From ba3bce1e2e6fd86890bef910d02683a1502382fc Mon Sep 17 00:00:00 2001
From: ibuler <ibuler@qq.com>
Date: Tue, 8 Apr 2025 14:57:49 +0800
Subject: [PATCH] perf: perm account valid

---
 apps/accounts/models/account.py               | 24 ++++++++++++++-----
 apps/accounts/serializers/account/account.py  |  2 +-
 apps/assets/models/asset/common.py            |  2 +-
 apps/authentication/api/connection_token.py   | 20 ++++++++--------
 .../authentication/models/connection_token.py |  4 ++--
 apps/perms/utils/asset_perm.py                |  4 ++--
 6 files changed, 34 insertions(+), 22 deletions(-)

diff --git a/apps/accounts/models/account.py b/apps/accounts/models/account.py
index d16deb1a3..9bd8449f8 100644
--- a/apps/accounts/models/account.py
+++ b/apps/accounts/models/account.py
@@ -136,24 +136,36 @@ class Account(AbsConnectivity, LabeledMixin, BaseAccount, JSONFilterMixin):
         """
         if self.username.startswith('@'):
             return self.username
-        return self.id
+        return str(self.id)
+
+    def is_ds_account(self):
+        if self.username.startswith('@'):
+            return False
+        if self.platform.category == 'ds':
+            return True
+        return False
 
     @lazyproperty
     def ds_id(self):
-        if self.username.startswith('@'):
-            return None
-        if self.platform.category == 'ds':
+        if self.is_ds_account():
             return self.asset.ds.id
         return None
 
     @lazyproperty
     def ds_domain(self):
-        if self.username.startswith('@'):
-            return None
         if self.ds_id:
             return self.asset.ds.domain_name
         return None
 
+    @lazyproperty
+    def ds(self):
+        if not self.is_ds_account():
+            return {}
+        return {
+            'id': self.ds_id,
+            'domain': self.ds_domain,
+        }
+
     @lazyproperty
     def full_username(self):
         if self.ds_domain:
diff --git a/apps/accounts/serializers/account/account.py b/apps/accounts/serializers/account/account.py
index e6932e546..988739c72 100644
--- a/apps/accounts/serializers/account/account.py
+++ b/apps/accounts/serializers/account/account.py
@@ -241,7 +241,7 @@ class AccountSerializer(AccountCreateUpdateSerializerMixin, BaseAccountSerialize
             'date_change_secret', 'change_secret_status'
         ]
         fields = BaseAccountSerializer.Meta.fields + [
-            'su_from', 'asset', 'version', 'ds_domain',
+            'su_from', 'asset', 'version', 'ds_domain', 'ds_id',
             'source', 'source_id', 'secret_reset',
         ] + AccountCreateUpdateSerializerMixin.Meta.fields + automation_fields
         read_only_fields = BaseAccountSerializer.Meta.read_only_fields + automation_fields
diff --git a/apps/assets/models/asset/common.py b/apps/assets/models/asset/common.py
index c219984b2..d59e86509 100644
--- a/apps/assets/models/asset/common.py
+++ b/apps/assets/models/asset/common.py
@@ -256,7 +256,7 @@ class Asset(NodesRelationMixin, LabeledMixin, AbsConnectivity, JSONFilterMixin,
     @lazyproperty
     def all_valid_accounts(self):
         queryset = (self.all_accounts.filter(is_active=True)
-                    .prefetch_related('asset', 'asset__platform', 'asset__platform__ad'))
+                    .prefetch_related('asset', 'asset__platform', 'asset__platform__ds'))
         return queryset
 
     @lazyproperty
diff --git a/apps/authentication/api/connection_token.py b/apps/authentication/api/connection_token.py
index a1f56f619..ee726c45d 100644
--- a/apps/authentication/api/connection_token.py
+++ b/apps/authentication/api/connection_token.py
@@ -408,22 +408,22 @@ class ConnectionTokenViewSet(AuthFaceMixin, ExtraActionApiMixin, RootOrgViewMixi
     def validate_exchange_token(self, token):
         user = token.user
         asset = token.asset
-        account_name = token.account
-        _data = self._validate(user, asset, account_name, token.protocol, token.connect_method)
+        account_alias = token.account
+        _data = self._validate(user, asset, account_alias, token.protocol, token.connect_method)
         for k, v in _data.items():
             setattr(token, k, v)
         return token
 
