From e0c6a7bae0c90bf4f052cbed50f218a1b362d110 Mon Sep 17 00:00:00 2001
From: fit2cloud-chenyw <yawen.chen@fit2cloud.com>
Date: Wed, 24 Dec 2025 15:26:35 +0800
Subject: [PATCH] perf: Optimize API permission validation

---
 backend/apps/system/api/aimodel.py     |  2 ++
 backend/apps/system/middleware/auth.py | 13 +++++++------
 2 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/backend/apps/system/api/aimodel.py b/backend/apps/system/api/aimodel.py
index 1b49c00d..defa3b20 100644
--- a/backend/apps/system/api/aimodel.py
+++ b/backend/apps/system/api/aimodel.py
@@ -18,6 +18,7 @@
 router = APIRouter(tags=["system_model"], prefix="/system/aimodel")
 
 @router.post("/status", include_in_schema=False)
+@require_permissions(permission=SqlbotPermission(role=['admin'])) 
 async def check_llm(info: AiModelCreator, trans: Trans):
     async def generate():
         try:
@@ -92,6 +93,7 @@ async def query(
     return items
 
 @router.get("/{id}", response_model=AiModelEditor, summary=f"{PLACEHOLDER_PREFIX}system_model_query", description=f"{PLACEHOLDER_PREFIX}system_model_query")
+@require_permissions(permission=SqlbotPermission(role=['admin'])) 
 async def get_model_by_id(
         session: SessionDep,
         id: int = Path(description="ID")
diff --git a/backend/apps/system/middleware/auth.py b/backend/apps/system/middleware/auth.py
index bdf88711..e7674152 100644
--- a/backend/apps/system/middleware/auth.py
+++ b/backend/apps/system/middleware/auth.py
@@ -205,6 +205,12 @@ async def validateEmbedded(self, param: str, trans: I18n) -> tuple[any]:
                 return False, f"Miss account payload error!"
             account = payload['account']
             with Session(engine) as session:
+                assistant_info = await get_assistant_info(session=session, assistant_id=embeddedId)
+                assistant_info = AssistantModel.model_validate(assistant_info)
+                payload = jwt.decode(
+                    param, assistant_info.app_secret, algorithms=[security.ALGORITHM]
+                )
+                assistant_info = AssistantHeader.model_validate(assistant_info.model_dump(exclude_unset=True))
                 """ session_user = await get_user_info(session = session, user_id = token_data.id)
                 session_user = UserInfoDTO.model_validate(session_user) """
                 session_user = get_user_by_account(session = session, account=account)
@@ -220,12 +226,7 @@ async def validateEmbedded(self, param: str, trans: I18n) -> tuple[any]:
                 if not session_user.oid or session_user.oid == 0:
                     message = trans('i18n_login.no_associated_ws', msg = trans('i18n_concat_admin'))
                     raise Exception(message)
-                assistant_info = await get_assistant_info(session=session, assistant_id=embeddedId)
-                assistant_info = AssistantModel.model_validate(assistant_info)
-                payload = jwt.decode(
-                    param, assistant_info.app_secret, algorithms=[security.ALGORITHM]
-                )
-                assistant_info = AssistantHeader.model_validate(assistant_info.model_dump(exclude_unset=True))
+                
                 return True, session_user, assistant_info
         except Exception as e:
             SQLBotLogUtil.exception(f"Embedded validation error: {str(e)}")