suhh-机器人编辑权限接口、部门非成员账号树

api/controllers/console/app/app.py

@@ -343,15 +343,28 @@ class AppTraceApi(Resource):
 class AppPermissionApi(Resource):
     @setup_required
     @login_required
+    @get_app_model
     @account_initialization_required
-    def post(self, app_id):
-        # add app permission
-        app_id = str(app_id)
-        app = AppService.get_app_by_id(app_id)
-        if not app:
+    def get(self, app_model):
+        app_service = AppService()
+        app_model = app_service.get_app(app_model)
+        if not app_model:
             raise NotFound("App not found.")
-        if not current_user.is_dataset_editor:
-            raise Forbidden()
+        read_permission_list = AppService.get_app_read_permission(app_model.id)
+        response = {
+            "edit_auth": app_model.edit_auth,
+            "read_permission": read_permission_list,
+        }
+        return response
+
+    @setup_required
+    @login_required
+    @get_app_model
+    @account_initialization_required
+    def post(self, app_model):
+        # add app permission
+        app_service = AppService()
+        app_model = app_service.get_app(app_model)
 
         # 解析表单数据
         data = request.get_json()
@@ -359,6 +372,7 @@ class AppPermissionApi(Resource):
             raise NotFound("Invalid JSON")
 
         edit_auth = data.get("edit_auth")
+        print("edit_auth" + str(edit_auth))
         if edit_auth is None:
             return jsonify({"error": "Missing 'edit_auth' field"}), 400
 
@@ -368,9 +382,9 @@ class AppPermissionApi(Resource):
         if not isinstance(read_permission_list, list):
             return jsonify({"error": "'read_permission' should be a list"}), 400
         # 更新知识库的编辑权限
-        AppService.update_app_edit_auth(app_id, edit_auth, current_user)
+        AppService.update_app_edit_auth(current_user.id, app_model, edit_auth)
         # 更新知识库的编辑、可见授权
-        AppService.update_app_read_permission(app_id, current_user, read_permission_list)
+        AppService.update_app_read_permission(current_user.id, app_model, read_permission_list)
         return {"result": "success"}, 204
 
 

api/controllers/console/dept/depts.py

@@ -17,7 +17,13 @@ class DeptAccountListApi(Resource):
     @login_required
     @account_initialization_required
     def get(self):
-        dept_account_list = DeptService.get_dept_account_list()
+        edit = request.args.get("edit", default=1, type=str)
+        if edit is None or edit == "":
+            type = 0
+            dept_account_list = DeptService.get_dept_account_list(type)
+        else:
+            type = 1
+            dept_account_list = DeptService.get_dept_account_list(type)
         response = {
             "result": "success",
             "data": dept_account_list,

api/services/app_service.py

@@ -157,8 +157,7 @@ class AppService:
 
         return app
 
-    def get_app_by_id(self) -> App:
-        app = db.session.query(App).filter(App.id == self).all()
+    def get_app_by_id(self, app: App) -> App:
         return app
 
     def get_app(self, app: App) -> App:
@@ -378,33 +377,62 @@ class AppService:
 
         return meta
 
-    def update_app_edit_auth(self, edit_auth, user):
-        app = AppService.get_app_by_id(self)
+    def update_app_edit_auth(self, app: App, edit_auth: str) -> App:
+        """
+        Update app
+        :param app: App instance
+        :param args: request args
+        :return: App instance
+        """
         if not app:
             raise ValueError("App not found")
+        app.edit_auth = edit_auth
+        app.updated_by = current_user.id
+        app.updated_at = datetime.now(UTC).replace(tzinfo=None)
+        db.session.commit()
+
+        return app
 
