perf: 修改 acl 登录限制问题

pull/11645/head
ibuler 1 year ago committed by 老广
parent 1c74dd00ba
commit e11367088a

@ -103,25 +103,27 @@ class UserAssetAccountBaseACL(OrgModelMixin, UserBaseACL):
abstract = True
@classmethod
def filter_queryset(cls, user=None, asset=None, account=None, account_username=None, **kwargs):
def _get_filter_queryset(cls, user=None, asset=None, account=None, account_username=None, **kwargs):
queryset = cls.objects.all()
if user:
q = cls.users.get_filter_q(user)
queryset = queryset.filter(q)
q = models.Q()
if asset:
org_id = asset.org_id
with tmp_to_org(org_id):
q = cls.assets.get_filter_q(asset)
queryset = queryset.filter(q)
q &= cls.assets.get_filter_q(asset)
if user:
q &= cls.users.get_filter_q(user)
if account and not account_username:
account_username = account.username
if account_username:
q = models.Q(accounts__contains=account_username) | \
q &= models.Q(accounts__contains=account_username) | \
models.Q(accounts__contains='*') | \
models.Q(accounts__contains='@ALL')
queryset = queryset.filter(q)
if kwargs:
queryset = queryset.filter(**kwargs)
q &= models.Q(**kwargs)
queryset = queryset.filter(q)
return queryset.valid().distinct()
@classmethod
def filter_queryset(cls, asset=None, **kwargs):
org_id = asset.org_id if asset else ''
with tmp_to_org(org_id):
return cls._get_filter_queryset(asset=asset, **kwargs)

@ -376,7 +376,7 @@ class ConnectionTokenViewSet(ExtraActionApiMixin, RootOrgViewMixin, JMSModelView
def _validate_acl(self, user, asset, account):
from acls.models import LoginAssetACL
acls = LoginAssetACL.filter_queryset(user, asset, account)
acls = LoginAssetACL.filter_queryset(user=user, asset=asset, account=account)
ip = get_request_ip(self.request)
acl = LoginAssetACL.get_match_rule_acls(user, ip, acls)
if not acl:

@ -87,6 +87,7 @@ def tmp_to_root_org():
@contextmanager
def tmp_to_org(org):
ori_org = get_current_org()
if org:
set_current_org(org)
yield
if ori_org is not None:

Loading…
Cancel
Save