From 3052aa759c98e3a180bb9a022323d8b087817724 Mon Sep 17 00:00:00 2001
From: feng <1304903146@qq.com>
Date: Mon, 28 Nov 2022 21:54:20 +0800
Subject: [PATCH] perf: ticket login asset acl

---
 apps/acls/api/login_asset_check.py         |  4 ++--
 apps/acls/models/login_asset_acl.py        | 14 +++++++-------
 apps/acls/serializers/login_asset_check.py | 19 ++++++++++++-------
 3 files changed, 21 insertions(+), 16 deletions(-)

diff --git a/apps/acls/api/login_asset_check.py b/apps/acls/api/login_asset_check.py
index bedf78d41..331c42768 100644
--- a/apps/acls/api/login_asset_check.py
+++ b/apps/acls/api/login_asset_check.py
@@ -26,7 +26,7 @@ class LoginAssetCheckAPI(CreateAPIView):
     def check_if_need_confirm(self):
         queries = {
             'user': self.serializer.user, 'asset': self.serializer.asset,
-            'account': self.serializer.account,
+            'account_username': self.serializer.username,
             'action': LoginAssetACL.ActionChoices.login_confirm
         }
         with tmp_to_org(self.serializer.org):
@@ -45,7 +45,7 @@ class LoginAssetCheckAPI(CreateAPIView):
         ticket = LoginAssetACL.create_login_asset_confirm_ticket(
             user=self.serializer.user,
             asset=self.serializer.asset,
-            account=self.serializer.account,
+            account_username=self.serializer.username,
             assignees=acl.reviewers.all(),
             org_id=self.serializer.org.id,
         )
diff --git a/apps/acls/models/login_asset_acl.py b/apps/acls/models/login_asset_acl.py
index 2ad9363e5..b01e4aed1 100644
--- a/apps/acls/models/login_asset_acl.py
+++ b/apps/acls/models/login_asset_acl.py
@@ -43,11 +43,11 @@ class LoginAssetACL(BaseACL, OrgModelMixin):
         return self.name
 
     @classmethod
-    def filter(cls, user, asset, account, action):
+    def filter(cls, user, asset, account_username, action):
         queryset = cls.objects.filter(action=action)
         queryset = cls.filter_user(user, queryset)
         queryset = cls.filter_asset(asset, queryset)
-        queryset = cls.filter_account(account, queryset)
+        queryset = cls.filter_account(account_username, queryset)
         return queryset
 
     @classmethod
@@ -69,18 +69,18 @@ class LoginAssetACL(BaseACL, OrgModelMixin):
         return queryset
 
     @classmethod
-    def filter_account(cls, account, queryset):
+    def filter_account(cls, account_username, queryset):
         queryset = queryset.filter(
-            Q(accounts__name_group__contains=account.name) |
+            Q(accounts__name_group__contains=account_username) |
             Q(accounts__name_group__contains='*')
         ).filter(
-            Q(accounts__username_group__contains=account.username) |
+            Q(accounts__username_group__contains=account_username) |
             Q(accounts__username_group__contains='*')
         )
         return queryset
 
     @classmethod
-    def create_login_asset_confirm_ticket(cls, user, asset, account, assignees, org_id):
+    def create_login_asset_confirm_ticket(cls, user, asset, account_username, assignees, org_id):
         from tickets.const import TicketType
         from tickets.models import ApplyLoginAssetTicket
         title = _('Login asset confirm') + ' ({})'.format(user)
@@ -90,7 +90,7 @@ class LoginAssetACL(BaseACL, OrgModelMixin):
             'applicant': user,
             'apply_login_user': user,
             'apply_login_asset': asset,
-            'apply_login_account': str(account),
+            'apply_login_account': account_username,
             'type': TicketType.login_asset_confirm,
         }
         ticket = ApplyLoginAssetTicket.objects.create(**data)
diff --git a/apps/acls/serializers/login_asset_check.py b/apps/acls/serializers/login_asset_check.py
index 2240cb8d6..279feb3b6 100644
--- a/apps/acls/serializers/login_asset_check.py
+++ b/apps/acls/serializers/login_asset_check.py
@@ -10,15 +10,13 @@ __all__ = ['LoginAssetCheckSerializer']
 class LoginAssetCheckSerializer(serializers.Serializer):
     user_id = serializers.UUIDField(required=True, allow_null=False)
     asset_id = serializers.UUIDField(required=True, allow_null=False)
-    account_id = serializers.UUIDField(required=True, allow_null=False)
     account_username = serializers.CharField(max_length=128, default='')
 
     def __init__(self, *args, **kwargs):
         super().__init__(*args, **kwargs)
         self.user = None
         self.asset = None
-        self.account = None
-        self._account_username = None
+        self.username = None
 
     def validate_user_id(self, user_id):
         self.user = self.validate_object_exist(User, user_id)
@@ -28,10 +26,6 @@ class LoginAssetCheckSerializer(serializers.Serializer):
         self.asset = self.validate_object_exist(Asset, asset_id)
         return asset_id
 
-    def validate_account_id(self, account_id):
-        self.account = self.validate_object_exist(Account, account_id)
-        return account_id
-
     @staticmethod
     def validate_object_exist(model, field_id):
         with tmp_to_root_org():
@@ -41,6 +35,17 @@ class LoginAssetCheckSerializer(serializers.Serializer):
             raise serializers.ValidationError(error)
         return obj
 
+    def validate_account_username(self, account_username):
+        asset_id = self.initial_data.get('asset_id')
+        account = Account.objects.filter(
+            username=account_username, asset_id=asset_id
+        ).first()
+        if not account:
+            error = 'Account username does not exist'
+            raise serializers.ValidationError(error)
+        self.username = account_username
+        return account_username
+
     @lazyproperty
     def org(self):
         return self.asset.org