15308555518/ MaxKB
1
0
Fork 0
mirror of https://github.com/1Panel-dev/MaxKB.git synced 2025-12-26 01:33:05 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

feat: Folder Permission

This commit is contained in:
zhangzhanwei 2025-10-21 15:13:15 +08:00 committed by zhanweizhang7
parent f6c72b44c2
commit 0bc635a802
16 changed files with 184 additions and 102 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
apps/folders/views/folder.py
View File

@ -41,7 +41,7 @@ class FolderView(APIView):
lambda r, kwargs: Permission(group=Group(f"{kwargs.get('source')}_FOLDER"), operate=Operate.EDIT,
resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}/{kwargs.get('source')}/{r.data.get('parent_id')}"),
lambda r, kwargs: Permission(group=Group(kwargs.get('source')), operate=Operate.EDIT,
resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}/ROLE/WORKSPACE_MANAGE"
resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}:ROLE/WORKSPACE_MANAGE"
),
lambda r, kwargs: ViewPermission([RoleConstants.USER.get_workspace_role()],
[Permission(group=Group(f"{kwargs.get('source')}_FOLDER"),
@ -100,7 +100,7 @@ class FolderView(APIView):
)
@has_permissions(
lambda r, kwargs: Permission(group=Group(kwargs.get('source')), operate=Operate.EDIT,
resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}/ROLE/WORKSPACE_MANAGE"
resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}:ROLE/WORKSPACE_MANAGE"
),
lambda r, kwargs: Permission(group=Group(f"{kwargs.get('source')}_FOLDER"), operate=Operate.EDIT,
resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}/{kwargs.get('source')}/{kwargs.get('folder_id')}"
@ -152,7 +152,7 @@ class FolderView(APIView):
)
@has_permissions(
lambda r, kwargs: Permission(group=Group(kwargs.get('source')), operate=Operate.EDIT,
resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}/ROLE/WORKSPACE_MANAGE"
resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}:ROLE/WORKSPACE_MANAGE"
),
lambda r, kwargs: Permission(group=Group(f"{kwargs.get('source')}_FOLDER"), operate=Operate.EDIT,
resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}/{kwargs.get('source')}/{kwargs.get('folder_id')}"

6
apps/system_manage/views/user_resource_permission.py
View File

@ -117,7 +117,7 @@ class WorkspaceResourceUserPermissionView(APIView):
@has_permissions(
lambda r, kwargs: Permission(group=Group(kwargs.get('resource')),
operate=Operate.AUTH,
resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}/ROLE/WORKSPACE_MANAGE"),
resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}:ROLE/WORKSPACE_MANAGE"),
lambda r, kwargs: Permission(group=Group(kwargs.get('resource')),
operate=Operate.AUTH,
resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}/{kwargs.get('resource')}/{kwargs.get('target')}"),
@ -151,7 +151,7 @@ class WorkspaceResourceUserPermissionView(APIView):
@has_permissions(
lambda r, kwargs: Permission(group=Group(kwargs.get('resource')),
operate=Operate.AUTH,
resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}/ROLE/WORKSPACE_MANAGE"),
resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}:ROLE/WORKSPACE_MANAGE"),
lambda r, kwargs: Permission(group=Group(kwargs.get('resource')),
operate=Operate.AUTH,
resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}/{kwargs.get('resource')}/{kwargs.get('target')}"),
@ -181,7 +181,7 @@ class WorkspaceResourceUserPermissionView(APIView):
@has_permissions(
lambda r, kwargs: Permission(group=Group(kwargs.get('resource')),
operate=Operate.AUTH,
resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}/ROLE/WORKSPACE_MANAGE"),
resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}:ROLE/WORKSPACE_MANAGE"),
lambda r, kwargs: Permission(group=Group(kwargs.get('resource')),
operate=Operate.AUTH,
resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}/{kwargs.get('resource')}/{kwargs.get('target')}"),

21
ui/src/components/folder-tree/index.vue
View File

@ -48,7 +48,7 @@
</div>
<div
v-if="canOperation && permissionPrecise.folderManage(data.id)"
v-if="canOperation && MoreFilledPermission(node, data)"
@click.stop
v-show="hoverNodeId === data.id"
@mouseenter.stop="handleMouseEnter(data)"
@ -56,28 +56,28 @@
class="mr-16"
>
<el-dropdown trigger="click" :teleported="false">
<el-button text class="w-full" v-if="permissionPrecise.folderManage(data.id)">
<el-button text class="w-full" v-if="MoreFilledPermission(node, data)">
<AppIcon iconName="app-more"></AppIcon>
</el-button>
<template #dropdown>
<el-dropdown-menu>
<el-dropdown-item
@click.stop="openCreateFolder(data)"
v-if="node.level !== 3 && permissionPrecise.folderManage(data.id)"
v-if="node.level !== 3 && permissionPrecise.folderCreate(data.id)"
>
<AppIcon iconName="app-add-folder" class="color-secondary"></AppIcon>
{{ $t('components.folder.addChildFolder') }}
</el-dropdown-item>
<el-dropdown-item
@click.stop="openEditFolder(data)"
v-if="permissionPrecise.folderManage(data.id)"
v-if="permissionPrecise.folderEdit(data.id)"
>
<AppIcon iconName="app-edit" class="color-secondary"></AppIcon>
{{ $t('common.edit') }}
</el-dropdown-item>
<el-dropdown-item
@click.stop="openAuthorization(data)"
v-if="permissionPrecise.folderManage(data.id)"
v-if="permissionPrecise.folderAuth(data.id)"
>
<AppIcon iconName="app-resource-authorization" class="color-secondary"></AppIcon>
{{ $t('views.system.resourceAuthorization.title') }}
@ -86,7 +86,7 @@
divided
@click.stop="deleteFolder(data)"
:disabled="!data.parent_id"
v-if="permissionPrecise.folderManage(data.id)"
v-if="permissionPrecise.folderDelete(data.id)"
>
<AppIcon iconName="app-delete" class="color-secondary"></AppIcon>
{{ $t('common.delete') }}
@ -175,11 +175,12 @@ const permissionPrecise = computed(() => {
return permissionMap[resourceType.value!]['workspace']
})
const MoreFilledPermission = (node: any) => {
const MoreFilledPermission = (node: any, data: any) => {
return (
(node.level !== 3 && permissionPrecise.value.folderCreate()) ||
permissionPrecise.value.folderEdit() ||
permissionPrecise.value.folderDelete()
(node.level !== 3 && permissionPrecise.value.folderCreate(data.id)) ||
permissionPrecise.value.folderEdit(data.id) ||
permissionPrecise.value.folderDelete(data.id) ||
permissionPrecise.value.folderAuth(data.id)
)
}

25
ui/src/components/resource-authorization-drawer/index.vue
View File

@ -190,6 +190,8 @@ import permissionMap from '@/permission'
import { loadSharedApi } from '@/utils/dynamics-api/shared-api'
const route = useRoute()
import useStore from '@/stores'
import { hasPermission } from '@/utils/permission/index'
import { PermissionConst, RoleConst } from '@/utils/permission/data'
const { user } = useStore()
const props = defineProps<{
@ -229,9 +231,30 @@ function getAllFolderIds(data: any) {
return [data.id,...(data.children?.flatMap((child: any) => getAllFolderIds(child)) || [])]
}
const RESOURCE_PERMISSION_MAP = {
application: PermissionConst.APPLICATION_RESOURCE_AUTHORIZATION.getWorkspacePermissionWorkspaceManageRole,
knowledge: PermissionConst.KNOWLEDGE_RESOURCE_AUTHORIZATION.getWorkspacePermissionWorkspaceManageRole,
tool: PermissionConst.TOOL_RESOURCE_AUTHORIZATION.getWorkspacePermissionWorkspaceManageRole,
}
const resourceAuthorizationOfManager = computed(() => {
return RESOURCE_PERMISSION_MAP[folderType.value]
})
// ManageID
function filterHasPermissionFolderIds(folderIds: string[]) {
return folderIds.filter(id => permissionPrecise.value.folderManage(id))
if (hasPermission(
[
RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
resourceAuthorizationOfManager.value
],'OR'
)) {
return folderIds
}
else {
return folderIds.filter(id => permissionPrecise.value.folderManage(id))
}
}
function confirmSinglePermission() {

1
ui/src/permission/application/system-manage.ts
View File

@ -15,6 +15,7 @@ const systemManage = {
folderEdit: () => false,
folderRead: () => false,
folderManage: () => false,
folderAuth: () => false,
export: () =>
hasPermission(
[

59
ui/src/permission/application/workspace.ts
View File

@ -13,12 +13,12 @@ const workspace = {
],
'OR'
),
folderCreate: () =>
folderCreate: (folder_id: string) =>
hasPermission(
[
RoleConst.USER.getWorkspaceRole,
new ComplexPermission([RoleConst.USER],[PermissionConst.APPLICATION.getApplicationWorkspaceResourcePermission(folder_id)],[],'AND'),
RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
PermissionConst.APPLICATION_CREATE.getWorkspacePermission,
PermissionConst.APPLICATION_FOLDER_EDIT.getApplicationWorkspaceResourcePermission(folder_id),
PermissionConst.APPLICATION_CREATE.getWorkspacePermissionWorkspaceManageRole,
],
'OR'
@ -29,7 +29,37 @@ const workspace = {
new ComplexPermission([RoleConst.USER],[PermissionConst.APPLICATION.getApplicationWorkspaceResourcePermission(folder_id)],[],'AND'),
RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
PermissionConst.APPLICATION_FOLDER_READ.getApplicationWorkspaceResourcePermission(folder_id),
PermissionConst.APPLICATION_FOLDER_READ.getWorkspacePermissionWorkspaceManageRole,
PermissionConst.APPLICATION_READ.getWorkspacePermissionWorkspaceManageRole,
],
'OR'
),
folderEdit: (folder_id: string) =>
hasPermission(
[
new ComplexPermission([RoleConst.USER],[PermissionConst.APPLICATION.getApplicationWorkspaceResourcePermission(folder_id)],[],'AND'),
RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
PermissionConst.APPLICATION_FOLDER_EDIT.getApplicationWorkspaceResourcePermission(folder_id),
PermissionConst.APPLICATION_EDIT.getWorkspacePermissionWorkspaceManageRole,
],
'OR'
),
folderAuth: (folder_id: string) =>
hasPermission(
[
new ComplexPermission([RoleConst.USER],[PermissionConst.APPLICATION.getApplicationWorkspaceResourcePermission(folder_id)],[],'AND'),
RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
PermissionConst.APPLICATION_FOLDER_EDIT.getApplicationWorkspaceResourcePermission(folder_id),
PermissionConst.APPLICATION_RESOURCE_AUTHORIZATION.getWorkspacePermissionWorkspaceManageRole,
],
'OR'
),
folderDelete: (folder_id: string) =>
hasPermission(
[
new ComplexPermission([RoleConst.USER],[PermissionConst.APPLICATION.getApplicationWorkspaceResourcePermission(folder_id)],[],'AND'),
RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
PermissionConst.APPLICATION_FOLDER_EDIT.getApplicationWorkspaceResourcePermission(folder_id),
PermissionConst.APPLICATION_DELETE.getWorkspacePermissionWorkspaceManageRole
],
'OR'
),
@ -73,16 +103,6 @@ const workspace = {
],
'OR'
),
folderEdit: () =>
hasPermission(
[
RoleConst.USER.getWorkspaceRole,
RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
PermissionConst.APPLICATION_EDIT.getWorkspacePermissionWorkspaceManageRole,
PermissionConst.APPLICATION_EDIT.getWorkspacePermission
],
'OR'
),
export: (source_id:string) =>
hasPermission(
[
@ -103,16 +123,7 @@ const workspace = {
],
'OR'
),
folderDelete: () =>
hasPermission(
[
RoleConst.USER.getWorkspaceRole,
RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
PermissionConst.APPLICATION_DELETE.getWorkspacePermissionWorkspaceManageRole,
PermissionConst.APPLICATION_DELETE.getWorkspacePermission
],
'OR'
),
overview_embed: (source_id:string) =>
hasPermission(
[

1
ui/src/permission/knowledge/system-manage.ts
View File

@ -163,6 +163,7 @@ const systemManage = {
folderManage: () => false,
folderCreate: () => false,
folderEdit: () => false,
folderAuth: () => false,
folderDelete: () => false,
hit_test: () =>
hasPermission([

1
ui/src/permission/knowledge/system-share.ts
View File

@ -189,6 +189,7 @@ const share = {
folderManage: () => false,
folderCreate: () => false,
folderEdit: () => false,
folderAuth: () => false,
folderDelete: () => false,
hit_test: () => false,
}

1
ui/src/permission/knowledge/workspace-share.ts
View File

@ -37,6 +37,7 @@ const workspaceShare = {
folderManage: () => false,
folderCreate: () => false,
folderEdit: () => false,
folderAuth: () => false,
folderDelete: () => false,
hit_test: () => false,
}

