Merge pull request #3429 from jumpserver/dev_auth_info

[Update] 修改获取系统用户-资产-认证信息API，添加 NeedMFAVerify 权限类

apps/assets/api/system_user.py

@@ -14,11 +14,12 @@
 # limitations under the License.
 
 from django.shortcuts import get_object_or_404
+from django.conf import settings
 from rest_framework.response import Response
 
 from common.serializers import CeleryTaskSerializer
 from common.utils import get_logger
-from common.permissions import IsOrgAdmin, IsOrgAdminOrAppUser
+from common.permissions import IsOrgAdmin, IsOrgAdminOrAppUser, NeedMFAVerify
 from orgs.mixins.api import OrgBulkModelViewSet
 from orgs.mixins import generics
 from ..models import SystemUser, Asset
@@ -72,6 +73,11 @@ class SystemUserAssetAuthInfoApi(generics.RetrieveAPIView):
     permission_classes = (IsOrgAdminOrAppUser,)
     serializer_class = serializers.SystemUserAuthSerializer
 
+    def get_permissions(self):
+        if settings.CONFIG.SECURITY_VIEW_AUTH_NEED_MFA:
+            self.permission_classes = (IsOrgAdminOrAppUser, NeedMFAVerify)
+        return super().get_permissions()
+
     def get_object(self):
         instance = super().get_object()
         aid = self.kwargs.get('aid')