Skip to content

Commit b9dcfaf

Browse files
shaohuzhang1shaohuzhang1
authored
fix: Application log permission error (#4087)
1 parent 2c697e8 commit b9dcfaf

File tree

2 files changed

+39
-16
lines changed

2 files changed

+39
-16
lines changed

apps/application/views/application_version_views.py

Lines changed: 13 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -48,7 +48,11 @@ class Page(APIView):
4848
ApplicationVersionApi.Query.get_request_params_api()),
4949
responses=result.get_page_api_response(ApplicationVersionApi.get_response_body_api()),
5050
tags=[_('Application/Version')])
51-
@has_permissions(PermissionConstants.APPLICATION_READ, compare=CompareConstants.AND)
51+
@has_permissions(PermissionConstants.APPLICATION_READ,
52+
ViewPermission([RoleConstants.ADMIN, RoleConstants.USER],
53+
[lambda r, keywords: Permission(group=Group.APPLICATION, operate=Operate.USE,
54+
dynamic_tag=keywords.get('application_id'))],
55+
compare=CompareConstants.AND), compare=CompareConstants.AND)
5256
def get(self, request: Request, application_id: str, current_page: int, page_size: int):
5357
return result.success(
5458
ApplicationVersionSerializer.Query(
@@ -65,7 +69,14 @@ class Operate(APIView):
6569
manual_parameters=ApplicationVersionApi.Operate.get_request_params_api(),
6670
responses=result.get_api_response(ApplicationVersionApi.get_response_body_api()),
6771
tags=[_('Application/Version')])
68-
@has_permissions(PermissionConstants.APPLICATION_READ, compare=CompareConstants.AND)
72+
@has_permissions(PermissionConstants.APPLICATION_READ, ViewPermission([RoleConstants.ADMIN, RoleConstants.USER],
73+
[lambda r, keywords: Permission(
74+
group=Group.APPLICATION,
75+
operate=Operate.USE,
76+
dynamic_tag=keywords.get(
77+
'application_id'))],
78+
compare=CompareConstants.AND),
79+
compare=CompareConstants.AND)
6980
def get(self, request: Request, application_id: str, work_flow_version_id: str):
7081
return result.success(
7182
ApplicationVersionSerializer.Operate(

