Commit Graph

3 Commits

Author SHA1 Message Date
5b69467267 fix(api): enforce workspace membership + role checks in auth pipeline
Move workspace_id ownership validation from handler-level decorators into
the OpenAPI auth pipeline. guard_workspace() sets workspace_membership and
allowed_roles on RequestContext; pipeline steps load the tenant, verify
membership via TenantAccountJoin, check workspace_id mismatch, and gate
on role — all before the handler runs. Covers CE/EE/SaaS editions.

Migrates apps.py and workspaces.py endpoints; replaces the ad-hoc
require_workspace_role decorator with pipeline-native enforcement.
2026-06-01 23:06:00 -07:00
d2788d7aba feat(openapi): redesign auth pipeline with per-token-type routing (#36693)
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
2026-05-27 12:45:30 +00:00
a728e0ac69 feat: adding dify cli (#36348)
Co-authored-by: GareArc <garethcxy@dify.ai>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: L1nSn0w <l1nsn0w@qq.com>
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Co-authored-by: gigglewang <gigglewang@dify.ai>
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Co-authored-by: Xiyuan Chen <52963600+GareArc@users.noreply.github.com>
2026-05-26 01:12:36 +00:00