From 155cf297dd6e8de08cb0acd5e254da7738df8c9c Mon Sep 17 00:00:00 2001
From: Joe <1264204425@qq.com>
Date: Wed, 18 Dec 2024 14:10:08 +0800
Subject: [PATCH] feat: dataset file upload auth

---
 api/controllers/console/datasets/file.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/api/controllers/console/datasets/file.py b/api/controllers/console/datasets/file.py
index 846aa70e86..be8da7b54b 100644
--- a/api/controllers/console/datasets/file.py
+++ b/api/controllers/console/datasets/file.py
@@ -1,6 +1,7 @@
 from flask import request
 from flask_login import current_user
 from flask_restful import Resource, marshal_with
+from werkzeug.exceptions import Forbidden
 
 import services
 from configs import dify_config
@@ -41,6 +42,9 @@ class FileApi(Resource):
     @marshal_with(file_fields)
     @cloud_edition_billing_resource_check("documents")
     def post(self):
+        if current_user.is_dataset_editor:
+            raise Forbidden()
+        
         # get file from request
         file = request.files["file"]