ChatGPT/FastGPT
1
0
Fork 0
mirror of https://github.com/labring/FastGPT.git synced 2025-07-27 00:17:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

purge old permission (#2118)

Browse Source 
* chore: purge old permission
- remove useless role of teamMember
- Cleanup auth apis' Props and Return type Definitions

* chore: a better way of RequireAtLeastOne

Signed-off-by: Finley Ge <m13203533462@163.com>

---------

Signed-off-by: Finley Ge <m13203533462@163.com>
This commit is contained in:
Finley Ge
2024-07-23 14:55:54 +08:00
committed by GitHub
parent e99c91aaa6
commit f37cdabb15
20 changed files with 94 additions and 90 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
packages/service/support/permission/auth/openapi.ts
View File

@@ -6,10 +6,15 @@ import { getTmbInfoByTmbId } from '../../user/team/controller';
import { MongoOpenApi } from '../../openapi/schema';
import { OpenApiErrEnum } from '@fastgpt/global/common/error/code/openapi';
import { TeamMemberRoleEnum } from '@fastgpt/global/support/user/team/constant';
import {
OwnerPermissionVal,
ReadPermissionVal,
WritePermissionVal
} from '@fastgpt/global/support/permission/constant';
export async function authOpenApiKeyCrud({
id,
per = 'owner',
per = OwnerPermissionVal,
...props
}: AuthModeType & {
id: string;
@@ -21,7 +26,7 @@ export async function authOpenApiKeyCrud({
const result = await parseHeaderCert(props);
const { tmbId, teamId } = result;
const { role } = await getTmbInfoByTmbId({ tmbId });
const { role, permission: tmbPer } = await getTmbInfoByTmbId({ tmbId });
const { openapi, isOwner, canWrite } = await (async () => {
const openapi = await MongoOpenApi.findOne({ _id: id, teamId });
@@ -31,16 +36,15 @@ export async function authOpenApiKeyCrud({
}
const isOwner = String(openapi.tmbId) === tmbId || role === TeamMemberRoleEnum.owner;
const canWrite =
isOwner || (String(openapi.tmbId) === tmbId && role !== TeamMemberRoleEnum.visitor);
const canWrite = isOwner || (String(openapi.tmbId) === tmbId && tmbPer.hasWritePer);
if (per === 'r' && !canWrite) {
if (per === ReadPermissionVal && !canWrite) {
return Promise.reject(OpenApiErrEnum.unAuth);
}
if (per === 'w' && !canWrite) {
if (per === WritePermissionVal && !canWrite) {
return Promise.reject(OpenApiErrEnum.unAuth);
}
if (per === 'owner' && !isOwner) {
if (per === OwnerPermissionVal && !isOwner) {
return Promise.reject(OpenApiErrEnum.unAuth);
}