mirror of
https://github.com/MODSetter/SurfSense.git
synced 2026-06-30 21:59:46 +02:00
feat: add permission checks for public sharing
This commit is contained in:
parent
17c7b34e44
commit
f18ba8e045
1 changed files with 16 additions and 10 deletions
|
|
@ -25,12 +25,14 @@ from app.db import (
|
||||||
ChatVisibility,
|
ChatVisibility,
|
||||||
NewChatMessage,
|
NewChatMessage,
|
||||||
NewChatThread,
|
NewChatThread,
|
||||||
|
Permission,
|
||||||
Podcast,
|
Podcast,
|
||||||
PodcastStatus,
|
PodcastStatus,
|
||||||
PublicChatSnapshot,
|
PublicChatSnapshot,
|
||||||
SearchSpaceMembership,
|
SearchSpaceMembership,
|
||||||
User,
|
User,
|
||||||
)
|
)
|
||||||
|
from app.utils.rbac import check_permission
|
||||||
|
|
||||||
UI_TOOLS = {
|
UI_TOOLS = {
|
||||||
"display_image",
|
"display_image",
|
||||||
|
|
@ -177,11 +179,13 @@ async def create_snapshot(
|
||||||
if not thread:
|
if not thread:
|
||||||
raise HTTPException(status_code=404, detail="Thread not found")
|
raise HTTPException(status_code=404, detail="Thread not found")
|
||||||
|
|
||||||
if thread.created_by_id != user.id:
|
await check_permission(
|
||||||
raise HTTPException(
|
session,
|
||||||
status_code=403,
|
user,
|
||||||
detail="Only the creator of this chat can create public snapshots",
|
thread.search_space_id,
|
||||||
)
|
Permission.PUBLIC_SHARING_CREATE.value,
|
||||||
|
"You don't have permission to create public share links",
|
||||||
|
)
|
||||||
|
|
||||||
# Build snapshot data
|
# Build snapshot data
|
||||||
user_cache: dict[UUID, dict] = {}
|
user_cache: dict[UUID, dict] = {}
|
||||||
|
|
@ -412,11 +416,13 @@ async def delete_snapshot(
|
||||||
if not snapshot:
|
if not snapshot:
|
||||||
raise HTTPException(status_code=404, detail="Snapshot not found")
|
raise HTTPException(status_code=404, detail="Snapshot not found")
|
||||||
|
|
||||||
if snapshot.thread.created_by_id != user.id:
|
await check_permission(
|
||||||
raise HTTPException(
|
session,
|
||||||
status_code=403,
|
user,
|
||||||
detail="Only the creator can delete snapshots",
|
snapshot.thread.search_space_id,
|
||||||
)
|
Permission.PUBLIC_SHARING_DELETE.value,
|
||||||
|
"You don't have permission to delete public share links",
|
||||||
|
)
|
||||||
|
|
||||||
await session.delete(snapshot)
|
await session.delete(snapshot)
|
||||||
await session.commit()
|
await session.commit()
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue