perf: report perm

apps/rbac/builtin.py

@@ -37,6 +37,12 @@ system_user_perms += (user_perms + _view_all_joined_org_perms)
 
 _auditor_perms = (
     ('rbac', 'menupermission', 'view', 'audit'),
+    ('rbac', 'menupermission', 'view', 'userloginreport'),
+    ('rbac', 'menupermission', 'view', 'userchangepasswordreport'),
+    ('rbac', 'menupermission', 'view', 'assetstatisticsreport'),
+    ('rbac', 'menupermission', 'view', 'assetactivityreport'),
+    ('rbac', 'menupermission', 'view', 'accountstatisticsreport'),
+    ('rbac', 'menupermission', 'view', 'accountautomationreport'),
     ('assets', 'asset', 'view', 'asset'),
     ('users', 'user', 'view', 'user'),
     ('audits', '*', '*', '*'),

apps/rbac/migrations/0001_initial.py

@@ -32,7 +32,13 @@ class Migration(migrations.Migration):
                     ('view_workbench', 'Can view workbench view'),
                     ('view_webterminal', 'Can view web terminal'),
                     ('view_filemanager', 'Can view file manager'),
-                    ('view_systemtools', 'Can view System Tools')
+                    ('view_systemtools', 'Can view System Tools'),
+                    ('view_userloginreport', 'Can view user login report'),
+                    ('view_userchangepasswordreport', 'Can view user change password report'),
+                    ('view_assetstatisticsreport', 'Can view asset statistics report'),
+                    ('view_assetactivityreport', 'Can view asset activity report'),
+                    ('view_accountstatisticsreport', 'Can view account statistics report'),
+                    ('view_accountautomationreport', 'Can view account automation report')
                 ],
                 'default_permissions': [],
             },

apps/rbac/models/menu.py

@@ -19,4 +19,10 @@ class MenuPermission(models.Model):
             ('view_webterminal', _('Can view web terminal')),
             ('view_filemanager', _('Can view file manager')),
             ('view_systemtools', _('Can view System Tools')),
+            ('view_userloginreport', _('Can view user login report')),
+            ('view_userchangepasswordreport', _('Can view user change password report')),
+            ('view_assetstatisticsreport', _('Can view asset statistics report')),
+            ('view_assetactivityreport', _('Can view asset activity report')),
+            ('view_accountstatisticsreport', _('Can view account statistics report')),
+            ('view_accountautomationreport', _('Can view account automation report')),
         ]

apps/rbac/tree.py

@@ -68,6 +68,7 @@ extra_nodes_data = [
     {'id': "license", "name": _("License"), "pId": "view_setting"},
     {'id': "other", "name": _("Other"), "pId": "view_setting"},
     {'id': "job_audit", "name": _("Job audit"), "pId": "view_audit"},
+    {'id': "report_node", "name": _("Report"), "pId": "view_audit"},
 ]
 
 # 将 model 放到其它节点下，而不是本来的 app 中
@@ -118,6 +119,7 @@ special_pid_mapper = {
     'ops.jobexecution': 'operation_center',
     "rbac.view_console": "view_console",
     "rbac.view_audit": "view_audit",
+    "report_node": "view_audit",
     "rbac.view_pam": "view_pam",
     'audits.usersession': 'view_audit',
     "rbac.view_workbench": "view_workbench",
@@ -129,6 +131,12 @@ special_pid_mapper = {
 }
 
 special_setting_pid_mapper = {
+    "rbac.view_userloginreport": "report_node",
+    "rbac.view_userchangepasswordreport": "report_node",
+    "rbac.view_assetstatisticsreport": "report_node",
+    "rbac.view_assetactivityreport": "report_node",
+    "rbac.view_accountstatisticsreport": "report_node",
+    "rbac.view_accountautomationreport": "report_node",
     "settings.change_email": "notifications",
     "settings.change_sms": "notifications",
     "settings.change_systemmsgsubscription": "notifications",

apps/reports/api/accouts/account.py

@@ -22,7 +22,7 @@ __all__ = ['AccountStatisticApi']
 class AccountStatisticApi(DateRangeMixin, APIView):
     http_method_names = ['get']
     rbac_perms = {
-        'GET': 'accounts.view_account',
+        'GET': 'rbac.view_accountstatisticsreport',
     }
     permission_classes = [RBACPermission, IsValidLicense]
 

apps/reports/api/accouts/automation.py

@@ -20,7 +20,7 @@ __all__ = ['AccountAutomationApi']
 class AccountAutomationApi(DateRangeMixin, APIView):
     http_method_names = ['get']
     rbac_perms = {
-        'GET': 'accounts.view_account',
+        'GET': 'rbac.view_accountautomationreport',
     }
     permission_classes = [RBACPermission, IsValidLicense]
 

apps/reports/api/assets/activity.py

@@ -22,7 +22,7 @@ __all__ = ['AssetActivityApi']
 class AssetActivityApi(DateRangeMixin, APIView):
     http_method_names = ['get']
     rbac_perms = {
-        'GET': 'terminal.view_session',
+        'GET': 'rbac.view_assetactivityreport',
     }
     permission_classes = [RBACPermission, IsValidLicense]
 

apps/reports/api/assets/asset.py

@@ -19,7 +19,7 @@ __all__ = ['AssetStatisticApi']
 class AssetStatisticApi(DateRangeMixin, APIView):
     http_method_names = ['get']
     rbac_perms = {
-        'GET': 'assets.view_asset',
+        'GET': 'rbac.view_assetstatisticsreport',
     }
     permission_classes = [RBACPermission, IsValidLicense]
 

apps/reports/api/users/change_password.py

@@ -20,7 +20,7 @@ logger = get_logger(__file__)
 class UserChangeSecretApi(DateRangeMixin, APIView):
     http_method_names = ['get']
     rbac_perms = {
-        'GET': 'audits.view_passwordchangelog',
+        'GET': 'rbac.view_userchangepasswordreport',
     }
     permission_classes = [RBACPermission, IsValidLicense]
 

apps/reports/api/users/user.py

@@ -22,7 +22,7 @@ __all__ = ['UserReportApi']
 class UserReportApi(DateRangeMixin, APIView):
     http_method_names = ['get']
     rbac_perms = {
-        'GET': 'users.view_user',
+        'GET': 'rbac.view_userloginreport',
     }
     permission_classes = [RBACPermission, IsValidLicense]