feat(trigger): enhance user role validation and add request logs API for trigger providers

- Updated user role validation in PluginTriggerApi and WebhookTriggerApi to assert current_user as an Account and check tenant ID. - Introduced TriggerSubscriptionBuilderRequestLogsApi to retrieve request logs for subscription instances, ensuring proper user authentication and error handling. - Added new API endpoint for accessing request logs related to trigger providers. 🤖 Generated with [Claude Code](https://claude.ai/code)
2025-09-04 14:44:02 +08:00 · 2025-09-04 14:44:02 +08:00 · f60e28d2f5
parent a62d7aa3ee
commit f60e28d2f5
2 changed files with 35 additions and 7 deletions
--- a/api/controllers/console/app/workflow_trigger.py
+++ b/api/controllers/console/app/workflow_trigger.py
@ -13,7 +13,7 @@ from controllers.console.wraps import account_initialization_required, setup_req
 from extensions.ext_database import db
 from fields.workflow_trigger_fields import trigger_fields, triggers_list_fields, webhook_trigger_fields
 from libs.login import current_user, login_required
-from models.model import AppMode
+from models.model import Account, AppMode
 from models.workflow import AppTrigger, AppTriggerStatus, WorkflowWebhookTrigger

 logger = logging.getLogger(__name__)
@ -37,7 +37,8 @@ class PluginTriggerApi(Resource):
        parser.add_argument("subscription_id", type=str, required=True, help="Subscription ID is required")
        args = parser.parse_args()

-        # The role of the current user in the ta table must be admin, owner, or editor
+        assert isinstance(current_user, Account)
+        assert current_user.current_tenant_id is not None
        if not current_user.is_editor:
            raise Forbidden()

@ -82,7 +83,8 @@ class PluginTriggerApi(Resource):
        parser.add_argument("subscription_id", type=str, required=False, help="Subscription ID")
        args = parser.parse_args()

-        # The role of the current user in the ta table must be admin, owner, or editor
+        assert isinstance(current_user, Account)
+        assert current_user.current_tenant_id is not None
        if not current_user.is_editor:
            raise Forbidden()

@ -106,7 +108,8 @@ class PluginTriggerApi(Resource):
        parser.add_argument("node_id", type=str, required=True, help="Node ID is required")
        args = parser.parse_args()

-        # The role of the current user in the ta table must be admin, owner, or editor
+        assert isinstance(current_user, Account)
+        assert current_user.current_tenant_id is not None
        if not current_user.is_editor:
            raise Forbidden()

@ -140,7 +143,8 @@ class WebhookTriggerApi(Resource):
        )
        args = parser.parse_args()

-        # The role of the current user in the ta table must be admin, owner, or editor
+        assert isinstance(current_user, Account)
+        assert current_user.current_tenant_id is not None
        if not current_user.is_editor:
            raise Forbidden()

@ -203,7 +207,8 @@ class WebhookTriggerApi(Resource):
        )
        args = parser.parse_args()

-        # The role of the current user in the ta table must be admin, owner, or editor
+        assert isinstance(current_user, Account)
+        assert current_user.current_tenant_id is not None
        if not current_user.is_editor:
            raise Forbidden()

@ -295,7 +300,8 @@ class AppTriggerEnableApi(Resource):
        parser.add_argument("enable_trigger", type=bool, required=True, nullable=False, location="json")
        args = parser.parse_args()

-        # The role of the current user must be admin, owner, or editor
+        assert isinstance(current_user, Account)
+        assert current_user.current_tenant_id is not None
        if not current_user.is_editor:
            raise Forbidden()

--- a/api/controllers/console/workspace/trigger_providers.py
+++ b/api/controllers/console/workspace/trigger_providers.py
@ -154,6 +154,24 @@ class TriggerSubscriptionBuilderUpdateApi(Resource):
            raise


+class TriggerSubscriptionBuilderRequestLogsApi(Resource):
+
+    @setup_required
+    @login_required
+    @account_initialization_required
+    def get(self, provider, subscription_builder_id):
+        """Get the request logs for a subscription instance for a trigger provider"""
+        user = current_user
+        assert isinstance(user, Account)
+        assert user.current_tenant_id is not None
+
+        try:
+            return jsonable_encoder(TriggerSubscriptionBuilderService.list_request_logs(subscription_builder_id))
+        except Exception as e:
+            logger.exception("Error getting request logs for provider credential", exc_info=e)
+            raise
+
+
 class TriggerSubscriptionBuilderBuildApi(Resource):
    @setup_required
    @login_required
@ -476,6 +494,10 @@ api.add_resource(
    TriggerSubscriptionBuilderBuildApi,
    "/workspaces/current/trigger-provider/<path:provider>/subscriptions/builder/build/<path:subscription_builder_id>",
 )
+api.add_resource(
+    TriggerSubscriptionBuilderRequestLogsApi,
+    "/workspaces/current/trigger-provider/<path:provider>/subscriptions/builder/request-logs/<path:subscription_builder_id>",
+)


 # OAuth