From cb8690dd63e226a39ecb80283e7a899154b1d264 Mon Sep 17 00:00:00 2001
From: fit2bot <68588906+fit2bot@users.noreply.github.com>
Date: Wed, 20 Jul 2022 13:23:43 +0800
Subject: [PATCH] =?UTF-8?q?fix:=20=E5=A4=84=E7=90=86=E7=BB=84=E4=BB=B6?=
 =?UTF-8?q?=E8=8E=B7=E5=8F=96connection=20token=E8=8E=B7=E5=8F=96=E4=B8=8D?=
 =?UTF-8?q?=E5=88=B0=E7=9A=84=E9=97=AE=E9=A2=98=20(#8629)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* fix: 处理组件获取connection token获取不到的问题

* fix: ViewSet 显示获取资源用户

* fix: ViewSet 显示获取资源用户

Co-authored-by: Jiangjie.Bai <bugatti_it@163.com>
---
 apps/authentication/api/connection_token.py | 24 ++++++++++++++++++---
 1 file changed, 21 insertions(+), 3 deletions(-)

diff --git a/apps/authentication/api/connection_token.py b/apps/authentication/api/connection_token.py
index 97abb58be..ecd329af0 100644
--- a/apps/authentication/api/connection_token.py
+++ b/apps/authentication/api/connection_token.py
@@ -1,3 +1,4 @@
+import abc
 import os
 import json
 import base64
@@ -34,9 +35,12 @@ class ConnectionTokenMixin:
         if not is_valid:
             raise PermissionDenied(error)
 
-    @staticmethod
-    def get_request_resources(serializer):
-        user = serializer.validated_data.get('user')
+    @abc.abstractmethod
+    def get_request_resource_user(self, serializer):
+        raise NotImplementedError
+
+    def get_request_resources(self, serializer):
+        user = self.get_request_resource_user(serializer)
         asset = serializer.validated_data.get('asset')
         application = serializer.validated_data.get('application')
         system_user = serializer.validated_data.get('system_user')
@@ -226,6 +230,17 @@ class ConnectionTokenViewSet(ConnectionTokenMixin, RootOrgViewMixin, JMSModelVie
     def get_queryset(self):
         return ConnectionToken.objects.filter(user=self.request.user)
 
+    def get_request_resource_user(self, serializer):
+        return self.request.user
+
+    def get_object(self):
+        if self.request.user.is_service_account:
+            # TODO: 组件获取 token 详情，将来放在 Super-connection-token API 中
+            obj = get_object_or_404(ConnectionToken, pk=self.kwargs.get('pk'))
+        else:
+            obj = super(ConnectionTokenViewSet, self).get_object()
+        return obj
+
     def create_connection_token(self):
         data = self.request.query_params if self.request.method == 'GET' else self.request.data
         serializer = self.get_serializer(data=data)
@@ -293,6 +308,9 @@ class SuperConnectionTokenViewSet(ConnectionTokenViewSet):
         'renewal': 'authentication.add_superconnectiontoken'
     }
 
+    def get_request_resource_user(self, serializer):
+        return serializer.validated_data.get('user')
+
     @action(methods=['PATCH'], detail=False)
     def renewal(self, request, *args, **kwargs):
         from common.utils.timezone import as_current_tz