Feat/webapp verified sso 260 (#20496)

2026-05-03 00:48:04 +08:00 · 2025-06-05 16:00:37 +09:00
parent 1357999a4c
commit 05903e3251
13 changed files with 447 additions and 83 deletions
--- a/api/controllers/web/app.py
+++ b/api/controllers/web/app.py
@ -11,6 +11,7 @@ from libs.passport import PassportService
 from models.model import App, AppMode
 from services.app_service import AppService
 from services.enterprise.enterprise_service import EnterpriseService
+from services.webapp_auth_service import WebAppAuthService


 class AppParameterApi(WebApiResource):
@ -49,10 +50,18 @@ class AppMeta(WebApiResource):
 class AppAccessMode(Resource):
    def get(self):
        parser = reqparse.RequestParser()
-        parser.add_argument("appId", type=str, required=True, location="args")
+        parser.add_argument("appId", type=str, required=False, location="args")
+        parser.add_argument("appCode", type=str, required=False, location="args")
        args = parser.parse_args()

-        app_id = args["appId"]
+        app_id = args.get("appId")
+        if args.get("appCode"):
+            app_code = args["appCode"]
+            app_id = AppService.get_app_id_by_code(app_code)
+
+        if not app_id:
+            raise ValueError("appId or appCode must be provided")
+
        res = EnterpriseService.WebAppAuth.get_app_access_mode_by_id(app_id)

        return {"accessMode": res.access_mode}
@ -85,7 +94,9 @@ class AppWebAuthPermission(Resource):
        app_id = args["appId"]
        app_code = AppService.get_app_code_by_id(app_id)

-        res = EnterpriseService.WebAppAuth.is_user_allowed_to_access_webapp(str(user_id), app_code)
+        res = True
+        if WebAppAuthService.is_app_require_permission_check(app_id=app_id):
+            res = EnterpriseService.WebAppAuth.is_user_allowed_to_access_webapp(str(user_id), app_code)
        return {"result": res}