From e2c89a948786c19b0b59e8b6546e69c71cb21076 Mon Sep 17 00:00:00 2001
From: Bowen Liang <liangbowen@gf.com.cn>
Date: Fri, 19 Jan 2024 17:23:05 +0800
Subject: [PATCH] fix: bypass admin users to use dataset api with API key
 (#2072)

---
 api/controllers/service_api/wraps.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/api/controllers/service_api/wraps.py b/api/controllers/service_api/wraps.py
index 16cc3679b0..359ac39978 100644
--- a/api/controllers/service_api/wraps.py
+++ b/api/controllers/service_api/wraps.py
@@ -75,7 +75,7 @@ def validate_dataset_token(view=None):
             tenant_account_join = db.session.query(Tenant, TenantAccountJoin) \
                 .filter(Tenant.id == api_token.tenant_id) \
                 .filter(TenantAccountJoin.tenant_id == Tenant.id) \
-                .filter(TenantAccountJoin.role == 'owner') \
+                .filter(TenantAccountJoin.role.in_(['owner', 'admin'])) \
                 .one_or_none()
             if tenant_account_join:
                 tenant, ta = tenant_account_join