From c9c9ca76fd973199a7c15974f7dac6c80acc45a4 Mon Sep 17 00:00:00 2001
From: hgbdev <boihuynh147@gmail.com>
Date: Sat, 7 Dec 2024 01:38:42 +0700
Subject: [PATCH] fix(datasets): only return ApiKey of user who created
 (#11331)

---
 api/controllers/console/datasets/datasets.py | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/api/controllers/console/datasets/datasets.py b/api/controllers/console/datasets/datasets.py
index eb6a84e46e1a91..38a0e93104c2b1 100644
--- a/api/controllers/console/datasets/datasets.py
+++ b/api/controllers/console/datasets/datasets.py
@@ -537,6 +537,9 @@ def get(self):
             .filter(ApiToken.type == self.resource_type, ApiToken.tenant_id == current_user.current_tenant_id)
             .all()
         )
+
+        keys = [key for key in keys if key.created_by == current_user.id or key.created_by is None]
+
         return {"items": keys}
 
     @setup_required
@@ -548,12 +551,14 @@ def post(self):
         if not current_user.is_admin_or_owner:
             raise Forbidden()
 
-        current_key_count = (
+        keys = (
             db.session.query(ApiToken)
             .filter(ApiToken.type == self.resource_type, ApiToken.tenant_id == current_user.current_tenant_id)
-            .count()
+            .all()
         )
 
+        current_key_count = len([key for key in keys if key.created_by == current_user.id or key.created_by is None])
+
         if current_key_count >= self.max_keys:
             flask_restful.abort(
                 400,