github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

perf: update get permed account

pull/15101/head
ibuler 2025-03-21 19:21:33 +08:00 committed by 老广
parent e3ba468004
commit 5411f65546
2 changed files with 12 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
apps/authentication/api/connection_token.py
View File

@ -443,8 +443,7 @@ class ConnectionTokenViewSet(AuthFaceMixin, ExtraActionApiMixin, RootOrgViewMixi
@staticmethod @staticmethod
def get_permed_account(user, asset, account_name, protocol): def get_permed_account(user, asset, account_name, protocol):
from perms.utils.asset_perm import PermAssetDetailUtil return ConnectionToken.get_user_permed_account(user, asset, account_name, protocol)
return PermAssetDetailUtil(user, asset).validate_permission(account_name, protocol)
def _validate_perm(self, user, asset, account_name, protocol): def _validate_perm(self, user, asset, account_name, protocol):
account = self.get_permed_account(user, asset, account_name, protocol) account = self.get_permed_account(user, asset, account_name, protocol)
@ -683,13 +682,4 @@ class AdminConnectionTokenViewSet(ConnectionTokenViewSet):
return AdminConnectionToken.objects.all().filter(user=self.request.user) return AdminConnectionToken.objects.all().filter(user=self.request.user)
def get_permed_account(self, user, asset, account_name, protocol): def get_permed_account(self, user, asset, account_name, protocol):
""" return AdminConnectionToken.get_user_permed_account(user, asset, account_name, protocol)
管理员 token 可以访问所有资产的账号
"""
with tmp_to_org(asset.org):
account = asset.accounts.all().active().filter(name=account_name).first()
if not account:
return None
account.actions = ActionChoices.all()
account.date_expired = timezone.now() + timezone.timedelta(days=365)
return account

15
apps/authentication/models/connection_token.py
View File

@ -124,12 +124,16 @@ class ConnectionToken(JMSOrgBaseModel):
self.date_expired = date_expired_default() self.date_expired = date_expired_default()
self.save() self.save()
def get_permed_account(self): @classmethod
def get_user_permed_account(cls, user, asset, account_name, protocol):
from perms.utils import PermAssetDetailUtil from perms.utils import PermAssetDetailUtil
permed_account = PermAssetDetailUtil(self.user, self.asset) \ permed_account = PermAssetDetailUtil(user, asset) \
.validate_permission(self.account, self.protocol) .validate_permission(account_name, protocol)
return permed_account return permed_account
def get_permed_account(self):
return self.get_user_permed_account(self.user, self.asset, self.account, self.protocol)
@lazyproperty @lazyproperty
def permed_account(self): def permed_account(self):
return self.get_permed_account() return self.get_permed_account()
@ -335,8 +339,9 @@ class AdminConnectionToken(ConnectionToken):
def is_valid(self): def is_valid(self):
return super().is_valid() return super().is_valid()
def get_permed_account(self): @classmethod
account = self.asset.accounts.filter(name=self.account).first() def get_user_permed_account(cls, user, asset, account_name, protocol):
account = asset.accounts.filter(name=cls.account).first()
if not account: if not account:
return None return None
account.actions = ActionChoices.all() account.actions = ActionChoices.all()