79
ui/src/permission/knowledge/workspace.ts
View File

@ -20,17 +20,56 @@ const workspace = {
],
'OR',
),
folderRead: () => true,
folderRead: (folder_id: string) =>
hasPermission(
[
new ComplexPermission([RoleConst.USER],[PermissionConst.KNOWLEDGE.getKnowledgeWorkspaceResourcePermission(folder_id)],[],'AND'),
RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
PermissionConst.KNOWLEDGE_FOLDER_READ.getKnowledgeWorkspaceResourcePermission(folder_id),
PermissionConst.KNOWLEDGE_READ.getWorkspacePermissionWorkspaceManageRole,
],
'OR'
),
folderManage: () => true,
folderCreate: () =>
hasPermission(
[
RoleConst.USER.getWorkspaceRole,
RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
PermissionConst.KNOWLEDGE_CREATE.getWorkspacePermission,
PermissionConst.KNOWLEDGE_CREATE.getWorkspacePermissionWorkspaceManageRole,
],
'OR',
folderAuth: (folder_id: string) =>
hasPermission(
[
new ComplexPermission([RoleConst.USER],[PermissionConst.KNOWLEDGE.getKnowledgeWorkspaceResourcePermission(folder_id)],[],'AND'),
RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
PermissionConst.KNOWLEDGE_FOLDER_EDIT.getKnowledgeWorkspaceResourcePermission(folder_id),
PermissionConst.KNOWLEDGE_RESOURCE_AUTHORIZATION.getWorkspacePermissionWorkspaceManageRole,
],
'OR'
),
folderCreate: (folder_id: string) =>
hasPermission(
[
new ComplexPermission([RoleConst.USER],[PermissionConst.KNOWLEDGE.getKnowledgeWorkspaceResourcePermission(folder_id)],[],'AND'),
RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
PermissionConst.KNOWLEDGE_FOLDER_EDIT.getKnowledgeWorkspaceResourcePermission(folder_id),
PermissionConst.KNOWLEDGE_CREATE.getWorkspacePermissionWorkspaceManageRole,
],
'OR'
),
folderDelete: (folder_id: string) =>
hasPermission(
[
new ComplexPermission([RoleConst.USER],[PermissionConst.KNOWLEDGE.getKnowledgeWorkspaceResourcePermission(folder_id)],[],'AND'),
RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
PermissionConst.KNOWLEDGE_FOLDER_EDIT.getKnowledgeWorkspaceResourcePermission(folder_id),
PermissionConst.KNOWLEDGE_DELETE.getWorkspacePermissionWorkspaceManageRole,
],
'OR'
),
folderEdit: (folder_id: string) =>
hasPermission(
[
new ComplexPermission([RoleConst.USER],[PermissionConst.KNOWLEDGE.getKnowledgeWorkspaceResourcePermission(folder_id)],[],'AND'),
RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
PermissionConst.KNOWLEDGE_FOLDER_EDIT.getKnowledgeWorkspaceResourcePermission(folder_id),
PermissionConst.KNOWLEDGE_EDIT.getWorkspacePermissionWorkspaceManageRole,
],
'OR'
),
sync: (source_id:string) =>
hasPermission(
@ -82,16 +121,6 @@ const workspace = {
],
'OR',
),
folderEdit: () =>
hasPermission(
[
RoleConst.USER.getWorkspaceRole,
RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
PermissionConst.KNOWLEDGE_EDIT.getWorkspacePermission,
PermissionConst.KNOWLEDGE_EDIT.getWorkspacePermissionWorkspaceManageRole,
],
'OR',
),
export: (source_id:string) =>
hasPermission(
[
@ -112,16 +141,6 @@ const workspace = {
],
'OR',
),
folderDelete: () =>
hasPermission(
[
RoleConst.USER.getWorkspaceRole,
RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
PermissionConst.KNOWLEDGE_DELETE.getWorkspacePermission,
PermissionConst.KNOWLEDGE_DELETE.getWorkspacePermissionWorkspaceManageRole,
],
'OR',
),
doc_read: () => false,
doc_create: (source_id:string) =>
hasPermission(

1
ui/src/permission/model/system-manage.ts
View File

@ -27,6 +27,7 @@ const systemManage = {
folderManage: () => false,
folderCreate: () => false,
folderEdit: () => false,
folderAuth: () => false,
folderDelete: () => false,
}

1
ui/src/permission/model/system-share.ts
View File

@ -40,6 +40,7 @@ const share = {
folderManage: () => false,
folderCreate: () => false,
folderEdit: () => false,
folderAuth: () => false,
folderDelete: () => false,
}
export default share

1
ui/src/permission/model/workspace.ts
View File

@ -22,6 +22,7 @@ const workspace = {
),
folderRead: () => true,
folderManage: () => true,
folderAuth: () => false,
folderCreate: () =>
hasPermission(
[

1
ui/src/permission/tool/system-manage.ts
View File

@ -78,6 +78,7 @@ const systemManage = {
folderManage: () => false,
folderCreate: () => false,
folderEdit: () => false,
folderAuth: () => false,
folderDelete: () => false,
}

1
ui/src/permission/tool/system-share.ts
View File

@ -82,6 +82,7 @@ const share = {
folderManage: () => false,
folderCreate: () => false,
folderEdit: () => false,
folderAuth: () => false,
folderDelete: () => false,
}
export default share

81
ui/src/permission/tool/workspace.ts
View File

@ -40,18 +40,57 @@ const workspace = {
],
'OR'
),
folderRead: () => true,
folderManage: () => true,
folderCreate: () =>
hasPermission(
[
RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
RoleConst.USER.getWorkspaceRole,
PermissionConst.TOOL_CREATE.getWorkspacePermission,
PermissionConst.TOOL_CREATE.getWorkspacePermissionWorkspaceManageRole
],
'OR'
folderCreate: (folder_id: string) =>
hasPermission(
[
new ComplexPermission([RoleConst.USER],[PermissionConst.TOOL.getToolWorkspaceResourcePermission(folder_id)],[],'AND'),
RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
PermissionConst.TOOL_FOLDER_EDIT.getToolWorkspaceResourcePermission(folder_id),
PermissionConst.TOOL_CREATE.getWorkspacePermissionWorkspaceManageRole,
],
'OR'
),
folderRead: (folder_id: string) =>
hasPermission(
[
new ComplexPermission([RoleConst.USER],[PermissionConst.TOOL.getToolWorkspaceResourcePermission(folder_id)],[],'AND'),
RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
PermissionConst.TOOL_FOLDER_READ.getToolWorkspaceResourcePermission(folder_id),
PermissionConst.TOOL_READ.getWorkspacePermissionWorkspaceManageRole,
],
'OR'
),
folderEdit: (folder_id: string) =>
hasPermission(
[
new ComplexPermission([RoleConst.USER],[PermissionConst.TOOL.getToolWorkspaceResourcePermission(folder_id)],[],'AND'),
RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
PermissionConst.TOOL_FOLDER_EDIT.getToolWorkspaceResourcePermission(folder_id),
PermissionConst.TOOL_EDIT.getWorkspacePermissionWorkspaceManageRole,
],
'OR'
),
folderAuth: (folder_id: string) =>
hasPermission(
[
new ComplexPermission([RoleConst.USER],[PermissionConst.TOOL.getToolWorkspaceResourcePermission(folder_id)],[],'AND'),
RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
PermissionConst.TOOL_FOLDER_EDIT.getToolWorkspaceResourcePermission(folder_id),
PermissionConst.TOOL_RESOURCE_AUTHORIZATION.getWorkspacePermissionWorkspaceManageRole,
],
'OR'
),
folderDelete: (folder_id: string) =>
hasPermission(
[
new ComplexPermission([RoleConst.USER],[PermissionConst.TOOL.getToolWorkspaceResourcePermission(folder_id)],[],'AND'),
RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
PermissionConst.TOOL_FOLDER_EDIT.getToolWorkspaceResourcePermission(folder_id),
PermissionConst.TOOL_DELETE.getWorkspacePermissionWorkspaceManageRole,
],
'OR'
),
folderManage: () => true,
delete: (source_id:string) =>
hasPermission(
[
@ -62,16 +101,6 @@ const workspace = {
],
'OR',
),
folderDelete: () =>
hasPermission(
[
RoleConst.USER.getWorkspaceRole,
RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
PermissionConst.TOOL_DELETE.getWorkspacePermission,
PermissionConst.TOOL_DELETE.getWorkspacePermissionWorkspaceManageRole
],
'OR',
),
switch: (source_id:string) =>
hasPermission(
[
@ -92,16 +121,6 @@ const workspace = {
],
'OR'
),
folderEdit: () =>
hasPermission(
[
RoleConst.USER.getWorkspaceRole,
RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
PermissionConst.TOOL_EDIT.getWorkspacePermission,
PermissionConst.TOOL_EDIT.getWorkspacePermissionWorkspaceManageRole
],
'OR',
),
copy: (source_id:string) =>
hasPermission(
[