AI/dify
1
0
Fork 0
mirror of https://git.mirrors.martin98.com/https://github.com/langgenius/dify.git synced 2025-08-16 18:26:01 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'fix/workspace-permission' into deploy/dev

Browse Source
This commit is contained in:
GareArc 2025-05-06 03:09:40 -04:00
commit 1d5a126baa
No known key found for this signature in database
2 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
api/services/account_service.py
View File

@ -46,6 +46,7 @@ from services.errors.account import (
LinkAccountIntegrateError,
MemberNotInTenantError,
NoPermissionError,
RemoveOwnerError,
RoleAlreadyAssignedError,
TenantNotFoundError,
)
@ -789,6 +790,9 @@ class TenantService:
ta_operator = TenantAccountJoin.query.filter_by(tenant_id=tenant.id, account_id=operator.id).first()
logging.info(
f"Tenant {tenant.id} operator {operator.id} with role {ta_operator.role} is trying to {action} member {member.id if member else None}"
)
if not ta_operator or ta_operator.role not in perms[action]:
raise NoPermissionError(f"No permission to {action} member.")
@ -799,6 +803,11 @@ class TenantService:
raise CannotOperateSelfError("Cannot operate self.")
TenantService.check_member_permission(tenant, operator, account, "remove")
# Additional check to ensure the target account is not owner
if TenantService.get_user_role(account, tenant) == TenantAccountRole.OWNER:
raise RemoveOwnerError("Cannot remove owner from tenant.")
ta = TenantAccountJoin.query.filter_by(tenant_id=tenant.id, account_id=account.id).first()
if not ta:

4
api/services/errors/account.py
View File

@ -53,6 +53,10 @@ class MemberNotInTenantError(BaseServiceError):
pass
class RemoveOwnerError(BaseServiceError):
pass
class RoleAlreadyAssignedError(BaseServiceError):
pass