fix: outlink manage can delete/update others (#2158)

* fix: outlink manage be able to delete/update others * fix: remove enum validation for teamMemberSchema. because the old data has the role property, which may cause unknown bug * perf: change findAndRemove to deleteOne
2025-07-23 13:03:50 +00:00 · 2024-07-25 13:52:16 +08:00
parent 45b8d7e8de
commit 87dac54f1e
4 changed files with 26 additions and 27 deletions
--- a/packages/service/support/permission/auth/openapi.ts
+++ b/packages/service/support/permission/auth/openapi.ts
@@ -25,7 +25,7 @@ export async function authOpenApiKeyCrud({
  const { openapi, permission } = await (async () => {
    const openapi = await MongoOpenApi.findOne({ _id: id, teamId });
    if (!openapi) {
-      throw new Error(OpenApiErrEnum.unExist);
+      return Promise.reject(OpenApiErrEnum.unExist);
    }

    if (!!openapi.appId) {
--- a/packages/service/support/permission/publish/authLink.ts
+++ b/packages/service/support/permission/publish/authLink.ts
@@ -3,14 +3,14 @@ import { OutLinkSchema } from '@fastgpt/global/support/outLink/type';
 import { parseHeaderCert } from '../controller';
 import { MongoOutLink } from '../../outLink/schema';
 import { OutLinkErrEnum } from '@fastgpt/global/common/error/code/outLink';
-import { ManagePermissionVal } from '@fastgpt/global/support/permission/constant';
+import { OwnerPermissionVal } from '@fastgpt/global/support/permission/constant';
 import { authAppByTmbId } from '../app/auth';
 import { AuthModeType, AuthResponseType } from '../type';

 /* crud outlink permission */
 export async function authOutLinkCrud({
  outLinkId,
-  per,
+  per = OwnerPermissionVal,
  ...props
 }: AuthModeType & {
  outLinkId: string;
@@ -26,13 +26,13 @@ export async function authOutLinkCrud({
  const { app, outLink } = await (async () => {
    const outLink = await MongoOutLink.findOne({ _id: outLinkId, teamId });
    if (!outLink) {
-      throw new Error(OutLinkErrEnum.unExist);
+      return Promise.reject(OutLinkErrEnum.unExist);
    }

    const { app } = await authAppByTmbId({
      tmbId,
      appId: outLink.appId,
-      per: ManagePermissionVal
+      per: per
    });

    return {
--- a/packages/service/support/user/team/teamMemberSchema.ts
+++ b/packages/service/support/user/team/teamMemberSchema.ts
@@ -25,8 +25,8 @@ const TeamMemberSchema = new Schema({
    default: 'Member'
  },
  role: {
-    type: String,
-    enum: Object.keys(TeamMemberRoleMap)
+    type: String
+    // enum: Object.keys(TeamMemberRoleMap) // disable enum validation for old data
  },
  status: {
    type: String,