diff --git a/apps/application/serializers/application.py b/apps/application/serializers/application.py index a01a58200..776688560 100644 --- a/apps/application/serializers/application.py +++ b/apps/application/serializers/application.py @@ -333,7 +333,7 @@ class Query(serializers.Serializer): folder_query_set = folder_query_set.filter(workspace_id=workspace_id) application_query_set = application_query_set.filter(workspace_id=workspace_id) folder_id = instance.get('folder_id') - if folder_id is not None: + if folder_id is not None and folder_id != workspace_id: folder_query_set = folder_query_set.filter(parent=folder_id) application_query_set = application_query_set.filter(folder_id=folder_id) if name is not None: diff --git a/apps/folders/serializers/folder.py b/apps/folders/serializers/folder.py index 3b8d288bc..8569f16a7 100644 --- a/apps/folders/serializers/folder.py +++ b/apps/folders/serializers/folder.py @@ -16,6 +16,7 @@ from knowledge.models import KnowledgeFolder, Knowledge from knowledge.serializers.knowledge import KnowledgeSerializer from knowledge.serializers.knowledge_folder import KnowledgeFolderTreeSerializer from system_manage.models import WorkspaceUserResourcePermission +from system_manage.serializers.user_resource_permission import UserResourcePermissionSerializer from tools.models import ToolFolder, Tool from tools.serializers.tool import ToolSerializer from tools.serializers.tool_folder import ToolFolderTreeSerializer @@ -139,6 +140,13 @@ class FolderSerializer(serializers.Serializer): parent_id=parent_id ) folder.save() + + UserResourcePermissionSerializer(data={ + 'workspace_id': self.data.get('workspace_id'), + 'user_id': self.data.get('user_id'), + 'auth_target_type': self.data.get('source') + }).auth_resource(str(folder.id), is_folder=True) + return FolderSerializer(folder).data class Operate(serializers.Serializer): diff --git a/apps/knowledge/serializers/knowledge.py b/apps/knowledge/serializers/knowledge.py index 417e9c0b1..fedd991c4 100644 --- a/apps/knowledge/serializers/knowledge.py +++ b/apps/knowledge/serializers/knowledge.py @@ -148,7 +148,7 @@ class KnowledgeSerializer(serializers.Serializer): if "workspace_id" in self.data and self.data.get('workspace_id') is not None: query_set = query_set.filter(**{'temp.workspace_id': self.data.get("workspace_id")}) folder_query_set = folder_query_set.filter(**{'workspace_id': self.data.get("workspace_id")}) - if "folder_id" in self.data and self.data.get('folder_id') is not None: + if "folder_id" in self.data and self.data.get('folder_id') is not None and self.data.get('workspace_id') != self.data.get('folder_id'): query_set = query_set.filter(**{'temp.folder_id': self.data.get("folder_id")}) folder_query_set = folder_query_set.filter(**{'parent_id': self.data.get("folder_id")}) if "scope" in self.data and self.data.get('scope') is not None: diff --git a/apps/system_manage/serializers/user_resource_permission.py b/apps/system_manage/serializers/user_resource_permission.py index a58307352..bb2235cdd 100644 --- a/apps/system_manage/serializers/user_resource_permission.py +++ b/apps/system_manage/serializers/user_resource_permission.py @@ -73,7 +73,8 @@ class UpdateUserResourcePermissionRequest(serializers.Serializer): illegal_target_id_list = select_list( get_file_content( os.path.join(PROJECT_DIR, "apps", "system_manage", 'sql', 'check_member_permission_target_exists.sql')), - [json.dumps(user_resource_permission_list), workspace_id, workspace_id, workspace_id, workspace_id,workspace_id,workspace_id,workspace_id]) + [json.dumps(user_resource_permission_list), workspace_id, workspace_id, workspace_id, workspace_id, + workspace_id, workspace_id, workspace_id]) if illegal_target_id_list is not None and len(illegal_target_id_list) > 0: raise AppApiException(500, _('Non-existent id[') + str(illegal_target_id_list) + ']') @@ -192,7 +193,7 @@ class UserResourcePermissionSerializer(serializers.Serializer): cache.delete(key, version=version) return True - def auth_resource(self, resource_id: str): + def auth_resource(self, resource_id: str, is_folder=False): self.is_valid(raise_exception=True) auth_target_type = self.data.get('auth_target_type') workspace_id = self.data.get('workspace_id') @@ -206,11 +207,12 @@ class UserResourcePermissionSerializer(serializers.Serializer): target=resource_id, auth_target_type=auth_target_type, permission_list=[ResourcePermission.VIEW, - ResourcePermission.MANAGE] if auth_type == ResourceAuthType.RESOURCE_PERMISSION_GROUP else [ + ResourcePermission.MANAGE] if ( + auth_type == ResourceAuthType.RESOURCE_PERMISSION_GROUP or is_folder) else [ ResourcePermissionRole.ROLE], workspace_id=workspace_id, user_id=user_id, - auth_type=auth_type + auth_type=ResourceAuthType.RESOURCE_PERMISSION_GROUP if is_folder else auth_type ).save() # 刷新缓存 version = Cache_Version.PERMISSION_LIST.get_version() @@ -358,7 +360,7 @@ class ResourceUserPermissionSerializer(serializers.Serializer): permission__in=query_p_list) workspace_user_role_mapping_model = DatabaseModelManage.get_model("workspace_user_role_mapping") if workspace_user_role_mapping_model: - user_query_set=user_query_set.filter( + user_query_set = user_query_set.filter( id__in=QuerySet(workspace_user_role_mapping_model).filter( workspace_id=self.data.get('workspace_id')).values("user_id")) diff --git a/apps/tools/serializers/tool.py b/apps/tools/serializers/tool.py index 8efe2e877..398b3b5c5 100644 --- a/apps/tools/serializers/tool.py +++ b/apps/tools/serializers/tool.py @@ -921,7 +921,7 @@ class ToolTreeSerializer(serializers.Serializer): if workspace_id is not None: folder_query_set = folder_query_set.filter(workspace_id=workspace_id) default_query_set = default_query_set.filter(workspace_id=workspace_id) - if folder_id is not None: + if folder_id is not None and folder_id != workspace_id: folder_query_set = folder_query_set.filter(parent=folder_id) default_query_set = default_query_set.filter(folder_id=folder_id) if name is not None: