YourSelfHosted/memos
1
0
Fork 0
mirror of https://github.com/usememos/memos.git synced 2025-06-05 22:09:59 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix: list token for others failed (#2440)

Browse Source 
Fix list token for others failed
This commit is contained in:
Athurg Gooth
2023-10-25 12:05:30 +08:00
committed by GitHub
parent 3a5deefe11
commit 043357d7dc
1 changed files with 15 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
api/v2/user_service.go
View File

@ -160,12 +160,23 @@ func (s *UserService) ListUserAccessTokens(ctx context.Context, request *apiv2pb
return nil, status.Errorf(codes.PermissionDenied, "permission denied") return nil, status.Errorf(codes.PermissionDenied, "permission denied")
} }
userID := user.ID
// List access token for other users need to be verified.
if user.Username != request.Username {
// Normal users can only list their access tokens. // Normal users can only list their access tokens.
if user.Role == store.RoleUser && user.Username != request.Username { if user.Role == store.RoleUser {
return nil, status.Errorf(codes.PermissionDenied, "permission denied") return nil, status.Errorf(codes.PermissionDenied, "permission denied")
} }
userAccessTokens, err := s.Store.GetUserAccessTokens(ctx, user.ID) // The request user must be exist.
requestUser, err := s.Store.GetUser(ctx, &store.FindUser{Username: &request.Username})
if requestUser == nil || err != nil {
return nil, status.Errorf(codes.NotFound, "fail to find user %s", request.Username)
}
userID = requestUser.ID
}
userAccessTokens, err := s.Store.GetUserAccessTokens(ctx, userID)
if err != nil { if err != nil {
return nil, status.Errorf(codes.Internal, "failed to list access tokens: %v", err) return nil, status.Errorf(codes.Internal, "failed to list access tokens: %v", err)
} }