login asset acl

2022-09-01 10:37:22 +08:00 · 2022-09-01 10:37:22 +08:00 · 94f898b55d
parent 60eb385c1e
commit 94f898b55d
5 changed files with 53 additions and 57 deletions
--- a/apps/acls/api/login_asset_check.py
+++ b/apps/acls/api/login_asset_check.py
@ -26,7 +26,7 @@ class LoginAssetCheckAPI(CreateAPIView):
    def check_if_need_confirm(self):
        queries = {
            'user': self.serializer.user, 'asset': self.serializer.asset,
-            'system_user': self.serializer.system_user,
+            'account': self.serializer.account,
            'action': LoginAssetACL.ActionChoices.login_confirm
        }
        with tmp_to_org(self.serializer.org):
@ -45,7 +45,7 @@ class LoginAssetCheckAPI(CreateAPIView):
        ticket = LoginAssetACL.create_login_asset_confirm_ticket(
            user=self.serializer.user,
            asset=self.serializer.asset,
-            system_user=self.serializer.system_user,
+            account=self.serializer.account,
            assignees=acl.reviewers.all(),
            org_id=self.serializer.org.id,
        )
--- a/apps/acls/migrations/0004_auto_20220831_1658.py
+++ b/apps/acls/migrations/0004_auto_20220831_1658.py
@ -0,0 +1,33 @@
+# Generated by Django 3.2.13 on 2022-08-31 08:58
+
+from django.db import migrations, models
+
+
+def migrate_system_users_to_accounts(apps, schema_editor):
+    login_asset_acl_model = apps.get_model('acls', 'LoginAssetACL')
+    qs = login_asset_acl_model.objects.all()
+    login_asset_acls = []
+    for instance in qs:
+        instance.accounts = instance.system_users
+        login_asset_acls.append(instance)
+    login_asset_acl_model.objects.bulk_update(login_asset_acls, ['accounts'])
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ('acls', '0003_auto_20211130_1037'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='loginassetacl',
+            name='accounts',
+            field=models.JSONField(default=dict, verbose_name='Account'),
+        ),
+        migrations.RunPython(migrate_system_users_to_accounts),
+        migrations.RemoveField(
+            model_name='loginassetacl',
+            name='system_users',
+        ),
+
+    ]
--- a/apps/acls/models/login_asset_acl.py
+++ b/apps/acls/models/login_asset_acl.py
@ -18,7 +18,7 @@ class LoginAssetACL(BaseACL, OrgModelMixin):

    # 条件
    users = models.JSONField(verbose_name=_('User'))
-    system_users = models.JSONField(verbose_name=_('System User'))
+    accounts = models.JSONField(verbose_name=_('Account'), default=dict)
    assets = models.JSONField(verbose_name=_('Asset'))
    # 动作
    action = models.CharField(
@ -43,11 +43,11 @@ class LoginAssetACL(BaseACL, OrgModelMixin):
        return self.name

    @classmethod
-    def filter(cls, user, asset, system_user, action):
+    def filter(cls, user, asset, account, action):
        queryset = cls.objects.filter(action=action)
        queryset = cls.filter_user(user, queryset)
        queryset = cls.filter_asset(asset, queryset)
-        queryset = cls.filter_system_user(system_user, queryset)
+        queryset = cls.filter_account(account, queryset)
        return queryset

    @classmethod
@ -69,21 +69,18 @@ class LoginAssetACL(BaseACL, OrgModelMixin):
        return queryset

    @classmethod
-    def filter_system_user(cls, system_user, queryset):
+    def filter_account(cls, account, queryset):
        queryset = queryset.filter(
-            Q(system_users__name_group__contains=system_user.name) |
-            Q(system_users__name_group__contains='*')
+            Q(accounts__name_group__contains=account.name) |
+            Q(accounts__name_group__contains='*')
        ).filter(
-            Q(system_users__username_group__contains=system_user.username) |
-            Q(system_users__username_group__contains='*')
-        ).filter(
-            Q(system_users__protocol_group__contains=system_user.protocol) |
-            Q(system_users__protocol_group__contains='*')
+            Q(accounts__username_group__contains=account.username) |
+            Q(accounts__username_group__contains='*')
        )
        return queryset

    @classmethod
-    def create_login_asset_confirm_ticket(cls, user, asset, system_user, assignees, org_id):
+    def create_login_asset_confirm_ticket(cls, user, asset, account, assignees, org_id):
        from tickets.const import TicketType
        from tickets.models import ApplyLoginAssetTicket
        title = _('Login asset confirm') + ' ({})'.format(user)
@ -93,7 +90,7 @@ class LoginAssetACL(BaseACL, OrgModelMixin):
            'applicant': user,
            'apply_login_user': user,
            'apply_login_asset': asset,
-            'apply_login_system_user': system_user,
+            'apply_login_account': account,
            'org_id': org_id,
        }
        ticket = ApplyLoginAssetTicket.objects.create(**data)
--- a/apps/acls/serializers/login_asset_acl.py
+++ b/apps/acls/serializers/login_asset_acl.py
@ -38,7 +38,7 @@ class LoginAssetACLAssestsSerializer(serializers.Serializer):
    )


