From 59ad091e69736bc9dc1a3bace62ec0a232346246 Mon Sep 17 00:00:00 2001
From: Joe <79627742+ZhouhaoJiang@users.noreply.github.com>
Date: Tue, 2 Jul 2024 13:37:37 +0800
Subject: [PATCH] feat: add export permission (#5841)

---
 api/controllers/console/app/app.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/api/controllers/console/app/app.py b/api/controllers/console/app/app.py
index 1a38bcba7e..fb3205813d 100644
--- a/api/controllers/console/app/app.py
+++ b/api/controllers/console/app/app.py
@@ -190,6 +190,10 @@ class AppExportApi(Resource):
     @get_app_model
     def get(self, app_model):
         """Export app"""
+        # The role of the current user in the ta table must be admin, owner, or editor
+        if not current_user.is_editor:
+            raise Forbidden()
+
         app_service = AppService()
 
         return {