use deco (#28153)

Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
2025-11-21 15:25:53 +09:00
parent 3c30d0f41b
commit 1a2f8dfcb4
23 changed files with 205 additions and 317 deletions
--- a/api/controllers/console/auth/data_source_bearer_auth.py
+++ b/api/controllers/console/auth/data_source_bearer_auth.py
@@ -1,8 +1,8 @@
 from flask_restx import Resource, reqparse
-from werkzeug.exceptions import Forbidden

 from controllers.console import console_ns
 from controllers.console.auth.error import ApiKeyAuthFailedError
+from controllers.console.wraps import is_admin_or_owner_required
 from libs.login import current_account_with_tenant, login_required
 from services.auth.api_key_auth_service import ApiKeyAuthService

@@ -39,12 +39,10 @@ class ApiKeyAuthDataSourceBinding(Resource):
    @setup_required
    @login_required
    @account_initialization_required
+    @is_admin_or_owner_required
    def post(self):
        # The role of the current user in the table must be admin or owner
-        current_user, current_tenant_id = current_account_with_tenant()
-
-        if not current_user.is_admin_or_owner:
-            raise Forbidden()
+        _, current_tenant_id = current_account_with_tenant()
        parser = (
            reqparse.RequestParser()
            .add_argument("category", type=str, required=True, nullable=False, location="json")
@@ -65,12 +63,10 @@ class ApiKeyAuthDataSourceBindingDelete(Resource):
    @setup_required
    @login_required
    @account_initialization_required
+    @is_admin_or_owner_required
    def delete(self, binding_id):
        # The role of the current user in the table must be admin or owner
-        current_user, current_tenant_id = current_account_with_tenant()
-
-        if not current_user.is_admin_or_owner:
-            raise Forbidden()
+        _, current_tenant_id = current_account_with_tenant()

        ApiKeyAuthService.delete_provider_auth(current_tenant_id, binding_id)

--- a/api/controllers/console/auth/data_source_oauth.py
+++ b/api/controllers/console/auth/data_source_oauth.py
@@ -3,11 +3,11 @@ import logging
 import httpx
 from flask import current_app, redirect, request
 from flask_restx import Resource, fields
-from werkzeug.exceptions import Forbidden

 from configs import dify_config
 from controllers.console import api, console_ns
-from libs.login import current_account_with_tenant, login_required
+from controllers.console.wraps import is_admin_or_owner_required
+from libs.login import login_required
 from libs.oauth_data_source import NotionOAuth

 from ..wraps import account_initialization_required, setup_required
@@ -42,11 +42,9 @@ class OAuthDataSource(Resource):
    )
    @api.response(400, "Invalid provider")
    @api.response(403, "Admin privileges required")
+    @is_admin_or_owner_required
    def get(self, provider: str):
        # The role of the current user in the table must be admin or owner
-        current_user, _ = current_account_with_tenant()
-        if not current_user.is_admin_or_owner:
-            raise Forbidden()
        OAUTH_DATASOURCE_PROVIDERS = get_oauth_providers()
        with current_app.app_context():
            oauth_provider = OAUTH_DATASOURCE_PROVIDERS.get(provider)