Skip to content

Commit

Permalink
fix: permission (#3374)
Browse files Browse the repository at this point in the history 
* fix: permission

* feat: create dataset per
  • Loading branch information
@c121914yu
c121914yu authored Dec 11, 2024
1 parent 8a47152 commit c0135f5
Show file tree
Hide file tree
Showing 4 changed files with 95 additions and 55 deletions.
12 changes: 6 additions & 6 deletions projects/app/src/pages/api/core/app/create.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,12 +35,12 @@ async function handler(req: ApiRequestProps<CreateAppBody>) {
}

// 凭证校验
const { teamId, tmbId } = await authUserPer({ req, authToken: true, per: WritePermissionVal });
if (parentId) {
// if it is not a root app
// check the parent folder permission
await authApp({ req, appId: parentId, per: WritePermissionVal, authToken: true });
}
const [{ teamId, tmbId }] = await Promise.all([
authUserPer({ req, authToken: true, per: WritePermissionVal }),
...(parentId
? [authApp({ req, appId: parentId, per: WritePermissionVal, authToken: true })]
: [])
]);

// 上限校验
await checkTeamAppLimit(teamId);
Expand Down
54 changes: 35 additions & 19 deletions projects/app/src/pages/api/core/app/list.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,16 @@ export type ListAppBody = {
searchKey?: string;
};

/*
获取 APP 列表权限
1. 校验 folder 权限和获取 team 权限(owner 单独处理)
2. 获取 team 下所有 app 权限。获取我的所有组。并计算出我所有的app权限。
3. 过滤我有的权限的 app,以及当前 parentId 的 app(由于权限继承问题,这里没法一次性根据 id 去获取)
4. 根据过滤条件获取 app 列表
5. 遍历搜索出来的 app,并赋予权限(继承的 app,使用 parent 的权限)
6. 再根据 read 权限进行一次过滤。
*/

async function handler(req: ApiRequestProps<ListAppBody>): Promise<AppListItemType[]> {
const { parentId, type, getRecentlyChat, searchKey } = req.body;

Expand Down Expand Up @@ -75,6 +85,24 @@ async function handler(req: ApiRequestProps<ListAppBody>): Promise<AppListItemTy
);

const findAppsQuery = (() => {
if (getRecentlyChat) {
return {
// get all chat app
teamId,
type: { $in: [AppTypeEnum.workflow, AppTypeEnum.simple, AppTypeEnum.plugin] }
};
}

// Filter apps by permission, if not owner, only get apps that I have permission to access
const idList = { _id: { $in: myPerList.map((item) => item.resourceId) } };
const appPerQuery = teamPer.isOwner
? {}
: parentId
? {
$or: [idList, parseParentIdInMongo(parentId)]
}
: idList;

const searchMatch = searchKey
? {
$or: [
Expand All @@ -83,31 +111,17 @@ async function handler(req: ApiRequestProps<ListAppBody>): Promise<AppListItemTy
]
}
: {};
// Filter apps by permission, if not owner, only get apps that I have permission to access
const appIdQuery = teamPer.isOwner
? {}
: { _id: { $in: myPerList.map((item) => item.resourceId) } };

if (getRecentlyChat) {
return {
// get all chat app
...appIdQuery,
teamId,
type: { $in: [AppTypeEnum.workflow, AppTypeEnum.simple, AppTypeEnum.plugin] },
...searchMatch
};
}

if (searchKey) {
return {
...appIdQuery,
...appPerQuery,
teamId,
...searchMatch
};
}

return {
...appIdQuery,
...appPerQuery,
teamId,
...(type && (Array.isArray(type) ? { type: { $in: type } } : { type })),
...parseParentIdInMongo(parentId)
Expand Down Expand Up @@ -144,7 +158,9 @@ async function handler(req: ApiRequestProps<ListAppBody>): Promise<AppListItemTy
);

// Count app collaborators
const clbCount = perList.filter((item) => String(item.resourceId) === appId).length;
const clbCount = perList.filter(
(item) => String(item.resourceId) === String(app._id)
).length;

return {
Per: new AppPermission({
Expand All @@ -156,8 +172,8 @@ async function handler(req: ApiRequestProps<ListAppBody>): Promise<AppListItemTy
};

// Inherit app
if (app.inheritPermission && parentId && !AppFolderTypeList.includes(app.type)) {
return getPer(String(parentId));
if (app.inheritPermission && app.parentId && !AppFolderTypeList.includes(app.type)) {
return getPer(String(app.parentId));
} else {
return getPer(String(app._id));
}
Expand Down
26 changes: 20 additions & 6 deletions projects/app/src/pages/api/core/dataset/create.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ import { NextAPI } from '@/service/middleware/entry';
import { DatasetErrEnum } from '@fastgpt/global/common/error/code/dataset';
import type { ApiRequestProps } from '@fastgpt/service/type/next';
import { parseParentIdInMongo } from '@fastgpt/global/common/parentFolder/utils';
import { authDataset } from '@fastgpt/service/support/permission/dataset/auth';

export type DatasetCreateQuery = {};
export type DatasetCreateBody = CreateDatasetParams;
Expand All @@ -29,12 +30,25 @@ async function handler(
} = req.body;

// auth
const { teamId, tmbId } = await authUserPer({
req,
authToken: true,
authApiKey: true,
per: WritePermissionVal
});
const [{ teamId, tmbId }] = await Promise.all([
authUserPer({
req,
authToken: true,
authApiKey: true,
per: WritePermissionVal
}),
...(parentId
? [
authDataset({
req,
datasetId: parentId,
authToken: true,
authApiKey: true,
per: WritePermissionVal
})
]
: [])
]);

// check model valid
const vectorModelStore = getVectorModel(vectorModel);
Expand Down
58 changes: 34 additions & 24 deletions projects/app/src/pages/api/core/dataset/list.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,16 @@ async function handler(req: ApiRequestProps<GetDatasetListBody>) {
);

const findDatasetQuery = (() => {
// Filter apps by permission, if not owner, only get apps that I have permission to access
const idList = { _id: { $in: myPerList.map((item) => item.resourceId) } };
const datasetPerQuery = teamPer.isOwner
? {}
: parentId
? {
$or: [idList, parseParentIdInMongo(parentId)]
}
: idList;

const searchMatch = searchKey
? {
$or: [
Expand All @@ -82,21 +92,17 @@ async function handler(req: ApiRequestProps<GetDatasetListBody>) {
]
}
: {};
// Filter apps by permission, if not owner, only get apps that I have permission to access
const appIdQuery = teamPer.isOwner
? {}
: { _id: { $in: myPerList.map((item) => item.resourceId) } };

if (searchKey) {
return {
...appIdQuery,
...datasetPerQuery,
teamId,
...searchMatch
};
}

return {
...appIdQuery,
...datasetPerQuery,
teamId,
...(type ? (Array.isArray(type) ? { type: { $in: type } } : { type }) : {}),
...parseParentIdInMongo(parentId)
Expand All @@ -122,7 +128,9 @@ async function handler(req: ApiRequestProps<GetDatasetListBody>) {
.map((item) => item.permission)
);

const clbCount = perList.filter((item) => String(item.resourceId) === datasetId).length;
const clbCount = perList.filter(
(item) => String(item.resourceId) === String(dataset._id)
).length;

return {
Per: new DatasetPermission({
Expand All @@ -133,8 +141,12 @@ async function handler(req: ApiRequestProps<GetDatasetListBody>) {
};
};
// inherit
if (dataset.inheritPermission && parentId && dataset.type !== DatasetTypeEnum.folder) {
return getPer(String(parentId));
if (
dataset.inheritPermission &&
dataset.parentId &&
dataset.type !== DatasetTypeEnum.folder
) {
return getPer(String(dataset.parentId));
} else {
return getPer(String(dataset._id));
}
Expand All @@ -148,21 +160,19 @@ async function handler(req: ApiRequestProps<GetDatasetListBody>) {
})
.filter((app) => app.permission.hasReadPer);

const data = await Promise.all(
formatDatasets.map<DatasetListItemType>((item) => ({
_id: item._id,
avatar: item.avatar,
name: item.name,
intro: item.intro,
type: item.type,
permission: item.permission,
vectorModel: getVectorModel(item.vectorModel),
inheritPermission: item.inheritPermission,
tmbId: item.tmbId,
updateTime: item.updateTime,
private: item.privateDataset
}))
);
const data = formatDatasets.map<DatasetListItemType>((item) => ({
_id: item._id,
avatar: item.avatar,
name: item.name,
intro: item.intro,
type: item.type,
permission: item.permission,
vectorModel: getVectorModel(item.vectorModel),
inheritPermission: item.inheritPermission,
tmbId: item.tmbId,
updateTime: item.updateTime,
private: item.privateDataset
}));

return data;
}
Expand Down

0 comments on commit c0135f5

Please sign in to comment.