fix: application knowledge list (#3367)

apps/application/serializers/application.py

@@ -35,6 +35,7 @@ from common.utils.common import get_file_content, valid_license, restricted_load
 from knowledge.models import Knowledge
 from maxkb.conf import PROJECT_DIR
 from models_provider.models import Model
+from system_manage.models import WorkspaceUserResourcePermission
 from tools.models import Tool, ToolScope
 from tools.serializers.tool import ToolModelSerializer
 from users.models import User
@@ -295,7 +296,7 @@ class Query(serializers.Serializer):
     workspace_id = serializers.CharField(required=False, label=_('Workspace ID'))
     user_id = serializers.UUIDField(required=True, label=_("User ID"))
 
-    def get_query_set(self, instance: Dict, workspace_manage):
+    def get_query_set(self, instance: Dict, workspace_manage: bool, is_x_pack_ee: bool):
         folder_query_set = QuerySet(ApplicationFolder)
         application_query_set = QuerySet(Application)
         workspace_id = self.data.get('workspace_id')
@@ -317,8 +318,14 @@ class Query(serializers.Serializer):
             application_query_set = application_query_set.filter(desc__contains=desc)
         application_custom_sql_query_set = application_query_set
         application_query_set = application_query_set.order_by("-update_time")
+
         return {'folder_query_set': folder_query_set,
-                'application_query_set': application_query_set} if not workspace_manage else {
+                'application_query_set': application_query_set,
+                'workspace_user_resource_permission_query_set': QuerySet(WorkspaceUserResourcePermission).filter(
+                    auth_target_type="KNOWLEDGE",
+                    workspace_id=workspace_id,
+                    user_id=user_id)} if (
+                not workspace_manage and is_x_pack_ee) else {
             'folder_query_set': folder_query_set,
             'application_query_set': application_query_set,
             'application_custom_sql': application_custom_sql_query_set
@@ -336,11 +343,12 @@ class Query(serializers.Serializer):
         user_id = self.data.get("user_id")
         ApplicationQueryRequest(data=instance).is_valid(raise_exception=True)
         workspace_manage = is_workspace_manage(user_id, workspace_id)
-        return native_search(self.get_query_set(instance, workspace_manage),
+        is_x_pack_ee = self.is_x_pack_ee()
+        return native_search(self.get_query_set(instance, workspace_manage, is_x_pack_ee),
                              select_string=get_file_content(
                                  os.path.join(PROJECT_DIR, "apps", "application", 'sql',
                                               'list_application.sql' if workspace_manage else (
-                                                  'list_application_user_ee.sql' if self.is_x_pack_ee() else 'list_application_user.sql')
+                                                  'list_application_user_ee.sql' if is_x_pack_ee else 'list_application_user.sql')
                                               )))
 
     def page(self, current_page: int, page_size: int, instance: Dict):
@@ -349,11 +357,12 @@ class Query(serializers.Serializer):
         workspace_id = self.data.get('workspace_id')
         user_id = self.data.get("user_id")
         workspace_manage = is_workspace_manage(user_id, workspace_id)
-        return native_page_search(current_page, page_size, self.get_query_set(instance, workspace_manage),
+        is_x_pack_ee = self.is_x_pack_ee()
+        return native_page_search(current_page, page_size, self.get_query_set(instance, workspace_manage, is_x_pack_ee),
                                   get_file_content(
                                       os.path.join(PROJECT_DIR, "apps", "application", 'sql',
                                                    'list_application.sql' if workspace_manage else (
-                                                       'list_application_user_ee.sql' if self.is_x_pack_ee() else 'list_application_user.sql'))),
+                                                       'list_application_user_ee.sql' if is_x_pack_ee else 'list_application_user.sql'))),
                                   )
 
 

apps/application/sql/list_application_user_ee.sql

@@ -14,7 +14,7 @@ from (select application."id"::text,
       from application left join "user" on user_id = "user".id
       where "application".id in (select target
                    from workspace_user_resource_permission
-                   where auth_target_type = 'APPLICATION'
+                   ${workspace_user_resource_permission_query_set}
                      and case
                              when auth_type = 'ROLE' then
                                  'ROLE' = any (permission_list)

apps/knowledge/serializers/knowledge.py

@@ -120,7 +120,7 @@ class KnowledgeSerializer(serializers.Serializer):
             role_permission_mapping_model = DatabaseModelManage.get_model("role_permission_mapping_model")
             return workspace_user_role_mapping_model is not None and role_permission_mapping_model is not None
 
-        def get_query_set(self):
+        def get_query_set(self, workspace_manage, is_x_pack_ee):
             workspace_id = self.data.get("workspace_id")
             query_set_dict = {}
             query_set = QuerySet(model=get_dynamics_model({
@@ -157,6 +157,12 @@ class KnowledgeSerializer(serializers.Serializer):
                 'knowledge.workspace_id': models.CharField(),
             })).filter(**{'knowledge.workspace_id': workspace_id})
             query_set_dict['folder_query_set'] = folder_query_set
+            if not workspace_manage and is_x_pack_ee:
+                query_set_dict['workspace_user_resource_permission_query_set'] = QuerySet(
+                    WorkspaceUserResourcePermission).filter(
+                    auth_target_type="",
+                    workspace_id=workspace_id,
+                    user_id=self.data.get("user_id"))
             return query_set_dict
 
         def page(self, current_page: int, page_size: int):
@@ -167,17 +173,18 @@ class KnowledgeSerializer(serializers.Serializer):
             if not root:
                 raise serializers.ValidationError(_('Folder not found'))
             workspace_manage = is_workspace_manage(self.data.get('user_id'), self.data.get('workspace_id'))
+            is_x_pack_ee = self.is_x_pack_ee()
             return native_page_search(
                 current_page,
                 page_size,
-                self.get_query_set(),
+                self.get_query_set(workspace_manage, is_x_pack_ee),
                 select_string=get_file_content(
                     os.path.join(
                         PROJECT_DIR,
                         "apps",
                         "knowledge", 'sql',
                         'list_knowledge.sql' if workspace_manage else (
-                            'list_knowledge_user_ee.sql' if self.is_x_pack_ee() else 'list_knowledge_user.sql'
+                            'list_knowledge_user_ee.sql' if is_x_pack_ee else 'list_knowledge_user.sql'
                         )
                     )
                 ),
@@ -191,8 +198,9 @@ class KnowledgeSerializer(serializers.Serializer):
             if not root:
                 raise serializers.ValidationError(_('Folder not found'))
             workspace_manage = is_workspace_manage(self.data.get('user_id'), self.data.get('workspace_id'))
+            is_x_pack_ee = self.is_x_pack_ee()
             return native_search(
-                self.get_query_set(),
+                self.get_query_set(workspace_manage, is_x_pack_ee),
                 select_string=get_file_content(
                     os.path.join(
                         PROJECT_DIR,

apps/knowledge/sql/list_knowledge_user_ee.sql

@@ -22,7 +22,7 @@ FROM (SELECT "temp_knowledge".id::text, "temp_knowledge".name,
             FROM knowledge knowledge ${knowledge_custom_sql}
             AND "knowledge".id in (select target
                    from workspace_user_resource_permission
-                   where auth_target_type = 'KNOWLEDGE'
+                   ${workspace_user_resource_permission_query_set}
                      and case
                              when auth_type = 'ROLE' then
                                  'ROLE' = any (permission_list)