Skip to content

Commit

Permalink
fix: 删除用户组后清理角色信息,助手工具删除时判断权限校验
Browse files Browse the repository at this point in the history
  • Loading branch information
zgqgit committed Jun 28, 2024
1 parent bebeda0 commit ec619c1
Show file tree
Hide file tree
Showing 3 changed files with 30 additions and 7 deletions.
4 changes: 4 additions & 0 deletions src/backend/bisheng/api/services/assistant.py
Original file line number Diff line number Diff line change
Expand Up @@ -491,6 +491,10 @@ def delete_gpts_tools(cls, user: UserPayload, tool_type_id: int) -> UnifiedRespo
return resp_200()
if exist_tool_type.is_preset:
return ToolTypeIsPresetError.return_resp()
# 判断是否有更新权限
if not user.access_check(exist_tool_type.user_id, exist_tool_type.id, AccessType.GPTS_TOOL_WRITE):
return UnAuthorizedError.return_resp()

GptsToolsDao.delete_tool_type(tool_type_id)
cls.delete_gpts_tool_hook(user, exist_tool_type)
return resp_200()
Expand Down
15 changes: 9 additions & 6 deletions src/backend/bisheng/api/services/role_group_service.py
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
from datetime import datetime
from typing import List, Any
from typing import List, Any, Dict
from uuid import UUID

from fastapi.encoders import jsonable_encoder
Expand All @@ -17,7 +17,7 @@
from bisheng.database.models.group import Group, GroupCreate, GroupDao, GroupRead, DefaultGroup
from bisheng.database.models.group_resource import GroupResourceDao, ResourceTypeEnum
from bisheng.database.models.knowledge import KnowledgeDao
from bisheng.database.models.role import AdminRole
from bisheng.database.models.role import AdminRole, RoleDao
from bisheng.database.models.user import User, UserDao
from bisheng.database.models.user_role import UserRoleDao
from bisheng.database.models.user_group import UserGroupCreate, UserGroupDao, UserGroupRead
Expand Down Expand Up @@ -90,6 +90,8 @@ def update_group_hook(self, request: Request, login_user: UserPayload, group: Gr

def delete_group(self, request: Request, login_user: UserPayload, group_id: int):
"""删除用户组"""
if group_id == DefaultGroup:
raise HTTPException(status_code=500, detail='默认组不能删除')
group_info = GroupDao.get_user_group(group_id)
if not group_info:
return resp_200()
Expand Down Expand Up @@ -121,7 +123,8 @@ def delete_group_hook(self, request: Request, login_user: UserPayload, group_inf
if need_move_resource:
GroupResourceDao.update_group_resource(need_move_resource)
GroupResourceDao.delete_group_resource_by_group_id(group_info.id)

# 删除用户组下的角色列表
RoleDao.delete_role_by_group_id(group_info.id)

def get_group_user_list(self, group_id: int, page_size: int, page_num: int) -> List[User]:
"""获取全量的group列表"""
Expand Down Expand Up @@ -178,16 +181,16 @@ def replace_user_groups(self, request: Request, login_user: UserPayload, user_id

# 记录审计日志
group_infos = GroupDao.get_group_by_ids(old_group + group_ids)
group_dict = {}
group_dict: Dict[int, str] = {}
for one in group_infos:
group_dict[one.id] = one.group_name
note = "编辑前用户组:"
for one in old_group:
note += group_dict.get(one, one) + "、"
note += f'{group_dict.get(one, one)}、'
note = note.rstrip('、')
note += "编辑后用户组:"
for one in group_ids:
note += group_dict.get(one, one) + "、"
note += f'{group_dict.get(one, one)}、'
note = note.rstrip('、')
AuditLogService.update_user(login_user, get_request_ip(request), user_id, group_dict.keys(), note)
return None
Expand Down
18 changes: 17 additions & 1 deletion src/backend/bisheng/database/models/role.py
Original file line number Diff line number Diff line change
Expand Up @@ -3,9 +3,11 @@

from bisheng.database.base import session_getter
from bisheng.database.models.base import SQLModelSerializable
from sqlalchemy import Column, DateTime, text, func
from sqlalchemy import Column, DateTime, text, func, delete, and_
from sqlmodel import Field, select

from bisheng.database.models.role_access import RoleAccess

# 默认普通用户角色的ID
DefaultRole = 2
# 超级管理员角色ID
Expand Down Expand Up @@ -94,3 +96,17 @@ def get_role_by_ids(cls, role_ids: List[int]) -> List[Role]:
def get_role_by_id(cls, role_id: int) -> Role:
with session_getter() as session:
return session.query(Role).filter(Role.id == role_id).first()

@classmethod
def delete_role_by_group_id(cls, group_id: int):
"""
删除分组下所有的角色
"""
with session_getter() as session:
all_access = select(RoleAccess, Role).join(
Role, and_(RoleAccess.role_id == Role.id,
Role.group_id == group_id)).group_by(RoleAccess.id)
all_access = session.exec(all_access)
session.exec(delete(RoleAccess).where(RoleAccess.id.in_([one.id for one in all_access])))
session.exec(delete(Role).where(Role.group_id == group_id))
session.commit()

0 comments on commit ec619c1

Please sign in to comment.