From 555c70672e2b1b6c9d0a996bbbdc5a1d4b8d1932 Mon Sep 17 00:00:00 2001
From: kunyi-yang <77481238+kunyi-yang@users.noreply.github.com>
Date: Tue, 4 Mar 2025 19:35:42 +0800
Subject: [PATCH] =?UTF-8?q?Fix=EF=BC=9AFix=20the=20bug=20of=20incorrectly?=
 =?UTF-8?q?=20gets=20the=20APIToken.=20(#5597)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

### What problem does this PR solve?

Fix the issue where, when getting a user's APIToken, if the user is part
of another user's team, it incorrectly gets the Team owner's APIToken
instead.


### Type of change

- [x] Bug Fix (non-breaking change which fixes an issue)
---
 api/apps/system_app.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/api/apps/system_app.py b/api/apps/system_app.py
index 0d979b233..c1ae5ec3b 100644
--- a/api/apps/system_app.py
+++ b/api/apps/system_app.py
@@ -201,7 +201,7 @@ def new_token():
         if not tenants:
             return get_data_error_result(message="Tenant not found!")
 
-        tenant_id = tenants[0].tenant_id
+        tenant_id = [tenant for tenant in tenants if tenant.role == 'owner'][0].tenant_id
         obj = {
             "tenant_id": tenant_id,
             "token": generate_confirmation_token(tenant_id),
@@ -256,7 +256,7 @@ def token_list():
         if not tenants:
             return get_data_error_result(message="Tenant not found!")
 
-        tenant_id = tenants[0].tenant_id
+        tenant_id = [tenant for tenant in tenants if tenant.role == 'owner'][0].tenant_id
         objs = APITokenService.query(tenant_id=tenant_id)
         objs = [o.to_dict() for o in objs]
         for o in objs: