Files
FastGPT/packages/service/support/permission/app/auth.ts
Archer 3a4b4a866b Team group (#2864)
* feat(member-group): Team (#2616)

* feat: member-group schema define

* feat(fe): create group

* feat: add group edit modal

* feat(fe): add avatar group component

* feat: edit group
fix: permission select menu style

* feat: bio-mode support for select-member component

* fix: avatar group key unique

* feat: group manage

* feat: divide member into group and clbs

* feat: finish team permission

* chore: adjust

* fix: get clbs

* perf: groups code

* pref: member group for team (#2706)

* chore: fe adjust
fix: remove the member from groups when removing from team
feat: change the groups avatar when updating the team's avatar

* chore: DefaultGroupName as a constant string ''

* fix: create default group when create team for root

* feat: comment

* feat: 4811 init

* pref: member group for team (#2732)

* chore: default group name

* feat: get default group when get by tmbid

* feat(fe): adjust

* member ui

* fix: delete group (#2736)

* perf: init4811

* pref: member group (#2818)

* fix: update clb per then refetch clb list

* fix: calculate group permission

* feat(fe): group tag

* refactor(fe): team and group manage

* feat: manage group member

* feat: add group transfer owner modal

* feat: group manage member

* chore: adjust the file structure

* pref: member group

* chore: adjust fe style

* fix: ts error

* chore: fe adjust

* chore: fe adjust

* chore: adjust

* chore: adjust the code

* perf: i18n and schema name

* pref: member-group (#2862)

* feat: group list ordered by updateTime

* fix: transfer ownership of group when deleting member

* fix: i18n fix

* feat: can not set member as admin/owner when user is not active

* fix: GroupInfoModal hover input do not change color

* fix(fe): searchinput do not scroll

* perf: team group ui

* doc

* remove enum

---------

Co-authored-by: Finley Ge <32237950+FinleyGe@users.noreply.github.com>
2024-10-09 18:32:10 +08:00

159 lines
3.9 KiB
TypeScript

/* Auth app permission */
import { MongoApp } from '../../../core/app/schema';
import { AppDetailType } from '@fastgpt/global/core/app/type.d';
import { parseHeaderCert } from '../controller';
import { PerResourceTypeEnum } from '@fastgpt/global/support/permission/constant';
import { AppErrEnum } from '@fastgpt/global/common/error/code/app';
import { getTmbInfoByTmbId } from '../../user/team/controller';
import { getResourcePermission } from '../controller';
import { AppPermission } from '@fastgpt/global/support/permission/app/controller';
import { PermissionValueType } from '@fastgpt/global/support/permission/type';
import { AppFolderTypeList } from '@fastgpt/global/core/app/constants';
import { ParentIdType } from '@fastgpt/global/common/parentFolder/type';
import { splitCombinePluginId } from '../../../core/app/plugin/controller';
import { PluginSourceEnum } from '@fastgpt/global/core/plugin/constants';
import { AuthModeType, AuthResponseType } from '../type';
export const authPluginByTmbId = async ({
tmbId,
appId,
per
}: {
tmbId: string;
appId: string;
per: PermissionValueType;
}) => {
const { source } = await splitCombinePluginId(appId);
if (source === PluginSourceEnum.personal) {
const { app } = await authAppByTmbId({
appId,
tmbId,
per
});
return app;
}
};
export const authAppByTmbId = async ({
tmbId,
appId,
per,
isRoot
}: {
tmbId: string;
appId: string;
per: PermissionValueType;
isRoot?: boolean;
}): Promise<{
app: AppDetailType;
}> => {
const { teamId, permission: tmbPer } = await getTmbInfoByTmbId({ tmbId });
const app = await (async () => {
const app = await MongoApp.findOne({ _id: appId }).lean();
if (!app) {
return Promise.reject(AppErrEnum.unExist);
}
if (isRoot) {
return {
...app,
defaultPermission: app.defaultPermission,
permission: new AppPermission({ isOwner: true })
};
}
if (String(app.teamId) !== teamId) {
return Promise.reject(AppErrEnum.unAuthApp);
}
const isOwner = tmbPer.isOwner || String(app.tmbId) === String(tmbId);
const { Per, defaultPermission } = await (async () => {
if (
AppFolderTypeList.includes(app.type) ||
app.inheritPermission === false ||
!app.parentId
) {
// 1. is a folder. (Folders have compeletely permission)
// 2. inheritPermission is false.
// 3. is root folder/app.
const rp = await getResourcePermission({
teamId,
tmbId,
resourceId: appId,
resourceType: PerResourceTypeEnum.app
});
const Per = new AppPermission({ per: rp ?? app.defaultPermission, isOwner });
return {
Per,
defaultPermission: app.defaultPermission
};
} else {
// is not folder and inheritPermission is true and is not root folder.
const { app: parent } = await authAppByTmbId({
tmbId,
appId: app.parentId,
per
});
const Per = new AppPermission({
per: parent.permission.value,
isOwner
});
return {
Per,
defaultPermission: parent.defaultPermission
};
}
})();
if (!Per.checkPer(per)) {
return Promise.reject(AppErrEnum.unAuthApp);
}
return {
...app,
defaultPermission,
permission: Per
};
})();
return { app };
};
export const authApp = async ({
appId,
per,
...props
}: AuthModeType & {
appId: ParentIdType;
per: PermissionValueType;
}): Promise<
AuthResponseType & {
app: AppDetailType;
}
> => {
const result = await parseHeaderCert(props);
const { tmbId } = result;
if (!appId) {
return Promise.reject(AppErrEnum.unExist);
}
const { app } = await authAppByTmbId({
tmbId,
appId,
per,
isRoot: result.isRoot
});
return {
...result,
permission: app.permission,
app
};
};