opensource
/
dify
mirror of https://github.com/langgenius/dify.git
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
dify/api/controllers/console/app
History
QuantumGhost 874406d934
security(api): fix privilege escalation vulnerability in model config and chat message APIs (#25518) 
The `ChatMessageApi` (`POST /console/api/apps/{app_id}/chat-messages`) and 
`ModelConfigResource` (`POST /console/api/apps/{app_id}/model-config`) 
endpoints do not properly validate user permissions, allowing users without `editor` 
permission to access restricted functionality.

This PR addresses this issue by adding proper permission check.
 		2025-09-11 14:53:35 +08:00
..
__init__.py FEAT: NEW WORKFLOW ENGINE (#3160) 2024-04-08 18:51:46 +08:00
advanced_prompt_template.py try flask_restful -> flask_restx (#24310) 2025-08-24 13:45:47 +08:00
agent.py try flask_restful -> flask_restx (#24310) 2025-08-24 13:45:47 +08:00
annotation.py try flask_restful -> flask_restx (#24310) 2025-08-24 13:45:47 +08:00
app.py Fix basedpyright type errors (#25435) 2025-09-10 01:54:26 +08:00
app_import.py try flask_restful -> flask_restx (#24310) 2025-08-24 13:45:47 +08:00
audio.py Fix basedpyright type errors (#25435) 2025-09-10 01:54:26 +08:00
completion.py security(api): fix privilege escalation vulnerability in model config and chat message APIs (#25518) 2025-09-11 14:53:35 +08:00
conversation.py Fix basedpyright type errors (#25435) 2025-09-10 01:54:26 +08:00
conversation_variables.py try flask_restful -> flask_restx (#24310) 2025-08-24 13:45:47 +08:00
error.py Restructure the File errors in controller (#23801) 2025-08-13 17:06:07 +08:00
generator.py remove bare list, dict, Sequence, None, Any (#25058) 2025-09-06 03:32:23 +08:00
mcp_server.py try flask_restful -> flask_restx (#24310) 2025-08-24 13:45:47 +08:00
message.py security(api): fix privilege escalation vulnerability in model config and chat message APIs (#25518) 2025-09-11 14:53:35 +08:00
model_config.py security(api): fix privilege escalation vulnerability in model config and chat message APIs (#25518) 2025-09-11 14:53:35 +08:00
ops_trace.py try flask_restful -> flask_restx (#24310) 2025-08-24 13:45:47 +08:00
site.py Fix basedpyright type errors (#25435) 2025-09-10 01:54:26 +08:00
statistic.py Fix basedpyright type errors (#25435) 2025-09-10 01:54:26 +08:00
workflow.py security(api): fix privilege escalation vulnerability in model config and chat message APIs (#25518) 2025-09-11 14:53:35 +08:00
workflow_app_log.py fix: workflow log status filter add parial success status (#24977) 2025-09-02 16:24:03 +08:00
workflow_draft_variable.py security(api): fix privilege escalation vulnerability in model config and chat message APIs (#25518) 2025-09-11 14:53:35 +08:00
workflow_run.py try flask_restful -> flask_restx (#24310) 2025-08-24 13:45:47 +08:00
workflow_statistic.py Fix basedpyright type errors (#25435) 2025-09-10 01:54:26 +08:00
wraps.py add typing to all wraps (#25405) 2025-09-09 16:48:33 +08:00