purge old permission (#2118)

* chore: purge old permission - remove useless role of teamMember - Cleanup auth apis' Props and Return type Definitions * chore: a better way of RequireAtLeastOne Signed-off-by: Finley Ge <m13203533462@163.com> --------- Signed-off-by: Finley Ge <m13203533462@163.com>
2025-07-23 05:12:39 +00:00 · 2024-07-23 14:55:54 +08:00
parent e99c91aaa6
commit f37cdabb15
20 changed files with 94 additions and 90 deletions
--- a/packages/global/support/user/team/constant.ts
+++ b/packages/global/support/user/team/constant.ts
@@ -3,22 +3,13 @@ export const TeamMemberCollectionName = 'team_members';
 export const TeamTagsCollectionName = 'team_tags';

 export enum TeamMemberRoleEnum {
-  owner = 'owner',
-  admin = 'admin',
-  visitor = 'visitor'
+  owner = 'owner'
 }
+
 export const TeamMemberRoleMap = {
  [TeamMemberRoleEnum.owner]: {
    value: TeamMemberRoleEnum.owner,
    label: 'user.team.role.Owner'
-  },
-  [TeamMemberRoleEnum.admin]: {
-    value: TeamMemberRoleEnum.admin,
-    label: 'user.team.role.Admin'
-  },
-  [TeamMemberRoleEnum.visitor]: {
-    value: TeamMemberRoleEnum.visitor,
-    label: 'user.team.role.Visitor'
  }
 };

@@ -28,6 +19,7 @@ export enum TeamMemberStatusEnum {
  reject = 'reject',
  leave = 'leave'
 }
+
 export const TeamMemberStatusMap = {
  [TeamMemberStatusEnum.waiting]: {
    label: 'user.team.member.waiting',
@@ -46,4 +38,5 @@ export const TeamMemberStatusMap = {
    color: 'red.600'
  }
 };
+
 export const notLeaveStatus = { $ne: TeamMemberStatusEnum.leave };
--- a/packages/service/support/permission/app/auth.ts
+++ b/packages/service/support/permission/app/auth.ts
@@ -1,19 +1,18 @@
 /* Auth app permission */
 import { MongoApp } from '../../../core/app/schema';
 import { AppDetailType } from '@fastgpt/global/core/app/type.d';
-import { AuthPropsType } from '../type/auth.d';
 import { parseHeaderCert } from '../controller';
 import { PerResourceTypeEnum } from '@fastgpt/global/support/permission/constant';
 import { AppErrEnum } from '@fastgpt/global/common/error/code/app';
 import { getTmbInfoByTmbId } from '../../user/team/controller';
 import { getResourcePermission } from '../controller';
 import { AppPermission } from '@fastgpt/global/support/permission/app/controller';
-import { AuthResponseType } from '../type/auth.d';
 import { PermissionValueType } from '@fastgpt/global/support/permission/type';
 import { AppFolderTypeList } from '@fastgpt/global/core/app/constants';
 import { ParentIdType } from '@fastgpt/global/common/parentFolder/type';
 import { splitCombinePluginId } from '../../../core/app/plugin/controller';
 import { PluginSourceEnum } from '@fastgpt/global/core/plugin/constants';
+import { AuthModeType, AuthResponseType } from '../type';

 export const authPluginByTmbId = async ({
  tmbId,
@@ -112,8 +111,9 @@ export const authApp = async ({
  appId,
  per,
  ...props
-}: AuthPropsType & {
+}: AuthModeType & {
  appId: ParentIdType;
+  per: PermissionValueType;
 }): Promise<
  AuthResponseType & {
    app: AppDetailType;
--- a/packages/service/support/permission/auth/common.ts
+++ b/packages/service/support/permission/auth/common.ts
@@ -1,6 +1,7 @@
 import { parseHeaderCert } from '../controller';
 import { AuthModeType } from '../type';
 import { SERVICE_LOCAL_HOST } from '../../../common/system/tools';
+import { ApiRequestProps } from '../../../type/next';

 export const authCert = async (props: AuthModeType) => {
  const result = await parseHeaderCert(props);
@@ -13,7 +14,7 @@ export const authCert = async (props: AuthModeType) => {
 };

 /* auth the request from local service */
-export const authRequestFromLocal = ({ req }: AuthModeType) => {
+export const authRequestFromLocal = ({ req }: { req: ApiRequestProps }) => {
  if (req.headers.host !== SERVICE_LOCAL_HOST) {
    return Promise.reject('Invalid request');
  }
--- a/packages/service/support/permission/auth/file.ts
+++ b/packages/service/support/permission/auth/file.ts
@@ -1,18 +1,17 @@
-import { AuthModeType } from '../type';
+import { AuthModeType, AuthResponseType } from '../type';
 import { DatasetFileSchema } from '@fastgpt/global/core/dataset/type';
 import { parseHeaderCert } from '../controller';
 import { getFileById } from '../../../common/file/gridfs/controller';
 import { BucketNameEnum } from '@fastgpt/global/common/file/constants';
 import { CommonErrEnum } from '@fastgpt/global/common/error/code/common';
 import { OwnerPermissionVal, ReadPermissionVal } from '@fastgpt/global/support/permission/constant';
-import { AuthPropsType, AuthResponseType } from '../type/auth';
 import { Permission } from '@fastgpt/global/support/permission/controller';

 export async function authFile({
  fileId,
  per = OwnerPermissionVal,
  ...props
-}: AuthPropsType & {
+}: AuthModeType & {
  fileId: string;
 }): Promise<
  AuthResponseType & {
--- a/packages/service/support/permission/auth/openapi.ts
+++ b/packages/service/support/permission/auth/openapi.ts
@@ -6,10 +6,15 @@ import { getTmbInfoByTmbId } from '../../user/team/controller';
 import { MongoOpenApi } from '../../openapi/schema';
 import { OpenApiErrEnum } from '@fastgpt/global/common/error/code/openapi';
 import { TeamMemberRoleEnum } from '@fastgpt/global/support/user/team/constant';
+import {
+  OwnerPermissionVal,
+  ReadPermissionVal,
+  WritePermissionVal
+} from '@fastgpt/global/support/permission/constant';

 export async function authOpenApiKeyCrud({
  id,
-  per = 'owner',
+  per = OwnerPermissionVal,
  ...props
 }: AuthModeType & {
  id: string;
@@ -21,7 +26,7 @@ export async function authOpenApiKeyCrud({
  const result = await parseHeaderCert(props);
  const { tmbId, teamId } = result;

-  const { role } = await getTmbInfoByTmbId({ tmbId });
+  const { role, permission: tmbPer } = await getTmbInfoByTmbId({ tmbId });

  const { openapi, isOwner, canWrite } = await (async () => {
    const openapi = await MongoOpenApi.findOne({ _id: id, teamId });
@@ -31,16 +36,15 @@ export async function authOpenApiKeyCrud({
    }

    const isOwner = String(openapi.tmbId) === tmbId || role === TeamMemberRoleEnum.owner;
-    const canWrite =
-      isOwner || (String(openapi.tmbId) === tmbId && role !== TeamMemberRoleEnum.visitor);
+    const canWrite = isOwner || (String(openapi.tmbId) === tmbId && tmbPer.hasWritePer);

-    if (per === 'r' && !canWrite) {
+    if (per === ReadPermissionVal && !canWrite) {
      return Promise.reject(OpenApiErrEnum.unAuth);
    }
-    if (per === 'w' && !canWrite) {
+    if (per === WritePermissionVal && !canWrite) {
      return Promise.reject(OpenApiErrEnum.unAuth);
    }
-    if (per === 'owner' && !isOwner) {
+    if (per === OwnerPermissionVal && !isOwner) {
      return Promise.reject(OpenApiErrEnum.unAuth);
    }

