From 074375478dddb375d15bc1217d5614ba7297981d Mon Sep 17 00:00:00 2001 From: shaohuzhang1 <80892890+shaohuzhang1@users.noreply.github.com> Date: Mon, 14 Jul 2025 16:13:53 +0800 Subject: [PATCH] fix: The conversation user is not authorized to use (#3581) --- .../serializers/application_chat_record.py | 7 ++++--- apps/chat/api/chat_authentication_api.py | 15 +-------------- apps/chat/serializers/chat.py | 11 +++++++++++ 3 files changed, 16 insertions(+), 17 deletions(-) diff --git a/apps/application/serializers/application_chat_record.py b/apps/application/serializers/application_chat_record.py index 4ca8e7608..b0e75a463 100644 --- a/apps/application/serializers/application_chat_record.py +++ b/apps/application/serializers/application_chat_record.py @@ -125,9 +125,10 @@ class ApplicationChatRecordQuerySerializers(serializers.Serializer): 'paragraph_list') or []) if item.get('type') == 'reranker-node' and item.get('show_knowledge', False): - paragraph_list = paragraph_list + [rl.get('metadata') for rl in item.get('result_list') if - 'document_id' in rl.get('metadata') and 'knowledge_id' in rl.get( - 'metadata')] + paragraph_list = paragraph_list + [rl.get('metadata') for rl in (item.get('result_list') or []) if + 'document_id' in (rl.get('metadata') or {}) and 'knowledge_id' in ( + rl.get( + 'metadata') or {})] paragraph_list = list({p.get('id'): p for p in paragraph_list}.values()) knowledge_list = knowledge_list + [{'id': knowledge_id, **knowledge} for knowledge_id, knowledge in reduce(lambda x, y: {**x, **y}, diff --git a/apps/chat/api/chat_authentication_api.py b/apps/chat/api/chat_authentication_api.py index 3e65b739c..6f6b1b1a8 100644 --- a/apps/chat/api/chat_authentication_api.py +++ b/apps/chat/api/chat_authentication_api.py @@ -52,17 +52,4 @@ class ChatAuthenticationProfileAPI(APIMixin): class ChatOpenAPI(APIMixin): @staticmethod def get_parameters(): - return [OpenApiParameter( - name="workspace_id", - description="工作空间id", - type=OpenApiTypes.STR, - location='path', - required=True, - ), - OpenApiParameter( - name="application_id", - description="应用id", - type=OpenApiTypes.STR, - location='path', - required=True, - )] + return [] diff --git a/apps/chat/serializers/chat.py b/apps/chat/serializers/chat.py index 4398ebbd3..dae0ceef4 100644 --- a/apps/chat/serializers/chat.py +++ b/apps/chat/serializers/chat.py @@ -29,6 +29,7 @@ from application.models import Application, ApplicationTypeChoices, ApplicationK ChatUserType, ApplicationChatUserStats, ApplicationAccessToken, ChatRecord, Chat, ApplicationVersion from application.serializers.application import ApplicationOperateSerializer from application.serializers.common import ChatInfo +from common.database_model_manage.database_model_manage import DatabaseModelManage from common.exception.app_exception import AppApiException, AppChatNumOutOfBoundsFailed, ChatException from common.handle.base_to_response import BaseToResponse from common.handle.impl.response.openai_to_response import OpenaiToResponse @@ -308,6 +309,15 @@ class ChatSerializers(serializers.Serializer): r = work_flow_manage.run() return r + def is_valid_chat_user(self): + chat_user_id = self.data.get('chat_user_id') + application_id = self.data.get('application_id') + is_auth_chat_user = DatabaseModelManage.get_model("is_auth_chat_user") + if self.chat_user_type == ChatUserType.CHAT_USER.value and is_auth_chat_user: + is_auth = is_auth_chat_user(chat_user_id, application_id) + if not is_auth: + raise ChatException(500, _("The chat user is not authorized.")) + def chat(self, instance: dict, base_to_response: BaseToResponse = SystemToResponse()): super().is_valid(raise_exception=True) ChatMessageSerializers(data=instance).is_valid(raise_exception=True) @@ -315,6 +325,7 @@ class ChatSerializers(serializers.Serializer): chat_info.get_application() chat_info.get_chat_user() self.is_valid_chat_id(chat_info) + self.is_valid_chat_user() if chat_info.application.type == ApplicationTypeChoices.SIMPLE: self.is_valid_application_simple(raise_exception=True, chat_info=chat_info) return self.chat_simple(chat_info, instance, base_to_response)