Revert "owner and admin have all permission of knowledge base (#12157)"

This reverts commit f4f2567.
langgenius · Jan 2, 2025 · 714b22d · 714b22d
1 parent 42d8ec3
commit 714b22d
Showing 1 changed file with 31 additions and 42 deletions.
diff --git a/api/services/dataset_service.py b/api/services/dataset_service.py
@@ -86,30 +86,25 @@ def get_datasets(page, per_page, tenant_id=None, user=None, search=None, tag_ids
                 else:
                     return [], 0
             else:
-                if user.current_role not in (TenantAccountRole.OWNER, TenantAccountRole.ADMIN):
-                    # show all datasets that the user has permission to access
-                    if permitted_dataset_ids:
-                        query = query.filter(
-                            db.or_(
-                                Dataset.permission == DatasetPermissionEnum.ALL_TEAM,
-                                db.and_(
-                                    Dataset.permission == DatasetPermissionEnum.ONLY_ME, Dataset.created_by == user.id
-                                ),
-                                db.and_(
-                                    Dataset.permission == DatasetPermissionEnum.PARTIAL_TEAM,
-                                    Dataset.id.in_(permitted_dataset_ids),
-                                ),
-                            )
+                # show all datasets that the user has permission to access
+                if permitted_dataset_ids:
+                    query = query.filter(
+                        db.or_(
+                            Dataset.permission == DatasetPermissionEnum.ALL_TEAM,
+                            db.and_(Dataset.permission == DatasetPermissionEnum.ONLY_ME, Dataset.created_by == user.id),
+                            db.and_(
+                                Dataset.permission == DatasetPermissionEnum.PARTIAL_TEAM,
+                                Dataset.id.in_(permitted_dataset_ids),
+                            ),
                         )
-                    else:
-                        query = query.filter(
-                            db.or_(
-                                Dataset.permission == DatasetPermissionEnum.ALL_TEAM,
-                                db.and_(
-                                    Dataset.permission == DatasetPermissionEnum.ONLY_ME, Dataset.created_by == user.id
-                                ),
-                            )
+                    )
+                else:
+                    query = query.filter(
+                        db.or_(
+                            Dataset.permission == DatasetPermissionEnum.ALL_TEAM,
+                            db.and_(Dataset.permission == DatasetPermissionEnum.ONLY_ME, Dataset.created_by == user.id),
                         )
+                    )
         else:
             # if no user, only show datasets that are shared with all team members
             query = query.filter(Dataset.permission == DatasetPermissionEnum.ALL_TEAM)
@@ -382,19 +377,14 @@ def check_dataset_permission(dataset, user):
         if dataset.tenant_id != user.current_tenant_id:
             logging.debug(f"User {user.id} does not have permission to access dataset {dataset.id}")
             raise NoPermissionError("You do not have permission to access this dataset.")
-        if user.current_role not in (TenantAccountRole.OWNER, TenantAccountRole.ADMIN):
-            if dataset.permission == DatasetPermissionEnum.ONLY_ME and dataset.created_by != user.id:
+        if dataset.permission == DatasetPermissionEnum.ONLY_ME and dataset.created_by != user.id:
+            logging.debug(f"User {user.id} does not have permission to access dataset {dataset.id}")
+            raise NoPermissionError("You do not have permission to access this dataset.")
+        if dataset.permission == "partial_members":
+            user_permission = DatasetPermission.query.filter_by(dataset_id=dataset.id, account_id=user.id).first()
+            if not user_permission and dataset.tenant_id != user.current_tenant_id and dataset.created_by != user.id:
                 logging.debug(f"User {user.id} does not have permission to access dataset {dataset.id}")
                 raise NoPermissionError("You do not have permission to access this dataset.")
-            if dataset.permission == "partial_members":
-                user_permission = DatasetPermission.query.filter_by(dataset_id=dataset.id, account_id=user.id).first()
-                if (
-                    not user_permission
-                    and dataset.tenant_id != user.current_tenant_id
-                    and dataset.created_by != user.id
-                ):
-                    logging.debug(f"User {user.id} does not have permission to access dataset {dataset.id}")
-                    raise NoPermissionError("You do not have permission to access this dataset.")
 
     @staticmethod
     def check_dataset_operator_permission(user: Optional[Account] = None, dataset: Optional[Dataset] = None):
@@ -404,16 +394,15 @@ def check_dataset_operator_permission(user: Optional[Account] = None, dataset: O
         if not user:
             raise ValueError("User not found")
 
-        if user.current_role not in (TenantAccountRole.OWNER, TenantAccountRole.ADMIN):
-            if dataset.permission == DatasetPermissionEnum.ONLY_ME:
-                if dataset.created_by != user.id:
-                    raise NoPermissionError("You do not have permission to access this dataset.")
+        if dataset.permission == DatasetPermissionEnum.ONLY_ME:
+            if dataset.created_by != user.id:
+                raise NoPermissionError("You do not have permission to access this dataset.")
 
-            elif dataset.permission == DatasetPermissionEnum.PARTIAL_TEAM:
-                if not any(
-                    dp.dataset_id == dataset.id for dp in DatasetPermission.query.filter_by(account_id=user.id).all()
-                ):
-                    raise NoPermissionError("You do not have permission to access this dataset.")
+        elif dataset.permission == DatasetPermissionEnum.PARTIAL_TEAM:
+            if not any(
+                dp.dataset_id == dataset.id for dp in DatasetPermission.query.filter_by(account_id=user.id).all()
+            ):
+                raise NoPermissionError("You do not have permission to access this dataset.")
 
     @staticmethod
     def get_dataset_queries(dataset_id: str, page: int, per_page: int):