fix: Interface permission verification error #3343 (#3683)

shaohuzhang1 · web-flow · commit bca56af7883d · 2025-07-21T11:38:41.000+08:00
diff --git a/apps/function_lib/serializers/function_lib_serializer.py b/apps/function_lib/serializers/function_lib_serializer.py
@@ -33,11 +33,13 @@
 
 function_executor = FunctionExecutor(CONFIG.get('SANDBOX'))
 
+
 class FlibInstance:
     def __init__(self, function_lib: dict, version: str):
         self.function_lib = function_lib
         self.version = version
 
+
 def encryption(message: str):
     """
         加密敏感字段数据  加密方式是 如果密码是 1234567890  那么给前端则是 123******890
@@ -68,7 +70,8 @@ def encryption(message: str):
 class FunctionLibModelSerializer(serializers.ModelSerializer):
     class Meta:
         model = FunctionLib
-        fields = ['id', 'name', 'icon', 'desc', 'code', 'input_field_list','init_field_list', 'init_params', 'permission_type', 'is_active', 'user_id', 'template_id',
+        fields = ['id', 'name', 'icon', 'desc', 'code', 'input_field_list', 'init_field_list', 'init_params',
+                  'permission_type', 'is_active', 'user_id', 'template_id',
                   'create_time', 'update_time']
 
 
@@ -148,7 +151,6 @@ class Query(serializers.Serializer):
         select_user_id = serializers.CharField(required=False, allow_null=True, allow_blank=True)
         function_type = serializers.CharField(required=False, allow_null=True, allow_blank=True)
 
-
         def get_query_set(self):
             query_set = QuerySet(FunctionLib).filter(
                 (Q(user_id=self.data.get('user_id')) | Q(permission_type='PUBLIC')))
@@ -269,7 +271,7 @@ class Operate(serializers.Serializer):
 
         def is_valid(self, *, raise_exception=False):
             super().is_valid(raise_exception=True)
-            if not QuerySet(FunctionLib).filter(id=self.data.get('id')).exists():
+            if not QuerySet(FunctionLib).filter(user_id=self.data.get('user_id'), id=self.data.get('id')).exists():
                 raise AppApiException(500, _('Function does not exist'))
 
         def delete(self, with_valid=True):
@@ -285,7 +287,8 @@ def edit(self, instance, with_valid=True):
             if with_valid:
                 self.is_valid(raise_exception=True)
                 EditFunctionLib(data=instance).is_valid(raise_exception=True)
-            edit_field_list = ['name', 'desc', 'code', 'icon', 'input_field_list', 'init_field_list', 'init_params', 'permission_type', 'is_active']
+            edit_field_list = ['name', 'desc', 'code', 'icon', 'input_field_list', 'init_field_list', 'init_params',
+                               'permission_type', 'is_active']
             edit_dict = {field: instance.get(field) for field in edit_field_list if (
                     field in instance and instance.get(field) is not None)}
 
@@ -317,7 +320,8 @@ def one(self, with_valid=True):
             if function_lib.init_params:
                 function_lib.init_params = json.loads(rsa_long_decrypt(function_lib.init_params))
             if function_lib.init_field_list:
-                password_fields = [i["field"] for i in function_lib.init_field_list if i.get("input_type") == "PasswordInput"]
+                password_fields = [i["field"] for i in function_lib.init_field_list if
+                                   i.get("input_type") == "PasswordInput"]
                 if function_lib.init_params:
                     for k in function_lib.init_params:
                         if k in password_fields and function_lib.init_params[k]:
