From 135e01930bf23cf114ad55730925cc0f459dd3b5 Mon Sep 17 00:00:00 2001
From: Asuka Minato <i@asukaminato.eu.org>
Date: Mon, 25 May 2026 20:31:40 +0900
Subject: [PATCH] chore: example of current user id dep injection (#36588)

Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
---
 api/controllers/console/datasets/external.py      | 11 ++++++++---
 api/controllers/console/wraps.py                  | 15 +++++++++++++--
 .../controllers/console/datasets/test_external.py |  6 +++---
 3 files changed, 24 insertions(+), 8 deletions(-)

diff --git a/api/controllers/console/datasets/external.py b/api/controllers/console/datasets/external.py
index d6cc176a39..71b3ab32ef 100644
--- a/api/controllers/console/datasets/external.py
+++ b/api/controllers/console/datasets/external.py
@@ -10,7 +10,12 @@ from controllers.common.fields import UsageCountResponse
 from controllers.common.schema import get_or_create_model, register_response_schema_models, register_schema_models
 from controllers.console import console_ns
 from controllers.console.datasets.error import DatasetNameDuplicateError
-from controllers.console.wraps import account_initialization_required, edit_permission_required, setup_required
+from controllers.console.wraps import (
+    account_initialization_required,
+    edit_permission_required,
+    setup_required,
+    with_current_tenant_id,
+)
 from fields.dataset_fields import (
     dataset_detail_fields,
     dataset_retrieval_model_fields,
@@ -126,9 +131,9 @@ class ExternalApiTemplateListApi(Resource):
     @console_ns.response(200, "External API templates retrieved successfully")
     @setup_required
     @login_required
+    @with_current_tenant_id
     @account_initialization_required
-    def get(self):
-        _, current_tenant_id = current_account_with_tenant()
+    def get(self, current_tenant_id: str):
         query = ExternalApiTemplateListQuery.model_validate(request.args.to_dict())
 
         external_knowledge_apis, total = ExternalDatasetService.get_external_knowledge_apis(
diff --git a/api/controllers/console/wraps.py b/api/controllers/console/wraps.py
index 8a38e3b6e0..f31aa33f16 100644
--- a/api/controllers/console/wraps.py
+++ b/api/controllers/console/wraps.py
@@ -4,6 +4,7 @@ import os
 import time
 from collections.abc import Callable
 from functools import wraps
+from typing import Concatenate
 
 from flask import abort, request
 from sqlalchemy import select
@@ -16,6 +17,7 @@ from extensions.ext_database import db
 from extensions.ext_redis import redis_client
 from libs.encryption import FieldEncryption
 from libs.login import current_account_with_tenant
+from models import Account
 from models.account import AccountStatus
 from models.dataset import RateLimitLog
 from models.model import DifySetup
@@ -303,7 +305,6 @@ def edit_permission_required[**P, R](f: Callable[P, R]) -> Callable[P, R]:
         from werkzeug.exceptions import Forbidden
 
         from libs.login import current_user
-        from models import Account
 
         user = current_user._get_current_object()  # type: ignore
         if not isinstance(user, Account):
@@ -321,7 +322,6 @@ def is_admin_or_owner_required[**P, R](f: Callable[P, R]) -> Callable[P, R]:
         from werkzeug.exceptions import Forbidden
 
         from libs.login import current_user
-        from models import Account
 
         user = current_user._get_current_object()
         if not isinstance(user, Account) or not user.is_admin_or_owner:
@@ -489,3 +489,14 @@ def decrypt_code_field[**P, R](view: Callable[P, R]) -> Callable[P, R]:
         return view(*args, **kwargs)
 
     return decorated
+
+
+def with_current_tenant_id[T, **P, R](
+    view: Callable[Concatenate[T, str, P], R],
+) -> Callable[Concatenate[T, P], R]:
+    @wraps(view)
+    def decorated(self: T, *args: P.args, **kwargs: P.kwargs) -> R:
+        _, current_tenant_id = current_account_with_tenant()
+        return view(self, current_tenant_id, *args, **kwargs)
+
+    return decorated
diff --git a/api/tests/unit_tests/controllers/console/datasets/test_external.py b/api/tests/unit_tests/controllers/console/datasets/test_external.py
index 186b379cbc..3ed65b1ffb 100644
--- a/api/tests/unit_tests/controllers/console/datasets/test_external.py
+++ b/api/tests/unit_tests/controllers/console/datasets/test_external.py
@@ -48,7 +48,7 @@ def current_user():
 
 
 @pytest.fixture(autouse=True)
-def mock_auth(monkeypatch, current_user):
+def mock_auth(monkeypatch: pytest.MonkeyPatch, current_user):
     monkeypatch.setattr(
         external_controller,
         "current_account_with_tenant",
@@ -72,7 +72,7 @@ class TestExternalApiTemplateListApi:
                 return_value=([api_item], 1),
             ),
         ):
-            resp, status = method(api)
+            resp, status = method(api, "id")
 
         assert status == 200
         assert resp["total"] == 1
@@ -323,7 +323,7 @@ class TestExternalApiTemplateListApiAdvanced:
                 return_value=(templates, 25),
             ),
         ):
-            resp, status = method(api)
+            resp, status = method(api, "id")
 
         assert status == 200
         assert resp["total"] == 25