-        if app.edit_auth != edit_auth:
-            app.query.filter_by(id=self).update(
-                {"edit_auth": edit_auth, "updated_by": user, "updated_at": datetime.datetime.now()}
+    def get_app_read_permission(self):
+        results = (
+            db.session.query(AppPermissionAll.account_id, Account.email)
+            .join(AppPermissionAll, Account.id == AppPermissionAll.account_id)
+            .filter(AppPermissionAll.app_id == self, AppPermissionAll.has_read_permission == True)
+            .all()
+        )
+        read_permission_list = []
+        for row in results:
+            read_permission_list.append({"id": row.account_id, "email": row.email})
+        return read_permission_list
+
+    def update_app_read_permission(self, app, read_permission_list):
+        app_id = str(app.id)
+        old_read_permission_list = AppService.get_app_read_permission(app_id)
+        old_read_permission_set = {item.get("id") for item in old_read_permission_list}
+        read_permission_set = {item.get("id") for item in read_permission_list}
+
+        delete_read_permission_set = old_read_permission_set - read_permission_set
+
+        delete_read_permission_list = list(delete_read_permission_set)
+        for delete_read in delete_read_permission_list:
+            delete_account_id = str(delete_read)
+            AppPermissionAll.query.filter_by(app_id=app_id, account_id=delete_account_id).update(
+                {"has_read_permission": False, "updated_by": self, "updated_at": datetime.now(UTC).replace(tzinfo=None)}
             )
             db.session.commit()
-
-    def update_app_read_permission(self, user, read_permission_list):
         for read_permission in read_permission_list:
-            print(f" 查看权限 ID: {read_permission.get('id')}, Email: {read_permission.get('email')}")
             account_id = read_permission.get("id")
             email = read_permission.get("email")
             app_permission_all: Optional[AppPermissionAll] = AppPermissionAll.query.filter_by(
-                app_id=self, account_id=account_id
+                app_id=app_id, account_id=account_id
             ).first()
             if app_permission_all == None:
                 # 插入
-                print(f" 数据表无有查看权限 ID: {read_permission.get('id')}, Email: {read_permission.get('email')}")
                 new_app_permission_all = AppPermissionAll()
-                new_app_permission_all.dataset_id = self
+                new_app_permission_all.app_id = app_id
                 new_app_permission_all.account_id = account_id
-                new_app_permission_all.created_by = user.id
-                new_app_permission_all.updated_by = user.id
+                new_app_permission_all.created_by = self
+                new_app_permission_all.updated_by = self
                 new_app_permission_all.has_read_permission = True
                 new_app_permission_all.email = email
                 db.session.add(new_app_permission_all)
@@ -412,7 +440,11 @@ class AppService:
                 db.session.flush()
             else:
                 if app_permission_all.has_read_permission == False:
-                    app_permission_all.query.filter_by(app_id=self, account_id=account_id).update(
-                        {"has_read_permission": True, "updated_by": user.id, "updated_at": datetime.now()}
+                    app_permission_all.query.filter_by(app_id=app_id, account_id=account_id).update(
+                        {
+                            "has_read_permission": True,
+                            "updated_by": self,
+                            "updated_at": datetime.now(UTC).replace(tzinfo=None),
+                        }
                     )
                     db.session.commit()

api/services/dataset_service.py

@@ -291,7 +291,7 @@ class DatasetService:
     @staticmethod
     def get_datasets_edit_permission(dataset_id):
         results = (
-            db.session.query(DatasetPermissionAll.account_id, Account.email)
+            db.session.query(DatasetPermissionAll.account_id, Account.email, DatasetPermissionAll.dataset_id)
             .join(DatasetPermissionAll, Account.id == DatasetPermissionAll.account_id)
             .filter(DatasetPermissionAll.dataset_id == dataset_id, DatasetPermissionAll.has_edit_permission == True)
             .all()
@@ -331,15 +331,29 @@ class DatasetService:
 
     @staticmethod
     def update_dataset_edit_and_read_permission(dataset_id, user, edit_permission_list, read_permission_list):
+        old_edit_permission_list = DatasetService.get_datasets_edit_permission(dataset_id)
+
+        # 提取 id 字段
+        old_edit_permission_set = {item.get("id") for item in old_edit_permission_list}
+        edit_permission_set = {item.get("id") for item in edit_permission_list}
+
+
+        delete_edit_permission_set = old_edit_permission_set - edit_permission_set
+        delete_edit_permission_list = list(delete_edit_permission_set)
+        for delete_edit in delete_edit_permission_list:
+            delete_account_id = str(delete_edit)
+            DatasetPermissionAll.query.filter_by(dataset_id=dataset_id, account_id=delete_account_id).update(
+                {"has_edit_permission": False, "updated_by": user.id, "updated_at": datetime.datetime.now()}
+            )
+            db.session.commit()
+
         for edit_permission in edit_permission_list:
-            print(f" 编辑权限 ID: {edit_permission.get('id')}, Email: {edit_permission.get('email')}")
             account_id = edit_permission.get("id")
             email = edit_permission.get("email")
             dataset_permission_all: Optional[DatasetPermissionAll] = DatasetPermissionAll.query.filter_by(
                 dataset_id=dataset_id, email=email, account_id=account_id
             ).first()
             if dataset_permission_all == None:
-                print(f" 数据表原本无编辑权限 ID: {edit_permission.get('id')}, Email: {edit_permission.get('email')}")
                 new_dataset_permission_all = DatasetPermissionAll()
                 new_dataset_permission_all.dataset_id = dataset_id
                 new_dataset_permission_all.account_id = account_id
@@ -357,8 +371,21 @@ class DatasetService:
                     )
                     db.session.commit()
 
+        old_read_permission_list = DatasetService.get_datasets_read_permission(dataset_id)
+        old_read_permission_set = {item.get("id") for item in old_read_permission_list}
+        read_permission_set = {item.get("id") for item in read_permission_list}
+
+
+        delete_read_permission_set = old_read_permission_set - read_permission_set
+
+        delete_read_permission_list = list(delete_read_permission_set)
+        for delete_read in delete_read_permission_list:
+            delete_account_id = str(delete_read)
+            DatasetPermissionAll.query.filter_by(dataset_id=dataset_id, account_id=delete_account_id).update(
+                {"has_read_permission": False, "updated_by": user.id, "updated_at": datetime.datetime.now()}
+            )
+            db.session.commit()
         for read_permission in read_permission_list:
-            print(f" 查看权限 ID: {read_permission.get('id')}, Email: {read_permission.get('email')}")
             account_id = read_permission.get("id")
             email = read_permission.get("email")
             dataset_permission_all: Optional[DatasetPermissionAll] = DatasetPermissionAll.query.filter_by(
@@ -366,7 +393,6 @@ class DatasetService:
             ).first()
             if dataset_permission_all == None:
                 # 插入
-                print(f" 数据表无有查看权限 ID: {read_permission.get('id')}, Email: {read_permission.get('email')}")
                 new_dataset_permission_all = DatasetPermissionAll()
                 new_dataset_permission_all.dataset_id = dataset_id
                 new_dataset_permission_all.account_id = account_id
@@ -964,7 +990,6 @@ class TemplateService:
     @staticmethod
     def get_templates(template_id) -> Optional[Template]:
         if template_id:
-            print("模版id" + template_id)
             template: Optional[Template] = Template.query.filter_by(id=template_id).first()
             return template
         else:

api/services/dept_service.py

@@ -3,40 +3,76 @@ import datetime
 from sqlalchemy import or_
 
 from extensions.ext_database import db
-from models.account import Account
+from models.account import Account, TenantAccountJoin
 from models.dept import Dept
 from services.account_service import AccountService
 
 
 class DeptService:
     @staticmethod
-    def get_dept_account_list():
+    def get_dept_account_list(self):
         dept_list = []
-        account_list = []
 
-        dept_results = db.session.query(Dept.dept_id, Dept.dept_name).filter(Dept.status == "active").all()
+        condition = or_(Dept.parent_dept_id == None, Dept.parent_dept_id == "")
+        dept_results = db.session.query(Dept).filter(Dept.status == "active", condition).all()
 
-        account_results = (
-            db.session.query(Account.dept_id, Account.id, Account.email).filter(Account.status == "active").all()
-        )
         for dept_row in dept_results:
-            for account_row in account_results:
-                if account_row.dept_id == dept_row.dept_id:
-                    account_list.append({"account_id": account_row.id, "email": account_row.email})
-            dept_list.append({"dept_id": dept_row.dept_id, "dept_name": dept_row.dept_name, "accounts": account_list})
+            children_dept_list = []
+            children_depts = (
+                db.session.query(Dept).filter(Dept.status == "active", Dept.parent_dept_id == dept_row.dept_id).all()
+            )
 
