From 467a1f4063f56ec0466a6df609cae661d7553560 Mon Sep 17 00:00:00 2001
From: GareArc <chen4851@purdue.edu>
Date: Mon, 26 May 2025 12:09:30 +0800
Subject: [PATCH] feat: bypass sso_verified apps

---
 api/controllers/console/explore/installed_app.py | 4 ++++
 api/services/enterprise/enterprise_service.py    | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/api/controllers/console/explore/installed_app.py b/api/controllers/console/explore/installed_app.py
index f73a226c89..8ac7f59de2 100644
--- a/api/controllers/console/explore/installed_app.py
+++ b/api/controllers/console/explore/installed_app.py
@@ -59,7 +59,11 @@ class InstalledAppsListApi(Resource):
         if FeatureService.get_system_features().webapp_auth.enabled:
             user_id = current_user.id
             res = []
+            app_ids = [installed_app["app"].id for installed_app in installed_app_list]
+            access_modes = EnterpriseService.WebAppAuth.batch_get_app_access_mode_by_id(app_ids)
             for installed_app in installed_app_list:
+                if access_modes.get(installed_app["app"].id).access_mode == "sso_verified":
+                    continue
                 app_code = AppService.get_app_code_by_id(str(installed_app["app"].id))
                 if EnterpriseService.WebAppAuth.is_user_allowed_to_access_webapp(
                     user_id=user_id,
diff --git a/api/services/enterprise/enterprise_service.py b/api/services/enterprise/enterprise_service.py
index 1be78d2e62..a452b5ff5a 100644
--- a/api/services/enterprise/enterprise_service.py
+++ b/api/services/enterprise/enterprise_service.py
@@ -5,7 +5,7 @@ from services.enterprise.base import EnterpriseRequest
 
 class WebAppSettings(BaseModel):
     access_mode: str = Field(
-        description="Access mode for the web app. Can be 'public' or 'private'",
+        description="Access mode for the web app. Can be 'public', 'private', 'private_all', 'sso_verified'",
         default="private",
         alias="accessMode",
     )