--- a/packages/service/support/permission/dataset/auth.ts
+++ b/packages/service/support/permission/dataset/auth.ts
@@ -1,6 +1,5 @@
 import { PermissionValueType } from '@fastgpt/global/support/permission/type';
 import { getResourcePermission, parseHeaderCert } from '../controller';
-import { AuthPropsType, AuthResponseType } from '../type/auth';
 import {
  CollectionWithDatasetType,
  DatasetDataItemType,
@@ -9,7 +8,7 @@ import {
 } from '@fastgpt/global/core/dataset/type';
 import { getTmbInfoByTmbId } from '../../user/team/controller';
 import { MongoDataset } from '../../../core/dataset/schema';
-import { PerResourceTypeEnum } from '@fastgpt/global/support/permission/constant';
+import { NullPermission, PerResourceTypeEnum } from '@fastgpt/global/support/permission/constant';
 import { DatasetErrEnum } from '@fastgpt/global/common/error/code/dataset';
 import { DatasetPermission } from '@fastgpt/global/support/permission/dataset/controller';
 import { getCollectionWithDataset } from '../../../core/dataset/controller';
@@ -19,6 +18,7 @@ import { BucketNameEnum } from '@fastgpt/global/common/file/constants';
 import { CommonErrEnum } from '@fastgpt/global/common/error/code/common';
 import { MongoDatasetData } from '../../../core/dataset/data/schema';
 import { DatasetDefaultPermissionVal } from '@fastgpt/global/support/permission/dataset/constant';
+import { AuthModeType, AuthResponseType } from '../type';

 export async function authDatasetByTmbId({
  tmbId,
@@ -70,9 +70,9 @@ export async function authDatasetByTmbId({
 // Auth Dataset
 export async function authDataset({
  datasetId,
-  per,
+  per = NullPermission,
  ...props
-}: AuthPropsType & {
+}: AuthModeType & {
  datasetId: string;
 }): Promise<
  AuthResponseType<DatasetPermission> & {
@@ -98,9 +98,9 @@ export async function authDataset({
 // the temporary solution for authDatasetCollection is getting the
 export async function authDatasetCollection({
  collectionId,
-  per,
+  per = NullPermission,
  ...props
-}: AuthPropsType & {
+}: AuthModeType & {
  collectionId: string;
 }): Promise<
  AuthResponseType<DatasetPermission> & {
@@ -132,7 +132,7 @@ export async function authDatasetFile({
  fileId,
  per,
  ...props
-}: AuthPropsType & {
+}: AuthModeType & {
  fileId: string;
 }): Promise<
  AuthResponseType<DatasetPermission> & {
@@ -178,7 +178,7 @@ export async function authDatasetFile({
 export async function authDatasetData({
  dataId,
  ...props
-}: AuthPropsType & {
+}: AuthModeType & {
  dataId: string;
 }) {
  // get mongo dataset.data
--- a/packages/service/support/permission/publish/authLink.ts
+++ b/packages/service/support/permission/publish/authLink.ts
@@ -4,16 +4,15 @@ import { parseHeaderCert } from '../controller';
 import { MongoOutLink } from '../../outLink/schema';
 import { OutLinkErrEnum } from '@fastgpt/global/common/error/code/outLink';
 import { ManagePermissionVal } from '@fastgpt/global/support/permission/constant';
-import { AuthPropsType } from '../type/auth';
-import { AuthResponseType } from '../type/auth';
 import { authAppByTmbId } from '../app/auth';
+import { AuthModeType, AuthResponseType } from '../type';

 /* crud outlink permission */
 export async function authOutLinkCrud({
  outLinkId,
  per,
  ...props
-}: AuthPropsType & {
+}: AuthModeType & {
  outLinkId: string;
 }): Promise<
  AuthResponseType & {
--- a/packages/service/support/permission/type.d.ts
+++ b/packages/service/support/permission/type.d.ts
@@ -1,3 +1,4 @@
+import { Permission } from '@fastgpt/global/support/permission/controller';
 import { ApiRequestProps } from '../../type/next';
 import type { PermissionValueType } from '@fastgpt/global/support/permission/type';

