perf: 优化 acl 默认排序和manager

apps/acls/api/login_asset_check.py

@@ -43,7 +43,7 @@ class LoginAssetCheckAPI(CreateAPIView):
         queryset = queryset.filter(accounts__contains=account_username)
 
         with tmp_to_org(self.serializer.asset.org):
-            acl = queryset.order_by('priority').valid().first()
+            acl = queryset.valid().first()
 
         if acl:
             need_review = True

apps/acls/migrations/0001_initial.py

@@ -1,14 +1,14 @@
 # Generated by Django 3.1 on 2021-03-11 09:53
 
-from django.conf import settings
-import django.core.validators
-from django.db import migrations, models
-import django.db.models.deletion
 import uuid
 
+import django.core.validators
+import django.db.models.deletion
+from django.conf import settings
+from django.db import migrations, models
+
 
 class Migration(migrations.Migration):
-
     initial = True
 
     dependencies = [
@@ -24,37 +24,51 @@ class Migration(migrations.Migration):
                 ('date_created', models.DateTimeField(auto_now_add=True, null=True, verbose_name='Date created')),
                 ('date_updated', models.DateTimeField(auto_now=True, verbose_name='Date updated')),
                 ('name', models.CharField(max_length=128, verbose_name='Name')),
-                ('priority', models.IntegerField(default=50, help_text='1-100, the lower the value will be match first', validators=[django.core.validators.MinValueValidator(1), django.core.validators.MaxValueValidator(100)], verbose_name='Priority')),
+                ('priority', models.IntegerField(default=50, help_text='1-100, the lower the value will be match first',
+                                                 validators=[django.core.validators.MinValueValidator(1),
+                                                             django.core.validators.MaxValueValidator(100)],
+                                                 verbose_name='Priority')),
                 ('is_active', models.BooleanField(default=True, verbose_name='Active')),
                 ('comment', models.TextField(blank=True, default='', verbose_name='Comment')),
                 ('ip_group', models.JSONField(default=list, verbose_name='Login IP')),
-                ('action', models.CharField(choices=[('reject', 'Reject'), ('allow', 'Allow')], default='reject', max_length=64, verbose_name='Action')),
+                ('action',
-                ('user', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='login_acls', to=settings.AUTH_USER_MODEL, verbose_name='User')),
+                 models.CharField(choices=[('reject', 'Reject'), ('allow', 'Allow')], default='reject', max_length=64,
+                                  verbose_name='Action')),
+                ('user', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='login_acls',
+                                           to=settings.AUTH_USER_MODEL, verbose_name='User')),
             ],
             options={
-                'ordering': ('priority', '-date_updated', 'name'),
+                'ordering': ('priority', 'name'),
             },
         ),
         migrations.CreateModel(
             name='LoginAssetACL',
             fields=[
-                ('org_id', models.CharField(blank=True, db_index=True, default='', max_length=36, verbose_name='Organization')),
+                ('org_id',
+                 models.CharField(blank=True, db_index=True, default='', max_length=36, verbose_name='Organization')),
                 ('id', models.UUIDField(default=uuid.uuid4, primary_key=True, serialize=False)),
                 ('created_by', models.CharField(blank=True, max_length=32, null=True, verbose_name='Created by')),
                 ('date_created', models.DateTimeField(auto_now_add=True, null=True, verbose_name='Date created')),
                 ('date_updated', models.DateTimeField(auto_now=True, verbose_name='Date updated')),
                 ('name', models.CharField(max_length=128, verbose_name='Name')),
-                ('priority', models.IntegerField(default=50, help_text='1-100, the lower the value will be match first', validators=[django.core.validators.MinValueValidator(1), django.core.validators.MaxValueValidator(100)], verbose_name='Priority')),
+                ('priority', models.IntegerField(default=50, help_text='1-100, the lower the value will be match first',
+                                                 validators=[django.core.validators.MinValueValidator(1),
+                                                             django.core.validators.MaxValueValidator(100)],
+                                                 verbose_name='Priority')),
                 ('is_active', models.BooleanField(default=True, verbose_name='Active')),
                 ('comment', models.TextField(blank=True, default='', verbose_name='Comment')),
                 ('users', models.JSONField(verbose_name='User')),
                 ('system_users', models.JSONField(verbose_name='System User')),
                 ('assets', models.JSONField(verbose_name='Asset')),
-                ('action', models.CharField(choices=[('login_confirm', 'Login confirm')], default='login_confirm', max_length=64, verbose_name='Action')),
+                ('action',
-                ('reviewers', models.ManyToManyField(blank=True, related_name='review_login_asset_acls', to=settings.AUTH_USER_MODEL, verbose_name='Reviewers')),
+                 models.CharField(choices=[('login_confirm', 'Login confirm')], default='login_confirm', max_length=64,
+                                  verbose_name='Action')),
+                ('reviewers',
+                 models.ManyToManyField(blank=True, related_name='review_login_asset_acls', to=settings.AUTH_USER_MODEL,
+                                        verbose_name='Reviewers')),
             ],
             options={
-                'ordering': ('priority', '-date_updated', 'name'),
+                'ordering': ('priority', 'name'),
                 'unique_together': {('name', 'org_id')},
             },
         ),

