Permission (#1687)

Co-authored-by: Archer <545436317@qq.com> Co-authored-by: Finley Ge <32237950+FinleyGe@users.noreply.github.com>
2025-08-06 07:28:56 +00:00 · 2024-06-04 17:52:00 +08:00
parent fcb915c988
commit 19c8a06d51
109 changed files with 2291 additions and 1091 deletions
--- a/projects/app/src/pages/api/support/openapi/create.ts
+++ b/projects/app/src/pages/api/support/openapi/create.ts
@@ -4,13 +4,15 @@ import { connectToDatabase } from '@/service/mongo';
 import { MongoOpenApi } from '@fastgpt/service/support/openapi/schema';
 import { customAlphabet } from 'nanoid';
 import type { EditApiKeyProps } from '@/global/support/openapi/api';
-import { authUserNotVisitor } from '@fastgpt/service/support/permission/auth/user';
+import { authUserPer } from '@fastgpt/service/support/permission/user/auth';
+import { WritePermissionVal } from '@fastgpt/global/support/permission/constant';
+import { getNanoid } from '@fastgpt/global/common/string/tools';

 export default async function handler(req: NextApiRequest, res: NextApiResponse) {
  try {
    await connectToDatabase();
    const { appId, name, limit } = req.body as EditApiKeyProps;
-    const { teamId, tmbId } = await authUserNotVisitor({ req, authToken: true });
+    const { teamId, tmbId } = await authUserPer({ req, authToken: true, per: WritePermissionVal });

    const count = await MongoOpenApi.find({ tmbId, appId }).countDocuments();

@@ -18,11 +20,8 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
      throw new Error('最多 10 组 API 秘钥');
    }

-    const nanoid = customAlphabet(
-      'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890',
-      Math.floor(Math.random() * 14) + 52
-    );
-    const apiKey = `${global.systemEnv?.openapiPrefix || 'fastgpt'}-${nanoid()}`;
+    const nanoid = getNanoid(Math.floor(Math.random() * 14) + 52);
+    const apiKey = `${global.systemEnv?.openapiPrefix || 'fastgpt'}-${nanoid}`;

    await MongoOpenApi.create({
      teamId,
--- a/projects/app/src/pages/api/support/openapi/list.ts
+++ b/projects/app/src/pages/api/support/openapi/list.ts
@@ -3,8 +3,9 @@ import { jsonRes } from '@fastgpt/service/common/response';
 import { connectToDatabase } from '@/service/mongo';
 import { MongoOpenApi } from '@fastgpt/service/support/openapi/schema';
 import type { GetApiKeyProps } from '@/global/support/openapi/api';
-import { authUserNotVisitor } from '@fastgpt/service/support/permission/auth/user';
-import { authApp } from '@fastgpt/service/support/permission/auth/app';
+import { authUserPer } from '@fastgpt/service/support/permission/user/auth';
+import { authApp } from '@fastgpt/service/support/permission/app/auth';
+import { ManagePermissionVal } from '@fastgpt/global/support/permission/constant';

 export default async function handler(req: NextApiRequest, res: NextApiResponse) {
  try {
@@ -12,11 +13,15 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
    const { appId } = req.query as GetApiKeyProps;

    if (appId) {
-      const { tmbId, teamOwner } = await authApp({ req, authToken: true, appId, per: 'w' });
+      await authApp({
+        req,
+        authToken: true,
+        appId,
+        per: ManagePermissionVal
+      });

      const findResponse = await MongoOpenApi.find({
-        appId,
-        ...(!teamOwner && { tmbId })
+        appId
      }).sort({ _id: -1 });

      return jsonRes(res, {
@@ -24,16 +29,16 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
      });
    }

-    const {
-      teamId,
-      tmbId,
-      isOwner: teamOwner
-    } = await authUserNotVisitor({ req, authToken: true });
+    const { teamId, tmbId, permission } = await authUserPer({
+      req,
+      authToken: true,
+      per: ManagePermissionVal
+    });

    const findResponse = await MongoOpenApi.find({
      appId,
      teamId,
-      ...(!teamOwner && { tmbId })
+      ...(!permission.isOwner && { tmbId })
    }).sort({ _id: -1 });

    return jsonRes(res, {
--- a/projects/app/src/pages/api/support/outLink/create.ts
+++ b/projects/app/src/pages/api/support/outLink/create.ts
@@ -2,10 +2,11 @@ import type { NextApiRequest, NextApiResponse } from 'next';
 import { jsonRes } from '@fastgpt/service/common/response';
 import { connectToDatabase } from '@/service/mongo';
 import { MongoOutLink } from '@fastgpt/service/support/outLink/schema';
-import { authApp } from '@fastgpt/service/support/permission/auth/app';
+import { authApp } from '@fastgpt/service/support/permission/app/auth';
 import type { OutLinkEditType } from '@fastgpt/global/support/outLink/type.d';
 import { customAlphabet } from 'nanoid';
 import { PublishChannelEnum } from '@fastgpt/global/support/outLink/constant';
+import { WritePermissionVal } from '@fastgpt/global/support/permission/constant';
 const nanoid = customAlphabet('abcdefghijklmnopqrstuvwxyz1234567890', 24);

