ChatGPT/FastGPT
1
0
Fork 0
mirror of https://github.com/labring/FastGPT.git synced 2025-07-29 01:40:51 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
bf5145e632468cf53c8289e439af2dbc83f2472f
FastGPT/packages/service/support/permission/auth/openapi.ts
Finley Ge f37cdabb15 purge old permission (#2118) 
* chore: purge old permission
- remove useless role of teamMember
- Cleanup auth apis' Props and Return type Definitions

* chore: a better way of RequireAtLeastOne

Signed-off-by: Finley Ge <m13203533462@163.com>

---------

Signed-off-by: Finley Ge <m13203533462@163.com>
2024-07-23 14:55:54 +08:00

65 lines
1.8 KiB
TypeScript
Raw Blame History

import { AuthResponseType } from '@fastgpt/global/support/permission/type';
import { AuthModeType } from '../type';
import { OpenApiSchema } from '@fastgpt/global/support/openapi/type';
import { parseHeaderCert } from '../controller';
import { getTmbInfoByTmbId } from '../../user/team/controller';
import { MongoOpenApi } from '../../openapi/schema';
import { OpenApiErrEnum } from '@fastgpt/global/common/error/code/openapi';
import { TeamMemberRoleEnum } from '@fastgpt/global/support/user/team/constant';
import {
OwnerPermissionVal,
ReadPermissionVal,
WritePermissionVal
} from '@fastgpt/global/support/permission/constant';
export async function authOpenApiKeyCrud({
id,
per = OwnerPermissionVal,
...props
}: AuthModeType & {
id: string;
}): Promise<
AuthResponseType & {
openapi: OpenApiSchema;
}
> {
const result = await parseHeaderCert(props);
const { tmbId, teamId } = result;
const { role, permission: tmbPer } = await getTmbInfoByTmbId({ tmbId });
const { openapi, isOwner, canWrite } = await (async () => {
const openapi = await MongoOpenApi.findOne({ _id: id, teamId });
if (!openapi) {
throw new Error(OpenApiErrEnum.unExist);
}
const isOwner = String(openapi.tmbId) === tmbId || role === TeamMemberRoleEnum.owner;
const canWrite = isOwner || (String(openapi.tmbId) === tmbId && tmbPer.hasWritePer);
if (per === ReadPermissionVal && !canWrite) {
return Promise.reject(OpenApiErrEnum.unAuth);
}
if (per === WritePermissionVal && !canWrite) {
return Promise.reject(OpenApiErrEnum.unAuth);
}
if (per === OwnerPermissionVal && !isOwner) {
return Promise.reject(OpenApiErrEnum.unAuth);
}
return {
openapi,
isOwner,
canWrite
};
})();
return {
...result,
openapi,
isOwner,
canWrite
};
}
Reference in New Issue View Git Blame Copy Permalink