fix: 修复获取令牌信息的remote app资产信息 (#8619)

* fix: 修复连接令牌只获取自己的令牌信息；修复连接令牌系统用户角色权限问题（普通用户看不到）； * fix: 修复获取令牌信息的remote app资产信息 * fix: 修复获取用户个人信息时使用连接令牌 * fix: 修复获取profile时的连接令牌问题 * fix: 修复连接令牌问题 * fix: 修复连接令牌问题 Co-authored-by: Jiangjie.Bai <bugatti_it@163.com>
2025-09-08 18:59:47 +00:00 · 2022-07-19 15:57:02 +08:00
parent 585ddeb25b
commit cc2b858769
6 changed files with 33 additions and 6 deletions
--- a/apps/users/api/profile.py
+++ b/apps/users/api/profile.py
@@ -3,6 +3,10 @@ import uuid

 from rest_framework import generics
 from rest_framework.permissions import IsAuthenticated
+from common.permissions import IsValidUserOrConnectionToken
+from common.utils import get_object_or_none
+from orgs.utils import tmp_to_root_org
+from authentication.models import ConnectionToken

 from users.notifications import (
    ResetPasswordMsg, ResetPasswordSuccessMsg, ResetSSHKeyMsg,
@@ -44,12 +48,26 @@ class UserResetPKApi(UserQuerysetMixin, generics.UpdateAPIView):


 class UserProfileApi(generics.RetrieveUpdateAPIView):
-    permission_classes = (IsAuthenticated,)
+    permission_classes = (IsValidUserOrConnectionToken,)
    serializer_class = serializers.UserProfileSerializer

    def get_object(self):
+        if self.request.user.is_anonymous:
+            user = self.get_connection_token_user()
+            if user:
+                return user
        return self.request.user

+    def get_connection_token_user(self):
+        token_id = self.request.query_params.get('token')
+        if not token_id:
+            return
+        with tmp_to_root_org():
+            token = get_object_or_none(ConnectionToken, id=token_id)
+        if not token:
+            return
+        return token.user
+

 class UserPasswordApi(generics.RetrieveUpdateAPIView):
    permission_classes = (IsAuthenticated,)