mirror of
https://github.com/langgenius/dify.git
synced 2026-06-26 14:51:13 +08:00
c232375fd2
Plugin-based datasource credentials (Notion, Jina, Firecrawl, etc.) were implicitly shared with every workspace member. PR #35468 added the visibility column, creator tracking and read-side filtering for datasource providers, but left no way to actually set or change a credential's scope, so every datasource credential stayed effectively all_team_members. This completes the datasource side: Backend: - add_datasource_api_key_provider / add_datasource_oauth_provider accept user_id and visibility; API keys default to all_team_members, OAuth defaults to only_me (matching the plugin-credential philosophy) - new update_datasource_credential_visibility (+ console endpoint) so the creator can switch between only_me / all_team_members / partial_members; only the creator (or legacy NULL-owner rows) may change the scope - replace_partial_member_list / clear_partial_member_list helpers on CredentialPermissionService (caller owns the transaction) - list_datasource_credentials returns visibility, user_id, is_editable and partial_member_list Frontend: - VisibilityModal reusing PermissionSelector, with an empty-partial-members guard (the backend rejects an empty list) - "Who can use" action in the credential operator, gated on is_editable - scope badges (only me / partial team members) on the credential item Existing credentials keep working: the visibility column defaults to all_team_members and legacy rows with a NULL owner are always visible. |
||
|---|---|---|
| .. | ||
| fixtures/workflow | ||
| helpers | ||
| integration_tests | ||
| test_containers_integration_tests | ||
| unit_tests | ||
| __init__.py | ||
| conftest.py | ||
| pytest_dify.py | ||
| seed_legacy_model_type_dirty_data.py | ||
| workflow_test_utils.py | ||