From 8278c50c1ef566fe10579bd3fb3637e616852c68 Mon Sep 17 00:00:00 2001 From: jingrow Date: Mon, 3 Nov 2025 00:46:12 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E6=97=A0=E6=B3=95=E5=88=A0?= =?UTF-8?q?=E9=99=A4Local=20App=E8=AE=B0=E5=BD=95=E7=9A=84=E9=97=AE?= =?UTF-8?q?=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- jcloud/api/local_app.py | 23 +++++++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) diff --git a/jcloud/api/local_app.py b/jcloud/api/local_app.py index 733710e..b9d2206 100644 --- a/jcloud/api/local_app.py +++ b/jcloud/api/local_app.py @@ -238,11 +238,19 @@ def create_local_app(app_data): def update_local_app(name, app_data): """更新本地应用""" + team = get_current_team() + if not team: + return {"success": False, "message": "未找到当前团队信息"} + if not jingrow.db.exists("Local App", name): return {"success": False, "message": "应用不存在"} app = jingrow.get_pg("Local App", name) + # 验证权限:只能更新自己团队的应用 + if app.team != team: + return {"success": False, "message": "您没有权限操作此应用"} + # 解析 JSON 数据 if isinstance(app_data, str): try: @@ -262,7 +270,8 @@ def update_local_app(name, app_data): if not updated_fields: return {"success": False, "message": "没有有效的字段被更新"} - app.save() + # 使用 ignore_permissions=True 因为我们已经手动验证了团队权限 + app.save(ignore_permissions=True) return {"success": True, "name": app.name, "updated_fields": updated_fields, "message": "应用更新成功"} @@ -270,11 +279,21 @@ def update_local_app(name, app_data): def delete_local_app(name): """删除本地应用""" + team = get_current_team() + if not team: + return {"success": False, "message": "未找到当前团队信息"} + if not jingrow.db.exists("Local App", name): return {"success": False, "message": "应用不存在"} app = jingrow.get_pg("Local App", name) - app.delete() + + # 验证权限:只能删除自己团队的应用 + if app.team != team: + return {"success": False, "message": "您没有权限操作此应用"} + + # 使用 ignore_permissions=True 因为我们已经手动验证了团队权限 + app.delete(ignore_permissions=True) return {"success": True, "message": "应用删除成功"}