|
response_data = {}
|
||||||
|
response_data['need_confirm'] = need_confirm
|
||||||
|
return response_data
|
||||||
|
|
||||||
def _get_response_data_of_need_confirm(self, acl):
|
def _get_response_data_of_need_confirm(self, acl) -> dict:
|
||||||
ticket = LoginAssetACL.create_login_asset_confirm_ticket(
|
ticket = LoginAssetACL.create_login_asset_confirm_ticket(
|
||||||
user=self.serializer.user,
|
user=self.serializer.user,
|
||||||
asset=self.serializer.asset,
|
asset=self.serializer.asset,
|
||||||
account_username=self.serializer.username,
|
account_username=self.serializer.account_username,
|
||||||
assignees=acl.reviewers.all(),
|
assignees=acl.reviewers.all(),
|
||||||
org_id=self.serializer.org.id,
|
org_id=self.serializer.asset.org.id,
|
||||||
)
|
)
|
||||||
confirm_status_url = reverse(
|
confirm_status_url = reverse(
|
||||||
view_name='api-tickets:super-ticket-status',
|
view_name='api-tickets:super-ticket-status',
|
||||||
|
|
@ -68,10 +75,3 @@ class LoginAssetCheckAPI(CreateAPIView):
|
||||||
'ticket_id': str(ticket.id)
|
'ticket_id': str(ticket.id)
|
||||||
}
|
}
|
||||||
return data
|
return data
|
||||||
|
|
||||||
@lazyproperty
|
|
||||||
def serializer(self):
|
|
||||||
serializer = self.get_serializer(data=self.request.data)
|
|
||||||
serializer.is_valid(raise_exception=True)
|
|
||||||
return serializer
|
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -16,34 +16,20 @@ class LoginAssetCheckSerializer(serializers.Serializer):
|
||||||
super().__init__(*args, **kwargs)
|
super().__init__(*args, **kwargs)
|
||||||
self.user = None
|
self.user = None
|
||||||
self.asset = None
|
self.asset = None
|
||||||
self.username = None
|
|
||||||
|
|
||||||
def validate_user_id(self, user_id):
|
def validate_user_id(self, user_id):
|
||||||
self.user = self.validate_object_exist(User, user_id)
|
self.user = self.get_object(User, user_id)
|
||||||
return user_id
|
return user_id
|
||||||
|
|
||||||
def validate_asset_id(self, asset_id):
|
def validate_asset_id(self, asset_id):
|
||||||
self.asset = self.validate_object_exist(Asset, asset_id)
|
self.asset = self.get_object(Asset, asset_id)
|
||||||
return asset_id
|
return asset_id
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def validate_object_exist(model, field_id):
|
def get_object(model, pk):
|
||||||
with tmp_to_root_org():
|
with tmp_to_root_org():
|
||||||
obj = get_object_or_none(model, pk=field_id)
|
obj = get_object_or_none(model, pk=pk)
|
||||||
if not obj:
|
if obj:
|
||||||
error = '{} Model object does not exist'.format(model.__name__)
|
return obj
|
||||||
raise serializers.ValidationError(error)
|
error = '{} Model object does not exist'.format(model.__name__)
|
||||||
return obj
|
raise serializers.ValidationError(error)
|
||||||
|
|
||||||
def validate_account_username(self, account_username):
|
|
||||||
asset_id = self.initial_data.get('asset_id')
|
|
||||||
account = Account.objects.filter(username=account_username, asset_id=asset_id).first()
|
|
||||||
if not account:
|
|
||||||
error = 'Account username does not exist'
|
|
||||||
raise serializers.ValidationError(error)
|
|
||||||
self.username = account_username
|
|
||||||
return account_username
|
|
||||||
|
|
||||||
@lazyproperty
|
|
||||||
def org(self):
|
|
||||||
return self.asset.org
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue