fix: 删除用户组后清理角色信息，助手工具删除时判断权限校验

src/backend/bisheng/api/services/assistant.py

@@ -491,6 +491,10 @@ def delete_gpts_tools(cls, user: UserPayload, tool_type_id: int) -> UnifiedRespo
             return resp_200()
         if exist_tool_type.is_preset:
             return ToolTypeIsPresetError.return_resp()
+        # 判断是否有更新权限
+        if not user.access_check(exist_tool_type.user_id, exist_tool_type.id, AccessType.GPTS_TOOL_WRITE):
+            return UnAuthorizedError.return_resp()
+
         GptsToolsDao.delete_tool_type(tool_type_id)
         cls.delete_gpts_tool_hook(user, exist_tool_type)
         return resp_200()

src/backend/bisheng/api/services/role_group_service.py

@@ -1,5 +1,5 @@
 from datetime import datetime
-from typing import List, Any
+from typing import List, Any, Dict
 from uuid import UUID
 
 from fastapi.encoders import jsonable_encoder
@@ -17,7 +17,7 @@
 from bisheng.database.models.group import Group, GroupCreate, GroupDao, GroupRead, DefaultGroup
 from bisheng.database.models.group_resource import GroupResourceDao, ResourceTypeEnum
 from bisheng.database.models.knowledge import KnowledgeDao
-from bisheng.database.models.role import AdminRole
+from bisheng.database.models.role import AdminRole, RoleDao
 from bisheng.database.models.user import User, UserDao
 from bisheng.database.models.user_role import UserRoleDao
 from bisheng.database.models.user_group import UserGroupCreate, UserGroupDao, UserGroupRead
@@ -90,6 +90,8 @@ def update_group_hook(self, request: Request, login_user: UserPayload, group: Gr
 
     def delete_group(self, request: Request, login_user: UserPayload, group_id: int):
         """删除用户组"""
+        if group_id == DefaultGroup:
+            raise HTTPException(status_code=500, detail='默认组不能删除')
         group_info = GroupDao.get_user_group(group_id)
         if not group_info:
             return resp_200()
@@ -121,7 +123,8 @@ def delete_group_hook(self, request: Request, login_user: UserPayload, group_inf
         if need_move_resource:
             GroupResourceDao.update_group_resource(need_move_resource)
         GroupResourceDao.delete_group_resource_by_group_id(group_info.id)
-
+        # 删除用户组下的角色列表
+        RoleDao.delete_role_by_group_id(group_info.id)
 
     def get_group_user_list(self, group_id: int, page_size: int, page_num: int) -> List[User]:
         """获取全量的group列表"""
@@ -178,16 +181,16 @@ def replace_user_groups(self, request: Request, login_user: UserPayload, user_id
 
         # 记录审计日志
         group_infos = GroupDao.get_group_by_ids(old_group + group_ids)
-        group_dict = {}
+        group_dict: Dict[int, str] = {}
         for one in group_infos:
             group_dict[one.id] = one.group_name
         note = "编辑前用户组："
         for one in old_group:
-            note += group_dict.get(one, one) + "、"
+            note += f'{group_dict.get(one, one)}、'
         note = note.rstrip('、')
         note += "编辑后用户组："
         for one in group_ids:
-            note += group_dict.get(one, one) + "、"
+            note += f'{group_dict.get(one, one)}、'
         note = note.rstrip('、')
         AuditLogService.update_user(login_user, get_request_ip(request), user_id, group_dict.keys(), note)
         return None

src/backend/bisheng/database/models/role.py

@@ -3,9 +3,11 @@
 
 from bisheng.database.base import session_getter
 from bisheng.database.models.base import SQLModelSerializable
-from sqlalchemy import Column, DateTime, text, func
+from sqlalchemy import Column, DateTime, text, func, delete, and_
 from sqlmodel import Field, select
 
+from bisheng.database.models.role_access import RoleAccess
+
 # 默认普通用户角色的ID
 DefaultRole = 2
 # 超级管理员角色ID
@@ -94,3 +96,17 @@ def get_role_by_ids(cls, role_ids: List[int]) -> List[Role]:
     def get_role_by_id(cls, role_id: int) -> Role:
         with session_getter() as session:
             return session.query(Role).filter(Role.id == role_id).first()
+
+    @classmethod
+    def delete_role_by_group_id(cls, group_id: int):
+        """
+        删除分组下所有的角色
+        """
+        with session_getter() as session:
+            all_access = select(RoleAccess, Role).join(
+                Role, and_(RoleAccess.role_id == Role.id,
+                           Role.group_id == group_id)).group_by(RoleAccess.id)
+            all_access = session.exec(all_access)
+            session.exec(delete(RoleAccess).where(RoleAccess.id.in_([one.id for one in all_access])))
+            session.exec(delete(Role).where(Role.group_id == group_id))
+            session.commit()