知识库，机器人列表默认权限查询修改

api/services/app_service.py

@@ -19,7 +19,7 @@ from core.tools.tool_manager import ToolManager
 from core.tools.utils.configuration import ToolParameterConfigurationManager
 from events.app_event import app_was_created
 from extensions.ext_database import db
-from models.account import Account
+from models.account import Account, TenantAccountRole
 from models.model import App, AppMode, AppModelConfig, AppPermissionAll
 from models.tools import ApiToolProvider
 from services.tag_service import TagService
@@ -69,26 +69,29 @@ class AppService:
         auth_type = args.get("auth_type")
         # 根据 auth_type 构建不同的查询
         if auth_type is None:
-            query1 = db.select(App.id).where(
-                *filters,
-                App.created_by == user_id
-            )
-            query2 = db.select(App.id).join(
-                Account, App.dept_id == Account.dept_id
-            ).where(
-                *filters,
-                App.edit_auth == 2,
-                Account.id == user_id
-            )
-            query3 = db.select(App.id).join(
-                AppPermissionAll, App.id == AppPermissionAll.app_id
-            ).where(
-                *filters,
-                AppPermissionAll.has_read_permission == True,
-                AppPermissionAll.account_id == user_id
-            )
-            union_query = union(query1, query2, query3).subquery()
-            main_query = db.select(App).where(App.id.in_(select(union_query.c.id)))
+            if current_user.current_role in {TenantAccountRole.OWNER, TenantAccountRole.ADMIN}:
+                pass
+            else:
+                query1 = db.select(App.id).where(
+                    *filters,
+                    App.created_by == user_id
+                )
+                query2 = db.select(App.id).join(
+                    Account, App.dept_id == Account.dept_id
+                ).where(
+                    *filters,
+                    App.edit_auth == 2,
+                    Account.id == user_id
+                )
+                query3 = db.select(App.id).join(
+                    AppPermissionAll, App.id == AppPermissionAll.app_id
+                ).where(
+                    *filters,
+                    AppPermissionAll.has_read_permission == True,
+                    AppPermissionAll.account_id == user_id
+                )
+                union_query = union(query1, query2, query3).subquery()
+                main_query = db.select(App).where(App.id.in_(select(union_query.c.id)))
         elif auth_type == "1":
             # 只查询部门编辑权限
             main_query = db.select(App).where(

api/services/dataset_service.py

@@ -809,7 +809,10 @@ class DatasetService:
         # 根据 auth_type 选择要使用的查询
         if auth_type is None:
             # 如果 auth_type 为空，使用所有查询
-            queries = [query1, query2, query3, query4]
+            if user.current_role in {TenantAccountRole.OWNER, TenantAccountRole.ADMIN}:
+                queries = [Dataset.query]
+            else:
+                queries = [query1, query2, query3, query4]
         elif auth_type == 1:
             queries = [query1]
         elif auth_type == 2: