use deco to avoid current_user (#26077)

Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
2025-10-16 15:45:51 +09:00
parent bd01af6415
commit cced33d068
109 changed files with 526 additions and 788 deletions
--- a/api/controllers/console/files.py
+++ b/api/controllers/console/files.py
@@ -1,7 +1,6 @@
 from typing import Literal

 from flask import request
-from flask_login import current_user
 from flask_restx import Resource, marshal_with
 from werkzeug.exceptions import Forbidden

@@ -22,8 +21,7 @@ from controllers.console.wraps import (
 )
 from extensions.ext_database import db
 from fields.file_fields import file_fields, upload_config_fields
-from libs.login import login_required
-from models import Account
+from libs.login import current_account_with_tenant, login_required
 from services.file_service import FileService

 from . import console_ns
@@ -53,6 +51,7 @@ class FileApi(Resource):
    @marshal_with(file_fields)
    @cloud_edition_billing_resource_check("documents")
    def post(self):
+        current_user, _ = current_account_with_tenant()
        source_str = request.form.get("source")
        source: Literal["datasets"] | None = "datasets" if source_str == "datasets" else None

@@ -65,16 +64,12 @@ class FileApi(Resource):

        if not file.filename:
            raise FilenameNotExistsError
-
        if source == "datasets" and not current_user.is_dataset_editor:
            raise Forbidden()

        if source not in ("datasets", None):
            source = None

-        if not isinstance(current_user, Account):
-            raise ValueError("Invalid user account")
-
        try:
            upload_file = FileService(db.engine).upload_file(
                filename=file.filename,