apps/application/views/chat_views.py

Lines changed: 26 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -59,7 +59,8 @@ class Export(APIView):
5959
@has_permissions(
6060
ViewPermission([RoleConstants.ADMIN, RoleConstants.USER, RoleConstants.APPLICATION_KEY],
6161
[lambda r, keywords: Permission(group=Group.APPLICATION, operate=Operate.USE,
62-
dynamic_tag=keywords.get('application_id'))])
62+
dynamic_tag=keywords.get('application_id'))],
63+
compare=CompareConstants.AND)
6364
)
6465
@log(menu='Conversation Log', operate="Export conversation",
6566
get_operation_object=lambda r, k: get_application_operation_object(k.get('application_id')))
@@ -164,7 +165,9 @@ def post(self, request: Request, chat_id: str):
164165
@has_permissions(
165166
ViewPermission([RoleConstants.ADMIN, RoleConstants.USER, RoleConstants.APPLICATION_KEY],
166167
[lambda r, keywords: Permission(group=Group.APPLICATION, operate=Operate.USE,
167-
dynamic_tag=keywords.get('application_id'))])
168+
dynamic_tag=keywords.get('application_id'))],
169+
compare=CompareConstants.AND
170+
)
168171
)
169172
def get(self, request: Request, application_id: str):
170173
return result.success(ChatSerializers.Query(
@@ -182,8 +185,7 @@ class Operate(APIView):
182185
[RoleConstants.ADMIN, RoleConstants.USER],
183186
[lambda r, keywords: Permission(group=Group.APPLICATION, operate=Operate.MANAGE,
184187
dynamic_tag=keywords.get('application_id'))],
185-
compare=CompareConstants.AND),
186-
compare=CompareConstants.AND)
188+
compare=CompareConstants.AND))
187189
@log(menu='Conversation Log', operate="Delete a conversation",
188190
get_operation_object=lambda r, k: get_application_operation_object(k.get('application_id')))
189191
def delete(self, request: Request, application_id: str, chat_id: str):
@@ -206,7 +208,8 @@ class ClientChatHistoryPage(APIView):
206208
@has_permissions(
207209
ViewPermission([RoleConstants.APPLICATION_ACCESS_TOKEN],
208210
[lambda r, keywords: Permission(group=Group.APPLICATION, operate=Operate.USE,
209-
dynamic_tag=keywords.get('application_id'))])
211+
dynamic_tag=keywords.get('application_id'))],
212+
compare=CompareConstants.AND)
210213
)
211214
def get(self, request: Request, application_id: str, current_page: int, page_size: int):
212215
return result.success(ChatSerializers.ClientChatHistory(
@@ -267,7 +270,8 @@ class Page(APIView):
267270
@has_permissions(
268271
ViewPermission([RoleConstants.ADMIN, RoleConstants.USER, RoleConstants.APPLICATION_KEY],
269272
[lambda r, keywords: Permission(group=Group.APPLICATION, operate=Operate.USE,
270-
dynamic_tag=keywords.get('application_id'))])
273+
dynamic_tag=keywords.get('application_id'))],
274+
compare=CompareConstants.AND)
271275
)
272276
def get(self, request: Request, application_id: str, current_page: int, page_size: int):
273277
return result.success(ChatSerializers.Query(
@@ -292,7 +296,8 @@ class Operate(APIView):
292296
ViewPermission([RoleConstants.ADMIN, RoleConstants.USER, RoleConstants.APPLICATION_KEY,
293297
RoleConstants.APPLICATION_ACCESS_TOKEN],
294298
[lambda r, keywords: Permission(group=Group.APPLICATION, operate=Operate.USE,
295-
dynamic_tag=keywords.get('application_id'))])
299+
dynamic_tag=keywords.get('application_id'))],
300+
compare=CompareConstants.AND)
296301
)
297302
def get(self, request: Request, application_id: str, chat_id: str, chat_record_id: str):
298303
return result.success(ChatRecordSerializer.Operate(
@@ -310,7 +315,8 @@ def get(self, request: Request, application_id: str, chat_id: str, chat_record_i
310315
@has_permissions(
311316
ViewPermission([RoleConstants.ADMIN, RoleConstants.USER, RoleConstants.APPLICATION_KEY],
312317
[lambda r, keywords: Permission(group=Group.APPLICATION, operate=Operate.USE,
313-
dynamic_tag=keywords.get('application_id'))])
318+
dynamic_tag=keywords.get('application_id'))],
319+
compare=CompareConstants.AND)
314320
)
315321
def get(self, request: Request, application_id: str, chat_id: str):
316322
return result.success(ChatRecordSerializer.Query(
@@ -329,9 +335,11 @@ class Page(APIView):
329335
tags=[_("Application/Conversation Log")]
330336
)
331337
@has_permissions(
332-
ViewPermission([RoleConstants.ADMIN, RoleConstants.USER, RoleConstants.APPLICATION_KEY],
338+
ViewPermission([RoleConstants.ADMIN, RoleConstants.USER, RoleConstants.APPLICATION_KEY,
339+
RoleConstants.APPLICATION_ACCESS_TOKEN],
333340
[lambda r, keywords: Permission(group=Group.APPLICATION, operate=Operate.USE,
334-
dynamic_tag=keywords.get('application_id'))])
341+
dynamic_tag=keywords.get('application_id'))],
342+
compare=CompareConstants.AND)
335343
)
336344
def get(self, request: Request, application_id: str, chat_id: str, current_page: int, page_size: int):
337345
return result.success(ChatRecordSerializer.Query(
@@ -354,7 +362,8 @@ class Vote(APIView):
354362
ViewPermission([RoleConstants.ADMIN, RoleConstants.USER, RoleConstants.APPLICATION_KEY,
355363
RoleConstants.APPLICATION_ACCESS_TOKEN],
356364
[lambda r, keywords: Permission(group=Group.APPLICATION, operate=Operate.USE,
357-
dynamic_tag=keywords.get('application_id'))])
365+
dynamic_tag=keywords.get('application_id'))],
366+
compare=CompareConstants.AND)
358367
)
359368
@log(menu='Conversation Log', operate="Like, Dislike",
360369
get_operation_object=lambda r, k: get_application_operation_object(k.get('application_id')))
@@ -377,7 +386,7 @@ class ChatRecordImprove(APIView):
377386
ViewPermission([RoleConstants.ADMIN, RoleConstants.USER],
378387
[lambda r, keywords: Permission(group=Group.APPLICATION, operate=Operate.USE,
379388
dynamic_tag=keywords.get('application_id'))]
380-
))
389+
, compare=CompareConstants.AND))
381390
def get(self, request: Request, application_id: str, chat_id: str, chat_record_id: str):
382391
return result.success(ChatRecordSerializer.ChatRecordImprove(
383392
data={'chat_id': chat_id, 'chat_record_id': chat_record_id}).get())
@@ -397,7 +406,7 @@ class Improve(APIView):
397406
ViewPermission([RoleConstants.ADMIN, RoleConstants.USER],
398407
[lambda r, keywords: Permission(group=Group.APPLICATION, operate=Operate.USE,
399408
dynamic_tag=keywords.get('application_id'))],
400-
409+
compare=CompareConstants.AND
401410
), ViewPermission([RoleConstants.ADMIN, RoleConstants.USER],
402411
[lambda r, keywords: Permission(group=Group.DATASET,
403412
operate=Operate.MANAGE,
@@ -424,6 +433,7 @@ def put(self, request: Request, application_id: str, chat_id: str, chat_record_i
424433
ViewPermission([RoleConstants.ADMIN, RoleConstants.USER],
425434
[lambda r, keywords: Permission(group=Group.APPLICATION, operate=Operate.USE,
426435
dynamic_tag=keywords.get('application_id'))],
436+
compare=CompareConstants.AND
427437
428438
), ViewPermission([RoleConstants.ADMIN, RoleConstants.USER],
429439
[lambda r, keywords: Permission(group=Group.DATASET,
@@ -451,6 +461,7 @@ class Operate(APIView):
451461
ViewPermission([RoleConstants.ADMIN, RoleConstants.USER],
452462
[lambda r, keywords: Permission(group=Group.APPLICATION, operate=Operate.USE,
453463
dynamic_tag=keywords.get('application_id'))],
464+
compare=CompareConstants.AND
454465
455466
), ViewPermission([RoleConstants.ADMIN, RoleConstants.USER],
456467
[lambda r, keywords: Permission(group=Group.DATASET,
@@ -499,7 +510,8 @@ class UploadFile(APIView):
499510
ViewPermission([RoleConstants.ADMIN, RoleConstants.USER, RoleConstants.APPLICATION_KEY,
500511
RoleConstants.APPLICATION_ACCESS_TOKEN],
501512
[lambda r, keywords: Permission(group=Group.APPLICATION, operate=Operate.USE,
502-
dynamic_tag=keywords.get('application_id'))])
513+
dynamic_tag=keywords.get('application_id'))]
514+
, compare=CompareConstants.AND)
503515
)
504516
def post(self, request: Request, application_id: str, chat_id: str):
505517
files = request.FILES.getlist('file')

0 commit comments

Comments
 (0)