feat: System role permission

2025-12-30 17:52:48 +00:00 · 2025-06-26 18:38:00 +08:00 · 2025-06-26 18:38:00 +08:00 · 06095ad94f
parent f13a29a611
commit 06095ad94f
6 changed files with 187 additions and 135 deletions
--- a/ui/src/router/modules/system.ts
+++ b/ui/src/router/modules/system.ts
@ -35,7 +35,7 @@ const systemRouter = {
        permission: [
          new ComplexPermission(
            [RoleConst.ADMIN, RoleConst.WORKSPACE_MANAGE.getWorkspaceRole],
-            [PermissionConst.ROLE_READ],
+            [PermissionConst.ROLE_READ, PermissionConst.WORKSPACE_ROLE_READ],
            [EditionConst.IS_EE],
            'OR',
          ),
@ -57,7 +57,7 @@ const systemRouter = {
          new ComplexPermission(
            [RoleConst.WORKSPACE_MANAGE, RoleConst.ADMIN],
            [
-              PermissionConst.WORKSPACE_READ.getWorkspacePermissionWorkspaceManageRole,
+              PermissionConst.WORKSPACE_WORKSPACE_READ,
              PermissionConst.WORKSPACE_READ,
            ],
            [EditionConst.IS_EE],
--- a/ui/src/utils/dynamics-api/permission-api.ts
+++ b/ui/src/utils/dynamics-api/permission-api.ts
@ -2,6 +2,7 @@ import { PermissionConst, EditionConst, RoleConst } from '@/utils/permission/dat
 import { hasPermission } from '@/utils/permission/index'
 import roleSystemApi from '@/api/system/role'
 import roleWorkspaceApi from '@/api/workspace/role'
+import { ComplexPermission } from '../permission/type'

 // 系统管理员 API
 const systemApiMap = {
@ -19,11 +20,19 @@ const workspaceApiMap = {

 export function loadPermissionApi(type: string) {
  if (hasPermission(EditionConst.IS_EE, 'OR')) {
-    if (hasPermission([RoleConst.ADMIN], 'OR')) {
-      // 加载企业版工作空间管理员 API
-      return systemApiMap[type]
-    } else if (hasPermission([RoleConst.WORKSPACE_MANAGE.getWorkspaceRole], 'OR')) {
+    if (hasPermission(new ComplexPermission (
+      [RoleConst.ADMIN],
+      [PermissionConst.ROLE_READ],
+      [],
+      'OR'),'OR')) {
      // 加载系统管理员 API
+      return systemApiMap[type]
+    } if (hasPermission(new ComplexPermission (
+      [RoleConst.WORKSPACE_MANAGE.getWorkspaceRole],
+      [PermissionConst.WORKSPACE_ROLE_READ.getWorkspacePermissionWorkspaceManageRole],
+      [],
+      'OR'),'OR' )) {
+      // 加载企业版工作空间管理员 API
      return workspaceApiMap[type]
    }
  }
--- a/ui/src/utils/permission/data.ts
+++ b/ui/src/utils/permission/data.ts
@ -75,11 +75,11 @@ const PermissionConst = {


  ROLE_READ: new Permission('ROLE:READ'),
-  ROLE_CREATE: new Permission('ROLE:READ'),
-  ROLE_EDIT: new Permission('ROLE:READ'),
-  ROLE_DELETE: new Permission('ROLE:READ'),
-  ROLE_ADD_MEMBER: new Permission('ROLE:READ'),
-  ROLE_REMOVE_MEMBER: new Permission('ROLE:READ'),
+  ROLE_CREATE: new Permission('ROLE:READ+CREATE'),
+  ROLE_EDIT: new Permission('ROLE:READ+EDIT'),
+  ROLE_DELETE: new Permission('ROLE:READ+DELETE'),
+  ROLE_ADD_MEMBER: new Permission('ROLE:READ+ADD_MEMBER'),
+  ROLE_REMOVE_MEMBER: new Permission('ROLE:READ+REMOVE_MEMBER'),


