github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

perf: ticket login asset acl

pull/9129/head
feng 2022-11-28 21:54:20 +08:00
parent 11636dafd8
commit 3052aa759c
3 changed files with 21 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
apps/acls/api/login_asset_check.py
View File

@ -26,7 +26,7 @@ class LoginAssetCheckAPI(CreateAPIView):
def check_if_need_confirm(self): def check_if_need_confirm(self):
queries = { queries = {
'user': self.serializer.user, 'asset': self.serializer.asset, 'user': self.serializer.user, 'asset': self.serializer.asset,
'account': self.serializer.account, 'account_username': self.serializer.username,
'action': LoginAssetACL.ActionChoices.login_confirm 'action': LoginAssetACL.ActionChoices.login_confirm
} }
with tmp_to_org(self.serializer.org): with tmp_to_org(self.serializer.org):
@ -45,7 +45,7 @@ class LoginAssetCheckAPI(CreateAPIView):
ticket = LoginAssetACL.create_login_asset_confirm_ticket( ticket = LoginAssetACL.create_login_asset_confirm_ticket(
user=self.serializer.user, user=self.serializer.user,
asset=self.serializer.asset, asset=self.serializer.asset,
account=self.serializer.account, account_username=self.serializer.username,
assignees=acl.reviewers.all(), assignees=acl.reviewers.all(),
org_id=self.serializer.org.id, org_id=self.serializer.org.id,
) )

14
apps/acls/models/login_asset_acl.py
View File

@ -43,11 +43,11 @@ class LoginAssetACL(BaseACL, OrgModelMixin):
return self.name return self.name
@classmethod @classmethod
def filter(cls, user, asset, account, action): def filter(cls, user, asset, account_username, action):
queryset = cls.objects.filter(action=action) queryset = cls.objects.filter(action=action)
queryset = cls.filter_user(user, queryset) queryset = cls.filter_user(user, queryset)
queryset = cls.filter_asset(asset, queryset) queryset = cls.filter_asset(asset, queryset)
queryset = cls.filter_account(account, queryset) queryset = cls.filter_account(account_username, queryset)
return queryset return queryset
@classmethod @classmethod
@ -69,18 +69,18 @@ class LoginAssetACL(BaseACL, OrgModelMixin):
return queryset return queryset
@classmethod @classmethod
def filter_account(cls, account, queryset): def filter_account(cls, account_username, queryset):
queryset = queryset.filter( queryset = queryset.filter(
Q(accounts__name_group__contains=account.name) | Q(accounts__name_group__contains=account_username) |
Q(accounts__name_group__contains='*') Q(accounts__name_group__contains='*')
).filter( ).filter(
Q(accounts__username_group__contains=account.username) | Q(accounts__username_group__contains=account_username) |
Q(accounts__username_group__contains='*') Q(accounts__username_group__contains='*')
) )
return queryset return queryset
@classmethod @classmethod
def create_login_asset_confirm_ticket(cls, user, asset, account, assignees, org_id): def create_login_asset_confirm_ticket(cls, user, asset, account_username, assignees, org_id):
from tickets.const import TicketType from tickets.const import TicketType
from tickets.models import ApplyLoginAssetTicket from tickets.models import ApplyLoginAssetTicket
title = _('Login asset confirm') + ' ({})'.format(user) title = _('Login asset confirm') + ' ({})'.format(user)
@ -90,7 +90,7 @@ class LoginAssetACL(BaseACL, OrgModelMixin):
'applicant': user, 'applicant': user,
'apply_login_user': user, 'apply_login_user': user,
'apply_login_asset': asset, 'apply_login_asset': asset,
'apply_login_account': str(account), 'apply_login_account': account_username,
'type': TicketType.login_asset_confirm, 'type': TicketType.login_asset_confirm,
} }
ticket = ApplyLoginAssetTicket.objects.create(**data) ticket = ApplyLoginAssetTicket.objects.create(**data)

19
apps/acls/serializers/login_asset_check.py
View File

@ -10,15 +10,13 @@ __all__ = ['LoginAssetCheckSerializer']
class LoginAssetCheckSerializer(serializers.Serializer): class LoginAssetCheckSerializer(serializers.Serializer):
user_id = serializers.UUIDField(required=True, allow_null=False) user_id = serializers.UUIDField(required=True, allow_null=False)
asset_id = serializers.UUIDField(required=True, allow_null=False) asset_id = serializers.UUIDField(required=True, allow_null=False)
account_id = serializers.UUIDField(required=True, allow_null=False)
account_username = serializers.CharField(max_length=128, default='') account_username = serializers.CharField(max_length=128, default='')
def __init__(self, *args, **kwargs): def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs) super().__init__(*args, **kwargs)
self.user = None self.user = None
self.asset = None self.asset = None
self.account = None self.username = None
self._account_username = None
def validate_user_id(self, user_id): def validate_user_id(self, user_id):
self.user = self.validate_object_exist(User, user_id) self.user = self.validate_object_exist(User, user_id)
@ -28,10 +26,6 @@ class LoginAssetCheckSerializer(serializers.Serializer):
self.asset = self.validate_object_exist(Asset, asset_id) self.asset = self.validate_object_exist(Asset, asset_id)
return asset_id return asset_id
def validate_account_id(self, account_id):
self.account = self.validate_object_exist(Account, account_id)
return account_id
@staticmethod @staticmethod
def validate_object_exist(model, field_id): def validate_object_exist(model, field_id):
with tmp_to_root_org(): with tmp_to_root_org():
@ -41,6 +35,17 @@ class LoginAssetCheckSerializer(serializers.Serializer):
raise serializers.ValidationError(error) raise serializers.ValidationError(error)
return obj return obj
def validate_account_username(self, account_username):
asset_id = self.initial_data.get('asset_id')
account = Account.objects.filter(
username=account_username, asset_id=asset_id
).first()
if not account:
error = 'Account username does not exist'
raise serializers.ValidationError(error)
self.username = account_username
return account_username
@lazyproperty @lazyproperty
def org(self): def org(self):
return self.asset.org return self.asset.org