From 11636dafd8024a2684f7c905bff2f5a4f42c9a98 Mon Sep 17 00:00:00 2001
From: fit2bot <68588906+fit2bot@users.noreply.github.com>
Date: Mon, 28 Nov 2022 18:43:58 +0800
Subject: [PATCH 1/2] perf: history account secret perm (#9128)

Co-authored-by: feng <1304903146@qq.com>
---
 .../0113_alter_accounttemplate_options.py     | 17 +++++++++++++
 apps/assets/models/account.py                 |  4 ++++
 .../migrations/0017_auto_20221128_1839.py     | 24 +++++++++++++++++++
 .../ops/migrations/0036_auto_20221128_1839.py | 21 ++++++++++++++++
 4 files changed, 66 insertions(+)
 create mode 100644 apps/assets/migrations/0113_alter_accounttemplate_options.py
 create mode 100644 apps/authentication/migrations/0017_auto_20221128_1839.py
 create mode 100644 apps/ops/migrations/0036_auto_20221128_1839.py

diff --git a/apps/assets/migrations/0113_alter_accounttemplate_options.py b/apps/assets/migrations/0113_alter_accounttemplate_options.py
new file mode 100644
index 000000000..e635426c1
--- /dev/null
+++ b/apps/assets/migrations/0113_alter_accounttemplate_options.py
@@ -0,0 +1,17 @@
+# Generated by Django 3.2.14 on 2022-11-28 10:39
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('assets', '0112_gateway_to_asset'),
+    ]
+
+    operations = [
+        migrations.AlterModelOptions(
+            name='accounttemplate',
+            options={'permissions': [('view_accounttemplatesecret', 'Can view asset account template secret'), ('change_accounttemplatesecret', 'Can change asset account template secret')], 'verbose_name': 'Account template'},
+        ),
+    ]
diff --git a/apps/assets/models/account.py b/apps/assets/models/account.py
index cad5f9ded..930fd7882 100644
--- a/apps/assets/models/account.py
+++ b/apps/assets/models/account.py
@@ -94,6 +94,10 @@ class AccountTemplate(BaseAccount):
         unique_together = (
             ('name', 'org_id'),
         )
+        permissions = [
+            ('view_accounttemplatesecret', _('Can view asset account template secret')),
+            ('change_accounttemplatesecret', _('Can change asset account template secret')),
+        ]
 
     def __str__(self):
         return self.username
diff --git a/apps/authentication/migrations/0017_auto_20221128_1839.py b/apps/authentication/migrations/0017_auto_20221128_1839.py
new file mode 100644
index 000000000..31a49267a
--- /dev/null
+++ b/apps/authentication/migrations/0017_auto_20221128_1839.py
@@ -0,0 +1,24 @@
+# Generated by Django 3.2.14 on 2022-11-28 10:39
+
+import common.db.fields
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('authentication', '0016_auto_20221125_2240'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='connectiontoken',
+            name='input_secret',
+            field=common.db.fields.EncryptCharField(blank=True, default='', max_length=128, verbose_name='Input Secret'),
+        ),
+        migrations.AlterField(
+            model_name='connectiontoken',
+            name='input_username',
+            field=models.CharField(blank=True, default='', max_length=128, verbose_name='Input Username'),
+        ),
+    ]
diff --git a/apps/ops/migrations/0036_auto_20221128_1839.py b/apps/ops/migrations/0036_auto_20221128_1839.py
new file mode 100644
index 000000000..22bc435e2
--- /dev/null
+++ b/apps/ops/migrations/0036_auto_20221128_1839.py
@@ -0,0 +1,21 @@
+# Generated by Django 3.2.14 on 2022-11-28 10:39
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('ops', '0035_jobexecution_org_id'),
+    ]
+
+    operations = [
+        migrations.AlterModelOptions(
+            name='job',
+            options={'ordering': ['date_created']},
+        ),
+        migrations.AlterModelOptions(
+            name='jobexecution',
+            options={'ordering': ['-date_created']},
+        ),
+    ]

From 3052aa759c98e3a180bb9a022323d8b087817724 Mon Sep 17 00:00:00 2001
From: feng <1304903146@qq.com>
Date: Mon, 28 Nov 2022 21:54:20 +0800
Subject: [PATCH 2/2] perf: ticket login asset acl

