Skip to content

Commit

Permalink
fix: disable org role control
Browse files Browse the repository at this point in the history
  • Loading branch information
@I-Info
I-Info committed Dec 27, 2024
1 parent 50f3c84 commit fa2f17e
Show file tree
Hide file tree
Showing 25 changed files with 393 additions and 436 deletions.
68 changes: 43 additions & 25 deletions packages/global/common/error/code/team.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,20 +14,13 @@ export enum TeamErrEnum {
groupNameEmpty = 'groupNameEmpty',
groupNameDuplicate = 'groupNameDuplicate',
groupNotExist = 'groupNotExist',
orgNameEmpty = 'orgNameEmpty',
orgOwnerNotExist = 'orgOwnerNotExist',
orgMemberNotExist = 'orgMemberNotExist',
orgMemberExist = 'orgMemberExist',
orgMemberDuplicated = 'orgMemberDuplicated',
orgNotExist = 'orgNotExist',
orgMoveSameParent = 'orgMoveSameParent',
orgMoveToChildren = 'orgMoveToChildren',
orgParentNotExist = 'orgParentNotExist',
deletingOrgWithChildren = 'deletingOrgWithChildren',
deletingRootOrg = 'deletingRootOrg',
updatingRootOrg = 'updatingRootOrg',
deletingOwner = 'deletingOwner',
movingOwner = 'movingOwner',
orgNameDuplicate = 'orgNameDuplicate',
cannotMoveToSubPath = 'cannotMoveToSubPath',
cannotModifyRootOrg = 'cannotModifyRootOrg',
cannotDeleteNonEmptyOrg = 'cannotDeleteNonEmptyOrg',
cannotDeleteDefaultGroup = 'cannotDeleteDefaultGroup',
userNotActive = 'userNotActive'
}
Expand Down Expand Up @@ -85,20 +78,45 @@ const teamErr = [
{
statusText: TeamErrEnum.userNotActive,
message: i18nT('common:code_error.team_error.user_not_active')
},
{
statusText: TeamErrEnum.orgMemberNotExist,
message: i18nT('common:code_error.team_error.org_member_not_exist')
},
{
statusText: TeamErrEnum.orgMemberDuplicated,
message: i18nT('common:code_error.team_error.org_member_duplicated')
},
{
statusText: TeamErrEnum.orgNotExist,
message: i18nT('common:code_error.team_error.org_not_exist')
},
{
statusText: TeamErrEnum.orgParentNotExist,
message: i18nT('common:code_error.team_error.org_parent_not_exist')
},
{
statusText: TeamErrEnum.cannotMoveToSubPath,
message: i18nT('common:code_error.team_error.cannot_move_to_sub_path')
},
{
statusText: TeamErrEnum.cannotModifyRootOrg,
message: i18nT('common:code_error.team_error.cannot_modify_root_org')
},
{
statusText: TeamErrEnum.cannotDeleteNonEmptyOrg,
message: i18nT('common:code_error.team_error.cannot_delete_non_empty_org')
}
];

export default teamErr.reduce(
(acc, cur, index) => {
return {
...acc,
[cur.statusText]: {
code: 500000 + index,
statusText: cur.statusText,
message: cur.message,
data: null
}
};
},
{} as ErrType<`${TeamErrEnum}`>
);
export default teamErr.reduce((acc, cur, index) => {
return {
...acc,
[cur.statusText]: {
code: 500000 + index,
statusText: cur.statusText,
message: cur.message,
data: null
}
};
}, {} as ErrType<`${TeamErrEnum}`>);
4 changes: 0 additions & 4 deletions packages/global/support/permission/type.d.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,10 +39,6 @@ export type ResourcePerWithGroup = Omit<ResourcePermissionType, 'groupId'> & {
groupId: MemberGroupSchemaType;
};

export type ResourcePerWithOrg = Omit<ResourcePermissionType, 'orgId'> & {
orgId: OrgSchemaType;
};

export type PermissionSchemaType = {
defaultPermission: PermissionValueType;
inheritPermission: boolean;
Expand Down
26 changes: 12 additions & 14 deletions packages/global/support/user/team/org/api.d.ts
View file
Original file line number Diff line number Diff line change
@@ -1,40 +1,38 @@
import type { OrgMemberRole } from './constant';

type postCreateOrgData = {
export type postCreateOrgData = {
name: string;
parentId: string;
description?: string;
avatar?: string;
};

type putUpdateOrgMembersData = {
export type putUpdateOrgMembersData = {
orgId: string;
members: {
tmbId: string;
role: `${OrgMemberRole}`;
// role: `${OrgMemberRole}`;
}[];
};

type putChnageOrgOwnerData = {
orgId: string;
tmbId: string;
toAdmin?: boolean;
};

type putUpdateOrgData = {
export type putUpdateOrgData = {
orgId: string;
name?: string;
avatar?: string;
description?: string;
};

type putMoveOrgData = {
export type putMoveOrgData = {
orgId: string;
parentId: string;
};

type putMoveOrgMemberData = {
export type putMoveOrgMemberData = {
orgId: string;
tmbId: string;
newOrgId: string;
};

