fix(datasets): add created_by to ApiToken for get datasets from api c…

…orrect current user (#11331)
langgenius · Dec 6, 2024 · cd8d938 · cd8d938
1 parent 9277156
commit cd8d938
Show file tree

Hide file tree

Showing 4 changed files with 52 additions and 4 deletions.
diff --git a/api/controllers/console/datasets/datasets.py b/api/controllers/console/datasets/datasets.py
@@ -566,6 +566,7 @@ def post(self):
         api_token.tenant_id = current_user.current_tenant_id
         api_token.token = key
         api_token.type = self.resource_type
+        api_token.created_by = current_user.id
         db.session.add(api_token)
         db.session.commit()
         return api_token, 200

diff --git a/api/controllers/service_api/wraps.py b/api/controllers/service_api/wraps.py
@@ -140,14 +140,29 @@ def decorator(view):
         @wraps(view)
         def decorated(*args, **kwargs):
             api_token = validate_and_get_api_token("dataset")
-            tenant_account_join = (
+
+            # Build base query
+            query = (
                 db.session.query(Tenant, TenantAccountJoin)
                 .filter(Tenant.id == api_token.tenant_id)
                 .filter(TenantAccountJoin.tenant_id == Tenant.id)
-                .filter(TenantAccountJoin.role.in_(["owner"]))
                 .filter(Tenant.status == TenantStatus.NORMAL)
-                .one_or_none()
-            )  # TODO: only owner information is required, so only one is returned.
+            )
+
+            if api_token.created_by:
+                # Only apply account_id filter if created_by exists
+                query = query.filter(
+                    db.and_(
+                        TenantAccountJoin.role.in_(["owner", "admin"]),
+                        TenantAccountJoin.account_id == api_token.created_by,
+                    )
+                )
+            else:
+                query = query.filter(TenantAccountJoin.role.in_(["owner"]))
+
+            tenant_account_join = query.one_or_none()
+            # TODO: only owner information is required, so only one is returned.
+
             if tenant_account_join:
                 tenant, ta = tenant_account_join
                 account = Account.query.filter_by(id=ta.account_id).first()

diff --git a/api/migrations/versions/2024_12_06_1324-5f42bf0de698_add_created_by_to_api_tokens.py b/api/migrations/versions/2024_12_06_1324-5f42bf0de698_add_created_by_to_api_tokens.py
@@ -0,0 +1,31 @@
+"""add created_by to api_tokens
+
+Revision ID: 5f42bf0de698
+Revises: 01d6889832f7
+Create Date: 2024-12-06 13:24:28.701384
+
+"""
+from alembic import op
+import models as models
+import sqlalchemy as sa
+
+
+# revision identifiers, used by Alembic.
+revision = '5f42bf0de698'
+down_revision = '01d6889832f7'
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    with op.batch_alter_table('api_tokens', schema=None) as batch_op:
+        batch_op.add_column(sa.Column('created_by', models.types.StringUUID(), nullable=True))
+    # ### end Alembic commands ###
+
+
+def downgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    with op.batch_alter_table('api_tokens', schema=None) as batch_op:
+        batch_op.drop_column('created_by')
+    # ### end Alembic commands ###
diff --git a/api/models/model.py b/api/models/model.py
@@ -1340,6 +1340,7 @@ class ApiToken(db.Model):
     type = db.Column(db.String(16), nullable=False)
     token = db.Column(db.String(255), nullable=False)
     last_used_at = db.Column(db.DateTime, nullable=True)
+    created_by = db.Column(StringUUID, nullable=True)
     created_at = db.Column(db.DateTime, nullable=False, server_default=db.text("CURRENT_TIMESTAMP(0)"))
 
     @staticmethod