apps/acls/migrations/0002_auto_20210926_1047.py

@@ -2,7 +2,6 @@
 import django
 from django.conf import settings
 from django.db import migrations, models, transaction
-from acls.models import LoginACL
 
 LOGIN_CONFIRM_ZH = '登录复核'
 LOGIN_CONFIRM_EN = 'Login confirm'
@@ -90,10 +89,10 @@ class Migration(migrations.Migration):
         ),
         migrations.AlterModelOptions(
             name='loginacl',
-            options={'ordering': ('priority', '-date_updated', 'name'), 'verbose_name': 'Login acl'},
+            options={'ordering': ('priority', 'name'), 'verbose_name': 'Login acl'},
         ),
         migrations.AlterModelOptions(
             name='loginassetacl',
-            options={'ordering': ('priority', '-date_updated', 'name'), 'verbose_name': 'Login asset acl'},
+            options={'ordering': ('priority', 'name'), 'verbose_name': 'Login asset acl'},
         ),
     ]

apps/acls/migrations/0003_auto_20211130_1037.py

@@ -4,7 +4,6 @@ from django.db import migrations
 
 
 class Migration(migrations.Migration):
-
     dependencies = [
         ('acls', '0002_auto_20210926_1047'),
     ]
@@ -12,10 +11,10 @@ class Migration(migrations.Migration):
     operations = [
         migrations.AlterModelOptions(
             name='loginacl',
-            options={'ordering': ('priority', '-date_updated', 'name'), 'verbose_name': 'Login acl'},
+            options={'ordering': ('priority', 'name'), 'verbose_name': 'Login acl'},
         ),
         migrations.AlterModelOptions(
             name='loginassetacl',
-            options={'ordering': ('priority', '-date_updated', 'name'), 'verbose_name': 'Login asset acl'},
+            options={'ordering': ('priority', 'name'), 'verbose_name': 'Login asset acl'},
         ),
     ]

apps/acls/migrations/0006_commandfilteracl_commandgroup.py

@@ -63,7 +63,7 @@ class Migration(migrations.Migration):
             ],
             options={
                 'verbose_name': 'Command acl',
-                'ordering': ('priority', '-date_updated', 'name'),
+                'ordering': ('priority', 'name'),
                 'unique_together': {('name', 'org_id')},
             },
         ),

apps/acls/models/base.py

@@ -6,7 +6,7 @@ from common.db.fields import JSONManyToManyField
 from common.db.models import JMSBaseModel
 from common.utils import contains_ip
 from common.utils.time_period import contains_time_period
-from orgs.mixins.models import OrgModelMixin
+from orgs.mixins.models import OrgModelMixin, OrgManager
 
 __all__ = [
     'BaseACL', 'UserBaseACL', 'UserAssetAccountBaseACL',
@@ -48,7 +48,7 @@ class BaseACL(JMSBaseModel):
     objects = BaseACLQuerySet.as_manager()
 
     class Meta:
-        ordering = ('priority', 'date_updated', 'name')
+        ordering = ('priority', 'name')
         abstract = True
 
     def is_action(self, action):
@@ -97,6 +97,7 @@ class UserAssetAccountBaseACL(OrgModelMixin, UserBaseACL):
     name = models.CharField(max_length=128, verbose_name=_('Name'))
     assets = JSONManyToManyField('assets.Asset', default=dict, verbose_name=_('Assets'))
     accounts = models.JSONField(default=list, verbose_name=_("Accounts"))
+    objects = OrgManager.from_queryset(BaseACLQuerySet)()
 
     class Meta(UserBaseACL.Meta):
         unique_together = [('name', 'org_id')]
@@ -125,4 +126,4 @@ class UserAssetAccountBaseACL(OrgModelMixin, UserBaseACL):
             kwargs['org_id'] = org_id
         if kwargs:
             queryset = queryset.filter(**kwargs)
-        return queryset.filter(is_active=True).distinct().order_by('priority', 'date_created')
+        return queryset.valid().distinct()