mirror of
https://github.com/langgenius/dify.git
synced 2026-06-26 23:01:11 +08:00
c232375fd2
Plugin-based datasource credentials (Notion, Jina, Firecrawl, etc.) were implicitly shared with every workspace member. PR #35468 added the visibility column, creator tracking and read-side filtering for datasource providers, but left no way to actually set or change a credential's scope, so every datasource credential stayed effectively all_team_members. This completes the datasource side: Backend: - add_datasource_api_key_provider / add_datasource_oauth_provider accept user_id and visibility; API keys default to all_team_members, OAuth defaults to only_me (matching the plugin-credential philosophy) - new update_datasource_credential_visibility (+ console endpoint) so the creator can switch between only_me / all_team_members / partial_members; only the creator (or legacy NULL-owner rows) may change the scope - replace_partial_member_list / clear_partial_member_list helpers on CredentialPermissionService (caller owns the transaction) - list_datasource_credentials returns visibility, user_id, is_editable and partial_member_list Frontend: - VisibilityModal reusing PermissionSelector, with an empty-partial-members guard (the backend rejects an empty list) - "Who can use" action in the credential operator, gated on is_editable - scope badges (only me / partial team members) on the credential item Existing credentials keep working: the visibility column defaults to all_team_members and legacy rows with a NULL owner are always visible. |
||
|---|---|---|
| .. | ||
| common | ||
| console | ||
| files | ||
| inner_api | ||
| mcp | ||
| openapi | ||
| service_api | ||
| trigger | ||
| web | ||
| __init__.py | ||
| API_SCHEMA_GUIDE.md | ||
| fastopenapi.py | ||