perf: connection token

apps/authentication/api/connection_token.py

@@ -29,9 +29,9 @@ from terminal.models import EndpointRule, Endpoint
 from users.const import FileNameConflictResolution
 from users.const import RDPSmartSize, RDPColorQuality
 from users.models import Preference
-from ..models import ConnectionToken, AdminConnectionToken, date_expired_default
 from .face import FaceMonitorContext
 from ..mixins import AuthFaceMixin
+from ..models import ConnectionToken, AdminConnectionToken, date_expired_default
 from ..serializers import (
     ConnectionTokenSerializer, ConnectionTokenSecretSerializer,
     SuperConnectionTokenSerializer, ConnectTokenAppletOptionSerializer,
@@ -442,9 +442,12 @@ class ConnectionTokenViewSet(AuthFaceMixin, ExtraActionApiMixin, RootOrgViewMixi
         return data
 
     @staticmethod
-    def _validate_perm(user, asset, account_name, protocol):
+    def get_permed_account(user, asset, account_name, protocol):
         from perms.utils.asset_perm import PermAssetDetailUtil
-        account = PermAssetDetailUtil(user, asset).validate_permission(account_name, protocol)
+        return PermAssetDetailUtil(user, asset).validate_permission(account_name, protocol)
+
+    def _validate_perm(self, user, asset, account_name, protocol):
+        account = self.get_permed_account(user, asset, account_name, protocol)
         if not account or not account.actions:
             msg = _('Account not found')
             raise JMSException(code='perm_account_invalid', detail=msg)
@@ -675,3 +678,10 @@ class AdminConnectionTokenViewSet(ConnectionTokenViewSet):
 
     def get_queryset(self):
         return AdminConnectionToken.objects.all()
+
+    def get_permed_account(self, user, asset, account_name, protocol):
+        with tmp_to_org(asset.org):
+            account = asset.accounts.all().active().get(name=account_name)
+            account.actions = ActionChoices.all()
+            account.date_expired = timezone.now() + timezone.timedelta(days=365)
+            return account

apps/authentication/models/connection_token.py

@@ -19,6 +19,7 @@ from common.utils import lazyproperty, pretty_string, bulk_get
 from common.utils.timezone import as_current_tz
 from orgs.mixins.models import JMSOrgBaseModel
 from orgs.utils import tmp_to_org
+from perms.const import ActionChoices
 from terminal.models import Applet, VirtualApp
 
 
@@ -306,3 +307,14 @@ class AdminConnectionToken(ConnectionToken):
     class Meta:
         proxy = True
         verbose_name = _("Admin connection token")
+
+    @lazyproperty
+    def actions(self):
+        return ActionChoices.all()
+
+    @lazyproperty
+    def expire_at(self):
+        return (timezone.now() + timezone.timedelta(days=365)).timestamp()
+
+    def is_valid(self):
+        return True

apps/i18n/lina/zh.json

@@ -1067,7 +1067,7 @@
     "ResetSSHKeySuccessMsg": "发送邮件任务已提交, 用户稍后会收到重置密钥邮件",
     "ResetSSHKeyWarningMsg": "你确定要发送重置用户的SSH Key的邮件吗?",
     "ResetSecret": "可改密",
-    "ResolveSelected": "解决选定",
+    "ResolveSelected": "解决所定",
     "Resource": "资源",
     "ResourceType": "资源类型",
     "RestoreButton": "恢复默认",

apps/perms/utils/asset_perm.py

@@ -1,7 +1,5 @@
 from collections import defaultdict
 
-from django.utils import timezone
-
 from accounts.const import AliasAccount
 from accounts.models import VirtualAccount
 from assets.models import Asset, MyAsset
@@ -42,12 +40,6 @@ class PermAssetDetailUtil:
 
     def validate_permission(self, account_name, protocol):
         with tmp_to_org(self.asset.org):
-            if self.user.is_superuser:
-                account = self.asset.accounts.all().active().get(name=account_name)
-                account.actions = ActionChoices.all()
-                account.date_expired = timezone.now() + timezone.timedelta(days=365)
-                return account
-
             protocols = self.get_permed_protocols_for_user(only_name=True)
             if 'all' not in protocols and protocol not in protocols:
                 return None