diff --git a/packages/global/support/user/team/constant.ts b/packages/global/support/user/team/constant.ts index cc4a92158..ea40229bd 100644 --- a/packages/global/support/user/team/constant.ts +++ b/packages/global/support/user/team/constant.ts @@ -3,22 +3,13 @@ export const TeamMemberCollectionName = 'team_members'; export const TeamTagsCollectionName = 'team_tags'; export enum TeamMemberRoleEnum { - owner = 'owner', - admin = 'admin', - visitor = 'visitor' + owner = 'owner' } + export const TeamMemberRoleMap = { [TeamMemberRoleEnum.owner]: { value: TeamMemberRoleEnum.owner, label: 'user.team.role.Owner' - }, - [TeamMemberRoleEnum.admin]: { - value: TeamMemberRoleEnum.admin, - label: 'user.team.role.Admin' - }, - [TeamMemberRoleEnum.visitor]: { - value: TeamMemberRoleEnum.visitor, - label: 'user.team.role.Visitor' } }; @@ -28,6 +19,7 @@ export enum TeamMemberStatusEnum { reject = 'reject', leave = 'leave' } + export const TeamMemberStatusMap = { [TeamMemberStatusEnum.waiting]: { label: 'user.team.member.waiting', @@ -46,4 +38,5 @@ export const TeamMemberStatusMap = { color: 'red.600' } }; + export const notLeaveStatus = { $ne: TeamMemberStatusEnum.leave }; diff --git a/packages/service/support/permission/app/auth.ts b/packages/service/support/permission/app/auth.ts index 4a08c1600..d4426ced7 100644 --- a/packages/service/support/permission/app/auth.ts +++ b/packages/service/support/permission/app/auth.ts @@ -1,19 +1,18 @@ /* Auth app permission */ import { MongoApp } from '../../../core/app/schema'; import { AppDetailType } from '@fastgpt/global/core/app/type.d'; -import { AuthPropsType } from '../type/auth.d'; import { parseHeaderCert } from '../controller'; import { PerResourceTypeEnum } from '@fastgpt/global/support/permission/constant'; import { AppErrEnum } from '@fastgpt/global/common/error/code/app'; import { getTmbInfoByTmbId } from '../../user/team/controller'; import { getResourcePermission } from '../controller'; import { AppPermission } from '@fastgpt/global/support/permission/app/controller'; -import { AuthResponseType } from '../type/auth.d'; import { PermissionValueType } from '@fastgpt/global/support/permission/type'; import { AppFolderTypeList } from '@fastgpt/global/core/app/constants'; import { ParentIdType } from '@fastgpt/global/common/parentFolder/type'; import { splitCombinePluginId } from '../../../core/app/plugin/controller'; import { PluginSourceEnum } from '@fastgpt/global/core/plugin/constants'; +import { AuthModeType, AuthResponseType } from '../type'; export const authPluginByTmbId = async ({ tmbId, @@ -112,8 +111,9 @@ export const authApp = async ({ appId, per, ...props -}: AuthPropsType & { +}: AuthModeType & { appId: ParentIdType; + per: PermissionValueType; }): Promise< AuthResponseType & { app: AppDetailType; diff --git a/packages/service/support/permission/auth/common.ts b/packages/service/support/permission/auth/common.ts index b85c3cd0e..a5c6b2328 100644 --- a/packages/service/support/permission/auth/common.ts +++ b/packages/service/support/permission/auth/common.ts @@ -1,6 +1,7 @@ import { parseHeaderCert } from '../controller'; import { AuthModeType } from '../type'; import { SERVICE_LOCAL_HOST } from '../../../common/system/tools'; +import { ApiRequestProps } from '../../../type/next'; export const authCert = async (props: AuthModeType) => { const result = await parseHeaderCert(props); @@ -13,7 +14,7 @@ export const authCert = async (props: AuthModeType) => { }; /* auth the request from local service */ -export const authRequestFromLocal = ({ req }: AuthModeType) => { +export const authRequestFromLocal = ({ req }: { req: ApiRequestProps }) => { if (req.headers.host !