fix 27003 (#27005)

Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
2025-10-17 10:10:16 +09:00
parent d7f0a31e24
commit 19cc6ea993
5 changed files with 43 additions and 18 deletions
--- a/api/controllers/console/wraps.py
+++ b/api/controllers/console/wraps.py
@@ -303,7 +303,12 @@ def edit_permission_required(f: Callable[P, R]):
    def decorated_function(*args: P.args, **kwargs: P.kwargs):
        from werkzeug.exceptions import Forbidden

-        current_user, _ = current_account_with_tenant()
+        from libs.login import current_user
+        from models import Account
+
+        user = current_user._get_current_object()  # type: ignore
+        if not isinstance(user, Account):
+            raise Forbidden()
        if not current_user.has_edit_permission:
            raise Forbidden()
        return f(*args, **kwargs)