From e18e76002c9134e0ed9c0a5ee2a044e68a2a02bd Mon Sep 17 00:00:00 2001
From: "Jiangjie.Bai" <bugatti_it@163.com>
Date: Tue, 15 Mar 2022 12:56:10 +0800
Subject: [PATCH 01/17] =?UTF-8?q?fix:=20=E6=9A=82=E6=97=B6=E6=8E=92?=
 =?UTF-8?q?=E9=99=A4=E4=BC=9A=E8=AF=9D=E5=88=86=E4=BA=AB=E7=9A=84=E6=9D=83?=
 =?UTF-8?q?=E9=99=90=E4=BD=8D?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 apps/rbac/const.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/apps/rbac/const.py b/apps/rbac/const.py
index 88adf1199..d625c8a0a 100644
--- a/apps/rbac/const.py
+++ b/apps/rbac/const.py
@@ -79,6 +79,7 @@ exclude_permissions = (
     ('terminal', 'status', 'delete,change', 'status'),
     ('terminal', 'sessionjoinrecord', 'delete', 'sessionjoinrecord'),
     ('terminal', 'sessionreplay', 'add,change,delete', 'sessionreplay'),
+    ('terminal', 'sessionsharing', 'view,add,change,delete', 'sessionsharing'),
     ('terminal', 'session', 'delete', 'session'),
     ('terminal', 'session', 'delete,change', 'command'),
 )

From 40aca2615518e97063a0ec0f59ad17ff8672fa08 Mon Sep 17 00:00:00 2001
From: "Jiangjie.Bai" <bugatti_it@163.com>
Date: Tue, 15 Mar 2022 13:11:47 +0800
Subject: [PATCH 02/17] =?UTF-8?q?fix:=20=E6=9A=82=E6=97=B6=E6=8E=92?=
 =?UTF-8?q?=E9=99=A4=E4=BC=9A=E8=AF=9D=E5=88=86=E4=BA=AB=E7=9A=84=E6=9D=83?=
 =?UTF-8?q?=E9=99=90=E4=BD=8D?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 apps/rbac/const.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/rbac/const.py b/apps/rbac/const.py
index d625c8a0a..f907e4c81 100644
--- a/apps/rbac/const.py
+++ b/apps/rbac/const.py
@@ -80,7 +80,7 @@ exclude_permissions = (
     ('terminal', 'sessionjoinrecord', 'delete', 'sessionjoinrecord'),
     ('terminal', 'sessionreplay', 'add,change,delete', 'sessionreplay'),
     ('terminal', 'sessionsharing', 'view,add,change,delete', 'sessionsharing'),
-    ('terminal', 'session', 'delete', 'session'),
+    ('terminal', 'session', 'delete,share', 'session'),
     ('terminal', 'session', 'delete,change', 'command'),
 )
 

From 2042c7a6e5bf63dc6b6867dc60ddd582772c18b0 Mon Sep 17 00:00:00 2001
From: "Jiangjie.Bai" <bugatti_it@163.com>
Date: Tue, 15 Mar 2022 14:09:14 +0800
Subject: [PATCH 03/17] =?UTF-8?q?fix:=20=E4=BA=91=E5=90=8C=E6=AD=A5?=
 =?UTF-8?q?=E6=9D=83=E9=99=90=E6=98=BE=E7=A4=BA=E5=88=9B=E5=BB=BA=E6=89=A7?=
 =?UTF-8?q?=E8=A1=8C?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 apps/rbac/const.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/apps/rbac/const.py b/apps/rbac/const.py
index f907e4c81..a5a390306 100644
--- a/apps/rbac/const.py
+++ b/apps/rbac/const.py
@@ -71,8 +71,8 @@ exclude_permissions = (
     ('xpack', 'interface', '*', '*'),
     ('xpack', 'license', '*', '*'),
     ('xpack', 'syncinstancedetail', 'add,delete,change', 'syncinstancedetail'),
-    ('xpack', 'syncinstancetaskexecution', 'add,delete,change', 'syncinstancetaskexecution'),
-    ('xpack', 'changeauthplanexecution', 'add,delete,change', 'changeauthplanexecution'),
+    ('xpack', 'syncinstancetaskexecution', 'delete,change', 'syncinstancetaskexecution'),
+    ('xpack', 'changeauthplanexecution', 'delete,change', 'changeauthplanexecution'),
     ('xpack', 'changeauthplantask', 'add,delete', 'changeauthplantask'),
     ('common', 'permission', 'add,delete,view,change', 'permission'),
     ('terminal', 'command', 'delete,change', 'command'),

From d77e84e6f871858845428825533259de7bb18242 Mon Sep 17 00:00:00 2001
From: fit2bot <68588906+fit2bot@users.noreply.github.com>
Date: Tue, 15 Mar 2022 16:50:51 +0800
Subject: [PATCH 04/17] fix: ticket comment bug (#7854)

Co-authored-by: feng626 <1304903146@qq.com>
---
 apps/tickets/api/comment.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/tickets/api/comment.py b/apps/tickets/api/comment.py
index 382ad2c99..3bdf55079 100644
--- a/apps/tickets/api/comment.py
+++ b/apps/tickets/api/comment.py
@@ -15,7 +15,7 @@ __all__ = ['CommentViewSet']
 
 class CommentViewSet(mixins.CreateModelMixin, viewsets.ReadOnlyModelViewSet):
     serializer_class = serializers.CommentSerializer
-    permission_classes = (RBACPermission| IsSwagger | IsAssignee | IsApplicant)
+    permission_classes = (RBACPermission, IsSwagger | IsAssignee | IsApplicant)
 
     @lazyproperty
     def ticket(self):

From ee44ae2e1282ecf37b89b4fb17778db298caa02c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=90=B4=E5=B0=8F=E7=99=BD?= <296015668@qq.com>
Date: Tue, 15 Mar 2022 13:06:04 +0800
Subject: [PATCH 05/17] =?UTF-8?q?perf:=20=E4=BC=98=E5=8C=96=E6=9E=84?=
 =?UTF-8?q?=E5=BB=BA=E9=80=9F=E5=BA=A6?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 Dockerfile | 63 ++++++++++++++++++++++++++++++++++++++----------------
 1 file changed, 45 insertions(+), 18 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index a013c074d..421f95b20 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -8,7 +8,6 @@ WORKDIR /opt/jumpserver
 ADD . .
 RUN cd utils && bash -ixeu build.sh
 
