From 8d3c1bd783f7a96e96c030df77cb6bfb2e37d03f Mon Sep 17 00:00:00 2001 From: ibuler Date: Thu, 10 Jun 2021 19:45:03 +0800 Subject: [PATCH] =?UTF-8?q?perf:=20=E4=BC=98=E5=8C=96=E8=8E=B7=E5=8F=96tok?= =?UTF-8?q?en=20secret,=20=E9=87=8D=E6=96=B0=E6=A0=A1=E9=AA=8C=E6=9D=83?= =?UTF-8?q?=E9=99=90?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/authentication/api/connection_token.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/apps/authentication/api/connection_token.py b/apps/authentication/api/connection_token.py index e9678392d..1ac5435be 100644 --- a/apps/authentication/api/connection_token.py +++ b/apps/authentication/api/connection_token.py @@ -231,6 +231,11 @@ class UserConnectionTokenViewSet(RootOrgViewMixin, SerializerMixin2, GenericView if asset and not asset.is_active: raise serializers.ValidationError("Asset disabled") + + try: + self.check_resource_permission(user, asset, app, system_user) + except PermissionDenied: + raise serializers.ValidationError('Permission expired or invalid') return value, user, system_user, asset, app @action(methods=['POST'], detail=False, permission_classes=[IsSuperUserOrAppUser], url_path='secret-info/detail')