efbdb4c706
fix(app-copy): inherit web app permission from original app
...
When copying an app, the copied app was not getting a web_app_settings
record created. This caused the enterprise service to query for settings
that don't exist, falling back to default behavior.
This fix ensures copied apps inherit the same access mode as the original:
- If original has explicit settings (public/private/private_all/sso_verified),
the copy gets the same setting
- If original has no settings (old apps), copy defaults to 'public' to match
the original's effective permission via fallback
This prevents permission mismatches between original and copied apps and
ensures the enterprise service has explicit settings to query.
Related: langgenius/dify-enterprise#423
2026-02-13 22:11:03 -08:00
08b8eff933
Merge remote-tracking branch 'origin/hotfix/1.12.1-fix.4' into release/e-1.12.1
2026-02-09 15:54:32 +08:00
990e8feee8
security: fix IDOR and privilege escalation in set_default_provider
...
- Add tenant_id verification to prevent IDOR attacks
- Add admin check for enterprise tenant-wide default changes
- Preserve non-enterprise behavior (users can set own defaults)
2026-02-06 13:32:18 +08:00
540e1db83c
perf(api): Optimize the response time of AppListApi endpoint ( #31999 )
2026-02-06 10:46:25 +08:00
f5d6c250ed
fix: "refactor: port api/controllers/console/tag/tags.py to ov3" ( #31887 )
...
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
2026-02-03 22:18:53 +08:00
b55c0ec4de
fix: revert "refactor: api/controllers/console/feature.py (test)" ( #31850 )
2026-02-03 12:26:47 +08:00
47f8de3f8e
refactor: port api/controllers/console/app/annotation.py api/controllers/console/explore/trial.py api/controllers/console/workspace/account.py api/controllers/console/workspace/members.py api/controllers/service_api/app/annotation.py to basemodel ( #31833 )
...
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com >
2026-02-03 09:59:00 +08:00
491fa9923b
refactor: port api/controllers/console/datasets/data_source.py /datasets/metadata.py /service_api/dataset/metadata.py /nodes/agent/agent_node.py api/core/workflow/nodes/datasource/datasource_node.py api/services/dataset_service.py to match case ( #31836 )
2026-02-02 21:03:16 +09:00
ce2c41bbf5
refactor: port api/controllers/console/datasets/datasets_document.py api/controllers/service_api/app/annotation.py api/core/app/app_config/easy_ui_based_app/agent/manager.py api/core/app/apps/pipeline/pipeline_generator.py api/core/workflow/nodes/knowledge_retrieval/knowledge_retrieval_node.py to match case ( #31832 )
2026-02-02 19:07:30 +09:00
920db69ef2
refactor: if to match ( #31799 )
2026-02-02 18:12:03 +09:00
ac222a4dd4
refactor: port api/controllers/console/app/audio.py api/controllers/console/app/message.py api/controllers/console/auth/data_source_oauth.py api/controllers/console/auth/forgot_password.py api/controllers/console/workspace/endpoint.py ( #30680 )
2026-02-02 18:03:07 +09:00
41177757e6
fix: summary index bug ( #31810 )
...
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: Jyong <76649700+JohnJyong@users.noreply.github.com >
Co-authored-by: zxhlyh <jasonapring2015@outlook.com >
Co-authored-by: Yansong Zhang <916125788@qq.com >
Co-authored-by: hj24 <mambahj24@gmail.com >
Co-authored-by: CodingOnStar <hanxujiang@dify.ai >
Co-authored-by: CodingOnStar <hanxujiang@dify.com >
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
2026-02-02 09:45:17 +08:00
3216b67bfa
refactor: examples of use match case ( #31312 )
...
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
2026-02-01 19:25:54 +09:00
7828508b30
refactor: remove all reqparser ( #29289 )
...
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com >
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Co-authored-by: Stephen Zhou <38493346+hyoban@users.noreply.github.com >
2026-02-01 13:43:14 +09:00
a433d5ed36
refactor: port api/controllers/console/tag/tags.py to ov3 ( #31767 )
...
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com >
2026-01-30 22:40:14 +09:00
b58d9e030a
refactor: init_validate.py to v3 ( #31457 )
2026-01-30 22:39:02 +09:00
90fe9abab7
revert: revert human input relevant code ( #31766 )
...
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
2026-01-30 19:18:49 +08:00
ba568a634d
refactor: api/controllers/console/remote_files.py to ov3 ( #31466 )
...
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
2026-01-30 19:32:20 +09:00
f33d99ea01
refactor: api/controllers/console/feature.py (test) ( #31562 )
...
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
2026-01-30 19:22:01 +09:00
89abea26f9
refactor: rm some dict api/controllers/console/app/generator.py api/core/llm_generator/llm_generator.py ( #31709 )
...
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
2026-01-30 17:37:20 +09:00
03e3acfc71
feat(api): Human Input Node (backend part) ( #31646 )
...
The backend part of the human in the loop (HITL) feature and relevant architecture / workflow engine changes.
Signed-off-by: yihong0618 <zouzou0208@gmail.com >
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: -LAN- <laipz8200@outlook.com >
Co-authored-by: 盐粒 Yanli <yanli@dify.ai >
Co-authored-by: CrabSAMA <40541269+CrabSAMA@users.noreply.github.com >
Co-authored-by: Stephen Zhou <38493346+hyoban@users.noreply.github.com >
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com >
Co-authored-by: yihong <zouzou0208@gmail.com >
Co-authored-by: Joel <iamjoel007@gmail.com >
2026-01-30 10:18:49 +08:00
3bcfb4031a
refactor: ExporleBanner to TypeBase ( #31698 )
2026-01-29 15:34:14 +09:00
c2473d85dc
feat: Add summary index for knowledge. ( #31625 )
...
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: Jyong <76649700+JohnJyong@users.noreply.github.com >
Co-authored-by: zxhlyh <jasonapring2015@outlook.com >
Co-authored-by: Yansong Zhang <916125788@qq.com >
Co-authored-by: hj24 <mambahj24@gmail.com >
Co-authored-by: CodingOnStar <hanxujiang@dify.ai >
Co-authored-by: CodingOnStar <hanxujiang@dify.com >
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
2026-01-29 13:47:35 +08:00
8ec4233611
fix: doc not gen bug ( #31547 )
...
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: Stephen Zhou <38493346+hyoban@users.noreply.github.com >
2026-01-27 20:19:39 +09:00
e482588ef8
fix: ConsoleDatasetListQuery request.args.to_dict() ( #31598 )
2026-01-27 17:12:52 +09:00
f6be9cd90d
refactor: replace request.args.get with Pydantic BaseModel validation ( #31104 )
...
Co-authored-by: GlobalStar117 <GlobalStar117@users.noreply.github.com >
Co-authored-by: Asuka Minato <i@asukaminato.eu.org >
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
2026-01-27 10:48:42 +08:00
eba5eac3fa
refactor: api/controllers/console/setup.py to ov3 ( #31465 )
...
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
2026-01-26 15:04:33 +08:00
19008dce13
refactor: api/controllers/console/version.py to v3 ( #31463 )
...
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
2026-01-26 15:04:25 +08:00
b9f1d65d4f
refactor: example of refine dict / Mapping ( #31498 )
2026-01-26 10:23:38 +08:00
1f8c730259
feat: optimize http status code ( #31430 )
2026-01-24 10:16:16 +08:00
8d45755303
feat: init fastopenapi ( #30453 )
...
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
2026-01-23 21:07:52 +09:00
fa92548cf6
feat: archive workflow run logs backend ( #31310 )
...
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
2026-01-23 13:11:56 +08:00
b3a869b91b
refactor: optimize system features response payload for unauthenticated clients ( #31392 )
...
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: QuantumGhost <obelisk.reg+git@gmail.com >
2026-01-23 12:12:11 +08:00
61f8647f37
docs(api): mark SystemFeatureApi as unauthenticated by design ( #31417 )
...
The `/console/api/system-features` is required for the dashboard initialization. Authentication would create circular dependency (can't login without dashboard loading).
ref: CVE-2025-63387
Related: #31368
2026-01-22 22:33:59 +08:00
515002a8ba
feat: app trial ( #26281 )
...
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: hj24 <mambahj24@gmail.com >
2026-01-22 15:42:54 +08:00
62ac02a568
feat: Download the uploaded files ( #31068 )
...
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: Cursor Agent <cursoragent@cursor.com >
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com >
2026-01-19 16:48:13 +08:00
88780c7eb7
fix: Revert "fix: fix create app xss issue" ( #31219 )
2026-01-19 16:07:24 +08:00
72ce6ca437
feat: implement workspace permission checks for member invitations an… ( #31202 )
2026-01-18 19:35:50 -08:00
1a9fdd9a65
refactor: migrate tag list API query parameters to Pydantic ( #31097 )
...
Co-authored-by: fghpdf <fghpdf@users.noreply.github.com >
2026-01-16 17:49:52 +08:00
5008f5e89b
fix: Use raw SQL UPDATE to set read status without triggering updated… ( #31015 )
2026-01-15 09:51:44 +08:00
5bf4114d6f
fix: increase name length limit in ExternalDatasetCreatePayload ( #31000 )
...
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: Asuka Minato <i@asukaminato.eu.org >
2026-01-14 22:13:53 +09:00
87f348a0de
feat: change param to pydantic model ( #30870 )
2026-01-14 09:46:41 +08:00
491e1fd6a4
chore: case insensitive email ( #29978 )
...
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: -LAN- <laipz8200@outlook.com >
2026-01-13 15:42:44 +08:00
fe0802262c
feat: credit pool ( #30720 )
...
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
2026-01-08 13:17:30 +08:00
885f226f77
refactor: split changes for api/controllers/console/workspace/trigger… ( #30627 )
...
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
2026-01-07 21:18:02 +08:00
4f0fb6df2b
chore: use from __future__ import annotations ( #30254 )
...
Co-authored-by: Dev <dev@Devs-MacBook-Pro-4.local >
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: Asuka Minato <i@asukaminato.eu.org >
Co-authored-by: crazywoola <100913391+crazywoola@users.noreply.github.com >
2026-01-06 23:57:20 +09:00
0294555893
refactor: port api/fields/file_fields.py ( #30638 )
2026-01-06 22:55:58 +08:00
55de731f9c
refactor(api): clarify published RAG pipeline invoke naming ( #30644 )
2026-01-06 23:48:06 +09:00
f3ca8be9f9
refactor: clean type: ignore comments in login.py and template_transformer.py ( #30510 )
...
Signed-off-by: majiayu000 <1835304752@qq.com >
2026-01-06 14:33:27 +08:00
f320fd5f95
refactor: port controllers/console/app/app.py ( #30522 )
...
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
2026-01-06 10:12:52 +08:00
