From 145e96594f289ca38d81a699704a7db9eb17dc54 Mon Sep 17 00:00:00 2001 From: shaohuzhang1 <80892890+shaohuzhang1@users.noreply.github.com> Date: Fri, 20 Jun 2025 22:31:41 +0800 Subject: [PATCH] fix: Complete application permissions (#3338) --- apps/application/views/application.py | 29 ++- .../views/application_access_token.py | 6 +- apps/application/views/application_api_key.py | 12 +- apps/application/views/application_chat.py | 18 +- .../views/application_chat_record.py | 24 ++- apps/application/views/application_stats.py | 4 +- apps/application/views/application_version.py | 8 + apps/common/constants/permission_constants.py | 181 ++++++++++++++---- ui/vite.config.ts | 4 +- 9 files changed, 230 insertions(+), 56 deletions(-) diff --git a/apps/application/views/application.py b/apps/application/views/application.py index 2bb72d7ab..42ac8be30 100644 --- a/apps/application/views/application.py +++ b/apps/application/views/application.py @@ -46,7 +46,8 @@ class ApplicationAPI(APIView): responses=ApplicationCreateAPI.get_response(), tags=[_('Application')] # type: ignore ) - @has_permissions(PermissionConstants.APPLICATION_READ.get_workspace_permission(), + @has_permissions(PermissionConstants.APPLICATION_CREATE.get_workspace_permission(), + RoleConstants.USER.get_workspace_role(), RoleConstants.WORKSPACE_MANAGE.get_workspace_role()) @log(menu='Application', operate='Create an application', get_operation_object=lambda r, k: {'name': r.data.get('name')}, @@ -65,6 +66,7 @@ class ApplicationAPI(APIView): tags=[_('Application')] # type: ignore ) @has_permissions(PermissionConstants.APPLICATION_READ.get_workspace_permission(), + RoleConstants.USER.get_workspace_role(), RoleConstants.WORKSPACE_MANAGE.get_workspace_role()) def get(self, request: Request, workspace_id: str): return result.success(Query(data={'workspace_id': workspace_id, 'user_id': request.user.id}).list(request.data)) @@ -82,6 +84,7 @@ class ApplicationAPI(APIView): tags=[_('Application')] # type: ignore ) @has_permissions(PermissionConstants.APPLICATION_READ.get_workspace_permission(), + RoleConstants.USER.get_workspace_role(), RoleConstants.WORKSPACE_MANAGE.get_workspace_role()) def get(self, request: Request, workspace_id: str, current_page: int, page_size: int): return result.success( @@ -102,7 +105,9 @@ class ApplicationAPI(APIView): responses=result.DefaultResultSerializer, tags=[_('Application')] # type: ignore ) - @has_permissions(PermissionConstants.APPLICATION_READ, RoleConstants.WORKSPACE_MANAGE.get_workspace_role()) + @has_permissions(PermissionConstants.APPLICATION_IMPORT.get_workspace_permission(), + RoleConstants.USER.get_workspace_role(), + RoleConstants.WORKSPACE_MANAGE.get_workspace_role()) @log(menu='Application', operate="Import Application", ) def post(self, request: Request, workspace_id: str): return result.success(ApplicationSerializer( @@ -123,6 +128,8 @@ class ApplicationAPI(APIView): tags=[_('Application')] # type: ignore ) @has_permissions(PermissionConstants.APPLICATION_EXPORT.get_workspace_application_permission(), + PermissionConstants.APPLICATION_EXPORT.get_workspace_permission_workspace_manage_role(), + RoleConstants.USER.get_workspace_role(), RoleConstants.WORKSPACE_MANAGE.get_workspace_role()) @log(menu='Application', operate="Export Application", get_operation_object=lambda r, k: get_application_operation_object(k.get('application_id')), @@ -146,6 +153,8 @@ class ApplicationAPI(APIView): tags=[_('Application')] # type: ignore ) @has_permissions(PermissionConstants.APPLICATION_DELETE.get_workspace_application_permission(), + PermissionConstants.APPLICATION_DELETE.get_workspace_permission_workspace_manage_role(), + RoleConstants.USER.get_workspace_role(), RoleConstants.WORKSPACE_MANAGE.get_workspace_role()) @log(menu='Application', operate='Deleting application', get_operation_object=lambda r, k: get_application_operation_object(k.get('application_id')), @@ -168,6 +177,8 @@ class ApplicationAPI(APIView): tags=[_('Application')] # type: ignore ) @has_permissions(PermissionConstants.APPLICATION_EDIT.get_workspace_application_permission(), + PermissionConstants.APPLICATION_EDIT.get_workspace_permission_workspace_manage_role(), + RoleConstants.USER.get_workspace_role(), RoleConstants.WORKSPACE_MANAGE.get_workspace_role()) @log(menu='Application', operate="Modify the application", get_operation_object=lambda r, k: get_application_operation_object(k.get('application_id')), @@ -189,8 +200,10 @@ class ApplicationAPI(APIView): responses=result.DefaultResultSerializer, tags=[_('Application')] # type: ignore ) - @has_permissions(PermissionConstants.WORKSPACE_READ.get_workspace_application_permission(), - RoleConstants.WORKSPACE_MANAGE.get_workspace_role(), RoleConstants.ADMIN) + @has_permissions(PermissionConstants.APPLICATION_READ.get_workspace_application_permission(), + PermissionConstants.APPLICATION_READ.get_workspace_permission_workspace_manage_role(), + RoleConstants.USER.get_workspace_role(), + RoleConstants.WORKSPACE_MANAGE.get_workspace_role()) def get(self, request: Request, workspace_id: str, application_id: str): return result.success(ApplicationOperateSerializer( data={'application_id': application_id, 'user_id': request.user.id, @@ -209,10 +222,12 @@ class ApplicationAPI(APIView): responses=result.DefaultResultSerializer, tags=[_('Application')] # type: ignore ) + @has_permissions(PermissionConstants.APPLICATION_EDIT.get_workspace_application_permission(), + PermissionConstants.APPLICATION_EDIT.get_workspace_permission_workspace_manage_role(), + RoleConstants.USER.get_workspace_role(), + RoleConstants.WORKSPACE_MANAGE.get_workspace_role()) @log(menu='Application', operate='Publishing an application', - get_operation_object=lambda r, k: get_application_operation_object(k.get('application_id')), - - ) + get_operation_object=lambda r, k: get_application_operation_object(k.get('application_id'))) def put(self, request: Request, workspace_id: str, application_id: str): return result.success( ApplicationOperateSerializer( diff --git a/apps/application/views/application_access_token.py b/apps/application/views/application_access_token.py index f25aa7960..7769d8a38 100644 --- a/apps/application/views/application_access_token.py +++ b/apps/application/views/application_access_token.py @@ -32,6 +32,8 @@ class AccessToken(APIView): tags=[_('Application')] # type: ignore ) @has_permissions(PermissionConstants.APPLICATION_OVERVIEW_ACCESS.get_workspace_application_permission(), + PermissionConstants.APPLICATION_OVERVIEW_ACCESS.get_workspace_permission_workspace_manage_role(), + RoleConstants.USER.get_workspace_role(), RoleConstants.WORKSPACE_MANAGE.get_workspace_role()) def put(self, request: Request, workspace_id: str, application_id: str): return result.success( @@ -46,7 +48,9 @@ class AccessToken(APIView): parameters=ApplicationAccessTokenAPI.get_parameters(), tags=[_('Application')] # type: ignore ) - @has_permissions(PermissionConstants.APPLICATION_READ.get_workspace_application_permission(), + @has_permissions(PermissionConstants.APPLICATION_OVERVIEW_ACCESS.get_workspace_application_permission(), + PermissionConstants.APPLICATION_OVERVIEW_ACCESS.get_workspace_permission_workspace_manage_role(), + RoleConstants.USER.get_workspace_role(), RoleConstants.WORKSPACE_MANAGE.get_workspace_role() ) def get(self, request: Request, workspace_id: str, application_id: str): diff --git a/apps/application/views/application_api_key.py b/apps/application/views/application_api_key.py index 52990df38..d300bbd33 100644 --- a/apps/application/views/application_api_key.py +++ b/apps/application/views/application_api_key.py @@ -5,13 +5,13 @@ from rest_framework.request import Request from rest_framework.views import APIView from application.api.application_api_key import ApplicationKeyAPI -from application.models import ApplicationApiKey, Application +from application.models import Application from application.serializers.application_api_key import ApplicationKeySerializer from common.auth import TokenAuth from common.auth.authentication import has_permissions from common.constants.permission_constants import PermissionConstants, RoleConstants from common.log.log import log -from common.result import result, success, DefaultResultSerializer +from common.result import result, DefaultResultSerializer def get_application_operation_object(application_id): @@ -40,6 +40,8 @@ class ApplicationKey(APIView): get_operation_object=lambda r, k: get_application_operation_object(k.get('application_id')), ) @has_permissions(PermissionConstants.APPLICATION_OVERVIEW_API_KEY.get_workspace_application_permission(), + PermissionConstants.APPLICATION_READ.get_workspace_permission_workspace_manage_role(), + RoleConstants.USER.get_workspace_role(), RoleConstants.WORKSPACE_MANAGE.get_workspace_role() ) def post(self, request: Request, workspace_id: str, application_id: str): @@ -57,6 +59,8 @@ class ApplicationKey(APIView): tags=[_('Application Api Key')] # type: ignore ) @has_permissions(PermissionConstants.APPLICATION_OVERVIEW_API_KEY.get_workspace_application_permission(), + PermissionConstants.APPLICATION_OVERVIEW_API_KEY.get_workspace_permission_workspace_manage_role(), + RoleConstants.USER.get_workspace_role(), RoleConstants.WORKSPACE_MANAGE.get_workspace_role()) def get(self, request: Request, workspace_id: str, application_id: str): return result.success(ApplicationKeySerializer( @@ -77,6 +81,8 @@ class ApplicationKey(APIView): tags=[_('Application Api Key')] # type: ignore ) @has_permissions(PermissionConstants.APPLICATION_OVERVIEW_API_KEY.get_workspace_application_permission(), + PermissionConstants.APPLICATION_OVERVIEW_API_KEY.get_workspace_permission_workspace_manage_role(), + RoleConstants.USER.get_workspace_role(), RoleConstants.WORKSPACE_MANAGE.get_workspace_role()) @log(menu='Application', operate="Modify application API_KEY", get_operation_object=lambda r, k: get_application_operation_object(k.get('application_id')), @@ -99,6 +105,8 @@ class ApplicationKey(APIView): tags=[_('Application Api Key')] # type: ignore ) @has_permissions(PermissionConstants.APPLICATION_OVERVIEW_API_KEY.get_workspace_application_permission(), + PermissionConstants.APPLICATION_OVERVIEW_API_KEY.get_workspace_permission_workspace_manage_role(), + RoleConstants.USER.get_workspace_role(), RoleConstants.WORKSPACE_MANAGE.get_workspace_role()) @log(menu='Application', operate="Delete application API_KEY", get_operation_object=lambda r, k: get_application_operation_object(k.get('application_id')), diff --git a/apps/application/views/application_chat.py b/apps/application/views/application_chat.py index 584539581..9ee81c5ab 100644 --- a/apps/application/views/application_chat.py +++ b/apps/application/views/application_chat.py @@ -40,7 +40,9 @@ class ApplicationChat(APIView): responses=ApplicationChatQueryAPI.get_response(), tags=[_("Application/Conversation Log")] # type: ignore ) - @has_permissions(PermissionConstants.APPLICATION_CHAT_LOG.get_workspace_application_permission(), + @has_permissions(PermissionConstants.APPLICATION_CHAT_LOG_READ.get_workspace_application_permission(), + PermissionConstants.APPLICATION_CHAT_LOG_READ.get_workspace_permission_workspace_manage_role(), + RoleConstants.USER.get_workspace_role(), RoleConstants.WORKSPACE_MANAGE.get_workspace_role()) def get(self, request: Request, workspace_id: str, application_id: str): return result.success(ApplicationChatQuerySerializers( @@ -60,7 +62,9 @@ class ApplicationChat(APIView): responses=ApplicationChatQueryPageAPI.get_response(), tags=[_("Application/Conversation Log")] # type: ignore ) - @has_permissions(PermissionConstants.APPLICATION_CHAT_LOG.get_workspace_application_permission(), + @has_permissions(PermissionConstants.APPLICATION_CHAT_LOG_READ.get_workspace_application_permission(), + PermissionConstants.APPLICATION_CHAT_LOG_READ.get_workspace_permission_workspace_manage_role(), + RoleConstants.USER.get_workspace_role(), RoleConstants.WORKSPACE_MANAGE.get_workspace_role()) def get(self, request: Request, workspace_id: str, application_id: str, current_page: int, page_size: int): return result.success(ApplicationChatQuerySerializers( @@ -82,6 +86,8 @@ class ApplicationChat(APIView): tags=[_("Application/Conversation Log")] # type: ignore ) @has_permissions(PermissionConstants.APPLICATION_CHAT_LOG_EXPORT.get_workspace_application_permission(), + PermissionConstants.APPLICATION_CHAT_LOG_EXPORT.get_workspace_permission_workspace_manage_role(), + RoleConstants.USER.get_workspace_role(), RoleConstants.WORKSPACE_MANAGE.get_workspace_role()) def post(self, request: Request, workspace_id: str, application_id: str): return ApplicationChatQuerySerializers( @@ -101,6 +107,10 @@ class OpenView(APIView): responses=None, tags=[_('Application')] # type: ignore ) + @has_permissions(PermissionConstants.APPLICATION_DEBUG.get_workspace_application_permission(), + PermissionConstants.APPLICATION_DEBUG.get_workspace_permission_workspace_manage_role(), + RoleConstants.USER.get_workspace_role(), + RoleConstants.WORKSPACE_MANAGE.get_workspace_role()) def