Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>

2 月之前 · 2b91ba2411
--- a/api/controllers/console/app/workflow.py
+++ b/api/controllers/console/app/workflow.py
        Get draft workflow
        """
        # The role of the current user in the ta table must be admin, owner, or editor
        assert isinstance(current_user, Account)
        if not current_user.is_editor:
            raise Forbidden()
        Sync draft workflow
        """
        # The role of the current user in the ta table must be admin, owner, or editor
        assert isinstance(current_user, Account)
        if not current_user.is_editor:
            raise Forbidden()
        Run draft workflow
        """
        # The role of the current user in the ta table must be admin, owner, or editor
        assert isinstance(current_user, Account)
        if not current_user.is_editor:
            raise Forbidden()
        """
        Run draft workflow iteration node
        """
        if not isinstance(current_user, Account):
            raise Forbidden()
        # The role of the current user in the ta table must be admin, owner, or editor
        if not current_user.is_editor:
            raise Forbidden()
        if not isinstance(current_user, Account):
            raise Forbidden()
        parser = reqparse.RequestParser()
        parser.add_argument("inputs", type=dict, location="json")
        args = parser.parse_args()
        Run draft workflow iteration node
        """
        # The role of the current user in the ta table must be admin, owner, or editor
        if not current_user.is_editor:
            raise Forbidden()
        if not isinstance(current_user, Account):
            raise Forbidden()
        if not current_user.is_editor:
            raise Forbidden()
        parser = reqparse.RequestParser()
        parser.add_argument("inputs", type=dict, location="json")
        """
        Run draft workflow loop node
        """
        # The role of the current user in the ta table must be admin, owner, or editor
        if not current_user.is_editor:
            raise Forbidden()
        if not isinstance(current_user, Account):
            raise Forbidden()
        # The role of the current user in the ta table must be admin, owner, or editor
        if not current_user.is_editor:
            raise Forbidden()
        parser = reqparse.RequestParser()
        parser.add_argument("inputs", type=dict, location="json")
        """
        Run draft workflow loop node
        """
        # The role of the current user in the ta table must be admin, owner, or editor
        if not current_user.is_editor:
            raise Forbidden()
        if not isinstance(current_user, Account):
            raise Forbidden()
        # The role of the current user in the ta table must be admin, owner, or editor
        if not current_user.is_editor:
            raise Forbidden()
        parser = reqparse.RequestParser()
        parser.add_argument("inputs", type=dict, location="json")
        """
        Run draft workflow
        """
        # The role of the current user in the ta table must be admin, owner, or editor
        if not current_user.is_editor:
            raise Forbidden()
        if not isinstance(current_user, Account):
            raise Forbidden()
        # The role of the current user in the ta table must be admin, owner, or editor
        if not current_user.is_editor:
            raise Forbidden()
        parser = reqparse.RequestParser()
        parser.add_argument("inputs", type=dict, required=True, nullable=False, location="json")
        """
        Stop workflow task
        """
        if not isinstance(current_user, Account):
            raise Forbidden()
        # The role of the current user in the ta table must be admin, owner, or editor
        if not current_user.is_editor:
            raise Forbidden()
        """
        Run draft workflow node
        """
        # The role of the current user in the ta table must be admin, owner, or editor
        if not current_user.is_editor:
            raise Forbidden()
        if not isinstance(current_user, Account):
            raise Forbidden()
        # The role of the current user in the ta table must be admin, owner, or editor
        if not current_user.is_editor:
            raise Forbidden()
        parser = reqparse.RequestParser()
        parser.add_argument("inputs", type=dict, required=True, nullable=False, location="json")
        """
        Get published workflow
        """
        if not isinstance(current_user, Account):
            raise Forbidden()
        # The role of the current user in the ta table must be admin, owner, or editor
        if not current_user.is_editor:
            raise Forbidden()
        """
        Publish workflow
        """
        if not isinstance(current_user, Account):
            raise Forbidden()
        # The role of the current user in the ta table must be admin, owner, or editor
        if not current_user.is_editor:
            raise Forbidden()
        if not isinstance(current_user, Account):
            raise Forbidden()
        parser = reqparse.RequestParser()
        parser.add_argument("marked_name", type=str, required=False, default="", location="json")
        parser.add_argument("marked_comment", type=str, required=False, default="", location="json")
        """
        Get default block config
        """
        if not isinstance(current_user, Account):
            raise Forbidden()
        # The role of the current user in the ta table must be admin, owner, or editor
        if not current_user.is_editor:
            raise Forbidden()
        """
        Get default block config
        """
        if not isinstance(current_user, Account):
            raise Forbidden()
        # The role of the current user in the ta table must be admin, owner, or editor
        if not current_user.is_editor:
            raise Forbidden()
        if not isinstance(current_user, Account):
            raise Forbidden()
        parser = reqparse.RequestParser()
        parser.add_argument("q", type=str, location="args")
