use deco to avoid current_user (#26077)

Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
2025-10-16 15:45:51 +09:00
parent bd01af6415
commit cced33d068
109 changed files with 526 additions and 788 deletions
--- a/api/controllers/console/app/app_import.py
+++ b/api/controllers/console/app/app_import.py
@@ -1,11 +1,11 @@
 from flask_restx import Resource, marshal_with, reqparse
 from sqlalchemy.orm import Session
-from werkzeug.exceptions import Forbidden

 from controllers.console.app.wraps import get_app_model
 from controllers.console.wraps import (
    account_initialization_required,
    cloud_edition_billing_resource_check,
+    edit_permission_required,
    setup_required,
 )
 from extensions.ext_database import db
@@ -26,12 +26,10 @@ class AppImportApi(Resource):
    @account_initialization_required
    @marshal_with(app_import_fields)
    @cloud_edition_billing_resource_check("apps")
+    @edit_permission_required
    def post(self):
        # Check user role first
        current_user, _ = current_account_with_tenant()
-        if not current_user.has_edit_permission:
-            raise Forbidden()
-
        parser = reqparse.RequestParser()
        parser.add_argument("mode", type=str, required=True, location="json")
        parser.add_argument("yaml_content", type=str, location="json")
@@ -80,11 +78,10 @@ class AppImportConfirmApi(Resource):
    @login_required
    @account_initialization_required
    @marshal_with(app_import_fields)
+    @edit_permission_required
    def post(self, import_id):
        # Check user role first
        current_user, _ = current_account_with_tenant()
-        if not current_user.has_edit_permission:
-            raise Forbidden()

        # Create service with session
        with Session(db.engine) as session:
@@ -107,11 +104,8 @@ class AppImportCheckDependenciesApi(Resource):
    @get_app_model
    @account_initialization_required
    @marshal_with(app_import_check_dependencies_fields)
+    @edit_permission_required
    def get(self, app_model: App):
-        current_user, _ = current_account_with_tenant()
-        if not current_user.has_edit_permission:
-            raise Forbidden()
-
        with Session(db.engine) as session:
            import_service = AppDslService(session)
            result = import_service.check_dependencies(app_model=app_model)