From c55ab84659788885f27b0c5f517e4c579abaf8df Mon Sep 17 00:00:00 2001 From: npc0-hue Date: Mon, 26 Jan 2026 00:26:26 +0800 Subject: [PATCH] =?UTF-8?q?fix:=20=E9=92=89=E9=92=89=E5=92=8C=E5=BF=AB?= =?UTF-8?q?=E6=8D=B7=E7=99=BB=E5=BD=95=E5=85=BC=E5=AE=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../console/explore/installed_app.py | 35 ------------------- api/controllers/console/explore/wraps.py | 14 -------- 2 files changed, 49 deletions(-) diff --git a/api/controllers/console/explore/installed_app.py b/api/controllers/console/explore/installed_app.py index e42db10ba..f07f5b4af 100644 --- a/api/controllers/console/explore/installed_app.py +++ b/api/controllers/console/explore/installed_app.py @@ -16,8 +16,6 @@ from libs.datetime_utils import naive_utc_now from libs.login import current_account_with_tenant, login_required from models import App, InstalledApp, RecommendedApp from services.account_service import TenantService -from services.enterprise.enterprise_service import EnterpriseService -from services.feature_service import FeatureService class InstalledAppCreatePayload(BaseModel): @@ -68,39 +66,6 @@ class InstalledAppsListApi(Resource): if installed_app.app is not None ] - # filter out apps that user doesn't have access to - if FeatureService.get_system_features().webapp_auth.enabled: - user_id = current_user.id - app_ids = [installed_app["app"].id for installed_app in installed_app_list] - webapp_settings = EnterpriseService.WebAppAuth.batch_get_app_access_mode_by_id(app_ids) - - # Pre-filter out apps without setting or with sso_verified - filtered_installed_apps = [] - - for installed_app in installed_app_list: - app_id = installed_app["app"].id - webapp_setting = webapp_settings.get(app_id) - if not webapp_setting or webapp_setting.access_mode == "sso_verified": - continue - filtered_installed_apps.append(installed_app) - - # Batch permission check - app_ids = [installed_app["app"].id for installed_app in filtered_installed_apps] - permissions = EnterpriseService.WebAppAuth.batch_is_user_allowed_to_access_webapps( - user_id=user_id, - app_ids=app_ids, - ) - - # Keep only allowed apps - res = [] - for installed_app in filtered_installed_apps: - app_id = installed_app["app"].id - if permissions.get(app_id): - res.append(installed_app) - - installed_app_list = res - logger.debug("installed_app_list: %s, user_id: %s", installed_app_list, user_id) - installed_app_list.sort( key=lambda app: ( -app["is_pinned"], diff --git a/api/controllers/console/explore/wraps.py b/api/controllers/console/explore/wraps.py index 2a97d312a..2aee795a2 100644 --- a/api/controllers/console/explore/wraps.py +++ b/api/controllers/console/explore/wraps.py @@ -5,13 +5,10 @@ from typing import Concatenate, ParamSpec, TypeVar from flask_restx import Resource from werkzeug.exceptions import NotFound -from controllers.console.explore.error import AppAccessDeniedError from controllers.console.wraps import account_initialization_required from extensions.ext_database import db from libs.login import current_account_with_tenant, login_required from models import InstalledApp -from services.enterprise.enterprise_service import EnterpriseService -from services.feature_service import FeatureService P = ParamSpec("P") R = TypeVar("R") @@ -51,17 +48,6 @@ def user_allowed_to_access_app(view: Callable[Concatenate[InstalledApp, P], R] | def decorator(view: Callable[Concatenate[InstalledApp, P], R]): @wraps(view) def decorated(installed_app: InstalledApp, *args: P.args, **kwargs: P.kwargs): - current_user, _ = current_account_with_tenant() - feature = FeatureService.get_system_features() - if feature.webapp_auth.enabled: - app_id = installed_app.app_id - res = EnterpriseService.WebAppAuth.is_user_allowed_to_access_webapp( - user_id=str(current_user.id), - app_id=app_id, - ) - if not res: - raise AppAccessDeniedError() - return view(installed_app, *args, **kwargs) return decorated