use deco to avoid current_user (#26077)

Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
2026-01-03 21:17:09 +00:00 · 2025-10-16 15:45:51 +09:00
parent bd01af6415
commit cced33d068
109 changed files with 526 additions and 788 deletions
--- a/api/controllers/console/workspace/init.py
+++ b/api/controllers/console/workspace/init.py
@@ -2,11 +2,11 @@ from collections.abc import Callable
 from functools import wraps
 from typing import ParamSpec, TypeVar

-from flask_login import current_user
 from sqlalchemy.orm import Session
 from werkzeug.exceptions import Forbidden

 from extensions.ext_database import db
+from libs.login import current_account_with_tenant
 from models.account import TenantPluginPermission

 P = ParamSpec("P")
@@ -20,8 +20,9 @@ def plugin_permission_required(
    def interceptor(view: Callable[P, R]):
        @wraps(view)
        def decorated(*args: P.args, **kwargs: P.kwargs):
+            current_user, current_tenant_id = current_account_with_tenant()
            user = current_user
-            tenant_id = user.current_tenant_id
+            tenant_id = current_tenant_id

            with Session(db.engine) as session:
                permission = (
--- a/api/controllers/console/workspace/account.py
+++ b/api/controllers/console/workspace/account.py
@@ -2,7 +2,6 @@ from datetime import datetime

 import pytz
 from flask import request
-from flask_login import current_user
 from flask_restx import Resource, fields, marshal_with, reqparse
 from sqlalchemy import select
 from sqlalchemy.orm import Session
@@ -37,9 +36,8 @@ from extensions.ext_database import db
 from fields.member_fields import account_fields
 from libs.datetime_utils import naive_utc_now
 from libs.helper import TimestampField, email, extract_remote_ip, timezone
-from libs.login import login_required
-from models import AccountIntegrate, InvitationCode
-from models.account import Account
+from libs.login import current_account_with_tenant, login_required
+from models import Account, AccountIntegrate, InvitationCode
 from services.account_service import AccountService
 from services.billing_service import BillingService
 from services.errors.account import CurrentPasswordIncorrectError as ServiceCurrentPasswordIncorrectError
@@ -50,9 +48,7 @@ class AccountInitApi(Resource):
    @setup_required
    @login_required
    def post(self):
-        if not isinstance(current_user, Account):
-            raise ValueError("Invalid user account")
-        account = current_user
+        account, _ = current_account_with_tenant()

        if account.status == "active":
            raise AccountAlreadyInitedError()
@@ -106,8 +102,7 @@ class AccountProfileApi(Resource):
    @marshal_with(account_fields)
    @enterprise_license_required
    def get(self):
-        if not isinstance(current_user, Account):
-            raise ValueError("Invalid user account")
+        current_user, _ = current_account_with_tenant()
        return current_user


