fix: 修改用户授权的资产账号

apps/perms/api/user_permission/accounts.py

@@ -1,7 +1,7 @@
 from django.shortcuts import get_object_or_404
 from rest_framework.generics import ListAPIView, get_object_or_404
 
-from common.utils import get_logger
+from common.utils import get_logger, lazyproperty
 from perms import serializers
 from perms.hands import Asset
 from perms.utils import PermAccountUtil
@@ -16,11 +16,8 @@ __all__ = [
 
 class UserGrantedAssetAccountsApi(SelfOrPKUserMixin, ListAPIView):
     serializer_class = serializers.AccountsGrantedSerializer
-    rbac_perms = (
-        ('GET', 'perms.view_userassets'),
-        ('list', 'perms.view_userassets'),
-    )
 
+    @lazyproperty
     def asset(self):
         asset_id = self.kwargs.get('asset_id')
         kwargs = {'id': asset_id, 'is_active': True}

apps/perms/api/user_permission/mixin.py

@@ -2,8 +2,11 @@
 #
 from django.shortcuts import get_object_or_404
 from rest_framework.request import Request
+from django.utils.translation import ugettext_lazy as _
 
 from common.http import is_true
+from common.utils import is_uuid
+from common.exceptions import JMSObjectDoesNotExist
 from common.mixins.api import RoleAdminMixin, RoleUserMixin
 from perms.utils.user_permission import UserGrantedTreeRefreshController
 from rbac.permissions import RBACPermission
@@ -43,6 +46,12 @@ class SelfOrPKUserMixin:
     request: Request
     permission_classes = (RBACPermission,)
 
+    def get_rbac_perms(self):
+        if self.request_user_is_self():
+            return self.self_rbac_perms
+        else:
+            return self.admin_rbac_perms
+
     @property
     def self_rbac_perms(self):
         return (
@@ -61,18 +70,15 @@ class SelfOrPKUserMixin:
             ('GET', 'perms.view_userassets'),
         )
 
-    def get_rbac_perms(self):
-        if self.request_user_is_self():
-            return self.self_rbac_perms
-        else:
-            return self.admin_rbac_perms
-
-    def request_user_is_self(self):
-        return self.kwargs.get('user') in ['my', 'self']
-
     @property
     def user(self):
         if self.request_user_is_self():
-            return self.request.user
+            user = self.request.user
+        elif is_uuid(self.kwargs.get('user')):
+            user = get_object_or_404(User, pk=self.kwargs.get('user'))
         else:
-            return get_object_or_404(User, pk=self.kwargs.get('user'))
+            raise JMSObjectDoesNotExist(object_name=_('User'))
+        return user
+
+    def request_user_is_self(self):
+        return self.kwargs.get('user') in ['my', 'self']

apps/perms/utils/account.py

@@ -9,6 +9,12 @@ __all__ = ['PermAccountUtil']
 class PermAccountUtil(AssetPermissionUtil):
     """ 资产授权账号相关的工具 """
 
+    def get_permed_accounts_for_user(self, user, asset):
+        """ 获取授权给用户某个资产的账号 """
+        perms = self.get_permissions_for_user_asset(user, asset)
+        permed_accounts = self.get_permed_accounts_from_perms(perms, user, asset)
+        return permed_accounts
+
     @staticmethod
     def get_permed_accounts_from_perms(perms, user, asset):
         alias_action_bit_mapper = defaultdict(int)
@@ -55,12 +61,6 @@ class PermAccountUtil(AssetPermissionUtil):
             accounts.append(account)
         return accounts
 
-    def get_permed_accounts_for_user(self, user, asset):
-        """ 获取授权给用户某个资产的账号 """
-        perms = self.get_permissions_for_user_asset(user, asset)
-        permed_accounts = self.get_permed_accounts_from_perms(perms, user, asset)
-        return permed_accounts
-
     @staticmethod
     def get_accounts_for_permission(perm, with_actions=False):
         """ 获取授权规则包含的账号 """