remove duplicate dependencies in API

[JC-wk]

Resolves #4797

What is being addressed

Dependencies are duplicated which would cause auth checks to run twice

If you attach the same auth dependency both at the router level (via APIRouter(dependencies=[Depends(auth)])) and again on the endpoint (either in dependencies=[Depends(auth)] or as a parameter user = Depends(auth)), FastAPI will execute it twice because each Depends(...) occurrence is evaluated independently; router-level dependencies are simply added to the route’s dependency list. [fastapi.tiangolo.com]

How is this addressed

• Remove dependencies where they are the same as the router dependencies
• Updated CHANGELOG.md if needed
• Increment API version

[github-actions]

Unit Test Results

668 tests   668 ✅  7s ⏱️
  1 suites    0 💤
  1 files      0 ❌

Results for commit 03e3609.

♻️ This comment has been updated with latest results.

[Copilot]

Pull request overview

This PR resolves duplicate authentication dependency declarations in FastAPI endpoints by removing redundant dependency specifications at the endpoint level when they're already declared at the router level. According to FastAPI behavior, dependencies declared both at router and endpoint levels are executed twice, causing unnecessary duplicate authentication checks.

Key Changes:

• Removed duplicate auth dependencies from endpoint decorators across multiple route files
• Incremented API version from 0.25.7 to 0.25.8 (PATCH version)
• Updated CHANGELOG.md with bug fix entry

Reviewed changes

Copilot reviewed 7 out of 7 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
api_app/api/routes/workspaces.py	Removed duplicate get_current_workspace_owner_or_researcher_user_or_airlock_manager from two GET endpoints that already inherit this dependency from the router
api_app/api/routes/workspace_service_templates.py	Removed duplicate get_current_tre_user_or_tre_admin from two GET endpoints that already inherit this dependency from the router
api_app/api/routes/user_resource_templates.py	Removed duplicate get_current_tre_user_or_tre_admin from two GET endpoints that already inherit this dependency from the router
api_app/api/routes/shared_services.py	Removed duplicate get_current_tre_user_or_tre_admin from two GET endpoints while preserving it in function signatures where needed for business logic
api_app/api/routes/shared_service_templates.py	Removed duplicate get_current_tre_user_or_tre_admin from one GET endpoint that already inherits this dependency from the router
api_app/_version.py	Incremented API version from 0.25.7 to 0.25.8 following semantic versioning for bug fixes
CHANGELOG.md	Added bug fix entry documenting the removal of duplicate auth dependencies

[Copilot]

The reference should point to issue #4797 instead of PR #4796. The PR description states "Resolves #4797", so the changelog entry should reference the issue number to maintain consistency with the format used in other entries.

Suggested change

	* Remove duplicate auth dependencies in API ([#4796](https://github.com/microsoft/AzureTRE/pull/4796))
	* Remove duplicate auth dependencies in API ([#4797](https://github.com/microsoft/AzureTRE/issues/4797))

[marrobi]

@JC-wk thanks. Didn't realise this was an issue. In the past I've been in two minds if security dependencies are best on each route or the router. I thin they would actually be better on each route as it enables us to to custom logic for each route to enable something like:

#3826

Thoughts?

[JC-wk]

@marrobi this one is just a small interim fix to prevent auth checks happening twice and that's how all of the other endpoints work currently so keeps it consistent.
I am planning to start work on #3826 soon though.