fix: application knowledge list (#3365)

Author: shaohuzhang1

apps/application/serializers/application.py

@@ -295,7 +295,7 @@ class Query(serializers.Serializer):
     workspace_id = serializers.CharField(required=False, label=_('Workspace ID'))
     user_id = serializers.UUIDField(required=True, label=_("User ID"))
 
-    def get_query_set(self, instance: Dict, workspace_manage: bool, is_x_pack_ee: bool):
+    def get_query_set(self, instance: Dict, workspace_manage):
         folder_query_set = QuerySet(ApplicationFolder)
         application_query_set = QuerySet(Application)
         workspace_id = self.data.get('workspace_id')
@@ -317,13 +317,8 @@ def get_query_set(self, instance: Dict, workspace_manage: bool, is_x_pack_ee: bo
             application_query_set = application_query_set.filter(desc__contains=desc)
         application_custom_sql_query_set = application_query_set
         application_query_set = application_query_set.order_by("-update_time")
-        workspace_user_role_mapping_model = DatabaseModelManage.get_model('workspace_user_role_mapping')
-
         return {'folder_query_set': folder_query_set,
-                'application_query_set': application_query_set,
-                'user_query_set': QuerySet(
-                    workspace_user_role_mapping_model).filter(
-                    user_id=user_id, workspace_id=workspace_id)} if (not workspace_manage and is_x_pack_ee) else {
+                'application_query_set': application_query_set} if not workspace_manage else {
             'folder_query_set': folder_query_set,
             'application_query_set': application_query_set,
             'application_custom_sql': application_custom_sql_query_set
@@ -341,12 +336,11 @@ def list(self, instance: Dict):
         user_id = self.data.get("user_id")
         ApplicationQueryRequest(data=instance).is_valid(raise_exception=True)
         workspace_manage = is_workspace_manage(user_id, workspace_id)
-        is_x_pack_ee = self.is_x_pack_ee()
-        return native_search(self.get_query_set(instance, workspace_manage, is_x_pack_ee),
+        return native_search(self.get_query_set(instance, workspace_manage),
                              select_string=get_file_content(
                                  os.path.join(PROJECT_DIR, "apps", "application", 'sql',
                                               'list_application.sql' if workspace_manage else (
-                                                  'list_application_user_ee.sql' if is_x_pack_ee else 'list_application_user.sql')
+                                                  'list_application_user_ee.sql' if self.is_x_pack_ee() else 'list_application_user.sql')
                                               )))
 
     def page(self, current_page: int, page_size: int, instance: Dict):
@@ -355,12 +349,11 @@ def page(self, current_page: int, page_size: int, instance: Dict):
         workspace_id = self.data.get('workspace_id')
         user_id = self.data.get("user_id")
         workspace_manage = is_workspace_manage(user_id, workspace_id)
-        is_x_pack_ee = self.is_x_pack_ee()
-        return native_page_search(current_page, page_size, self.get_query_set(instance, workspace_manage, is_x_pack_ee),
+        return native_page_search(current_page, page_size, self.get_query_set(instance, workspace_manage),
                                   get_file_content(
                                       os.path.join(PROJECT_DIR, "apps", "application", 'sql',
                                                    'list_application.sql' if workspace_manage else (
-                                                       'list_application_user_ee.sql' if is_x_pack_ee else 'list_application_user.sql'))),
+                                                       'list_application_user_ee.sql' if self.is_x_pack_ee() else 'list_application_user.sql'))),
                                   )
 
 

apps/application/sql/list_application_user_ee.sql

@@ -17,11 +17,14 @@ from (select application."id"::text,
                    where auth_target_type = 'APPLICATION'
                      and case
                              when auth_type = 'ROLE' then
+                                 'ROLE' = any (permission_list)
+                                  and
                                  'APPLICATION:READ' in (select (case when user_role_relation.role_id = any (array ['USER']) THEN 'APPLICATION:READ' else role_permission.permission_id END)
                                                         from role_permission role_permission
                                                         right join user_role_relation user_role_relation
                                                             on user_role_relation.role_id=role_permission.role_id
-                                                        ${user_query_set})
+                                                        where user_role_relation.user_id=workspace_user_resource_permission.user_id
+                                                        and  user_role_relation.workspace_id=workspace_user_resource_permission.workspace_id)
 
                              else
                                  'VIEW' = any (permission_list)

apps/knowledge/serializers/knowledge.py

@@ -120,7 +120,7 @@ def is_x_pack_ee():
             role_permission_mapping_model = DatabaseModelManage.get_model("role_permission_mapping_model")
             return workspace_user_role_mapping_model is not None and role_permission_mapping_model is not None
 
-        def get_query_set(self, workspace_manage, is_x_pack_ee):
+        def get_query_set(self):
             workspace_id = self.data.get("workspace_id")
             query_set_dict = {}
             query_set = QuerySet(model=get_dynamics_model({
@@ -157,10 +157,6 @@ def get_query_set(self, workspace_manage, is_x_pack_ee):
                 'knowledge.workspace_id': models.CharField(),
             })).filter(**{'knowledge.workspace_id': workspace_id})
             query_set_dict['folder_query_set'] = folder_query_set
-            workspace_user_role_mapping_model = DatabaseModelManage.get_model('workspace_user_role_mapping')
-            if not workspace_manage and is_x_pack_ee:
-                query_set_dict['user_query_set'] = QuerySet(workspace_user_role_mapping_model).filter(
-                    user_id=self.data.get("user_id"), workspace_id=workspace_id)
             return query_set_dict
 
         def page(self, current_page: int, page_size: int):
@@ -171,18 +167,17 @@ def page(self, current_page: int, page_size: int):
             if not root:
                 raise serializers.ValidationError(_('Folder not found'))
             workspace_manage = is_workspace_manage(self.data.get('user_id'), self.data.get('workspace_id'))
-            is_x_pack_ee = self.is_x_pack_ee()
             return native_page_search(
                 current_page,
                 page_size,
-                self.get_query_set(workspace_manage, is_x_pack_ee),
+                self.get_query_set(),
                 select_string=get_file_content(
                     os.path.join(
                         PROJECT_DIR,
                         "apps",
                         "knowledge", 'sql',
                         'list_knowledge.sql' if workspace_manage else (
-                            'list_knowledge_user_ee.sql' if is_x_pack_ee else 'list_knowledge_user.sql'
+                            'list_knowledge_user_ee.sql' if self.is_x_pack_ee() else 'list_knowledge_user.sql'
                         )
                     )
                 ),
@@ -196,9 +191,8 @@ def list(self):
             if not root:
                 raise serializers.ValidationError(_('Folder not found'))
             workspace_manage = is_workspace_manage(self.data.get('user_id'), self.data.get('workspace_id'))
-            is_x_pack_ee = self.is_x_pack_ee()
             return native_search(
-                self.get_query_set(workspace_manage, is_x_pack_ee),
+                self.get_query_set(),
                 select_string=get_file_content(
                     os.path.join(
                         PROJECT_DIR,

apps/knowledge/sql/list_knowledge_user_ee.sql

@@ -25,11 +25,14 @@ FROM (SELECT "temp_knowledge".id::text, "temp_knowledge".name,
                    where auth_target_type = 'KNOWLEDGE'
                      and case
                              when auth_type = 'ROLE' then
+                                 'ROLE' = any (permission_list)
+                                  and
                                  'KNOWLEDGE:READ' in (select (case when user_role_relation.role_id = any (array ['USER']) THEN 'KNOWLEDGE:READ' else role_permission.permission_id END)
                                                         from role_permission role_permission
                                                         right join user_role_relation user_role_relation
                                                             on user_role_relation.role_id=role_permission.role_id
-                                                        ${user_query_set})
+                                                        where user_role_relation.user_id=workspace_user_resource_permission.user_id
+                                                        and  user_role_relation.workspace_id=workspace_user_resource_permission.workspace_id)
                              else
                                  'VIEW' = any (permission_list)
                        end

ui/src/views/system/resource-authorization/component/PermissionSetting.vue

@@ -181,13 +181,12 @@ const props = defineProps({
   manage: Boolean,
   isRole: Boolean,
 })
-const emit = defineEmits(['update:data', 'refreshData','update:isRole'])
+const emit = defineEmits(['update:data', 'refreshData', 'update:isRole'])
 const radioRole = computed({
   get: () => props.isRole,
-  set: (v:boolean) => {
+  set: (v: boolean) => {
     emit('update:isRole', v)
-
-  }
+  },
 })
 const isKnowledge = computed(() => props.type === AuthorizationEnum.KNOWLEDGE)
 const isApplication = computed(() => props.type === AuthorizationEnum.APPLICATION)
@@ -214,8 +213,6 @@ const dfsPermission = (arr: any = [], Name: string | number, e: boolean, idArr:
   })
 }
 
-
-
 const filterText = ref('')
 
 const filterData = computed(() =>

ui/src/views/system/resource-authorization/index.vue

@@ -150,19 +150,20 @@ const flotTree = (tree: Array<any>, result: Array<any>) => {
   return result
 }
 function submitPermissions() {
-  const user_resource_permission_list = settingTags.map((item: any, index: number) => {
-    return flotTree(item.data, [])
-      .filter((v: any) => !v.isFolder)
-      .map((v: any) => {
-        return {
-          target_id: v.id,
-          auth_target_type: item.value,
-          permission: v.permission,
-          auth_type: item.isRole ? 'ROLE' : 'RESOURCE_PERMISSION_GROUP',
-        }
-      })
-
-  }).reduce((pre: any, next: any) => [...pre, ...next], [])
+  const user_resource_permission_list = settingTags
+    .map((item: any, index: number) => {
+      return flotTree(item.data, [])
+        .filter((v: any) => !v.isFolder)
+        .map((v: any) => {
+          return {
+            target_id: v.id,
+            auth_target_type: item.value,
+            permission: v.permission,
+            auth_type: item.isRole ? 'ROLE' : 'RESOURCE_PERMISSION_GROUP',
+          }
+        })
+    })
+    .reduce((pre: any, next: any) => [...pre, ...next], [])
 
   AuthorizationApi.putResourceAuthorization(
     currentWorkspaceId.value || 'default',
@@ -294,7 +295,9 @@ const getWholeTree = async (user_id: string) => {
       let folderIdMap = []
       const folderTree = cloneDeep((parentRes as unknown as any).data)
       if (Object.keys(childrenRes.data).indexOf(item.value) !== -1) {
-        item.isRole = childrenRes.data[item.value].length>0 && childrenRes.data[item.value][0].permission.ROLE
+        item.isRole =
+          childrenRes.data[item.value].length > 0 &&
+          childrenRes.data[item.value][0].auth_type == 'ROLE'
         folderIdMap = getFolderIdMap(childrenRes.data[item.value])
         dfsFolder(folderTree, folderIdMap)
         const permissionHalf = {