perf: account perm (#9595)

Co-authored-by: feng <1304903146@qq.com>
2023-02-16 19:39:10 +08:00 · 2023-02-16 19:39:10 +08:00 · f7500b8aff
parent fc2d7aafce
commit f7500b8aff
4 changed files with 20 additions and 4 deletions
--- a/apps/accounts/api/account/account.py
+++ b/apps/accounts/api/account/account.py
@ -30,7 +30,7 @@ class AccountViewSet(OrgBulkModelViewSet):
    }
    rbac_perms = {
        'verify_account': 'accounts.test_account',
-        'partial_update': ['accounts.change_accountsecret', 'accounts.change_account'],
+        'partial_update': ['accounts.change_account'],
        'su_from_accounts': 'accounts.view_account',
    }

@ -66,7 +66,7 @@ class AccountSecretsViewSet(RecordViewLogMixin, AccountViewSet):
        'default': serializers.AccountSecretSerializer,
    }
    http_method_names = ['get', 'options']
-    permission_classes = [RBACPermission, UserConfirmation.require(ConfirmType.MFA)]
+    # permission_classes = [RBACPermission, UserConfirmation.require(ConfirmType.MFA)]
    rbac_perms = {
        'list': 'accounts.view_accountsecret',
        'retrieve': 'accounts.view_accountsecret',
--- a/apps/accounts/migrations/0007_alter_account_options.py
+++ b/apps/accounts/migrations/0007_alter_account_options.py
@ -0,0 +1,17 @@
+# Generated by Django 3.2.16 on 2023-02-16 11:07
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('accounts', '0006_gatheredaccount'),
+    ]
+
+    operations = [
+        migrations.AlterModelOptions(
+            name='account',
+            options={'permissions': [('view_accountsecret', 'Can view asset account secret'), ('view_historyaccount', 'Can view asset history account'), ('view_historyaccountsecret', 'Can view asset history account secret')], 'verbose_name': 'Account'},
+        ),
+    ]
--- a/apps/accounts/models/account.py
+++ b/apps/accounts/models/account.py
@ -62,7 +62,6 @@ class Account(AbsConnectivity, BaseAccount):
        ]
        permissions = [
            ('view_accountsecret', _('Can view asset account secret')),
-            ('change_accountsecret', _('Can change asset account secret')),
            ('view_historyaccount', _('Can view asset history account')),
            ('view_historyaccountsecret', _('Can view asset history account secret')),
        ]
--- a/apps/rbac/migrations/0011_remove_redundant_permission.py
+++ b/apps/rbac/migrations/0011_remove_redundant_permission.py
@ -27,7 +27,7 @@ def migrate_remove_redundant_permission(apps, *args):

    perm_model = apps.get_model('auth', 'Permission')
    perm_model.objects.filter(codename__in=[
-        'view_permusergroupasset', 'view_permuserasset', 'push_assetsystemuser'
+        'view_permusergroupasset', 'view_permuserasset', 'push_assetsystemuser', 'change_accountsecret'
    ]).delete()