From bdac6f91dde33b8464db55b75348ffcd3657f8e7 Mon Sep 17 00:00:00 2001
From: hjlarry <hjlarry@163.com>
Date: Tue, 20 Jan 2026 13:56:28 +0800
Subject: [PATCH] add socket edit permission validate

---
 api/controllers/console/socketio/workflow.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/api/controllers/console/socketio/workflow.py b/api/controllers/console/socketio/workflow.py
index 619487e78c..32787164d3 100644
--- a/api/controllers/console/socketio/workflow.py
+++ b/api/controllers/console/socketio/workflow.py
@@ -49,6 +49,8 @@ def socket_connect(sid, environ, auth):
             user = AccountService.load_logged_in_account(account_id=user_id)
             if not user:
                 return False
+            if not user.has_edit_permission:
+                return False
 
             collaboration_service.save_session(sid, user)
             return True