fix: The permissions issue of the editor role accessing some backend … (#6945)

Co-authored-by: liuzhenghua-jk <liuzhenghua-jk@360shuke.com>

api/controllers/console/app/annotation.py

     @account_initialization_required
     @cloud_edition_billing_resource_check('annotation')
     def post(self, app_id, action):
-        # The role of the current user in the ta table must be admin or owner
-        if not current_user.is_admin_or_owner:
+        if not current_user.is_editor:
             raise Forbidden()
 
         app_id = str(app_id)
     @login_required
     @account_initialization_required
     def get(self, app_id):
-        # The role of the current user in the ta table must be admin or owner
-        if not current_user.is_admin_or_owner:
+        if not current_user.is_editor:
             raise Forbidden()
 
         app_id = str(app_id)
     @login_required
     @account_initialization_required
     def post(self, app_id, annotation_setting_id):
-        # The role of the current user in the ta table must be admin or owner
-        if not current_user.is_admin_or_owner:
+        if not current_user.is_editor:
             raise Forbidden()
 
         app_id = str(app_id)
     @account_initialization_required
     @cloud_edition_billing_resource_check('annotation')
     def get(self, app_id, job_id, action):
-        # The role of the current user in the ta table must be admin or owner
-        if not current_user.is_admin_or_owner:
+        if not current_user.is_editor:
             raise Forbidden()
 
         job_id = str(job_id)
     @login_required
     @account_initialization_required
     def get(self, app_id):
-        # The role of the current user in the ta table must be admin or owner
-        if not current_user.is_admin_or_owner:
+        if not current_user.is_editor:
             raise Forbidden()
 
         page = request.args.get('page', default=1, type=int)
     @login_required
     @account_initialization_required
     def get(self, app_id):
-        # The role of the current user in the ta table must be admin or owner
-        if not current_user.is_admin_or_owner:
+        if not current_user.is_editor:
             raise Forbidden()
 
         app_id = str(app_id)
     @cloud_edition_billing_resource_check('annotation')
     @marshal_with(annotation_fields)
     def post(self, app_id):
-        # The role of the current user in the ta table must be admin or owner
-        if not current_user.is_admin_or_owner:
+        if not current_user.is_editor:
             raise Forbidden()
 
         app_id = str(app_id)
     @cloud_edition_billing_resource_check('annotation')
     @marshal_with(annotation_fields)
     def post(self, app_id, annotation_id):
-        # The role of the current user in the ta table must be admin or owner
-        if not current_user.is_admin_or_owner:
+        if not current_user.is_editor:
             raise Forbidden()
 
         app_id = str(app_id)
     @login_required
     @account_initialization_required
     def delete(self, app_id, annotation_id):
-        # The role of the current user in the ta table must be admin or owner
-        if not current_user.is_admin_or_owner:
+        if not current_user.is_editor:
             raise Forbidden()
 
         app_id = str(app_id)
     @account_initialization_required
     @cloud_edition_billing_resource_check('annotation')
     def post(self, app_id):
-        # The role of the current user in the ta table must be admin or owner
-        if not current_user.is_admin_or_owner:
+        if not current_user.is_editor:
             raise Forbidden()
 
         app_id = str(app_id)
     @account_initialization_required
     @cloud_edition_billing_resource_check('annotation')
     def get(self, app_id, job_id):
-        # The role of the current user in the ta table must be admin or owner
-        if not current_user.is_admin_or_owner:
+        if not current_user.is_editor:
             raise Forbidden()
 
         job_id = str(job_id)
     @login_required
     @account_initialization_required
     def get(self, app_id, annotation_id):
-        # The role of the current user in the table must be admin or owner
-        if not current_user.is_admin_or_owner:
+        if not current_user.is_editor:
             raise Forbidden()
 
         page = request.args.get('page', default=1, type=int)

api/controllers/console/app/conversation.py

     @get_app_model(mode=[AppMode.CHAT, AppMode.AGENT_CHAT, AppMode.ADVANCED_CHAT])
     @marshal_with(conversation_with_summary_pagination_fields)
     def get(self, app_model):
-        if not current_user.is_admin_or_owner:
+        if not current_user.is_editor:
             raise Forbidden()
         parser = reqparse.RequestParser()
         parser.add_argument('keyword', type=str, location='args')
     @get_app_model(mode=[AppMode.CHAT, AppMode.AGENT_CHAT, AppMode.ADVANCED_CHAT])
     @marshal_with(conversation_detail_fields)
     def get(self, app_model, conversation_id):
-        if not current_user.is_admin_or_owner:
+        if not current_user.is_editor:
             raise Forbidden()
         conversation_id = str(conversation_id)
 

api/controllers/console/app/message.py

     @get_app_model
     @marshal_with(annotation_fields)
     def post(self, app_model):
-        # The role of the current user in the ta table must be admin or owner
-        if not current_user.is_admin_or_owner:
+        if not current_user.is_editor:
             raise Forbidden()
 
         parser = reqparse.RequestParser()

api/controllers/console/datasets/datasets_segments.py

         document = DocumentService.get_document(dataset_id, document_id)
         if not document:
             raise NotFound('Document not found.')
-        # The role of the current user in the ta table must be admin or owner
-        if not current_user.is_admin_or_owner:
+        if not current_user.is_editor:
             raise Forbidden()
         # check embedding model setting
         if dataset.indexing_technique == 'high_quality':
         if not segment:
             raise NotFound('Segment not found.')
         # The role of the current user in the ta table must be admin or owner
-        if not current_user.is_admin_or_owner:
+        if not current_user.is_editor:
             raise Forbidden()
         try:
             DatasetService.check_dataset_permission(dataset, current_user)