feat: team permission refine (#4494) (#4498)

* feat: team permission refine (#4402) * chore: team permission extend * feat: manage team permission * chore: api auth * fix: i18n * feat: add initv493 * fix: test, org auth manager * test: app test for refined permission * update init sh * fix: add/remove manage permission (#4427) * fix: add/remove manage permission * fix: github action fastgpt-test * fix: mock create model * fix: team write permission * fix: ts * account permission --------- Co-authored-by: Finley Ge <32237950+FinleyGe@users.noreply.github.com>
2025-10-17 16:45:02 +00:00 · 2025-04-10 11:11:54 +08:00
parent 80f41dd2a9
commit 199f454b6b
51 changed files with 1116 additions and 460 deletions
--- a/test/mocks/request.ts
+++ b/test/mocks/request.ts
@@ -1,4 +1,8 @@
+import { TeamErrEnum } from '@fastgpt/global/common/error/code/team';
 import { AuthUserTypeEnum } from '@fastgpt/global/support/permission/constant';
+import { TeamPermission } from '@fastgpt/global/support/permission/user/controller';
+import { MongoGroupMemberModel } from '@fastgpt/service/support/permission/memberGroup/groupMemberSchema';
+import { getTmbInfoByTmbId } from '@fastgpt/service/support/user/team/controller';
 import { vi } from 'vitest';

 // vi.mock(import('@/service/middleware/entry'), async () => {
@@ -87,3 +91,62 @@ vi.mock(import('@fastgpt/service/support/permission/controller'), async (importO
    parseHeaderCert
  };
 });
+
+vi.mock(
+  import('@fastgpt/service/support/permission/memberGroup/controllers'),
+  async (importOriginal) => {
+    const mod = await importOriginal();
+    const parseHeaderCert = vi.fn(
+      ({
+        req,
+        authToken = false,
+        authRoot = false,
+        authApiKey = false
+      }: {
+        req: MockReqType;
+        authToken?: boolean;
+        authRoot?: boolean;
+        authApiKey?: boolean;
+      }) => {
+        const { auth } = req;
+        if (!auth) {
+          return Promise.reject(Error('unAuthorization(mock)'));
+        }
+        return Promise.resolve(auth);
+      }
+    );
+    const authGroupMemberRole = vi.fn(async ({ groupId, role, ...props }: any) => {
+      const result = await parseHeaderCert(props);
+      const { teamId, tmbId, isRoot } = result;
+      if (isRoot) {
+        return {
+          ...result,
+          permission: new TeamPermission({
+            isOwner: true
+          }),
+          teamId,
+          tmbId
+        };
+      }
+      const [groupMember, tmb] = await Promise.all([
+        MongoGroupMemberModel.findOne({ groupId, tmbId }),
+        getTmbInfoByTmbId({ tmbId })
+      ]);
+
+      // Team admin or role check
+      if (tmb.permission.hasManagePer || (groupMember && role.includes(groupMember.role))) {
+        return {
+          ...result,
+          permission: tmb.permission,
+          teamId,
+          tmbId
+        };
+      }
+      return Promise.reject(TeamErrEnum.unAuthTeam);
+    });
+    return {
+      ...mod,
+      authGroupMemberRole
+    };
+  }
+);