From 42b4e7697d1941075b9393576b0b4f2b927c0b91 Mon Sep 17 00:00:00 2001
From: fit2bot <68588906+fit2bot@users.noreply.github.com>
Date: Sat, 7 Oct 2023 15:50:28 +0800
Subject: [PATCH] =?UTF-8?q?feat:=20=E8=B5=84=E4=BA=A7=E7=99=BB=E5=BD=95acl?=
 =?UTF-8?q?=E5=8A=A8=E4=BD=9C=E5=A2=9E=E5=8A=A0=E6=93=8D=E4=BD=9C=E6=97=A5?=
 =?UTF-8?q?=E5=BF=97=20(#11741)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: feng <1304903146@qq.com>
---
 apps/audits/backends/db.py                  |  2 +-
 apps/audits/const.py                        |  4 ++++
 apps/authentication/api/connection_token.py | 15 ++++++++++++++-
 3 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/apps/audits/backends/db.py b/apps/audits/backends/db.py
index ac589931d..bb2e241c1 100644
--- a/apps/audits/backends/db.py
+++ b/apps/audits/backends/db.py
@@ -58,7 +58,7 @@ class OperateLogStore(object):
         return diff_list
 
     def save(self, **kwargs):
-        log_id = kwargs.get('id', '')
+        log_id = kwargs.get('id')
         before = kwargs.pop('before') or {}
         after = kwargs.pop('after') or {}
 
diff --git a/apps/audits/const.py b/apps/audits/const.py
index 44d3a556f..77a76c804 100644
--- a/apps/audits/const.py
+++ b/apps/audits/const.py
@@ -29,6 +29,10 @@ class ActionChoices(TextChoices):
     connect = "connect", _("Connect")
     login = "login", _("Login")
     change_auth = "change_password", _("Change password")
+    # acls action
+    reject = 'reject', _('Reject')
+    accept = 'accept', _('Accept')
+    review = 'review', _('Review')
 
 
 class LoginTypeChoices(TextChoices):
diff --git a/apps/authentication/api/connection_token.py b/apps/authentication/api/connection_token.py
index 955ca4028..2c1b0d0f1 100644
--- a/apps/authentication/api/connection_token.py
+++ b/apps/authentication/api/connection_token.py
@@ -374,6 +374,17 @@ class ConnectionTokenViewSet(ExtraActionApiMixin, RootOrgViewMixin, JMSModelView
             raise JMSException(code='perm_expired', detail=msg)
         return account
 
+    @staticmethod
+    def _record_operate_log(acl, asset):
+        from audits.handler import create_or_update_operate_log
+        after = {str(_('Assets')): str(asset)}
+        object_name = acl._meta.object_name
+        resource_type = acl._meta.verbose_name
+        create_or_update_operate_log(
+            acl.action, resource_type, resource=acl,
+            after=after, object_name=object_name
+        )
+
     def _validate_acl(self, user, asset, account):
         from acls.models import LoginAssetACL
         acls = LoginAssetACL.filter_queryset(user=user, asset=asset, account=account)
@@ -382,15 +393,17 @@ class ConnectionTokenViewSet(ExtraActionApiMixin, RootOrgViewMixin, JMSModelView
         if not acl:
             return
         if acl.is_action(acl.ActionChoices.accept):
+            self._record_operate_log(acl, asset)
             return
         if acl.is_action(acl.ActionChoices.reject):
+            self._record_operate_log(acl, asset)
             msg = _('ACL action is reject: {}({})'.format(acl.name, acl.id))
             raise JMSException(code='acl_reject', detail=msg)
         if acl.is_action(acl.ActionChoices.review):
             if not self.request.query_params.get('create_ticket'):
                 msg = _('ACL action is review')
                 raise JMSException(code='acl_review', detail=msg)
-
+            self._record_operate_log(acl, asset)
             ticket = LoginAssetACL.create_login_asset_review_ticket(
                 user=user, asset=asset, account_username=account.username,
                 assignees=acl.reviewers.all(), org_id=asset.org_id