Просмотр исходного кода
fix removing member without permission (#16332)
Co-authored-by: crazywoola <427733928@qq.com>tags/1.1.1
Linh Nguyen
7 месяцев назад
1 измененных файлов: 3 добавлений и 1 удалений
+ 3
- 1
api/services/account_service.py
Просмотреть файл
| @@ -785,9 +785,11 @@ class TenantService: | |||
| @staticmethod | |||
| def remove_member_from_tenant(tenant: Tenant, account: Account, operator: Account) -> None: | |||
| """Remove member from tenant""" | |||
| if operator.id == account.id and TenantService.check_member_permission(tenant, operator, account, "remove"): | |||
| if operator.id == account.id: | |||
| raise CannotOperateSelfError("Cannot operate self.") | |||
| TenantService.check_member_permission(tenant, operator, account, "remove") | |||
| ta = TenantAccountJoin.query.filter_by(tenant_id=tenant.id, account_id=account.id).first() | |||
| if not ta: | |||
| raise MemberNotInTenantError("Member not in tenant.") | |||
Загрузка…