4.8.6 merge (#1943)

* Dataset collection forbid (#1885) * perf: tool call support same id * feat: collection forbid * feat: collection forbid * Inheritance Permission for apps (#1897) * feat: app schema define chore: references of authapp * feat: authApp method inheritance * feat: create and update api * feat: update * feat: inheritance Permission controller for app. * feat: abstract version of inheritPermission * feat: ancestorId for apps * chore: update app * fix: inheritPermission abstract version * feat: update folder defaultPermission * feat: app update api * chore: inheritance frontend * chore: app list api * feat: update defaultPermission in app deatil * feat: backend api finished * feat: app inheritance permission fe * fix: app update defaultpermission causes collaborator miss * fix: ts error * chore: adjust the codes * chore: i18n chore: i18n * chore: fe adjust and i18n * chore: adjust the code * feat: resume api; chore: rewrite update api and inheritPermission methods * chore: something * chore: fe code adjusting * feat: frontend adjusting * chore: fe code adjusting * chore: adjusting the code * perf: fe loading * format * Inheritance fix (#1908) * fix: SlideCard * fix: authapp did not return parent app for inheritance app * fix: fe adjusting * feat: fe adjusing * perf: inherit per ux * doc * fix: ts errors (#1916) * perf: inherit permission * fix: permission inherit * Workflow type (#1938) * perf: workflow type tmp workflow perf: workflow type feat: custom field config * perf: dynamic input * perf: node classify * perf: node classify * perf: node classify * perf: node classify * fix: workflow custom input * feat: text editor and customFeedback move to basic nodes * feat: community system plugin * fix: ts * feat: exprEval plugin * perf: workflow type * perf: plugin important * fix: default templates * perf: markdown hr css * lock * perf: fetch url * perf: new plugin version * fix: chat histories update * fix: collection paths invalid * perf: app card ui --------- Co-authored-by: Finley Ge <32237950+FinleyGe@users.noreply.github.com>
2025-10-16 16:04:34 +00:00 · 2024-07-04 17:42:09 +08:00
parent babf03c218
commit a9cdece341
303 changed files with 18883 additions and 13149 deletions
--- a/packages/service/support/permission/app/auth.ts
+++ b/packages/service/support/permission/app/auth.ts
@@ -10,6 +10,8 @@ import { getResourcePermission } from '../controller';
 import { AppPermission } from '@fastgpt/global/support/permission/app/controller';
 import { AuthResponseType } from '../type/auth.d';
 import { PermissionValueType } from '@fastgpt/global/support/permission/type';
+import { AppFolderTypeList } from '@fastgpt/global/core/app/constants';
+import { ParentIdType } from '@fastgpt/global/common/parentFolder/type';

 export const authAppByTmbId = async ({
  tmbId,
@@ -19,27 +21,57 @@ export const authAppByTmbId = async ({
  tmbId: string;
  appId: string;
  per: PermissionValueType;
-}) => {
+}): Promise<{
+  app: AppDetailType;
+}> => {
  const { teamId, permission: tmbPer } = await getTmbInfoByTmbId({ tmbId });

  const app = await (async () => {
-    // get app and per
-    const [app, rp] = await Promise.all([
-      MongoApp.findOne({ _id: appId, teamId }).lean(),
-      getResourcePermission({
-        teamId,
-        tmbId,
-        resourceId: appId,
-        resourceType: PerResourceTypeEnum.app
-      }) // this could be null
-    ]);
+    const app = await MongoApp.findOne({ _id: appId }).lean();

    if (!app) {
      return Promise.reject(AppErrEnum.unExist);
    }
-
    const isOwner = tmbPer.isOwner || String(app.tmbId) === String(tmbId);
-    const Per = new AppPermission({ per: rp?.permission ?? app.defaultPermission, isOwner });
+
+    const { Per, defaultPermission } = await (async () => {
+      if (
+        AppFolderTypeList.includes(app.type) ||
+        app.inheritPermission === false ||
+        !app.parentId
+      ) {
+        // 1. is a folder. (Folders have compeletely permission)
+        // 2. inheritPermission is false.
+        // 3. is root folder/app.
+        const rp = await getResourcePermission({
+          teamId,
+          tmbId,
+          resourceId: appId,
+          resourceType: PerResourceTypeEnum.app
+        });
+        const Per = new AppPermission({ per: rp?.permission ?? app.defaultPermission, isOwner });
+        return {
+          Per,
+          defaultPermission: app.defaultPermission
+        };
+      } else {
+        // is not folder and inheritPermission is true and is not root folder.
+        const { app: parent } = await authAppByTmbId({
+          tmbId,
+          appId: app.parentId,
+          per
+        });
+
+        const Per = new AppPermission({
+          per: parent.permission.value,
+          isOwner
+        });
+        return {
+          Per,
+          defaultPermission: parent.defaultPermission
+        };
+      }
+    })();

    if (!Per.checkPer(per)) {
      return Promise.reject(AppErrEnum.unAuthApp);
@@ -47,6 +79,7 @@ export const authAppByTmbId = async ({

    return {
      ...app,
+      defaultPermission,
      permission: Per
    };
  })();
@@ -59,7 +92,7 @@ export const authApp = async ({
  per,
  ...props
 }: AuthPropsType & {
-  appId: string;
+  appId: ParentIdType;
 }): Promise<
  AuthResponseType & {
    app: AppDetailType;
@@ -68,6 +101,10 @@ export const authApp = async ({
  const result = await parseHeaderCert(props);
  const { tmbId } = result;

+  if (!appId) {
+    return Promise.reject(AppErrEnum.unExist);
+  }
+
  const { app } = await authAppByTmbId({
    tmbId,
    appId,