KMS/ragflow
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Update authorization for team (#3262)

Browse Source 
### What problem does this PR solve?

Update authorization for team.
#3253 #3233
### Type of change

- [x] Refactoring

---------

Co-authored-by: liuhua <10215101452@stu.ecun.edu.cn>
This commit is contained in:
liuhua 2024-11-07 19:26:03 +08:00 committed by GitHub
parent 96b5d2b3a9
commit 48ab6d7a45
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
5 changed files with 26 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
api/apps/sdk/chat.py
View File

@ -34,10 +34,11 @@ def create(tenant_id):
if not ids: if not ids:
return get_error_data_result(message="`dataset_ids` is required") return get_error_data_result(message="`dataset_ids` is required")
for kb_id in ids: for kb_id in ids:
kbs = KnowledgebaseService.query(id=kb_id,tenant_id=tenant_id) kbs = KnowledgebaseService.accessible(kb_id=kb_id,user_id=tenant_id)
if not kbs: if not kbs:
return get_error_data_result(f"You don't own the dataset {kb_id}") return get_error_data_result(f"You don't own the dataset {kb_id}")
kb=kbs[0] kbs = KnowledgebaseService.query(id=kb_id)
kb = kbs[0]
if kb.chunk_num == 0: if kb.chunk_num == 0:
return get_error_data_result(f"The dataset {kb_id} doesn't own parsed file") return get_error_data_result(f"The dataset {kb_id} doesn't own parsed file")
kbs = KnowledgebaseService.get_by_ids(ids) kbs = KnowledgebaseService.get_by_ids(ids)
@ -160,9 +161,10 @@ def update(tenant_id,chat_id):
return get_error_data_result("`datasets` can't be empty") return get_error_data_result("`datasets` can't be empty")
if ids: if ids:
for kb_id in ids: for kb_id in ids:
kbs = KnowledgebaseService.query(id=kb_id, tenant_id=tenant_id) kbs = KnowledgebaseService.accessible(kb_id=chat_id, user_id=tenant_id)
if not kbs: if not kbs:
return get_error_data_result(f"You don't own the dataset {kb_id}") return get_error_data_result(f"You don't own the dataset {kb_id}")
kbs = KnowledgebaseService.query(id=kb_id)
kb = kbs[0] kb = kbs[0]
if kb.chunk_num == 0: if kb.chunk_num == 0:
return get_error_data_result(f"The dataset {kb_id} doesn't own parsed file") return get_error_data_result(f"The dataset {kb_id} doesn't own parsed file")
@ -260,7 +262,7 @@ def delete(tenant_id):
def list_chat(tenant_id): def list_chat(tenant_id):
id = request.args.get("id") id = request.args.get("id")
name = request.args.get("name") name = request.args.get("name")
chat = DialogService.query(id=id,name=name,status=StatusEnum.VALID.value) chat = DialogService.query(id=id,name=name,status=StatusEnum.VALID.value,tenant_id=tenant_id)
if not chat: if not chat:
return get_error_data_result(message="The chat doesn't exist") return get_error_data_result(message="The chat doesn't exist")
page_number = int(request.args.get("page", 1)) page_number = int(request.args.get("page", 1))

3
api/apps/sdk/dataset.py
View File

@ -490,6 +490,9 @@ def list(tenant_id):
kbs = KnowledgebaseService.query(id=id, name=name, status=1) kbs = KnowledgebaseService.query(id=id, name=name, status=1)
if not kbs: if not kbs:
return get_error_data_result(message="The dataset doesn't exist") return get_error_data_result(message="The dataset doesn't exist")
for kb in kbs:
if not KnowledgebaseService.accessible(kb_id=kb.id,user_id=tenant_id):
return get_error_data_result(message=f"You don't own the dataset {kb.id}")
page_number = int(request.args.get("page", 1)) page_number = int(request.args.get("page", 1))
items_per_page = int(request.args.get("page_size", 30)) items_per_page = int(request.args.get("page_size", 30))
orderby = request.args.get("orderby", "create_time") orderby = request.args.get("orderby", "create_time")

