perf: 优化 Connection Token API 逻辑处理

apps/assets/models/cmd_filter.py

@@ -201,7 +201,7 @@ class CommandFilterRule(OrgModelMixin):
             q |= Q(user_groups__in=set(user_groups))
         if account:
             org_id = account.org_id
-            q |= Q(accounts__contains=list(account)) |\
+            q |= Q(accounts__contains=account.username) | \
                  Q(accounts__contains=SpecialAccount.ALL.value)
         if asset:
             org_id = asset.org_id

apps/authentication/api/connection_token.py

@@ -178,8 +178,6 @@ class ExtraActionApiMixin(RDPFileClientProtocolURLMixin):
     get_object: callable
     get_serializer: callable
     perform_create: callable
-    check_token_permission: callable
-    create_connection_token: callable
 
     @action(methods=['POST'], detail=False, url_path='secret-info/detail')
     def get_secret_detail(self, request, *args, **kwargs):
@@ -277,10 +275,10 @@ class ConnectionTokenViewSet(ExtraActionApiMixin, RootOrgViewMixin, JMSModelView
         from perms.utils.account import PermAccountUtil
         actions, expire_at = PermAccountUtil().validate_permission(user, asset, account_username)
         if not actions:
-            error = ''
+            error = 'No actions'
             raise PermissionDenied(error)
         if expire_at < time.time():
-            error = ''
+            error = 'Expired'
             raise PermissionDenied(error)
 
 

apps/authentication/models/connection_token.py

@@ -85,7 +85,7 @@ class ConnectionToken(OrgModelMixin, JMSBaseModel):
             is_valid = False
             error = _('No user or invalid user')
             return is_valid, error
-        if not self.asset or self.asset.is_active:
+        if not self.asset or not self.asset.is_active:
             is_valid = False
             error = _('No asset or inactive asset')
             return is_valid, error

apps/authentication/serializers/connection_token.py

@@ -159,7 +159,7 @@ class ConnectionTokenSecretSerializer(OrgResourceModelSerializerMixin):
     domain = ConnectionTokenDomainSerializer(read_only=True)
     cmd_filter_rules = ConnectionTokenCmdFilterRuleSerializer(many=True)
     actions = ActionsField()
-    expired_at = serializers.IntegerField()
+    expire_at = serializers.IntegerField()
 
     class Meta:
         model = ConnectionToken
@@ -167,5 +167,5 @@ class ConnectionTokenSecretSerializer(OrgResourceModelSerializerMixin):
             'id', 'secret',
             'user', 'asset', 'account_username', 'account', 'protocol',
             'domain', 'gateway', 'cmd_filter_rules',
-            'actions', 'expired_at',
+            'actions', 'expire_at',
         ]

apps/perms/utils/account.py

@@ -53,7 +53,9 @@ class PermAccountUtil(AssetPermissionUtil):
             user, asset, with_actions=True, with_perms=True
         )
         perm = perms.first()
-        account = accounts.filter(username=account_username).first()
+        actions = []
-        actions = account.actions if account else []
+        for account in accounts:
-        expire_at = perm.date_expired if perm else time.time()
+            if account.username == account_username:
+                actions = account.actions
+        expire_at = perm.date_expired.timestamp() if perm else time.time()
         return actions, expire_at