From 6b17b450d47b38b3c71c6fb7f86cf9a80438dad6 Mon Sep 17 00:00:00 2001 From: zhangzhanwei Date: Fri, 29 Aug 2025 15:25:13 +0800 Subject: [PATCH] fix: Chat log add to knowledge permission MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --bug=1060944 --user=张展玮 【权限】用户只有知识库的查看权限,但可以将对话日志中的信息添加到知识库作为分段,并可删除 https://www.tapd.cn/62980211/s/1763639 --- .../serializers/application_chat_record.py | 67 +++++++++++++++++-- .../views/application_chat_record.py | 6 +- 2 files changed, 65 insertions(+), 8 deletions(-) diff --git a/apps/application/serializers/application_chat_record.py b/apps/application/serializers/application_chat_record.py index 71500fac9..785447f98 100644 --- a/apps/application/serializers/application_chat_record.py +++ b/apps/application/serializers/application_chat_record.py @@ -20,8 +20,10 @@ from rest_framework.utils.formatting import lazy_format from application.models import ChatRecord, ApplicationAccessToken, Application from application.serializers.application_chat import ChatCountSerializer from application.serializers.common import ChatInfo +from common.auth.authentication import get_is_permissions +from common.constants.permission_constants import PermissionConstants, RoleConstants, ViewPermission, CompareConstants from common.db.search import page_search -from common.exception.app_exception import AppApiException +from common.exception.app_exception import AppApiException, AppUnauthorizedFailed from common.utils.common import post from knowledge.models import Paragraph, Document, Problem, ProblemParagraphMapping, Knowledge from knowledge.serializers.common import get_embedding_model_id_by_knowledge_id, update_document_char_length @@ -254,8 +256,27 @@ class ApplicationChatRecordAddKnowledgeSerializer(serializers.Serializer): @post(post_function=post_embedding_paragraph) @transaction.atomic - def post_improve(self, instance: Dict): - ApplicationChatRecordAddKnowledgeSerializer(data=instance).is_valid(raise_exception=True) + def post_improve(self, instance: Dict, request=None, scope='WORKSPACE', with_valid=True): + if with_valid: + ApplicationChatRecordAddKnowledgeSerializer(data=instance).is_valid(raise_exception=True) + self.is_valid(raise_exception=True) + if scope == 'WORKSPACE': + is_permission = get_is_permissions(request=request, workspace_id=self.data.get('workspace_id'), + knowledge_id=self.data.get("knowledge_id"))( + PermissionConstants.KNOWLEDGE_DOCUMENT_EDIT.get_workspace_knowledge_permission(), + PermissionConstants.KNOWLEDGE_DOCUMENT_EDIT.get_workspace_permission_workspace_manage_role(), + RoleConstants.WORKSPACE_MANAGE.get_workspace_role(), + ViewPermission([RoleConstants.USER.get_workspace_role()], + [PermissionConstants.KNOWLEDGE.get_workspace_knowledge_permission()], + CompareConstants.AND), + ) + else: + is_permission = get_is_permissions(request=request, workspace_id=self.data.get('workspace_id'), + knowledge_id=self.data.get("knowledge_id"))( + PermissionConstants.RESOURCE_KNOWLEDGE_DOCUMENT_EDIT, RoleConstants.ADMIN + ) + if not is_permission: + raise AppUnauthorizedFailed(403, gettext('No permission to access')) chat_ids = instance['chat_ids'] document_id = instance['document_id'] @@ -372,9 +393,26 @@ class ApplicationChatRecordImproveSerializer(serializers.Serializer): @post(post_function=post_embedding_paragraph) @transaction.atomic - def improve(self, instance: Dict, with_valid=True): + def improve(self, instance: Dict, request=None, scope='WORKSPACE', with_valid=True): if with_valid: self.is_valid(raise_exception=True) + if scope == 'WORKSPACE': + is_permission = get_is_permissions(request, workspace_id=self.data.get('workspace_id'), + knowledge_id=self.data.get("knowledge_id"))( + PermissionConstants.KNOWLEDGE_DOCUMENT_EDIT.get_workspace_knowledge_permission(), + PermissionConstants.KNOWLEDGE_DOCUMENT_EDIT.get_workspace_permission_workspace_manage_role(), + RoleConstants.WORKSPACE_MANAGE.get_workspace_role(), + ViewPermission([RoleConstants.USER.get_workspace_role()], + [PermissionConstants.KNOWLEDGE.get_workspace_knowledge_permission()], + CompareConstants.AND), + ) + else: + is_permission = get_is_permissions(request, workspace_id=self.data.get('workspace_id'), + knowledge_id=self.data.get("knowledge_id"))( + PermissionConstants.RESOURCE_KNOWLEDGE_DOCUMENT_EDIT, RoleConstants.ADMIN + ) + if not is_permission: + raise AppUnauthorizedFailed(403, gettext('No permission to access')) ApplicationChatRecordImproveInstanceSerializer(data=instance).is_valid(raise_exception=True) chat_record_id = self.data.get('chat_record_id') chat_id = self.data.get('chat_id') @@ -427,9 +465,28 @@ class ApplicationChatRecordImproveSerializer(serializers.Serializer): workspace_id = serializers.CharField(required=True, label=_("Workspace ID")) - def delete(self, with_valid=True): + def delete(self, request=None, scope='WORKSPACE', with_valid=True): if with_valid: self.is_valid(raise_exception=True) + if scope == 'WORKSPACE': + is_permission = get_is_permissions(request=request, workspace_id=self.data.get('workspace_id'), + knowledge_id=self.data.get("knowledge_id"))( + PermissionConstants.KNOWLEDGE_DOCUMENT_EDIT.get_workspace_knowledge_permission(), + PermissionConstants.KNOWLEDGE_DOCUMENT_EDIT.get_workspace_permission_workspace_manage_role(), + RoleConstants.WORKSPACE_MANAGE.get_workspace_role(), + ViewPermission([RoleConstants.USER.get_workspace_role()], + [PermissionConstants.KNOWLEDGE.get_workspace_knowledge_permission()], + CompareConstants.AND), + ) + else: + is_permission = get_is_permissions(request=request, workspace_id=self.data.get('workspace_id'), + knowledge_id=self.data.get("knowledge_id"))( + PermissionConstants.RESOURCE_KNOWLEDGE_DOCUMENT_EDIT, RoleConstants.ADMIN + ) + + if not is_permission: + raise AppUnauthorizedFailed(403, gettext('No permission to access')) + workspace_id = self.data.get('workspace_id') chat_record_id = self.data.get('chat_record_id') chat_id = self.data.get('chat_id') diff --git a/apps/application/views/application_chat_record.py b/apps/application/views/application_chat_record.py index 83d8d1016..9f7757544 100644 --- a/apps/application/views/application_chat_record.py +++ b/apps/application/views/application_chat_record.py @@ -129,7 +129,7 @@ class ApplicationChatRecordAddKnowledge(APIView): RoleConstants.WORKSPACE_MANAGE.get_workspace_role()) def post(self, request: Request, workspace_id: str, application_id: str): return result.success(ApplicationChatRecordAddKnowledgeSerializer().post_improve( - {'workspace_id': workspace_id, 'application_id': application_id, **request.data})) + {'workspace_id': workspace_id, 'application_id': application_id, **request.data}, request=request)) class ApplicationChatRecordImprove(APIView): @@ -186,7 +186,7 @@ class ApplicationChatRecordImproveParagraph(APIView): return result.success(ApplicationChatRecordImproveSerializer( data={'workspace_id': workspace_id, 'application_id': application_id, 'chat_id': chat_id, 'chat_record_id': chat_record_id, - 'knowledge_id': knowledge_id, 'document_id': document_id}).improve(request.data)) + 'knowledge_id': knowledge_id, 'document_id': document_id}).improve(request.data, request=request)) class Operate(APIView): authentication_classes = [TokenAuth] @@ -214,4 +214,4 @@ class ApplicationChatRecordImproveParagraph(APIView): data={'chat_id': chat_id, 'chat_record_id': chat_record_id, 'workspace_id': workspace_id, 'application_id': application_id, 'knowledge_id': knowledge_id, 'document_id': document_id, - 'paragraph_id': paragraph_id}).delete()) + 'paragraph_id': paragraph_id}).delete(request=request))