-    def _validate(self, user, asset, account_name, protocol, connect_method):
+    def _validate(self, user, asset, account_alias, protocol, connect_method):
         data = dict()
         data['org_id'] = asset.org_id
         data['user'] = user
         data['value'] = random_string(16)
 
-        if account_name == AliasAccount.ANON and asset.category not in ['web', 'custom']:
+        if account_alias == AliasAccount.ANON and asset.category not in ['web', 'custom']:
             raise ValidationError(_('Anonymous account is not supported for this asset'))
 
-        account = self._validate_perm(user, asset, account_name, protocol)
+        account = self._validate_perm(user, asset, account_alias, protocol)
         if account.has_secret:
             data['input_secret'] = ''
 
@@ -442,11 +442,11 @@ class ConnectionTokenViewSet(AuthFaceMixin, ExtraActionApiMixin, RootOrgViewMixi
         return data
 
     @staticmethod
-    def get_permed_account(user, asset, account_name, protocol):
-        return ConnectionToken.get_user_permed_account(user, asset, account_name, protocol)
+    def get_permed_account(user, asset, account_alias, protocol):
+        return ConnectionToken.get_user_permed_account(user, asset, account_alias, protocol)
 
-    def _validate_perm(self, user, asset, account_name, protocol):
-        account = self.get_permed_account(user, asset, account_name, protocol)
+    def _validate_perm(self, user, asset, account_alias, protocol):
+        account = self.get_permed_account(user, asset, account_alias, protocol)
         if not account or not account.actions:
             msg = _('Account not found')
             raise JMSException(code='perm_account_invalid', detail=msg)
@@ -616,7 +616,7 @@ class SuperConnectionTokenViewSet(ConnectionTokenViewSet):
             raise PermissionDenied('Not allow to view secret')
 
         token_id = request.data.get('id') or ''
-        token = ConnectionToken.get_typed_connection_token(token_id)   
+        token = ConnectionToken.get_typed_connection_token(token_id)
         token.is_valid()
         serializer = self.get_serializer(instance=token)
 
diff --git a/apps/authentication/models/connection_token.py b/apps/authentication/models/connection_token.py
index 80ecda74a..acdaa9890 100644
--- a/apps/authentication/models/connection_token.py
+++ b/apps/authentication/models/connection_token.py
@@ -121,10 +121,10 @@ class ConnectionToken(JMSOrgBaseModel):
         self.save()
 
     @classmethod
-    def get_user_permed_account(cls, user, asset, account_name, protocol):
+    def get_user_permed_account(cls, user, asset, account_alias, protocol):
         from perms.utils import PermAssetDetailUtil
         permed_account = PermAssetDetailUtil(user, asset) \
-            .validate_permission(account_name, protocol)
+            .validate_permission(account_alias, protocol)
         return permed_account
 
     def get_permed_account(self):
diff --git a/apps/perms/utils/asset_perm.py b/apps/perms/utils/asset_perm.py
index 992f8f6c5..fa5a37d99 100644
--- a/apps/perms/utils/asset_perm.py
+++ b/apps/perms/utils/asset_perm.py
@@ -38,14 +38,14 @@ class PermAssetDetailUtil:
             queryset = Asset.objects.filter(id=self.asset_id)
             return queryset.get()
 
-    def validate_permission(self, account_name, protocol):
+    def validate_permission(self, account_alias, protocol):
         with tmp_to_org(self.asset.org):
             protocols = self.get_permed_protocols_for_user(only_name=True)
             if 'all' not in protocols and protocol not in protocols:
                 return None
             permed_accounts = self.get_permed_accounts_for_user()
             accounts_mapper = {account.alias: account for account in permed_accounts}
-            account = accounts_mapper.get(account_name)
+            account = accounts_mapper.get(account_alias)
             return account
 
     @lazyproperty