fix: The data in the resource list is incorrect (#6157)

Author: shaohuzhang1

apps/application/serializers/application.py

@@ -61,7 +61,7 @@
 from tools.serializers.tool import ToolExportModelSerializer
 from trigger.models import TriggerTask, Trigger
 from users.models import User
-from users.serializers.user import is_workspace_manage
+from users.serializers.user import is_workspace_manage, is_workspace_manage_permission_read
 
 
 def get_base_node_work_flow(work_flow):
@@ -417,7 +417,7 @@ def list(self, instance: Dict):
         user_id = self.data.get("user_id")
         req_dict = ApplicationQueryRequest(data=instance)
         req_dict.is_valid(raise_exception=True)
-        workspace_manage = is_workspace_manage(user_id, workspace_id)
+        workspace_manage = is_workspace_manage_permission_read(user_id, workspace_id, "APPLICATION:READ")
         is_x_pack_ee = self.is_x_pack_ee()
         return native_search(self.get_query_set(req_dict.data, workspace_manage, is_x_pack_ee),
                              select_string=get_file_content(
@@ -432,7 +432,7 @@ def page(self, current_page: int, page_size: int, instance: Dict):
         req_dict.is_valid(raise_exception=True)
         workspace_id = self.data.get('workspace_id')
         user_id = self.data.get("user_id")
-        workspace_manage = is_workspace_manage(user_id, workspace_id)
+        workspace_manage = is_workspace_manage_permission_read(user_id, workspace_id, "APPLICATION:READ")
         is_x_pack_ee = self.is_x_pack_ee()
         result = native_page_search(current_page, page_size,
                                     self.get_query_set(req_dict.data, workspace_manage, is_x_pack_ee),
@@ -972,7 +972,7 @@ def publish(self, instance, with_valid=True):
         work_flow_version.save()
         access_token = hashlib.md5(
             str(uuid.uuid7()).encode()).hexdigest()[
-            8:24]
+                       8:24]
         application_access_token = QuerySet(ApplicationAccessToken).filter(
             application_id=application.id).first()
         if application_access_token is None:
@@ -1276,7 +1276,8 @@ def update_knowledge_node(self, workflow, available_knowledge_dict):
             knowledge_list = [available_knowledge_dict.get(knowledge_id) for knowledge_id in knowledge_id_list if
                               available_knowledge_dict.__contains__(knowledge_id)]
             node_data['all_knowledge_id_list'] = knowledge_id_list
-            node_data['no_permission_knowledge_id_list'] = [knowledge_id for knowledge_id in knowledge_id_list if not available_knowledge_dict.__contains__(knowledge_id) ]
+            node_data['no_permission_knowledge_id_list'] = [knowledge_id for knowledge_id in knowledge_id_list if
+                                                            not available_knowledge_dict.__contains__(knowledge_id)]
             node_data['knowledge_id_list'] = [knowledge.get('id') for knowledge in knowledge_list]
             node_data['knowledge_list'] = knowledge_list
 

apps/knowledge/serializers/knowledge.py

@@ -44,7 +44,7 @@
 from system_manage.models.resource_mapping import ResourceMapping
 from system_manage.serializers.resource_mapping_serializers import ResourceMappingSerializer
 from system_manage.serializers.user_resource_permission import UserResourcePermissionSerializer
-from users.serializers.user import is_workspace_manage
+from users.serializers.user import is_workspace_manage, is_workspace_manage_permission_read
 
