From f5d40a787ee9b38ddb3a2f6a55fad451f77f8405 Mon Sep 17 00:00:00 2001
From: feng <1304903146@qq.com>
Date: Mon, 24 Mar 2025 14:10:24 +0800
Subject: [PATCH] fix: check_api

---
 apps/common/management/commands/check_api.py | 2 +-
 apps/terminal/permissions.py                 | 8 +++++++-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/apps/common/management/commands/check_api.py b/apps/common/management/commands/check_api.py
index 5dff77a9d..ec48f6976 100644
--- a/apps/common/management/commands/check_api.py
+++ b/apps/common/management/commands/check_api.py
@@ -71,6 +71,7 @@ known_unauth_urls = [
     "/api/v1/authentication/mfa/select/",
     "/api/v1/authentication/mfa/send-code/",
     "/api/v1/authentication/sso/login/"
+    "/api/v1/authentication/user-session/"
 ]
 
 known_error_urls = [
@@ -91,7 +92,6 @@ class Command(BaseCommand):
         unauth_urls = []
         error_urls = []
         unformat_urls = []
-
         for url, ourl in urls:
             if '(' in url or '<' in url:
                 unformat_urls.append([url, ourl])
diff --git a/apps/terminal/permissions.py b/apps/terminal/permissions.py
index 288d839eb..200371cd4 100644
--- a/apps/terminal/permissions.py
+++ b/apps/terminal/permissions.py
@@ -9,7 +9,13 @@ __all__ = ['IsSessionAssignee']
 
 class IsSessionAssignee(permissions.IsAuthenticated):
     def has_permission(self, request, view):
-        return True
+        if not request.user:
+            return False
+        if request.user.is_anonymous:
+            return False
+        if view.action == 'retrieve':
+            return True
+        return False
 
     def has_object_permission(self, request, view, obj):
         try: