perf: history account secret (#9711)

Co-authored-by: feng <1304903146@qq.com>

apps/accounts/api/account/account.py

@@ -7,18 +7,16 @@ from accounts import serializers
 from accounts.filters import AccountFilterSet
 from accounts.models import Account
 from assets.models import Asset
-from authentication.const import ConfirmType
+from common.permissions import UserConfirmation, ConfirmType
-from common.permissions import UserConfirmation
 from common.views.mixins import RecordViewLogMixin
 from orgs.mixins.api import OrgBulkModelViewSet
+from rbac.permissions import RBACPermission
 
 __all__ = [
     'AccountViewSet', 'AccountSecretsViewSet',
     'AccountHistoriesSecretAPI'
 ]
 
-from rbac.permissions import RBACPermission
-
 
 class AccountViewSet(OrgBulkModelViewSet):
     model = Account
@@ -71,7 +69,7 @@ class AccountHistoriesSecretAPI(RecordViewLogMixin, ListAPIView):
     http_method_names = ['get', 'options']
     permission_classes = [RBACPermission, UserConfirmation.require(ConfirmType.MFA)]
     rbac_perms = {
-        'list': 'accounts.view_accountsecret',
+        'GET': 'accounts.view_accountsecret',
     }
 
     def get_object(self):

apps/rbac/const.py

@@ -61,6 +61,8 @@ exclude_permissions = (
     ('accounts', 'accountbackupexecution', 'delete,change', 'accountbackupexecution'),
     ('accounts', 'changesecretrecord', 'add,delete,change', 'changesecretrecord'),
     ('accounts', 'account', 'change', 'accountsecret'),
+    ('accounts', 'account', 'view', 'historyaccount'),
+    ('accounts', 'account', 'view', 'historyaccountsecret'),
 
     ('perms', 'userassetgrantedtreenoderelation', '*', '*'),
     ('perms', 'permedaccount', '*', '*'),