|
|
|
|
@ -160,12 +160,23 @@ func (s *UserService) ListUserAccessTokens(ctx context.Context, request *apiv2pb
|
|
|
|
|
return nil, status.Errorf(codes.PermissionDenied, "permission denied")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Normal users can only list their access tokens.
|
|
|
|
|
if user.Role == store.RoleUser && user.Username != request.Username {
|
|
|
|
|
return nil, status.Errorf(codes.PermissionDenied, "permission denied")
|
|
|
|
|
userID := user.ID
|
|
|
|
|
// List access token for other users need to be verified.
|
|
|
|
|
if user.Username != request.Username {
|
|
|
|
|
// Normal users can only list their access tokens.
|
|
|
|
|
if user.Role == store.RoleUser {
|
|
|
|
|
return nil, status.Errorf(codes.PermissionDenied, "permission denied")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// The request user must be exist.
|
|
|
|
|
requestUser, err := s.Store.GetUser(ctx, &store.FindUser{Username: &request.Username})
|
|
|
|
|
if requestUser == nil || err != nil {
|
|
|
|
|
return nil, status.Errorf(codes.NotFound, "fail to find user %s", request.Username)
|
|
|
|
|
}
|
|
|
|
|
userID = requestUser.ID
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
userAccessTokens, err := s.Store.GetUserAccessTokens(ctx, user.ID)
|
|
|
|
|
userAccessTokens, err := s.Store.GetUserAccessTokens(ctx, userID)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, status.Errorf(codes.Internal, "failed to list access tokens: %v", err)
|
|
|
|
|
}
|
|
|
|
|
|
Athurg Gooth
2 years ago
committed by
GitHub