feat: org auth for app & dataset (#3498)

* feat: auth org resource permission * feat: org auth support for app & dataset
2024-12-30 21:09:39 +08:00
parent efecfd44c3
commit fd9600c6f8
5 changed files with 108 additions and 53 deletions
--- a/projects/app/src/components/support/permission/MemberManager/AddMemberModal.tsx
+++ b/projects/app/src/components/support/permission/MemberManager/AddMemberModal.tsx
@@ -75,7 +75,7 @@ function AddMemberModal({ onClose, mode = 'member' }: AddModalPropsType) {
    if (mode !== 'all') return [];
    return orgs.filter((item) => {
      if (item.path === '') return false; // exclude root org
-      if (!permission.isOwner && myOrgs.find((i) => String(i._id) !== String(item._id)))
+      if (!permission.isOwner && !myOrgs.find((i) => String(i._id) === String(item._id)))
        return false;
      if (!searchText) return true;
      return item.name.includes(searchText);
--- a/projects/app/src/pages/api/core/app/list.ts
+++ b/projects/app/src/pages/api/core/app/list.ts
@@ -17,6 +17,7 @@ import { authUserPer } from '@fastgpt/service/support/permission/user/auth';
 import { replaceRegChars } from '@fastgpt/global/common/string/tools';
 import { getGroupPer } from '@fastgpt/service/support/permission/controller';
 import { getGroupsByTmbId } from '@fastgpt/service/support/permission/memberGroup/controllers';
+import { getOrgsWithParentByTmbId } from '@fastgpt/service/support/permission/org/controllers';

 export type ListAppBody = {
  parentId?: ParentIdType;
@@ -25,7 +26,7 @@ export type ListAppBody = {
  searchKey?: string;
 };

-/* 
+/*
  获取 APP 列表权限
  1. 校验 folder 权限和获取 team 权限（owner 单独处理）
  2. 获取 team 下所有 app 权限。获取我的所有组。并计算出我所有的app权限。
@@ -48,19 +49,19 @@ async function handler(req: ApiRequestProps<ListAppBody>): Promise<AppListItemTy
    }),
    ...(parentId
      ? [
-          authApp({
-            req,
-            authToken: true,
-            authApiKey: true,
-            appId: parentId,
-            per: ReadPermissionVal
-          })
-        ]
+        authApp({
+          req,
+          authToken: true,
+          authApiKey: true,
+          appId: parentId,
+          per: ReadPermissionVal
+        })
+      ]
      : [])
  ]);

  // Get team all app permissions
-  const [perList, myGroupMap] = await Promise.all([
+  const [perList, myGroupMap, myOrgSet] = await Promise.all([
    MongoResourcePermission.find({
      resourceType: PerResourceTypeEnum.app,
      teamId,
@@ -77,11 +78,15 @@ async function handler(req: ApiRequestProps<ListAppBody>): Promise<AppListItemTy
        map.set(String(item._id), 1);
      });
      return map;
+    }),
+    getOrgsWithParentByTmbId({
+      teamId,
+      tmbId
    })
  ]);
  // Get my permissions
  const myPerList = perList.filter(
-    (item) => String(item.tmbId) === String(tmbId) || myGroupMap.has(String(item.groupId))
+    (item) => String(item.tmbId) === String(tmbId) || myGroupMap.has(String(item.groupId)) || myOrgSet.has(String(item.orgId))
  );

  const findAppsQuery = (() => {
@@ -99,17 +104,17 @@ async function handler(req: ApiRequestProps<ListAppBody>): Promise<AppListItemTy
      ? {}
      : parentId
        ? {
-            $or: [idList, parseParentIdInMongo(parentId)]
-          }
+          $or: [idList, parseParentIdInMongo(parentId)]
+        }
        : { $or: [idList, { parentId: null }] };

    const searchMatch = searchKey
      ? {
-          $or: [
-            { name: { $regex: new RegExp(`${replaceRegChars(searchKey)}`, 'i') } },
-            { intro: { $regex: new RegExp(`${replaceRegChars(searchKey)}`, 'i') } }
-          ]
-        }
+        $or: [
+          { name: { $regex: new RegExp(`${replaceRegChars(searchKey)}`, 'i') } },
+          { intro: { $regex: new RegExp(`${replaceRegChars(searchKey)}`, 'i') } }
+        ]
+      }
      : {};

