From a0cfdb40d5d884faf08a4d824a3d5d4225af855c Mon Sep 17 00:00:00 2001
From: -LAN- <laipz8200@outlook.com>
Date: Thu, 10 Jul 2025 14:37:37 +0800
Subject: [PATCH] docs(api_workflow_node_execution_repository): Add notice
 about datat isolation

Signed-off-by: -LAN- <laipz8200@outlook.com>
---
 api/repositories/api_workflow_node_execution_repository.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/api/repositories/api_workflow_node_execution_repository.py b/api/repositories/api_workflow_node_execution_repository.py
index 94b4012da9..3ca4b3e27e 100644
--- a/api/repositories/api_workflow_node_execution_repository.py
+++ b/api/repositories/api_workflow_node_execution_repository.py
@@ -95,6 +95,10 @@ class DifyAPIWorkflowNodeExecutionRepository(WorkflowNodeExecutionRepository, Pr
         This method retrieves a specific execution by its unique identifier.
         Tenant filtering is optional for cases where the execution ID is globally unique.
 
+        When `tenant_id` is None, it's the caller's responsibility to ensure proper data isolation between tenants.
+        If the `execution_id` comes from untrusted sources (e.g., retrieved from an API request), the caller should 
+        set `tenant_id` to prevent horizontal privilege escalation.
+
         Args:
             execution_id: The execution identifier
             tenant_id: Optional tenant identifier for additional filtering