  KNOWLEDGE_READ: new Permission('KNOWLEDGE:READ'),
--- a/ui/src/views/system/role/component/Member.vue
+++ b/ui/src/views/system/role/component/Member.vue
@ -6,12 +6,11 @@
        @click="handleAdd"
        v-hasPermission="
          new ComplexPermission(
-            [RoleConst.ADMIN, RoleConst.WORKSPACE_MANAGE.getWorkspaceRole],
-            [PermissionConst.ROLE_ADD_MEMBER.getWorkspacePermission],
+            [RoleConst.ADMIN, RoleConst.WORKSPACE_MANAGE],
+            [PermissionConst.WORKSPACE_ROLE_ADD_MEMBER, PermissionConst.ROLE_ADD_MEMBER],
            [],
            'OR',
-          )
-        "
+          )"
      >
        {{ $t('views.role.member.add') }}
      </el-button>
@ -57,8 +56,8 @@
              @click.stop="handleDelete(row)"
              v-hasPermission="
                new ComplexPermission(
-                  [RoleConst.ADMIN, RoleConst.WORKSPACE_MANAGE.getWorkspaceRole],
-                  [PermissionConst.ROLE_REMOVE_MEMBER.getWorkspacePermission],
+                  [RoleConst.ADMIN, RoleConst.WORKSPACE_MANAGE],
+                  [PermissionConst.ROLE_REMOVE_MEMBER, PermissionConst.WORKSPACE_ROLE_REMOVE_MEMBER],
                  [],
                  'OR',
                )
--- a/ui/src/views/system/role/index.vue
+++ b/ui/src/views/system/role/index.vue
@ -2,9 +2,9 @@
  <div class="role-manage p-16-24">
    <h2 class="mb-16">{{ $t('views.role.title') }}</h2>
    <el-card style="--el-card-padding: 0">
-      <div class="flex main-calc-height">
-        <div class="role-left border-r p-16">
-          <div class="p-8 pb-0 mb-12">
+      <div class="flex h-full">
+        <div class="role-left border-r">
+          <div class="p-24 pb-0">
            <el-input
              v-model="filterText"
              :placeholder="$t('common.search')"
@ -14,113 +14,145 @@
          </div>
          <div class="list-height-left">
            <el-scrollbar v-loading="loading">
-              <div class="color-secondary lighter ml-8 mb-8">
-                <span>{{ $t('views.role.internalRole') }}</span>
-              </div>
-              <common-list
-                :data="filterInternalRole"
-                @click="clickRole"
-                :default-active="currentRole?.id"
-                @mouseenter="mouseenter"
-                @mouseleave="mouseId = ''"
-              >
-                <template #default="{ row }">
-                  <div class="flex-between">
-                    <span class="mr-8">{{ row.role_name }}</span>
-                    <div @click.stop v-show="mouseId === row.id">
-                      <el-dropdown :teleported="false">
-                        <el-button text>
-                          <el-icon class="color-secondary">
-                            <MoreFilled />
-                          </el-icon>
-                        </el-button>
-                        <template #dropdown>
-                          <el-dropdown-menu style="min-width: 80px">
-                            <el-dropdown-item @click.stop="createOrUpdateRole(row)" class="p-8">
-                              <el-icon><EditPen /></el-icon>
-                              {{ $t('common.rename') }}
-                            </el-dropdown-item>
-                            <el-dropdown-item @click.stop="deleteRole(row)" class="border-t p-8">
-                              <el-icon><Delete /></el-icon>
-                              {{ $t('common.delete') }}
-                            </el-dropdown-item>
-                          </el-dropdown-menu>
-                        </template>
-                      </el-dropdown>
-                    </div>
-                  </div>
-                </template>
-                <template #empty>
-                  <span></span>
-                </template>
-              </common-list>
-
-              <div class="ml-8 border-t flex-between mb-8" style="padding-top: 12px">
-                <span class="color-secondary lighter">{{ $t('views.role.customRole') }}</span>
-                <el-tooltip
-                  effect="dark"
-                  :content="`${$t('common.create')}${$t('views.role.customRole')}`"
-                  placement="top"
+              <div class="p-16">
+                <div class="color-secondary lighter ml-8 mb-8">
+                  <span>{{ $t('views.role.internalRole') }}</span>
+                </div>
+                <common-list
+                  :data="filterInternalRole"
+                  @click="clickRole"
+                  :default-active="currentRole?.id"
+                  @mouseenter="mouseenter"
+                  @mouseleave="mouseId = ''"
                >
-                  <el-button
-                    type="primary"
-                    text
-                    @click="createOrUpdateRole()"
-                    v-hasPermission="
-                      new ComplexPermission(
-                        [RoleConst.ADMIN, RoleConst.WORKSPACE_MANAGE.getWorkspaceRole],
-                        [PermissionConst.ROLE_CREATE.getWorkspacePermission],
-                        [],
-                        'OR',
-                      )
-                    "
-                  >
-                    <el-icon :size="18"><Plus /></el-icon>
-                  </el-button>
-                </el-tooltip>
-              </div>
-              <common-list
-                :data="filterCustomRole"
-                @click="clickRole"
-                :default-active="currentRole?.id"
-                @mouseenter="mouseenter"
-                @mouseleave="mouseId = ''"
-              >
-                <template #default="{ row }">
-                  <div class="flex-between">
-                    <span>
-                      {{ row.role_name }}
-                      <span class="color-input-placeholder ml-4"
-                        >({{ roleTypeMap[row.type as RoleTypeEnum] }})</span
-                      >
-                    </span>
-                    <div @click.stop v-show="mouseId === row.id">
-                      <el-dropdown :teleported="false">
-                        <el-button text>
-                          <el-icon class="color-secondary">
-                            <MoreFilled />
-                          </el-icon>
-                        </el-button>
-                        <template #dropdown>
-                          <el-dropdown-menu style="min-width: 80px">
-                            <el-dropdown-item @click.stop="createOrUpdateRole(row)" class="p-8">
-                              <el-icon><EditPen /></el-icon>
-                              {{ $t('common.rename') }}
-                            </el-dropdown-item>
-                            <el-dropdown-item @click.stop="deleteRole(row)" class="border-t p-8">
-                              <el-icon><Delete /></el-icon>
-                              {{ $t('common.delete') }}