@@ -10,10 +11,26 @@ export type ReqHeaderAuthType = {
  authorization?: string;
 };

-export type AuthModeType = {
+type RequireAtLeastOne<T, Keys extends keyof T = keyof T> = Omit<T, Keys> &
+  {
+    [K in Keys]-?: Required<Pick<T, K>> & Partial<Omit<T, K>>;
+  }[Keys];
+
+type authModeType = {
  req: ApiRequestProps;
  authToken?: boolean;
  authRoot?: boolean;
  authApiKey?: boolean;
-  per?: PermissionValueType | 'r' | 'w' | 'owner'; // this is for compatibility
+  per?: PermissionValueType;
+};
+
+export type AuthModeType = RequireAtLeastOne<authModeType, 'authApiKey' | 'authRoot' | 'authToken'>;
+
+export type AuthResponseType<T extends Permission = Permission> = {
+  teamId: string;
+  tmbId: string;
+  authType?: `${AuthUserTypeEnum}`;
+  appId?: string;
+  apikey?: string;
+  permission: T;
 };
--- a/packages/service/support/permission/type/auth.d.ts
+++ b/packages/service/support/permission/type/auth.d.ts
@@ -1,21 +0,0 @@
-import { AuthUserTypeEnum } from '@fastgpt/global/support/permission/constant';
-import { Permission } from '@fastgpt/global/support/permission/controller';
-import { ApiRequestProps } from '../../../type/next';
-import { PermissionValueType } from '@fastgpt/global/support/permission/type';
-
-export type AuthPropsType = {
-  req: ApiRequestProps;
-  authToken?: boolean;
-  authRoot?: boolean;
-  authApiKey?: boolean;
-  per: PermissionValueType;
-};
-
-export type AuthResponseType<T = Permission> = {
-  teamId: string;
-  tmbId: string;
-  authType?: `${AuthUserTypeEnum}`;
-  appId?: string;
-  apikey?: string;
-  permission: T;
-};
--- a/packages/service/support/permission/user/auth.ts
+++ b/packages/service/support/permission/user/auth.ts
@@ -1,12 +1,12 @@
-import { AuthResponseType } from '../type/auth.d';
-import { AuthPropsType } from '../type/auth.d';
 import { TeamTmbItemType } from '@fastgpt/global/support/user/team/type';
 import { parseHeaderCert } from '../controller';
 import { getTmbInfoByTmbId } from '../../user/team/controller';
 import { TeamErrEnum } from '@fastgpt/global/common/error/code/team';
+import { AuthModeType, AuthResponseType } from '../type';
+import { NullPermission } from '@fastgpt/global/support/permission/constant';

 /* auth user role  */
-export async function authUserPer(props: AuthPropsType): Promise<
+export async function authUserPer(props: AuthModeType): Promise<
  AuthResponseType & {
    tmb: TeamTmbItemType;
  }
@@ -14,7 +14,7 @@ export async function authUserPer(props: AuthPropsType): Promise<
  const result = await parseHeaderCert(props);
  const tmb = await getTmbInfoByTmbId({ tmbId: result.tmbId });

-  if (!tmb.permission.checkPer(props.per)) {
+  if (!tmb.permission.checkPer(props.per ?? NullPermission)) {
    return Promise.reject(TeamErrEnum.unAuthTeam);
  }