-# 构建运行时环境
 FROM python:3.8-slim
 ARG PIP_MIRROR=https://pypi.douban.com/simple
 ENV PIP_MIRROR=$PIP_MIRROR
@@ -17,38 +16,66 @@ ENV PIP_JMS_MIRROR=$PIP_JMS_MIRROR
 
 WORKDIR /opt/jumpserver
 
-COPY ./requirements/deb_requirements.txt ./requirements/deb_requirements.txt
+ARG BUILD_DEPENDENCIES="              \
+    g++                               \
+    make                              \
+    pkg-config"
+
+ARG DEPENDENCIES="                    \
+    default-libmysqlclient-dev        \
+    freetds-dev                       \
+    libpq-dev                         \
+    libffi-dev                        \
+    libldap2-dev                      \
+    libsasl2-dev                      \
+    libxml2-dev                       \
+    libxmlsec1-dev                    \
+    libxmlsec1-openssl                \
+    libaio-dev                        \
+    sshpass"
+
+ARG TOOLS="                           \
+    curl                              \
+    default-mysql-client              \
+    iproute2                          \
+    iputils-ping                      \
+    locales                           \
+    procps                            \
+    redis-tools                       \
+    telnet                            \
+    vim                               \
+    wget"
+
 RUN sed -i 's/deb.debian.org/mirrors.aliyun.com/g' /etc/apt/sources.list \
     && sed -i 's/security.debian.org/mirrors.aliyun.com/g' /etc/apt/sources.list \
     && apt update \
-    && apt -y install telnet iproute2 redis-tools default-mysql-client vim wget curl locales procps \
-    && apt -y install $(cat requirements/deb_requirements.txt) \
-    && rm -rf /var/lib/apt/lists/* \
+    && apt -y install ${BUILD_DEPENDENCIES} \
+    && apt -y install ${DEPENDENCIES} \
+    && apt -y install ${TOOLS} \
     && localedef -c -f UTF-8 -i zh_CN zh_CN.UTF-8 \
     && cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \
-    && sed -i "s@# alias l@alias l@g" ~/.bashrc \
-    && echo "set mouse-=a" > ~/.vimrc
-
-COPY ./requirements/requirements.txt ./requirements/requirements.txt
-RUN pip install --upgrade pip==20.2.4 setuptools==49.6.0 wheel==0.34.2 -i ${PIP_MIRROR} \
-    && pip install --no-cache-dir $(grep -E 'jms|jumpserver' requirements/requirements.txt) -i ${PIP_JMS_MIRROR} \
-    && pip install --no-cache-dir -r requirements/requirements.txt -i ${PIP_MIRROR} \
-    && rm -rf ~/.cache/pip
-
-COPY --from=stage-build /opt/jumpserver/release/jumpserver /opt/jumpserver
-RUN mkdir -p /root/.ssh/ \
+    && mkdir -p /root/.ssh/ \
     && echo "Host *\n\tStrictHostKeyChecking no\n\tUserKnownHostsFile /dev/null" > /root/.ssh/config \
+    && sed -i "s@# alias l@alias l@g" ~/.bashrc \
+    && echo "set mouse-=a" > ~/.vimrc \
+    && rm -rf /var/lib/apt/lists/* \
     && mv /bin/sh /bin/sh.bak  \
     && ln -s /bin/bash /bin/sh
 
 RUN mkdir -p /opt/jumpserver/oracle/ \
-    && wget https://download.jumpserver.org/public/instantclient-basiclite-linux.x64-21.1.0.0.0.tar > /dev/null \
+    && wget https://download.jumpserver.org/public/instantclient-basiclite-linux.x64-21.1.0.0.0.tar \
     && tar xf instantclient-basiclite-linux.x64-21.1.0.0.0.tar -C /opt/jumpserver/oracle/ \
     && echo "/opt/jumpserver/oracle/instantclient_21_1" > /etc/ld.so.conf.d/oracle-instantclient.conf \
     && ldconfig \
     && rm -f instantclient-basiclite-linux.x64-21.1.0.0.0.tar
 
-RUN echo > config.yml
+COPY --from=stage-build /opt/jumpserver/release/jumpserver /opt/jumpserver
+
+RUN echo > config.yml \
+    && pip install --upgrade pip==20.2.4 setuptools==49.6.0 wheel==0.34.2 -i ${PIP_MIRROR} \
+    && pip install --no-cache-dir $(grep -E 'jms|jumpserver' requirements/requirements.txt) -i ${PIP_JMS_MIRROR} \
+    && pip install --no-cache-dir -r requirements/requirements.txt -i ${PIP_MIRROR} \
+    && rm -rf ~/.cache/pip
 
 VOLUME /opt/jumpserver/data
 VOLUME /opt/jumpserver/logs

From e1a238b778ebb6e42acc48cbab5dbfc26169ed78 Mon Sep 17 00:00:00 2001
From: feng626 <1304903146@qq.com>
Date: Tue, 15 Mar 2022 14:24:55 +0800
Subject: [PATCH 06/17] =?UTF-8?q?fix:=20=E5=88=A0=E9=99=A4=E8=B5=84?=
 =?UTF-8?q?=E4=BA=A7=E6=8E=88=E6=9D=83=E7=BC=93=E5=AD=98=E6=8E=A5=E5=8F=A3?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 apps/perms/api/asset/user_permission/common.py | 7 -------
 apps/perms/urls/asset_permission.py            | 2 --
 2 files changed, 9 deletions(-)

diff --git a/apps/perms/api/asset/user_permission/common.py b/apps/perms/api/asset/user_permission/common.py
index 609fb52c3..1594cedb9 100644
--- a/apps/perms/api/asset/user_permission/common.py
+++ b/apps/perms/api/asset/user_permission/common.py
@@ -22,7 +22,6 @@ from perms import serializers
 logger = get_logger(__name__)
 
 __all__ = [
-    'RefreshAssetPermissionCacheApi',
     'UserGrantedAssetSystemUsersForAdminApi',
     'ValidateUserAssetPermissionApi',
     'GetUserAssetPermissionActionsApi',
@@ -97,12 +96,6 @@ class ValidateUserAssetPermissionApi(APIView):
         return Response(data, status=status_code)
 
