fix: add Limiting judgement of get admin token

2 years ago · 43308f8286
parent bcd625045a
commit 43308f8286
1 changed files with 5 additions and 0 deletions
--- a/internal/rpc/auth/auth.go
+++ b/internal/rpc/auth/auth.go
@ -85,6 +85,11 @@ func (s *authServer) GetUserToken(ctx context.Context, req *pbauth.GetUserTokenR
 		return nil, err
 	}
 	resp := pbauth.GetUserTokenResp{}
+
+	if authverify.IsManagerUserID(req.UserID) {
+		return nil, errs.ErrNoPermission.Wrap("don't get Admin token")
+	}
+
 	if _, err := s.userRpcClient.GetUserInfo(ctx, req.UserID); err != nil {
 		return nil, err
 	}