From af6f88a616bbe3e42d2a86110c027dfaf4c1cbef Mon Sep 17 00:00:00 2001 From: shaohuzhang1 <80892890+shaohuzhang1@users.noreply.github.com> Date: Tue, 24 Jun 2025 13:45:36 +0800 Subject: [PATCH] fix: application knowledge list (#3365) --- apps/application/serializers/application.py | 19 ++++-------- .../sql/list_application_user_ee.sql | 5 ++- apps/knowledge/serializers/knowledge.py | 14 +++------ apps/knowledge/sql/list_knowledge_user_ee.sql | 5 ++- .../component/PermissionSetting.vue | 9 ++---- .../system/resource-authorization/index.vue | 31 ++++++++++--------- 6 files changed, 38 insertions(+), 45 deletions(-) diff --git a/apps/application/serializers/application.py b/apps/application/serializers/application.py index 3d61940be..055679b4a 100644 --- a/apps/application/serializers/application.py +++ b/apps/application/serializers/application.py @@ -295,7 +295,7 @@ class Query(serializers.Serializer): workspace_id = serializers.CharField(required=False, label=_('Workspace ID')) user_id = serializers.UUIDField(required=True, label=_("User ID")) - def get_query_set(self, instance: Dict, workspace_manage: bool, is_x_pack_ee: bool): + def get_query_set(self, instance: Dict, workspace_manage): folder_query_set = QuerySet(ApplicationFolder) application_query_set = QuerySet(Application) workspace_id = self.data.get('workspace_id') @@ -317,13 +317,8 @@ class Query(serializers.Serializer): application_query_set = application_query_set.filter(desc__contains=desc) application_custom_sql_query_set = application_query_set application_query_set = application_query_set.order_by("-update_time") - workspace_user_role_mapping_model = DatabaseModelManage.get_model('workspace_user_role_mapping') - return {'folder_query_set': folder_query_set, - 'application_query_set': application_query_set, - 'user_query_set': QuerySet( - workspace_user_role_mapping_model).filter( - user_id=user_id, workspace_id=workspace_id)} if (not workspace_manage and is_x_pack_ee) else { + 'application_query_set': application_query_set} if not workspace_manage else { 'folder_query_set': folder_query_set, 'application_query_set': application_query_set, 'application_custom_sql': application_custom_sql_query_set @@ -341,12 +336,11 @@ class Query(serializers.Serializer): user_id = self.data.get("user_id") ApplicationQueryRequest(data=instance).is_valid(raise_exception=True) workspace_manage = is_workspace_manage(user_id, workspace_id) - is_x_pack_ee = self.is_x_pack_ee() - return native_search(self.get_query_set(instance, workspace_manage, is_x_pack_ee), + return native_search(self.get_query_set(instance, workspace_manage), select_string=get_file_content( os.path.join(PROJECT_DIR, "apps", "application", 'sql', 'list_application.sql' if workspace_manage else ( - 'list_application_user_ee.sql' if is_x_pack_ee else 'list_application_user.sql') + 'list_application_user_ee.sql' if self.is_x_pack_ee() else 'list_application_user.sql') ))) def page(self, current_page: int, page_size: int, instance: Dict): @@ -355,12 +349,11 @@ class Query(serializers.Serializer): workspace_id = self.data.get('workspace_id') user_id = self.data.get("user_id") workspace_manage = is_workspace_manage(user_id, workspace_id) - is_x_pack_ee = self.is_x_pack_ee() - return native_page_search(current_page, page_size, self.get_query_set(instance, workspace_manage, is_x_pack_ee), + return native_page_search(current_page, page_size, self.get_query_set(instance, workspace_manage), get_file_content( os.path.join(PROJECT_DIR, "apps", "application", 'sql', 'list_application.sql' if workspace_manage else ( - 'list_application_user_ee.sql' if is_x_pack_ee else 'list_application_user.sql'))), + 'list_application_user_ee.sql' if self.is_x_pack_ee() else 'list_application_user.sql'))), ) diff --git a/apps/application/sql/list_application_user_ee.sql b/apps/application/sql/list_application_user_ee.sql index 37db11c09..f3c83498a 100644 --- a/apps/application/sql/list_application_user_ee.sql +++ b/apps/application/sql/list_application_user_ee.sql @@ -17,11 +17,14 @@ from (select application."id"::text, where auth_target_type = 'APPLICATION' and case when auth_type = 'ROLE' then + 'ROLE' = any (permission_list) + and 'APPLICATION:READ' in (select (case when user_role_relation.role_id = any (array ['USER']) THEN 'APPLICATION:READ' else role_permission.permission_id END) from role_permission role_permission right join user_role_relation user_role_relation on user_role_relation.role_id=role_permission.role_id - ${user_query_set}) + where user_role_relation.user_id=workspace_user_resource_permission.user_id + and user_role_relation.workspace_id=workspace_user_resource_permission.workspace_id) else 'VIEW' = any (permission_list) diff --git a/apps/knowledge/serializers/knowledge.py b/apps/knowledge/serializers/knowledge.py index 4c3c03e58..3adebe82e 100644 --- a/apps/knowledge/serializers/knowledge.py +++ b/apps/knowledge/serializers/knowledge.py @@ -120,7 +120,7 @@ class KnowledgeSerializer(serializers.Serializer): role_permission_mapping_model = DatabaseModelManage.get_model("role_permission_mapping_model") return workspace_user_role_mapping_model is not None and role_permission_mapping_model is not None - def get_query_set(self, workspace_manage, is_x_pack_ee): + def get_query_set(self): workspace_id = self.data.get("workspace_id") query_set_dict = {} query_set = QuerySet(model=get_dynamics_model({ @@ -157,10 +157,6 @@ class KnowledgeSerializer(serializers.Serializer): 'knowledge.workspace_id': models.CharField(), })).filter(**{'knowledge.workspace_id': workspace_id}) query_set_dict['folder_query_set'] = folder_query_set - workspace_user_role_mapping_model = DatabaseModelManage.get_model('workspace_user_role_mapping') - if not workspace_manage and is_x_pack_ee: - query_set_dict['user_query_set'] = QuerySet(workspace_user_role_mapping_model).filter( - user_id=self.data.get("user_id"), workspace_id=workspace_id) return query_set_dict def page(self, current_page: int, page_size: int): @@ -171,18 +167,17 @@ class KnowledgeSerializer(serializers.Serializer): if not root: raise serializers.ValidationError(_('Folder not found')) workspace_manage = is_workspace_manage(self.data.get('user_id'), self.data.get('workspace_id')) - is_x_pack_ee = self.is_x_pack_ee() return native_page_search( current_page, page_size, - self.get_query_set(workspace_manage, is_x_pack_ee), + self.get_query_set(), select_string=get_file_content( os.path.join( PROJECT_DIR, "apps", "knowledge", 'sql', 'list_knowledge.sql' if workspace_manage else ( - 'list_knowledge_user_ee.sql' if is_x_pack_ee else 'list_knowledge_user.sql' + 'list_knowledge_user_ee.sql' if self.is_x_pack_ee() else 'list_knowledge_user.sql' ) ) ), @@ -196,9 +191,8 @@ class KnowledgeSerializer(serializers.Serializer): if not root: raise serializers.ValidationError(_('Folder not found')) workspace_manage = is_workspace_manage(self.data.get('user_id'), self.data.get('workspace_id')) - is_x_pack_ee = self.is_x_pack_ee() return native_search( - self.get_query_set(workspace_manage, is_x_pack_ee), + self.get_query_set(), select_string=get_file_content( os.path.join( PROJECT_DIR, diff --git a/apps/knowledge/sql/list_knowledge_user_ee.sql b/apps/knowledge/sql/list_knowledge_user_ee.sql index 08546eb99..364a6df5b 100644 --- a/apps/knowledge/sql/list_knowledge_user_ee.sql +++ b/apps/knowledge/sql/list_knowledge_user_ee.sql @@ -25,11 +25,14 @@ FROM (SELECT "temp_knowledge".id::text, "temp_knowledge".name, where auth_target_type = 'KNOWLEDGE' and case when auth_type = 'ROLE' then + 'ROLE' = any (permission_list) + and 'KNOWLEDGE:READ' in (select (case when user_role_relation.role_id = any (array ['USER']) THEN 'KNOWLEDGE:READ' else role_permission.permission_id END) from role_permission role_permission right join user_role_relation user_role_relation on user_role_relation.role_id=role_permission.role_id - ${user_query_set}) + where user_role_relation.user_id=workspace_user_resource_permission.user_id + and user_role_relation.workspace_id=workspace_user_resource_permission.workspace_id) else 'VIEW' = any (permission_list) end diff --git a/ui/src/views/system/resource-authorization/component/PermissionSetting.vue b/ui/src/views/system/resource-authorization/component/PermissionSetting.vue index 39778cbd0..6acb1b337 100644 --- a/ui/src/views/system/resource-authorization/component/PermissionSetting.vue +++ b/ui/src/views/system/resource-authorization/component/PermissionSetting.vue @@ -181,13 +181,12 @@ const props = defineProps({ manage: Boolean, isRole: Boolean, }) -const emit = defineEmits(['update:data', 'refreshData','update:isRole']) +const emit = defineEmits(['update:data', 'refreshData', 'update:isRole']) const radioRole = computed({ get: () => props.isRole, - set: (v:boolean) => { + set: (v: boolean) => { emit('update:isRole', v) - - } + }, }) const isKnowledge = computed(() => props.type === AuthorizationEnum.KNOWLEDGE) const isApplication = computed(() => props.type === AuthorizationEnum.APPLICATION) @@ -214,8 +213,6 @@ const dfsPermission = (arr: any = [], Name: string | number, e: boolean, idArr: }) } - - const filterText = ref('') const filterData = computed(() => diff --git a/ui/src/views/system/resource-authorization/index.vue b/ui/src/views/system/resource-authorization/index.vue index eb4291be1..9db40f957 100644 --- a/ui/src/views/system/resource-authorization/index.vue +++ b/ui/src/views/system/resource-authorization/index.vue @@ -150,19 +150,20 @@ const flotTree = (tree: Array, result: Array) => { return result } function submitPermissions() { - const user_resource_permission_list = settingTags.map((item: any, index: number) => { - return flotTree(item.data, []) - .filter((v: any) => !v.isFolder) - .map((v: any) => { - return { - target_id: v.id, - auth_target_type: item.value, - permission: v.permission, - auth_type: item.isRole ? 'ROLE' : 'RESOURCE_PERMISSION_GROUP', - } - }) - - }).reduce((pre: any, next: any) => [...pre, ...next], []) + const user_resource_permission_list = settingTags + .map((item: any, index: number) => { + return flotTree(item.data, []) + .filter((v: any) => !v.isFolder) + .map((v: any) => { + return { + target_id: v.id, + auth_target_type: item.value, + permission: v.permission, + auth_type: item.isRole ? 'ROLE' : 'RESOURCE_PERMISSION_GROUP', + } + }) + }) + .reduce((pre: any, next: any) => [...pre, ...next], []) AuthorizationApi.putResourceAuthorization( currentWorkspaceId.value || 'default', @@ -294,7 +295,9 @@ const getWholeTree = async (user_id: string) => { let folderIdMap = [] const folderTree = cloneDeep((parentRes as unknown as any).data) if (Object.keys(childrenRes.data).indexOf(item.value) !== -1) { - item.isRole = childrenRes.data[item.value].length>0 && childrenRes.data[item.value][0].permission.ROLE + item.isRole = + childrenRes.data[item.value].length > 0 && + childrenRes.data[item.value][0].auth_type == 'ROLE' folderIdMap = getFolderIdMap(childrenRes.data[item.value]) dfsFolder(folderTree, folderIdMap) const permissionHalf = {