purge old permission (#2118)

* chore: purge old permission
- remove useless role of teamMember
- Cleanup auth apis' Props and Return type Definitions

* chore: a better way of RequireAtLeastOne

Signed-off-by: Finley Ge <m13203533462@163.com>

---------

Signed-off-by: Finley Ge <m13203533462@163.com>

packages/service/support/permission/auth/common.ts

@@ -1,6 +1,7 @@
 import { parseHeaderCert } from '../controller';
 import { AuthModeType } from '../type';
 import { SERVICE_LOCAL_HOST } from '../../../common/system/tools';
+import { ApiRequestProps } from '../../../type/next';
 
 export const authCert = async (props: AuthModeType) => {
   const result = await parseHeaderCert(props);
@@ -13,7 +14,7 @@ export const authCert = async (props: AuthModeType) => {
 };
 
 /* auth the request from local service */
-export const authRequestFromLocal = ({ req }: AuthModeType) => {
+export const authRequestFromLocal = ({ req }: { req: ApiRequestProps }) => {
   if (req.headers.host !== SERVICE_LOCAL_HOST) {
     return Promise.reject('Invalid request');
   }

packages/service/support/permission/auth/file.ts

@@ -1,18 +1,17 @@
-import { AuthModeType } from '../type';
+import { AuthModeType, AuthResponseType } from '../type';
 import { DatasetFileSchema } from '@fastgpt/global/core/dataset/type';
 import { parseHeaderCert } from '../controller';
 import { getFileById } from '../../../common/file/gridfs/controller';
 import { BucketNameEnum } from '@fastgpt/global/common/file/constants';
 import { CommonErrEnum } from '@fastgpt/global/common/error/code/common';
 import { OwnerPermissionVal, ReadPermissionVal } from '@fastgpt/global/support/permission/constant';
-import { AuthPropsType, AuthResponseType } from '../type/auth';
 import { Permission } from '@fastgpt/global/support/permission/controller';
 
 export async function authFile({
   fileId,
   per = OwnerPermissionVal,
   ...props
-}: AuthPropsType & {
+}: AuthModeType & {
   fileId: string;
 }): Promise<
   AuthResponseType & {

packages/service/support/permission/auth/openapi.ts

@@ -6,10 +6,15 @@ import { getTmbInfoByTmbId } from '../../user/team/controller';
 import { MongoOpenApi } from '../../openapi/schema';
 import { OpenApiErrEnum } from '@fastgpt/global/common/error/code/openapi';
 import { TeamMemberRoleEnum } from '@fastgpt/global/support/user/team/constant';
+import {
+  OwnerPermissionVal,
+  ReadPermissionVal,
+  WritePermissionVal
+} from '@fastgpt/global/support/permission/constant';
 
 export async function authOpenApiKeyCrud({
   id,
-  per = 'owner',
+  per = OwnerPermissionVal,
   ...props
 }: AuthModeType & {
   id: string;
@@ -21,7 +26,7 @@ export async function authOpenApiKeyCrud({
   const result = await parseHeaderCert(props);
   const { tmbId, teamId } = result;
 
-  const { role } = await getTmbInfoByTmbId({ tmbId });
+  const { role, permission: tmbPer } = await getTmbInfoByTmbId({ tmbId });
 
   const { openapi, isOwner, canWrite } = await (async () => {
     const openapi = await MongoOpenApi.findOne({ _id: id, teamId });
@@ -31,16 +36,15 @@ export async function authOpenApiKeyCrud({
     }
 
     const isOwner = String(openapi.tmbId) === tmbId || role === TeamMemberRoleEnum.owner;
-    const canWrite =
-      isOwner || (String(openapi.tmbId) === tmbId && role !== TeamMemberRoleEnum.visitor);
+    const canWrite = isOwner || (String(openapi.tmbId) === tmbId && tmbPer.hasWritePer);
 
-    if (per === 'r' && !canWrite) {
+    if (per === ReadPermissionVal && !canWrite) {
       return Promise.reject(OpenApiErrEnum.unAuth);
     }
-    if (per === 'w' && !canWrite) {
+    if (per === WritePermissionVal && !canWrite) {
       return Promise.reject(OpenApiErrEnum.unAuth);
     }
-    if (per === 'owner' && !isOwner) {
+    if (per === OwnerPermissionVal && !isOwner) {
       return Promise.reject(OpenApiErrEnum.unAuth);
     }