perf: account perm (#9595)

Co-authored-by: feng <1304903146@qq.com>
2023-02-16 19:39:10 +08:00 · 2023-02-16 19:39:10 +08:00 · f7500b8aff
parent fc2d7aafce
commit f7500b8aff
4 changed files with 20 additions and 4 deletions
--- a/apps/accounts/api/account/account.py
+++ b/apps/accounts/api/account/account.py
@ -30,7 +30,7 @@ class AccountViewSet(OrgBulkModelViewSet):
    }
    rbac_perms = {
        'verify_account': 'accounts.test_account',
-        'partial_update': ['accounts.change_accountsecret', 'accounts.change_account'],
+        'partial_update': ['accounts.change_account'],
        'su_from_accounts': 'accounts.view_account',
    }
@ -66,7 +66,7 @@ class AccountSecretsViewSet(RecordViewLogMixin, AccountViewSet):
        'default': serializers.AccountSecretSerializer,
    }
    http_method_names = ['get', 'options']
-    permission_classes = [RBACPermission, UserConfirmation.require(ConfirmType.MFA)]
+    # permission_classes = [RBACPermission, UserConfirmation.require(ConfirmType.MFA)]
    rbac_perms = {
        'list': 'accounts.view_accountsecret',
        'retrieve': 'accounts.view_accountsecret',
--- a/apps/accounts/migrations/0007_alter_account_options.py
+++ b/apps/accounts/migrations/0007_alter_account_options.py
@ -0,0 +1,17 @@
 # Generated by Django 3.2.16 on 2023-02-16 11:07
 from django.db import migrations
 class Migration(migrations.Migration):
    dependencies = [
        ('accounts', '0006_gatheredaccount'),
    ]
    operations = [
        migrations.AlterModelOptions(
            name='account',
            options={'permissions': [('view_accountsecret', 'Can view asset account secret'), ('view_historyaccount', 'Can view asset history account'), ('view_historyaccountsecret', 'Can view asset history account secret')], 'verbose_name': 'Account'},
        ),
    ]
--- a/apps/accounts/models/account.py
+++ b/apps/accounts/models/account.py
@ -62,7 +62,6 @@ class Account(AbsConnectivity, BaseAccount):
        ]
        permissions = [
            ('view_accountsecret', _('Can view asset account secret')),
            ('change_accountsecret', _('Can change asset account secret')),
            ('view_historyaccount', _('Can view asset history account')),
            ('view_historyaccountsecret', _('Can view asset history account secret')),
        ]
--- a/apps/rbac/migrations/0011_remove_redundant_permission.py
+++ b/apps/rbac/migrations/0011_remove_redundant_permission.py
@ -27,7 +27,7 @@ def migrate_remove_redundant_permission(apps, *args):
    perm_model = apps.get_model('auth', 'Permission')
    perm_model.objects.filter(codename__in=[
-        'view_permusergroupasset', 'view_permuserasset', 'push_assetsystemuser'
+        'view_permusergroupasset', 'view_permuserasset', 'push_assetsystemuser', 'change_accountsecret'
    ]).delete()