-                            </el-dropdown-item>
-                          </el-dropdown-menu>
-                        </template>
-                      </el-dropdown>
+                  <template #default="{ row }">
+                    <div class="flex-between">
+                      <span class="mr-8">{{ row.role_name }}</span>
+                      <div @click.stop v-show="mouseId === row.id">
+                        <el-dropdown :teleported="false">
+                          <el-button text>
+                            <el-icon class="color-secondary">
+                              <MoreFilled />
+                            </el-icon>
+                          </el-button>
+                          <template #dropdown>
+                            <el-dropdown-menu style="min-width: 80px">
+                              <el-dropdown-item @click.stop="createOrUpdateRole(row)" class="p-8"
+                                v-if="hasPermission(
+                                  new ComplexPermission(
+                                    [RoleConst.ADMIN],
+                                    [PermissionConst.ROLE_EDIT],
+                                    [],'OR'
+                                  ),'OR'
+                                  )"
+                              >
+                                <el-icon><EditPen /></el-icon>
+                                {{ $t('common.rename') }}
+                              </el-dropdown-item>
+                              <el-dropdown-item @click.stop="deleteRole(row)" class="border-t p-8"
+                                v-if="hasPermission(
+                                  new ComplexPermission(
+                                    [RoleConst.ADMIN],
+                                    [PermissionConst.ROLE_DELETE],
+                                    [],'OR'
+                                  ),'OR'
+                                  )"
+                              >
+                                <el-icon><Delete /></el-icon>
+                                {{ $t('common.delete') }}
+                              </el-dropdown-item>
+                            </el-dropdown-menu>
+                          </template>
+                        </el-dropdown>
+                      </div>
                    </div>
-                  </div>
-                </template>
-                <template #empty>
-                  <span></span>
-                </template>
-              </common-list>
+                  </template>
+                  <template #empty>
+                    <span></span>
+                  </template>
+                </common-list>
+
+                <div class="ml-8 border-t flex-between mb-8" style="padding-top: 12px">
+                  <span class="color-secondary lighter">{{ $t('views.role.customRole') }}</span>
+                  <el-tooltip
+                    effect="dark"
+                    :content="`${$t('common.create')}${$t('views.role.customRole')}`"
+                    placement="top"
+                  >
+                    <el-button
+                      type="primary"
+                      text
+                      @click="createOrUpdateRole()"
+                      v-hasPermission="
+                        new ComplexPermission(
+                          [RoleConst.ADMIN],
+                          [PermissionConst.ROLE_CREATE],
+                          [],
+                          'OR',)"
+                    >
+                      <el-icon :size="18"><Plus /></el-icon>
+                    </el-button>
+                  </el-tooltip>
+                </div>
+                <common-list
+                  :data="filterCustomRole"
+                  @click="clickRole"
+                  :default-active="currentRole?.id"
+                  @mouseenter="mouseenter"
+                  @mouseleave="mouseId = ''"
+                >
+                  <template #default="{ row }">
+                    <div class="flex-between">
+                      <span>
+                        {{ row.role_name }}
+                        <span class="color-input-placeholder ml-4"
+                          >({{ roleTypeMap[row.type as RoleTypeEnum] }})</span
+                        >
+                      </span>
+                      <div @click.stop v-show="mouseId === row.id">
+                        <el-dropdown :teleported="false">
+                          <el-button text>
+                            <el-icon class="color-secondary">
+                              <MoreFilled />
+                            </el-icon>
+                          </el-button>
+                          <template #dropdown>
+                            <el-dropdown-menu style="min-width: 80px">
+                              <el-dropdown-item @click.stop="createOrUpdateRole(row)" class="p-8"
+                                v-if="hasPermission(
+                                  new ComplexPermission(
+                                    [RoleConst.ADMIN],
+                                    [PermissionConst.ROLE_EDIT],
+                                    [],'OR'
+                                  ),'OR'
+                                  )"
+                              >
+                                <el-icon><EditPen /></el-icon>
+                                {{ $t('common.rename') }}
+                              </el-dropdown-item>
+                              <el-dropdown-item @click.stop="deleteRole(row)" class="border-t p-8"
+                                v-if="hasPermission(
+                                  new ComplexPermission(
+                                    [RoleConst.ADMIN],
+                                    [PermissionConst.ROLE_DELETE],
+                                    [],'OR'
+                                  ),'OR'
+                                  )"
+                              >
+                                <el-icon><Delete /></el-icon>
+                                {{ $t('common.delete') }}
+                              </el-dropdown-item>
+                            </el-dropdown-menu>
+                          </template>
+                        </el-dropdown>
+                      </div>
+                    </div>
+                  </template>
+                  <template #empty>
+                    <span></span>
+                  </template>
+                </common-list>
+              </div>
            </el-scrollbar>
          </div>
        </div>
@ -176,6 +208,7 @@ import { MsgSuccess, MsgConfirm } from '@/utils/message'
 import { loadPermissionApi } from '@/utils/dynamics-api/permission-api'
 import { PermissionConst, RoleConst } from '@/utils/permission/data'
 import { ComplexPermission } from '@/utils/permission/type'
+import { hasPermission } from '@/utils/permission/index'

