perf: ticket login asset acl

pull/9129/head
feng 2022-11-28 21:54:20 +08:00
parent 11636dafd8
commit 3052aa759c
3 changed files with 21 additions and 16 deletions

View File

@ -26,7 +26,7 @@ class LoginAssetCheckAPI(CreateAPIView):
def check_if_need_confirm(self):
queries = {
'user': self.serializer.user, 'asset': self.serializer.asset,
'account': self.serializer.account,
'account_username': self.serializer.username,
'action': LoginAssetACL.ActionChoices.login_confirm
}
with tmp_to_org(self.serializer.org):
@ -45,7 +45,7 @@ class LoginAssetCheckAPI(CreateAPIView):
ticket = LoginAssetACL.create_login_asset_confirm_ticket(
user=self.serializer.user,
asset=self.serializer.asset,
account=self.serializer.account,
account_username=self.serializer.username,
assignees=acl.reviewers.all(),
org_id=self.serializer.org.id,
)

View File

@ -43,11 +43,11 @@ class LoginAssetACL(BaseACL, OrgModelMixin):
return self.name
@classmethod
def filter(cls, user, asset, account, action):
def filter(cls, user, asset, account_username, action):
queryset = cls.objects.filter(action=action)
queryset = cls.filter_user(user, queryset)
queryset = cls.filter_asset(asset, queryset)
queryset = cls.filter_account(account, queryset)
queryset = cls.filter_account(account_username, queryset)
return queryset
@classmethod
@ -69,18 +69,18 @@ class LoginAssetACL(BaseACL, OrgModelMixin):
return queryset
@classmethod
def filter_account(cls, account, queryset):
def filter_account(cls, account_username, queryset):
queryset = queryset.filter(
Q(accounts__name_group__contains=account.name) |
Q(accounts__name_group__contains=account_username) |
Q(accounts__name_group__contains='*')
).filter(
Q(accounts__username_group__contains=account.username) |
Q(accounts__username_group__contains=account_username) |
Q(accounts__username_group__contains='*')
)
return queryset
@classmethod
def create_login_asset_confirm_ticket(cls, user, asset, account, assignees, org_id):
def create_login_asset_confirm_ticket(cls, user, asset, account_username, assignees, org_id):
from tickets.const import TicketType
from tickets.models import ApplyLoginAssetTicket
title = _('Login asset confirm') + ' ({})'.format(user)
@ -90,7 +90,7 @@ class LoginAssetACL(BaseACL, OrgModelMixin):
'applicant': user,
'apply_login_user': user,
'apply_login_asset': asset,
'apply_login_account': str(account),
'apply_login_account': account_username,
'type': TicketType.login_asset_confirm,
}
ticket = ApplyLoginAssetTicket.objects.create(**data)

View File

@ -10,15 +10,13 @@ __all__ = ['LoginAssetCheckSerializer']
class LoginAssetCheckSerializer(serializers.Serializer):
user_id = serializers.UUIDField(required=True, allow_null=False)
asset_id = serializers.UUIDField(required=True, allow_null=False)
account_id = serializers.UUIDField(required=True, allow_null=False)
account_username = serializers.CharField(max_length=128, default='')
def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs)
self.user = None
self.asset = None
self.account = None
self._account_username = None
self.username = None
def validate_user_id(self, user_id):
self.user = self.validate_object_exist(User, user_id)
@ -28,10 +26,6 @@ class LoginAssetCheckSerializer(serializers.Serializer):
self.asset = self.validate_object_exist(Asset, asset_id)
return asset_id
def validate_account_id(self, account_id):
self.account = self.validate_object_exist(Account, account_id)
return account_id
@staticmethod
def validate_object_exist(model, field_id):
with tmp_to_root_org():
@ -41,6 +35,17 @@ class LoginAssetCheckSerializer(serializers.Serializer):
raise serializers.ValidationError(error)
return obj
def validate_account_username(self, account_username):
asset_id = self.initial_data.get('asset_id')
account = Account.objects.filter(
username=account_username, asset_id=asset_id
).first()
if not account:
error = 'Account username does not exist'
raise serializers.ValidationError(error)
self.username = account_username
return account_username
@lazyproperty
def org(self):
return self.asset.org