 
-# TODO 删除
-class RefreshAssetPermissionCacheApi(RetrieveAPIView):
-    def retrieve(self, request, *args, **kwargs):
-        return Response({'msg': True}, status=200)
-
-
 class UserGrantedAssetSystemUsersForAdminApi(ListAPIView):
     serializer_class = serializers.AssetSystemUserSerializer
     only_fields = serializers.AssetSystemUserSerializer.Meta.only_fields
diff --git a/apps/perms/urls/asset_permission.py b/apps/perms/urls/asset_permission.py
index 7b251dea7..f24b1b8ba 100644
--- a/apps/perms/urls/asset_permission.py
+++ b/apps/perms/urls/asset_permission.py
@@ -100,8 +100,6 @@ permission_urlpatterns = [
     path('user/validate/', api.ValidateUserAssetPermissionApi.as_view(), name='validate-user-asset-permission'),
     path('user/actions/', api.GetUserAssetPermissionActionsApi.as_view(), name='get-user-asset-permission-actions'),
 
-    # 刷新缓存
-    path('cache/refresh/', api.RefreshAssetPermissionCacheApi.as_view(), name='refresh-asset-permission-cache'),
 ]
 
 asset_permission_urlpatterns = [

From a18b9bad0a775b29c4e2002cc5045fd3d9c771c7 Mon Sep 17 00:00:00 2001
From: fit2bot <68588906+fit2bot@users.noreply.github.com>
Date: Tue, 15 Mar 2022 17:32:54 +0800
Subject: [PATCH 07/17] =?UTF-8?q?fix:=20=C2=A0=E4=BF=AE=E5=A4=8Dticketsess?=
 =?UTF-8?q?ion=20(#7857)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: feng626 <1304903146@qq.com>
---
 apps/tickets/api/relation.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/apps/tickets/api/relation.py b/apps/tickets/api/relation.py
index 674be316c..cbb661259 100644
--- a/apps/tickets/api/relation.py
+++ b/apps/tickets/api/relation.py
@@ -17,6 +17,7 @@ class TicketSessionRelationViewSet(CreateModelMixin, JMSGenericViewSet):
 
 # Todo: 放到上面的 ViewSet 中
 class TicketSessionApi(views.APIView):
+    perm_model = TicketSession
 
     def get(self, request, *args, **kwargs):
         with tmp_to_root_org():

From 90840a4417bcacd09c92f9f235ea64604284a3c2 Mon Sep 17 00:00:00 2001
From: fit2bot <68588906+fit2bot@users.noreply.github.com>
Date: Tue, 15 Mar 2022 18:22:13 +0800
Subject: [PATCH 08/17] =?UTF-8?q?fix:=20=E5=B7=A5=E5=8D=95=E5=88=9B?=
 =?UTF-8?q?=E5=BB=BAbug=20(#7858)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: feng626 <1304903146@qq.com>
---
 apps/perms/serializers/base.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/perms/serializers/base.py b/apps/perms/serializers/base.py
index 63cdd8d72..3d48447fb 100644
--- a/apps/perms/serializers/base.py
+++ b/apps/perms/serializers/base.py
@@ -12,7 +12,7 @@ class ActionsField(serializers.MultipleChoiceField):
         super().__init__(*args, **kwargs)
 
     def run_validation(self, data=empty):
-        data = super(ActionsField, self).run_validation()
+        data = super(ActionsField, self).run_validation(data)
         if isinstance(data, list):
             data = Action.choices_to_value(value=data)
         return data

From 4f887b1b1138f706379f170ad7ca9a19ae8b63b5 Mon Sep 17 00:00:00 2001
From: ibuler <ibuler@qq.com>
Date: Tue, 15 Mar 2022 18:40:31 +0800
Subject: [PATCH 09/17] =?UTF-8?q?perf:=20=E4=BC=98=E5=8C=96=20tree=20node?=
 =?UTF-8?q?=20icon?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 apps/rbac/tree.py | 58 +++++++++++++++++++++--------------------------
 1 file changed, 26 insertions(+), 32 deletions(-)

diff --git a/apps/rbac/tree.py b/apps/rbac/tree.py
index 092f6ce90..6a40365f5 100644
--- a/apps/rbac/tree.py
+++ b/apps/rbac/tree.py
@@ -151,6 +151,21 @@ def sort_nodes(node):
 
 class PermissionTreeUtil:
     get_permissions: Callable
+    action_mapper = {
+        'add': ugettext('Create'),
+        'view': ugettext('View'),
+        'change': ugettext('Update'),
+        'delete': ugettext('Delete')
+    }
+    action_icon = {
+        'add': 'add',
+        'view': 'view',
+        'change': 'change',
+        'delete': 'delete',
+        'invite': 'invite',
+        'match': 'match',
+        'remove': 'remove'
+    }
 
     def __init__(self, permissions, scope, check_disabled=False):
         self.permissions = self.prefetch_permissions(permissions)
@@ -262,38 +277,17 @@ class PermissionTreeUtil:
             nodes.append(node)
         return nodes
 
-    @staticmethod
-    def _get_permission_name(p, content_types_name_mapper):
-        p: Permission
-        code_name = p.codename
-        action_mapper = {
-            'add': ugettext('Create'),
-            'view': ugettext('View'),
-            'change': ugettext('Update'),
-            'delete': ugettext('Delete')
-        }
-        name = ''
-        ct = ''
-        if 'add_' in p.codename:
-            name = action_mapper['add']
-            ct = code_name.replace('add_', '')
-        elif 'view_' in p.codename:
-            name = action_mapper['view']
-            ct = code_name.replace('view_', '')
-        elif 'change_' in p.codename:
-            name = action_mapper['change']
-            ct = code_name.replace('change_', '')
-        elif 'delete' in code_name:
-            name = action_mapper['delete']
-            ct = code_name.replace('delete_', '')
-
-        app_model = '%s.%s' % (p.content_type.app_label, ct)
-        if app_model in content_types_name_mapper:
-            name += content_types_name_mapper[app_model]
+    def _get_permission_name_icon(self, p: Permission, content_types_name_mapper: dict):
+        action, resource = p.codename.split('_', 1)
+        app_model = '%s.%s' % (p.content_type.app_label, resource)
+        if action in self.action_mapper and app_model in content_types_name_mapper:
+            action_name = self.action_mapper[action]
+            name = action_name + content_types_name_mapper[app_model]
         else:
             name = gettext(p.name)
-            name = name.replace('Can ', '').replace('可以', '')
-        return name
+        icon = self.action_icon.get(action, 'file')
+        name = name.replace('Can ', '').replace('可以', '')
+        return name, icon
 
     def _create_perms_nodes(self):
         permissions_id = self.permissions.values_list('id', flat=True)
@@ -306,7 +300,7 @@ class PermissionTreeUtil:
             if not self._check_model_xpack(model_id):
                 continue
             # name 要特殊处理，解决 i18n 问题
-            name = self._get_permission_name(p, content_types_name_mapper)
+            name, icon = self._get_permission_name_icon(p, content_types_name_mapper)
             if settings.DEBUG:
                 name += '[{}]'.format(p.app_label_codename)
 
