Allow owner and admin roles to access admin API endpoints

- Modified admin API authentication to accept OWNER and ADMIN roles in addition to END_ADMIN - This allows the same account to manage apps in Dify console and access admin statistics - Fixes 401 errors when accessing admin platform with owner account 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
11 months ago · 0d5949ba46
parent daa41fb0e1
commit 0d5949ba46
1 changed files with 7 additions and 2 deletions
--- a/api/controllers/admin/wraps.py
+++ b/api/controllers/admin/wraps.py
@ -43,8 +43,13 @@ def validate_admin_token_and_extract_info(view: Optional[Callable] = None):
                raise Unauthorized("Invalid token: user not found")
            if account.status != AccountStatus.ACTIVE:
                raise Unauthorized("Invalid token: account is not active")
-            if account.current_role != TenantAccountJoinRole.END_ADMIN.value:
-                raise Unauthorized("Invalid token: account is not end admin")
+            allowed_roles = [
+                TenantAccountJoinRole.END_ADMIN.value,
+                TenantAccountJoinRole.OWNER.value,
+                TenantAccountJoinRole.ADMIN.value
+            ]
+            if account.current_role not in allowed_roles:
+                raise Unauthorized("Invalid token: account does not have admin privileges")

            app_id = request.headers.get("X-App-Id")
            if not app_id: