From 9e2b28c950f0fdf51d701dd069a118e9848b6d82 Mon Sep 17 00:00:00 2001 From: Xiyuan Chen <52963600+GareArc@users.noreply.github.com> Date: Fri, 13 Feb 2026 22:33:51 -0800 Subject: [PATCH 1/2] fix(app-copy): inherit web app permission from original app (#32322) --- api/controllers/console/app/app.py | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/api/controllers/console/app/app.py b/api/controllers/console/app/app.py index 91034f2d87..42901ab590 100644 --- a/api/controllers/console/app/app.py +++ b/api/controllers/console/app/app.py @@ -660,6 +660,19 @@ class AppCopyApi(Resource): ) session.commit() + # Inherit web app permission from original app + if result.app_id and FeatureService.get_system_features().webapp_auth.enabled: + try: + # Get the original app's access mode + original_settings = EnterpriseService.WebAppAuth.get_app_access_mode_by_id(app_model.id) + access_mode = original_settings.access_mode + except Exception: + # If original app has no settings (old app), default to public to match fallback behavior + access_mode = "public" + + # Apply the same access mode to the copied app + EnterpriseService.WebAppAuth.update_app_access_mode(result.app_id, access_mode) + stmt = select(App).where(App.id == result.app_id) app = session.scalar(stmt) From 23c75c7ec7c41f374040cfc132c15ced83314475 Mon Sep 17 00:00:00 2001 From: GareArc Date: Fri, 13 Feb 2026 23:29:05 -0800 Subject: [PATCH 2/2] fix: centralize access_mode validation and support sso_verified - Add ALLOWED_ACCESS_MODES constant to centralize valid access modes - Include 'sso_verified' in validation to fix app duplication errors - Update error message to dynamically list all allowed modes - Refactor for maintainability: single source of truth for access modes This fixes the issue where apps with access_mode='sso_verified' could not be duplicated because the validation in update_app_access_mode() was missing this mode, even though it was documented in WebAppSettings model. --- api/services/enterprise/enterprise_service.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/api/services/enterprise/enterprise_service.py b/api/services/enterprise/enterprise_service.py index a5133dfcb4..9930c6bf7c 100644 --- a/api/services/enterprise/enterprise_service.py +++ b/api/services/enterprise/enterprise_service.py @@ -4,6 +4,8 @@ from pydantic import BaseModel, Field from services.enterprise.base import EnterpriseRequest +ALLOWED_ACCESS_MODES = ["public", "private", "private_all", "sso_verified"] + class WebAppSettings(BaseModel): access_mode: str = Field( @@ -123,8 +125,8 @@ class EnterpriseService: def update_app_access_mode(cls, app_id: str, access_mode: str): if not app_id: raise ValueError("app_id must be provided.") - if access_mode not in ["public", "private", "private_all"]: - raise ValueError("access_mode must be either 'public', 'private', or 'private_all'") + if access_mode not in ALLOWED_ACCESS_MODES: + raise ValueError(f"access_mode must be one of: {', '.join(ALLOWED_ACCESS_MODES)}") data = {"appId": app_id, "accessMode": access_mode}