fix: Application workspace restrictions

Author: shaohuzhang1

apps/application/serializers/application.py

@@ -325,7 +325,7 @@ def get_query_set(self, instance: Dict, workspace_manage: bool, is_x_pack_ee: bo
                     auth_target_type="APPLICATION",
                     workspace_id=workspace_id,
                     user_id=user_id)} if (
-                not workspace_manage and is_x_pack_ee) else {
+            not workspace_manage) else {
             'folder_query_set': folder_query_set,
             'application_query_set': application_query_set,
             'application_custom_sql': application_custom_sql_query_set
@@ -551,7 +551,11 @@ class ApplicationOperateSerializer(serializers.Serializer):
 
     def is_valid(self, *, raise_exception=False):
         super().is_valid(raise_exception=True)
-        if not QuerySet(Application).filter(id=self.data.get('application_id')).exists():
+        workspace_id = self.data.get('workspace_id')
+        query_set = QuerySet(Application).filter(id=self.data.get('application_id'))
+        if workspace_id:
+            query_set = query_set.filter(workspace_id=workspace_id)
+        if not query_set.exists():
             raise AppApiException(500, _('Application id does not exist'))
 
     def delete(self, with_valid=True):

apps/application/serializers/application_access_token.py

@@ -7,16 +7,17 @@
     @desc:
 """
 import hashlib
-import uuid_utils.compat as uuid
 
+import uuid_utils.compat as uuid
 from django.core.cache import cache
 from django.db.models import QuerySet
 from django.utils.translation import gettext_lazy as _
 from rest_framework import serializers
 
-from application.models import ApplicationAccessToken
+from application.models import ApplicationAccessToken, Application
 from common.constants.cache_version import Cache_Version
 from common.database_model_manage.database_model_manage import DatabaseModelManage
+from common.exception.app_exception import AppApiException
 
 
 class AccessTokenEditSerializer(serializers.Serializer):
@@ -44,6 +45,16 @@ class AccessTokenEditSerializer(serializers.Serializer):
 
 class AccessTokenSerializer(serializers.Serializer):
     application_id = serializers.UUIDField(required=True, label=_("Application ID"))
+    workspace_id = serializers.CharField(required=False, allow_null=True, allow_blank=True, label=_("Workspace ID"))
+
+    def is_valid(self, *, raise_exception=False):
+        super().is_valid(raise_exception=True)
+        workspace_id = self.data.get('workspace_id')
+        query_set = QuerySet(Application).filter(id=self.data.get('application_id'))
+        if workspace_id:
+            query_set = query_set.filter(workspace_id=workspace_id)
+        if not query_set.exists():
+            raise AppApiException(500, _('Application id does not exist'))
 
     def edit(self, instance):
         self.is_valid(raise_exception=True)

apps/application/serializers/application_api_key.py

@@ -30,15 +30,17 @@ class EditApplicationKeySerializer(serializers.Serializer):
 
 
 class ApplicationKeySerializer(serializers.Serializer):
-    workspace_id = serializers.CharField(required=True, label=_('workspace id'))
+    workspace_id = serializers.CharField(required=False, allow_null=True, allow_blank=True, label=_("Workspace ID"))
     application_id = serializers.UUIDField(required=True, label=_('application id'))
 
     def is_valid(self, *, raise_exception=False):
         super().is_valid(raise_exception=True)
-        application_id = self.data.get("application_id")
-        application = QuerySet(Application).filter(id=application_id).first()
-        if application is None:
-            raise AppApiException(1001, _("Application does not exist"))
+        workspace_id = self.data.get('workspace_id')
+        query_set = QuerySet(Application).filter(id=self.data.get('application_id'))
+        if workspace_id:
+            query_set = query_set.filter(workspace_id=workspace_id)
+        if not query_set.exists():
+            raise AppApiException(500, _('Application id does not exist'))
 
     def generate(self, with_valid=True):
         if with_valid:
@@ -61,10 +63,19 @@ def list(self, with_valid=True):
                 QuerySet(ApplicationApiKey).filter(application_id=application_id)]
 
     class Operate(serializers.Serializer):
-        workspace_id = serializers.CharField(required=True, label=_('workspace id'))
+        workspace_id = serializers.CharField(required=False, allow_null=True, allow_blank=True, label=_("Workspace ID"))
         application_id = serializers.UUIDField(required=True, label=_('application id'))
         api_key_id = serializers.UUIDField(required=True, label=_('ApiKeyId'))
 
