fix: session viewset api permission validation (#13750)

* fix: session viewset api permission validation * fix: some api permission validation --------- Co-authored-by: Bai <baijiangjie@gmail.com>
2025-09-02 16:05:29 +00:00 · 2024-07-17 15:35:34 +08:00
parent 85825165fc
commit d6f6bb9c1b
4 changed files with 20 additions and 7 deletions
--- a/apps/authentication/api/session.py
+++ b/apps/authentication/api/session.py
@@ -55,14 +55,14 @@ class UserSessionApi(generics.RetrieveDestroyAPIView):

    def retrieve(self, request, *args, **kwargs):
        if isinstance(request.user, AnonymousUser):
-            return Response(status=status.HTTP_200_OK)
+            return Response(status=status.HTTP_403_FORBIDDEN)

        UserSessionManager(request).connect()
-        return Response(status=status.HTTP_200_OK)
+        return Response(status=status.HTTP_200_OK, data={'ok': True})

    def destroy(self, request, *args, **kwargs):
        if isinstance(request.user, AnonymousUser):
-            return Response(status=status.HTTP_200_OK)
+            return Response(status=status.HTTP_403_FORBIDDEN)

        UserSessionManager(request).disconnect()
-        return Response(status=status.HTTP_204_NO_CONTENT)
+        return Response(status=status.HTTP_200_OK, data={'ok': True})