// type putChnageOrgOwnerData = {
// orgId: string;
// tmbId: string;
// toAdmin?: boolean;
// };
12 changes: 5 additions & 7 deletions packages/global/support/user/team/org/constant.ts
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,8 @@
export const OrgCollectionName = 'team_orgs';
export const OrgMemberCollectionName = 'team_org_members';

export enum OrgMemberRole {
owner = 'owner',
admin = 'admin',
member = 'member'
}

export const RootOrgName = 'ROOT';
// export enum OrgMemberRole {
// owner = 'owner',
// admin = 'admin',
// member = 'member'
// }
12 changes: 6 additions & 6 deletions packages/global/support/user/team/org/type.d.ts
View file
Original file line number Diff line number Diff line change
@@ -1,24 +1,24 @@
import type { TeamPermission } from 'support/permission/user/controller';
import { ResourcePermissionType } from '../type';
import type { OrgMemberRole } from './constant';

type OrgSchemaType = {
_id: string;
teamId: string;
path: string;
name: string;
avatar: string | undefined;
description: string | undefined;
avatar?: string;
description?: string;
updateTime: Date;
};

type OrgMemberSchemaType = {
teamId: string;
orgId: string;
tmbId: string;
role: `${OrgMemberRole}`;
};

type OrgType = OrgSchemaType & {
type OrgType = Omit<OrgSchemaType, 'avatar'> & {
avatar: string;
members: OrgMemberSchemaType[];
permission: TeamPermission | undefined;
permission?: TeamPermission;
};
58 changes: 58 additions & 0 deletions packages/service/support/permission/auth/org.ts
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
import { TeamPermission } from '@fastgpt/global/support/permission/user/controller';
import { AuthModeType, AuthResponseType } from '../type';
import { parseHeaderCert } from '../controller';
import { getTmbInfoByTmbId } from '../../user/team/controller';
import { TeamErrEnum } from '@fastgpt/global/common/error/code/team';

export const authOrgMember = async ({
orgIds,
req,
authToken = false,
authRoot = false,
authApiKey = false
}: {
orgIds: string | string[];
} & AuthModeType): Promise<AuthResponseType> => {
const result = await parseHeaderCert({ req, authToken, authApiKey, authRoot });
const { teamId, tmbId, isRoot } = result;
if (isRoot) {
return {
teamId,
tmbId,
userId: result.userId,
appId: result.appId,
apikey: result.apikey,
isRoot,
authType: result.authType,
permission: new TeamPermission({ isOwner: true })
};
}

if (!Array.isArray(orgIds)) {
orgIds = [orgIds];
}

// const promises = orgIds.map((orgId) => getOrgMemberRole({ orgId, tmbId }));

const tmb = await getTmbInfoByTmbId({ tmbId });
if (tmb.permission.hasManagePer) {
return {
...result,
permission: tmb.permission
};
}

return Promise.reject(TeamErrEnum.unAuthTeam);

// const targetRole = OrgMemberRole[role];
// for (const orgRole of orgRoles) {
// if (!orgRole || checkOrgRole(orgRole, targetRole)) {
// return Promise.reject(TeamErrEnum.unAuthTeam);
// }
// }

// return {
// ...result,
// permission: tmb.permission
// };
};
14 changes: 8 additions & 6 deletions packages/service/support/permission/controller.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,10 +11,9 @@ import {
import { Permission } from '@fastgpt/global/support/permission/controller';
import type {
PermissionValueType,
ResourcePermissionType,
ResourcePerWithGroup,
ResourcePerWithOrg,
ResourcePerWithTmbWithUser,
ResourcePermissionType
ResourcePerWithTmbWithUser
} from '@fastgpt/global/support/permission/type';
import Cookie from 'cookie';
import { addMinutes } from 'date-fns';
Expand All @@ -25,6 +24,7 @@ import { authOpenApiKey } from '../openapi/auth';
import { getGroupsByTmbId } from './memberGroup/controllers';
import { MongoResourcePermission } from './schema';
import type { AuthModeType, ReqHeaderAuthType } from './type.d';
import { OrgSchemaType } from '@fastgpt/global/support/user/team/org/type';

/** get resource permission for a team member
* If there is no permission for the team member, it will return undefined
Expand Down Expand Up @@ -190,14 +190,16 @@ export const getClbsAndGroupsWithInfo = async ({
path: 'groupId',
select: 'name avatar'
})) as ResourcePerWithGroup[],
(await MongoResourcePermission.find({
MongoResourcePermission.find({
teamId,
resourceId,
resourceType,
orgId: {
$exists: true
}
}).populate({ path: 'orgId', select: 'name avatar' })) as ResourcePerWithOrg[]
})
.populate<{ org: OrgSchemaType }>({ path: 'org', select: 'name avatar' })
.lean()
]);

export const delResourcePermissionById = (id: string) => {
Expand All @@ -218,7 +220,7 @@ export const delResourcePermission = ({
groupId?: string;
orgId?: string;
}) => {
// tmbId, groupId, orgId 三选一
// either tmbId or groupId or orgId must be provided
if (!tmbId && !groupId && !orgId) {
return Promise.reject(CommonErrEnum.missingParams);
}
Expand Down
Loading

0 comments on commit fa2f17e

Please sign in to comment.