-class LoginAssetACLSystemUsersSerializer(serializers.Serializer):
+class LoginAssetACLAccountsSerializer(serializers.Serializer):
    protocol_group_help_text = _(
        'Format for comma-delimited string, with * indicating a match all. '
        'Protocol options: {}'
@ -52,18 +52,12 @@ class LoginAssetACLSystemUsersSerializer(serializers.Serializer):
        default=['*'], child=serializers.CharField(max_length=128), label=_('Username'),
        help_text=common_help_text
    )
-    protocol_group = serializers.ListField(
-        default=['*'], child=serializers.CharField(max_length=16), label=_('Protocol'),
-        help_text=protocol_group_help_text.format(
-            ', '.join([Protocol.ssh, Protocol.telnet])
-        )
-    )


 class LoginAssetACLSerializer(BulkOrgResourceModelSerializer):
    users = LoginAssetACLUsersSerializer()
    assets = LoginAssetACLAssestsSerializer()
-    system_users = LoginAssetACLSystemUsersSerializer()
+    account = LoginAssetACLAccountsSerializer()
    reviewers_amount = serializers.IntegerField(read_only=True, source='reviewers.count')
    action_display = serializers.ReadOnlyField(source='get_action_display', label=_('Action'))

@ -71,9 +65,8 @@ class LoginAssetACLSerializer(BulkOrgResourceModelSerializer):
        model = models.LoginAssetACL
        fields_mini = ['id', 'name']
        fields_small = fields_mini + [
-            'users', 'system_users', 'assets',
-            'is_active',
-            'date_created', 'date_updated',
+            'users', 'accounts', 'assets',
+            'is_active', 'date_created', 'date_updated',
            'priority', 'action', 'action_display', 'comment', 'created_by', 'org_id'
        ]
        fields_m2m = ['reviewers', 'reviewers_amount']
--- a/apps/acls/serializers/login_asset_check.py
+++ b/apps/acls/serializers/login_asset_check.py
@ -11,15 +11,15 @@ __all__ = ['LoginAssetCheckSerializer']
 class LoginAssetCheckSerializer(serializers.Serializer):
    user_id = serializers.UUIDField(required=True, allow_null=False)
    asset_id = serializers.UUIDField(required=True, allow_null=False)
-    system_user_id = serializers.UUIDField(required=True, allow_null=False)
-    system_user_username = serializers.CharField(max_length=128, default='')
+    account_id = serializers.UUIDField(required=True, allow_null=False)
+    account_username = serializers.CharField(max_length=128, default='')

    def __init__(self, *args, **kwargs):
        super().__init__(*args, **kwargs)
        self.user = None
        self.asset = None
-        self._system_user = None
-        self._system_user_username = None
+        self._account = None
+        self._account_username = None

    def validate_user_id(self, user_id):
        self.user = self.validate_object_exist(User, user_id)
@ -29,22 +29,6 @@ class LoginAssetCheckSerializer(serializers.Serializer):
        self.asset = self.validate_object_exist(Asset, asset_id)
        return asset_id

-    # def validate_system_user_id(self, system_user_id):
-    #     self._system_user = self.validate_object_exist(SystemUser, system_user_id)
-    #     return system_user_id
-    #
-    # def validate_system_user_username(self, system_user_username):
-    #     system_user_id = self.initial_data.get('system_user_id')
-    #     system_user = self.validate_object_exist(SystemUser, system_user_id)
-    #     if self._system_user.login_mode == SystemUser.LOGIN_MANUAL \
-    #             and not system_user.username \
-    #             and not system_user.username_same_with_user \
-    #             and not system_user_username:
-    #         error = 'Missing parameter: system_user_username'
-    #         raise serializers.ValidationError(error)
-    #     self._system_user_username = system_user_username
-    #     return system_user_username
-
    @staticmethod
    def validate_object_exist(model, field_id):
        with tmp_to_root_org():
@ -54,17 +38,6 @@ class LoginAssetCheckSerializer(serializers.Serializer):
            raise serializers.ValidationError(error)
        return obj

-    # @lazyproperty
-    # def system_user(self):
-    #     if self._system_user.username_same_with_user:
-    #         username = self.user.username
-    #     elif self._system_user.login_mode == SystemUser.LOGIN_MANUAL:
-    #         username = self._system_user_username
-    #     else:
-    #         username = self._system_user.username
-    #     self._system_user.username = username
-    #     return self._system_user
-
    @lazyproperty
    def org(self):
        return self.asset.org