From f7500b8aff13c25bc2ca657581ec370df36b462f Mon Sep 17 00:00:00 2001
From: fit2bot <68588906+fit2bot@users.noreply.github.com>
Date: Thu, 16 Feb 2023 19:39:10 +0800
Subject: [PATCH] perf: account perm (#9595)

Co-authored-by: feng <1304903146@qq.com>
---
 apps/accounts/api/account/account.py            |  4 ++--
 .../migrations/0007_alter_account_options.py    | 17 +++++++++++++++++
 apps/accounts/models/account.py                 |  1 -
 .../0011_remove_redundant_permission.py         |  2 +-
 4 files changed, 20 insertions(+), 4 deletions(-)
 create mode 100644 apps/accounts/migrations/0007_alter_account_options.py

diff --git a/apps/accounts/api/account/account.py b/apps/accounts/api/account/account.py
index cf2a4a4a0..d03484b69 100644
--- a/apps/accounts/api/account/account.py
+++ b/apps/accounts/api/account/account.py
@@ -30,7 +30,7 @@ class AccountViewSet(OrgBulkModelViewSet):
     }
     rbac_perms = {
         'verify_account': 'accounts.test_account',
-        'partial_update': ['accounts.change_accountsecret', 'accounts.change_account'],
+        'partial_update': ['accounts.change_account'],
         'su_from_accounts': 'accounts.view_account',
     }
 
@@ -66,7 +66,7 @@ class AccountSecretsViewSet(RecordViewLogMixin, AccountViewSet):
         'default': serializers.AccountSecretSerializer,
     }
     http_method_names = ['get', 'options']
-    permission_classes = [RBACPermission, UserConfirmation.require(ConfirmType.MFA)]
+    # permission_classes = [RBACPermission, UserConfirmation.require(ConfirmType.MFA)]
     rbac_perms = {
         'list': 'accounts.view_accountsecret',
         'retrieve': 'accounts.view_accountsecret',
diff --git a/apps/accounts/migrations/0007_alter_account_options.py b/apps/accounts/migrations/0007_alter_account_options.py
new file mode 100644
index 000000000..73193e9a4
--- /dev/null
+++ b/apps/accounts/migrations/0007_alter_account_options.py
@@ -0,0 +1,17 @@
+# Generated by Django 3.2.16 on 2023-02-16 11:07
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('accounts', '0006_gatheredaccount'),
+    ]
+
+    operations = [
+        migrations.AlterModelOptions(
+            name='account',
+            options={'permissions': [('view_accountsecret', 'Can view asset account secret'), ('view_historyaccount', 'Can view asset history account'), ('view_historyaccountsecret', 'Can view asset history account secret')], 'verbose_name': 'Account'},
+        ),
+    ]
diff --git a/apps/accounts/models/account.py b/apps/accounts/models/account.py
index 0b38d696b..ed5fb72fa 100644
--- a/apps/accounts/models/account.py
+++ b/apps/accounts/models/account.py
@@ -62,7 +62,6 @@ class Account(AbsConnectivity, BaseAccount):
         ]
         permissions = [
             ('view_accountsecret', _('Can view asset account secret')),
-            ('change_accountsecret', _('Can change asset account secret')),
             ('view_historyaccount', _('Can view asset history account')),
             ('view_historyaccountsecret', _('Can view asset history account secret')),
         ]
diff --git a/apps/rbac/migrations/0011_remove_redundant_permission.py b/apps/rbac/migrations/0011_remove_redundant_permission.py
index 26b5df847..d84e86ab3 100644
--- a/apps/rbac/migrations/0011_remove_redundant_permission.py
+++ b/apps/rbac/migrations/0011_remove_redundant_permission.py
@@ -27,7 +27,7 @@ def migrate_remove_redundant_permission(apps, *args):
 
     perm_model = apps.get_model('auth', 'Permission')
     perm_model.objects.filter(codename__in=[
-        'view_permusergroupasset', 'view_permuserasset', 'push_assetsystemuser'
+        'view_permusergroupasset', 'view_permuserasset', 'push_assetsystemuser', 'change_accountsecret'
     ]).delete()