diff --git a/apps/assets/models/cmd_filter.py b/apps/assets/models/cmd_filter.py index be8945c55..7023fdbc6 100644 --- a/apps/assets/models/cmd_filter.py +++ b/apps/assets/models/cmd_filter.py @@ -201,7 +201,7 @@ class CommandFilterRule(OrgModelMixin): q |= Q(user_groups__in=set(user_groups)) if account: org_id = account.org_id - q |= Q(accounts__contains=list(account)) |\ + q |= Q(accounts__contains=account.username) | \ Q(accounts__contains=SpecialAccount.ALL.value) if asset: org_id = asset.org_id diff --git a/apps/authentication/api/connection_token.py b/apps/authentication/api/connection_token.py index 08b59581e..0c04531d5 100644 --- a/apps/authentication/api/connection_token.py +++ b/apps/authentication/api/connection_token.py @@ -178,8 +178,6 @@ class ExtraActionApiMixin(RDPFileClientProtocolURLMixin): get_object: callable get_serializer: callable perform_create: callable - check_token_permission: callable - create_connection_token: callable @action(methods=['POST'], detail=False, url_path='secret-info/detail') def get_secret_detail(self, request, *args, **kwargs): @@ -277,10 +275,10 @@ class ConnectionTokenViewSet(ExtraActionApiMixin, RootOrgViewMixin, JMSModelView from perms.utils.account import PermAccountUtil actions, expire_at = PermAccountUtil().validate_permission(user, asset, account_username) if not actions: - error = '' + error = 'No actions' raise PermissionDenied(error) if expire_at < time.time(): - error = '' + error = 'Expired' raise PermissionDenied(error) diff --git a/apps/authentication/models/connection_token.py b/apps/authentication/models/connection_token.py index 3ed4c2a54..48c61f954 100644 --- a/apps/authentication/models/connection_token.py +++ b/apps/authentication/models/connection_token.py @@ -85,7 +85,7 @@ class ConnectionToken(OrgModelMixin, JMSBaseModel): is_valid = False error = _('No user or invalid user') return is_valid, error - if not self.asset or self.asset.is_active: + if not self.asset or not self.asset.is_active: is_valid = False error = _('No asset or inactive asset') return is_valid, error diff --git a/apps/authentication/serializers/connection_token.py b/apps/authentication/serializers/connection_token.py index e809ed78c..6e1f19be1 100644 --- a/apps/authentication/serializers/connection_token.py +++ b/apps/authentication/serializers/connection_token.py @@ -159,7 +159,7 @@ class ConnectionTokenSecretSerializer(OrgResourceModelSerializerMixin): domain = ConnectionTokenDomainSerializer(read_only=True) cmd_filter_rules = ConnectionTokenCmdFilterRuleSerializer(many=True) actions = ActionsField() - expired_at = serializers.IntegerField() + expire_at = serializers.IntegerField() class Meta: model = ConnectionToken @@ -167,5 +167,5 @@ class ConnectionTokenSecretSerializer(OrgResourceModelSerializerMixin): 'id', 'secret', 'user', 'asset', 'account_username', 'account', 'protocol', 'domain', 'gateway', 'cmd_filter_rules', - 'actions', 'expired_at', + 'actions', 'expire_at', ] diff --git a/apps/perms/utils/account.py b/apps/perms/utils/account.py index 3963e113c..8d8f5e743 100644 --- a/apps/perms/utils/account.py +++ b/apps/perms/utils/account.py @@ -53,7 +53,9 @@ class PermAccountUtil(AssetPermissionUtil): user, asset, with_actions=True, with_perms=True ) perm = perms.first() - account = accounts.filter(username=account_username).first() - actions = account.actions if account else [] - expire_at = perm.date_expired if perm else time.time() + actions = [] + for account in accounts: + if account.username == account_username: + actions = account.actions + expire_at = perm.date_expired.timestamp() if perm else time.time() return actions, expire_at