+        def is_valid(self, *, raise_exception=False):
+            super().is_valid(raise_exception=True)
+            workspace_id = self.data.get('workspace_id')
+            query_set = QuerySet(Application).filter(id=self.data.get('application_id'))
+            if workspace_id:
+                query_set = query_set.filter(workspace_id=workspace_id)
+            if not query_set.exists():
+                raise AppApiException(500, _('Application id does not exist'))
+
         def delete(self, with_valid=True):
             if with_valid:
                 self.is_valid(raise_exception=True)

apps/application/serializers/application_chat.py

@@ -22,8 +22,9 @@
 from openpyxl.cell.cell import ILLEGAL_CHARACTERS_RE
 from rest_framework import serializers
 
-from application.models import Chat
+from application.models import Chat, Application
 from common.db.search import get_dynamics_model, native_search, native_page_search
+from common.exception.app_exception import AppApiException
 from common.utils.common import get_file_content
 from maxkb.conf import PROJECT_DIR
 from maxkb.settings import TIME_ZONE
@@ -48,6 +49,7 @@ class ApplicationChatRecordExportRequest(serializers.Serializer):
 
 
 class ApplicationChatQuerySerializers(serializers.Serializer):
+    workspace_id = serializers.CharField(required=False, allow_null=True, allow_blank=True, label=_("Workspace ID"))
     abstract = serializers.CharField(required=False, allow_blank=True, allow_null=True, label=_("summary"))
     start_time = serializers.DateField(format='%Y-%m-%d', label=_("Start time"))
     end_time = serializers.DateField(format='%Y-%m-%d', label=_("End time"))
@@ -61,6 +63,15 @@ class ApplicationChatQuerySerializers(serializers.Serializer):
                                   message=_("Only supports and|or"), code=500)
     ])
 
+    def is_valid(self, *, raise_exception=False):
+        super().is_valid(raise_exception=True)
+        workspace_id = self.data.get('workspace_id')
+        query_set = QuerySet(Application).filter(id=self.data.get('application_id'))
+        if workspace_id:
+            query_set = query_set.filter(workspace_id=workspace_id)
+        if not query_set.exists():
+            raise AppApiException(500, _('Application id does not exist'))
+
     def get_end_time(self):
         return datetime.datetime.combine(
             datetime.datetime.strptime(self.data.get('end_time'), '%Y-%m-%d'),

apps/application/serializers/application_chat_record.py

@@ -17,12 +17,12 @@
 from rest_framework import serializers
 from rest_framework.utils.formatting import lazy_format
 
-from application.models import ChatRecord, ApplicationAccessToken
+from application.models import ChatRecord, ApplicationAccessToken, Application
 from application.serializers.common import ChatInfo
 from common.db.search import page_search
 from common.exception.app_exception import AppApiException
 from common.utils.common import post
-from knowledge.models import Paragraph, Document, Problem, ProblemParagraphMapping
+from knowledge.models import Paragraph, Document, Problem, ProblemParagraphMapping, Knowledge
 from knowledge.serializers.common import get_embedding_model_id_by_knowledge_id, update_document_char_length
 from knowledge.serializers.paragraph import ParagraphSerializers
 from knowledge.task.embedding import embedding_by_paragraph, embedding_by_paragraph_list
@@ -39,12 +39,18 @@ class Meta:
 
 class ChatRecordOperateSerializer(serializers.Serializer):
     chat_id = serializers.UUIDField(required=True, label=_("Conversation ID"))
-    workspace_id = serializers.CharField(required=False, label=_("Workspace ID"))
+    workspace_id = serializers.CharField(required=False, allow_null=True, allow_blank=True, label=_("Workspace ID"))
     application_id = serializers.UUIDField(required=True, label=_("Application ID"))
     chat_record_id = serializers.UUIDField(required=True, label=_("Conversation record id"))
 
     def is_valid(self, *, debug=False, raise_exception=False):
         super().is_valid(raise_exception=True)
+        workspace_id = self.data.get('workspace_id')
+        query_set = QuerySet(Application).filter(id=self.data.get('application_id'))
+        if workspace_id:
+            query_set = query_set.filter(workspace_id=workspace_id)
+        if not query_set.exists():
+            raise AppApiException(500, _('Application id does not exist'))
         application_access_token = QuerySet(ApplicationAccessToken).filter(
             application_id=self.data.get('application_id')).first()
         if application_access_token is None:
@@ -72,10 +78,20 @@ def one(self, debug):
 
 
 class ApplicationChatRecordQuerySerializers(serializers.Serializer):
+    workspace_id = serializers.CharField(required=False, allow_null=True, allow_blank=True, label=_("Workspace ID"))
     application_id = serializers.UUIDField(required=True, label=_("Application ID"))
     chat_id = serializers.UUIDField(required=True, label=_("Chat ID"))
     order_asc = serializers.BooleanField(required=False, allow_null=True, label=_("Is it in order"))
 
