|
|
@@ -1,6 +1,7 @@
|
|
|
from flask import request
|
|
|
from flask_login import current_user
|
|
|
from flask_restful import Resource, marshal_with
|
|
|
+from werkzeug.exceptions import Forbidden
|
|
|
|
|
|
import services
|
|
|
from configs import dify_config
|
|
|
@@ -58,6 +59,9 @@ class FileApi(Resource):
|
|
|
if not file.filename:
|
|
|
raise FilenameNotExistsError
|
|
|
|
|
|
+ if source == "datasets" and not current_user.is_dataset_editor:
|
|
|
+ raise Forbidden()
|
|
|
+
|
|
|
if source not in ("datasets", None):
|
|
|
source = None
|
|
|
|
Joe