ignore repos that are no longer accessible when regenerating tokens

2025-08-01 23:38:37 +00:00 · 2015-03-13 11:01:13 +08:00 · 2015-03-13 11:01:13 +08:00 · f4ed79bd3e
commit f4ed79bd3e
parent 18bc135a53
2 changed files with 6 additions and 6 deletions
--- a/seahub/api2/views.py
+++ b/seahub/api2/views.py
@ -3592,13 +3592,10 @@ class RepoTokensView(APIView):
        if any([not _REPO_ID_PATTERN.match(repo) for repo in repos]):
            return api_error(status.HTTP_400_BAD_REQUEST, "Libraries ids are invalid")

-        if any([not seafile_api.check_repo_access_permission(
-                repo, request.user.username) for repo in repos]):
-            return api_error(status.HTTP_403_FORBIDDEN,
-                             "You do not have permission to access those libraries")
-
        tokens = {}
        for repo in repos:
+            if not seafile_api.check_repo_access_permission(repo, request.user.username):
+                continue
            tokens[repo] = seafile_api.generate_repo_token(repo, request.user.username)

        return tokens
--- a/tests/api/test_repos.py
+++ b/tests/api/test_repos.py
@ -3,6 +3,7 @@
 Test repos api.
 """

+import uuid
 import unittest

 from tests.api.apitestbase import ApiTestBase
@ -163,10 +164,12 @@ class ReposApiTest(ApiTestBase):
    def test_generate_repo_tokens(self):
        with self.get_tmp_repo() as ra:
            with self.get_tmp_repo() as rb:
-                repo_ids = ','.join([ra.repo_id, rb.repo_id])
+                fake_repo_id = str(uuid.uuid4())
+                repo_ids = ','.join([ra.repo_id, rb.repo_id, fake_repo_id])
                tokens = self.get(GET_REPO_TOKENS_URL + '?repos=%s' % repo_ids).json()
                assert ra.repo_id in tokens
                assert rb.repo_id in tokens
+                assert fake_repo_id not in tokens
                for repo_id, token in tokens.iteritems():
                    self._get_repo_info(token, repo_id)