From 0001ffba1b0e07962ebfcecb04651d3eef89c6ec Mon Sep 17 00:00:00 2001
From: ibuler <ibuler@qq.com>
Date: Tue, 21 Feb 2023 13:39:28 +0800
Subject: [PATCH] =?UTF-8?q?perf:=20=E4=BC=98=E5=8C=96=20rbac?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 apps/accounts/migrations/0001_initial.py      |  1 -
 .../migrations/0007_alter_account_options.py  |  2 +-
 .../migrations/0008_alter_account_options.py  | 17 ++++++++++++++++
 apps/accounts/models/account.py               |  2 ++
 apps/assets/api/asset/asset.py                |  4 ++--
 .../migrations/0110_alter_asset_options.py    | 17 ++++++++++++++++
 .../migrations/0111_alter_asset_options.py    | 17 ++++++++++++++++
 apps/assets/models/asset/common.py            |  2 --
 apps/assets/serializers/asset/common.py       |  2 +-
 apps/locale/ja/LC_MESSAGES/django.mo          |  4 ++--
 apps/locale/ja/LC_MESSAGES/django.po          | 20 +++++++++++--------
 apps/locale/zh/LC_MESSAGES/django.mo          |  4 ++--
 apps/locale/zh/LC_MESSAGES/django.po          | 20 +++++++++++--------
 .../0011_remove_redundant_permission.py       |  2 +-
 14 files changed, 86 insertions(+), 28 deletions(-)
 create mode 100644 apps/accounts/migrations/0008_alter_account_options.py
 create mode 100644 apps/assets/migrations/0110_alter_asset_options.py
 create mode 100644 apps/assets/migrations/0111_alter_asset_options.py

diff --git a/apps/accounts/migrations/0001_initial.py b/apps/accounts/migrations/0001_initial.py
index 6e211a7fc..b8fe35670 100644
--- a/apps/accounts/migrations/0001_initial.py
+++ b/apps/accounts/migrations/0001_initial.py
@@ -50,7 +50,6 @@ class Migration(migrations.Migration):
             options={
                 'verbose_name': 'Account',
                 'permissions': [('view_accountsecret', 'Can view asset account secret'),
-                                ('change_accountsecret', 'Can change asset account secret'),
                                 ('view_historyaccount', 'Can view asset history account'),
                                 ('view_historyaccountsecret', 'Can view asset history account secret')],
                 'unique_together': {('username', 'asset', 'secret_type'), ('name', 'asset')},
diff --git a/apps/accounts/migrations/0007_alter_account_options.py b/apps/accounts/migrations/0007_alter_account_options.py
index 73193e9a4..4ec798a21 100644
--- a/apps/accounts/migrations/0007_alter_account_options.py
+++ b/apps/accounts/migrations/0007_alter_account_options.py
@@ -12,6 +12,6 @@ class Migration(migrations.Migration):
     operations = [
         migrations.AlterModelOptions(
             name='account',
-            options={'permissions': [('view_accountsecret', 'Can view asset account secret'), ('view_historyaccount', 'Can view asset history account'), ('view_historyaccountsecret', 'Can view asset history account secret')], 'verbose_name': 'Account'},
+            options={'permissions': [('view_accountsecret', 'Can view asset account secret'), ('view_historyaccount', 'Can view asset history account'), ('view_historyaccountsecret', 'Can view asset history account secret'), ('verify_account', 'Can verify account'), ('push_account', 'Can push account')], 'verbose_name': 'Account'},
         ),
     ]
diff --git a/apps/accounts/migrations/0008_alter_account_options.py b/apps/accounts/migrations/0008_alter_account_options.py
new file mode 100644
index 000000000..949840740
--- /dev/null
+++ b/apps/accounts/migrations/0008_alter_account_options.py
@@ -0,0 +1,17 @@
+# Generated by Django 3.2.14 on 2023-02-21 05:13
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('accounts', '0007_alter_account_options'),
+    ]
+
+    operations = [
+        migrations.AlterModelOptions(
+            name='account',
+            options={'permissions': [('view_accountsecret', 'Can view asset account secret'), ('view_historyaccount', 'Can view asset history account'), ('view_historyaccountsecret', 'Can view asset history account secret'), ('verify_account', 'Can verify account'), ('push_account', 'Can push account')], 'verbose_name': 'Account'},
+        ),
+    ]
diff --git a/apps/accounts/models/account.py b/apps/accounts/models/account.py
index ed5fb72fa..7367c53de 100644
--- a/apps/accounts/models/account.py
+++ b/apps/accounts/models/account.py
@@ -64,6 +64,8 @@ class Account(AbsConnectivity, BaseAccount):
             ('view_accountsecret', _('Can view asset account secret')),
             ('view_historyaccount', _('Can view asset history account')),
             ('view_historyaccountsecret', _('Can view asset history account secret')),
+            ('verify_account', _('Can verify account')),
+            ('push_account', _('Can push account')),
         ]
 
