Revert "feat: knowledge admin role" (#6018)

langgenius · Jul 5, 2024 · 79df882 · 79df882
1 parent 71c50b7
commit 79df882
Show file tree

Hide file tree

Showing 46 changed files with 350 additions and 1,028 deletions.
diff --git a/api/configs/feature/__init__.py b/api/configs/feature/__init__.py
@@ -395,11 +395,6 @@ class DataSetConfig(BaseModel):
         default=30,
     )
 
-    DATASET_OPERATOR_ENABLED: bool = Field(
-        description='whether to enable dataset operator',
-        default=False,
-    )
-
 
 class WorkspaceConfig(BaseModel):
     """

diff --git a/api/controllers/console/datasets/datasets.py b/api/controllers/console/datasets/datasets.py
@@ -25,7 +25,7 @@
 from libs.login import login_required
 from models.dataset import Dataset, Document, DocumentSegment
 from models.model import ApiToken, UploadFile
-from services.dataset_service import DatasetPermissionService, DatasetService, DocumentService
+from services.dataset_service import DatasetService, DocumentService
 
 
 def _validate_name(name):
@@ -85,12 +85,6 @@ def get(self):
             else:
                 item['embedding_available'] = True
 
-            if item.get('permission') == 'partial_members':
-                part_users_list = DatasetPermissionService.get_dataset_partial_member_list(item['id'])
-                item.update({'partial_member_list': part_users_list})
-            else:
-                item.update({'partial_member_list': []})
-
         response = {
             'data': data,
             'has_more': len(datasets) == limit,
@@ -114,7 +108,7 @@ def post(self):
                             help='Invalid indexing technique.')
         args = parser.parse_args()
 
-        # The role of the current user in the ta table must be admin, owner, or editor, or dataset_operator
+        # The role of the current user in the ta table must be admin, owner, or editor
         if not current_user.is_editor:
             raise Forbidden()
 
@@ -146,10 +140,6 @@ def get(self, dataset_id):
         except services.errors.account.NoPermissionError as e:
             raise Forbidden(str(e))
         data = marshal(dataset, dataset_detail_fields)
-        if data.get('permission') == 'partial_members':
-            part_users_list = DatasetPermissionService.get_dataset_partial_member_list(dataset_id_str)
-            data.update({'partial_member_list': part_users_list})
-
         # check embedding setting
         provider_manager = ProviderManager()
         configurations = provider_manager.get_configurations(
@@ -173,11 +163,6 @@ def get(self, dataset_id):
                 data['embedding_available'] = False
         else:
             data['embedding_available'] = True
-
-        if data.get('permission') == 'partial_members':
-            part_users_list = DatasetPermissionService.get_dataset_partial_member_list(dataset_id_str)
-            data.update({'partial_member_list': part_users_list})
-
         return data, 200
 
     @setup_required
@@ -203,39 +188,25 @@ def patch(self, dataset_id):
                             nullable=True,
                             help='Invalid indexing technique.')
         parser.add_argument('permission', type=str, location='json', choices=(
-            'only_me', 'all_team_members', 'partial_members'), help='Invalid permission.'
-                            )
+            'only_me', 'all_team_members'), help='Invalid permission.')
         parser.add_argument('embedding_model', type=str,
                             location='json', help='Invalid embedding model.')
         parser.add_argument('embedding_model_provider', type=str,
                             location='json', help='Invalid embedding model provider.')
         parser.add_argument('retrieval_model', type=dict, location='json', help='Invalid retrieval model.')
-        parser.add_argument('partial_member_list', type=list, location='json', help='Invalid parent user list.')
         args = parser.parse_args()
-        data = request.get_json()
 
-        # The role of the current user in the ta table must be admin, owner, editor, or dataset_operator
-        DatasetPermissionService.check_permission(
-            current_user, dataset, data.get('permission'), data.get('partial_member_list')
-        )
+        # The role of the current user in the ta table must be admin, owner, or editor
+        if not current_user.is_editor:
+            raise Forbidden()
 
         dataset = DatasetService.update_dataset(
             dataset_id_str, args, current_user)
 
         if dataset is None:
             raise NotFound("Dataset not found.")
 
-        result_data = marshal(dataset, dataset_detail_fields)
-
-        if data.get('partial_member_list') and data.get('permission') == 'partial_members':
-            DatasetPermissionService.update_partial_member_list(dataset_id_str, data.get('partial_member_list'))
-        else:
-            DatasetPermissionService.clear_partial_member_list(dataset_id_str)
-
-        partial_member_list = DatasetPermissionService.get_dataset_partial_member_list(dataset_id_str)
-        result_data.update({'partial_member_list': partial_member_list})
-
-        return result_data, 200
+        return marshal(dataset, dataset_detail_fields), 200
 
     @setup_required
     @login_required
@@ -244,7 +215,7 @@ def delete(self, dataset_id):
         dataset_id_str = str(dataset_id)
 
         # The role of the current user in the ta table must be admin, owner, or editor
-        if not current_user.is_editor or current_user.is_dataset_operator:
+        if not current_user.is_editor:
             raise Forbidden()
 
         try:
@@ -598,27 +569,6 @@ def get(self, dataset_id):
         }, 200
 
 
-class DatasetPermissionUserListApi(Resource):
-    @setup_required
-    @login_required
-    @account_initialization_required
-    def get(self, dataset_id):
-        dataset_id_str = str(dataset_id)
-        dataset = DatasetService.get_dataset(dataset_id_str)
-        if dataset is None:
-            raise NotFound("Dataset not found.")
-        try:
-            DatasetService.check_dataset_permission(dataset, current_user)
-        except services.errors.account.NoPermissionError as e:
-            raise Forbidden(str(e))
-
-        partial_members_list = DatasetPermissionService.get_dataset_partial_member_list(dataset_id_str)
-
-        return {
-            'data': partial_members_list,
-        }, 200
-
-
 api.add_resource(DatasetListApi, '/datasets')
 api.add_resource(DatasetApi, '/datasets/<uuid:dataset_id>')
 api.add_resource(DatasetUseCheckApi, '/datasets/<uuid:dataset_id>/use-check')
@@ -632,4 +582,3 @@ def get(self, dataset_id):
 api.add_resource(DatasetApiBaseUrlApi, '/datasets/api-base-info')
 api.add_resource(DatasetRetrievalSettingApi, '/datasets/retrieval-setting')
 api.add_resource(DatasetRetrievalSettingMockApi, '/datasets/retrieval-setting/<string:vector_type>')
-api.add_resource(DatasetPermissionUserListApi, '/datasets/<uuid:dataset_id>/permission-part-users')
diff --git a/api/controllers/console/datasets/datasets_document.py b/api/controllers/console/datasets/datasets_document.py
@@ -228,7 +228,7 @@ def post(self, dataset_id):
             raise NotFound('Dataset not found.')
 
         # The role of the current user in the ta table must be admin, owner, or editor
-        if not current_user.is_dataset_editor:
+        if not current_user.is_editor:
             raise Forbidden()
 
         try:
@@ -294,11 +294,6 @@ def post(self):
         parser.add_argument('retrieval_model', type=dict, required=False, nullable=False,
                             location='json')
         args = parser.parse_args()
-
-        # The role of the current user in the ta table must be admin, owner, or editor, or dataset_operator
-        if not current_user.is_dataset_editor:
-            raise Forbidden()
-
         if args['indexing_technique'] == 'high_quality':
             try:
                 model_manager = ModelManager()
@@ -762,19 +757,15 @@ def patch(self, dataset_id, document_id, action):
         dataset = DatasetService.get_dataset(dataset_id)
         if dataset is None:
             raise NotFound("Dataset not found.")
-
-        # The role of the current user in the ta table must be admin, owner, or editor
-        if not current_user.is_dataset_editor:
-            raise Forbidden()
-
         # check user's model setting
         DatasetService.check_dataset_model_setting(dataset)
 
-        # check user's permission
-        DatasetService.check_dataset_permission(dataset, current_user)
-
         document = self.get_document(dataset_id, document_id)
 
+        # The role of the current user in the ta table must be admin, owner, or editor
+        if not current_user.is_editor:
+            raise Forbidden()
+
         indexing_cache_key = 'document_{}_indexing'.format(document.id)
         cache_result = redis_client.get(indexing_cache_key)
         if cache_result is not None:
@@ -964,11 +955,10 @@ class DocumentRenameApi(DocumentResource):
     @account_initialization_required
     @marshal_with(document_fields)
     def post(self, dataset_id, document_id):
-        # The role of the current user in the ta table must be admin, owner, editor, or dataset_operator
-        if not current_user.is_dataset_editor:
+        # The role of the current user in the ta table must be admin or owner
+        if not current_user.is_admin_or_owner:
             raise Forbidden()
-        dataset = DatasetService.get_dataset(dataset_id)
-        DatasetService.check_dataset_operator_permission(current_user, dataset)
+
         parser = reqparse.RequestParser()
         parser.add_argument('name', type=str, required=True, nullable=False, location='json')
         args = parser.parse_args()

diff --git a/api/controllers/console/tag/tags.py b/api/controllers/console/tag/tags.py
@@ -36,7 +36,7 @@ def get(self):
     @account_initialization_required
     def post(self):
         # The role of the current user in the ta table must be admin, owner, or editor
-        if not (current_user.is_editor or current_user.is_dataset_editor):
+        if not current_user.is_editor:
             raise Forbidden()
 
         parser = reqparse.RequestParser()
@@ -68,7 +68,7 @@ class TagUpdateDeleteApi(Resource):
     def patch(self, tag_id):
         tag_id = str(tag_id)
         # The role of the current user in the ta table must be admin, owner, or editor
-        if not (current_user.is_editor or current_user.is_dataset_editor):
+        if not current_user.is_editor:
             raise Forbidden()
 
         parser = reqparse.RequestParser()
@@ -109,8 +109,8 @@ class TagBindingCreateApi(Resource):
     @login_required
     @account_initialization_required
     def post(self):
-        # The role of the current user in the ta table must be admin, owner, editor, or dataset_operator
-        if not (current_user.is_editor or current_user.is_dataset_editor):
+        # The role of the current user in the ta table must be admin, owner, or editor
+        if not current_user.is_editor:
             raise Forbidden()
 