 const filterText = ref('')
 const loading = ref(false)
@ -240,14 +273,12 @@ function deleteRole(item: RoleItem) {
    },
  )
    .then(() => {
-      loadPermissionApi('role')
-        .deleteRole(item.id, loading)
-        .then(async () => {
-          MsgSuccess(t('common.deleteSuccess'))
-          await getRole()
-          currentRole.value =
-            item.id === currentRole.value?.id ? internalRoleList.value[0] : currentRole.value
-        })
+      loadPermissionApi('role').deleteRole(item.id, loading).then(async () => {
+        MsgSuccess(t('common.deleteSuccess'))
+        await getRole()
+        currentRole.value =
+          item.id === currentRole.value?.id ? internalRoleList.value[0] : currentRole.value
+      })
    })
    .catch(() => {})
 }
@ -289,3 +320,4 @@ function mouseenter(row: any) {
  }
 }
 </style>
+
--- a/ui/src/views/system/workspace/component/Member.vue
+++ b/ui/src/views/system/workspace/component/Member.vue
@ -3,7 +3,12 @@
    <el-button
      type="primary"
      @click="handleAdd"
-      v-hasPermission="[RoleConst.ADMIN, PermissionConst.WORKSPACE_ADD_MEMBER]"
+      v-hasPermission="
+        new ComplexPermission(
+          [RoleConst.ADMIN, RoleConst.WORKSPACE_MANAGE],
+          [PermissionConst.WORKSPACE_ADD_MEMBER, PermissionConst.WORKSPACE_WORKSPACE_ADD_MEMBER],
+          [],
+            'OR',)"
    >
      {{ $t('views.role.member.add') }}
    </el-button>
@ -42,7 +47,12 @@
            type="primary"
            text
            @click.stop="handleDelete(row)"
-            v-hasPermission="[RoleConst.ADMIN, PermissionConst.WORKSPACE_REMOVE_MEMBER]"
+            v-hasPermission="
+              new ComplexPermission(
+              [RoleConst.ADMIN, RoleConst.WORKSPACE_MANAGE],
+              [PermissionConst.WORKSPACE_REMOVE_MEMBER, PermissionConst.WORKSPACE_WORKSPACE_REMOVE_MEMBER],
+              [],
+                'OR',)"
          >
            <AppIcon iconName="app-delete-users"></AppIcon>
          </el-button>
@ -65,6 +75,8 @@ import AddMemberDrawer from './AddMemberDrawer.vue'
 import WorkspaceApi from '@/api/workspace/workspace'
 import type { WorkspaceMemberItem, WorkspaceItem } from '@/api/type/workspace'
 import { PermissionConst, RoleConst } from '@/utils/permission/data'
+import { ComplexPermission } from '@/utils/permission/type'
+

 const props = defineProps<{
  currentWorkspace?: WorkspaceItem