18
api/apps/sdk/doc.py
View File

@ -450,7 +450,7 @@ def list_docs(dataset_id, tenant_id):
type: string type: string
description: Processing status. description: Processing status.
""" """
if not KnowledgebaseService.query(id=dataset_id, tenant_id=tenant_id): if not KnowledgebaseService.accessible(kb_id=dataset_id, user_id=tenant_id):
return get_error_data_result(message=f"You don't own the dataset {dataset_id}. ") return get_error_data_result(message=f"You don't own the dataset {dataset_id}. ")
id = request.args.get("id") id = request.args.get("id")
name = request.args.get("name") name = request.args.get("name")
@ -537,7 +537,7 @@ def delete(tenant_id, dataset_id):
schema: schema:
type: object type: object
""" """
if not KnowledgebaseService.query(id=dataset_id, tenant_id=tenant_id): if not KnowledgebaseService.accessible(kb_id=dataset_id, user_id=tenant_id):
return get_error_data_result(message=f"You don't own the dataset {dataset_id}. ") return get_error_data_result(message=f"You don't own the dataset {dataset_id}. ")
req = request.json req = request.json
if not req: if not req:
@ -629,7 +629,7 @@ def parse(tenant_id, dataset_id):
schema: schema:
type: object type: object
""" """
if not KnowledgebaseService.query(id=dataset_id, tenant_id=tenant_id): if not KnowledgebaseService.accessible(kb_id=dataset_id, user_id=tenant_id):
return get_error_data_result(message=f"You don't own the dataset {dataset_id}.") return get_error_data_result(message=f"You don't own the dataset {dataset_id}.")
req = request.json req = request.json
if not req.get("document_ids"): if not req.get("document_ids"):
@ -698,7 +698,7 @@ def stop_parsing(tenant_id, dataset_id):
schema: schema:
type: object type: object
""" """
if not KnowledgebaseService.query(id=dataset_id, tenant_id=tenant_id): if not KnowledgebaseService.accessible(kb_id=dataset_id, user_id=tenant_id):
return get_error_data_result(message=f"You don't own the dataset {dataset_id}.") return get_error_data_result(message=f"You don't own the dataset {dataset_id}.")
req = request.json req = request.json
if not req.get("document_ids"): if not req.get("document_ids"):
@ -792,7 +792,7 @@ def list_chunks(tenant_id, dataset_id, document_id):
type: object type: object
description: Document details. description: Document details.
""" """
if not KnowledgebaseService.query(id=dataset_id, tenant_id=tenant_id): if not KnowledgebaseService.accessible(kb_id=dataset_id, user_id=tenant_id):
return get_error_data_result(message=f"You don't own the dataset {dataset_id}.") return get_error_data_result(message=f"You don't own the dataset {dataset_id}.")
doc = DocumentService.query(id=document_id, kb_id=dataset_id) doc = DocumentService.query(id=document_id, kb_id=dataset_id)
if not doc: if not doc:
@ -964,7 +964,7 @@ def add_chunk(tenant_id, dataset_id, document_id):
type: string type: string
description: Important keywords. description: Important keywords.
""" """
if not KnowledgebaseService.query(id=dataset_id, tenant_id=tenant_id): if not KnowledgebaseService.accessible(kb_id=dataset_id, user_id=tenant_id):
return get_error_data_result(message=f"You don't own the dataset {dataset_id}.") return get_error_data_result(message=f"You don't own the dataset {dataset_id}.")
doc = DocumentService.query(id=document_id, kb_id=dataset_id) doc = DocumentService.query(id=document_id, kb_id=dataset_id)
if not doc: if not doc:
@ -1077,7 +1077,7 @@ def rm_chunk(tenant_id, dataset_id, document_id):
schema: schema:
type: object type: object
""" """
if not KnowledgebaseService.query(id=dataset_id, tenant_id=tenant_id): if not KnowledgebaseService.accessible(kb_id=dataset_id, user_id=tenant_id):
return get_error_data_result(message=f"You don't own the dataset {dataset_id}.") return get_error_data_result(message=f"You don't own the dataset {dataset_id}.")
doc = DocumentService.query(id=document_id, kb_id=dataset_id) doc = DocumentService.query(id=document_id, kb_id=dataset_id)
if not doc: if not doc:
@ -1172,7 +1172,7 @@ def update_chunk(tenant_id, dataset_id, document_id, chunk_id):
res = ELASTICSEARCH.get(chunk_id, search.index_name(tenant_id)) res = ELASTICSEARCH.get(chunk_id, search.index_name(tenant_id))
except Exception: except Exception:
return get_error_data_result(f"Can't find this chunk {chunk_id}") return get_error_data_result(f"Can't find this chunk {chunk_id}")
if not KnowledgebaseService.query(id=dataset_id, tenant_id=tenant_id): if not KnowledgebaseService.accessible(kb_id=dataset_id, user_id=tenant_id):
return get_error_data_result(message=f"You don't own the dataset {dataset_id}.") return get_error_data_result(message=f"You don't own the dataset {dataset_id}.")
doc = DocumentService.query(id=document_id, kb_id=dataset_id) doc = DocumentService.query(id=document_id, kb_id=dataset_id)
if not doc: if not doc:
@ -1312,7 +1312,7 @@ def retrieval_test(tenant_id):
return get_error_data_result("`dataset_ids` should be a list") return get_error_data_result("`dataset_ids` should be a list")
kbs = KnowledgebaseService.get_by_ids(kb_ids) kbs = KnowledgebaseService.get_by_ids(kb_ids)
for id in kb_ids: for id in kb_ids:
if not KnowledgebaseService.query(id=id, tenant_id=tenant_id): if not KnowledgebaseService.accessible(kb_id=id, user_id=tenant_id):
return get_error_data_result(f"You don't own the dataset {id}.") return get_error_data_result(f"You don't own the dataset {id}.")
embd_nms = list(set([kb.embd_id for kb in kbs])) embd_nms = list(set([kb.embd_id for kb in kbs]))
if len(embd_nms) != 1: if len(embd_nms) != 1:

