From ec619c1e19efe8200e03c2e8f6e3d0716542680c Mon Sep 17 00:00:00 2001 From: GuoQing Zhang Date: Fri, 28 Jun 2024 17:17:14 +0800 Subject: [PATCH] =?UTF-8?q?fix:=20=E5=88=A0=E9=99=A4=E7=94=A8=E6=88=B7?= =?UTF-8?q?=E7=BB=84=E5=90=8E=E6=B8=85=E7=90=86=E8=A7=92=E8=89=B2=E4=BF=A1?= =?UTF-8?q?=E6=81=AF=EF=BC=8C=E5=8A=A9=E6=89=8B=E5=B7=A5=E5=85=B7=E5=88=A0?= =?UTF-8?q?=E9=99=A4=E6=97=B6=E5=88=A4=E6=96=AD=E6=9D=83=E9=99=90=E6=A0=A1?= =?UTF-8?q?=E9=AA=8C?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/backend/bisheng/api/services/assistant.py | 4 ++++ .../bisheng/api/services/role_group_service.py | 15 +++++++++------ src/backend/bisheng/database/models/role.py | 18 +++++++++++++++++- 3 files changed, 30 insertions(+), 7 deletions(-) diff --git a/src/backend/bisheng/api/services/assistant.py b/src/backend/bisheng/api/services/assistant.py index f8164258a..cceb31534 100644 --- a/src/backend/bisheng/api/services/assistant.py +++ b/src/backend/bisheng/api/services/assistant.py @@ -491,6 +491,10 @@ def delete_gpts_tools(cls, user: UserPayload, tool_type_id: int) -> UnifiedRespo return resp_200() if exist_tool_type.is_preset: return ToolTypeIsPresetError.return_resp() + # 判断是否有更新权限 + if not user.access_check(exist_tool_type.user_id, exist_tool_type.id, AccessType.GPTS_TOOL_WRITE): + return UnAuthorizedError.return_resp() + GptsToolsDao.delete_tool_type(tool_type_id) cls.delete_gpts_tool_hook(user, exist_tool_type) return resp_200() diff --git a/src/backend/bisheng/api/services/role_group_service.py b/src/backend/bisheng/api/services/role_group_service.py index 3f0977454..a5aaa91e8 100644 --- a/src/backend/bisheng/api/services/role_group_service.py +++ b/src/backend/bisheng/api/services/role_group_service.py @@ -1,5 +1,5 @@ from datetime import datetime -from typing import List, Any +from typing import List, Any, Dict from uuid import UUID from fastapi.encoders import jsonable_encoder @@ -17,7 +17,7 @@ from bisheng.database.models.group import Group, GroupCreate, GroupDao, GroupRead, DefaultGroup from bisheng.database.models.group_resource import GroupResourceDao, ResourceTypeEnum from bisheng.database.models.knowledge import KnowledgeDao -from bisheng.database.models.role import AdminRole +from bisheng.database.models.role import AdminRole, RoleDao from bisheng.database.models.user import User, UserDao from bisheng.database.models.user_role import UserRoleDao from bisheng.database.models.user_group import UserGroupCreate, UserGroupDao, UserGroupRead @@ -90,6 +90,8 @@ def update_group_hook(self, request: Request, login_user: UserPayload, group: Gr def delete_group(self, request: Request, login_user: UserPayload, group_id: int): """删除用户组""" + if group_id == DefaultGroup: + raise HTTPException(status_code=500, detail='默认组不能删除') group_info = GroupDao.get_user_group(group_id) if not group_info: return resp_200() @@ -121,7 +123,8 @@ def delete_group_hook(self, request: Request, login_user: UserPayload, group_inf if need_move_resource: GroupResourceDao.update_group_resource(need_move_resource) GroupResourceDao.delete_group_resource_by_group_id(group_info.id) - + # 删除用户组下的角色列表 + RoleDao.delete_role_by_group_id(group_info.id) def get_group_user_list(self, group_id: int, page_size: int, page_num: int) -> List[User]: """获取全量的group列表""" @@ -178,16 +181,16 @@ def replace_user_groups(self, request: Request, login_user: UserPayload, user_id # 记录审计日志 group_infos = GroupDao.get_group_by_ids(old_group + group_ids) - group_dict = {} + group_dict: Dict[int, str] = {} for one in group_infos: group_dict[one.id] = one.group_name note = "编辑前用户组:" for one in old_group: - note += group_dict.get(one, one) + "、" + note += f'{group_dict.get(one, one)}、' note = note.rstrip('、') note += "编辑后用户组:" for one in group_ids: - note += group_dict.get(one, one) + "、" + note += f'{group_dict.get(one, one)}、' note = note.rstrip('、') AuditLogService.update_user(login_user, get_request_ip(request), user_id, group_dict.keys(), note) return None diff --git a/src/backend/bisheng/database/models/role.py b/src/backend/bisheng/database/models/role.py index 66f121688..b193d642f 100644 --- a/src/backend/bisheng/database/models/role.py +++ b/src/backend/bisheng/database/models/role.py @@ -3,9 +3,11 @@ from bisheng.database.base import session_getter from bisheng.database.models.base import SQLModelSerializable -from sqlalchemy import Column, DateTime, text, func +from sqlalchemy import Column, DateTime, text, func, delete, and_ from sqlmodel import Field, select +from bisheng.database.models.role_access import RoleAccess + # 默认普通用户角色的ID DefaultRole = 2 # 超级管理员角色ID @@ -94,3 +96,17 @@ def get_role_by_ids(cls, role_ids: List[int]) -> List[Role]: def get_role_by_id(cls, role_id: int) -> Role: with session_getter() as session: return session.query(Role).filter(Role.id == role_id).first() + + @classmethod + def delete_role_by_group_id(cls, group_id: int): + """ + 删除分组下所有的角色 + """ + with session_getter() as session: + all_access = select(RoleAccess, Role).join( + Role, and_(RoleAccess.role_id == Role.id, + Role.group_id == group_id)).group_by(RoleAccess.id) + all_access = session.exec(all_access) + session.exec(delete(RoleAccess).where(RoleAccess.id.in_([one.id for one in all_access]))) + session.exec(delete(Role).where(Role.group_id == group_id)) + session.commit()