     @lazyproperty
diff --git a/apps/assets/api/asset/asset.py b/apps/assets/api/asset/asset.py
index f51bdbb94..5b6b9084b 100644
--- a/apps/assets/api/asset/asset.py
+++ b/apps/assets/api/asset/asset.py
@@ -180,9 +180,9 @@ class AssetTaskCreateApi(AssetsTaskMixin, generics.CreateAPIView):
     def check_permissions(self, request):
         action_perm_require = {
             "refresh": "assets.refresh_assethardwareinfo",
-            "push_account": "accounts.add_pushaccountexecution",
+            "push_account": "accounts.push_account",
             "test": "assets.test_assetconnectivity",
-            "test_account": "assets.test_account",
+            "test_account": "accounts.verify_account",
         }
         _action = request.data.get("action")
         perm_required = action_perm_require.get(_action)
diff --git a/apps/assets/migrations/0110_alter_asset_options.py b/apps/assets/migrations/0110_alter_asset_options.py
new file mode 100644
index 000000000..6d0e2a7aa
--- /dev/null
+++ b/apps/assets/migrations/0110_alter_asset_options.py
@@ -0,0 +1,17 @@
+# Generated by Django 3.2.14 on 2023-02-21 05:11
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('assets', '0109_alter_asset_options'),
+    ]
+
+    operations = [
+        migrations.AlterModelOptions(
+            name='asset',
+            options={'ordering': ['name'], 'permissions': [('refresh_assethardwareinfo', 'Can refresh asset hardware info'), ('test_assetconnectivity', 'Can test asset connectivity'), ('push_assetaccount', 'Can push account to asset'), ('test_account', 'Can verify account'), ('match_asset', 'Can match asset'), ('change_assetnodes', 'Can change asset nodes')], 'verbose_name': 'Asset'},
+        ),
+    ]
diff --git a/apps/assets/migrations/0111_alter_asset_options.py b/apps/assets/migrations/0111_alter_asset_options.py
new file mode 100644
index 000000000..5a54d6830
--- /dev/null
+++ b/apps/assets/migrations/0111_alter_asset_options.py
@@ -0,0 +1,17 @@
+# Generated by Django 3.2.14 on 2023-02-21 05:22
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('assets', '0110_alter_asset_options'),
+    ]
+
+    operations = [
+        migrations.AlterModelOptions(
+            name='asset',
+            options={'ordering': ['name'], 'permissions': [('refresh_assethardwareinfo', 'Can refresh asset hardware info'), ('test_assetconnectivity', 'Can test asset connectivity'), ('match_asset', 'Can match asset'), ('change_assetnodes', 'Can change asset nodes')], 'verbose_name': 'Asset'},
+        ),
+    ]
diff --git a/apps/assets/models/asset/common.py b/apps/assets/models/asset/common.py
index 3e013fa0d..8460556c4 100644
--- a/apps/assets/models/asset/common.py
+++ b/apps/assets/models/asset/common.py
@@ -281,8 +281,6 @@ class Asset(NodesRelationMixin, AbsConnectivity, JMSOrgBaseModel):
         permissions = [
             ('refresh_assethardwareinfo', _('Can refresh asset hardware info')),
             ('test_assetconnectivity', _('Can test asset connectivity')),
-            ('push_assetaccount', _('Can push account to asset')),
-            ('test_account', _('Can verify account')),
             ('match_asset', _('Can match asset')),
             ('change_assetnodes', _('Can change asset nodes')),
         ]
diff --git a/apps/assets/serializers/asset/common.py b/apps/assets/serializers/asset/common.py
index 0d4939086..9c31ee695 100644
--- a/apps/assets/serializers/asset/common.py
+++ b/apps/assets/serializers/asset/common.py
@@ -83,7 +83,7 @@ class AssetAccountSerializer(
 
     def validate_push_now(self, value):
         request = self.context['request']
-        if not request.user.has_perms('assets.push_assetaccount'):
+        if not request.user.has_perms('accounts.push_account'):
             return False
         return value
 
diff --git a/apps/locale/ja/LC_MESSAGES/django.mo b/apps/locale/ja/LC_MESSAGES/django.mo
index 77a9fd388..f2bf6d5da 100644
--- a/apps/locale/ja/LC_MESSAGES/django.mo
+++ b/apps/locale/ja/LC_MESSAGES/django.mo
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:694d0090ced3dd431fd632329c8d081d696baae99b4e7561ccc5abc5343f82ca
-size 135571
+oid sha256:ad88d17921655f6102ae29c8f1e34c65eac8eb5217a8ba14d189035db156789a
+size 135647
diff --git a/apps/locale/ja/LC_MESSAGES/django.po b/apps/locale/ja/LC_MESSAGES/django.po
index 0f9b9d529..48382f434 100644
--- a/apps/locale/ja/LC_MESSAGES/django.po
+++ b/apps/locale/ja/LC_MESSAGES/django.po
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2023-02-21 13:00+0800\n"
+"POT-Creation-Date: 2023-02-21 13:14+0800\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -215,15 +215,23 @@ msgstr "資産履歴アカウントを表示できます"
 msgid "Can view asset history account secret"
 msgstr "資産履歴アカウントパスワードを表示できます"
 