        args = parser.parse_args()
        Convert expert mode of chatbot app to workflow mode
        Convert Completion App to Workflow App
        """
        if not isinstance(current_user, Account):
            raise Forbidden()
        # The role of the current user in the ta table must be admin, owner, or editor
        if not current_user.is_editor:
            raise Forbidden()
        if not isinstance(current_user, Account):
            raise Forbidden()
        if request.data:
            parser = reqparse.RequestParser()
            parser.add_argument("name", type=str, required=False, nullable=True, location="json")
        """
        Get published workflows
        """
        if not isinstance(current_user, Account):
            raise Forbidden()
        if not current_user.is_editor:
            raise Forbidden()
        """
        Update workflow attributes
        """
        if not isinstance(current_user, Account):
            raise Forbidden()
        # Check permission
        if not current_user.is_editor:
            raise Forbidden()
        if not isinstance(current_user, Account):
            raise Forbidden()
        parser = reqparse.RequestParser()
        parser.add_argument("marked_name", type=str, required=False, location="json")
        parser.add_argument("marked_comment", type=str, required=False, location="json")
        """
        Delete workflow
        """
        if not isinstance(current_user, Account):
            raise Forbidden()
        # Check permission
        if not current_user.is_editor:
            raise Forbidden()
        if not isinstance(current_user, Account):
            raise Forbidden()
        workflow_service = WorkflowService()
        # Create a session and manage the transaction
--- a/api/controllers/console/app/workflow_draft_variable.py
+++ b/api/controllers/console/app/workflow_draft_variable.py
 from factories.variable_factory import build_segment_with_type
 from libs.login import current_user, login_required
 from models import App, AppMode, db
 from models.account import Account
 from models.workflow import WorkflowDraftVariable
 from services.workflow_draft_variable_service import WorkflowDraftVariableList, WorkflowDraftVariableService
 from services.workflow_service import WorkflowService
    @account_initialization_required
    @get_app_model(mode=[AppMode.ADVANCED_CHAT, AppMode.WORKFLOW])
    def wrapper(*args, **kwargs):
        assert isinstance(current_user, Account)
        if not current_user.is_editor:
            raise Forbidden()
        return f(*args, **kwargs)
--- a/api/controllers/console/app/wraps.py
+++ b/api/controllers/console/app/wraps.py
 from extensions.ext_database import db
 from libs.login import current_user
 from models import App, AppMode
 from models.account import Account
 def _load_app_model(app_id: str) -> Optional[App]:
    assert isinstance(current_user, Account)
    app_model = (
        db.session.query(App)
        .where(App.id == app_id, App.tenant_id == current_user.current_tenant_id, App.status == "normal")
--- a/api/controllers/console/explore/workflow.py
+++ b/api/controllers/console/explore/workflow.py
        parser.add_argument("inputs", type=dict, required=True, nullable=False, location="json")
        parser.add_argument("files", type=list, required=False, location="json")
        args = parser.parse_args()
        assert current_user is not None
        try:
            response = AppGenerateService.generate(
                app_model=app_model, user=current_user, args=args, invoke_from=InvokeFrom.EXPLORE, streaming=True
        app_mode = AppMode.value_of(app_model.mode)
        if app_mode != AppMode.WORKFLOW:
            raise NotWorkflowAppError()
        assert current_user is not None
        AppQueueManager.set_stop_flag(task_id, InvokeFrom.EXPLORE, current_user.id)
--- a/api/controllers/console/workspace/load_balancing_config.py
+++ b/api/controllers/console/workspace/load_balancing_config.py
 from core.model_runtime.entities.model_entities import ModelType
 from core.model_runtime.errors.validate import CredentialsValidateFailedError
 from libs.login import current_user, login_required
 from models.account import TenantAccountRole
 from models.account import Account, TenantAccountRole
 from services.model_load_balancing_service import ModelLoadBalancingService
    @login_required
    @account_initialization_required
    def post(self, provider: str):
        assert isinstance(current_user, Account)
        if not TenantAccountRole.is_privileged_role(current_user.current_role):
            raise Forbidden()
        tenant_id = current_user.current_tenant_id
        assert tenant_id is not None
        parser = reqparse.RequestParser()
        parser.add_argument("model", type=str, required=True, nullable=False, location="json")
    @login_required
    @account_initialization_required
    def post(self, provider: str, config_id: str):
        assert isinstance(current_user, Account)
        if not TenantAccountRole.is_privileged_role(current_user.current_role):
            raise Forbidden()
        tenant_id = current_user.current_tenant_id
        assert tenant_id is not None
        parser = reqparse.RequestParser()
        parser.add_argument("model", type=str, required=True, nullable=False, location="json")
--- a/api/controllers/service_api/app/annotation.py
+++ b/api/controllers/service_api/app/annotation.py
 from extensions.ext_redis import redis_client
 from fields.annotation_fields import annotation_fields, build_annotation_model
 from libs.login import current_user
 from models.account import Account
 from models.model import App
 from services.annotation_service import AppAnnotationService
    @service_api_ns.marshal_with(build_annotation_model(service_api_ns))
    def put(self, app_model: App, annotation_id):
        """Update an existing annotation."""
        assert isinstance(current_user, Account)
        if not current_user.is_editor:
            raise Forbidden()
    @validate_app_token
    def delete(self, app_model: App, annotation_id):
        """Delete an annotation."""
        assert isinstance(current_user, Account)
        if not current_user.is_editor:
            raise Forbidden()
--- a/api/controllers/service_api/dataset/dataset.py
+++ b/api/controllers/service_api/dataset/dataset.py
 from fields.dataset_fields import dataset_detail_fields
 from fields.tag_fields import build_dataset_tag_fields
 from libs.login import current_user
 from models.account import Account
 from models.dataset import Dataset, DatasetPermissionEnum
 from services.dataset_service import DatasetPermissionService, DatasetService, DocumentService
 from services.entities.knowledge_entities.knowledge_entities import RetrievalModel
        )
        # check embedding setting
        provider_manager = ProviderManager()
        configurations = provider_manager.get_configurations(tenant_id=current_user.current_tenant_id)
        assert isinstance(current_user, Account)
        cid = current_user.current_tenant_id
        assert cid is not None
        configurations = provider_manager.get_configurations(tenant_id=cid)
        embedding_models = configurations.get_models(model_type=ModelType.TEXT_EMBEDDING, only_active=True)
            )
        try:
            assert isinstance(current_user, Account)
            dataset = DatasetService.create_empty_dataset(
                tenant_id=tenant_id,
                name=args["name"],
        # check embedding setting
        provider_manager = ProviderManager()
        configurations = provider_manager.get_configurations(tenant_id=current_user.current_tenant_id)
        assert isinstance(current_user, Account)
        cid = current_user.current_tenant_id
        assert cid is not None
        configurations = provider_manager.get_configurations(tenant_id=cid)
        embedding_models = configurations.get_models(model_type=ModelType.TEXT_EMBEDDING, only_active=True)
            raise NotFound("Dataset not found.")
        result_data = marshal(dataset, dataset_detail_fields)
        assert isinstance(current_user, Account)
        tenant_id = current_user.current_tenant_id
        if data.get("partial_member_list") and data.get("permission") == "partial_members":
    @service_api_ns.marshal_with(build_dataset_tag_fields(service_api_ns))
    def get(self, _, dataset_id):
        """Get all knowledge type tags."""
        tags = TagService.get_tags("knowledge", current_user.current_tenant_id)
        assert isinstance(current_user, Account)
        cid = current_user.current_tenant_id
        assert cid is not None
        tags = TagService.get_tags("knowledge", cid)
        return tags, 200
    @validate_dataset_token
    def post(self, _, dataset_id):
        """Add a knowledge type tag."""
        assert isinstance(current_user, Account)
        if not (current_user.is_editor or current_user.is_dataset_editor):
            raise Forbidden()
    @service_api_ns.marshal_with(build_dataset_tag_fields(service_api_ns))
    @validate_dataset_token
    def patch(self, _, dataset_id):
        assert isinstance(current_user, Account)
        if not (current_user.is_editor or current_user.is_dataset_editor):
            raise Forbidden()
    @validate_dataset_token
    def delete(self, _, dataset_id):
        """Delete a knowledge type tag."""
        assert isinstance(current_user, Account)
        if not current_user.is_editor:
            raise Forbidden()
        args = tag_delete_parser.parse_args()
    @validate_dataset_token
    def post(self, _, dataset_id):
        # The role of the current user in the ta table must be admin, owner, editor, or dataset_operator
        assert isinstance(current_user, Account)
        if not (current_user.is_editor or current_user.is_dataset_editor):
            raise Forbidden()
    @validate_dataset_token
    def post(self, _, dataset_id):
        # The role of the current user in the ta table must be admin, owner, editor, or dataset_operator
        assert isinstance(current_user, Account)
        if not (current_user.is_editor or current_user.is_dataset_editor):
            raise Forbidden()
    def get(self, _, *args, **kwargs):
        """Get all knowledge type tags."""
        dataset_id = kwargs.get("dataset_id")
        assert isinstance(current_user, Account)
        assert current_user.current_tenant_id is not None
        tags = TagService.get_tags_by_target_id("knowledge", current_user.current_tenant_id, str(dataset_id))
        tags_list = [{"id": tag.id, "name": tag.name} for tag in tags]
        response = {"data": tags_list, "total": len(tags)}
--- a/api/libs/login.py
+++ b/api/libs/login.py
 from functools import wraps
 from typing import Any
 from typing import Union, cast
 from flask import current_app, g, has_request_context, request
 from flask_login.config import EXEMPT_METHODS  # type: ignore
 #: A proxy for the current user. If no user is logged in, this will be an
 #: anonymous user
 current_user: Any = LocalProxy(lambda: _get_user())
 current_user = cast(Union[Account, EndUser, None], LocalProxy(lambda: _get_user()))
 def login_required(func):
    def decorated_view(*args, **kwargs):
        if request.method in EXEMPT_METHODS or dify_config.LOGIN_DISABLED:
            pass
        elif not current_user.is_authenticated:
        elif current_user is not None and not current_user.is_authenticated:
            return current_app.login_manager.unauthorized()  # type: ignore
        # flask 1.x compatibility