use deco (#28153)

Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
2025-11-21 15:25:53 +09:00
parent 3c30d0f41b
commit 1a2f8dfcb4
23 changed files with 205 additions and 317 deletions
--- a/api/controllers/console/workspace/endpoint.py
+++ b/api/controllers/console/workspace/endpoint.py
@@ -1,8 +1,7 @@
 from flask_restx import Resource, fields, reqparse
-from werkzeug.exceptions import Forbidden

 from controllers.console import api, console_ns
-from controllers.console.wraps import account_initialization_required, setup_required
+from controllers.console.wraps import account_initialization_required, is_admin_or_owner_required, setup_required
 from core.model_runtime.utils.encoders import jsonable_encoder
 from core.plugin.impl.exc import PluginPermissionDeniedError
 from libs.login import current_account_with_tenant, login_required
@@ -31,11 +30,10 @@ class EndpointCreateApi(Resource):
    @api.response(403, "Admin privileges required")
    @setup_required
    @login_required
+    @is_admin_or_owner_required
    @account_initialization_required
    def post(self):
        user, tenant_id = current_account_with_tenant()
-        if not user.is_admin_or_owner:
-            raise Forbidden()

        parser = (
            reqparse.RequestParser()
@@ -168,6 +166,7 @@ class EndpointDeleteApi(Resource):
    @api.response(403, "Admin privileges required")
    @setup_required
    @login_required
+    @is_admin_or_owner_required
    @account_initialization_required
    def post(self):
        user, tenant_id = current_account_with_tenant()
@@ -175,9 +174,6 @@ class EndpointDeleteApi(Resource):
        parser = reqparse.RequestParser().add_argument("endpoint_id", type=str, required=True)
        args = parser.parse_args()

-        if not user.is_admin_or_owner:
-            raise Forbidden()
-
        endpoint_id = args["endpoint_id"]

        return {
@@ -207,6 +203,7 @@ class EndpointUpdateApi(Resource):
    @api.response(403, "Admin privileges required")
    @setup_required
    @login_required
+    @is_admin_or_owner_required
    @account_initialization_required
    def post(self):
        user, tenant_id = current_account_with_tenant()
@@ -223,9 +220,6 @@ class EndpointUpdateApi(Resource):
        settings = args["settings"]
        name = args["name"]

-        if not user.is_admin_or_owner:
-            raise Forbidden()
-
        return {
            "success": EndpointService.update_endpoint(
                tenant_id=tenant_id,
@@ -252,6 +246,7 @@ class EndpointEnableApi(Resource):
    @api.response(403, "Admin privileges required")
    @setup_required
    @login_required
+    @is_admin_or_owner_required
    @account_initialization_required
    def post(self):
        user, tenant_id = current_account_with_tenant()
@@ -261,9 +256,6 @@ class EndpointEnableApi(Resource):

        endpoint_id = args["endpoint_id"]

-        if not user.is_admin_or_owner:
-            raise Forbidden()
-
        return {
            "success": EndpointService.enable_endpoint(tenant_id=tenant_id, user_id=user.id, endpoint_id=endpoint_id)
        }
@@ -284,6 +276,7 @@ class EndpointDisableApi(Resource):
    @api.response(403, "Admin privileges required")
    @setup_required
    @login_required
+    @is_admin_or_owner_required
    @account_initialization_required
    def post(self):
        user, tenant_id = current_account_with_tenant()
@@ -293,9 +286,6 @@ class EndpointDisableApi(Resource):

        endpoint_id = args["endpoint_id"]

-        if not user.is_admin_or_owner:
-            raise Forbidden()
-
        return {
            "success": EndpointService.disable_endpoint(tenant_id=tenant_id, user_id=user.id, endpoint_id=endpoint_id)
        }