15308555518/ MaxKB
1
0
Fork 0
mirror of https://github.com/1Panel-dev/MaxKB.git synced 2025-12-26 01:33:05 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

fix: validate folder_id in list method and use request.user.id for user_id
Some checks are pending
sync2gitee / repo-sync (push) Waiting to run
Details

This commit is contained in:
CaptainB 2025-06-19 13:23:58 +08:00
parent 11739f1649
commit 6d9068c378
2 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
apps/knowledge/serializers/knowledge.py
View File

@ -188,6 +188,10 @@ class KnowledgeSerializer(serializers.Serializer):
def list(self):
self.is_valid(raise_exception=True)
folder_id = self.data.get('folder_id', self.data.get("workspace_id"))
root = KnowledgeFolder.objects.filter(id=folder_id).first()
if not root:
raise serializers.ValidationError(_('Folder not found'))
workspace_manage = is_workspace_manage(self.data.get('user_id'), self.data.get('workspace_id'))
return native_search(
@ -200,7 +204,8 @@ class KnowledgeSerializer(serializers.Serializer):
'list_knowledge.sql' if workspace_manage else (
'list_knowledge_user_ee.sql' if self.is_x_pack_ee() else 'list_knowledge_user.sql'
)
))
)
),
)
class Operate(serializers.Serializer):

2
apps/knowledge/views/knowledge.py
View File

@ -41,7 +41,7 @@ class KnowledgeView(APIView):
'name': request.query_params.get('name'),
'desc': request.query_params.get("desc"),
'scope': KnowledgeScope.WORKSPACE,
'user_id': request.query_params.get('user_id')
'user_id': request.user.id
}
).list())