From 95689ec451a7247ae30584160f0ee83e011ec216 Mon Sep 17 00:00:00 2001 From: takatost Date: Sun, 6 Aug 2023 16:11:04 +0800 Subject: [PATCH] fix: modify app name & icon raise 401 (#759) --- api/controllers/console/app/app.py | 20 ++++---------------- 1 file changed, 4 insertions(+), 16 deletions(-) diff --git a/api/controllers/console/app/app.py b/api/controllers/console/app/app.py index 54a279f1cd..14271c7454 100644 --- a/api/controllers/console/app/app.py +++ b/api/controllers/console/app/app.py @@ -297,19 +297,13 @@ class AppNameApi(Resource): @account_initialization_required @marshal_with(app_detail_fields) def post(self, app_id): - - # The role of the current user in the ta table must be admin or owner - if current_user.current_tenant.current_role not in ['admin', 'owner']: - raise Forbidden() + app_id = str(app_id) + app = _get_app(app_id, current_user.current_tenant_id) parser = reqparse.RequestParser() parser.add_argument('name', type=str, required=True, location='json') args = parser.parse_args() - app = db.get_or_404(App, str(app_id)) - if app.tenant_id != flask.session.get('tenant_id'): - raise Unauthorized() - app.name = args.get('name') app.updated_at = datetime.utcnow() db.session.commit() @@ -322,20 +316,14 @@ class AppIconApi(Resource): @account_initialization_required @marshal_with(app_detail_fields) def post(self, app_id): - - # The role of the current user in the ta table must be admin or owner - if current_user.current_tenant.current_role not in ['admin', 'owner']: - raise Forbidden() + app_id = str(app_id) + app = _get_app(app_id, current_user.current_tenant_id) parser = reqparse.RequestParser() parser.add_argument('icon', type=str, location='json') parser.add_argument('icon_background', type=str, location='json') args = parser.parse_args() - app = db.get_or_404(App, str(app_id)) - if app.tenant_id != flask.session.get('tenant_id'): - raise Unauthorized() - app.icon = args.get('icon') app.icon_background = args.get('icon_background') app.updated_at = datetime.utcnow()