From 447225aa12dba179d0151c27112d312f550d0b14 Mon Sep 17 00:00:00 2001
From: Aaron3S <chenyang@fit2cloud.com>
Date: Fri, 13 Mar 2026 14:33:17 +0800
Subject: [PATCH] feat: add permissions on hostname view

---
 apps/jumpserver/api/hostname.py | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/apps/jumpserver/api/hostname.py b/apps/jumpserver/api/hostname.py
index ce266ea24..ecd463a93 100644
--- a/apps/jumpserver/api/hostname.py
+++ b/apps/jumpserver/api/hostname.py
@@ -1,13 +1,22 @@
+from django.conf import settings
 from rest_framework.views import APIView
 from rest_framework.response import Response
 from rest_framework import status
 from rest_framework.permissions import AllowAny
 
+from common.permissions import OnlySuperUser
 
-## 此 api 返回 /etc/hostname 的值， 可以匿名访问
+
+# 此 api 返回 /etc/hostname 的值
+# 在 DEBUG_DEV 配置下可以匿名访问
 class HostnameView(APIView):
     permission_classes = (AllowAny,)
 
+    def get_permissions(self):
+        if getattr(settings, 'DEV_DEBUG', False):
+            return [AllowAny()]
+        return [OnlySuperUser()]
+
     def get(self, request):
         try:
             with open('/etc/hostname', 'r') as f: