From f206d963a094e77c0a343536e29618cc3f9213f5 Mon Sep 17 00:00:00 2001
From: ibuler <ibuler@qq.com>
Date: Sat, 7 Oct 2023 14:47:17 +0800
Subject: [PATCH] =?UTF-8?q?perf:=20=E4=BC=98=E5=8C=96=E4=BC=9A=E8=AF=9D=20?=
 =?UTF-8?q?api?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 apps/locale/zh/LC_MESSAGES/django.mo |  4 ++--
 apps/terminal/api/session/session.py |  7 ++++++-
 apps/terminal/api/session/task.py    | 11 +++++------
 apps/terminal/permissions.py         |  2 +-
 4 files changed, 14 insertions(+), 10 deletions(-)

diff --git a/apps/locale/zh/LC_MESSAGES/django.mo b/apps/locale/zh/LC_MESSAGES/django.mo
index a173d346d..20a804924 100644
--- a/apps/locale/zh/LC_MESSAGES/django.mo
+++ b/apps/locale/zh/LC_MESSAGES/django.mo
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:096cdc44514bd9f43b5e0062d878625c220ed7826a57a27968db3cb97e7eb011
-size 132403
+oid sha256:e8df7ef115d111ee9a176fac269a41a87d6b9a76a521e0206fe29591ab16da69
+size 132482
diff --git a/apps/terminal/api/session/session.py b/apps/terminal/api/session/session.py
index 756fb5a91..c286dee83 100644
--- a/apps/terminal/api/session/session.py
+++ b/apps/terminal/api/session/session.py
@@ -92,7 +92,12 @@ class SessionViewSet(RecordViewLogMixin, OrgBulkModelViewSet):
     rbac_perms = {
         'download': ['terminal.download_sessionreplay'],
     }
-    permission_classes = [RBACPermission | IsSessionAssignee]
+    permission_classes = [RBACPermission]
+
+    def get_permissions(self):
+        if self.action == 'retrieve':
+            self.permission_classes = [RBACPermission | IsSessionAssignee]
+        return super().get_permissions()
 
     @staticmethod
     def prepare_offline_file(session, local_path):
diff --git a/apps/terminal/api/session/task.py b/apps/terminal/api/session/task.py
index f9dc8a2f2..fd09fb2ae 100644
--- a/apps/terminal/api/session/task.py
+++ b/apps/terminal/api/session/task.py
@@ -50,14 +50,13 @@ class TaskViewSet(JMSBulkModelViewSet):
         serializer.is_valid(raise_exception=True)
         session_id = serializer.validated_data['session_id']
         task_name = serializer.validated_data['task_name']
-        session_ids = [session_id, ]
         user_id = request.user.id
-        for session_id in session_ids:
-            if not is_session_approver(session_id, user_id):
-                return Response({}, status=status.HTTP_403_FORBIDDEN)
-        with tmp_to_root_org():
-            validated_session = create_sessions_tasks(session_ids, request.user, task_name=task_name)
 
+        if not is_session_approver(session_id, user_id):
+            return Response({}, status=status.HTTP_403_FORBIDDEN)
+
+        with tmp_to_root_org():
+            validated_session = create_sessions_tasks([session_id], request.user, task_name=task_name)
         return Response({"ok": validated_session})
 
 
diff --git a/apps/terminal/permissions.py b/apps/terminal/permissions.py
index e2e72e572..288d839eb 100644
--- a/apps/terminal/permissions.py
+++ b/apps/terminal/permissions.py
@@ -9,7 +9,7 @@ __all__ = ['IsSessionAssignee']
 
 class IsSessionAssignee(permissions.IsAuthenticated):
     def has_permission(self, request, view):
-        return False
+        return True
 
     def has_object_permission(self, request, view, obj):
         try: