Merge branch 'v2' into pr@v2@feat_folder_button_permission

Author: zhanweizhang7

.github/workflows/build-and-push-vector-model.yml

@@ -5,7 +5,7 @@ on:
     inputs:
       dockerImageTag:
         description: 'Docker Image Tag'
-        default: 'v2.0.1'
+        default: 'v2.0.2'
         required: true
       architecture:
         description: 'Architecture'

apps/application/flow/i_step_node.py

@@ -144,6 +144,8 @@ class FlowParamsSerializer(serializers.Serializer):
 
     workspace_id = serializers.CharField(required=True, label="工作空间id")
 
+    application_id = serializers.CharField(required=True, label="应用id")
+
     re_chat = serializers.BooleanField(required=True, label="换个答案")
 
     debug = serializers.BooleanField(required=True, label="是否debug")

apps/application/flow/step_node/tool_lib_node/i_tool_lib_node.py

@@ -23,14 +23,14 @@ class InputField(serializers.Serializer):
 
 
 class FunctionLibNodeParamsSerializer(serializers.Serializer):
-    tool_id = serializers.UUIDField(required=True, label=_('Library ID'))
+    tool_lib_id = serializers.UUIDField(required=True, label=_('Library ID'))
     input_field_list = InputField(required=True, many=True)
     is_result = serializers.BooleanField(required=False,
                                          label=_('Whether to return content'))
 
     def is_valid(self, *, raise_exception=False):
         super().is_valid(raise_exception=True)
-        f_lib = QuerySet(Tool).filter(id=self.data.get('tool_id')).first()
+        f_lib = QuerySet(Tool).filter(id=self.data.get('tool_lib_id')).first()
         if f_lib is None:
             raise Exception(_('The function has been deleted'))
 
@@ -44,5 +44,5 @@ def get_node_params_serializer_class(self) -> Type[serializers.Serializer]:
     def _run(self):
         return self.execute(**self.node_params_serializer.data, **self.flow_params_serializer.data)
 
-    def execute(self, function_lib_id, input_field_list, **kwargs) -> NodeResult:
+    def execute(self, tool_lib_id, input_field_list, **kwargs) -> NodeResult:
         pass

apps/application/flow/step_node/tool_lib_node/impl/base_tool_lib_node.py

@@ -15,10 +15,13 @@
 
 from application.flow.i_step_node import NodeResult
 from application.flow.step_node.tool_lib_node.i_tool_lib_node import IToolLibNode
+from common.database_model_manage.database_model_manage import DatabaseModelManage
 from common.exception.app_exception import AppApiException
 from common.utils.function_code import FunctionExecutor
 from common.utils.rsa_util import rsa_long_decrypt
 from maxkb.const import CONFIG
+from system_manage.models import AuthTargetType
+from system_manage.serializers.user_resource_permission import UserResourcePermissionSerializer
 from tools.models import Tool
 
 function_executor = FunctionExecutor(CONFIG.get('SANDBOX'))
@@ -101,13 +104,14 @@ def convert_value(name: str, value, _type, is_required, source, node):
                                                                               value=value))
 
 
-def valid_function(function_lib, user_id):
-    if function_lib is None:
-        raise Exception(_('Function does not exist'))
-    if function_lib.permission_type == 'PRIVATE' and str(function_lib.user_id) != str(user_id):
-        raise Exception(_('No permission to use this function {name}').format(name=function_lib.name))
-    if not function_lib.is_active:
-        raise Exception(_('Function {name} is unavailable').format(name=function_lib.name))
+def valid_function(tool_lib, workspace_id):
+    if tool_lib is None:
+        raise Exception(_('Tool does not exist'))
+    get_authorized_tool = DatabaseModelManage.get_model("get_authorized_tool")
+    if tool_lib and tool_lib.workspace_id != workspace_id and get_authorized_tool is not None:
+        tool_lib = get_authorized_tool(QuerySet(Tool).filter(id=tool_lib.id), workspace_id).first()
+    if tool_lib is None:
+        raise Exception(_("Tool does not exist"))
 
 
 class BaseToolLibNodeNode(IToolLibNode):
@@ -116,25 +120,26 @@ def save_context(self, details, workflow_manage):
         if self.node_params.get('is_result'):
             self.answer_text = str(details.get('result'))
 
