mirror of
https://github.com/langgenius/dify.git
synced 2026-05-09 04:36:31 +08:00
a07b32274a
GET /openapi/v1/workspaces lists tenants the bearer's account is a member of. GET /openapi/v1/workspaces/<id> returns one workspace detail, member-gated (404 on non-member, never 403, so workspace IDs don't leak across tenants). Bearer-authed via @validate_bearer(accept=ACCEPT_USER_ANY). External SSO bearers (no account_id) get an empty list / 404 — same posture as GET /openapi/v1/account. Cookie-authed /console/api/workspaces stays in console for the dashboard SPA — different consumer, different auth model. No legacy /v1/ remount this phase. Plan: docs/superpowers/plans/2026-04-26-openapi-migration.md (in difyctl repo).
58 lines
2.0 KiB
Python
58 lines
2.0 KiB
Python
"""Phase E step 17: workspace reads at /openapi/v1/workspaces. Bearer-authed
|
|
list + member-gated detail. No legacy /v1/ equivalent — the cookie-authed
|
|
/console/api/workspaces is a separate consumer that stays in console.
|
|
"""
|
|
import builtins
|
|
|
|
import pytest
|
|
from flask import Flask
|
|
from flask.views import MethodView
|
|
|
|
from controllers.openapi import bp as openapi_bp
|
|
from controllers.openapi.workspaces import WorkspaceByIdApi, WorkspacesApi
|
|
|
|
if not hasattr(builtins, "MethodView"):
|
|
builtins.MethodView = MethodView # type: ignore[attr-defined]
|
|
|
|
|
|
@pytest.fixture
|
|
def openapi_app() -> Flask:
|
|
app = Flask(__name__)
|
|
app.config["TESTING"] = True
|
|
app.register_blueprint(openapi_bp)
|
|
return app
|
|
|
|
|
|
def _rule(app: Flask, path: str):
|
|
return next(r for r in app.url_map.iter_rules() if r.rule == path)
|
|
|
|
|
|
def test_workspaces_list_route_registered(openapi_app: Flask):
|
|
rules = {r.rule for r in openapi_app.url_map.iter_rules()}
|
|
assert "/openapi/v1/workspaces" in rules
|
|
|
|
|
|
def test_workspaces_list_dispatches_to_workspaces_api(openapi_app: Flask):
|
|
rule = _rule(openapi_app, "/openapi/v1/workspaces")
|
|
assert openapi_app.view_functions[rule.endpoint].view_class is WorkspacesApi
|
|
assert "GET" in rule.methods
|
|
|
|
|
|
def test_workspace_by_id_route_registered(openapi_app: Flask):
|
|
rules = {r.rule for r in openapi_app.url_map.iter_rules()}
|
|
assert "/openapi/v1/workspaces/<string:workspace_id>" in rules
|
|
|
|
|
|
def test_workspace_by_id_dispatches_to_correct_class(openapi_app: Flask):
|
|
rule = _rule(openapi_app, "/openapi/v1/workspaces/<string:workspace_id>")
|
|
assert openapi_app.view_functions[rule.endpoint].view_class is WorkspaceByIdApi
|
|
assert "GET" in rule.methods
|
|
|
|
|
|
def test_console_legacy_workspaces_route_not_remounted_on_openapi(openapi_app: Flask):
|
|
"""Phase E only adds the bearer-authed mounts on /openapi/v1/.
|
|
The cookie-authed /console/api/workspaces stays where it is.
|
|
"""
|
|
rules = {r.rule for r in openapi_app.url_map.iter_rules()}
|
|
assert "/console/api/workspaces" not in rules
|