---
 apps/acls/api/login_asset_check.py         |  4 ++--
 apps/acls/models/login_asset_acl.py        | 14 +++++++-------
 apps/acls/serializers/login_asset_check.py | 19 ++++++++++++-------
 3 files changed, 21 insertions(+), 16 deletions(-)

diff --git a/apps/acls/api/login_asset_check.py b/apps/acls/api/login_asset_check.py
index bedf78d41..331c42768 100644
--- a/apps/acls/api/login_asset_check.py
+++ b/apps/acls/api/login_asset_check.py
@@ -26,7 +26,7 @@ class LoginAssetCheckAPI(CreateAPIView):
     def check_if_need_confirm(self):
         queries = {
             'user': self.serializer.user, 'asset': self.serializer.asset,
-            'account': self.serializer.account,
+            'account_username': self.serializer.username,
             'action': LoginAssetACL.ActionChoices.login_confirm
         }
         with tmp_to_org(self.serializer.org):
@@ -45,7 +45,7 @@ class LoginAssetCheckAPI(CreateAPIView):
         ticket = LoginAssetACL.create_login_asset_confirm_ticket(
             user=self.serializer.user,
             asset=self.serializer.asset,
-            account=self.serializer.account,
+            account_username=self.serializer.username,
             assignees=acl.reviewers.all(),
             org_id=self.serializer.org.id,
         )
diff --git a/apps/acls/models/login_asset_acl.py b/apps/acls/models/login_asset_acl.py
index 2ad9363e5..b01e4aed1 100644
--- a/apps/acls/models/login_asset_acl.py
+++ b/apps/acls/models/login_asset_acl.py
@@ -43,11 +43,11 @@ class LoginAssetACL(BaseACL, OrgModelMixin):
         return self.name
 
     @classmethod
-    def filter(cls, user, asset, account, action):
+    def filter(cls, user, asset, account_username, action):
         queryset = cls.objects.filter(action=action)
         queryset = cls.filter_user(user, queryset)
         queryset = cls.filter_asset(asset, queryset)
-        queryset = cls.filter_account(account, queryset)
+        queryset = cls.filter_account(account_username, queryset)
         return queryset
 
     @classmethod
@@ -69,18 +69,18 @@ class LoginAssetACL(BaseACL, OrgModelMixin):
         return queryset
 
     @classmethod
-    def filter_account(cls, account, queryset):
+    def filter_account(cls, account_username, queryset):
         queryset = queryset.filter(
-            Q(accounts__name_group__contains=account.name) |
+            Q(accounts__name_group__contains=account_username) |
             Q(accounts__name_group__contains='*')
         ).filter(
-            Q(accounts__username_group__contains=account.username) |
+            Q(accounts__username_group__contains=account_username) |
             Q(accounts__username_group__contains='*')
         )
         return queryset
 
     @classmethod
-    def create_login_asset_confirm_ticket(cls, user, asset, account, assignees, org_id):
+    def create_login_asset_confirm_ticket(cls, user, asset, account_username, assignees, org_id):
         from tickets.const import TicketType
         from tickets.models import ApplyLoginAssetTicket
         title = _('Login asset confirm') + ' ({})'.format(user)
@@ -90,7 +90,7 @@ class LoginAssetACL(BaseACL, OrgModelMixin):
             'applicant': user,
             'apply_login_user': user,
             'apply_login_asset': asset,
-            'apply_login_account': str(account),
+            'apply_login_account': account_username,
             'type': TicketType.login_asset_confirm,
         }
         ticket = ApplyLoginAssetTicket.objects.create(**data)
diff --git a/apps/acls/serializers/login_asset_check.py b/apps/acls/serializers/login_asset_check.py
index 2240cb8d6..279feb3b6 100644
--- a/apps/acls/serializers/login_asset_check.py
+++ b/apps/acls/serializers/login_asset_check.py
@@ -10,15 +10,13 @@ __all__ = ['LoginAssetCheckSerializer']
 class LoginAssetCheckSerializer(serializers.Serializer):
     user_id = serializers.UUIDField(required=True, allow_null=False)
     asset_id = serializers.UUIDField(required=True, allow_null=False)
-    account_id = serializers.UUIDField(required=True, allow_null=False)
     account_username = serializers.CharField(max_length=128, default='')
 
     def __init__(self, *args, **kwargs):
         super().__init__(*args, **kwargs)
         self.user = None
         self.asset = None
-        self.account = None
-        self._account_username = None
+        self.username = None
 
     def validate_user_id(self, user_id):
         self.user = self.validate_object_exist(User, user_id)
@@ -28,10 +26,6 @@ class LoginAssetCheckSerializer(serializers.Serializer):
         self.asset = self.validate_object_exist(Asset, asset_id)
         return asset_id
 
-    def validate_account_id(self, account_id):
-        self.account = self.validate_object_exist(Account, account_id)
-        return account_id
-
     @staticmethod
     def validate_object_exist(model, field_id):
         with tmp_to_root_org():
@@ -41,6 +35,17 @@ class LoginAssetCheckSerializer(serializers.Serializer):
             raise serializers.ValidationError(error)
         return obj
 
+    def validate_account_username(self, account_username):
+        asset_id = self.initial_data.get('asset_id')
+        account = Account.objects.filter(
+            username=account_username, asset_id=asset_id
+        ).first()
+        if not account:
+            error = 'Account username does not exist'
+            raise serializers.ValidationError(error)
+        self.username = account_username
+        return account_username
+
     @lazyproperty
     def org(self):
         return self.asset.org