diff --git a/apps/application/serializers/application.py b/apps/application/serializers/application.py index 055679b4a..4cbb51e60 100644 --- a/apps/application/serializers/application.py +++ b/apps/application/serializers/application.py @@ -35,6 +35,7 @@ from common.utils.common import get_file_content, valid_license, restricted_load from knowledge.models import Knowledge from maxkb.conf import PROJECT_DIR from models_provider.models import Model +from system_manage.models import WorkspaceUserResourcePermission from tools.models import Tool, ToolScope from tools.serializers.tool import ToolModelSerializer from users.models import User @@ -295,7 +296,7 @@ class Query(serializers.Serializer): workspace_id = serializers.CharField(required=False, label=_('Workspace ID')) user_id = serializers.UUIDField(required=True, label=_("User ID")) - def get_query_set(self, instance: Dict, workspace_manage): + def get_query_set(self, instance: Dict, workspace_manage: bool, is_x_pack_ee: bool): folder_query_set = QuerySet(ApplicationFolder) application_query_set = QuerySet(Application) workspace_id = self.data.get('workspace_id') @@ -317,8 +318,14 @@ class Query(serializers.Serializer): application_query_set = application_query_set.filter(desc__contains=desc) application_custom_sql_query_set = application_query_set application_query_set = application_query_set.order_by("-update_time") + return {'folder_query_set': folder_query_set, - 'application_query_set': application_query_set} if not workspace_manage else { + 'application_query_set': application_query_set, + 'workspace_user_resource_permission_query_set': QuerySet(WorkspaceUserResourcePermission).filter( + auth_target_type="KNOWLEDGE", + workspace_id=workspace_id, + user_id=user_id)} if ( + not workspace_manage and is_x_pack_ee) else { 'folder_query_set': folder_query_set, 'application_query_set': application_query_set, 'application_custom_sql': application_custom_sql_query_set @@ -336,11 +343,12 @@ class Query(serializers.Serializer): user_id = self.data.get("user_id") ApplicationQueryRequest(data=instance).is_valid(raise_exception=True) workspace_manage = is_workspace_manage(user_id, workspace_id) - return native_search(self.get_query_set(instance, workspace_manage), + is_x_pack_ee = self.is_x_pack_ee() + return native_search(self.get_query_set(instance, workspace_manage, is_x_pack_ee), select_string=get_file_content( os.path.join(PROJECT_DIR, "apps", "application", 'sql', 'list_application.sql' if workspace_manage else ( - 'list_application_user_ee.sql' if self.is_x_pack_ee() else 'list_application_user.sql') + 'list_application_user_ee.sql' if is_x_pack_ee else 'list_application_user.sql') ))) def page(self, current_page: int, page_size: int, instance: Dict): @@ -349,11 +357,12 @@ class Query(serializers.Serializer): workspace_id = self.data.get('workspace_id') user_id = self.data.get("user_id") workspace_manage = is_workspace_manage(user_id, workspace_id) - return native_page_search(current_page, page_size, self.get_query_set(instance, workspace_manage), + is_x_pack_ee = self.is_x_pack_ee() + return native_page_search(current_page, page_size, self.get_query_set(instance, workspace_manage, is_x_pack_ee), get_file_content( os.path.join(PROJECT_DIR, "apps", "application", 'sql', 'list_application.sql' if workspace_manage else ( - 'list_application_user_ee.sql' if self.is_x_pack_ee() else 'list_application_user.sql'))), + 'list_application_user_ee.sql' if is_x_pack_ee else 'list_application_user.sql'))), ) diff --git a/apps/application/sql/list_application_user_ee.sql b/apps/application/sql/list_application_user_ee.sql index f3c83498a..d6a653cb9 100644 --- a/apps/application/sql/list_application_user_ee.sql +++ b/apps/application/sql/list_application_user_ee.sql @@ -14,7 +14,7 @@ from (select application."id"::text, from application left join "user" on user_id = "user".id where "application".id in (select target from workspace_user_resource_permission - where auth_target_type = 'APPLICATION' + ${workspace_user_resource_permission_query_set} and case when auth_type = 'ROLE' then 'ROLE' = any (permission_list) diff --git a/apps/knowledge/serializers/knowledge.py b/apps/knowledge/serializers/knowledge.py index 3adebe82e..0ed85bcd1 100644 --- a/apps/knowledge/serializers/knowledge.py +++ b/apps/knowledge/serializers/knowledge.py @@ -120,7 +120,7 @@ class KnowledgeSerializer(serializers.Serializer): role_permission_mapping_model = DatabaseModelManage.get_model("role_permission_mapping_model") return workspace_user_role_mapping_model is not None and role_permission_mapping_model is not None - def get_query_set(self): + def get_query_set(self, workspace_manage, is_x_pack_ee): workspace_id = self.data.get("workspace_id") query_set_dict = {} query_set = QuerySet(model=get_dynamics_model({ @@ -157,6 +157,12 @@ class KnowledgeSerializer(serializers.Serializer): 'knowledge.workspace_id': models.CharField(), })).filter(**{'knowledge.workspace_id': workspace_id}) query_set_dict['folder_query_set'] = folder_query_set + if not workspace_manage and is_x_pack_ee: + query_set_dict['workspace_user_resource_permission_query_set'] = QuerySet( + WorkspaceUserResourcePermission).filter( + auth_target_type="", + workspace_id=workspace_id, + user_id=self.data.get("user_id")) return query_set_dict def page(self, current_page: int, page_size: int): @@ -167,17 +173,18 @@ class KnowledgeSerializer(serializers.Serializer): if not root: raise serializers.ValidationError(_('Folder not found')) workspace_manage = is_workspace_manage(self.data.get('user_id'), self.data.get('workspace_id')) + is_x_pack_ee = self.is_x_pack_ee() return native_page_search( current_page, page_size, - self.get_query_set(), + self.get_query_set(workspace_manage, is_x_pack_ee), select_string=get_file_content( os.path.join( PROJECT_DIR, "apps", "knowledge", 'sql', 'list_knowledge.sql' if workspace_manage else ( - 'list_knowledge_user_ee.sql' if self.is_x_pack_ee() else 'list_knowledge_user.sql' + 'list_knowledge_user_ee.sql' if is_x_pack_ee else 'list_knowledge_user.sql' ) ) ), @@ -191,8 +198,9 @@ class KnowledgeSerializer(serializers.Serializer): if not root: raise serializers.ValidationError(_('Folder not found')) workspace_manage = is_workspace_manage(self.data.get('user_id'), self.data.get('workspace_id')) + is_x_pack_ee = self.is_x_pack_ee() return native_search( - self.get_query_set(), + self.get_query_set(workspace_manage, is_x_pack_ee), select_string=get_file_content( os.path.join( PROJECT_DIR, diff --git a/apps/knowledge/sql/list_knowledge_user_ee.sql b/apps/knowledge/sql/list_knowledge_user_ee.sql index 364a6df5b..0386c38c3 100644 --- a/apps/knowledge/sql/list_knowledge_user_ee.sql +++ b/apps/knowledge/sql/list_knowledge_user_ee.sql @@ -22,7 +22,7 @@ FROM (SELECT "temp_knowledge".id::text, "temp_knowledge".name, FROM knowledge knowledge ${knowledge_custom_sql} AND "knowledge".id in (select target from workspace_user_resource_permission - where auth_target_type = 'KNOWLEDGE' + ${workspace_user_resource_permission_query_set} and case when auth_type = 'ROLE' then 'ROLE' = any (permission_list)