opensource/dify
2
0
Fork 0
mirror of https://github.com/langgenius/dify.git synced 2026-05-13 08:57:28 +08:00
Code Issues Packages Projects Releases Wiki Activity

chore: skip old auth check when rbac enabled

Browse Source
This commit is contained in:
fatelei 2026-05-11 15:12:49 +08:00
parent d90825fd8a
commit a409a0c3a1
No known key found for this signature in database
GPG Key ID: 2F91DA05646F4EED
2 changed files with 64 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
api/models/account.py
View File

@ -11,6 +11,8 @@ from sqlalchemy import DateTime, String, func, select
from sqlalchemy.orm import Mapped, Session, mapped_column from sqlalchemy.orm import Mapped, Session, mapped_column
from typing_extensions import deprecated from typing_extensions import deprecated
from configs import dify_config
from .base import TypeBase from .base import TypeBase
from .engine import db from .engine import db
from .types import EnumText, LongText, StringUUID from .types import EnumText, LongText, StringUUID
@ -187,10 +189,14 @@ class Account(UserMixin, TypeBase):
# check current_user.current_tenant.current_role in ['admin', 'owner'] # check current_user.current_tenant.current_role in ['admin', 'owner']
@property @property
def is_admin_or_owner(self): def is_admin_or_owner(self):
if dify_config.RBAC_ENABLED:
return True
return TenantAccountRole.is_privileged_role(self.role) return TenantAccountRole.is_privileged_role(self.role)
@property @property
def is_admin(self): def is_admin(self):
if dify_config.RBAC_ENABLED:
return True
return TenantAccountRole.is_admin_role(self.role) return TenantAccountRole.is_admin_role(self.role)
@property @property
@ -216,14 +222,20 @@ class Account(UserMixin, TypeBase):
- `ADMIN` - `ADMIN`
- `EDITOR` - `EDITOR`
""" """
if dify_config.RBAC_ENABLED:
return True
return TenantAccountRole.is_editing_role(self.role) return TenantAccountRole.is_editing_role(self.role)
@property @property
def is_dataset_editor(self): def is_dataset_editor(self):
if dify_config.RBAC_ENABLED:
return True
return TenantAccountRole.is_dataset_edit_role(self.role) return TenantAccountRole.is_dataset_edit_role(self.role)
@property @property
def is_dataset_operator(self): def is_dataset_operator(self):
if dify_config.RBAC_ENABLED:
return True
return self.role == TenantAccountRole.DATASET_OPERATOR return self.role == TenantAccountRole.DATASET_OPERATOR