 from knowledge.models import (
     Document,
@@ -226,9 +226,9 @@ def get_query_set(self, workspace_manage, is_x_pack_ee):
                 query_set = query_set.filter(**{"temp.workspace_id": self.data.get("workspace_id")})
                 folder_query_set = folder_query_set.filter(**{"workspace_id": self.data.get("workspace_id")})
             if (
-                "folder_id" in self.data
-                and self.data.get("folder_id") is not None
-                and self.data.get("workspace_id") != self.data.get("folder_id")
+                    "folder_id" in self.data
+                    and self.data.get("folder_id") is not None
+                    and self.data.get("workspace_id") != self.data.get("folder_id")
             ):
                 query_set = query_set.filter(**{"temp.folder_id": self.data.get("folder_id")})
                 folder_query_set = folder_query_set.filter(**{"parent_id": self.data.get("folder_id")})
@@ -259,7 +259,8 @@ def page(self, current_page: int, page_size: int):
             root = KnowledgeFolder.objects.filter(id=folder_id).first()
             if not root:
                 raise serializers.ValidationError(_("Folder not found"))
-            workspace_manage = is_workspace_manage(self.data.get("user_id"), self.data.get("workspace_id"))
+            workspace_manage = is_workspace_manage_permission_read(self.data.get("user_id"),
+                                                                   self.data.get("workspace_id"), "KNOWLEDGE:READ")
             is_x_pack_ee = self.is_x_pack_ee()
             result = native_page_search(
                 current_page,
@@ -288,7 +289,9 @@ def list(self):
             root = KnowledgeFolder.objects.filter(id=folder_id).first()
             if not root:
                 raise serializers.ValidationError(_("Folder not found"))
-            workspace_manage = is_workspace_manage(self.data.get("user_id"), self.data.get("workspace_id"))
+            workspace_manage = is_workspace_manage_permission_read(self.data.get("user_id"),
+                                                                   self.data.get("workspace_id"), "KNOWLEDGE:READ")
+
             is_x_pack_ee = self.is_x_pack_ee()
             return native_search(
                 self.get_query_set(workspace_manage, is_x_pack_ee),
@@ -449,10 +452,10 @@ def one(self):
                         [
                             str(application_knowledge_mapping.source_id)
                             for application_knowledge_mapping in QuerySet(ResourceMapping).filter(
-                                source_type="APPLICATION",
-                                target_type="KNOWLEDGE",
-                                target_id=self.data.get("knowledge_id"),
-                            )
+                            source_type="APPLICATION",
+                            target_type="KNOWLEDGE",
+                            target_id=self.data.get("knowledge_id"),
+                        )
                         ],
                     )
                 ),
@@ -687,7 +690,7 @@ def export_knowledge(self, with_valid=True):
 
         @staticmethod
         def _get_knowledge_workbook(
-            data_dict: dict, document_dict: dict, doc_tag_map: dict, doc_obj_map: dict, paragraph_active_map: dict
+                data_dict: dict, document_dict: dict, doc_tag_map: dict, doc_obj_map: dict, paragraph_active_map: dict
         ):
             import openpyxl
             from openpyxl.cell.cell import ILLEGAL_CHARACTERS_RE

apps/models_provider/serializers/model_serializer.py

@@ -29,7 +29,7 @@
 from system_manage.models.resource_mapping import ResourceMapping
 from system_manage.serializers.resource_mapping_serializers import ResourceMappingSerializer
 from system_manage.serializers.user_resource_permission import UserResourcePermissionSerializer
-from users.serializers.user import is_workspace_manage
+from users.serializers.user import is_workspace_manage_permission_read
 
 
 def get_default_model_params_setting(provider, model_type, model_name):
@@ -366,7 +366,7 @@ def list(self, workspace_id, with_valid):
             if with_valid:
                 self.is_valid(raise_exception=True)
             user_id = self.data.get("user_id")
-            workspace_manage = is_workspace_manage(user_id, workspace_id)
+            workspace_manage = is_workspace_manage_permission_read(user_id, workspace_id, 'MODEL:READ')
             query_params = self._build_query_params(workspace_id, workspace_manage, user_id)
             is_x_pack_ee = self.is_x_pack_ee()
             result = native_search(query_params,
@@ -393,7 +393,7 @@ def model_list(self, workspace_id, with_valid=True):
             if with_valid:
                 self.is_valid(raise_exception=True)
             user_id = self.data.get("user_id")
-            workspace_manage = is_workspace_manage(user_id, workspace_id)
+            workspace_manage = is_workspace_manage_permission_read(user_id, workspace_id, 'MODEL:READ')
             queryset = self._build_query_params(workspace_id, workspace_manage, user_id)
             get_authorized_model = DatabaseModelManage.get_model("get_authorized_model")
 

apps/tools/serializers/tool.py

@@ -44,7 +44,7 @@
 from system_manage.serializers.resource_mapping_serializers import ResourceMappingSerializer
 from system_manage.serializers.user_resource_permission import UserResourcePermissionSerializer
 from trigger.models import Trigger, TriggerTask
-from users.serializers.user import is_workspace_manage
+from users.serializers.user import is_workspace_manage, is_workspace_manage_permission_read
 