@@ -118,8 +113,7 @@ class AccountNameApi(Resource):
    @account_initialization_required
    @marshal_with(account_fields)
    def post(self):
-        if not isinstance(current_user, Account):
-            raise ValueError("Invalid user account")
+        current_user, _ = current_account_with_tenant()
        parser = reqparse.RequestParser()
        parser.add_argument("name", type=str, required=True, location="json")
        args = parser.parse_args()
@@ -140,8 +134,7 @@ class AccountAvatarApi(Resource):
    @account_initialization_required
    @marshal_with(account_fields)
    def post(self):
-        if not isinstance(current_user, Account):
-            raise ValueError("Invalid user account")
+        current_user, _ = current_account_with_tenant()
        parser = reqparse.RequestParser()
        parser.add_argument("avatar", type=str, required=True, location="json")
        args = parser.parse_args()
@@ -158,8 +151,7 @@ class AccountInterfaceLanguageApi(Resource):
    @account_initialization_required
    @marshal_with(account_fields)
    def post(self):
-        if not isinstance(current_user, Account):
-            raise ValueError("Invalid user account")
+        current_user, _ = current_account_with_tenant()
        parser = reqparse.RequestParser()
        parser.add_argument("interface_language", type=supported_language, required=True, location="json")
        args = parser.parse_args()
@@ -176,8 +168,7 @@ class AccountInterfaceThemeApi(Resource):
    @account_initialization_required
    @marshal_with(account_fields)
    def post(self):
-        if not isinstance(current_user, Account):
-            raise ValueError("Invalid user account")
+        current_user, _ = current_account_with_tenant()
        parser = reqparse.RequestParser()
        parser.add_argument("interface_theme", type=str, choices=["light", "dark"], required=True, location="json")
        args = parser.parse_args()
@@ -194,8 +185,7 @@ class AccountTimezoneApi(Resource):
    @account_initialization_required
    @marshal_with(account_fields)
    def post(self):
-        if not isinstance(current_user, Account):
-            raise ValueError("Invalid user account")
+        current_user, _ = current_account_with_tenant()
        parser = reqparse.RequestParser()
        parser.add_argument("timezone", type=str, required=True, location="json")
        args = parser.parse_args()
@@ -216,8 +206,7 @@ class AccountPasswordApi(Resource):
    @account_initialization_required
    @marshal_with(account_fields)
    def post(self):
-        if not isinstance(current_user, Account):
-            raise ValueError("Invalid user account")
+        current_user, _ = current_account_with_tenant()
        parser = reqparse.RequestParser()
        parser.add_argument("password", type=str, required=False, location="json")
        parser.add_argument("new_password", type=str, required=True, location="json")
@@ -253,9 +242,7 @@ class AccountIntegrateApi(Resource):
    @account_initialization_required
    @marshal_with(integrate_list_fields)
    def get(self):
-        if not isinstance(current_user, Account):
-            raise ValueError("Invalid user account")
-        account = current_user
+        account, _ = current_account_with_tenant()

        account_integrates = db.session.scalars(
            select(AccountIntegrate).where(AccountIntegrate.account_id == account.id)
@@ -298,9 +285,7 @@ class AccountDeleteVerifyApi(Resource):
    @login_required
    @account_initialization_required
    def get(self):
-        if not isinstance(current_user, Account):
-            raise ValueError("Invalid user account")
-        account = current_user
+        account, _ = current_account_with_tenant()

        token, code = AccountService.generate_account_deletion_verification_code(account)
        AccountService.send_account_deletion_verification_email(account, code)
@@ -314,9 +299,7 @@ class AccountDeleteApi(Resource):
    @login_required
    @account_initialization_required
    def post(self):
-        if not isinstance(current_user, Account):
-            raise ValueError("Invalid user account")
-        account = current_user
+        account, _ = current_account_with_tenant()

        parser = reqparse.RequestParser()
        parser.add_argument("token", type=str, required=True, location="json")
@@ -358,9 +341,7 @@ class EducationVerifyApi(Resource):
    @cloud_edition_billing_enabled
    @marshal_with(verify_fields)
    def get(self):
-        if not isinstance(current_user, Account):
-            raise ValueError("Invalid user account")
-        account = current_user
+        account, _ = current_account_with_tenant()

        return BillingService.EducationIdentity.verify(account.id, account.email)

@@ -380,9 +361,7 @@ class EducationApi(Resource):
    @only_edition_cloud
    @cloud_edition_billing_enabled
    def post(self):
-        if not isinstance(current_user, Account):
-            raise ValueError("Invalid user account")
-        account = current_user
+        account, _ = current_account_with_tenant()

        parser = reqparse.RequestParser()
        parser.add_argument("token", type=str, required=True, location="json")
@@ -399,9 +378,7 @@ class EducationApi(Resource):
    @cloud_edition_billing_enabled
    @marshal_with(status_fields)
    def get(self):
-        if not isinstance(current_user, Account):
-            raise ValueError("Invalid user account")
-        account = current_user
+        account, _ = current_account_with_tenant()

        res = BillingService.EducationIdentity.status(account.id)
        # convert expire_at to UTC timestamp from isoformat
@@ -441,6 +418,7 @@ class ChangeEmailSendEmailApi(Resource):
    @login_required
    @account_initialization_required
    def post(self):
+        current_user, _ = current_account_with_tenant()
        parser = reqparse.RequestParser()
        parser.add_argument("email", type=email, required=True, location="json")
        parser.add_argument("language", type=str, required=False, location="json")
@@ -467,8 +445,6 @@ class ChangeEmailSendEmailApi(Resource):
                raise InvalidTokenError()
            user_email = reset_data.get("email", "")