61
api/tests/unit_tests/models/test_account_models.py
View File

@ -13,6 +13,7 @@ import base64
import secrets import secrets
from datetime import UTC, datetime from datetime import UTC, datetime
from uuid import uuid4 from uuid import uuid4
from unittest.mock import patch
import pytest import pytest
@ -347,7 +348,15 @@ class TestAccountRolePermissions:
account.role = TenantAccountRole.ADMIN account.role = TenantAccountRole.ADMIN
# Act & Assert # Act & Assert
assert account.is_admin_or_owner with patch("models.account.dify_config.RBAC_ENABLED", False):
assert account.is_admin_or_owner
def test_is_admin_or_owner_with_rbac_enabled(self):
account = Account(name="Test User", email="test@example.com")
account.role = TenantAccountRole.NORMAL
with patch("models.account.dify_config.RBAC_ENABLED", True):
assert account.is_admin_or_owner
def test_is_admin_or_owner_with_owner_role(self): def test_is_admin_or_owner_with_owner_role(self):
"""Test is_admin_or_owner property with owner role.""" """Test is_admin_or_owner property with owner role."""
@ -383,8 +392,16 @@ class TestAccountRolePermissions:
owner_account.role = TenantAccountRole.OWNER owner_account.role = TenantAccountRole.OWNER
# Act & Assert # Act & Assert
assert admin_account.is_admin with patch("models.account.dify_config.RBAC_ENABLED", False):
assert not owner_account.is_admin assert admin_account.is_admin
assert not owner_account.is_admin
def test_is_admin_with_rbac_enabled(self):
account = Account(name="Test User", email="test@example.com")
account.role = TenantAccountRole.NORMAL
with patch("models.account.dify_config.RBAC_ENABLED", True):
assert account.is_admin
def test_has_edit_permission_with_editing_roles(self): def test_has_edit_permission_with_editing_roles(self):
"""Test has_edit_permission property with roles that have edit permission.""" """Test has_edit_permission property with roles that have edit permission."""
@ -400,7 +417,15 @@ class TestAccountRolePermissions:
account.role = role account.role = role
# Act & Assert # Act & Assert
assert account.has_edit_permission, f"Role {role} should have edit permission" with patch("models.account.dify_config.RBAC_ENABLED", False):
assert account.has_edit_permission, f"Role {role} should have edit permission"
def test_has_edit_permission_with_rbac_enabled(self):
account = Account(name="Test User", email="test@example.com")
account.role = TenantAccountRole.NORMAL
with patch("models.account.dify_config.RBAC_ENABLED", True):
assert account.has_edit_permission
def test_has_edit_permission_without_editing_roles(self): def test_has_edit_permission_without_editing_roles(self):
"""Test has_edit_permission property with roles that don't have edit permission.""" """Test has_edit_permission property with roles that don't have edit permission."""
@ -415,7 +440,8 @@ class TestAccountRolePermissions:
account.role = role account.role = role
# Act & Assert # Act & Assert
assert not account.has_edit_permission, f"Role {role} should not have edit permission" with patch("models.account.dify_config.RBAC_ENABLED", False):
assert not account.has_edit_permission, f"Role {role} should not have edit permission"
def test_is_dataset_editor_property(self): def test_is_dataset_editor_property(self):
"""Test is_dataset_editor property.""" """Test is_dataset_editor property."""
@ -432,12 +458,21 @@ class TestAccountRolePermissions:
account.role = role account.role = role
# Act & Assert # Act & Assert
assert account.is_dataset_editor, f"Role {role} should have dataset edit permission" with patch("models.account.dify_config.RBAC_ENABLED", False):
assert account.is_dataset_editor, f"Role {role} should have dataset edit permission"
# Test normal role doesn't have dataset edit permission # Test normal role doesn't have dataset edit permission
normal_account = Account(name="Normal User", email="normal@example.com") normal_account = Account(name="Normal User", email="normal@example.com")
normal_account.role = TenantAccountRole.NORMAL normal_account.role = TenantAccountRole.NORMAL
assert not normal_account.is_dataset_editor with patch("models.account.dify_config.RBAC_ENABLED", False):
assert not normal_account.is_dataset_editor
def test_is_dataset_editor_with_rbac_enabled(self):
account = Account(name="Test User", email="test@example.com")
account.role = TenantAccountRole.NORMAL
with patch("models.account.dify_config.RBAC_ENABLED", True):
assert account.is_dataset_editor
def test_is_dataset_operator_property(self): def test_is_dataset_operator_property(self):
"""Test is_dataset_operator property.""" """Test is_dataset_operator property."""
@ -449,8 +484,16 @@ class TestAccountRolePermissions:
normal_account.role = TenantAccountRole.NORMAL normal_account.role = TenantAccountRole.NORMAL
# Act & Assert # Act & Assert
assert dataset_operator.is_dataset_operator with patch("models.account.dify_config.RBAC_ENABLED", False):
assert not normal_account.is_dataset_operator assert dataset_operator.is_dataset_operator
assert not normal_account.is_dataset_operator
def test_is_dataset_operator_with_rbac_enabled(self):
account = Account(name="Test User", email="test@example.com")
account.role = TenantAccountRole.NORMAL
with patch("models.account.dify_config.RBAC_ENABLED", True):
assert account.is_dataset_operator
def test_current_role_property(self): def test_current_role_property(self):
"""Test current_role property.""" """Test current_role property."""