mirror of
https://github.com/langgenius/dify.git
synced 2026-06-26 14:51:13 +08:00
c232375fd2
Plugin-based datasource credentials (Notion, Jina, Firecrawl, etc.) were implicitly shared with every workspace member. PR #35468 added the visibility column, creator tracking and read-side filtering for datasource providers, but left no way to actually set or change a credential's scope, so every datasource credential stayed effectively all_team_members. This completes the datasource side: Backend: - add_datasource_api_key_provider / add_datasource_oauth_provider accept user_id and visibility; API keys default to all_team_members, OAuth defaults to only_me (matching the plugin-credential philosophy) - new update_datasource_credential_visibility (+ console endpoint) so the creator can switch between only_me / all_team_members / partial_members; only the creator (or legacy NULL-owner rows) may change the scope - replace_partial_member_list / clear_partial_member_list helpers on CredentialPermissionService (caller owns the transaction) - list_datasource_credentials returns visibility, user_id, is_editable and partial_member_list Frontend: - VisibilityModal reusing PermissionSelector, with an empty-partial-members guard (the backend rejects an empty list) - "Who can use" action in the credential operator, gated on is_editable - scope badges (only me / partial team members) on the credential item Existing credentials keep working: the visibility column defaults to all_team_members and legacy rows with a NULL owner are always visible. |
||
|---|---|---|
| .. | ||
| __tests__ | ||
| account-about | ||
| account-dropdown | ||
| account-setting | ||
| assets | ||
| env-nav | ||
| github-star | ||
| license-env | ||
| plan-badge | ||
| plugins-nav | ||
| utils | ||
| header-wrapper.tsx | ||
| index.module.css | ||
| maintenance-notice.tsx | ||
| storage.ts | ||