-#: accounts/models/account.py:111
+#: accounts/models/account.py:67 assets/models/asset/common.py:285
+msgid "Can verify account"
+msgstr "アカウントを確認できます"
+
+#: accounts/models/account.py:68
+msgid "Can push account"
+msgstr "アカウントをプッシュできます"
+
+#: accounts/models/account.py:113
 msgid "Account template"
 msgstr "アカウント テンプレート"
 
-#: accounts/models/account.py:116
+#: accounts/models/account.py:118
 msgid "Can view asset account template secret"
 msgstr "アセット アカウント テンプレートのパスワードを表示できます"
 
-#: accounts/models/account.py:117
+#: accounts/models/account.py:119
 msgid "Can change asset account template secret"
 msgstr "アセット アカウント テンプレートのパスワードを変更できます"
 
@@ -1193,10 +1201,6 @@ msgstr "資産接続をテストできます"
 msgid "Can push account to asset"
 msgstr "アカウントをアセットにプッシュできます"
 
-#: assets/models/asset/common.py:285
-msgid "Can verify account"
-msgstr "アカウントを確認できます"
-
 #: assets/models/asset/common.py:286
 msgid "Can match asset"
 msgstr "アセットを一致させることができます"
diff --git a/apps/locale/zh/LC_MESSAGES/django.mo b/apps/locale/zh/LC_MESSAGES/django.mo
index 6feff0df0..1da0d3cf9 100644
--- a/apps/locale/zh/LC_MESSAGES/django.mo
+++ b/apps/locale/zh/LC_MESSAGES/django.mo
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:c18587f19a5d5723a65592162020f8e43b1f69572ec437a83ba914d636f0f32b
-size 111452
+oid sha256:e044950aeb211a81af9d2530f0468b5aa0ffc3acfffd899fbacb78a769b5de59
+size 111504
diff --git a/apps/locale/zh/LC_MESSAGES/django.po b/apps/locale/zh/LC_MESSAGES/django.po
index 829aaee91..98d9bfb7f 100644
--- a/apps/locale/zh/LC_MESSAGES/django.po
+++ b/apps/locale/zh/LC_MESSAGES/django.po
@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: JumpServer 0.3.3\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2023-02-21 13:00+0800\n"
+"POT-Creation-Date: 2023-02-21 13:14+0800\n"
 "PO-Revision-Date: 2021-05-20 10:54+0800\n"
 "Last-Translator: ibuler <ibuler@qq.com>\n"
 "Language-Team: JumpServer team<ibuler@qq.com>\n"
@@ -214,15 +214,23 @@ msgstr "可以查看资产历史账号"
 msgid "Can view asset history account secret"
 msgstr "可以查看资产历史账号密码"
 
-#: accounts/models/account.py:111
+#: accounts/models/account.py:67 assets/models/asset/common.py:285
+msgid "Can verify account"
+msgstr "可以验证账号"
+
+#: accounts/models/account.py:68
+msgid "Can push account"
+msgstr "可以推送账号"
+
+#: accounts/models/account.py:113
 msgid "Account template"
 msgstr "账号模版"
 
-#: accounts/models/account.py:116
+#: accounts/models/account.py:118
 msgid "Can view asset account template secret"
 msgstr "可以查看资产账号模版密码"
 
-#: accounts/models/account.py:117
+#: accounts/models/account.py:119
 msgid "Can change asset account template secret"
 msgstr "可以更改资产账号模版密码"
 
@@ -1185,10 +1193,6 @@ msgstr "可以测试资产连接性"
 msgid "Can push account to asset"
 msgstr "可以推送账号到资产"
 
-#: assets/models/asset/common.py:285
-msgid "Can verify account"
-msgstr "可以验证账号"
-
 #: assets/models/asset/common.py:286
 msgid "Can match asset"
 msgstr "可以匹配资产"
diff --git a/apps/rbac/migrations/0011_remove_redundant_permission.py b/apps/rbac/migrations/0011_remove_redundant_permission.py
index d84e86ab3..d8a874f19 100644
--- a/apps/rbac/migrations/0011_remove_redundant_permission.py
+++ b/apps/rbac/migrations/0011_remove_redundant_permission.py
@@ -27,7 +27,7 @@ def migrate_remove_redundant_permission(apps, *args):
 
     perm_model = apps.get_model('auth', 'Permission')
     perm_model.objects.filter(codename__in=[
-        'view_permusergroupasset', 'view_permuserasset', 'push_assetsystemuser', 'change_accountsecret'
+        'view_permusergroupasset', 'view_permuserasset', 'push_assetsystemuser',
     ]).delete()