fix bug when get repo api token (#4652)

Co-authored-by: lian <lian@seafile.com>
2025-08-01 15:23:05 +00:00 · 2020-08-18 17:33:31 +08:00 · 2020-08-18 17:33:31 +08:00 · 685ee2c21a
commit 685ee2c21a
parent b2f6bb35de
2 changed files with 8 additions and 7 deletions
--- a/seahub/api2/endpoints/repo_api_tokens.py
+++ b/seahub/api2/endpoints/repo_api_tokens.py
@ -45,7 +45,7 @@ class RepoAPITokensView(APIView):

        # permission check
        username = request.user.username
-        if not permission_check_admin_owner(username, repo_id, request):
+        if not permission_check_admin_owner(request, username, repo_id):
            error_msg = 'Permission denied.'
            return api_error(status.HTTP_403_FORBIDDEN, error_msg)

@ -73,7 +73,7 @@ class RepoAPITokensView(APIView):

        # permission check
        username = request.user.username
-        if not permission_check_admin_owner(username, repo_id, request):
+        if not permission_check_admin_owner(request, username, repo_id):
            error_msg = 'Permission denied.'
            return api_error(status.HTTP_403_FORBIDDEN, error_msg)

@ -108,7 +108,7 @@ class RepoAPITokenView(APIView):

        username = request.user.username
        # permission check
-        if not permission_check_admin_owner(username, repo_id, request):
+        if not permission_check_admin_owner(request, username, repo_id):
            error_msg = 'Permission denied.'
            return api_error(status.HTTP_403_FORBIDDEN, error_msg)

@ -139,7 +139,7 @@ class RepoAPITokenView(APIView):

        # permission check
        username = request.user.username
-        if not permission_check_admin_owner(username, repo_id, request):
+        if not permission_check_admin_owner(request, username, repo_id):
            error_msg = 'Permission denied.'
            return api_error(status.HTTP_403_FORBIDDEN, error_msg)

--- a/seahub/repo_api_tokens/utils.py
+++ b/seahub/repo_api_tokens/utils.py
@ -12,14 +12,14 @@ from seahub.settings import ENABLE_VIDEO_THUMBNAIL, THUMBNAIL_ROOT
 from seahub.thumbnail.utils import get_thumbnail_src
 from seahub.utils import is_pro_version, FILEEXT_TYPE_MAP, IMAGE, XMIND, VIDEO
 from seahub.utils.file_tags import get_files_tags_in_dir
-from seahub.utils.repo import is_group_repo_staff
+from seahub.utils.repo import is_group_repo_staff, is_repo_owner

 logger = logging.getLogger(__name__)
 json_content_type = 'application/json; charset=utf-8'
 HTTP_520_OPERATION_FAILED = 520


-def permission_check_admin_owner(username, repo_id, request=None):  # maybe add more complex logic in the future
+def permission_check_admin_owner(request, username, repo_id):  # maybe add more complex logic in the future
    """
    if repo is owned by user return true
    or check whether repo is owned by group and whether user is group's staff
@ -28,7 +28,8 @@ def permission_check_admin_owner(username, repo_id, request=None):  # maybe add
    else
    check user is the such group's staff
    """
-    if username == seafile_api.get_repo_owner(repo_id):
+
+    if is_repo_owner(request, repo_id, username):
        return True
    else:
        return is_group_repo_staff(request, repo_id, username)