haiwen/seahub
1
0
Fork 0
mirror of https://github.com/haiwen/seahub.git synced 2025-04-28 03:10:45 +00:00
Code Issues Releases Wiki Activity

optimize wiki search permission (#7659)

Browse Source
This commit is contained in:
JoinTyang 2025-03-24 13:43:12 +08:00 committed by GitHub
parent 5e456c569a
commit 7d46c7aaa2
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
seahub/api2/endpoints/wiki2.py
View File

@ -1312,8 +1312,6 @@ class Wiki2PublishView(APIView):
class WikiSearch(APIView):
authentication_classes = (TokenAuthentication, SessionAuthentication)
permission_classes = (IsAuthenticated, )
throttle_classes = (UserRateThrottle, )
def post(self, request):
@ -1336,6 +1334,11 @@ class WikiSearch(APIView):
error_msg = 'search_wiki invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
wiki_publish = Wiki2Publish.objects.filter(repo_id=search_wiki).first()
if not wiki_publish and not request.user.is_authenticated:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
params = {
'query': query,
'wiki': search_wiki,