get(self, request: Request, workspace_id: str, application_id: str): return result.success(OpenChatSerializers( data={'workspace_id': workspace_id, 'application_id': application_id, @@ -121,5 +131,9 @@ class ChatView(APIView): responses=None, tags=[_('Application')] # type: ignore ) + @has_permissions( + PermissionConstants.APPLICATION_DEBUG, + RoleConstants.USER.get_workspace_role(), + RoleConstants.WORKSPACE_MANAGE.get_workspace_role()) def post(self, request: Request, chat_id: str): return DebugChatSerializers(data={'chat_id': chat_id}).chat(request.data) diff --git a/apps/application/views/application_chat_record.py b/apps/application/views/application_chat_record.py index fef9047e9..c41785c55 100644 --- a/apps/application/views/application_chat_record.py +++ b/apps/application/views/application_chat_record.py @@ -36,7 +36,9 @@ class ApplicationChatRecord(APIView): responses=ApplicationChatRecordQueryAPI.get_response(), tags=[_("Application/Conversation Log")] # type: ignore ) - @has_permissions(PermissionConstants.APPLICATION_CHAT_LOG.get_workspace_application_permission(), + @has_permissions(PermissionConstants.APPLICATION_CHAT_LOG_READ.get_workspace_application_permission(), + PermissionConstants.APPLICATION_CHAT_LOG_READ.get_workspace_permission_workspace_manage_role(), + RoleConstants.USER.get_workspace_role(), RoleConstants.WORKSPACE_MANAGE.get_workspace_role()) def get(self, request: Request, workspace_id: str, application_id: str, chat_id: str): return result.success(ApplicationChatRecordQuerySerializers( @@ -57,7 +59,9 @@ class ApplicationChatRecord(APIView): responses=ApplicationChatRecordQueryAPI.get_response(), tags=[_("Application/Conversation Log")] # type: ignore ) - @has_permissions(PermissionConstants.APPLICATION_CHAT_LOG.get_workspace_application_permission(), + @has_permissions(PermissionConstants.APPLICATION_CHAT_LOG_READ.get_workspace_application_permission(), + PermissionConstants.APPLICATION_CHAT_LOG_READ.get_workspace_permission_workspace_manage_role(), + RoleConstants.USER.get_workspace_role(), RoleConstants.WORKSPACE_MANAGE.get_workspace_role()) def get(self, request: Request, workspace_id: str, application_id: str, chat_id: str, current_page: int, page_size: int): @@ -81,7 +85,9 @@ class ApplicationChatRecordOperateAPI(APIView): responses=ApplicationChatRecordQueryAPI.get_response(), tags=[_("Application/Conversation Log")] # type: ignore ) - @has_permissions(PermissionConstants.APPLICATION_CHAT_LOG.get_workspace_application_permission(), + @has_permissions(PermissionConstants.APPLICATION_CHAT_LOG_READ.get_workspace_application_permission(), + PermissionConstants.APPLICATION_CHAT_LOG_READ.get_workspace_permission_workspace_manage_role(), + RoleConstants.USER.get_workspace_role(), RoleConstants.WORKSPACE_MANAGE.get_workspace_role()) def get(self, request: Request, workspace_id: str, application_id: str, chat_id: str, chat_record_id: str): return result.success(ChatRecordOperateSerializer( @@ -105,7 +111,9 @@ class ApplicationChatRecordAddKnowledge(APIView): responses=ApplicationChatRecordAddKnowledgeAPI.get_response(), tags=[_("Application/Conversation Log")] # type: ignore ) - @has_permissions(PermissionConstants.APPLICATION_CHAT_LOG.get_workspace_application_permission(), + @has_permissions(PermissionConstants.APPLICATION_CHAT_LOG_ADD_KNOWLEDGE.get_workspace_application_permission(), + PermissionConstants.APPLICATION_CHAT_LOG_ADD_KNOWLEDGE.get_workspace_permission_workspace_manage_role(), + RoleConstants.USER.get_workspace_role(), RoleConstants.WORKSPACE_MANAGE.get_workspace_role()) def post(self, request: Request, workspace_id: str, application_id: str): return result.success(ApplicationChatRecordAddKnowledgeSerializer().post_improve(request.data)) @@ -124,7 +132,9 @@ class ApplicationChatRecordImprove(APIView): responses=ApplicationChatRecordQueryAPI.get_response(), tags=[_("Application/Conversation Log")] # type: ignore ) - @has_permissions(PermissionConstants.APPLICATION_CHAT_LOG.get_workspace_application_permission(), + @has_permissions(PermissionConstants.APPLICATION_CHAT_LOG_ANNOTATION.get_workspace_application_permission(), + PermissionConstants.APPLICATION_CHAT_LOG_ANNOTATION.get_workspace_permission_workspace_manage_role(), + RoleConstants.USER.get_workspace_role(), RoleConstants.WORKSPACE_MANAGE.get_workspace_role()) def