-            if not isinstance(current_user, Account):
-                raise ValueError("Invalid user account")
            if user_email != current_user.email:
                raise InvalidEmailError()
        else:
@@ -551,8 +527,7 @@ class ChangeEmailResetApi(Resource):
        AccountService.revoke_change_email_token(args["token"])

        old_email = reset_data.get("old_email", "")
-        if not isinstance(current_user, Account):
-            raise ValueError("Invalid user account")
+        current_user, _ = current_account_with_tenant()
        if current_user.email != old_email:
            raise AccountNotFound()

--- a/api/controllers/console/workspace/agent_providers.py
+++ b/api/controllers/console/workspace/agent_providers.py
@@ -3,8 +3,7 @@ from flask_restx import Resource, fields
 from controllers.console import api, console_ns
 from controllers.console.wraps import account_initialization_required, setup_required
 from core.model_runtime.utils.encoders import jsonable_encoder
-from libs.login import current_user, login_required
-from models.account import Account
+from libs.login import current_account_with_tenant, login_required
 from services.agent_service import AgentService


@@ -21,12 +20,11 @@ class AgentProviderListApi(Resource):
    @login_required
    @account_initialization_required
    def get(self):
-        assert isinstance(current_user, Account)
+        current_user, current_tenant_id = current_account_with_tenant()
        user = current_user
-        assert user.current_tenant_id is not None

        user_id = user.id
-        tenant_id = user.current_tenant_id
+        tenant_id = current_tenant_id

        return jsonable_encoder(AgentService.list_agent_providers(user_id, tenant_id))

@@ -45,9 +43,5 @@ class AgentProviderApi(Resource):
    @login_required
    @account_initialization_required
    def get(self, provider_name: str):
-        assert isinstance(current_user, Account)
-        user = current_user
-        assert user.current_tenant_id is not None
-        user_id = user.id
-        tenant_id = user.current_tenant_id
-        return jsonable_encoder(AgentService.get_agent_provider(user_id, tenant_id, provider_name))
+        current_user, current_tenant_id = current_account_with_tenant()
+        return jsonable_encoder(AgentService.get_agent_provider(current_user.id, current_tenant_id, provider_name))
--- a/api/controllers/console/workspace/load_balancing_config.py
+++ b/api/controllers/console/workspace/load_balancing_config.py
@@ -5,8 +5,8 @@ from controllers.console import console_ns
 from controllers.console.wraps import account_initialization_required, setup_required
 from core.model_runtime.entities.model_entities import ModelType
 from core.model_runtime.errors.validate import CredentialsValidateFailedError
-from libs.login import current_user, login_required
-from models.account import Account, TenantAccountRole
+from libs.login import current_account_with_tenant, login_required
+from models import TenantAccountRole
 from services.model_load_balancing_service import ModelLoadBalancingService


@@ -18,12 +18,11 @@ class LoadBalancingCredentialsValidateApi(Resource):
    @login_required
    @account_initialization_required
    def post(self, provider: str):
-        assert isinstance(current_user, Account)
+        current_user, current_tenant_id = current_account_with_tenant()
        if not TenantAccountRole.is_privileged_role(current_user.current_role):
            raise Forbidden()

-        tenant_id = current_user.current_tenant_id
-        assert tenant_id is not None
+        tenant_id = current_tenant_id

        parser = reqparse.RequestParser()
        parser.add_argument("model", type=str, required=True, nullable=False, location="json")
@@ -72,12 +71,11 @@ class LoadBalancingConfigCredentialsValidateApi(Resource):
    @login_required
    @account_initialization_required
    def post(self, provider: str, config_id: str):
-        assert isinstance(current_user, Account)
+        current_user, current_tenant_id = current_account_with_tenant()
        if not TenantAccountRole.is_privileged_role(current_user.current_role):
            raise Forbidden()

