fix: Add authorization check for knowledge_delete node (#1865)

2 months ago · a1da673962
parent 2ffd7a8221
commit a1da673962
3 changed files with 50 additions and 10 deletions
--- a/backend/api/model/crossdomain/knowledge/knowledge.go
+++ b/backend/api/model/crossdomain/knowledge/knowledge.go
@ -329,7 +329,8 @@ type CreateDocumentResponse struct {
 }
 type DeleteDocumentRequest struct {
-	DocumentID string
+	DocumentID  int64
 	KnowledgeID int64
 }
 type DeleteDocumentResponse struct {
--- a/backend/crossdomain/impl/knowledge/knowledge.go
+++ b/backend/crossdomain/impl/knowledge/knowledge.go
@ -20,7 +20,6 @@ import (
 	"context"
 	"errors"
 	"fmt"
 	"strconv"
 	"github.com/coze-dev/coze-studio/backend/api/model/crossdomain/knowledge"
 	model "github.com/coze-dev/coze-studio/backend/api/model/crossdomain/knowledge"
@ -29,7 +28,9 @@ import (
 	"github.com/coze-dev/coze-studio/backend/domain/knowledge/entity"
 	"github.com/coze-dev/coze-studio/backend/domain/knowledge/service"
 	"github.com/coze-dev/coze-studio/backend/infra/contract/document/parser"
 	"github.com/coze-dev/coze-studio/backend/pkg/errorx"
 	"github.com/coze-dev/coze-studio/backend/pkg/lang/slices"
 	"github.com/coze-dev/coze-studio/backend/types/errno"
 )
 var defaultSVC crossknowledge.Knowledge
@ -132,13 +133,24 @@ func (i *impl) Store(ctx context.Context, document *model.CreateDocumentRequest)
 }
 func (i *impl) Delete(ctx context.Context, r *model.DeleteDocumentRequest) (*model.DeleteDocumentResponse, error) {
-	docID, err := strconv.ParseInt(r.DocumentID, 10, 64)
+	if r.KnowledgeID == 0 {
 		return nil, errorx.New(errno.ErrKnowledgeInvalidParamCode, errorx.KV("msg", "knowledge id cannot be 0"))
 	}
 	docs, err := i.DomainSVC.ListDocument(ctx, &service.ListDocumentRequest{
 		KnowledgeID: r.KnowledgeID,
 		DocumentIDs: []int64{r.DocumentID},
 		SelectAll:   true,
 	})
 	if err != nil {
-		return nil, fmt.Errorf("invalid document id: %s", r.DocumentID)
+		return nil, err
 	}
 	if len(docs.Documents) == 0 {
 		return nil, errorx.New(errno.ErrKnowledgeDocumentNotExistCode, errorx.KV("msg", "the specified document is not part of this knowledge base"))
 	}
 	err = i.DomainSVC.DeleteDocument(ctx, &service.DeleteDocumentRequest{
-		DocumentID: docID,
+		DocumentID: r.DocumentID,
 	})
 	if err != nil {
 		return &model.DeleteDocumentResponse{IsSuccess: false}, err
--- a/backend/domain/workflow/internal/nodes/knowledge/knowledge_deleter.go
+++ b/backend/domain/workflow/internal/nodes/knowledge/knowledge_deleter.go
@ -19,6 +19,8 @@ package knowledge
 import (
 	"context"
 	"errors"
 	"fmt"
 	"strconv"
 	"github.com/coze-dev/coze-studio/backend/api/model/crossdomain/knowledge"
 	crossknowledge "github.com/coze-dev/coze-studio/backend/crossdomain/contract/knowledge"
@ -27,9 +29,12 @@ import (
 	"github.com/coze-dev/coze-studio/backend/domain/workflow/internal/canvas/convert"
 	"github.com/coze-dev/coze-studio/backend/domain/workflow/internal/nodes"
 	"github.com/coze-dev/coze-studio/backend/domain/workflow/internal/schema"
 	"github.com/spf13/cast"
 )
-type DeleterConfig struct{}
+type DeleterConfig struct {
 	KnowledgeID int64
 }
 func (d *DeleterConfig) Adapt(_ context.Context, n *vo.Node, _ ...nodes.AdaptOption) (*schema.NodeSchema, error) {
 	ns := &schema.NodeSchema{
@ -39,6 +44,18 @@ func (d *DeleterConfig) Adapt(_ context.Context, n *vo.Node, _ ...nodes.AdaptOpt
 		Configs: d,
 	}
 	inputs := n.Data.Inputs
 	datasetListInfoParam := inputs.DatasetParam[0]
 	datasetIDs := datasetListInfoParam.Input.Value.Content.([]any)
 	if len(datasetIDs) == 0 {
 		return nil, fmt.Errorf("dataset ids is required")
 	}
 	knowledgeID, err := cast.ToInt64E(datasetIDs[0])
 	if err != nil {
 		return nil, err
 	}
 	d.KnowledgeID = knowledgeID
 	if err := convert.SetInputsForNodeSchema(n, ns); err != nil {
 		return nil, err
 	}
@ -51,19 +68,29 @@ func (d *DeleterConfig) Adapt(_ context.Context, n *vo.Node, _ ...nodes.AdaptOpt
 }
 func (d *DeleterConfig) Build(_ context.Context, _ *schema.NodeSchema, _ ...schema.BuildOption) (any, error) {
-	return &Deleter{}, nil
+	return &Deleter{
 		KnowledgeID: d.KnowledgeID,
 	}, nil
 }
-type Deleter struct{}
+type Deleter struct {
 	KnowledgeID int64
 }
-func (k *Deleter) Invoke(ctx context.Context, input map[string]any) (map[string]any, error) {
+func (d *Deleter) Invoke(ctx context.Context, input map[string]any) (map[string]any, error) {
 	documentID, ok := input["documentID"].(string)
 	if !ok {
 		return nil, errors.New("documentID is required and must be a string")
 	}
 	docID, err := strconv.ParseInt(documentID, 10, 64)
 	if err != nil {
 		return nil, fmt.Errorf("invalid document id: %s", documentID)
 	}
 	req := &knowledge.DeleteDocumentRequest{
-		DocumentID: documentID,
+		DocumentID:  docID,
 		KnowledgeID: d.KnowledgeID,
 	}
 	response, err := crossknowledge.DefaultSVC().Delete(ctx, req)