-    def execute(self, function_lib_id, input_field_list, **kwargs) -> NodeResult:
-        function_lib = QuerySet(Tool).filter(id=function_lib_id).first()
-        valid_function(function_lib, self.flow_params_serializer.data.get('user_id'))
+    def execute(self, tool_lib_id, input_field_list, **kwargs) -> NodeResult:
+        workspace_id = self.workflow_manage.get_body().get('workspace_id')
+        tool_lib = QuerySet(Tool).filter(id=tool_lib_id).first()
+        valid_function(tool_lib, workspace_id)
         params = {field.get('name'): convert_value(field.get('name'), field.get('value'), field.get('type'),
                                                    field.get('is_required'),
                                                    field.get('source'), self)
                   for field in
                   [{'value': get_field_value(input_field_list, field.get('name'), field.get('is_required'),
                                              ), **field}
                    for field in
-                   function_lib.input_field_list]}
+                   tool_lib.input_field_list]}
 
         self.context['params'] = params
         # 合并初始化参数
-        if function_lib.init_params is not None:
-            all_params = json.loads(rsa_long_decrypt(function_lib.init_params)) | params
+        if tool_lib.init_params is not None:
+            all_params = json.loads(rsa_long_decrypt(tool_lib.init_params)) | params
         else:
             all_params = params
-        result = function_executor.exec_code(function_lib.code, all_params)
+        result = function_executor.exec_code(tool_lib.code, all_params)
         return NodeResult({'result': result}, {}, _write_context=write_context)
 
     def get_details(self, index: int, **kwargs):

apps/application/serializers/application_chat_record.py

@@ -155,21 +155,18 @@ def reset_chat_record(chat_record, show_source, show_exec):
             'padding_problem_text': chat_record.details.get('problem_padding').get(
                 'padding_problem_text') if 'problem_padding' in chat_record.details else None,
             **(show_source_dict if show_source else {}),
-            **(show_exec_dict if show_exec else {})
+            **(show_exec_dict if show_exec else show_exec_dict)
         }
 
-    def page(self, current_page: int, page_size: int, with_valid=True):
+    def page(self, current_page: int, page_size: int, with_valid=True, show_source=None, show_exec=None):
         if with_valid:
             self.is_valid(raise_exception=True)
         order_by = '-create_time' if self.data.get('order_asc') is None or self.data.get(
             'order_asc') else 'create_time'
-        application_access_token = QuerySet(ApplicationAccessToken).filter(
-            application_id=self.data.get('application_id')).first()
-        show_source = False
-        show_exec = False
-        if application_access_token is not None:
-            show_exec = application_access_token.show_exec
-            show_source = application_access_token.show_source
+        if show_source is None:
+            show_source = True
+        if show_exec is None:
+            show_exec = True
         page = page_search(current_page, page_size,
                            QuerySet(ChatRecord).filter(chat_id=self.data.get('chat_id')).order_by(order_by),
                            post_records_handler=lambda chat_record: self.reset_chat_record(chat_record, show_source,

apps/application/views/application_access_token.py

@@ -50,8 +50,8 @@ def put(self, request: Request, workspace_id: str, application_id: str):
         parameters=ApplicationAccessTokenAPI.get_parameters(),
         tags=[_('Application')]  # type: ignore
     )
-    @has_permissions(PermissionConstants.APPLICATION_OVERVIEW_ACCESS.get_workspace_application_permission(),
-                     PermissionConstants.APPLICATION_OVERVIEW_ACCESS.get_workspace_permission_workspace_manage_role(),
+    @has_permissions(PermissionConstants.APPLICATION_READ.get_workspace_application_permission(),
+                     PermissionConstants.APPLICATION_READ.get_workspace_permission_workspace_manage_role(),
                      ViewPermission([RoleConstants.USER.get_workspace_role()],
                                     [PermissionConstants.APPLICATION.get_workspace_application_permission()],
                                     CompareConstants.AND),

