diff --git a/backend/apps/system/schemas/permission.py b/backend/apps/system/schemas/permission.py index c590ec2e..45c78f81 100644 --- a/backend/apps/system/schemas/permission.py +++ b/backend/apps/system/schemas/permission.py @@ -13,6 +13,8 @@ from common.core.db import engine from apps.system.schemas.system_schema import UserInfoDTO +from common.utils.locale import I18n +i18n = I18n() class SqlbotPermission(BaseModel): role: Optional[list[str]] = None @@ -49,6 +51,7 @@ def decorator(func): @wraps(func) async def wrapper(*args, **kwargs): request = RequestContext.get_request() + current_user: UserInfoDTO = getattr(request.state, 'current_user', None) if not current_user: raise HTTPException( @@ -57,6 +60,8 @@ async def wrapper(*args, **kwargs): ) current_oid = current_user.oid + trans = i18n(request) + if current_user.isAdmin and not permission.type: return await func(*args, **kwargs) role_list = permission.role @@ -65,9 +70,11 @@ async def wrapper(*args, **kwargs): if role_list: if 'admin' in role_list and not current_user.isAdmin: - raise Exception('no permission to execute, only for admin') + #raise Exception('no permission to execute, only for admin') + raise Exception(trans('i18n_permission.only_admin')) if 'ws_admin' in role_list and current_user.weight == 0 and not current_user.isAdmin: - raise Exception('no permission to execute, only for workspace admin') + #raise Exception('no permission to execute, only for workspace admin') + raise Exception(trans('i18n_permission.only_ws_admin')) if not resource_type: return await func(*args, **kwargs) if keyExpression: @@ -81,7 +88,8 @@ async def wrapper(*args, **kwargs): value = bound_args.args[index] if await check_ws_permission(current_oid, resource_type, value): return await func(*args, **kwargs) - raise Exception('no permission to execute or resource do not exist!') + #raise Exception('no permission to execute or resource do not exist!') + raise Exception(trans('i18n_permission.permission_resource_limit')) parts = keyExpression.split('.') if not bound_args.arguments.get(parts[0]): @@ -91,7 +99,7 @@ async def wrapper(*args, **kwargs): value = getattr(value, part) if await check_ws_permission(current_oid, resource_type, value): return await func(*args, **kwargs) - raise Exception('no permission to execute or resource do not exist!') + raise Exception(trans('i18n_permission.permission_resource_limit')) return await func(*args, **kwargs) diff --git a/backend/locales/en.json b/backend/locales/en.json index f184bce5..eaea38c8 100644 --- a/backend/locales/en.json +++ b/backend/locales/en.json @@ -41,7 +41,9 @@ "only_admin": "Only administrators are allowed to call!", "no_permission": "No permission to call {url}{msg}", "authenticate_invalid": "Authentication invalid【{msg}】", - "token_expired": "Token expired" + "token_expired": "Token expired", + "only_ws_admin": "Workspace administrator access required!", + "permission_resource_limit": "Access denied or resource not found!" }, "i18n_llm": { "validate_error": "Validation failed [{msg}]", diff --git a/backend/locales/ko-KR.json b/backend/locales/ko-KR.json index 4d32909e..dc408356 100644 --- a/backend/locales/ko-KR.json +++ b/backend/locales/ko-KR.json @@ -41,7 +41,9 @@ "only_admin": "관리자만 호출할 수 있습니다!", "no_permission": "{url}{msg} 호출 권한이 없습니다", "authenticate_invalid": "인증 무효 【{msg}】", - "token_expired": "토큰이 만료됨" + "token_expired": "토큰이 만료됨", + "only_ws_admin": "워크스페이스 관리자만 사용 가능합니다!", + "permission_resource_limit": "권한이 없거나 리소스를 찾을 수 없습니다!" }, "i18n_llm": { "validate_error": "검증 실패 [{msg}]", diff --git a/backend/locales/zh-CN.json b/backend/locales/zh-CN.json index d3c38d00..0892bcdf 100644 --- a/backend/locales/zh-CN.json +++ b/backend/locales/zh-CN.json @@ -41,7 +41,9 @@ "only_admin": "仅支持管理员调用!", "no_permission": "无权调用{url}{msg}", "authenticate_invalid": "认证无效【{msg}】", - "token_expired": "Token 已过期" + "token_expired": "Token 已过期", + "only_ws_admin": "仅支持工作空间管理员调用!", + "permission_resource_limit": "没有操作权限或资源不存在!" }, "i18n_llm": { "validate_error": "校验失败[{msg}]",