perf: 改密推送可以对自己操作同时设置su_enabled 可提权 (#10349)

Co-authored-by: feng <1304903146@qq.com>
2025-09-18 08:20:51 +00:00 · 2023-04-26 18:50:30 +08:00
parent 9eec2909ed
commit 58d055f114
3 changed files with 17 additions and 4 deletions
--- a/apps/accounts/automations/change_secret/manager.py
+++ b/apps/accounts/automations/change_secret/manager.py
@@ -72,14 +72,14 @@ class ChangeSecretManager(AccountBasePlaybookManager):
            return []

        asset = privilege_account.asset
-        accounts = asset.accounts.exclude(username=privilege_account.username)
+        accounts = asset.accounts.all()
        accounts = accounts.filter(id__in=self.account_ids)
        if self.secret_type:
            accounts = accounts.filter(secret_type=self.secret_type)

        if settings.CHANGE_AUTH_PLAN_SECURE_MODE_ENABLED:
            accounts = accounts.filter(privileged=False).exclude(
-                username__in=['root', 'administrator']
+                username__in=['root', 'administrator', privilege_account.username]
            )
        return accounts