apps/chat/serializers/chat.py

@@ -237,12 +237,13 @@ def chat_work_flow(self, chat_info: ChatInfo, instance: dict, base_to_response):
                                            'chat_user_type': chat_user_type,
                                            'workspace_id': workspace_id,
                                            'debug': debug,
-                                           'chat_user': chat_info.get_chat_user()},
+                                           'chat_user': chat_info.get_chat_user(),
+                                           'application_id': chat_info.application_id},
                                           WorkFlowPostHandler(chat_info),
                                           base_to_response, form_data, image_list, document_list, audio_list,
                                           other_list,
-                                          self.data.get('runtime_node_id'),
-                                          self.data.get('node_data'), chat_record, self.data.get('child_node'))
+                                          instance.get('runtime_node_id'),
+                                          instance.get('node_data'), chat_record, instance.get('child_node'))
         r = work_flow_manage.run()
         return r
 

apps/chat/serializers/chat_record.py

@@ -13,7 +13,7 @@
 from django.utils.translation import gettext_lazy as _, gettext
 from rest_framework import serializers
 
-from application.models import VoteChoices, ChatRecord, Chat
+from application.models import VoteChoices, ChatRecord, Chat, ApplicationAccessToken
 from application.serializers.application_chat import ChatCountSerializer
 from application.serializers.application_chat_record import ChatRecordSerializerModel, \
     ApplicationChatRecordQuerySerializers
@@ -159,6 +159,13 @@ def list(self):
 
     def page(self, current_page, page_size):
         self.is_valid(raise_exception=True)
+        application_access_token = QuerySet(ApplicationAccessToken).filter(
+            application_id=self.data.get('application_id')).first()
+        show_source = False
+        show_exec = False
+        if application_access_token is not None:
+            show_exec = application_access_token.show_exec
+            show_source = application_access_token.show_source
         return ApplicationChatRecordQuerySerializers(
             data={'application_id': self.data.get('application_id'), 'chat_id': self.data.get('chat_id')}).page(
-            current_page, page_size)
+            current_page, page_size, show_source=show_source, show_exec=show_exec)

apps/models_provider/impl/openai_model_provider/openai_model_provider.py

@@ -105,9 +105,6 @@
 ]
 
 model_info_tti_list = [
-    ModelInfo('dall-e-2', '',
-              ModelTypeConst.TTI, openai_tti_model_credential,
-              OpenAITextToImage),
     ModelInfo('dall-e-3', '',
               ModelTypeConst.TTI, openai_tti_model_credential,
               OpenAITextToImage),

apps/system_manage/serializers/user_resource_permission.py

@@ -103,6 +103,33 @@ def get_queryset(self):
                 auth_target_type=self.data.get('auth_target_type'))
         }
 
+    def is_auth(self, resource_id: str):
+        self.is_valid(raise_exception=True)
+        auth_target_type = self.data.get('auth_target_type')
+        workspace_id = self.data.get('workspace_id')
+        user_id = self.data.get('user_id')
+        workspace_manage = is_workspace_manage(user_id, workspace_id)
+        if workspace_manage:
+            return True
+        wurp = QuerySet(WorkspaceUserResourcePermission).filter(auth_target_type=auth_target_type,
+                                                                workspace_id=workspace_id, user=user_id,
+                                                                target=resource_id).first()
+        if wurp is None:
+            return False
+        workspace_user_role_mapping_model = DatabaseModelManage.get_model("workspace_user_role_mapping")
+        role_permission_mapping_model = DatabaseModelManage.get_model("role_permission_mapping_model")
+
+        if wurp.auth_type == ResourceAuthType.ROLE.value:
+            if workspace_user_role_mapping_model and role_permission_mapping_model:
+                inner = QuerySet(workspace_user_role_mapping_model).filter(workspace_id=workspace_id, user_id=user_id)
+                return QuerySet(role_permission_mapping_model).filter(role_id__in=inner,
+                                                                      permission_id=(
+                                                                              auth_target_type + ':READ')).exists()
+            else:
+                return False
+        else:
+            return wurp.permission_list.__contains__(ResourcePermission.VIEW.value)
+
     def auth_resource(self, resource_id: str):
         self.is_valid(raise_exception=True)
         auth_target_type = self.data.get('auth_target_type')