login asset acl

apps/acls/api/login_asset_check.py

@@ -26,7 +26,7 @@ class LoginAssetCheckAPI(CreateAPIView):
     def check_if_need_confirm(self):
         queries = {
             'user': self.serializer.user, 'asset': self.serializer.asset,
-            'system_user': self.serializer.system_user,
+            'account': self.serializer.account,
             'action': LoginAssetACL.ActionChoices.login_confirm
         }
         with tmp_to_org(self.serializer.org):
@@ -45,7 +45,7 @@ class LoginAssetCheckAPI(CreateAPIView):
         ticket = LoginAssetACL.create_login_asset_confirm_ticket(
             user=self.serializer.user,
             asset=self.serializer.asset,
-            system_user=self.serializer.system_user,
+            account=self.serializer.account,
             assignees=acl.reviewers.all(),
             org_id=self.serializer.org.id,
         )

apps/acls/migrations/0004_auto_20220831_1658.py

@@ -0,0 +1,33 @@
+# Generated by Django 3.2.13 on 2022-08-31 08:58
+
+from django.db import migrations, models
+
+
+def migrate_system_users_to_accounts(apps, schema_editor):
+    login_asset_acl_model = apps.get_model('acls', 'LoginAssetACL')
+    qs = login_asset_acl_model.objects.all()
+    login_asset_acls = []
+    for instance in qs:
+        instance.accounts = instance.system_users
+        login_asset_acls.append(instance)
+    login_asset_acl_model.objects.bulk_update(login_asset_acls, ['accounts'])
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ('acls', '0003_auto_20211130_1037'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='loginassetacl',
+            name='accounts',
+            field=models.JSONField(default=dict, verbose_name='Account'),
+        ),
+        migrations.RunPython(migrate_system_users_to_accounts),
+        migrations.RemoveField(
+            model_name='loginassetacl',
+            name='system_users',
+        ),
+
+    ]

apps/acls/models/login_asset_acl.py

@@ -18,7 +18,7 @@ class LoginAssetACL(BaseACL, OrgModelMixin):
 
     # 条件
     users = models.JSONField(verbose_name=_('User'))
-    system_users = models.JSONField(verbose_name=_('System User'))
+    accounts = models.JSONField(verbose_name=_('Account'), default=dict)
     assets = models.JSONField(verbose_name=_('Asset'))
     # 动作
     action = models.CharField(
@@ -43,11 +43,11 @@ class LoginAssetACL(BaseACL, OrgModelMixin):
         return self.name
 
     @classmethod
-    def filter(cls, user, asset, system_user, action):
+    def filter(cls, user, asset, account, action):
         queryset = cls.objects.filter(action=action)
         queryset = cls.filter_user(user, queryset)
         queryset = cls.filter_asset(asset, queryset)
-        queryset = cls.filter_system_user(system_user, queryset)
+        queryset = cls.filter_account(account, queryset)
         return queryset
 
     @classmethod
@@ -69,21 +69,18 @@ class LoginAssetACL(BaseACL, OrgModelMixin):
         return queryset
 
     @classmethod
-    def filter_system_user(cls, system_user, queryset):
+    def filter_account(cls, account, queryset):
         queryset = queryset.filter(
-            Q(system_users__name_group__contains=system_user.name) |
+            Q(accounts__name_group__contains=account.name) |
-            Q(system_users__name_group__contains='*')
+            Q(accounts__name_group__contains='*')
         ).filter(
-            Q(system_users__username_group__contains=system_user.username) |
+            Q(accounts__username_group__contains=account.username) |
-            Q(system_users__username_group__contains='*')
+            Q(accounts__username_group__contains='*')
-        ).filter(
-            Q(system_users__protocol_group__contains=system_user.protocol) |
-            Q(system_users__protocol_group__contains='*')
         )
         return queryset
 
     @classmethod
-    def create_login_asset_confirm_ticket(cls, user, asset, system_user, assignees, org_id):
+    def create_login_asset_confirm_ticket(cls, user, asset, account, assignees, org_id):
         from tickets.const import TicketType
         from tickets.models import ApplyLoginAssetTicket
         title = _('Login asset confirm') + ' ({})'.format(user)
@@ -93,7 +90,7 @@ class LoginAssetACL(BaseACL, OrgModelMixin):
             'applicant': user,
             'apply_login_user': user,
             'apply_login_asset': asset,
-            'apply_login_system_user': system_user,
+            'apply_login_account': account,
             'org_id': org_id,
         }
         ticket = ApplyLoginAssetTicket.objects.create(**data)

apps/acls/serializers/login_asset_acl.py

@@ -38,7 +38,7 @@ class LoginAssetACLAssestsSerializer(serializers.Serializer):
     )
 
