Skip to content

Commit a5fe648

Browse files
shaohuzhang1shaohuzhang1
committed
fix: Home page statistics custom workspace administrator data error
1 parent 5734f29 commit a5fe648

1 file changed

Lines changed: 69 additions & 29 deletions

File tree

apps/homepage/serializers/homepage.py

Lines changed: 69 additions & 29 deletions
Original file line numberDiff line numberDiff line change
@@ -44,6 +44,22 @@ def hasPermission(auth, permission):
4444
return False
4545

4646

47+
def has_extends_workspace_manage_permission(auth, permission, workspace_id):
48+
return hasPermission(auth, f"{permission}:/WORKSPACE/{workspace_id}:ROLE/WORKSPACE_MANAGE")
49+
50+
51+
def has_user_permission(auth, permission, workspace_id):
52+
return hasPermission(auth, f"{permission}:/WORKSPACE/{workspace_id}")
53+
54+
55+
def has_all_permission(auth, permission, workspace_id):
56+
return (has_user_permission(auth, permission, workspace_id)
57+
or has_extends_workspace_manage_permission(auth,
58+
permission,
59+
workspace_id)
60+
or hasPermission(auth, permission))
61+
62+
4763
def is_workspace_manage(auth, workspace_id):
4864
return RoleConstants.WORKSPACE_MANAGE.value.__str__() + ":/WORKSPACE/" + workspace_id in auth.role_list
4965

@@ -90,7 +106,7 @@ def aggregation(self, auth, with_valid=True):
90106
chat__application__workspace_id=workspace_id
91107
)
92108
elif extends_workspace_manage:
93-
if hasPermission(auth, "APPLICATION:READ"):
109+
if hasPermission(auth, f"APPLICATION:READ:/WORKSPACE/{workspace_id}"):
94110
query = query.filter(
95111
chat__application__workspace_id=workspace_id
96112
)
@@ -150,13 +166,11 @@ def aggregation(self, auth, with_valid=True):
150166
query = query.filter(
151167
chat__application__workspace_id=workspace_id
152168
)
153-
elif extends_workspace_manage:
154-
if hasPermission(auth, "APPLICATION:READ"):
155-
query = query.filter(
156-
chat__application__workspace_id=workspace_id
157-
)
158-
else:
159-
return 0
169+
elif extends_workspace_manage and has_extends_workspace_manage_permission(auth, 'APPLICATION:READ',
170+
workspace_id):
171+
query = query.filter(
172+
chat__application__workspace_id=workspace_id
173+
)
160174
else:
161175
permission_list = (
162176
["VIEW", "MANAGE", "ROLE"]
@@ -316,10 +330,11 @@ def _apply_permission_filter(self, queryset, auth, workspace_id, user_id):
316330
if is_workspace_manage(auth, workspace_id):
317331
return queryset.filter(application__workspace_id=workspace_id)
318332
elif is_extends_workspace_manage(auth, workspace_id):
319-
if hasPermission(auth, "APPLICATION:READ"):
333+
if hasPermission(auth, f"APPLICATION:READ:/WORKSPACE/{workspace_id}"):
320334
return queryset.filter(application__workspace_id=workspace_id)
321-
else:
322-
return queryset.filter(application_id__in=[])
335+
if not has_all_permission(auth, 'APPLICATION:READ', workspace_id):
336+
return queryset.none()
337+
323338
permission_list = (
324339
_PERM_WITH_ROLE
325340
if hasPermission(auth, "APPLICATION:READ")
@@ -377,14 +392,22 @@ def get_queryset(self, auth):
377392
name = self.data.get("name")
378393
start_time = get_start_time(self.data.get("start_time"))
379394
end_time = get_end_time(self.data.get("end_time"))
380-
queryset = Application.objects.filter(workspace_id=workspace_id)
395+
workspace_manage = is_workspace_manage(auth, workspace_id)
396+
queryset = QuerySet(Application)
397+
is_resource_filter = True
381398
if name:
382399
queryset = queryset.filter(name__contains=name)
383-
workspace_manage = is_workspace_manage(auth, workspace_id)
384-
if is_extends_workspace_manage(auth, workspace_id):
385-
if not hasPermission(auth, "APPLICATION:READ"):
386-
queryset = queryset.filter(workspace_id__in=[])
387-
if not workspace_manage:
400+
is_resource_filter = False
401+
if workspace_manage:
402+
queryset = queryset.filter(workspace_id=workspace_id)
403+
elif is_extends_workspace_manage(auth, workspace_id):
404+
if has_extends_workspace_manage_permission(auth, "APPLICATION:READ", workspace_id):
405+
queryset = queryset.filter(workspace_id=workspace_id)
406+
is_resource_filter = False
407+
if not has_all_permission(auth, 'APPLICATION:READ', workspace_id):
408+
queryset = queryset.none()
409+
is_resource_filter = False
410+
if is_resource_filter:
388411
permission_list = (
389412
["VIEW", "MANAGE", "ROLE"]
390413
if hasPermission(auth, "APPLICATION:READ")
@@ -508,15 +531,26 @@ def get_queryset(self, auth):
508531
& Q(chat__chatrecord__create_time__gte=start_time)
509532
& Q(chat__chatrecord__create_time__lte=end_time)
510533
)
511-
512-
queryset = Application.objects.filter(workspace_id=workspace_id)
534+
is_resource_filter = True
535+
workspace_manage = is_workspace_manage(auth, workspace_id)
536+
queryset = QuerySet(Application)
513537
if name:
514538
queryset = queryset.filter(name__contains=name)
515-
516-
workspace_manage = is_workspace_manage(auth, workspace_id)
517-
if is_extends_workspace_manage(auth, workspace_id):
518-
queryset = queryset.filter(workspace_id__in=[])
519-
if not workspace_manage:
539+
if workspace_manage:
540+
queryset = queryset.filter(workspace_id=workspace_id)
541+
is_resource_filter = False
542+
elif is_extends_workspace_manage(auth, workspace_id):
543+
if has_extends_workspace_manage_permission(
544+
auth,
545+
"APPLICATION:READ", workspace_id
546+
):
547+
queryset = queryset.filter(workspace_id=workspace_id)
548+
is_resource_filter = False
549+
if not has_all_permission(auth, 'APPLICATION:READ', workspace_id):
550+
queryset = queryset.none()
551+
is_resource_filter = False
552+
553+
if is_resource_filter:
520554
permission_list = ["VIEW", "MANAGE", "ROLE"] if hasPermission(
521555
auth,
522556
"APPLICATION:READ"
@@ -705,7 +739,10 @@ def get_aggregation_query_set(self, auth):
705739
if workspace_manage:
706740
return QuerySet(Application).filter(workspace_id=workspace_id)
707741
if is_extends_workspace_manage(auth, workspace_id):
708-
return QuerySet(Application).filter(workspace_id__in=[])
742+
if has_extends_workspace_manage_permission(auth, "APPLICATION:READ", workspace_id):
743+
return QuerySet(Application).filter(workspace_id=workspace_id)
744+
if not has_all_permission(auth, 'APPLICATION:READ', workspace_id):
745+
return QuerySet(Application).none()
709746
permission_list = ["VIEW", "MANAGE", "ROLE"] if hasPermission(auth, "APPLICATION:READ") else ['VIEW',
710747
'MANAGE']
711748
return QuerySet(Application).filter(
@@ -742,8 +779,9 @@ def get_aggregation_query_set(self, auth):
742779
if is_workspace_manage(auth, workspace_id):
743780
return QuerySet(Knowledge).filter(workspace_id=workspace_id)
744781
if is_extends_workspace_manage(auth, workspace_id):
745-
if hasPermission(auth, "KNOWLEDGE:READ"):
782+
if has_extends_workspace_manage_permission(auth, "KNOWLEDGE:READ", workspace_id):
746783
return QuerySet(Knowledge).filter(workspace_id=workspace_id)
784+
if not has_all_permission(auth, 'KNOWLEDGE:READ', workspace_id):
747785
return QuerySet(Knowledge).none()
748786
permission_list = ["VIEW", "MANAGE", "ROLE"] if hasPermission(auth, "KNOWLEDGE:READ") else ['VIEW',
749787
'MANAGE']
@@ -790,8 +828,9 @@ def get_aggregation_query_set(self, auth):
790828
if is_workspace_manage(auth, workspace_id):
791829
return QuerySet(Tool).filter(workspace_id=workspace_id)
792830
if is_extends_workspace_manage(auth, workspace_id):
793-
if hasPermission(auth, "TOOL:READ"):
831+
if has_extends_workspace_manage_permission(auth, "TOOL:READ", workspace_id):
794832
return QuerySet(Tool).filter(workspace_id=workspace_id)
833+
if not has_all_permission(auth, 'TOOL:READ', workspace_id):
795834
return QuerySet(Tool).none()
796835
permission_list = ["VIEW", "MANAGE", "ROLE"] if hasPermission(auth, "TOOL:READ") else ['VIEW',
797836
'MANAGE']
@@ -835,11 +874,12 @@ def get_aggregation_query_set(self, auth):
835874
if is_workspace_manage(auth, workspace_id):
836875
return QuerySet(Model).filter(workspace_id=workspace_id)
837876
if is_extends_workspace_manage(auth, workspace_id):
838-
if hasPermission(auth, 'MODEL:READ'):
877+
if has_extends_workspace_manage_permission(auth, "MODEL:READ", workspace_id):
839878
return QuerySet(Model).filter(workspace_id=workspace_id)
879+
if not has_all_permission(auth, 'MODEL:READ', workspace_id):
840880
return QuerySet(Model).none()
841881
permission_list = ["VIEW", "MANAGE", "ROLE"] if hasPermission(auth, "MODEL:READ") else ['VIEW',
842-
'MANAGE']
882+
'MANAGE']
843883
return QuerySet(Model).filter(
844884
id__in=QuerySet(WorkspaceUserResourcePermission).filter(workspace_id=workspace_id,
845885
user_id=user_id,

0 commit comments

Comments
 (0)