AI/dify
1
0
Fork 0
mirror of https://git.mirrors.martin98.com/https://github.com/langgenius/dify.git synced 2025-08-15 14:25:53 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix removing member without permission (#16332)

Browse Source 
Co-authored-by: crazywoola <427733928@qq.com>
This commit is contained in:
Linh Nguyen 2025-03-20 16:17:54 +07:00 committed by GitHub
parent 437dcbdd68
commit 8996c1da29
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
api/services/account_service.py
View File

@ -785,9 +785,11 @@ class TenantService:
@staticmethod @staticmethod
def remove_member_from_tenant(tenant: Tenant, account: Account, operator: Account) -> None: def remove_member_from_tenant(tenant: Tenant, account: Account, operator: Account) -> None:
"""Remove member from tenant""" """Remove member from tenant"""
if operator.id == account.id and TenantService.check_member_permission(tenant, operator, account, "remove"): if operator.id == account.id:
raise CannotOperateSelfError("Cannot operate self.") raise CannotOperateSelfError("Cannot operate self.")
TenantService.check_member_permission(tenant, operator, account, "remove")
ta = TenantAccountJoin.query.filter_by(tenant_id=tenant.id, account_id=account.id).first() ta = TenantAccountJoin.query.filter_by(tenant_id=tenant.id, account_id=account.id).first()
if not ta: if not ta:
raise MemberNotInTenantError("Member not in tenant.") raise MemberNotInTenantError("Member not in tenant.")