chore: udpate update desc to api token, fix permission

docs/content.en/docs/release-notes/_index.md

@@ -50,7 +50,7 @@ Information about release notes of INFINI Framework is provided here.
 - chore: security configuration structure enhanced
 - chore: remove unused grpc and cuckoo filter"
 - chore: update seelog for vfs #363
-
+- chore: udpate update desc to api token, fix permission #372
 
 ## 1.4.0 (2025-12-19)
 ### ❌ Breaking changes  

modules/security/access_token/authentication.go

@@ -172,6 +172,7 @@ func RequestAccessToken(w http.ResponseWriter, req *http.Request, ps httprouter.
 
 	reqBody := struct {
 		Name        string                   `json:"name"`
+		Description string                   `json:"description"`
 		Permissions []security.PermissionKey `json:"permissions,omitempty"`
 	}{}
 	err = api.DecodeJSON(req, &reqBody)
@@ -203,15 +204,15 @@ func RequestAccessToken(w http.ResponseWriter, req *http.Request, ps httprouter.
 	}
 
 	expiredAT := time.Now().Add(365 * 24 * time.Hour).Unix()
-	res, err := CreateAPIToken(reqUser, reqBody.Name, "general", expiredAT, permissions)
+	res, err := CreateAPIToken(reqUser, reqBody.Name,reqBody.Description, "general", expiredAT, permissions)
 	if err != nil {
 		panic(err)
 	}
 
 	api.WriteJSON(w, res, 200)
 }
 
-func CreateAPIToken(user *security.UserSessionInfo, tokenName, typeName string, expiredAT int64, permissions []security.PermissionKey) (util.MapStr, error) {
+func CreateAPIToken(user *security.UserSessionInfo, tokenName, tokenDesc, typeName string, expiredAT int64, permissions []security.PermissionKey) (util.MapStr, error) {
 
 	if tokenName == "" {
 		tokenName = GenerateApiTokenName("")
@@ -233,6 +234,7 @@ func CreateAPIToken(user *security.UserSessionInfo, tokenName, typeName string,
 	accessToken.Permissions = permissions
 	accessToken.ExpireIn = expiredAT
 	accessToken.Name = tokenName
+	accessToken.Description = tokenDesc
 
 	if isNative() {
 		ctx := orm.NewContext()
@@ -374,6 +376,7 @@ func UpdateAccessToken(w http.ResponseWriter, req *http.Request, ps httprouter.P
 	}
 	reqBody := struct {
 		Name        string                   `json:"name,omitempty"`
+		Description string `json:"description"`
 		Permissions []security.PermissionKey `json:"permissions,omitempty"`
 	}{}
 	err = api.DecodeJSON(req, &reqBody)
@@ -412,6 +415,10 @@ func UpdateAccessToken(w http.ResponseWriter, req *http.Request, ps httprouter.P
 	if reqBody.Name != "" {
 		token.Name = reqBody.Name
 	}
+	if reqBody.Description != "" {
+		token.Description = reqBody.Description
+	}
+
 	if len(reqBody.Permissions) > 0 {
 		if isNative() {
 			// The NEW permissions must be a subset of the caller's own permissions.

modules/security/rbac/init.go

@@ -13,6 +13,13 @@ import (
 	"infini.sh/framework/modules/security/http_filters"
 )
 
+var ReadPermissionLists = security.GetSimplePermission("generic", "security:permission", security.Read)
+
+func init() {
+	api.HandleUIMethod(api.GET, "/security/permission/", ListPermission, api.RequirePermission(ReadPermissionLists))
+
+}
+
 func Init() {
 
 	provider := SecurityBackendProvider{}
@@ -21,7 +28,6 @@ func Init() {
 
 	orm.MustRegisterSchemaWithIndexName(&security.UserAccount{}, "app-users")
 	orm.MustRegisterSchemaWithIndexName(&security.UserRole{}, "app-roles")
-	ReadPermissionLists := security.GetSimplePermission("generic", "security:permission", security.Read)
 
 	CreateRolePermission := security.GetSimplePermission("generic", "security:role", security.Create)
 	UpdateRolePermission := security.GetSimplePermission("generic", "security:role", security.Update)
@@ -42,7 +48,6 @@ func Init() {
 		CreateUserPermission, UpdateUserPermission, DeleteUserPermission, ReadUserPermission, SearchUserPermission,
 		SearchPrincipalPermission)
 
-	api.HandleUIMethod(api.GET, "/security/permission/", ListPermission, api.RequirePermission(ReadPermissionLists))
 
 	api.HandleUIMethod(api.POST, "/security/role/", CreateRole, api.RequirePermission(CreateRolePermission))
 	api.HandleUIMethod(api.GET, "/security/role/_search", SearchRole, api.RequirePermission(SearchRolePermission))