get(self, request: Request, workspace_id: str, application_id: str, chat_id: str, chat_record_id: str): return result.success(ChatRecordImproveSerializer( @@ -145,6 +155,8 @@ class ApplicationChatRecordImproveParagraph(APIView): tags=[_("Application/Conversation Log")] # type: ignore ) @has_permissions(PermissionConstants.APPLICATION_CHAT_LOG_ANNOTATION.get_workspace_application_permission(), + PermissionConstants.APPLICATION_CHAT_LOG_ANNOTATION.get_workspace_permission_workspace_manage_role(), + RoleConstants.USER.get_workspace_role(), RoleConstants.WORKSPACE_MANAGE.get_workspace_role()) def put(self, request: Request, workspace_id: str, @@ -171,6 +183,8 @@ class ApplicationChatRecordImproveParagraph(APIView): tags=[_("Application/Conversation Log")] # type: ignore ) @has_permissions(PermissionConstants.APPLICATION_CHAT_LOG_ANNOTATION.get_workspace_application_permission(), + PermissionConstants.APPLICATION_CHAT_LOG_ANNOTATION.get_workspace_permission_workspace_manage_role(), + RoleConstants.USER.get_workspace_role(), RoleConstants.WORKSPACE_MANAGE.get_workspace_role()) def delete(self, request: Request, workspace_id: str, application_id: str, chat_id: str, chat_record_id: str, knowledge_id: str, diff --git a/apps/application/views/application_stats.py b/apps/application/views/application_stats.py index 9337e5cce..3b114543d 100644 --- a/apps/application/views/application_stats.py +++ b/apps/application/views/application_stats.py @@ -32,7 +32,9 @@ class ApplicationStats(APIView): responses=ApplicationStatsAPI.get_response(), tags=[_('Application')] # type: ignore ) - @has_permissions(PermissionConstants.APPLICATION_READ.get_workspace_application_permission(), + @has_permissions(PermissionConstants.APPLICATION_OVERVIEW_READ.get_workspace_application_permission(), + PermissionConstants.APPLICATION_OVERVIEW_READ.get_workspace_permission_workspace_manage_role(), + RoleConstants.USER.get_workspace_role(), RoleConstants.WORKSPACE_MANAGE.get_workspace_role()) def get(self, request: Request, workspace_id: str, application_id: str): return result.success( diff --git a/apps/application/views/application_version.py b/apps/application/views/application_version.py index e1a401e31..b8a759c4e 100644 --- a/apps/application/views/application_version.py +++ b/apps/application/views/application_version.py @@ -35,6 +35,8 @@ class ApplicationVersionView(APIView): tags=[_('Application/Version')] # type: ignore ) @has_permissions(PermissionConstants.APPLICATION_READ.get_workspace_application_permission(), + PermissionConstants.APPLICATION_READ.get_workspace_permission_workspace_manage_role(), + RoleConstants.USER.get_workspace_role(), RoleConstants.WORKSPACE_MANAGE.get_workspace_role()) def get(self, request: Request, workspace_id, application_id: str): return result.success( @@ -55,6 +57,8 @@ class ApplicationVersionView(APIView): tags=[_('Application/Version')] # type: ignore ) @has_permissions(PermissionConstants.APPLICATION_READ.get_workspace_application_permission(), + PermissionConstants.APPLICATION_READ.get_workspace_permission_workspace_manage_role(), + RoleConstants.USER.get_workspace_role(), RoleConstants.WORKSPACE_MANAGE.get_workspace_role()) def get(self, request: Request, workspace_id: str, application_id: str, current_page: int, page_size: int): return result.success( @@ -76,6 +80,8 @@ class ApplicationVersionView(APIView): tags=[_('Application/Version')] # type: ignore ) @has_permissions(PermissionConstants.APPLICATION_EDIT.get_workspace_application_permission(), + PermissionConstants.APPLICATION_EDIT.get_workspace_permission_workspace_manage_role(), + RoleConstants.USER.get_workspace_role(), RoleConstants.WORKSPACE_MANAGE.get_workspace_role()) def get(self, request: Request, workspace_id: str, application_id: str, work_flow_version_id: str): return result.success( @@ -94,6 +100,8 @@ class ApplicationVersionView(APIView): tags=[_('Application/Version')] # type: ignore ) @has_permissions(PermissionConstants.APPLICATION_EDIT.get_workspace_application_permission(), + PermissionConstants.APPLICATION_EDIT.get_workspace_permission_workspace_manage_role(), + RoleConstants.USER.get_workspace_role(), RoleConstants.WORKSPACE_MANAGE.get_workspace_role()) @log(menu='Application', operate="Modify application version information", get_operation_object=lambda r, k: get_application_operation_object(k.get('application_id')), diff --git a/apps/common/constants/permission_constants.py b/apps/common/constants/permission_constants.py index 5aed7bd2d..6fc0fe409 100644 --- a/apps/common/constants/permission_constants.py +++ b/apps/common/constants/permission_constants.py @@ -18,8 +18,16 @@ class Group(Enum): 权限组 一个组一般对应前端一个菜单 """ USER = "USER_MANAGEMENT" - + # 应用 APPLICATION = "APPLICATION" + # 应用概览 + APPLICATION_OVERVIEW = "APPLICATION_OVERVIEW" + # 应用接入 + APPLICATION_ACCESS = "APPLICATION_ACCESS" + # 应用 对话用户 + APPLICATION_CHAT_USER = "APPLICATION_CHAT_USER" + # 应用对话日志 + APPLICATION_CHAT_LOG = "APPLICATION_CHAT_LOG" KNOWLEDGE = "KNOWLEDGE" SYSTEM_KNOWLEDGE = "SYSTEM_KNOWLEDGE" @@ -60,8 +68,6 @@ class Group(Enum): CHAT_USER_AUTH = "CHAT_USER_AUTH" OTHER = "OTHER" OVERVIEW = "OVERVIEW" - APPLICATION_ACCESS = "APPLICATION_ACCESS" - APPLICATION_CHAT_LOG = "APPLICATION_CHAT_LOG" OPERATION_LOG = "OPERATION_LOG" @@ -128,6 +134,19 @@ class Operate(Enum): USER_GROUP = "READ+USER_GROUP" # 用户组 ANNOTATION = "READ+ANNOTATION" # 标注 CLEAR_POLICY = "READ+CLEAR_POLICY" + EMBED = "READ+EMBED" # 嵌入 + ACCESS = "READ+ACCESS" # 访问限制 + DISPLAY = "READ+DISPLAY" # 显示设置 + API_KET = "READ+API_KEY" # API_KEY + PUBLIC_ACCESS = "READ+PUBLIC_ACCESS" # 公共访问链接 + Q_WEIXIN = "READ+Q_WEIXIN" # 企业微信 + FEISHU = "READ+FEISHU" # 飞书 + DD = "READ+DD" # 钉钉 + WEIXIN_PUBLIC_ACCOUNT = "READ+WEIXIN_PUBLIC_ACCOUNT" # 微信公众号 + SLACK = "READ+SLACK" # SLACK + ADD_KNOWLEDGE = "READ+ADD_KNOWLEDGE" # 添加到知识库 + TO_CHAT = "READ+TO_CHAT" # 去对话 + SETTING = "READ+SETTING" # 管理 class RoleGroup(Enum): @@ -247,6 +266,22 @@ Permission_Label = { Operate.RELATE.value: _("Relate"), Operate.ANNOTATION.value: _("Annotation"), Operate.CLEAR_POLICY.value: _("Clear Policy"), + + Operate.EMBED: _('Embed third party'), + Operate.ACCESS: _('Access restrictions'), + Operate.DISPLAY: _('Display Settings'), + Operate.API_KET: _('API_KET'), + Operate.PUBLIC_ACCESS: _('Public access link'), + Operate.Q_WEIXIN: _('Enterprise WeiXin'), + Operate.FEISHU: _('Feishu'), + Operate.DD: _('Dingding'), + Operate.WEIXIN_PUBLIC_ACCOUNT: _('Weixin Public Account'), + Operate.ADD_KNOWLEDGE: _('Add to Knowledge Base'), + Group.APPLICATION_OVERVIEW: _('Overview'), + Group.APPLICATION_ACCESS: _('Application Access'), + Group.APPLICATION_CHAT_USER: _('Dialogue users'), + Group.APPLICATION_CHAT_LOG: _('Conversation log'), + Group.LOGIN_AUTH.value: _("Login Auth"), Group.DISPLAY_SETTINGS.value: _("Display Settings"), Group.SYSTEM_API_KEY.value: _("System API Key"), @@ -616,11 +651,39 @@ class PermissionConstants(Enum): parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION], resource_permission_group_list=[ResourcePermissionGroup.VIEW], ) + APPLICATION_TO_CHAT = Permission(group=Group.APPLICATION, operate=Operate.TO_CHAT, + role_list=[RoleConstants.ADMIN, RoleConstants.USER], + parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION], + resource_permission_group_list=[ResourcePermissionGroup.VIEW], + ) + APPLICATION_DEBUG = Permission(group=Group.APPLICATION, operate=Operate.DEBUG, + role_list=[RoleConstants.ADMIN, RoleConstants.USER], + parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION], + resource_permission_group_list=[ResourcePermissionGroup.VIEW], + ) + + APPLICATION_SETTING = Permission(group=Group.APPLICATION, operate=Operate.SETTING, + role_list=[RoleConstants.ADMIN, RoleConstants.USER], + parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION], + resource_permission_group_list=[ResourcePermissionGroup.VIEW], + ) + + APPLICATION_CREATE = Permission(group=Group.APPLICATION, operate=Operate.CREATE, + role_list=[RoleConstants.ADMIN, RoleConstants.USER], + parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION], + resource_permission_group_list=[ResourcePermissionGroup.VIEW], + ) + APPLICATION_IMPORT = Permission(group=Group.APPLICATION, operate=Operate.IMPORT, + role_list=[RoleConstants.ADMIN, RoleConstants.USER], + parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION], + resource_permission_group_list=[ResourcePermissionGroup.MANAGE] + ) APPLICATION_EXPORT = Permission(group=Group.APPLICATION, operate=Operate.EXPORT, role_list=[RoleConstants.ADMIN, RoleConstants.USER], resource_permission_group_list=[ResourcePermissionGroup.MANAGE], parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION], ) + APPLICATION_DELETE = Permission(group=Group.APPLICATION, operate=Operate.DELETE, role_list=[RoleConstants.ADMIN, RoleConstants.USER], parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION], @@ -631,75 +694,121 @@ class PermissionConstants(Enum): parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION], resource_permission_group_list=[ResourcePermissionGroup.MANAGE], ) - APPLICATION_OVERVIEW_READ = Permission(group=Group.OVERVIEW, operate=Operate.READ, + + APPLICATION_OVERVIEW_READ = Permission(group=Group.APPLICATION_OVERVIEW, operate=Operate.READ, role_list=[RoleConstants.ADMIN, RoleConstants.USER], parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION], resource_permission_group_list=[ResourcePermissionGroup.MANAGE], ) - APPLICATION_OVERVIEW_EMBEDDED = Permission(group=Group.OVERVIEW, operate=Operate.EDIT, - role_list=[RoleConstants.ADMIN, RoleConstants.USER], - parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION], - resource_permission_group_list=[ResourcePermissionGroup.MANAGE], - label=_('Embed third party') - ) - APPLICATION_OVERVIEW_ACCESS = Permission(group=Group.OVERVIEW, operate=Operate.CREATE, + + APPLICATION_OVERVIEW_EMBED = Permission(group=Group.APPLICATION_OVERVIEW, operate=Operate.EMBED, + role_list=[RoleConstants.ADMIN, RoleConstants.USER], + parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION], + resource_permission_group_list=[ResourcePermissionGroup.MANAGE], + + ) + + APPLICATION_OVERVIEW_ACCESS = Permission(group=Group.APPLICATION_OVERVIEW, operate=Operate.ACCESS, role_list=[RoleConstants.ADMIN, RoleConstants.USER], parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION], resource_permission_group_list=[ResourcePermissionGroup.MANAGE], - label=_('Access restrictions') + ) - APPLICATION_OVERVIEW_DISPLAY = Permission(group=Group.OVERVIEW, operate=Operate.DELETE, + APPLICATION_OVERVIEW_DISPLAY = Permission(group=Group.APPLICATION_OVERVIEW, operate=Operate.DISPLAY, role_list=[RoleConstants.ADMIN, RoleConstants.USER], parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION], resource_permission_group_list=[ResourcePermissionGroup.MANAGE], - label=_('Display settings') + ) - APPLICATION_OVERVIEW_API_KEY = Permission(group=Group.OVERVIEW, operate=Operate.DEBUG, + APPLICATION_OVERVIEW_API_KEY = Permission(group=Group.APPLICATION_OVERVIEW, operate=Operate.API_KET, role_list=[RoleConstants.ADMIN, RoleConstants.USER], parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION], resource_permission_group_list=[ResourcePermissionGroup.MANAGE], - label=_('API Key') + ) - APPLICATION_OVERVIEW_PUBLIC = Permission(group=Group.OVERVIEW, operate=Operate.ADD_MEMBER, + APPLICATION_OVERVIEW_PUBLIC = Permission(group=Group.APPLICATION_OVERVIEW, operate=Operate.PUBLIC_ACCESS, role_list=[RoleConstants.ADMIN, RoleConstants.USER], parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION], resource_permission_group_list=[ResourcePermissionGroup.MANAGE], - label=_('Public settings') + ) - APPLICATION_CHAT_LOG = Permission(group=Group.APPLICATION_CHAT_LOG, operate=Operate.READ, - role_list=[RoleConstants.ADMIN, RoleConstants.USER], - parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION], - resource_permission_group_list=[ResourcePermissionGroup.MANAGE], - label=_('Dialogue log')) + # 应用接入 + APPLICATION_ACCESS_READ = Permission(group=Group.APPLICATION_ACCESS, operate=Operate.READ, + role_list=[RoleConstants.ADMIN, RoleConstants.USER], + parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION], + resource_permission_group_list=[ResourcePermissionGroup.MANAGE], + + ) + APPLICATION_ACCESS_Q_WEIXIN = Permission(group=Group.APPLICATION_ACCESS, operate=Operate.Q_WEIXIN, + role_list=[RoleConstants.ADMIN, RoleConstants.USER], + parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION], + resource_permission_group_list=[ResourcePermissionGroup.MANAGE], + ) + + APPLICATION_ACCESS_FEISHU = Permission(group=Group.APPLICATION_ACCESS, operate=Operate.FEISHU, + role_list=[RoleConstants.ADMIN, RoleConstants.USER], + parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION], + resource_permission_group_list=[ResourcePermissionGroup.MANAGE], + ) + APPLICATION_ACCESS_DD = Permission(group=Group.APPLICATION_ACCESS, operate=Operate.DD, + role_list=[RoleConstants.ADMIN, RoleConstants.USER], + parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION], + resource_permission_group_list=[ResourcePermissionGroup.MANAGE], + ) + APPLICATION_ACCESS_WEIXIN_PUBLIC_ACCOUNT = Permission(group=Group.APPLICATION_ACCESS, + operate=Operate.WEIXIN_PUBLIC_ACCOUNT, + role_list=[RoleConstants.ADMIN, RoleConstants.USER], + parent_group=[WorkspaceGroup.APPLICATION, + UserGroup.APPLICATION], + resource_permission_group_list=[ + ResourcePermissionGroup.MANAGE], + ) + APPLICATION_ACCESS_SLACK = Permission(group=Group.APPLICATION_ACCESS, operate=Operate.SLACK, + role_list=[RoleConstants.ADMIN, RoleConstants.USER], + parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION], + resource_permission_group_list=[ResourcePermissionGroup.MANAGE], + ) + + APPLICATION_CHAT_USER_READ = Permission(group=Group.CHAT_USER, operate=Operate.READ, + role_list=[RoleConstants.ADMIN, RoleConstants.USER], + parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION], + resource_permission_group_list=[ResourcePermissionGroup.MANAGE], + ) + APPLICATION_CHAT_USER_EDIT = Permission(group=Group.CHAT_USER, operate=Operate.EDIT, + role_list=[RoleConstants.ADMIN, RoleConstants.USER], + parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION], + resource_permission_group_list=[ResourcePermissionGroup.MANAGE], + ) + + APPLICATION_CHAT_LOG_READ = Permission(group=Group.APPLICATION_CHAT_LOG, operate=Operate.READ, + role_list=[RoleConstants.ADMIN, RoleConstants.USER], + parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION], + resource_permission_group_list=[ResourcePermissionGroup.MANAGE], + ) APPLICATION_CHAT_LOG_ANNOTATION = Permission(group=Group.APPLICATION_CHAT_LOG, operate=Operate.ANNOTATION, role_list=[RoleConstants.ADMIN, RoleConstants.USER], parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION], resource_permission_group_list=[ResourcePermissionGroup.MANAGE], - label=_('Dialogue log')) + ) APPLICATION_CHAT_LOG_EXPORT = Permission(group=Group.APPLICATION_CHAT_LOG, operate=Operate.EXPORT, role_list=[RoleConstants.ADMIN, RoleConstants.USER], parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION], resource_permission_group_list=[ResourcePermissionGroup.MANAGE], - label=_('Dialogue log')) + ) APPLICATION_CHAT_LOG_CLEAR_POLICY = Permission(group=Group.APPLICATION_CHAT_LOG, operate=Operate.CLEAR_POLICY, role_list=[RoleConstants.ADMIN, RoleConstants.USER], parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION], resource_permission_group_list=[ResourcePermissionGroup.MANAGE], - label=_('Dialogue log')) + ) + APPLICATION_CHAT_LOG_ADD_KNOWLEDGE = Permission(group=Group.APPLICATION_CHAT_LOG, operate=Operate.ADD_KNOWLEDGE, + role_list=[RoleConstants.ADMIN, RoleConstants.USER], + parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION], + resource_permission_group_list=[ResourcePermissionGroup.MANAGE], + ) - APPLICATION_ACCESS_READ = Permission(group=Group.APPLICATION_ACCESS, operate=Operate.READ, - role_list=[RoleConstants.ADMIN, RoleConstants.USER], - parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION], - resource_permission_group_list=[ResourcePermissionGroup.MANAGE], - ) - APPLICATION_ACCESS_EDIT = Permission(group=Group.APPLICATION_ACCESS, operate=Operate.EDIT, - role_list=[RoleConstants.ADMIN, RoleConstants.USER], - parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION], - resource_permission_group_list=[ResourcePermissionGroup.MANAGE], - ) ABOUT_READ = Permission(group=Group.OTHER, operate=Operate.READ, role_list=[RoleConstants.ADMIN], parent_group=[SystemGroup.OTHER], diff --git a/ui/vite.config.ts b/ui/vite.config.ts index dd5e56b59..812c51354 100644 --- a/ui/vite.config.ts +++ b/ui/vite.config.ts @@ -17,8 +17,8 @@ export default defineConfig(({ mode }) => { const prefix = process.env.VITE_DYNAMIC_PREFIX || ENV.VITE_BASE_PATH const proxyConf: Record = {} proxyConf['/api'] = { - target: 'http://43.166.1.146:8080', - // target: 'http://127.0.0.1:8080', + // target: 'http://43.166.1.146:8080', + target: 'http://127.0.0.1:8080', changeOrigin: true, rewrite: (path: string) => path.replace(ENV.VITE_BASE_PATH, '/'), }