owner and admin have all permission of knowledge base (#12157)

2025-08-14 04:35:56 +08:00 · 2024-12-27 17:09:13 +08:00 · 2024-12-27 17:09:13 +08:00 · f4f2567105
commit f4f2567105
parent 5a3fe61f2a
1 changed files with 42 additions and 31 deletions
--- a/api/services/dataset_service.py
+++ b/api/services/dataset_service.py
@ -86,12 +86,15 @@ class DatasetService:
                else:
                    return [], 0
            else:
                if user.current_role not in (TenantAccountRole.OWNER, TenantAccountRole.ADMIN):
                    # show all datasets that the user has permission to access
                    if permitted_dataset_ids:
                        query = query.filter(
                            db.or_(
                                Dataset.permission == DatasetPermissionEnum.ALL_TEAM,
-                            db.and_(Dataset.permission == DatasetPermissionEnum.ONLY_ME, Dataset.created_by == user.id),
+                                db.and_(
                                    Dataset.permission == DatasetPermissionEnum.ONLY_ME, Dataset.created_by == user.id
                                ),
                                db.and_(
                                    Dataset.permission == DatasetPermissionEnum.PARTIAL_TEAM,
                                    Dataset.id.in_(permitted_dataset_ids),
@ -102,7 +105,9 @@ class DatasetService:
                        query = query.filter(
                            db.or_(
                                Dataset.permission == DatasetPermissionEnum.ALL_TEAM,
-                            db.and_(Dataset.permission == DatasetPermissionEnum.ONLY_ME, Dataset.created_by == user.id),
+                                db.and_(
                                    Dataset.permission == DatasetPermissionEnum.ONLY_ME, Dataset.created_by == user.id
                                ),
                            )
                        )
        else:
@ -377,12 +382,17 @@ class DatasetService:
        if dataset.tenant_id != user.current_tenant_id:
            logging.debug(f"User {user.id} does not have permission to access dataset {dataset.id}")
            raise NoPermissionError("You do not have permission to access this dataset.")
        if user.current_role not in (TenantAccountRole.OWNER, TenantAccountRole.ADMIN):
            if dataset.permission == DatasetPermissionEnum.ONLY_ME and dataset.created_by != user.id:
                logging.debug(f"User {user.id} does not have permission to access dataset {dataset.id}")
                raise NoPermissionError("You do not have permission to access this dataset.")
            if dataset.permission == "partial_members":
                user_permission = DatasetPermission.query.filter_by(dataset_id=dataset.id, account_id=user.id).first()
-            if not user_permission and dataset.tenant_id != user.current_tenant_id and dataset.created_by != user.id:
+                if (
                    not user_permission
                    and dataset.tenant_id != user.current_tenant_id
                    and dataset.created_by != user.id
                ):
                    logging.debug(f"User {user.id} does not have permission to access dataset {dataset.id}")
                    raise NoPermissionError("You do not have permission to access this dataset.")
@ -394,6 +404,7 @@ class DatasetService:
        if not user:
            raise ValueError("User not found")
        if user.current_role not in (TenantAccountRole.OWNER, TenantAccountRole.ADMIN):
            if dataset.permission == DatasetPermissionEnum.ONLY_ME:
                if dataset.created_by != user.id:
                    raise NoPermissionError("You do not have permission to access this dataset.")