From e88e4438ba9694e371e192fba35d49dbd5944c3f Mon Sep 17 00:00:00 2001
From: fit2bot <68588906+fit2bot@users.noreply.github.com>
Date: Tue, 17 Oct 2023 15:01:21 +0800
Subject: [PATCH] =?UTF-8?q?fix:=20acl=20=E8=AE=B0=E5=BD=95=E6=93=8D?=
 =?UTF-8?q?=E4=BD=9C=E6=97=A5=E5=BF=97=20=E8=B4=A6=E5=8F=B7=E4=BF=A1?=
 =?UTF-8?q?=E6=81=AF=E4=B8=BA=E7=A9=BA=20(#11869)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: feng <1304903146@qq.com>
---
 apps/authentication/api/connection_token.py | 24 ++++++++++-----------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/apps/authentication/api/connection_token.py b/apps/authentication/api/connection_token.py
index 8cefbe4e6..2f7238a38 100644
--- a/apps/authentication/api/connection_token.py
+++ b/apps/authentication/api/connection_token.py
@@ -300,6 +300,7 @@ class ConnectionTokenViewSet(ExtraActionApiMixin, RootOrgViewMixin, JMSModelView
         'get_rdp_file': 'authentication.add_connectiontoken',
         'get_client_protocol_url': 'authentication.add_connectiontoken',
     }
+    input_username = ''
 
     def get_queryset(self):
         queryset = ConnectionToken.objects \
@@ -335,6 +336,7 @@ class ConnectionTokenViewSet(ExtraActionApiMixin, RootOrgViewMixin, JMSModelView
         self._insert_connect_options(data, user)
         asset = data.get('asset')
         account_name = data.get('account')
+        self.input_username = data.get('input_username', '')
         _data = self._validate(user, asset, account_name)
         data.update(_data)
         return serializer
@@ -361,10 +363,9 @@ class ConnectionTokenViewSet(ExtraActionApiMixin, RootOrgViewMixin, JMSModelView
         if account.has_secret:
             data['input_secret'] = ''
 
-        input_username = data.get('input_username', '')
         if account.username != AliasAccount.INPUT:
             data['input_username'] = ''
-        ticket = self._validate_acl(user, asset, account, input_username)
+        ticket = self._validate_acl(user, asset, account)
         if ticket:
             data['from_ticket'] = ticket
             data['is_active'] = False
@@ -382,13 +383,12 @@ class ConnectionTokenViewSet(ExtraActionApiMixin, RootOrgViewMixin, JMSModelView
             raise JMSException(code='perm_expired', detail=msg)
         return account
 
-    @staticmethod
-    def _record_operate_log(acl, asset, input_username):
+    def _record_operate_log(self, acl, asset):
         from audits.handler import create_or_update_operate_log
         with tmp_to_org(asset.org_id):
             after = {
                 str(_('Assets')): str(asset),
-                str(_('Account')): input_username
+                str(_('Account')): self.input_username
             }
             object_name = acl._meta.object_name
             resource_type = acl._meta.verbose_name
@@ -397,7 +397,7 @@ class ConnectionTokenViewSet(ExtraActionApiMixin, RootOrgViewMixin, JMSModelView
                 after=after, object_name=object_name
             )
 
-    def _validate_acl(self, user, asset, account, input_username):
+    def _validate_acl(self, user, asset, account):
         from acls.models import LoginAssetACL
         acls = LoginAssetACL.filter_queryset(user=user, asset=asset, account=account)
         ip = get_request_ip(self.request)
@@ -405,19 +405,19 @@ class ConnectionTokenViewSet(ExtraActionApiMixin, RootOrgViewMixin, JMSModelView
         if not acl:
             return
         if acl.is_action(acl.ActionChoices.accept):
-            self._record_operate_log(acl, asset, input_username)
+            self._record_operate_log(acl, asset)
             return
         if acl.is_action(acl.ActionChoices.reject):
-            self._record_operate_log(acl, asset, input_username)
+            self._record_operate_log(acl, asset)
             msg = _('ACL action is reject: {}({})'.format(acl.name, acl.id))
             raise JMSException(code='acl_reject', detail=msg)
         if acl.is_action(acl.ActionChoices.review):
             if not self.request.query_params.get('create_ticket'):
                 msg = _('ACL action is review')
                 raise JMSException(code='acl_review', detail=msg)
-            self._record_operate_log(acl, asset, input_username)
+            self._record_operate_log(acl, asset)
             ticket = LoginAssetACL.create_login_asset_review_ticket(
-                user=user, asset=asset, account_username=input_username,
+                user=user, asset=asset, account_username=self.input_username,
                 assignees=acl.reviewers.all(), org_id=asset.org_id
             )
             return ticket
@@ -426,10 +426,10 @@ class ConnectionTokenViewSet(ExtraActionApiMixin, RootOrgViewMixin, JMSModelView
             if not reviewers:
                 return
 
-            self._record_operate_log(acl, asset, input_username)
+            self._record_operate_log(acl, asset)
             for reviewer in reviewers:
                 AssetLoginReminderMsg(
-                    reviewer, asset, user, input_username
+                    reviewer, asset, user, self.input_username
                 ).publish_async()
 
     def create(self, request, *args, **kwargs):