+    def is_valid(self, *, raise_exception=False):
+        super().is_valid(raise_exception=True)
+        workspace_id = self.data.get('workspace_id')
+        query_set = QuerySet(Application).filter(id=self.data.get('application_id'))
+        if workspace_id:
+            query_set = query_set.filter(workspace_id=workspace_id)
+        if not query_set.exists():
+            raise AppApiException(500, _('Application id does not exist'))
+
     def list(self, with_valid=True):
         if with_valid:
             self.is_valid(raise_exception=True)
@@ -137,11 +153,24 @@ class Meta:
 
 
 class ChatRecordImproveSerializer(serializers.Serializer):
+    workspace_id = serializers.CharField(required=False, allow_null=True, allow_blank=True, label=_("Workspace ID"))
+
+    application_id = serializers.UUIDField(required=True, label=_("Application ID"))
+
     chat_id = serializers.UUIDField(required=True, label=_("Conversation ID"))
 
     chat_record_id = serializers.UUIDField(required=True,
                                            label=_("Conversation record id"))
 
+    def is_valid(self, *, raise_exception=False):
+        super().is_valid(raise_exception=True)
+        workspace_id = self.data.get('workspace_id')
+        query_set = QuerySet(Application).filter(id=self.data.get('application_id'))
+        if workspace_id:
+            query_set = query_set.filter(workspace_id=workspace_id)
+        if not query_set.exists():
+            raise AppApiException(500, _('Application id does not exist'))
+
     def get(self, with_valid=True):
         if with_valid:
             self.is_valid(raise_exception=True)
@@ -173,13 +202,21 @@ class ApplicationChatRecordImproveInstanceSerializer(serializers.Serializer):
 
 
 class ApplicationChatRecordAddKnowledgeSerializer(serializers.Serializer):
+    workspace_id = serializers.CharField(required=False, allow_null=True, allow_blank=True, label=_("Workspace ID"))
+    application_id = serializers.UUIDField(required=True, label=_("Application ID"))
     knowledge_id = serializers.UUIDField(required=True, label=_("Knowledge base id"))
     document_id = serializers.UUIDField(required=True, label=_("Document id"))
     chat_ids = serializers.ListSerializer(child=serializers.UUIDField(), required=True,
                                           label=_("Conversation ID"))
 
     def is_valid(self, *, raise_exception=False):
         super().is_valid(raise_exception=True)
+        workspace_id = self.data.get('workspace_id')
+        query_set = QuerySet(Application).filter(id=self.data.get('application_id'))
+        if workspace_id:
+            query_set = query_set.filter(workspace_id=workspace_id)
+        if not query_set.exists():
+            raise AppApiException(500, _('Application id does not exist'))
         if not Document.objects.filter(id=self.data['document_id'], knowledge_id=self.data['knowledge_id']).exists():
             raise AppApiException(500, gettext("The document id is incorrect"))
 
@@ -255,6 +292,19 @@ class ApplicationChatRecordImproveSerializer(serializers.Serializer):
 
     def is_valid(self, *, raise_exception=False):
         super().is_valid(raise_exception=True)
+        workspace_id = self.data.get('workspace_id')
+        query_set = QuerySet(Application).filter(id=self.data.get('application_id'))
+        if workspace_id:
+            query_set = query_set.filter(workspace_id=workspace_id)
+        if not query_set.exists():
+            raise AppApiException(500, _('Application id does not exist'))
+
+        query_set = QuerySet(Knowledge).filter(id=self.data.get('knowledge_id'))
+        if workspace_id:
+            query_set = query_set.filter(workspace_id=workspace_id)
+        if not query_set.exists():
+            raise AppApiException(500, _('Knowledge id does not exist'))
+
         if not QuerySet(Document).filter(id=self.data.get('document_id'),
                                          knowledge_id=self.data.get('knowledge_id')).exists():
             raise AppApiException(500, gettext("The document id is incorrect"))

apps/application/serializers/application_folder.py

@@ -1,7 +1,6 @@
 from rest_framework import serializers
 
 from application.models import ApplicationFolder
-from knowledge.models import KnowledgeFolder
 
 
 class ApplicationFolderTreeSerializer(serializers.ModelSerializer):

apps/application/serializers/application_stats.py

@@ -15,8 +15,9 @@
 from django.utils.translation import gettext_lazy as _
 from rest_framework import serializers
 
