From 4c5e47cb99be16a548bbcbd87b3a5b94fe6bddef Mon Sep 17 00:00:00 2001 From: jiangweidong Date: Thu, 30 Mar 2023 16:06:30 +0800 Subject: [PATCH] =?UTF-8?q?perf:=20=E6=99=AE=E9=80=9A=E7=94=A8=E6=88=B7?= =?UTF-8?q?=E5=B7=A5=E5=8D=95=E7=94=B3=E8=AF=B7=E6=97=B6=EF=BC=8C=E9=80=89?= =?UTF-8?q?=E6=8B=A9=E6=8C=87=E5=AE=9A=E8=B4=A6=E5=8F=B7=EF=BC=8C=E6=8F=90?= =?UTF-8?q?=E7=A4=BA=E6=97=A0=E6=9D=83=E9=99=90?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/accounts/api/account/account.py | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/apps/accounts/api/account/account.py b/apps/accounts/api/account/account.py index 72e926d4a..0cfddd88c 100644 --- a/apps/accounts/api/account/account.py +++ b/apps/accounts/api/account/account.py @@ -8,7 +8,7 @@ from accounts import serializers from accounts.filters import AccountFilterSet from accounts.models import Account from assets.models import Asset, Node -from common.permissions import UserConfirmation, ConfirmType +from common.permissions import UserConfirmation, ConfirmType, IsValidUser from common.views.mixins import RecordViewLogMixin from orgs.mixins.api import OrgBulkModelViewSet from rbac.permissions import RBACPermission @@ -29,7 +29,6 @@ class AccountViewSet(OrgBulkModelViewSet): rbac_perms = { 'partial_update': ['accounts.change_account'], 'su_from_accounts': 'accounts.view_account', - 'username_suggestions': 'accounts.view_account', 'clear_secret': 'accounts.change_account', } @@ -50,7 +49,10 @@ class AccountViewSet(OrgBulkModelViewSet): serializer = serializers.AccountSerializer(accounts, many=True) return Response(data=serializer.data) - @action(methods=['get'], detail=False, url_path='username-suggestions') + @action( + methods=['get'], detail=False, url_path='username-suggestions', + permission_classes=[IsValidUser] + ) def username_suggestions(self, request, *args, **kwargs): asset_ids = request.query_params.get('assets') node_keys = request.query_params.get('keys')