    if (searchKey) {
@@ -153,7 +158,7 @@ async function handler(req: ApiRequestProps<ListAppBody>): Promise<AppListItemTy
          )?.permission;
          const groupPer = getGroupPer(
            myPerList
-              .filter((item) => String(item.resourceId) === appId && !!item.groupId)
+              .filter((item) => String(item.resourceId) === appId && (!!item.groupId || !!item.orgId))
              .map((item) => item.permission)
          );

--- a/projects/app/src/pages/api/core/dataset/list.ts
+++ b/projects/app/src/pages/api/core/dataset/list.ts
@@ -18,6 +18,7 @@ import { authDataset } from '@fastgpt/service/support/permission/dataset/auth';
 import { replaceRegChars } from '@fastgpt/global/common/string/tools';
 import { getGroupsByTmbId } from '@fastgpt/service/support/permission/memberGroup/controllers';
 import { getGroupPer } from '@fastgpt/service/support/permission/controller';
+import { getOrgsWithParentByTmbId } from '@fastgpt/service/support/permission/org/controllers';

 export type GetDatasetListBody = {
  parentId: ParentIdType;
@@ -38,19 +39,19 @@ async function handler(req: ApiRequestProps<GetDatasetListBody>) {
    }),
    ...(parentId
      ? [
-          authDataset({
-            req,
-            authToken: true,
-            authApiKey: true,
-            per: ReadPermissionVal,
-            datasetId: parentId
-          })
-        ]
+        authDataset({
+          req,
+          authToken: true,
+          authApiKey: true,
+          per: ReadPermissionVal,
+          datasetId: parentId
+        })
+      ]
      : [])
  ]);

  // Get team all app permissions
-  const [perList, myGroupMap] = await Promise.all([
+  const [perList, myGroupMap, myOrgSet] = await Promise.all([
    MongoResourcePermission.find({
      resourceType: PerResourceTypeEnum.dataset,
      teamId,
@@ -67,10 +68,14 @@ async function handler(req: ApiRequestProps<GetDatasetListBody>) {
        map.set(String(item._id), 1);
      });
      return map;
+    }),
+    getOrgsWithParentByTmbId({
+      teamId,
+      tmbId
    })
  ]);
  const myPerList = perList.filter(
-    (item) => String(item.tmbId) === String(tmbId) || myGroupMap.has(String(item.groupId))
+    (item) => String(item.tmbId) === String(tmbId) || myGroupMap.has(String(item.groupId)) || myOrgSet.has(String(item.orgId))
  );

  const findDatasetQuery = (() => {
@@ -80,17 +85,17 @@ async function handler(req: ApiRequestProps<GetDatasetListBody>) {
      ? {}
      : parentId
        ? {
-            $or: [idList, parseParentIdInMongo(parentId)]
-          }
+          $or: [idList, parseParentIdInMongo(parentId)]
+        }
        : { $or: [idList, { parentId: null }] };

    const searchMatch = searchKey
      ? {
-          $or: [
-            { name: { $regex: new RegExp(`${replaceRegChars(searchKey)}`, 'i') } },
-            { intro: { $regex: new RegExp(`${replaceRegChars(searchKey)}`, 'i') } }
-          ]
-        }
+        $or: [
+          { name: { $regex: new RegExp(`${replaceRegChars(searchKey)}`, 'i') } },
+          { intro: { $regex: new RegExp(`${replaceRegChars(searchKey)}`, 'i') } }
+        ]
+      }
      : {};

    if (searchKey) {
@@ -124,7 +129,7 @@ async function handler(req: ApiRequestProps<GetDatasetListBody>) {
          )?.permission;
          const groupPer = getGroupPer(
            myPerList
-              .filter((item) => String(item.resourceId) === datasetId && !!item.groupId)
+              .filter((item) => String(item.resourceId) === datasetId && (!!item.groupId || !!item.orgId))
              .map((item) => item.permission)
          );
          return new DatasetPermission({