estel/dify
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

only admin and owner can delete app (#810)

Browse Source
This commit is contained in:
conghaoyuan
2023-08-12 14:18:21 +08:00
committed by GitHub
parent 5a7b51f809
commit c13a90ee69
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
api/controllers/console/app/app.py
View File

@@ -294,6 +294,10 @@ class AppApi(Resource):
def delete(self, app_id): def delete(self, app_id):
"""Delete app""" """Delete app"""
app_id = str(app_id) app_id = str(app_id)
if current_user.current_tenant.current_role not in ['admin', 'owner']:
raise Forbidden()
app = _get_app(app_id, current_user.current_tenant_id) app = _get_app(app_id, current_user.current_tenant_id)
db.session.delete(app) db.session.delete(app)