From 75d3ef3221c007c219fb8b2fa9c620b29e4cf378 Mon Sep 17 00:00:00 2001
From: samzong <samzong.lu@gmail.com>
Date: Wed, 11 Mar 2026 12:38:22 +0800
Subject: [PATCH 1/3] fix: scope datasource binding updates to current tenant

Signed-off-by: samzong <samzong.lu@gmail.com>
---
 .../console/datasets/data_source.py           |  3 ++-
 .../console/datasets/test_data_source.py      | 23 +++++++++++++++++++
 2 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/api/controllers/console/datasets/data_source.py b/api/controllers/console/datasets/data_source.py
index daef4e005a..5322f8f41f 100644
--- a/api/controllers/console/datasets/data_source.py
+++ b/api/controllers/console/datasets/data_source.py
@@ -158,10 +158,11 @@ class DataSourceApi(Resource):
     @login_required
     @account_initialization_required
     def patch(self, binding_id, action: Literal["enable", "disable"]):
+        _, current_tenant_id = current_account_with_tenant()
         binding_id = str(binding_id)
         with Session(db.engine) as session:
             data_source_binding = session.execute(
-                select(DataSourceOauthBinding).filter_by(id=binding_id)
+                select(DataSourceOauthBinding).filter_by(id=binding_id, tenant_id=current_tenant_id)
             ).scalar_one_or_none()
         if data_source_binding is None:
             raise NotFound("Data source binding not found.")
diff --git a/api/tests/unit_tests/controllers/console/datasets/test_data_source.py b/api/tests/unit_tests/controllers/console/datasets/test_data_source.py
index 3060062adf..704c036ce8 100644
--- a/api/tests/unit_tests/controllers/console/datasets/test_data_source.py
+++ b/api/tests/unit_tests/controllers/console/datasets/test_data_source.py
@@ -142,6 +142,29 @@ class TestDataSourceApi:
             with pytest.raises(NotFound):
                 method(api, "b1", "enable")
 
+    def test_patch_binding_scoped_to_current_tenant(self, app, patch_tenant, mock_engine):
+        api = DataSourceApi()
+        method = unwrap(api.patch)
+
+        binding = MagicMock(id="b1", disabled=True)
+
+        with (
+            app.test_request_context("/"),
+            patch("controllers.console.datasets.data_source.Session") as mock_session_class,
+            patch("controllers.console.datasets.data_source.db.session.add"),
+            patch("controllers.console.datasets.data_source.db.session.commit"),
+        ):
+            mock_session = MagicMock()
+            mock_session_class.return_value.__enter__.return_value = mock_session
+            mock_session.execute.return_value.scalar_one_or_none.return_value = binding
+
+            method(api, "b1", "enable")
+
+        statement = mock_session.execute.call_args.args[0]
+        compiled = str(statement)
+        assert "tenant_id" in compiled
+        assert "id" in compiled
+
     def test_patch_enable_already_enabled(self, app, patch_tenant, mock_engine):
         api = DataSourceApi()
         method = unwrap(api.patch)

From 4494caeaff4168d41d0cc39a250965d9e18db636 Mon Sep 17 00:00:00 2001
From: samzong <samzong.lu@gmail.com>
Date: Wed, 11 Mar 2026 12:46:33 +0800
Subject: [PATCH 2/3] test: assert datasource tenant scope in where clause

Signed-off-by: samzong <samzong.lu@gmail.com>
---
 .../controllers/console/datasets/test_data_source.py      | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/api/tests/unit_tests/controllers/console/datasets/test_data_source.py b/api/tests/unit_tests/controllers/console/datasets/test_data_source.py
index 704c036ce8..addd16287e 100644
--- a/api/tests/unit_tests/controllers/console/datasets/test_data_source.py
+++ b/api/tests/unit_tests/controllers/console/datasets/test_data_source.py
@@ -161,9 +161,11 @@ class TestDataSourceApi:
             method(api, "b1", "enable")
 
         statement = mock_session.execute.call_args.args[0]
-        compiled = str(statement)
-        assert "tenant_id" in compiled
-        assert "id" in compiled
+        where_clause = getattr(statement, "whereclause", None)
+        assert where_clause is not None
+        compiled_where = str(where_clause)
+        assert "tenant_id" in compiled_where
+        assert "id" in compiled_where
 
     def test_patch_enable_already_enabled(self, app, patch_tenant, mock_engine):
         api = DataSourceApi()

From c78b9e0573a3080709172793ff18d1ffe608db97 Mon Sep 17 00:00:00 2001
From: samzong <samzong.lu@gmail.com>
Date: Thu, 12 Mar 2026 13:05:06 +0800
Subject: [PATCH 3/3] test: tighten tenant scoping assertion to use
 fully-qualified column name

Signed-off-by: samzong <samzong.lu@gmail.com>
---
 .../controllers/console/datasets/test_data_source.py          | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/api/tests/unit_tests/controllers/console/datasets/test_data_source.py b/api/tests/unit_tests/controllers/console/datasets/test_data_source.py
index addd16287e..d9be44fa89 100644
--- a/api/tests/unit_tests/controllers/console/datasets/test_data_source.py
+++ b/api/tests/unit_tests/controllers/console/datasets/test_data_source.py
@@ -164,8 +164,8 @@ class TestDataSourceApi:
         where_clause = getattr(statement, "whereclause", None)
         assert where_clause is not None
         compiled_where = str(where_clause)
-        assert "tenant_id" in compiled_where
-        assert "id" in compiled_where
+        assert "data_source_oauth_bindings.tenant_id" in compiled_where
+        assert "data_source_oauth_bindings.id" in compiled_where
 
     def test_patch_enable_already_enabled(self, app, patch_tenant, mock_engine):
         api = DataSourceApi()