fix: session viewset api permission validation (#13749)

* fix: session viewset api permission validation * fix: some api permission validation --------- Co-authored-by: Bai <baijiangjie@gmail.com>
2025-12-22 12:02:34 +00:00 · 2024-07-17 15:36:10 +08:00
parent c7e149f15d
commit ca5ffb6278
3 changed files with 19 additions and 6 deletions
--- a/apps/authentication/api/session.py
+++ b/apps/authentication/api/session.py
@@ -55,14 +55,14 @@ class UserSessionApi(generics.RetrieveDestroyAPIView):

    def retrieve(self, request, *args, **kwargs):
        if isinstance(request.user, AnonymousUser):
-            return Response(status=status.HTTP_200_OK)
+            return Response(status=status.HTTP_403_FORBIDDEN)

        UserSessionManager(request).connect()
-        return Response(status=status.HTTP_200_OK)
+        return Response(status=status.HTTP_200_OK, data={'ok': True})

    def destroy(self, request, *args, **kwargs):
        if isinstance(request.user, AnonymousUser):
-            return Response(status=status.HTTP_200_OK)
+            return Response(status=status.HTTP_403_FORBIDDEN)

        UserSessionManager(request).disconnect()
-        return Response(status=status.HTTP_204_NO_CONTENT)
+        return Response(status=status.HTTP_200_OK, data={'ok': True})