@@ -328,7 +322,7 @@ class PermissionTreeUtil:
                 'pId': pid,
                 'isParent': False,
                 'chkDisabled': self.check_disabled,
-                'iconSkin': 'file',
+                'iconSkin': icon,
                 'checked': p.id in permissions_id,
                 'open': False,
                 'meta': {

From 8839e6293ba44542a2509e57d15a4e41cf83fa75 Mon Sep 17 00:00:00 2001
From: ibuler <ibuler@qq.com>
Date: Tue, 15 Mar 2022 15:42:10 +0800
Subject: [PATCH 10/17] =?UTF-8?q?perf:=20=E4=BF=AE=E6=94=B9=20mfa=20?=
 =?UTF-8?q?=E5=9C=B0=E5=9D=80?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 apps/authentication/mfa/sms.py              | 6 +++---
 apps/users/templates/users/mfa_setting.html | 5 +++--
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/apps/authentication/mfa/sms.py b/apps/authentication/mfa/sms.py
index 670e49378..d23b68766 100644
--- a/apps/authentication/mfa/sms.py
+++ b/apps/authentication/mfa/sms.py
@@ -44,13 +44,13 @@ class MFASms(BaseMFA):
         return settings.SMS_ENABLED
 
     def get_enable_url(self) -> str:
-        return '/ui/#/users/profile/?activeTab=ProfileUpdate'
+        return '/ui/#/profile/setting?activeTab=ProfileUpdate'
 
     def can_disable(self) -> bool:
         return True
 
     def disable(self):
-        return '/ui/#/users/profile/?activeTab=ProfileUpdate'
+        return '/ui/#/profile/setting?activeTab=ProfileUpdate'
 
     @staticmethod
     def help_text_of_enable():
@@ -61,4 +61,4 @@ class MFASms(BaseMFA):
         return _("Clear phone number to disable")
 
     def get_disable_url(self) -> str:
-        return '/ui/#/users/profile/?activeTab=ProfileUpdate'
+        return '/ui/#/profile/setting?activeTab=ProfileUpdate'
diff --git a/apps/users/templates/users/mfa_setting.html b/apps/users/templates/users/mfa_setting.html
index e1c6067f3..cb7b5a313 100644
--- a/apps/users/templates/users/mfa_setting.html
+++ b/apps/users/templates/users/mfa_setting.html
@@ -49,8 +49,9 @@
             <div style="height: 100%; width: 100%;">
                 {% for b in mfa_backends %}
                     <div class="row" style="padding-top: 10px">
-                        <li class="col-sm-6" style="font-size: 14px">{{ b.display_name }}
-                            {{ b.enable }}</li>
+                        <li class="col-sm-6" style="font-size: 14px">
+                            {{ b.display_name }}
+                        </li>
                         <span class="col-sm-6">
                         {% if b.is_active %}
                             <button class="btn btn-warning btn-xs" style="float: right"

From cd46c8c78e199781156b693461aee5277af97e98 Mon Sep 17 00:00:00 2001
From: ibuler <ibuler@qq.com>
Date: Tue, 15 Mar 2022 15:58:08 +0800
Subject: [PATCH 11/17] =?UTF-8?q?perf:=20=E5=8F=91=E9=80=81=E9=AA=8C?=
 =?UTF-8?q?=E8=AF=81=E7=A0=81=EF=BC=8C=E4=B8=8D=E5=86=8D=E6=8F=90=E7=A4=BA?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 apps/templates/_mfa_login_field.html | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/apps/templates/_mfa_login_field.html b/apps/templates/_mfa_login_field.html
index d73df5499..29c3ea17b 100644
--- a/apps/templates/_mfa_login_field.html
+++ b/apps/templates/_mfa_login_field.html
@@ -121,7 +121,8 @@
             url: url,
             method: "POST",
             body: JSON.stringify(data),
-            success: onSuccess
+            success: onSuccess,
+            flash_message: false
         })
     }
 </script>

From b25ec559bbef6e2577040667f2c6b1d40516caa3 Mon Sep 17 00:00:00 2001
From: "Jiangjie.Bai" <bugatti_it@163.com>
Date: Tue, 15 Mar 2022 19:15:25 +0800
Subject: [PATCH 12/17] =?UTF-8?q?fix:=20=E4=BF=AE=E5=A4=8D=E7=BF=BB?=
 =?UTF-8?q?=E8=AF=91/=E6=9D=83=E9=99=90=E8=AE=BE=E7=BD=AE?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 apps/audits/api.py                   |  3 ++
 apps/locale/zh/LC_MESSAGES/django.mo |  4 +--
 apps/locale/zh/LC_MESSAGES/django.po | 45 +++++++++++++++++-----------
 apps/ops/test_utils.py               |  1 -
 apps/terminal/models/terminal.py     |  2 +-
 5 files changed, 33 insertions(+), 22 deletions(-)

diff --git a/apps/audits/api.py b/apps/audits/api.py
index 9a023e3dd..d57682ee3 100644
--- a/apps/audits/api.py
+++ b/apps/audits/api.py
@@ -131,6 +131,9 @@ class CommandExecutionHostRelationViewSet(OrgRelationMixin, OrgBulkModelViewSet)
     ]
     search_fields = ('asset__hostname', )
     http_method_names = ['options', 'get']
+    rbac_perms = {
+        'GET': 'audits.view_commandexecution'
+    }
 
