usememos/memos
1
1
Fork 0
mirror of https://github.com/usememos/memos.git synced 2025-01-09 13:50:24 +08:00
Code Issues Projects Releases Packages Wiki Activity

fix: list token for others failed (#2440)

Browse source 
Fix list token for others failed
This commit is contained in:
Athurg Gooth 2023-10-25 12:05:30 +08:00 committed by GitHub
parent 3a5deefe11
commit 043357d7dc
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 15 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
api/v2/user_service.go
View file

@ -160,12 +160,23 @@ func (s *UserService) ListUserAccessTokens(ctx context.Context, request *apiv2pb
return nil, status.Errorf(codes.PermissionDenied, "permission denied")
}
// Normal users can only list their access tokens.
if user.Role == store.RoleUser && user.Username != request.Username {
return nil, status.Errorf(codes.PermissionDenied, "permission denied")
userID := user.ID
// List access token for other users need to be verified.
if user.Username != request.Username {
// Normal users can only list their access tokens.
if user.Role == store.RoleUser {
return nil, status.Errorf(codes.PermissionDenied, "permission denied")
}
// The request user must be exist.
requestUser, err := s.Store.GetUser(ctx, &store.FindUser{Username: &request.Username})
if requestUser == nil || err != nil {
return nil, status.Errorf(codes.NotFound, "fail to find user %s", request.Username)
}
userID = requestUser.ID
}
userAccessTokens, err := s.Store.GetUserAccessTokens(ctx, user.ID)
userAccessTokens, err := s.Store.GetUserAccessTokens(ctx, userID)
if err != nil {
return nil, status.Errorf(codes.Internal, "failed to list access tokens: %v", err)
}