From 6d9068c378cfa43260d018f49eccbdfc98e20491 Mon Sep 17 00:00:00 2001 From: CaptainB Date: Thu, 19 Jun 2025 13:23:58 +0800 Subject: [PATCH] fix: validate folder_id in list method and use request.user.id for user_id --- apps/knowledge/serializers/knowledge.py | 7 ++++++- apps/knowledge/views/knowledge.py | 2 +- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/apps/knowledge/serializers/knowledge.py b/apps/knowledge/serializers/knowledge.py index 33e7cd729..fe386617d 100644 --- a/apps/knowledge/serializers/knowledge.py +++ b/apps/knowledge/serializers/knowledge.py @@ -188,6 +188,10 @@ class KnowledgeSerializer(serializers.Serializer): def list(self): self.is_valid(raise_exception=True) + folder_id = self.data.get('folder_id', self.data.get("workspace_id")) + root = KnowledgeFolder.objects.filter(id=folder_id).first() + if not root: + raise serializers.ValidationError(_('Folder not found')) workspace_manage = is_workspace_manage(self.data.get('user_id'), self.data.get('workspace_id')) return native_search( @@ -200,7 +204,8 @@ class KnowledgeSerializer(serializers.Serializer): 'list_knowledge.sql' if workspace_manage else ( 'list_knowledge_user_ee.sql' if self.is_x_pack_ee() else 'list_knowledge_user.sql' ) - )) + ) + ), ) class Operate(serializers.Serializer): diff --git a/apps/knowledge/views/knowledge.py b/apps/knowledge/views/knowledge.py index 2d621fc5c..20868bf72 100644 --- a/apps/knowledge/views/knowledge.py +++ b/apps/knowledge/views/knowledge.py @@ -41,7 +41,7 @@ class KnowledgeView(APIView): 'name': request.query_params.get('name'), 'desc': request.query_params.get("desc"), 'scope': KnowledgeScope.WORKSPACE, - 'user_id': request.query_params.get('user_id') + 'user_id': request.user.id } ).list())