zhuchaowe/maxkb
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: validate folder_id in list method and use request.user.id for user_id

Browse Source
This commit is contained in:
CaptainB 2025-06-19 13:23:58 +08:00
parent 11739f1649
commit 6d9068c378
2 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
apps/knowledge/serializers/knowledge.py
View File

@ -188,6 +188,10 @@ class KnowledgeSerializer(serializers.Serializer):
def list(self): def list(self):
self.is_valid(raise_exception=True) self.is_valid(raise_exception=True)
folder_id = self.data.get('folder_id', self.data.get("workspace_id"))
root = KnowledgeFolder.objects.filter(id=folder_id).first()
if not root:
raise serializers.ValidationError(_('Folder not found'))
workspace_manage = is_workspace_manage(self.data.get('user_id'), self.data.get('workspace_id')) workspace_manage = is_workspace_manage(self.data.get('user_id'), self.data.get('workspace_id'))
return native_search( return native_search(
@ -200,7 +204,8 @@ class KnowledgeSerializer(serializers.Serializer):
'list_knowledge.sql' if workspace_manage else ( 'list_knowledge.sql' if workspace_manage else (
'list_knowledge_user_ee.sql' if self.is_x_pack_ee() else 'list_knowledge_user.sql' 'list_knowledge_user_ee.sql' if self.is_x_pack_ee() else 'list_knowledge_user.sql'
) )
)) )
),
) )
class Operate(serializers.Serializer): class Operate(serializers.Serializer):

2
apps/knowledge/views/knowledge.py
View File

@ -41,7 +41,7 @@ class KnowledgeView(APIView):
'name': request.query_params.get('name'), 'name': request.query_params.get('name'),
'desc': request.query_params.get("desc"), 'desc': request.query_params.get("desc"),
'scope': KnowledgeScope.WORKSPACE, 'scope': KnowledgeScope.WORKSPACE,
'user_id': request.query_params.get('user_id') 'user_id': request.user.id
} }
).list()) ).list())