mirror of
https://github.com/toeverything/AFFiNE.git
synced 2026-07-15 09:06:19 +08:00
refactor(server): permission (#10449)
This commit is contained in:
@@ -31,7 +31,7 @@ import {
|
||||
} from '../../base';
|
||||
import { CurrentUser } from '../../core/auth';
|
||||
import { Admin } from '../../core/common';
|
||||
import { PermissionService } from '../../core/permission';
|
||||
import { AccessController } from '../../core/permission';
|
||||
import { UserType } from '../../core/user';
|
||||
import { PromptService } from './prompt';
|
||||
import { ChatSessionService } from './session';
|
||||
@@ -299,7 +299,7 @@ export class CopilotType {
|
||||
@Resolver(() => CopilotType)
|
||||
export class CopilotResolver {
|
||||
constructor(
|
||||
private readonly permissions: PermissionService,
|
||||
private readonly ac: AccessController,
|
||||
private readonly mutex: RequestMutex,
|
||||
private readonly chatSession: ChatSessionService,
|
||||
private readonly storage: CopilotStorage
|
||||
@@ -339,7 +339,11 @@ export class CopilotResolver {
|
||||
@Args('options', { nullable: true }) options?: QueryChatSessionsInput
|
||||
) {
|
||||
if (!copilot.workspaceId) return [];
|
||||
await this.permissions.checkCloudWorkspace(copilot.workspaceId, user.id);
|
||||
await this.ac
|
||||
.user(user.id)
|
||||
.workspace(copilot.workspaceId)
|
||||
.allowLocal()
|
||||
.assert('Workspace.Copilot');
|
||||
return await this.chatSession.listSessions(
|
||||
user.id,
|
||||
copilot.workspaceId,
|
||||
@@ -360,14 +364,17 @@ export class CopilotResolver {
|
||||
if (!workspaceId) {
|
||||
return [];
|
||||
} else if (docId) {
|
||||
await this.permissions.checkCloudPagePermission(
|
||||
workspaceId,
|
||||
docId,
|
||||
'Doc.Read',
|
||||
user.id
|
||||
);
|
||||
await this.ac
|
||||
.user(user.id)
|
||||
.doc({ workspaceId, docId })
|
||||
.allowLocal()
|
||||
.assert('Doc.Read');
|
||||
} else {
|
||||
await this.permissions.checkCloudWorkspace(workspaceId, user.id);
|
||||
await this.ac
|
||||
.user(user.id)
|
||||
.workspace(workspaceId)
|
||||
.allowLocal()
|
||||
.assert('Workspace.Copilot');
|
||||
}
|
||||
|
||||
const histories = await this.chatSession.listHistories(
|
||||
@@ -393,12 +400,7 @@ export class CopilotResolver {
|
||||
@Args({ name: 'options', type: () => CreateChatSessionInput })
|
||||
options: CreateChatSessionInput
|
||||
) {
|
||||
await this.permissions.checkCloudPagePermission(
|
||||
options.workspaceId,
|
||||
options.docId,
|
||||
'Doc.Update',
|
||||
user.id
|
||||
);
|
||||
await this.ac.user(user.id).doc(options).allowLocal().assert('Doc.Update');
|
||||
const lockFlag = `${COPILOT_LOCKER}:session:${user.id}:${options.workspaceId}`;
|
||||
await using lock = await this.mutex.acquire(lockFlag);
|
||||
if (!lock) {
|
||||
@@ -432,12 +434,11 @@ export class CopilotResolver {
|
||||
throw new CopilotSessionNotFound();
|
||||
}
|
||||
const { workspaceId, docId } = session.config;
|
||||
await this.permissions.checkCloudPagePermission(
|
||||
workspaceId,
|
||||
docId,
|
||||
'Doc.Update',
|
||||
user.id
|
||||
);
|
||||
await this.ac
|
||||
.user(user.id)
|
||||
.doc(workspaceId, docId)
|
||||
.allowLocal()
|
||||
.assert('Doc.Update');
|
||||
const lockFlag = `${COPILOT_LOCKER}:session:${user.id}:${workspaceId}`;
|
||||
await using lock = await this.mutex.acquire(lockFlag);
|
||||
if (!lock) {
|
||||
@@ -460,12 +461,7 @@ export class CopilotResolver {
|
||||
@Args({ name: 'options', type: () => ForkChatSessionInput })
|
||||
options: ForkChatSessionInput
|
||||
) {
|
||||
await this.permissions.checkCloudPagePermission(
|
||||
options.workspaceId,
|
||||
options.docId,
|
||||
'Doc.Update',
|
||||
user.id
|
||||
);
|
||||
await this.ac.user(user.id).doc(options).allowLocal().assert('Doc.Update');
|
||||
const lockFlag = `${COPILOT_LOCKER}:session:${user.id}:${options.workspaceId}`;
|
||||
await using lock = await this.mutex.acquire(lockFlag);
|
||||
if (!lock) {
|
||||
@@ -494,12 +490,7 @@ export class CopilotResolver {
|
||||
@Args({ name: 'options', type: () => DeleteSessionInput })
|
||||
options: DeleteSessionInput
|
||||
) {
|
||||
await this.permissions.checkCloudPagePermission(
|
||||
options.workspaceId,
|
||||
options.docId,
|
||||
'Doc.Update',
|
||||
user.id
|
||||
);
|
||||
await this.ac.user(user.id).doc(options).allowLocal().assert('Doc.Update');
|
||||
if (!options.sessionIds.length) {
|
||||
return new NotFoundException('Session not found');
|
||||
}
|
||||
@@ -567,7 +558,7 @@ export class CopilotResolver {
|
||||
@Throttle()
|
||||
@Resolver(() => UserType)
|
||||
export class UserCopilotResolver {
|
||||
constructor(private readonly permissions: PermissionService) {}
|
||||
constructor(private readonly ac: AccessController) {}
|
||||
|
||||
@ResolveField(() => CopilotType)
|
||||
async copilot(
|
||||
@@ -575,7 +566,11 @@ export class UserCopilotResolver {
|
||||
@Args('workspaceId', { nullable: true }) workspaceId?: string
|
||||
) {
|
||||
if (workspaceId) {
|
||||
await this.permissions.checkCloudWorkspace(workspaceId, user.id);
|
||||
await this.ac
|
||||
.user(user.id)
|
||||
.workspace(workspaceId)
|
||||
.allowLocal()
|
||||
.assert('Workspace.Copilot');
|
||||
}
|
||||
return { workspaceId };
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user