[Update] 修改 sytem-user-asset-auth-info API 的权限（只允许 App）访问

apps/assets/api/system_user.py

@@ -19,7 +19,7 @@ from rest_framework.response import Response
 
 from common.serializers import CeleryTaskSerializer
 from common.utils import get_logger
-from common.permissions import IsOrgAdmin, IsOrgAdminOrAppUser, NeedMFAVerify
+from common.permissions import IsOrgAdmin, IsOrgAdminOrAppUser, IsAppUser
 from orgs.mixins.api import OrgBulkModelViewSet
 from orgs.mixins import generics
 from ..models import SystemUser, Asset
@@ -70,14 +70,9 @@ class SystemUserAssetAuthInfoApi(generics.RetrieveAPIView):
     Get system user with asset auth info
     """
     model = SystemUser
-    permission_classes = (IsOrgAdminOrAppUser,)
+    permission_classes = (IsAppUser,)
     serializer_class = serializers.SystemUserAuthSerializer
 
-    def get_permissions(self):
-        if settings.CONFIG.SECURITY_VIEW_AUTH_NEED_MFA:
-            self.permission_classes = (IsOrgAdminOrAppUser, NeedMFAVerify)
-        return super().get_permissions()
-
     def get_object(self):
         instance = super().get_object()
         aid = self.kwargs.get('aid')