 
-class LoginAssetACLSystemUsersSerializer(serializers.Serializer):
+class LoginAssetACLAccountsSerializer(serializers.Serializer):
     protocol_group_help_text = _(
         'Format for comma-delimited string, with * indicating a match all. '
         'Protocol options: {}'
@@ -52,18 +52,12 @@ class LoginAssetACLSystemUsersSerializer(serializers.Serializer):
         default=['*'], child=serializers.CharField(max_length=128), label=_('Username'),
         help_text=common_help_text
     )
-    protocol_group = serializers.ListField(
-        default=['*'], child=serializers.CharField(max_length=16), label=_('Protocol'),
-        help_text=protocol_group_help_text.format(
-            ', '.join([Protocol.ssh, Protocol.telnet])
-        )
-    )
 
 
 class LoginAssetACLSerializer(BulkOrgResourceModelSerializer):
     users = LoginAssetACLUsersSerializer()
     assets = LoginAssetACLAssestsSerializer()
-    system_users = LoginAssetACLSystemUsersSerializer()
+    account = LoginAssetACLAccountsSerializer()
     reviewers_amount = serializers.IntegerField(read_only=True, source='reviewers.count')
     action_display = serializers.ReadOnlyField(source='get_action_display', label=_('Action'))
 
@@ -71,9 +65,8 @@ class LoginAssetACLSerializer(BulkOrgResourceModelSerializer):
         model = models.LoginAssetACL
         fields_mini = ['id', 'name']
         fields_small = fields_mini + [
-            'users', 'system_users', 'assets',
+            'users', 'accounts', 'assets',
-            'is_active',
+            'is_active', 'date_created', 'date_updated',
-            'date_created', 'date_updated',
             'priority', 'action', 'action_display', 'comment', 'created_by', 'org_id'
         ]
         fields_m2m = ['reviewers', 'reviewers_amount']

apps/acls/serializers/login_asset_check.py

@@ -11,15 +11,15 @@ __all__ = ['LoginAssetCheckSerializer']
 class LoginAssetCheckSerializer(serializers.Serializer):
     user_id = serializers.UUIDField(required=True, allow_null=False)
     asset_id = serializers.UUIDField(required=True, allow_null=False)
-    system_user_id = serializers.UUIDField(required=True, allow_null=False)
+    account_id = serializers.UUIDField(required=True, allow_null=False)
-    system_user_username = serializers.CharField(max_length=128, default='')
+    account_username = serializers.CharField(max_length=128, default='')
 
     def __init__(self, *args, **kwargs):
         super().__init__(*args, **kwargs)
         self.user = None
         self.asset = None
-        self._system_user = None
+        self._account = None
-        self._system_user_username = None
+        self._account_username = None
 
     def validate_user_id(self, user_id):
         self.user = self.validate_object_exist(User, user_id)
@@ -29,22 +29,6 @@ class LoginAssetCheckSerializer(serializers.Serializer):
         self.asset = self.validate_object_exist(Asset, asset_id)
         return asset_id
 
-    # def validate_system_user_id(self, system_user_id):
-    #     self._system_user = self.validate_object_exist(SystemUser, system_user_id)
-    #     return system_user_id
-    #
-    # def validate_system_user_username(self, system_user_username):
-    #     system_user_id = self.initial_data.get('system_user_id')
-    #     system_user = self.validate_object_exist(SystemUser, system_user_id)
-    #     if self._system_user.login_mode == SystemUser.LOGIN_MANUAL \
-    #             and not system_user.username \
-    #             and not system_user.username_same_with_user \
-    #             and not system_user_username:
-    #         error = 'Missing parameter: system_user_username'
-    #         raise serializers.ValidationError(error)
-    #     self._system_user_username = system_user_username
-    #     return system_user_username
-
     @staticmethod
     def validate_object_exist(model, field_id):
         with tmp_to_root_org():
@@ -54,17 +38,6 @@ class LoginAssetCheckSerializer(serializers.Serializer):
             raise serializers.ValidationError(error)
         return obj
 
-    # @lazyproperty
-    # def system_user(self):
-    #     if self._system_user.username_same_with_user:
-    #         username = self.user.username
-    #     elif self._system_user.login_mode == SystemUser.LOGIN_MANUAL:
-    #         username = self._system_user_username
-    #     else:
-    #         username = self._system_user.username
-    #     self._system_user.username = username
-    #     return self._system_user
-
     @lazyproperty
     def org(self):
         return self.asset.org