[Dependency]: Access control in API Keys

agenta-backend/agenta_backend/routers/app_router.py

@@ -220,11 +220,8 @@ async def create_app(
                     Permission.CREATE_APPLICATION,
                 )
 
-            workspace_id_from_apikey = await db_manager_ee.get_workspace_id_from_apikey(
-                api_key_from_headers, request.state.user_id
-            )
             if payload.workspace_id is None:
-                payload.workspace_id = workspace_id_from_apikey
+                payload.workspace_id = request.state.workspace_id
 
             try:
                 user_org_workspace_data = await get_user_org_and_workspace_id(

agenta-backend/agenta_backend/services/app_manager.py

@@ -107,10 +107,9 @@ async def start_variant(
         )
         if isCloudEE():
             user = await db_manager.get_user(user_uid=user_uid)
-            project = await db_manager_ee.get_project_by_id(project_id=project_id)
             api_key = await api_key_service.create_api_key(
                 str(user.id),
-                workspace_id=str(project.workspace_id),
+                project_id=project_id,
                 expiration_date=None,
                 hidden=True,
             )