--- a/packages/service/support/user/team/teamMemberSchema.ts
+++ b/packages/service/support/user/team/teamMemberSchema.ts
@@ -1,5 +1,5 @@
-import { connectionMongo, getMongoModel, type Model } from '../../../common/mongo';
-const { Schema, model, models } = connectionMongo;
+import { connectionMongo, getMongoModel } from '../../../common/mongo';
+const { Schema } = connectionMongo;
 import { TeamMemberSchema as TeamMemberType } from '@fastgpt/global/support/user/team/type.d';
 import { userCollectionName } from '../../user/schema';
 import {
--- a/projects/app/src/pages/api/core/chat/delHistory.ts
+++ b/projects/app/src/pages/api/core/chat/delHistory.ts
@@ -3,20 +3,21 @@ import { jsonRes } from '@fastgpt/service/common/response';
 import { MongoChat } from '@fastgpt/service/core/chat/chatSchema';
 import { MongoChatItem } from '@fastgpt/service/core/chat/chatItemSchema';
 import { DelHistoryProps } from '@/global/core/chat/api';
-import { autChatCrud } from '@/service/support/permission/auth/chat';
+import { authChatCrud } from '@/service/support/permission/auth/chat';
 import { mongoSessionRun } from '@fastgpt/service/common/mongo/sessionRun';
 import { NextAPI } from '@/service/middleware/entry';
 import { ApiRequestProps } from '@fastgpt/service/type/next';
+import { WritePermissionVal } from '@fastgpt/global/support/permission/constant';

 /* clear chat history */
 async function handler(req: ApiRequestProps<{}, DelHistoryProps>, res: NextApiResponse) {
  const { appId, chatId } = req.query;

-  await autChatCrud({
+  await authChatCrud({
    req,
    authToken: true,
    ...req.query,
-    per: 'w'
+    per: WritePermissionVal
  });

  await mongoSessionRun(async (session) => {
--- a/projects/app/src/pages/api/core/chat/feedback/adminUpdate.ts
+++ b/projects/app/src/pages/api/core/chat/feedback/adminUpdate.ts
@@ -1,10 +1,10 @@
 import type { NextApiRequest, NextApiResponse } from 'next';
 import { jsonRes } from '@fastgpt/service/common/response';
 import { connectToDatabase } from '@/service/mongo';
-import { authCert } from '@fastgpt/service/support/permission/auth/common';
 import type { AdminUpdateFeedbackParams } from '@/global/core/chat/api.d';
 import { MongoChatItem } from '@fastgpt/service/core/chat/chatItemSchema';
-import { autChatCrud } from '@/service/support/permission/auth/chat';
+import { authChatCrud } from '@/service/support/permission/auth/chat';
+import { ReadPermissionVal } from '@fastgpt/global/support/permission/constant';

 /* 初始化我的聊天框，需要身份验证 */
 export default async function handler(req: NextApiRequest, res: NextApiResponse) {
@@ -17,12 +17,12 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
      throw new Error('missing parameter');
    }

-    await autChatCrud({
+    await authChatCrud({
      req,
      authToken: true,
      appId,
      chatId,
-      per: 'r'
+      per: ReadPermissionVal
    });

    await MongoChatItem.findOneAndUpdate(
--- a/projects/app/src/pages/api/core/chat/feedback/closeCustom.ts
+++ b/projects/app/src/pages/api/core/chat/feedback/closeCustom.ts
@@ -4,7 +4,8 @@ import { connectToDatabase } from '@/service/mongo';
 import { authCert } from '@fastgpt/service/support/permission/auth/common';
 import type { CloseCustomFeedbackParams } from '@/global/core/chat/api.d';
 import { MongoChatItem } from '@fastgpt/service/core/chat/chatItemSchema';
-import { autChatCrud } from '@/service/support/permission/auth/chat';
+import { authChatCrud } from '@/service/support/permission/auth/chat';
+import { ReadPermissionVal } from '@fastgpt/global/support/permission/constant';

 /* remove custom feedback */
 export default async function handler(req: NextApiRequest, res: NextApiResponse) {
@@ -16,12 +17,12 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
      throw new Error('missing parameter');
    }

-    await autChatCrud({
+    await authChatCrud({
      req,
      authToken: true,
      appId,
      chatId,
-      per: 'r'
+      per: ReadPermissionVal
    });
    await authCert({ req, authToken: true });