-from application.models import ApplicationChatUserStats
+from application.models import ApplicationChatUserStats, Application
 from common.db.search import native_search, get_dynamics_model
+from common.exception.app_exception import AppApiException
 from common.utils.common import get_file_content
 from maxkb.conf import PROJECT_DIR
 
@@ -32,10 +33,20 @@ class ApplicationStatsSerializer(serializers.Serializer):
 
 
 class ApplicationStatisticsSerializer(serializers.Serializer):
+    workspace_id = serializers.CharField(required=False, allow_null=True, allow_blank=True, label=_("Workspace ID"))
     application_id = serializers.UUIDField(required=True, label=_("Application ID"))
     start_time = serializers.DateField(format='%Y-%m-%d', label=_("Start time"))
     end_time = serializers.DateField(format='%Y-%m-%d', label=_("End time"))
 
+    def is_valid(self, *, raise_exception=False):
+        super().is_valid(raise_exception=True)
+        workspace_id = self.data.get('workspace_id')
+        query_set = QuerySet(Application).filter(id=self.data.get('application_id'))
+        if workspace_id:
+            query_set = query_set.filter(workspace_id=workspace_id)
+        if not query_set.exists():
+            raise AppApiException(500, _('Application id does not exist'))
+
     def get_end_time(self):
         return datetime.datetime.combine(
             datetime.datetime.strptime(self.data.get('end_time'), '%Y-%m-%d'),

apps/application/serializers/application_version.py

@@ -12,7 +12,7 @@
 from django.utils.translation import gettext_lazy as _
 from rest_framework import serializers
 
-from application.models import WorkFlowVersion
+from application.models import WorkFlowVersion, Application
 from common.db.search import page_search
 from common.exception.app_exception import AppApiException
 
@@ -40,6 +40,7 @@ class ApplicationVersionSerializer(serializers.Serializer):
     workspace_id = serializers.CharField(required=False, label=_("Workspace ID"))
 
     class Query(serializers.Serializer):
+        workspace_id = serializers.CharField(required=False, allow_null=True, allow_blank=True, label=_("Workspace ID"))
 
         def get_query_set(self, query):
             query_set = QuerySet(WorkFlowVersion).filter(application_id=query.get('application_id'))
@@ -64,10 +65,20 @@ def page(self, query, current_page, page_size, with_valid=True):
                                post_records_handler=lambda v: ApplicationVersionModelSerializer(v).data)
 
     class Operate(serializers.Serializer):
+        workspace_id = serializers.CharField(required=False, allow_null=True, allow_blank=True, label=_("Workspace ID"))
         application_id = serializers.UUIDField(required=True, label=_("Application ID"))
         work_flow_version_id = serializers.UUIDField(required=True,
                                                      label=_("Workflow version id"))
 
+        def is_valid(self, *, raise_exception=False):
+            super().is_valid(raise_exception=True)
+            workspace_id = self.data.get('workspace_id')
+            query_set = QuerySet(Application).filter(id=self.data.get('application_id'))
+            if workspace_id:
+                query_set = query_set.filter(workspace_id=workspace_id)
+            if not query_set.exists():
+                raise AppApiException(500, _('Application id does not exist'))
+
         def one(self, with_valid=True):
             if with_valid:
                 self.is_valid(raise_exception=True)

apps/application/sql/list_application_user.sql

@@ -14,7 +14,7 @@ from (select application."id"::text,
       from application left join "user" on user_id = "user".id
       where application."id" in (select target
                    from workspace_user_resource_permission
-                   where auth_target_type = 'APPLICATION'
+                   ${workspace_user_resource_permission_query_set}
                      and 'VIEW' = any (permission_list))
       UNION
       select application_folder."id",

apps/application/views/application_access_token.py

@@ -37,7 +37,7 @@ class AccessToken(APIView):
                      RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
     def put(self, request: Request, workspace_id: str, application_id: str):
         return result.success(
-            AccessTokenSerializer(data={'application_id': application_id}).edit(
+            AccessTokenSerializer(data={'workspace_id': workspace_id, 'application_id': application_id}).edit(
                 request.data))
 
     @extend_schema(
@@ -54,4 +54,5 @@ def put(self, request: Request, workspace_id: str, application_id: str):
                      RoleConstants.WORKSPACE_MANAGE.get_workspace_role()
                      )
     def get(self, request: Request, workspace_id: str, application_id: str):
-        return result.success(AccessTokenSerializer(data={'application_id': application_id}).one())
+        return result.success(
+            AccessTokenSerializer(data={'workspace_id': workspace_id, 'application_id': application_id}).one())