Fix agent permission issue (#14597)

### What problem does this PR solve? Fix agent permission issue. ### Type of change - [x] Bug Fix (non-breaking change which fixes an issue)
2026-06-29 23:41:12 +08:00 · 2026-05-06 20:17:36 +08:00
parent 04c5f1b3b6
commit 67e1de50ab
1 changed files with 4 additions and 4 deletions
--- a/api/apps/restful_apis/agent_api.py
+++ b/api/apps/restful_apis/agent_api.py
@@ -433,7 +433,7 @@ def get_agent_component_input_form(agent_id, component_id, tenant_id):
        exists, user_canvas = UserCanvasService.get_by_id(agent_id)
        if not exists:
            return get_data_error_result(message="canvas not found.")
-        if not UserCanvasService.query(user_id=tenant_id, id=agent_id):
+        if not UserCanvasService.accessible(agent_id, tenant_id):
            return get_json_result(
                data=False,
                message="Only owner of canvas authorized for this operation.",
@@ -594,7 +594,7 @@ def get_agent_logs(agent_id, message_id, tenant_id):
@login_required
@add_tenant_id_to_kwargs
 def delete_agent(agent_id, tenant_id):
-    if not UserCanvasService.query(user_id=tenant_id, id=agent_id):
+    if not UserCanvasService.accessible(agent_id, tenant_id):
        return get_json_result(
            data=False,
            message="Only owner of canvas authorized for this operation.",
@@ -626,7 +626,7 @@ async def update_agent(agent_id, tenant_id):
    if req.get("title") is not None:
        req["title"] = req["title"].strip()

-    if not UserCanvasService.query(user_id=tenant_id, id=agent_id):
+    if not UserCanvasService.accessible(agent_id, tenant_id):
        return get_json_result(
            data=False,
            message="Only owner of canvas authorized for this operation.",
@@ -935,7 +935,7 @@ async def agent_chat_completion(tenant_id, agent_id=None):
        runtime_user_id = req.get("user_id") or tenant_id
        user_id = str(runtime_user_id)
        custom_header = req.get("custom_header", "")
-        if not await thread_pool_exec(UserCanvasService.accessible, agent_id, tenant_id):
+        if not UserCanvasService.accessible(agent_id, tenant_id):
            return get_json_result(
                data=False,
                message="Only owner of canvas authorized for this operation.",