 from tools.models import Tool, ToolFolder, ToolRecord, ToolScope, ToolType
 from tools.models.tool_workflow import ToolWorkflow
@@ -869,9 +869,9 @@ def run(self, instance, is_valid=True):
                     {
                         "type": "error"
                         if (
-                            item.get("code") == "E999"
-                            or str(item.get("code") or "").startswith("E9")
-                            or item.get("code") in ["F821", "F822", "F823"]
+                                item.get("code") == "E999"
+                                or str(item.get("code") or "").startswith("E9")
+                                or item.get("code") in ["F821", "F822", "F823"]
                         )
                         else "warning",
                         "module": "",
@@ -997,7 +997,7 @@ def import_workflow_tools(self, tool, workspace_id, user_id, folder_id, new_chil
                     {**tool, "id": update_tool_map.get(tool.get("id"))}
                     for tool in tool_list
                     if not exits_tool_id_list.__contains__(tool.get("id"))
-                    and not exits_tool_id_list.__contains__(
+                       and not exits_tool_id_list.__contains__(
                         new_uuid.generate_uuid(tool.get("id"))
                         if new_child_policy == 2
                         else generate_uuid((tool.get("id") + workspace_id or ""))
@@ -1600,15 +1600,15 @@ def process():
                 )
                 try:
                     for r in model.stream(
-                        [
-                            # SystemMessage(content=SYSTEM_ROLE),
-                            *[
-                                HumanMessage(content=m.get("content"))
-                                if m.get("role") == "user"
-                                else AIMessage(content=m.get("content"))
-                                for m in messages
+                            [
+                                # SystemMessage(content=SYSTEM_ROLE),
+                                *[
+                                    HumanMessage(content=m.get("content"))
+                                    if m.get("role") == "user"
+                                    else AIMessage(content=m.get("content"))
+                                    for m in messages
+                                ]
                             ]
-                        ]
                     ):
                         yield "data: " + json.dumps({"content": r.content}) + "\n\n"
                 except Exception as e:
@@ -1772,7 +1772,8 @@ def is_x_pack_ee():
         def page_tool_with_folders(self, current_page: int, page_size: int):
             self.is_valid(raise_exception=True)
 
-            workspace_manage = is_workspace_manage(self.data.get("user_id"), self.data.get("workspace_id"))
+            workspace_manage = is_workspace_manage_permission_read(self.data.get("user_id"),
+                                                                   self.data.get("workspace_id"), 'TOOL:READ')
             is_x_pack_ee = self.is_x_pack_ee()
             result = native_page_search(
                 current_page,
@@ -1800,7 +1801,8 @@ def page_tool_with_folders(self, current_page: int, page_size: int):
         def get_tools(self):
             self.is_valid(raise_exception=True)
 
-            workspace_manage = is_workspace_manage(self.data.get("user_id"), self.data.get("workspace_id"))
+            workspace_manage = is_workspace_manage_permission_read(self.data.get("user_id"),
+                                                                   self.data.get("workspace_id"), 'TOOL:READ')
             is_x_pack_ee = self.is_x_pack_ee()
             results = native_search(
                 self.get_query_set(workspace_manage, is_x_pack_ee),

apps/users/serializers/user.py

@@ -81,7 +81,19 @@ def is_workspace_manage(user_id: str, workspace_id: str):
             role__type=RoleConstants.WORKSPACE_MANAGE.value.__str__()).exists()
     return QuerySet(User).filter(id=user_id, role=RoleConstants.ADMIN.value.__str__()).exists()
 
-
+def is_workspace_manage_permission_read(user_id: str, workspace_id: str, permission_id):
+    workspace_user_role_mapping_model = DatabaseModelManage.get_model("workspace_user_role_mapping")
+    role_permission_mapping_model = DatabaseModelManage.get_model("role_permission_mapping_model")
+    is_x_pack_ee = workspace_user_role_mapping_model is not None and role_permission_mapping_model is not None
+    if is_x_pack_ee:
+        has_permission = QuerySet(role_permission_mapping_model).filter(
+            role__userrolerelation__user_id=user_id,
+            role__userrolerelation__workspace_id=workspace_id,
+            permission_id=permission_id,
+            role__type=RoleConstants.WORKSPACE_MANAGE.value.__str__()
+        ).exists()
+        return has_permission
+    return True
 def get_workspace_list_by_user(user_id):
     get_workspace_list = DatabaseModelManage.get_model('get_workspace_list_by_user')
     license_is_valid = DatabaseModelManage.get_model('license_is_valid') or (lambda: False)