mirror of https://github.com/jumpserver/jumpserver
perf: ticket login asset acl
parent
11636dafd8
commit
3052aa759c
|
@ -26,7 +26,7 @@ class LoginAssetCheckAPI(CreateAPIView):
|
|||
def check_if_need_confirm(self):
|
||||
queries = {
|
||||
'user': self.serializer.user, 'asset': self.serializer.asset,
|
||||
'account': self.serializer.account,
|
||||
'account_username': self.serializer.username,
|
||||
'action': LoginAssetACL.ActionChoices.login_confirm
|
||||
}
|
||||
with tmp_to_org(self.serializer.org):
|
||||
|
@ -45,7 +45,7 @@ class LoginAssetCheckAPI(CreateAPIView):
|
|||
ticket = LoginAssetACL.create_login_asset_confirm_ticket(
|
||||
user=self.serializer.user,
|
||||
asset=self.serializer.asset,
|
||||
account=self.serializer.account,
|
||||
account_username=self.serializer.username,
|
||||
assignees=acl.reviewers.all(),
|
||||
org_id=self.serializer.org.id,
|
||||
)
|
||||
|
|
|
@ -43,11 +43,11 @@ class LoginAssetACL(BaseACL, OrgModelMixin):
|
|||
return self.name
|
||||
|
||||
@classmethod
|
||||
def filter(cls, user, asset, account, action):
|
||||
def filter(cls, user, asset, account_username, action):
|
||||
queryset = cls.objects.filter(action=action)
|
||||
queryset = cls.filter_user(user, queryset)
|
||||
queryset = cls.filter_asset(asset, queryset)
|
||||
queryset = cls.filter_account(account, queryset)
|
||||
queryset = cls.filter_account(account_username, queryset)
|
||||
return queryset
|
||||
|
||||
@classmethod
|
||||
|
@ -69,18 +69,18 @@ class LoginAssetACL(BaseACL, OrgModelMixin):
|
|||
return queryset
|
||||
|
||||
@classmethod
|
||||
def filter_account(cls, account, queryset):
|
||||
def filter_account(cls, account_username, queryset):
|
||||
queryset = queryset.filter(
|
||||
Q(accounts__name_group__contains=account.name) |
|
||||
Q(accounts__name_group__contains=account_username) |
|
||||
Q(accounts__name_group__contains='*')
|
||||
).filter(
|
||||
Q(accounts__username_group__contains=account.username) |
|
||||
Q(accounts__username_group__contains=account_username) |
|
||||
Q(accounts__username_group__contains='*')
|
||||
)
|
||||
return queryset
|
||||
|
||||
@classmethod
|
||||
def create_login_asset_confirm_ticket(cls, user, asset, account, assignees, org_id):
|
||||
def create_login_asset_confirm_ticket(cls, user, asset, account_username, assignees, org_id):
|
||||
from tickets.const import TicketType
|
||||
from tickets.models import ApplyLoginAssetTicket
|
||||
title = _('Login asset confirm') + ' ({})'.format(user)
|
||||
|
@ -90,7 +90,7 @@ class LoginAssetACL(BaseACL, OrgModelMixin):
|
|||
'applicant': user,
|
||||
'apply_login_user': user,
|
||||
'apply_login_asset': asset,
|
||||
'apply_login_account': str(account),
|
||||
'apply_login_account': account_username,
|
||||
'type': TicketType.login_asset_confirm,
|
||||
}
|
||||
ticket = ApplyLoginAssetTicket.objects.create(**data)
|
||||
|
|
|
@ -10,15 +10,13 @@ __all__ = ['LoginAssetCheckSerializer']
|
|||
class LoginAssetCheckSerializer(serializers.Serializer):
|
||||
user_id = serializers.UUIDField(required=True, allow_null=False)
|
||||
asset_id = serializers.UUIDField(required=True, allow_null=False)
|
||||
account_id = serializers.UUIDField(required=True, allow_null=False)
|
||||
account_username = serializers.CharField(max_length=128, default='')
|
||||
|
||||
def __init__(self, *args, **kwargs):
|
||||
super().__init__(*args, **kwargs)
|
||||
self.user = None
|
||||
self.asset = None
|
||||
self.account = None
|
||||
self._account_username = None
|
||||
self.username = None
|
||||
|
||||
def validate_user_id(self, user_id):
|
||||
self.user = self.validate_object_exist(User, user_id)
|
||||
|
@ -28,10 +26,6 @@ class LoginAssetCheckSerializer(serializers.Serializer):
|
|||
self.asset = self.validate_object_exist(Asset, asset_id)
|
||||
return asset_id
|
||||
|
||||
def validate_account_id(self, account_id):
|
||||
self.account = self.validate_object_exist(Account, account_id)
|
||||
return account_id
|
||||
|
||||
@staticmethod
|
||||
def validate_object_exist(model, field_id):
|
||||
with tmp_to_root_org():
|
||||
|
@ -41,6 +35,17 @@ class LoginAssetCheckSerializer(serializers.Serializer):
|
|||
raise serializers.ValidationError(error)
|
||||
return obj
|
||||
|
||||
def validate_account_username(self, account_username):
|
||||
asset_id = self.initial_data.get('asset_id')
|
||||
account = Account.objects.filter(
|
||||
username=account_username, asset_id=asset_id
|
||||
).first()
|
||||
if not account:
|
||||
error = 'Account username does not exist'
|
||||
raise serializers.ValidationError(error)
|
||||
self.username = account_username
|
||||
return account_username
|
||||
|
||||
@lazyproperty
|
||||
def org(self):
|
||||
return self.asset.org
|
||||
|
|
Loading…
Reference in New Issue