perf: 修改 acl 登录限制问题

pull/11645/head
ibuler 1 year ago committed by 老广
parent 1c74dd00ba
commit e11367088a

@ -103,25 +103,27 @@ class UserAssetAccountBaseACL(OrgModelMixin, UserBaseACL):
abstract = True abstract = True
@classmethod @classmethod
def filter_queryset(cls, user=None, asset=None, account=None, account_username=None, **kwargs): def _get_filter_queryset(cls, user=None, asset=None, account=None, account_username=None, **kwargs):
queryset = cls.objects.all() queryset = cls.objects.all()
q = models.Q()
if user:
q = cls.users.get_filter_q(user)
queryset = queryset.filter(q)
if asset: if asset:
org_id = asset.org_id q &= cls.assets.get_filter_q(asset)
with tmp_to_org(org_id): if user:
q = cls.assets.get_filter_q(asset) q &= cls.users.get_filter_q(user)
queryset = queryset.filter(q)
if account and not account_username: if account and not account_username:
account_username = account.username account_username = account.username
if account_username: if account_username:
q = models.Q(accounts__contains=account_username) | \ q &= models.Q(accounts__contains=account_username) | \
models.Q(accounts__contains='*') | \ models.Q(accounts__contains='*') | \
models.Q(accounts__contains='@ALL') models.Q(accounts__contains='@ALL')
queryset = queryset.filter(q)
if kwargs: if kwargs:
queryset = queryset.filter(**kwargs) q &= models.Q(**kwargs)
queryset = queryset.filter(q)
return queryset.valid().distinct() return queryset.valid().distinct()
@classmethod
def filter_queryset(cls, asset=None, **kwargs):
org_id = asset.org_id if asset else ''
with tmp_to_org(org_id):
return cls._get_filter_queryset(asset=asset, **kwargs)

@ -376,7 +376,7 @@ class ConnectionTokenViewSet(ExtraActionApiMixin, RootOrgViewMixin, JMSModelView
def _validate_acl(self, user, asset, account): def _validate_acl(self, user, asset, account):
from acls.models import LoginAssetACL from acls.models import LoginAssetACL
acls = LoginAssetACL.filter_queryset(user, asset, account) acls = LoginAssetACL.filter_queryset(user=user, asset=asset, account=account)
ip = get_request_ip(self.request) ip = get_request_ip(self.request)
acl = LoginAssetACL.get_match_rule_acls(user, ip, acls) acl = LoginAssetACL.get_match_rule_acls(user, ip, acls)
if not acl: if not acl:

@ -87,7 +87,8 @@ def tmp_to_root_org():
@contextmanager @contextmanager
def tmp_to_org(org): def tmp_to_org(org):
ori_org = get_current_org() ori_org = get_current_org()
set_current_org(org) if org:
set_current_org(org)
yield yield
if ori_org is not None: if ori_org is not None:
set_current_org(ori_org) set_current_org(ori_org)

Loading…
Cancel
Save