Fix: Config admin file upload now correctly checks request.state.user_id
The bug was that the upload handler was checking request.session.get('user_id') directly instead of using the proper authenticated user_id from request.state. When API authentication was also active, the middleware would set request.state.user_id which was being ignored.
Now correctly uses:
current_user_id = getattr(request.state, 'user_id', request.session.get('user_id'))
This respects both session authentication and API authentication state while properly identifying the config admin from aisbf.json who has no user_id.
Showing
Please
register
or
sign in
to comment