     def get_queryset(self):
         queryset = super().get_queryset()
diff --git a/apps/locale/zh/LC_MESSAGES/django.mo b/apps/locale/zh/LC_MESSAGES/django.mo
index 2eaac4eff..88d28c800 100644
--- a/apps/locale/zh/LC_MESSAGES/django.mo
+++ b/apps/locale/zh/LC_MESSAGES/django.mo
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:675f93d2cc6b2049fdafc7f6b70edb8f73bbe132de9b91e98f2ec7acb2e89620
-size 104134
+oid sha256:c46cf13d1d3dfe5193590605f8f0e6b552334bcb1ebef1d9ddb31ed32f88ea93
+size 104181
diff --git a/apps/locale/zh/LC_MESSAGES/django.po b/apps/locale/zh/LC_MESSAGES/django.po
index fb87ca863..16e07f4f1 100644
--- a/apps/locale/zh/LC_MESSAGES/django.po
+++ b/apps/locale/zh/LC_MESSAGES/django.po
@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: JumpServer 0.3.3\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2022-03-14 15:58+0800\n"
+"POT-Creation-Date: 2022-03-15 16:44+0800\n"
 "PO-Revision-Date: 2021-05-20 10:54+0800\n"
 "Last-Translator: ibuler <ibuler@qq.com>\n"
 "Language-Team: JumpServer team<ibuler@qq.com>\n"
@@ -305,10 +305,16 @@ msgstr "版本"
 msgid "Application account"
 msgstr "应用账号"
 
-#: applications/models/account.py:26 applications/models/account.py:27
+#: applications/models/account.py:26
 msgid "Can view application account secret"
 msgstr "可以查看应用账号密码"
 
+#: applications/models/account.py:27
+#, fuzzy
+#| msgid "Can view application account secret"
+msgid "Can change application account secret"
+msgstr "可以查看应用账号密码"
+
 #: applications/models/application.py:204
 #: applications/serializers/application.py:99 assets/models/label.py:21
 #: perms/models/application_permission.py:21
@@ -2679,7 +2685,7 @@ msgstr "站内信"
 msgid "Waiting task start"
 msgstr "等待任务开始"
 
-#: ops/api/command.py:61
+#: ops/api/command.py:56
 msgid "Not has host {} permission"
 msgstr "没有该主机 {} 权限"
 
@@ -2767,7 +2773,7 @@ msgstr "创建者"
 
 #: ops/models/adhoc.py:243
 msgid "AdHoc"
-msgstr ""
+msgstr "任务各版本"
 
 #: ops/models/adhoc.py:252
 msgid "Task display"
@@ -2800,7 +2806,7 @@ msgstr "汇总"
 
 #: ops/models/adhoc.py:339
 msgid "AdHoc execution"
-msgstr "命令执行"
+msgstr "任务执行历史"
 
 #: ops/models/command.py:32
 msgid "Date finished"
@@ -2874,7 +2880,7 @@ msgstr "当前组织 ({}) 不能被删除"
 msgid "The organization have resource ({}) cannot be deleted"
 msgstr "组织存在资源 ({}) 不能被删除"
 
-#: orgs/apps.py:7 rbac/tree.py:112
+#: orgs/apps.py:7 rbac/tree.py:111
 msgid "App organizations"
 msgstr "组织管理"
 
@@ -2917,11 +2923,11 @@ msgstr "可以查看授权给用户的应用"
 msgid "Permed application"
 msgstr "授权的应用"
 
-#: perms/models/application_permission.py:117
+#: perms/models/application_permission.py:116
 msgid "Can view user apps"
 msgstr "可以查看用户授权的应用"
 
-#: perms/models/application_permission.py:118
+#: perms/models/application_permission.py:117
 msgid "Can view usergroup apps"
 msgstr "可以查看用户组授权的应用"
 
@@ -2950,14 +2956,10 @@ msgid "Can view my assets"
 msgstr "可以查看我的资产"
 
 #: perms/models/asset_permission.py:188
-msgid "Can connect my assets"
-msgstr "可以连接我的资产"
-
-#: perms/models/asset_permission.py:189
 msgid "Can view user assets"
 msgstr "可以查看用户授权的资产"
 
-#: perms/models/asset_permission.py:190
+#: perms/models/asset_permission.py:189
 msgid "Can view usergroup assets"
 msgstr "可以查看用户组授权的资产"
 
@@ -3173,7 +3175,7 @@ msgstr "Web终端"
 msgid "Can view file manager"
 msgstr "文件管理"
 
-#: rbac/models/permission.py:22
+#: rbac/models/permission.py:26
 msgid "Permission"
 msgstr "授权"
 
@@ -3299,11 +3301,11 @@ msgstr "我的资产"
 msgid "My apps"
 msgstr "我的应用"
 
-#: rbac/tree.py:113
+#: rbac/tree.py:112
 msgid "Ticket comment"
 msgstr "工单评论"
 
-#: rbac/tree.py:114
+#: rbac/tree.py:113
 msgid "Common setting"
 msgstr "一般设置"
 
@@ -4962,6 +4964,10 @@ msgstr "HTTP端口"
 msgid "Terminal"
 msgstr "终端"
 
+#: terminal/models/terminal.py:185
+msgid "Can view terminal config"
+msgstr "可以查看终端配置"
+
 #: terminal/notifications.py:22
 msgid "Sessions"
 msgstr "会话管理"
@@ -6799,11 +6805,11 @@ msgstr "退出页面logo"
 msgid "Interface setting"
 msgstr "界面设置"
 
-#: xpack/plugins/license/api.py:41
+#: xpack/plugins/license/api.py:43
 msgid "License import successfully"
 msgstr "许可证导入成功"
 
-#: xpack/plugins/license/api.py:42
+#: xpack/plugins/license/api.py:44
 msgid "License is invalid"
 msgstr "无效的许可证"
 
@@ -6827,6 +6833,9 @@ msgstr "旗舰版"
 msgid "Community edition"
 msgstr "社区版"
 
+#~ msgid "Can connect my assets"
+#~ msgstr "可以连接我的资产"
+
 #~ msgid "Can view dashboard"
 #~ msgstr "仪表盘"
 
diff --git a/apps/ops/test_utils.py b/apps/ops/test_utils.py
index 5e5905519..96190dee0 100644
--- a/apps/ops/test_utils.py
+++ b/apps/ops/test_utils.py
@@ -6,7 +6,6 @@ import os
 from django.test import TestCase
 
 from ops.models import Task, AdHoc
-from ops.utils import run_adhoc_object
 
 
 class TestRunAdHoc(TestCase):
diff --git a/apps/terminal/models/terminal.py b/apps/terminal/models/terminal.py
index 8578ab599..b5a753c96 100644
--- a/apps/terminal/models/terminal.py
+++ b/apps/terminal/models/terminal.py
@@ -182,6 +182,6 @@ class Terminal(StorageMixin, TerminalStatusMixin, models.Model):
         db_table = "terminal"
         verbose_name = _("Terminal")
         permissions = (
-            ('view_terminalconfig', 'Can view terminal config'),
+            ('view_terminalconfig', _('Can view terminal config')),
         )
 

From c4280d259ab204af175812bc269e493cc27cccc5 Mon Sep 17 00:00:00 2001
From: "Jiangjie.Bai" <bugatti_it@163.com>
Date: Tue, 15 Mar 2022 19:17:29 +0800
Subject: [PATCH 13/17] =?UTF-8?q?fix:=20=E4=BF=AE=E5=A4=8D=E7=BF=BB?=
 =?UTF-8?q?=E8=AF=91/=E6=9D=83=E9=99=90=E8=AE=BE=E7=BD=AE?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 apps/locale/zh/LC_MESSAGES/django.po | 2 --
 1 file changed, 2 deletions(-)

diff --git a/apps/locale/zh/LC_MESSAGES/django.po b/apps/locale/zh/LC_MESSAGES/django.po
index 16e07f4f1..d22586758 100644
--- a/apps/locale/zh/LC_MESSAGES/django.po
+++ b/apps/locale/zh/LC_MESSAGES/django.po
@@ -310,8 +310,6 @@ msgid "Can view application account secret"
 msgstr "可以查看应用账号密码"
 
 #: applications/models/account.py:27
-#, fuzzy
-#| msgid "Can view application account secret"
 msgid "Can change application account secret"
 msgstr "可以查看应用账号密码"
 

From 172b492bc3a5229751e1f40ed54832a71ceae4a6 Mon Sep 17 00:00:00 2001
From: "Jiangjie.Bai" <bugatti_it@163.com>
Date: Tue, 15 Mar 2022 19:35:32 +0800
Subject: [PATCH 14/17] =?UTF-8?q?fix:=20=E4=BF=AE=E5=A4=8D=E5=AD=98?=
 =?UTF-8?q?=E5=82=A8=E6=B5=8B=E8=AF=95=E6=9D=83=E9=99=90=E4=BD=8D?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 apps/locale/zh/LC_MESSAGES/django.mo | 4 ++--
 apps/terminal/api/storage.py         | 6 ++++++
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/apps/locale/zh/LC_MESSAGES/django.mo b/apps/locale/zh/LC_MESSAGES/django.mo
index 88d28c800..a3b6deaf6 100644
--- a/apps/locale/zh/LC_MESSAGES/django.mo
+++ b/apps/locale/zh/LC_MESSAGES/django.mo
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:c46cf13d1d3dfe5193590605f8f0e6b552334bcb1ebef1d9ddb31ed32f88ea93
-size 104181
+oid sha256:fd3477eb43ff2155687120215926bb5a80a9cbd13a74c84b08e6078dcba016a2
+size 104274
diff --git a/apps/terminal/api/storage.py b/apps/terminal/api/storage.py
index f00611bb2..f6222d13a 100644
--- a/apps/terminal/api/storage.py
+++ b/apps/terminal/api/storage.py
@@ -131,7 +131,13 @@ class BaseStorageTestConnectiveMixin:
 
 class CommandStorageTestConnectiveApi(BaseStorageTestConnectiveMixin, generics.RetrieveAPIView):
     queryset = CommandStorage.objects.all()
+    rbac_perms = {
+        'retrieve': 'terminal.view_commandstorage'
+    }
 
 
 class ReplayStorageTestConnectiveApi(BaseStorageTestConnectiveMixin, generics.RetrieveAPIView):
     queryset = ReplayStorage.objects.all()
+    rbac_perms = {
+        'retrieve': 'terminal.view_replaystorage'
+    }

From aedd8ba5897d7be1b0c20501f119050cdfa5e52c Mon Sep 17 00:00:00 2001
From: "Jiangjie.Bai" <bugatti_it@163.com>
Date: Tue, 15 Mar 2022 19:47:27 +0800
Subject: [PATCH 15/17] =?UTF-8?q?fix:=20=E4=BF=AE=E5=A4=8D=E6=9F=A5?=
 =?UTF-8?q?=E7=9C=8B=E6=88=91=E7=9A=84=E5=BA=94=E7=94=A8=E7=BF=BB=E8=AF=91?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 apps/locale/zh/LC_MESSAGES/django.mo        |  4 ++--
 apps/locale/zh/LC_MESSAGES/django.po        | 18 +++++++++++-------
 apps/perms/models/application_permission.py |  2 +-
 3 files changed, 14 insertions(+), 10 deletions(-)

diff --git a/apps/locale/zh/LC_MESSAGES/django.mo b/apps/locale/zh/LC_MESSAGES/django.mo
index a3b6deaf6..72474d430 100644
--- a/apps/locale/zh/LC_MESSAGES/django.mo
+++ b/apps/locale/zh/LC_MESSAGES/django.mo
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:fd3477eb43ff2155687120215926bb5a80a9cbd13a74c84b08e6078dcba016a2
-size 104274
+oid sha256:a8c1155ea28b70a0eb06aa39ab6ae04619cd30d02f59698fadaa6068d91a7900
+size 104348
diff --git a/apps/locale/zh/LC_MESSAGES/django.po b/apps/locale/zh/LC_MESSAGES/django.po
index d22586758..a0c2964c4 100644
--- a/apps/locale/zh/LC_MESSAGES/django.po
+++ b/apps/locale/zh/LC_MESSAGES/django.po
@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: JumpServer 0.3.3\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2022-03-15 16:44+0800\n"
+"POT-Creation-Date: 2022-03-15 19:46+0800\n"
 "PO-Revision-Date: 2021-05-20 10:54+0800\n"
 "Last-Translator: ibuler <ibuler@qq.com>\n"
 "Language-Team: JumpServer team<ibuler@qq.com>\n"
@@ -1383,7 +1383,7 @@ msgstr "日志审计"
 
 #: audits/models.py:27 audits/models.py:57
 #: authentication/templates/authentication/_access_key_modal.html:65
-#: rbac/tree.py:273 users/templates/users/user_asset_permission.html:128
+#: rbac/tree.py:158 users/templates/users/user_asset_permission.html:128
 #: users/templates/users/user_database_app_permission.html:111
 msgid "Delete"
 msgstr "删除"
@@ -1437,11 +1437,11 @@ msgstr "文件管理"
 
 #: audits/models.py:55
 #: authentication/templates/authentication/_access_key_modal.html:22
-#: rbac/tree.py:270
+#: rbac/tree.py:155
 msgid "Create"
 msgstr "创建"
 
-#: audits/models.py:56 rbac/tree.py:272 templates/_csv_import_export.html:18
+#: audits/models.py:56 rbac/tree.py:157 templates/_csv_import_export.html:18
 #: templates/_csv_update_modal.html:6
 #: users/templates/users/user_asset_permission.html:127
 #: users/templates/users/user_database_app_permission.html:110
@@ -2121,7 +2121,7 @@ msgstr "显示"
 
 #: authentication/templates/authentication/_access_key_modal.html:66
 #: settings/serializers/security.py:39 users/models/user.py:469
-#: users/serializers/profile.py:111 users/templates/users/mfa_setting.html:60
+#: users/serializers/profile.py:111 users/templates/users/mfa_setting.html:61
 #: users/templates/users/user_verify_mfa.html:36
 msgid "Disable"
 msgstr "禁用"
@@ -2129,7 +2129,7 @@ msgstr "禁用"
 #: authentication/templates/authentication/_access_key_modal.html:67
 #: users/models/user.py:470 users/serializers/profile.py:112
 #: users/templates/users/mfa_setting.html:26
-#: users/templates/users/mfa_setting.html:67
+#: users/templates/users/mfa_setting.html:68
 msgid "Enable"
 msgstr "启用"
 
@@ -2921,6 +2921,10 @@ msgstr "可以查看授权给用户的应用"
 msgid "Permed application"
 msgstr "授权的应用"
 
+#: perms/models/application_permission.py:115
+msgid "Can view my apps"
+msgstr "可以查看我的应用"
+
 #: perms/models/application_permission.py:116
 msgid "Can view user apps"
 msgstr "可以查看用户授权的应用"
@@ -3307,7 +3311,7 @@ msgstr "工单评论"
 msgid "Common setting"
 msgstr "一般设置"
 
-#: rbac/tree.py:271
+#: rbac/tree.py:156
 msgid "View"
 msgstr "查看"
 
diff --git a/apps/perms/models/application_permission.py b/apps/perms/models/application_permission.py
index d5d02faee..7cefec448 100644
--- a/apps/perms/models/application_permission.py
+++ b/apps/perms/models/application_permission.py
@@ -112,7 +112,7 @@ class PermedApplication(Application):
         verbose_name = _('Permed application')
         default_permissions = []
         permissions = [
-            ('view_myapps', 'Can view my apps'),
+            ('view_myapps', _('Can view my apps')),
             ('view_userapps', _('Can view user apps')),
             ('view_usergroupapps', _('Can view usergroup apps')),
         ]

From 4bfa88f01f7fdf2f42745573406a9740be2b6c11 Mon Sep 17 00:00:00 2001
From: ibuler <ibuler@qq.com>
Date: Tue, 15 Mar 2022 20:02:08 +0800
Subject: [PATCH 16/17] =?UTF-8?q?perf:=20=E4=BF=AE=E6=94=B9=20app=20tree?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 apps/applications/const.py              | 23 ++++++++++++++++++++---
 apps/applications/models/application.py |  7 +++++++
 2 files changed, 27 insertions(+), 3 deletions(-)

diff --git a/apps/applications/const.py b/apps/applications/const.py
index 76fc51e33..8436f3ebd 100644
--- a/apps/applications/const.py
+++ b/apps/applications/const.py
@@ -13,13 +13,17 @@ class AppCategory(models.TextChoices):
     def get_label(cls, category):
         return dict(cls.choices).get(category, '')
 
+    @classmethod
+    def is_xpack(cls, category):
+        return category in ['remote_app']
+
 
 class AppType(models.TextChoices):
     # db category
     mysql = 'mysql', 'MySQL'
+    mariadb = 'mariadb', 'MariaDB'
     oracle = 'oracle', 'Oracle'
     pgsql = 'postgresql', 'PostgreSQL'
-    mariadb = 'mariadb', 'MariaDB'
     sqlserver = 'sqlserver', 'SQLServer'
     redis = 'redis', 'Redis'
     mongodb = 'mongodb', 'MongoDB'
@@ -37,9 +41,13 @@ class AppType(models.TextChoices):
     def category_types_mapper(cls):
         return {
             AppCategory.db: [
-                cls.mysql, cls.oracle, cls.pgsql, cls.mariadb, cls.sqlserver, cls.redis, cls.mongodb
+                cls.mysql, cls.oracle, cls.pgsql, cls.mariadb,
+                cls.sqlserver, cls.redis, cls.mongodb
+            ],
+            AppCategory.remote_app: [
+                cls.chrome, cls.mysql_workbench,
+                cls.vmware_client, cls.custom
             ],
-            AppCategory.remote_app: [cls.chrome, cls.mysql_workbench, cls.vmware_client, cls.custom],
             AppCategory.cloud: [cls.k8s]
         }
 
@@ -66,3 +74,12 @@ class AppType(models.TextChoices):
     @classmethod
     def cloud_types(cls):
         return [tp.value for tp in cls.category_types_mapper()[AppCategory.cloud]]
+
+    @classmethod
+    def is_xpack(cls, tp):
+        tp_category_mapper = cls.type_category_mapper()
+        category = tp_category_mapper[tp]
+
+        if AppCategory.is_xpack(category):
+            return True
+        return tp in ['oracle', 'postgresql', 'sqlserver']
diff --git a/apps/applications/models/application.py b/apps/applications/models/application.py
index 467a5de39..fa8125887 100644
--- a/apps/applications/models/application.py
+++ b/apps/applications/models/application.py
@@ -3,6 +3,7 @@ from urllib.parse import urlencode, parse_qsl
 
 from django.db import models
 from django.utils.translation import ugettext_lazy as _
+from django.conf import settings
 