+            for children_dept in children_depts:
+                if self == 0:
+                    account_list = DeptService.get_dept_account(children_dept.dept_id)
+                else:
+                    account_list = DeptService.get_dept_edit_account(children_dept.dept_id)
+                children_dept_list.append(
+                    {
+                        "dept_id": children_dept.dept_id,
+                        "dept_name": children_dept.dept_name,
+                        "parent_dept_id": children_dept.parent_dept_id,
+                        "account_list": account_list,
+                    }
+                )
+            if self == 0:
+                account_list = DeptService.get_dept_account(dept_row.dept_id)
+            else:
+                account_list = DeptService.get_dept_edit_account(dept_row.dept_id)
+            dept_list.append(
+                {
+                    "parent_dept_id": "",
+                    "dept_id": dept_row.dept_id,
+                    "dept_name": dept_row.dept_name,
+                    "account_list": account_list,
+                    "children": children_dept_list,
+                }
+            )
         return dept_list
 
     @staticmethod
-    def get_dept_account(dept_id):
+    def get_dept_account(self):
         dept_account = []
         account_results = (
-            db.session.query(Account.dept_id, Account.id, Account.email)
-            .filter(Account.status == "active", Account.dept_id == str(dept_id))
+            db.session.query(Account.dept_id, Account.id, Account.email, Account.name)
+            .filter(Account.status == "active", Account.dept_id == str(self))
             .all()
         )
         for row in account_results:
-            dept_account.append({"account_id": row.id, "email": row.email})
+            dept_account.append({"account_id": row.id, "email": row.email, "name": row.name})
+        return dept_account
+
+    @staticmethod
+    def get_dept_edit_account(self):
+        dept_account = []
+        account_results = (
+            db.session.query(Account.dept_id, Account.id, Account.email, Account.name)
+            .join(TenantAccountJoin, Account.id == TenantAccountJoin.account_id)
+            .filter(Account.status == "active", Account.dept_id == str(self), TenantAccountJoin.role != "normal")
+            .all()
+        )
+        for row in account_results:
+            dept_account.append({"account_id": row.id, "email": row.email, "name": row.name})
         return dept_account
 
     @staticmethod
@@ -46,13 +82,10 @@ class DeptService:
         condition = or_(Dept.parent_dept_id == None, Dept.parent_dept_id == "")
         dept_results = db.session.query(Dept).filter(Dept.status == "active", condition).all()
 
-        print(str(dept_results))
         for dept_row in dept_results:
             children_dept_list = []
             children_depts = (
-                db.session.query(Dept)
-                .filter(Dept.status == "active", Dept.parent_dept_id == dept_row.dept_id)
-                .all()
+                db.session.query(Dept).filter(Dept.status == "active", Dept.parent_dept_id == dept_row.dept_id).all()
             )
             for children_dept in children_depts:
                 children_dept_list.append(
@@ -118,7 +151,6 @@ class DeptService:
                 }
             )
         )
-        print(str(sql))
         db.session.commit()
 
     @staticmethod
@@ -138,3 +170,37 @@ class DeptService:
         for dept_account in dept_account_list:
             account_id = dept_account.get("account_id")
             AccountService.update_account_dept("", account_id)
+
+    @staticmethod
+    def get_dept_account_edit_list():
+        dept_list = []
+
+        condition = or_(Dept.parent_dept_id == None, Dept.parent_dept_id == "")
+        dept_results = db.session.query(Dept).filter(Dept.status == "active", condition).all()
+
+        for dept_row in dept_results:
+            children_dept_list = []
+            children_depts = (
+                db.session.query(Dept).filter(Dept.status == "active", Dept.parent_dept_id == dept_row.dept_id).all()
+            )
+            for children_dept in children_depts:
+                account_list = DeptService.get_dept_account(children_dept.dept_id)
+                children_dept_list.append(
+                    {
+                        "dept_id": children_dept.dept_id,
+                        "dept_name": children_dept.dept_name,
+                        "parent_dept_id": children_dept.parent_dept_id,
+                        "account_list": account_list,
+                    }
+                )
+            account_list = DeptService.get_dept_account(dept_row.dept_id.dept_id)
+            dept_list.append(
+                {
+                    "parent_dept_id": "",
+                    "dept_id": dept_row.dept_id,
+                    "dept_name": dept_row.dept_name,
+                    "account_list": account_list,
+                    "children": children_dept_list,
+                }
+            )
+        return dept_list