 /* create a shareChat */
@@ -18,7 +19,12 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
        type: PublishChannelEnum;
      };

-    const { teamId, tmbId } = await authApp({ req, authToken: true, appId, per: 'w' });
+    const { teamId, tmbId } = await authApp({
+      req,
+      authToken: true,
+      appId,
+      per: WritePermissionVal
+    });

    const shareId = nanoid();
    await MongoOutLink.create({
--- a/projects/app/src/pages/api/support/outLink/delete.ts
+++ b/projects/app/src/pages/api/support/outLink/delete.ts
@@ -2,7 +2,8 @@ import type { NextApiRequest, NextApiResponse } from 'next';
 import { jsonRes } from '@fastgpt/service/common/response';
 import { connectToDatabase } from '@/service/mongo';
 import { MongoOutLink } from '@fastgpt/service/support/outLink/schema';
-import { authOutLinkCrud } from '@fastgpt/service/support/permission/auth/outLink';
+import { authOutLinkCrud } from '@fastgpt/service/support/permission/publish/authLink';
+import { ManagePermissionVal } from '@fastgpt/global/support/permission/constant';

 /* delete a shareChat by shareChatId */
 export default async function handler(req: NextApiRequest, res: NextApiResponse) {
@@ -13,7 +14,7 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
      id: string;
    };

-    await authOutLinkCrud({ req, outLinkId: id, authToken: true, per: 'owner' });
+    await authOutLinkCrud({ req, outLinkId: id, authToken: true, per: ManagePermissionVal });

    await MongoOutLink.findByIdAndRemove(id);

--- a/projects/app/src/pages/api/support/outLink/list.ts
+++ b/projects/app/src/pages/api/support/outLink/list.ts
@@ -2,7 +2,8 @@ import type { NextApiRequest, NextApiResponse } from 'next';
 import { jsonRes } from '@fastgpt/service/common/response';
 import { connectToDatabase } from '@/service/mongo';
 import { MongoOutLink } from '@fastgpt/service/support/outLink/schema';
-import { authApp } from '@fastgpt/service/support/permission/auth/app';
+import { authApp } from '@fastgpt/service/support/permission/app/auth';
+import { ManagePermissionVal } from '@fastgpt/global/support/permission/constant';

 /* get shareChat list by appId */
 export default async function handler(req: NextApiRequest, res: NextApiResponse) {
@@ -14,11 +15,15 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
      type: string;
    };

-    const { teamId, tmbId, isOwner } = await authApp({ req, authToken: true, appId, per: 'w' });
+    await authApp({
+      req,
+      authToken: true,
+      appId,
+      per: ManagePermissionVal
+    });

    const data = await MongoOutLink.find({
      appId,
-      ...(isOwner ? { teamId } : { tmbId }),
      type: type
    }).sort({
      _id: -1
--- a/projects/app/src/pages/api/support/outLink/update.ts
+++ b/projects/app/src/pages/api/support/outLink/update.ts
@@ -3,7 +3,8 @@ import { jsonRes } from '@fastgpt/service/common/response';
 import { connectToDatabase } from '@/service/mongo';
 import { MongoOutLink } from '@fastgpt/service/support/outLink/schema';
 import type { OutLinkEditType } from '@fastgpt/global/support/outLink/type.d';
-import { authOutLinkCrud } from '@fastgpt/service/support/permission/auth/outLink';
+import { authOutLinkCrud } from '@fastgpt/service/support/permission/publish/authLink';
+import { ManagePermissionVal } from '@fastgpt/global/support/permission/constant';

 export default async function handler(req: NextApiRequest, res: NextApiResponse) {
  try {
@@ -15,7 +16,7 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
      throw new Error('_id is required');
    }

-    await authOutLinkCrud({ req, outLinkId: _id, authToken: true, per: 'owner' });
+    await authOutLinkCrud({ req, outLinkId: _id, authToken: true, per: ManagePermissionVal });

    await MongoOutLink.findByIdAndUpdate(_id, {
      name,
--- a/projects/app/src/pages/api/support/user/team/update.ts
+++ b/projects/app/src/pages/api/support/user/team/update.ts
@@ -1,8 +1,9 @@
 import type { ApiRequestProps, ApiResponseType } from '@fastgpt/service/type/next';
 import { NextAPI } from '@/service/middleware/entry';
 import { UpdateTeamProps } from '@fastgpt/global/support/user/team/controller';
-import { authTeamOwner } from '@fastgpt/service/support/permission/auth/user';
+import { authUserPer } from '@fastgpt/service/support/permission/user/auth';
 import { updateTeam } from '@fastgpt/service/support/user/team/controller';
+import { ManagePermissionVal } from '@fastgpt/global/support/permission/constant';

 export type updateQuery = {};

@@ -13,7 +14,7 @@ export type updateResponse = {};
 async function handler(req: ApiRequestProps<updateBody, updateQuery>, res: ApiResponseType<any>) {
  const body = req.body as UpdateTeamProps;

-  const { teamId } = await authTeamOwner({ req, authToken: true });
+  const { teamId } = await authUserPer({ req, authToken: true, per: ManagePermissionVal });

  await updateTeam({ teamId, ...body });
 }