 from orgs.mixins.models import OrgModelMixin
 from common.mixins import CommonModelMixin
@@ -79,6 +80,8 @@ class ApplicationTreeNodeMixin:
         nodes = []
         categories = const.AppType.category_types_mapper().keys()
         for category in categories:
+            if not settings.XPACK_ENABLED and const.AppCategory.is_xpack(category):
+                continue
             i = cls.create_tree_id(pid, 'category', category.value)
             node = cls.create_choice_node(
                 category, i, pid=pid, tp='category',
@@ -97,6 +100,8 @@ class ApplicationTreeNodeMixin:
         type_category_mapper = const.AppType.type_category_mapper()
         types = const.AppType.type_category_mapper().keys()
         for tp in types:
+            if not settings.XPACK_ENABLED and const.AppType.is_xpack(tp):
+                continue
             category = type_category_mapper.get(tp)
             pid = cls.create_tree_id(pid, 'category', category.value)
             i = cls.create_tree_id(pid, 'type', tp.value)
@@ -155,6 +160,8 @@ class ApplicationTreeNodeMixin:
 
         # 应用的节点
         for app in queryset:
+            if not settings.XPACK_ENABLED and const.AppType.is_xpack(app.type):
+                continue
             node = app.as_tree_node(root_node.id)
             tree_nodes.append(node)
         return tree_nodes

From d320443c9fe2291a51b5099d9b0293910f539a60 Mon Sep 17 00:00:00 2001
From: "Jiangjie.Bai" <bugatti_it@163.com>
Date: Tue, 15 Mar 2022 20:23:22 +0800
Subject: [PATCH 17/17] =?UTF-8?q?fix:=20=E5=8E=BB=E9=99=A4change=5Fsetting?=
 =?UTF-8?q?=E6=9D=83=E9=99=90=E4=BD=8D?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 apps/rbac/const.py               | 2 +-
 apps/rbac/tree.py                | 1 -
 apps/settings/api/alibaba_sms.py | 2 +-
 apps/settings/api/email.py       | 2 +-
 apps/settings/api/feishu.py      | 2 +-
 apps/settings/api/tencent_sms.py | 2 +-
 apps/settings/api/wecom.py       | 2 +-
 7 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/apps/rbac/const.py b/apps/rbac/const.py
index a5a390306..d7f58e841 100644
--- a/apps/rbac/const.py
+++ b/apps/rbac/const.py
@@ -55,7 +55,7 @@ exclude_permissions = (
     ('ops', 'task', 'add,change', 'task'),
     ('ops', 'commandexecution', 'delete,change', 'commandexecution'),
     ('orgs', 'organizationmember', '*', '*'),
-    ('settings', 'setting', 'add,delete', 'setting'),
+    ('settings', 'setting', 'add,change,delete', 'setting'),
     ('audits', 'operatelog', 'add,delete,change', 'operatelog'),
     ('audits', 'passwordchangelog', 'add,change,delete', 'passwordchangelog'),
     ('audits', 'userloginlog', 'add,change,delete,change', 'userloginlog'),
diff --git a/apps/rbac/tree.py b/apps/rbac/tree.py
index 6a40365f5..ee742d865 100644
--- a/apps/rbac/tree.py
+++ b/apps/rbac/tree.py
@@ -99,7 +99,6 @@ special_pid_mapper = {
     "xpack.interface": "view_setting",
     "settings.change_terminal": "terminal_node",
     "settings.view_setting": "view_setting",
-    "settings.change_setting": "view_setting",
     "rbac.view_console": "view_console",
     "rbac.view_audit": "view_audit",
     "rbac.view_workspace": "view_workspace",
diff --git a/apps/settings/api/alibaba_sms.py b/apps/settings/api/alibaba_sms.py
index b00487d51..8240ba0e0 100644
--- a/apps/settings/api/alibaba_sms.py
+++ b/apps/settings/api/alibaba_sms.py
@@ -14,7 +14,7 @@ from .. import serializers
 class AlibabaSMSTestingAPI(GenericAPIView):
     serializer_class = serializers.AlibabaSMSSettingSerializer
     rbac_perms = {
-        'POST': 'settings.change_setting'
+        'POST': 'settings.change_sms'
     }
 
     def post(self, request):
diff --git a/apps/settings/api/email.py b/apps/settings/api/email.py
index 78a406b24..495e4a15c 100644
--- a/apps/settings/api/email.py
+++ b/apps/settings/api/email.py
@@ -19,7 +19,7 @@ class MailTestingAPI(APIView):
     serializer_class = serializers.MailTestSerializer
     success_message = _("Test mail sent to {}, please check")
     rbac_perms = {
-        'POST': 'settings.change_setting'
+        'POST': 'settings.change_email'
     }
 
     def post(self, request):
diff --git a/apps/settings/api/feishu.py b/apps/settings/api/feishu.py
index 07d1d4ebd..ed3b51f9e 100644
--- a/apps/settings/api/feishu.py
+++ b/apps/settings/api/feishu.py
@@ -13,7 +13,7 @@ from .. import serializers
 class FeiShuTestingAPI(GenericAPIView):
     serializer_class = serializers.FeiShuSettingSerializer
     rbac_perms = {
-        'POST': 'settings.change_setting'
+        'POST': 'settings.change_auth'
     }
 
     def post(self, request):
diff --git a/apps/settings/api/tencent_sms.py b/apps/settings/api/tencent_sms.py
index 7b3d41061..83a87a474 100644
--- a/apps/settings/api/tencent_sms.py
+++ b/apps/settings/api/tencent_sms.py
@@ -16,7 +16,7 @@ from .. import serializers
 class TencentSMSTestingAPI(GenericAPIView):
     serializer_class = serializers.TencentSMSSettingSerializer
     rbac_perms = {
-        'POST': 'settings.change_setting'
+        'POST': 'settings.change_sms'
     }
 
     def post(self, request):
diff --git a/apps/settings/api/wecom.py b/apps/settings/api/wecom.py
index 622fde923..7fb4a0aed 100644
--- a/apps/settings/api/wecom.py
+++ b/apps/settings/api/wecom.py
@@ -13,7 +13,7 @@ from .. import serializers
 class WeComTestingAPI(GenericAPIView):
     serializer_class = serializers.WeComSettingSerializer
     rbac_perms = {
-        'POST': 'settings.change_setting'
+        'POST': 'settings.change_auth'
     }
 
     def post(self, request):