--- a/projects/app/src/pages/api/core/chat/feedback/updateUserFeedback.ts
+++ b/projects/app/src/pages/api/core/chat/feedback/updateUserFeedback.ts
@@ -3,7 +3,8 @@ import { jsonRes } from '@fastgpt/service/common/response';
 import { connectToDatabase } from '@/service/mongo';
 import { MongoChatItem } from '@fastgpt/service/core/chat/chatItemSchema';
 import { UpdateChatFeedbackProps } from '@fastgpt/global/core/chat/api';
-import { autChatCrud } from '@/service/support/permission/auth/chat';
+import { authChatCrud } from '@/service/support/permission/auth/chat';
+import { ReadPermissionVal } from '@fastgpt/global/support/permission/constant';

 /* 初始化我的聊天框，需要身份验证 */
 export default async function handler(req: NextApiRequest, res: NextApiResponse) {
@@ -22,7 +23,7 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
  try {
    await connectToDatabase();

-    await autChatCrud({
+    await authChatCrud({
      req,
      authToken: true,
      authApiKey: true,
@@ -32,7 +33,7 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
      chatId,
      shareId,
      outLinkUid,
-      per: 'r'
+      per: ReadPermissionVal
    });

    if (!chatItemId) {
--- a/projects/app/src/pages/api/core/chat/item/delete.ts
+++ b/projects/app/src/pages/api/core/chat/item/delete.ts
@@ -2,10 +2,11 @@ import type { NextApiRequest, NextApiResponse } from 'next';
 import { jsonRes } from '@fastgpt/service/common/response';
 import { connectToDatabase } from '@/service/mongo';
 import { MongoChatItem } from '@fastgpt/service/core/chat/chatItemSchema';
-import { autChatCrud } from '@/service/support/permission/auth/chat';
+import { authChatCrud } from '@/service/support/permission/auth/chat';
 import type { DeleteChatItemProps } from '@/global/core/chat/api.d';
 import { NextAPI } from '@/service/middleware/entry';
 import { ApiRequestProps } from '@fastgpt/service/type/next';
+import { WritePermissionVal } from '@fastgpt/global/support/permission/constant';

 async function handler(req: ApiRequestProps<{}, DeleteChatItemProps>, res: NextApiResponse) {
  const { appId, chatId, contentId, shareId, outLinkUid } = req.query;
@@ -14,11 +15,11 @@ async function handler(req: ApiRequestProps<{}, DeleteChatItemProps>, res: NextA
    return jsonRes(res);
  }

-  await autChatCrud({
+  await authChatCrud({
    req,
    authToken: true,
    ...req.query,
-    per: 'w'
+    per: WritePermissionVal
  });

  await MongoChatItem.deleteOne({
--- a/projects/app/src/pages/api/core/chat/updateHistory.ts
+++ b/projects/app/src/pages/api/core/chat/updateHistory.ts
@@ -2,18 +2,19 @@ import type { NextApiRequest, NextApiResponse } from 'next';
 import { jsonRes } from '@fastgpt/service/common/response';
 import { UpdateHistoryProps } from '@/global/core/chat/api.d';
 import { MongoChat } from '@fastgpt/service/core/chat/chatSchema';
-import { autChatCrud } from '@/service/support/permission/auth/chat';
+import { authChatCrud } from '@/service/support/permission/auth/chat';
 import { NextAPI } from '@/service/middleware/entry';
 import { ApiRequestProps } from '@fastgpt/service/type/next';
+import { WritePermissionVal } from '@fastgpt/global/support/permission/constant';