== SERVICE_LOCAL_HOST) { return Promise.reject('Invalid request'); } diff --git a/packages/service/support/permission/auth/file.ts b/packages/service/support/permission/auth/file.ts index 7504ed9f5..8a54c509f 100644 --- a/packages/service/support/permission/auth/file.ts +++ b/packages/service/support/permission/auth/file.ts @@ -1,18 +1,17 @@ -import { AuthModeType } from '../type'; +import { AuthModeType, AuthResponseType } from '../type'; import { DatasetFileSchema } from '@fastgpt/global/core/dataset/type'; import { parseHeaderCert } from '../controller'; import { getFileById } from '../../../common/file/gridfs/controller'; import { BucketNameEnum } from '@fastgpt/global/common/file/constants'; import { CommonErrEnum } from '@fastgpt/global/common/error/code/common'; import { OwnerPermissionVal, ReadPermissionVal } from '@fastgpt/global/support/permission/constant'; -import { AuthPropsType, AuthResponseType } from '../type/auth'; import { Permission } from '@fastgpt/global/support/permission/controller'; export async function authFile({ fileId, per = OwnerPermissionVal, ...props -}: AuthPropsType & { +}: AuthModeType & { fileId: string; }): Promise< AuthResponseType & { diff --git a/packages/service/support/permission/auth/openapi.ts b/packages/service/support/permission/auth/openapi.ts index 736cecc9c..75e081a88 100644 --- a/packages/service/support/permission/auth/openapi.ts +++ b/packages/service/support/permission/auth/openapi.ts @@ -6,10 +6,15 @@ import { getTmbInfoByTmbId } from '../../user/team/controller'; import { MongoOpenApi } from '../../openapi/schema'; import { OpenApiErrEnum } from '@fastgpt/global/common/error/code/openapi'; import { TeamMemberRoleEnum } from '@fastgpt/global/support/user/team/constant'; +import { + OwnerPermissionVal, + ReadPermissionVal, + WritePermissionVal +} from '@fastgpt/global/support/permission/constant'; export async function authOpenApiKeyCrud({ id, - per = 'owner', + per = OwnerPermissionVal, ...props }: AuthModeType & { id: string; @@ -21,7 +26,7 @@ export async function authOpenApiKeyCrud({ const result = await parseHeaderCert(props); const { tmbId, teamId } = result; - const { role } = await getTmbInfoByTmbId({ tmbId }); + const { role, permission: tmbPer } = await getTmbInfoByTmbId({ tmbId }); const { openapi, isOwner, canWrite } = await (async () => { const openapi = await MongoOpenApi.findOne({ _id: id, teamId }); @@ -31,16 +36,15 @@ export async function authOpenApiKeyCrud({ } const isOwner = String(openapi.tmbId) === tmbId || role === TeamMemberRoleEnum.owner; - const canWrite = - isOwner || (String(openapi.tmbId) === tmbId && role !== TeamMemberRoleEnum.visitor); + const canWrite = isOwner || (String(openapi.tmbId) === tmbId && tmbPer.hasWritePer); - if (per === 'r' && !canWrite) { + if (per === ReadPermissionVal && !canWrite) { return Promise.reject(OpenApiErrEnum.unAuth); } - if (per === 'w' && !canWrite) { + if (per === WritePermissionVal && !canWrite) { return Promise.reject(OpenApiErrEnum.unAuth); } - if (per === 'owner' && !isOwner) { + if (per === OwnerPermissionVal && !isOwner) { return Promise.reject(OpenApiErrEnum.unAuth); } diff --git a/packages/service/support/permission/dataset/auth.ts b/packages/service/support/permission/dataset/auth.ts index 9cc7e4aad..397df878b 100644 --- a/packages/service/support/permission/dataset/auth.ts +++ b/packages/service/support/permission/dataset/auth.ts @@ -1,6 +1,5 @@ import { PermissionValueType } from '@fastgpt/global/support/permission/type'; import { getResourcePermission, parseHeaderCert } from '../controller'; -import { AuthPropsType, AuthResponseType } from '../type/auth'; import { CollectionWithDatasetType, DatasetDataItemType, @@ -9,7 +8,7 @@ import { } from '@fastgpt/global/core/dataset/type'; import { getTmbInfoByTmbId } from '../../user/team/controller'; import { MongoDataset } from '../../../core/dataset/schema'; -import { PerResourceTypeEnum } from '@fastgpt/global/support/permission/constant'; +import { NullPermission, PerResourceTypeEnum } from '@fastgpt/global/support/permission/constant'; import { DatasetErrEnum } from '@fastgpt/global/common/error/code/dataset'; import { DatasetPermission } from '@fastgpt/global/support/permission/dataset/controller'; import { getCollectionWithDataset } from '../../../core/dataset/controller'; @@ -19,6 +18,7 @@ import { BucketNameEnum } from '@fastgpt/global/common/file/constants'; import { CommonErrEnum } from '@fastgpt/global/common/error/code/common'; import { MongoDatasetData } from '../../../core/dataset/data/schema'; import { DatasetDefaultPermissionVal } from '@fastgpt/global/support/permission/dataset/constant'; +import { AuthModeType, AuthResponseType } from '../type'; export async function authDatasetByTmbId({ tmbId, @@ -70,9 +70,9 @@ export async function authDatasetByTmbId({ // Auth Dataset export async function authDataset({ datasetId, - per, + per = NullPermission, ...props -}: AuthPropsType & { +}: AuthModeType & { datasetId: string; }): Promise< AuthResponseType & { @@ -98,9 +98,9 @@ export async function authDataset({ // the temporary solution for authDatasetCollection is getting the export async function authDatasetCollection({ collectionId, - per, + per = NullPermission, ...props -}: AuthPropsType & { +}: AuthModeType & { collectionId: string; }): Promise< AuthResponseType & { @@ -132,7 +132,7 @@ export async function authDatasetFile({ fileId, per, ...props -}: AuthPropsType & { +}: AuthModeType & { fileId: string; }): Promise< AuthResponseType & { @@ -178,7 +178,7 @@ export async function authDatasetFile({ export async function authDatasetData({ dataId, ...props -}: AuthPropsType & { +}: AuthModeType & { dataId: string; }) { // get mongo dataset.data diff --git a/packages/service/support/permission/publish/authLink.ts b/packages/service/support/permission/publish/authLink.ts index 5594f5b8c..58b7236e3 100644 --- a/packages/service/support/permission/publish/authLink.ts +++ b/packages/service/support/permission/publish/authLink.ts @@ -4,16 +4,15 @@ import { parseHeaderCert } from '../controller'; import { MongoOutLink } from '../../outLink/schema'; import { OutLinkErrEnum } from '@fastgpt/global/common/error/code/outLink'; import { ManagePermissionVal } from '@fastgpt/global/support/permission/constant'; -import { AuthPropsType } from '../type/auth'; -import { AuthResponseType } from '../type/auth'; import { authAppByTmbId } from '../app/auth'; +import { AuthModeType, AuthResponseType } from '../type'; /* crud outlink permission */ export async function authOutLinkCrud({ outLinkId, per, ...props -}: AuthPropsType & { +}: AuthModeType & { outLinkId: string; }): Promise< AuthResponseType & { diff --git a/packages/service/support/permission/type.d.ts b/packages/service/support/permission/type.d.ts index 98f182a06..7826981cf 100644 --- a/packages/service/support/permission/type.d.ts +++ b/packages/service/support/permission/type.d.ts @@ -1,3 +1,4 @@ +import { Permission } from '@fastgpt/global/support/permission/controller'; import { ApiRequestProps } from '../../type/next'; import type { PermissionValueType } from '@fastgpt/global/support/permission/type'; @@ -10,10 +11,26 @@ export type ReqHeaderAuthType = { authorization?: string; }; -export type AuthModeType = { +type RequireAtLeastOne = Omit & + { + [K in Keys]-?: Required> & Partial>; + }[Keys]; + +type authModeType = { req: ApiRequestProps; authToken?: boolean; authRoot?: boolean; authApiKey?: boolean; - per?: PermissionValueType | 'r' | 'w' | 'owner'; // this is for compatibility + per?: PermissionValueType; +}; + +export type AuthModeType = RequireAtLeastOne; + +export type AuthResponseType = { + teamId: string; + tmbId: string; + authType?: `${AuthUserTypeEnum}`; + appId?: string; + apikey?: string; + permission: T; }; diff --git a/packages/service/support/permission/type/auth.d.ts b/packages/service/support/permission/type/auth.d.ts deleted file mode 100644 index 91b4fdbd6..000000000 --- a/packages/service/support/permission/type/auth.d.ts +++ /dev/null @@ -1,21 +0,0 @@ -import { AuthUserTypeEnum } from '@fastgpt/global/support/permission/constant'; -import { Permission } from '@fastgpt/global/support/permission/controller'; -import { ApiRequestProps } from '../../../type/next'; -import { PermissionValueType } from '@fastgpt/global/support/permission/type'; - -export type AuthPropsType = { - req: ApiRequestProps; - authToken?: boolean; - authRoot?: boolean; - authApiKey?: boolean; - per: PermissionValueType; -}; - -export type AuthResponseType = { - teamId: string; - tmbId: string; - authType?: `${AuthUserTypeEnum}`; - appId?: string; - apikey?: string; - permission: T; -}; diff --git a/packages/service/support/permission/user/auth.ts b/packages/service/support/permission/user/auth.ts index f5681c14f..4946239ff 100644 --- a/packages/service/support/permission/user/auth.ts +++ b/packages/service/support/permission/user/auth.ts @@ -1,12 +1,12 @@ -import { AuthResponseType } from '../type/auth.d'; -import { AuthPropsType } from '../type/auth.d'; import { TeamTmbItemType } from '@fastgpt/global/support/user/team/type'; import { parseHeaderCert } from '../controller'; import { getTmbInfoByTmbId } from '../../user/team/controller'; import { TeamErrEnum } from '@fastgpt/global/common/error/code/team'; +import { AuthModeType, AuthResponseType } from '../type'; +import { NullPermission } from '@fastgpt/global/support/permission/constant'; /* auth user role */ -export async function authUserPer(props: AuthPropsType): Promise< +export async function authUserPer(props: AuthModeType): Promise< AuthResponseType & { tmb: TeamTmbItemType; } @@ -14,7 +14,7 @@ export async function authUserPer(props: AuthPropsType): Promise< const result = await parseHeaderCert(props); const tmb = await getTmbInfoByTmbId({ tmbId: result.tmbId }); - if (!tmb.permission.checkPer(props.per)) { + if (!tmb.permission.checkPer(props.per ?? NullPermission)) { return Promise.reject(TeamErrEnum.unAuthTeam); } diff --git a/packages/service/support/user/team/teamMemberSchema.ts b/packages/service/support/user/team/teamMemberSchema.ts index 56c9b6efd..95df79e48 100644 --- a/packages/service/support/user/team/teamMemberSchema.ts +++ b/packages/service/support/user/team/teamMemberSchema.ts @@ -1,5 +1,5 @@ -import { connectionMongo, getMongoModel, type Model } from '../../../common/mongo'; -const { Schema, model, models } = connectionMongo; +import { connectionMongo, getMongoModel } from '../../../common/mongo'; +const { Schema } = connectionMongo; import { TeamMemberSchema as TeamMemberType } from '@fastgpt/global/support/user/team/type.d'; import { userCollectionName } from '../../user/schema'; import { diff --git a/projects/app/src/pages/api/core/chat/delHistory.ts b/projects/app/src/pages/api/core/chat/delHistory.ts index 1cdf0d7e3..4b0d01ffe 100644 --- a/projects/app/src/pages/api/core/chat/delHistory.ts +++ b/projects/app/src/pages/api/core/chat/delHistory.ts @@ -3,20 +3,21 @@ import { jsonRes } from '@fastgpt/service/common/response'; import { MongoChat } from '@fastgpt/service/core/chat/chatSchema'; import { MongoChatItem } from '@fastgpt/service/core/chat/chatItemSchema'; import { DelHistoryProps } from '@/global/core/chat/api'; -import { autChatCrud } from '@/service/support/permission/auth/chat'; +import { authChatCrud } from '@/service/support/permission/auth/chat'; import { mongoSessionRun } from '@fastgpt/service/common/mongo/sessionRun'; import { NextAPI } from '@/service/middleware/entry'; import { ApiRequestProps } from '@fastgpt/service/type/next'; +import { WritePermissionVal } from '@fastgpt/global/support/permission/constant'; /* clear chat history */ async function handler(req: ApiRequestProps<{}, DelHistoryProps>, res: NextApiResponse) { const { appId, chatId } = req.query; - await autChatCrud({ + await authChatCrud({ req, authToken: true, ...req.query, - per: 'w' + per: WritePermissionVal }); await mongoSessionRun(async (session) => { diff --git a/projects/app/src/pages/api/core/chat/feedback/adminUpdate.ts b/projects/app/src/pages/api/core/chat/feedback/adminUpdate.ts index 36ae9ad5b..336d02606 100644 --- a/projects/app/src/pages/api/core/chat/feedback/adminUpdate.ts +++ b/projects/app/src/pages/api/core/chat/feedback/adminUpdate.ts @@ -1,10 +1,10 @@ import type { NextApiRequest, NextApiResponse } from 'next'; import { jsonRes } from '@fastgpt/service/common/response'; import { connectToDatabase } from '@/service/mongo'; -import { authCert } from '@fastgpt/service/support/permission/auth/common'; import type { AdminUpdateFeedbackParams } from '@/global/core/chat/api.d'; import { MongoChatItem } from '@fastgpt/service/core/chat/chatItemSchema'; -import { autChatCrud } from '@/service/support/permission/auth/chat'; +import { authChatCrud } from '@/service/support/permission/auth/chat'; +import { ReadPermissionVal } from '@fastgpt/global/support/permission/constant'; /* 初始化我的聊天框,需要身份验证 */ export default async function handler(req: NextApiRequest, res: NextApiResponse) { @@ -17,12 +17,12 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse) throw new Error('missing parameter'); } - await autChatCrud({ + await authChatCrud({ req, authToken: true, appId, chatId, - per: 'r' + per: ReadPermissionVal }); await MongoChatItem.findOneAndUpdate( diff --git a/projects/app/src/pages/api/core/chat/feedback/closeCustom.ts b/projects/app/src/pages/api/core/chat/feedback/closeCustom.ts index 619a66b21..57c7f90b0 100644 --- a/projects/app/src/pages/api/core/chat/feedback/closeCustom.ts +++ b/projects/app/src/pages/api/core/chat/feedback/closeCustom.ts @@ -4,7 +4,8 @@ import { connectToDatabase } from '@/service/mongo'; import { authCert } from '@fastgpt/service/support/permission/auth/common'; import type { CloseCustomFeedbackParams } from '@/global/core/chat/api.d'; import { MongoChatItem } from '@fastgpt/service/core/chat/chatItemSchema'; -import { autChatCrud } from '@/service/support/permission/auth/chat'; +import { authChatCrud } from '@/service/support/permission/auth/chat'; +import { ReadPermissionVal } from '@fastgpt/global/support/permission/constant'; /* remove custom feedback */ export default async function handler(req: NextApiRequest, res: NextApiResponse) { @@ -16,12 +17,12 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse) throw new Error('missing parameter'); } - await autChatCrud({ + await authChatCrud({ req, authToken: true, appId, chatId, - per: 'r' + per: ReadPermissionVal }); await authCert({ req, authToken: true }); diff --git a/projects/app/src/pages/api/core/chat/feedback/updateUserFeedback.ts b/projects/app/src/pages/api/core/chat/feedback/updateUserFeedback.ts index bba44e9df..e0733b0ca 100644 --- a/projects/app/src/pages/api/core/chat/feedback/updateUserFeedback.ts +++ b/projects/app/src/pages/api/core/chat/feedback/updateUserFeedback.ts @@ -3,7 +3,8 @@ import { jsonRes } from '@fastgpt/service/common/response'; import { connectToDatabase } from '@/service/mongo'; import { MongoChatItem } from '@fastgpt/service/core/chat/chatItemSchema'; import { UpdateChatFeedbackProps } from '@fastgpt/global/core/chat/api'; -import { autChatCrud } from '@/service/support/permission/auth/chat'; +import { authChatCrud } from '@/service/support/permission/auth/chat'; +import { ReadPermissionVal } from '@fastgpt/global/support/permission/constant'; /* 初始化我的聊天框,需要身份验证 */ export default async function handler(req: NextApiRequest, res: NextApiResponse) { @@ -22,7 +23,7 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse) try { await connectToDatabase(); - await autChatCrud({ + await authChatCrud({ req, authToken: true, authApiKey: true, @@ -32,7 +33,7 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse) chatId, shareId, outLinkUid, - per: 'r' + per: ReadPermissionVal }); if (!chatItemId) { diff --git a/projects/app/src/pages/api/core/chat/item/delete.ts b/projects/app/src/pages/api/core/chat/item/delete.ts index 24b3ac5a8..b8a6f7840 100644 --- a/projects/app/src/pages/api/core/chat/item/delete.ts +++ b/projects/app/src/pages/api/core/chat/item/delete.ts @@ -2,10 +2,11 @@ import type { NextApiRequest, NextApiResponse } from 'next'; import { jsonRes } from '@fastgpt/service/common/response'; import { connectToDatabase } from '@/service/mongo'; import { MongoChatItem } from '@fastgpt/service/core/chat/chatItemSchema'; -import { autChatCrud } from '@/service/support/permission/auth/chat'; +import { authChatCrud } from '@/service/support/permission/auth/chat'; import type { DeleteChatItemProps } from '@/global/core/chat/api.d'; import { NextAPI } from '@/service/middleware/entry'; import { ApiRequestProps } from '@fastgpt/service/type/next'; +import { WritePermissionVal } from '@fastgpt/global/support/permission/constant'; async function handler(req: ApiRequestProps<{}, DeleteChatItemProps>, res: NextApiResponse) { const { appId, chatId, contentId, shareId, outLinkUid } = req.query; @@ -14,11 +15,11 @@ async function handler(req: ApiRequestProps<{}, DeleteChatItemProps>, res: NextA return jsonRes(res); } - await autChatCrud({ + await authChatCrud({ req, authToken: true, ...req.query, - per: 'w' + per: WritePermissionVal }); await MongoChatItem.deleteOne({ diff --git a/projects/app/src/pages/api/core/chat/updateHistory.ts b/projects/app/src/pages/api/core/chat/updateHistory.ts index b08767177..a5e23fb0b 100644 --- a/projects/app/src/pages/api/core/chat/updateHistory.ts +++ b/projects/app/src/pages/api/core/chat/updateHistory.ts @@ -2,18 +2,19 @@ import type { NextApiRequest, NextApiResponse } from 'next'; import { jsonRes } from '@fastgpt/service/common/response'; import { UpdateHistoryProps } from '@/global/core/chat/api.d'; import { MongoChat } from '@fastgpt/service/core/chat/chatSchema'; -import { autChatCrud } from '@/service/support/permission/auth/chat'; +import { authChatCrud } from '@/service/support/permission/auth/chat'; import { NextAPI } from '@/service/middleware/entry'; import { ApiRequestProps } from '@fastgpt/service/type/next'; +import { WritePermissionVal } from '@fastgpt/global/support/permission/constant'; /* update chat top, custom title */ async function handler(req: ApiRequestProps, res: NextApiResponse) { const { appId, chatId, title, customTitle, top } = req.body; - await autChatCrud({ + await authChatCrud({ req, authToken: true, ...req.body, - per: 'w' + per: WritePermissionVal }); await MongoChat.findOneAndUpdate( diff --git a/projects/app/src/pages/api/support/openapi/delete.ts b/projects/app/src/pages/api/support/openapi/delete.ts index d4c85d656..7a5e452c1 100644 --- a/projects/app/src/pages/api/support/openapi/delete.ts +++ b/projects/app/src/pages/api/support/openapi/delete.ts @@ -3,6 +3,7 @@ import { jsonRes } from '@fastgpt/service/common/response'; import { connectToDatabase } from '@/service/mongo'; import { MongoOpenApi } from '@fastgpt/service/support/openapi/schema'; import { authOpenApiKeyCrud } from '@fastgpt/service/support/permission/auth/openapi'; +import { OwnerPermissionVal } from '@fastgpt/global/support/permission/constant'; export default async function handler(req: NextApiRequest, res: NextApiResponse) { try { @@ -13,7 +14,7 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse) throw new Error('缺少参数'); } - await authOpenApiKeyCrud({ req, authToken: true, id, per: 'owner' }); + await authOpenApiKeyCrud({ req, authToken: true, id, per: OwnerPermissionVal }); await MongoOpenApi.findOneAndRemove({ _id: id }); diff --git a/projects/app/src/pages/api/support/openapi/update.ts b/projects/app/src/pages/api/support/openapi/update.ts index 9be89e34a..a5c22b08e 100644 --- a/projects/app/src/pages/api/support/openapi/update.ts +++ b/projects/app/src/pages/api/support/openapi/update.ts @@ -4,13 +4,14 @@ import { connectToDatabase } from '@/service/mongo'; import { MongoOpenApi } from '@fastgpt/service/support/openapi/schema'; import type { EditApiKeyProps } from '@/global/support/openapi/api.d'; import { authOpenApiKeyCrud } from '@fastgpt/service/support/permission/auth/openapi'; +import { OwnerPermissionVal } from '@fastgpt/global/support/permission/constant'; export default async function handler(req: NextApiRequest, res: NextApiResponse) { try { await connectToDatabase(); const { _id, name, limit } = req.body as EditApiKeyProps & { _id: string }; - await authOpenApiKeyCrud({ req, authToken: true, id: _id, per: 'owner' }); + await authOpenApiKeyCrud({ req, authToken: true, id: _id, per: OwnerPermissionVal }); await MongoOpenApi.findByIdAndUpdate(_id, { ...(name && { name }), diff --git a/projects/app/src/service/support/permission/auth/chat.ts b/projects/app/src/service/support/permission/auth/chat.ts index b89a7b13f..e6202518a 100644 --- a/projects/app/src/service/support/permission/auth/chat.ts +++ b/projects/app/src/service/support/permission/auth/chat.ts @@ -8,7 +8,12 @@ import { TeamMemberRoleEnum } from '@fastgpt/global/support/user/team/constant'; import { authTeamSpaceToken } from './team'; import { authCert } from '@fastgpt/service/support/permission/auth/common'; import { authOutLinkValid } from '@fastgpt/service/support/permission/publish/authLink'; -import { AuthUserTypeEnum, ReadPermissionVal } from '@fastgpt/global/support/permission/constant'; +import { + AuthUserTypeEnum, + OwnerPermissionVal, + ReadPermissionVal, + WritePermissionVal +} from '@fastgpt/global/support/permission/constant'; import { MongoTeamMember } from '@fastgpt/service/support/user/team/teamMemberSchema'; import { OutLinkChatAuthProps } from '@fastgpt/global/support/permission/chat'; import { addLog } from '@fastgpt/service/common/system/log'; @@ -16,7 +21,7 @@ import { addLog } from '@fastgpt/service/common/system/log'; outLink: Must be the owner token: team owner and chat owner have all permissions */ -export async function autChatCrud({ +export async function authChatCrud({ appId, chatId, shareId, @@ -24,7 +29,7 @@ export async function autChatCrud({ teamId: spaceTeamId, teamToken, - per = 'owner', + per = OwnerPermissionVal, ...props }: AuthModeType & { appId: string; @@ -77,7 +82,7 @@ export async function autChatCrud({ if (String(tmbId) === String(chat.tmbId)) return { uid: outLinkUid }; // admin - if (per === 'r' && permission.hasManagePer) return { uid: outLinkUid }; + if (per === WritePermissionVal && permission.hasManagePer) return { uid: outLinkUid }; return Promise.reject(ChatErrEnum.unAuthChat); })();