diff --git a/apps/application/serializers/application.py b/apps/application/serializers/application.py index fe513a1b4..be6d9fe39 100644 --- a/apps/application/serializers/application.py +++ b/apps/application/serializers/application.py @@ -294,7 +294,7 @@ class Query(serializers.Serializer): workspace_id = serializers.CharField(required=False, label=_('Workspace ID')) user_id = serializers.UUIDField(required=True, label=_("User ID")) - def get_query_set(self, instance: Dict, workspace_manage: bool): + def get_query_set(self, instance: Dict, workspace_manage: bool, is_x_pack_ee: bool): folder_query_set = QuerySet(ApplicationFolder) application_query_set = QuerySet(Application) workspace_id = self.data.get('workspace_id') @@ -321,10 +321,11 @@ class Query(serializers.Serializer): 'folder_query_set': folder_query_set, 'application_query_set': application_query_set, 'application_custom_sql': application_custom_sql_query_set - } if workspace_manage else {'folder_query_set': folder_query_set, - 'application_query_set': application_query_set, - 'user_query_set': QuerySet(workspace_user_role_mapping_model).filter( - user_id=user_id, workspace_id=workspace_id)} + } if (workspace_manage and is_x_pack_ee) else {'folder_query_set': folder_query_set, + 'application_query_set': application_query_set, + 'user_query_set': QuerySet( + workspace_user_role_mapping_model).filter( + user_id=user_id, workspace_id=workspace_id)} @staticmethod def is_x_pack_ee(): @@ -338,12 +339,13 @@ class Query(serializers.Serializer): user_id = self.data.get("user_id") ApplicationQueryRequest(data=instance).is_valid(raise_exception=True) workspace_manage = is_workspace_manage(user_id, workspace_id) - - return native_search(self.get_query_set(instance, workspace_manage), select_string=get_file_content( - os.path.join(PROJECT_DIR, "apps", "application", 'sql', - 'list_application.sql' if workspace_manage else ( - 'list_application_user_ee.sql' if self.is_x_pack_ee() else 'list_application_user.sql') - ))) + is_x_pack_ee = self.is_x_pack_ee() + return native_search(self.get_query_set(instance, workspace_manage, is_x_pack_ee), + select_string=get_file_content( + os.path.join(PROJECT_DIR, "apps", "application", 'sql', + 'list_application.sql' if workspace_manage else ( + 'list_application_user_ee.sql' if is_x_pack_ee else 'list_application_user.sql') + ))) def page(self, current_page: int, page_size: int, instance: Dict): self.is_valid(raise_exception=True) @@ -351,11 +353,12 @@ class Query(serializers.Serializer): workspace_id = self.data.get('workspace_id') user_id = self.data.get("user_id") workspace_manage = is_workspace_manage(user_id, workspace_id) - return native_page_search(current_page, page_size, self.get_query_set(instance, workspace_manage), + is_x_pack_ee = self.is_x_pack_ee() + return native_page_search(current_page, page_size, self.get_query_set(instance, workspace_manage, is_x_pack_ee), get_file_content( os.path.join(PROJECT_DIR, "apps", "application", 'sql', 'list_application.sql' if workspace_manage else ( - 'list_application_user_ee.sql' if self.is_x_pack_ee() else 'list_application_user.sql'))), + 'list_application_user_ee.sql' if is_x_pack_ee else 'list_application_user.sql'))), ) diff --git a/apps/knowledge/serializers/knowledge.py b/apps/knowledge/serializers/knowledge.py index 7e8d0fed8..53751b71e 100644 --- a/apps/knowledge/serializers/knowledge.py +++ b/apps/knowledge/serializers/knowledge.py @@ -120,7 +120,7 @@ class KnowledgeSerializer(serializers.Serializer): role_permission_mapping_model = DatabaseModelManage.get_model("role_permission_mapping_model") return workspace_user_role_mapping_model is not None and role_permission_mapping_model is not None - def get_query_set(self): + def get_query_set(self, workspace_manage, is_x_pack_ee): workspace_id = self.data.get("workspace_id") query_set_dict = {} query_set = QuerySet(model=get_dynamics_model({ @@ -160,6 +160,10 @@ class KnowledgeSerializer(serializers.Serializer): 'knowledge.workspace_id': models.CharField(), })).filter(**{'knowledge.workspace_id': workspace_id}) query_set_dict['folder_query_set'] = folder_query_set + workspace_user_role_mapping_model = DatabaseModelManage.get_model('workspace_user_role_mapping') + if workspace_manage and is_x_pack_ee: + query_set_dict['user_query_set'] = QuerySet(workspace_user_role_mapping_model).filter( + user_id=self.data.get("user_id"), workspace_id=workspace_id) return query_set_dict def page(self, current_page: int, page_size: int): @@ -170,18 +174,18 @@ class KnowledgeSerializer(serializers.Serializer): if not root: raise serializers.ValidationError(_('Folder not found')) workspace_manage = is_workspace_manage(self.data.get('user_id'), self.data.get('workspace_id')) - + is_x_pack_ee = self.is_x_pack_ee() return native_page_search( current_page, page_size, - self.get_query_set(), + self.get_query_set(workspace_manage, is_x_pack_ee), select_string=get_file_content( os.path.join( PROJECT_DIR, "apps", "knowledge", 'sql', 'list_knowledge.sql' if workspace_manage else ( - 'list_knowledge_user_ee.sql' if self.is_x_pack_ee() else 'list_knowledge_user.sql' + 'list_knowledge_user_ee.sql' if is_x_pack_ee else 'list_knowledge_user.sql' ) ) ), diff --git a/apps/knowledge/sql/list_knowledge_user_ee.sql b/apps/knowledge/sql/list_knowledge_user_ee.sql index abd00519a..08546eb99 100644 --- a/apps/knowledge/sql/list_knowledge_user_ee.sql +++ b/apps/knowledge/sql/list_knowledge_user_ee.sql @@ -20,15 +20,16 @@ FROM (SELECT "temp_knowledge".id::text, "temp_knowledge".name, "document_temp".document_count FROM (SELECT knowledge.* FROM knowledge knowledge ${knowledge_custom_sql} - AND id in (select target + AND "knowledge".id in (select target from workspace_user_resource_permission where auth_target_type = 'KNOWLEDGE' and case when auth_type = 'ROLE' then - 'KNOWLEDGE_READ' in (select permission_id - from role_permission - where role_id in (select role_id - from user_role_relation)) + 'KNOWLEDGE:READ' in (select (case when user_role_relation.role_id = any (array ['USER']) THEN 'KNOWLEDGE:READ' else role_permission.permission_id END) + from role_permission role_permission + right join user_role_relation user_role_relation + on user_role_relation.role_id=role_permission.role_id + ${user_query_set}) else 'VIEW' = any (permission_list) end