 /* update chat top, custom title */
 async function handler(req: ApiRequestProps<UpdateHistoryProps>, res: NextApiResponse) {
  const { appId, chatId, title, customTitle, top } = req.body;
-  await autChatCrud({
+  await authChatCrud({
    req,
    authToken: true,
    ...req.body,
-    per: 'w'
+    per: WritePermissionVal
  });

  await MongoChat.findOneAndUpdate(
--- a/projects/app/src/pages/api/support/openapi/delete.ts
+++ b/projects/app/src/pages/api/support/openapi/delete.ts
@@ -3,6 +3,7 @@ import { jsonRes } from '@fastgpt/service/common/response';
 import { connectToDatabase } from '@/service/mongo';
 import { MongoOpenApi } from '@fastgpt/service/support/openapi/schema';
 import { authOpenApiKeyCrud } from '@fastgpt/service/support/permission/auth/openapi';
+import { OwnerPermissionVal } from '@fastgpt/global/support/permission/constant';

 export default async function handler(req: NextApiRequest, res: NextApiResponse) {
  try {
@@ -13,7 +14,7 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
      throw new Error('缺少参数');
    }

-    await authOpenApiKeyCrud({ req, authToken: true, id, per: 'owner' });
+    await authOpenApiKeyCrud({ req, authToken: true, id, per: OwnerPermissionVal });

    await MongoOpenApi.findOneAndRemove({ _id: id });

--- a/projects/app/src/pages/api/support/openapi/update.ts
+++ b/projects/app/src/pages/api/support/openapi/update.ts
@@ -4,13 +4,14 @@ import { connectToDatabase } from '@/service/mongo';
 import { MongoOpenApi } from '@fastgpt/service/support/openapi/schema';
 import type { EditApiKeyProps } from '@/global/support/openapi/api.d';
 import { authOpenApiKeyCrud } from '@fastgpt/service/support/permission/auth/openapi';
+import { OwnerPermissionVal } from '@fastgpt/global/support/permission/constant';

 export default async function handler(req: NextApiRequest, res: NextApiResponse) {
  try {
    await connectToDatabase();
    const { _id, name, limit } = req.body as EditApiKeyProps & { _id: string };

-    await authOpenApiKeyCrud({ req, authToken: true, id: _id, per: 'owner' });
+    await authOpenApiKeyCrud({ req, authToken: true, id: _id, per: OwnerPermissionVal });

    await MongoOpenApi.findByIdAndUpdate(_id, {
      ...(name && { name }),
--- a/projects/app/src/service/support/permission/auth/chat.ts
+++ b/projects/app/src/service/support/permission/auth/chat.ts
@@ -8,7 +8,12 @@ import { TeamMemberRoleEnum } from '@fastgpt/global/support/user/team/constant';
 import { authTeamSpaceToken } from './team';
 import { authCert } from '@fastgpt/service/support/permission/auth/common';
 import { authOutLinkValid } from '@fastgpt/service/support/permission/publish/authLink';
-import { AuthUserTypeEnum, ReadPermissionVal } from '@fastgpt/global/support/permission/constant';
+import {
+  AuthUserTypeEnum,
+  OwnerPermissionVal,
+  ReadPermissionVal,
+  WritePermissionVal
+} from '@fastgpt/global/support/permission/constant';
 import { MongoTeamMember } from '@fastgpt/service/support/user/team/teamMemberSchema';
 import { OutLinkChatAuthProps } from '@fastgpt/global/support/permission/chat';
 import { addLog } from '@fastgpt/service/common/system/log';
@@ -16,7 +21,7 @@ import { addLog } from '@fastgpt/service/common/system/log';
  outLink: Must be the owner
  token: team owner and chat owner have all permissions
 */
-export async function autChatCrud({
+export async function authChatCrud({
  appId,
  chatId,
  shareId,
@@ -24,7 +29,7 @@ export async function autChatCrud({

  teamId: spaceTeamId,
  teamToken,
-  per = 'owner',
+  per = OwnerPermissionVal,
  ...props
 }: AuthModeType & {
  appId: string;
@@ -77,7 +82,7 @@ export async function autChatCrud({
    if (String(tmbId) === String(chat.tmbId)) return { uid: outLinkUid };

    // admin
-    if (per === 'r' && permission.hasManagePer) return { uid: outLinkUid };
+    if (per === WritePermissionVal && permission.hasManagePer) return { uid: outLinkUid };

    return Promise.reject(ChatErrEnum.unAuthChat);
  })();