         parser = reqparse.RequestParser()
@@ -134,8 +134,8 @@ class TagBindingDeleteApi(Resource):
     @login_required
     @account_initialization_required
     def post(self):
-        # The role of the current user in the ta table must be admin, owner, editor, or dataset_operator
-        if not (current_user.is_editor or current_user.is_dataset_editor):
+        # The role of the current user in the ta table must be admin, owner, or editor
+        if not current_user.is_editor:
             raise Forbidden()
 
         parser = reqparse.RequestParser()

diff --git a/api/controllers/console/workspace/members.py b/api/controllers/console/workspace/members.py
@@ -131,20 +131,7 @@ def put(self, member_id):
         return {'result': 'success'}
 
 
-class DatasetOperatorMemberListApi(Resource):
-    """List all members of current tenant."""
-
-    @setup_required
-    @login_required
-    @account_initialization_required
-    @marshal_with(account_with_role_list_fields)
-    def get(self):
-        members = TenantService.get_dataset_operator_members(current_user.current_tenant)
-        return {'result': 'success', 'accounts': members}, 200
-
-
 api.add_resource(MemberListApi, '/workspaces/current/members')
 api.add_resource(MemberInviteEmailApi, '/workspaces/current/members/invite-email')
 api.add_resource(MemberCancelInviteApi, '/workspaces/current/members/<uuid:member_id>')
 api.add_resource(MemberUpdateRoleApi, '/workspaces/current/members/<uuid:member_id>/update-role')
-api.add_resource(DatasetOperatorMemberListApi, '/workspaces/current/dataset-operators')
diff --git a/api/migrations/versions/7e6a8693e07a_add_table_dataset_permissions.py b/api/migrations/versions/7e6a8693e07a_add_table_dataset_permissions.py
diff --git a/api/models/account.py b/api/models/account.py
@@ -80,10 +80,6 @@ def current_tenant_id(self, value):
 
         self._current_tenant = tenant
 
-    @property
-    def current_role(self):
-        return self._current_tenant.current_role
-
     def get_status(self) -> AccountStatus:
         status_str = self.status
         return AccountStatus(status_str)
@@ -114,14 +110,6 @@ def is_admin_or_owner(self):
     def is_editor(self):
         return TenantAccountRole.is_editing_role(self._current_tenant.current_role)
 
-    @property
-    def is_dataset_editor(self):
-        return TenantAccountRole.is_dataset_edit_role(self._current_tenant.current_role)
-
-    @property
-    def is_dataset_operator(self):
-        return self._current_tenant.current_role == TenantAccountRole.DATASET_OPERATOR
-
 class TenantStatus(str, enum.Enum):
     NORMAL = 'normal'
     ARCHIVE = 'archive'
@@ -132,30 +120,23 @@ class TenantAccountRole(str, enum.Enum):
     ADMIN = 'admin'
     EDITOR = 'editor'
     NORMAL = 'normal'
-    DATASET_OPERATOR = 'dataset_operator'
 
     @staticmethod
     def is_valid_role(role: str) -> bool:
-        return role and role in {TenantAccountRole.OWNER, TenantAccountRole.ADMIN, TenantAccountRole.EDITOR,
-                                 TenantAccountRole.NORMAL, TenantAccountRole.DATASET_OPERATOR}
+        return role and role in {TenantAccountRole.OWNER, TenantAccountRole.ADMIN, TenantAccountRole.EDITOR, TenantAccountRole.NORMAL}
 
     @staticmethod
     def is_privileged_role(role: str) -> bool:
         return role and role in {TenantAccountRole.OWNER, TenantAccountRole.ADMIN}
 
     @staticmethod
     def is_non_owner_role(role: str) -> bool:
-        return role and role in {TenantAccountRole.ADMIN, TenantAccountRole.EDITOR, TenantAccountRole.NORMAL,
-                                 TenantAccountRole.DATASET_OPERATOR}
+        return role and role in {TenantAccountRole.ADMIN, TenantAccountRole.EDITOR, TenantAccountRole.NORMAL}
 
     @staticmethod
     def is_editing_role(role: str) -> bool:
         return role and role in {TenantAccountRole.OWNER, TenantAccountRole.ADMIN, TenantAccountRole.EDITOR}
 
-    @staticmethod
-    def is_dataset_edit_role(role: str) -> bool:
-        return role and role in {TenantAccountRole.OWNER, TenantAccountRole.ADMIN, TenantAccountRole.EDITOR,
-                                 TenantAccountRole.DATASET_OPERATOR}
 
 class Tenant(db.Model):
     __tablename__ = 'tenants'
@@ -191,7 +172,6 @@ class TenantAccountJoinRole(enum.Enum):
     OWNER = 'owner'
     ADMIN = 'admin'
     NORMAL = 'normal'
-    DATASET_OPERATOR = 'dataset_operator'
 
 
 class TenantAccountJoin(db.Model):