haiwen/seahub
1
0
Fork 0
mirror of https://github.com/haiwen/seahub.git synced 2025-08-31 06:34:40 +00:00
Code Issues Releases Wiki Activity

optimize wiki search permission (#7659)

Browse Source
This commit is contained in:
JoinTyang
2025-03-24 13:43:12 +08:00
committed by GitHub
parent 5e456c569a
commit 7d46c7aaa2
1 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
seahub/api2/endpoints/wiki2.py
View File

@@ -1312,8 +1312,6 @@ class Wiki2PublishView(APIView):
class WikiSearch(APIView): class WikiSearch(APIView):
authentication_classes = (TokenAuthentication, SessionAuthentication)
permission_classes = (IsAuthenticated, )
throttle_classes = (UserRateThrottle, ) throttle_classes = (UserRateThrottle, )
def post(self, request): def post(self, request):
@@ -1336,6 +1334,11 @@ class WikiSearch(APIView):
error_msg = 'search_wiki invalid.' error_msg = 'search_wiki invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg) return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
wiki_publish = Wiki2Publish.objects.filter(repo_id=search_wiki).first()
if not wiki_publish and not request.user.is_authenticated:
error_msg = 'Permission denied.'
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
params = { params = {
'query': query, 'query': query,
'wiki': search_wiki, 'wiki': search_wiki,