feat: list access tokens by admin (#2434)

* Allow admin user list access_tokens of anyone * fix undefined variable * Update api/v2/user_service.go --------- Co-authored-by: boojack <stevenlgtm@gmail.com>

feat: list access tokens by admin (#2434)
* Allow admin user list access_tokens of anyone * fix undefined variable * Update api/v2/user_service.go --------- Co-authored-by: boojack <stevenlgtm@gmail.com>
496cde87 · Athurg Gooth · GitHub · 79bbe4b8 · 496cde87
Unverified Commit 496cde87 authored Oct 24, 2023 by Athurg Gooth Committed by GitHub Oct 24, 2023
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 1 deletion

user_service.go api/v2/user_service.go +6 -1

No files found.
--- a/api/v2/user_service.go
+++ b/api/v2/user_service.go
@@ -156,7 +156,12 @@ func (s *UserService) ListUserAccessTokens(ctx context.Context, request *apiv2pb
 	if err != nil {
 		return nil, status.Errorf(codes.Internal, "failed to get current user: %v", err)
 	}
-	if user == nil || user.Username != request.Username {
+	if user == nil {
+		return nil, status.Errorf(codes.PermissionDenied, "permission denied")
+	}
+
+	// Normal users can only list their access tokens.
+	if user.Role == store.RoleUser && user.Username != request.Username {
 		return nil, status.Errorf(codes.PermissionDenied, "permission denied")
 	}