-        tenant_id = current_user.current_tenant_id
-        assert tenant_id is not None
+        tenant_id = current_tenant_id

        parser = reqparse.RequestParser()
        parser.add_argument("model", type=str, required=True, nullable=False, location="json")
--- a/api/controllers/console/workspace/workspace.py
+++ b/api/controllers/console/workspace/workspace.py
@@ -23,8 +23,8 @@ from controllers.console.wraps import (
 )
 from extensions.ext_database import db
 from libs.helper import TimestampField
-from libs.login import current_user, login_required
-from models.account import Account, Tenant, TenantStatus
+from libs.login import current_account_with_tenant, login_required
+from models.account import Tenant, TenantStatus
 from services.account_service import TenantService
 from services.feature_service import FeatureService
 from services.file_service import FileService
@@ -70,8 +70,7 @@ class TenantListApi(Resource):
    @login_required
    @account_initialization_required
    def get(self):
-        if not isinstance(current_user, Account):
-            raise ValueError("Invalid user account")
+        current_user, current_tenant_id = current_account_with_tenant()
        tenants = TenantService.get_join_tenants(current_user)
        tenant_dicts = []

@@ -85,7 +84,7 @@ class TenantListApi(Resource):
                "status": tenant.status,
                "created_at": tenant.created_at,
                "plan": features.billing.subscription.plan if features.billing.enabled else "sandbox",
-                "current": tenant.id == current_user.current_tenant_id if current_user.current_tenant_id else False,
+                "current": tenant.id == current_tenant_id if current_tenant_id else False,
            }

            tenant_dicts.append(tenant_dict)
@@ -130,8 +129,7 @@ class TenantApi(Resource):
        if request.path == "/info":
            logger.warning("Deprecated URL /info was used.")

-        if not isinstance(current_user, Account):
-            raise ValueError("Invalid user account")
+        current_user, _ = current_account_with_tenant()
        tenant = current_user.current_tenant
        if not tenant:
            raise ValueError("No current tenant")
@@ -155,8 +153,7 @@ class SwitchWorkspaceApi(Resource):
    @login_required
    @account_initialization_required
    def post(self):
-        if not isinstance(current_user, Account):
-            raise ValueError("Invalid user account")
+        current_user, _ = current_account_with_tenant()
        parser = reqparse.RequestParser()
        parser.add_argument("tenant_id", type=str, required=True, location="json")
        args = parser.parse_args()
@@ -181,16 +178,12 @@ class CustomConfigWorkspaceApi(Resource):
    @account_initialization_required
    @cloud_edition_billing_resource_check("workspace_custom")
    def post(self):
-        if not isinstance(current_user, Account):
-            raise ValueError("Invalid user account")
+        _, current_tenant_id = current_account_with_tenant()
        parser = reqparse.RequestParser()
        parser.add_argument("remove_webapp_brand", type=bool, location="json")
        parser.add_argument("replace_webapp_logo", type=str, location="json")
        args = parser.parse_args()
-
-        if not current_user.current_tenant_id:
-            raise ValueError("No current tenant")
-        tenant = db.get_or_404(Tenant, current_user.current_tenant_id)
+        tenant = db.get_or_404(Tenant, current_tenant_id)

        custom_config_dict = {
            "remove_webapp_brand": args["remove_webapp_brand"],
@@ -212,8 +205,7 @@ class WebappLogoWorkspaceApi(Resource):
    @account_initialization_required
    @cloud_edition_billing_resource_check("workspace_custom")
    def post(self):
-        if not isinstance(current_user, Account):
-            raise ValueError("Invalid user account")
+        current_user, _ = current_account_with_tenant()
        # check file
        if "file" not in request.files:
            raise NoFileUploadedError()
@@ -253,15 +245,14 @@ class WorkspaceInfoApi(Resource):
    @account_initialization_required
    # Change workspace name
    def post(self):
-        if not isinstance(current_user, Account):
-            raise ValueError("Invalid user account")
+        _, current_tenant_id = current_account_with_tenant()
        parser = reqparse.RequestParser()
        parser.add_argument("name", type=str, required=True, location="json")
        args = parser.parse_args()

-        if not current_user.current_tenant_id:
+        if not current_tenant_id:
            raise ValueError("No current tenant")
-        tenant = db.get_or_404(Tenant, current_user.current_tenant_id)
+        tenant = db.get_or_404(Tenant, current_tenant_id)
        tenant.name = args["name"]
        db.session.commit()