5
api/utils/api_utils.py
View File

@ -280,7 +280,10 @@ def construct_error_response(e):
def token_required(func): def token_required(func):
@wraps(func) @wraps(func)
def decorated_function(*args, **kwargs): def decorated_function(*args, **kwargs):
token = flask_request.headers.get('Authorization').split()[1] authorization_list=flask_request.headers.get('Authorization').split()
if len(authorization_list) < 2:
return get_json_result(data=False,message="Please check your authorization format.")
token = authorization_list[1]
objs = APIToken.query(token=token) objs = APIToken.query(token=token)
if not objs: if not objs:
return get_json_result( return get_json_result(

8
docs/references/http_api_reference.md
View File

@ -734,7 +734,7 @@ Deletes documents by ID.
curl --request DELETE \ curl --request DELETE \
--url http://{address}/api/v1/datasets/{dataset_id}/documents \ --url http://{address}/api/v1/datasets/{dataset_id}/documents \
--header 'Content-Type: application/json' \ --header 'Content-Type: application/json' \
--header 'Authorization: <YOUR_API_KEY>' \ --header 'Authorization: Bearer <YOUR_API_KEY>' \
--data ' --data '
{ {
"ids": ["id_1","id_2"] "ids": ["id_1","id_2"]
@ -1148,7 +1148,7 @@ Updates content or configurations for a specified chunk.
curl --request PUT \ curl --request PUT \
--url http://{address}/api/v1/datasets/{dataset_id}/documents/{document_id}/chunks/{chunk_id} \ --url http://{address}/api/v1/datasets/{dataset_id}/documents/{document_id}/chunks/{chunk_id} \
--header 'Content-Type: application/json' \ --header 'Content-Type: application/json' \
--header 'Authorization: <YOUR_API_KEY>' \ --header 'Authorization: Bearer <YOUR_API_KEY>' \
--data ' --data '
{ {
"content": "ragflow123", "content": "ragflow123",
@ -1226,7 +1226,7 @@ Retrieves chunks from specified datasets.
curl --request POST \ curl --request POST \
--url http://{address}/api/v1/retrieval \ --url http://{address}/api/v1/retrieval \
--header 'Content-Type: application/json' \ --header 'Content-Type: application/json' \
--header 'Authorization: <YOUR_API_KEY>' \ --header 'Authorization: Bearer <YOUR_API_KEY>' \
--data ' --data '
{ {
"question": "What is advantage of ragflow?", "question": "What is advantage of ragflow?",
@ -1934,7 +1934,7 @@ Deletes sessions by ID.
curl --request DELETE \ curl --request DELETE \
--url http://{address}/api/v1/chats/{chat_id}/sessions \ --url http://{address}/api/v1/chats/{chat_id}/sessions \
--header 'Content-Type: application/json' \ --header 'Content-Type: application/json' \
--header 'Authorization: Bear <YOUR_API_KEY>' \ --header 'Authorization: Bearer <YOUR_API_KEY>' \
--data ' --data '
{ {
"ids": ["test_1", "test_2"] "ids": ["test_1", "test_2"]