From 411a0446b36233f63cb0399b7ef2b415d1b16b2f Mon Sep 17 00:00:00 2001 From: wxg0103 <727495428@qq.com> Date: Tue, 1 Jul 2025 19:23:42 +0800 Subject: [PATCH] refactor: user role --- .../serializers/model_serializer.py | 18 ++++++++++++++- apps/users/serializers/user.py | 23 +++++++++++++++---- 2 files changed, 36 insertions(+), 5 deletions(-) diff --git a/apps/models_provider/serializers/model_serializer.py b/apps/models_provider/serializers/model_serializer.py index adab1e03c..ebc1c7ef6 100644 --- a/apps/models_provider/serializers/model_serializer.py +++ b/apps/models_provider/serializers/model_serializer.py @@ -6,11 +6,14 @@ import time from typing import Dict import uuid_utils.compat as uuid +from django.core.cache import cache from django.db.models import QuerySet from django.utils.translation import gettext_lazy as _ from rest_framework import serializers from common.config.embedding_config import ModelManage +from common.constants.cache_version import Cache_Version +from common.constants.permission_constants import ResourcePermission, ResourceAuthType from common.database_model_manage.database_model_manage import DatabaseModelManage from common.db.search import native_search from common.exception.app_exception import AppApiException @@ -21,7 +24,7 @@ from models_provider.base_model_provider import ValidCode, DownModelChunkStatus from models_provider.constants.model_provider_constants import ModelProvideConstants from models_provider.models import Model, Status from models_provider.tools import get_model_credential -from system_manage.models import WorkspaceUserResourcePermission +from system_manage.models import WorkspaceUserResourcePermission, AuthTargetType from users.serializers.user import is_workspace_manage @@ -318,6 +321,19 @@ class ModelSerializer(serializers.Serializer): model = Model(**model_data) try: model.save() + # 自动授权给创建者 + WorkspaceUserResourcePermission( + target=model.id, + auth_target_type=AuthTargetType.MODEL, + permission_list=[ResourcePermission.VIEW, ResourcePermission.MANAGE], + workspace_id=workspace_id, + user_id=self.data.get('user_id'), + auth_type=ResourceAuthType.RESOURCE_PERMISSION_GROUP + ).save() + # 刷新缓存 + version = Cache_Version.PERMISSION_LIST.get_version() + key = Cache_Version.PERMISSION_LIST.get_key(user_id=self.data.get('user_id')) + cache.delete(key, version=version) except Exception as save_error: # 可添加日志记录 raise AppApiException(500, _("Model saving failed")) from save_error diff --git a/apps/users/serializers/user.py b/apps/users/serializers/user.py index a45c77033..381f63b7e 100644 --- a/apps/users/serializers/user.py +++ b/apps/users/serializers/user.py @@ -222,6 +222,9 @@ class UserManageSerializer(serializers.Serializer): post_records_handler=lambda u: UserInstanceSerializer(u).data) role_model = DatabaseModelManage.get_model("role_model") user_role_relation_model = DatabaseModelManage.get_model("workspace_user_role_mapping") + workspace_model = DatabaseModelManage.get_model("workspace_model") + workspace_mapping = {str(workspace_model.id): workspace_model.name for workspace_model in + workspace_model.objects.all()} def _get_user_roles(user_ids): if not (role_model and user_role_relation_model): @@ -237,17 +240,23 @@ class UserManageSerializer(serializers.Serializer): ) # 构建用户ID到角色名称列表的映射 - user_role_mapping = defaultdict(list) + user_role_mapping = defaultdict(set) # 使用 set 去重 # 构建用户ID到角色ID与工作空间ID映射 user_role_setting_mapping = defaultdict(lambda: defaultdict(list)) + user_role_workspace_mapping = defaultdict(lambda: defaultdict(list)) for relation in user_role_relations: user_id = str(relation.user_id) role_id = relation.role_id workspace_id = relation.workspace_id - user_role_mapping[user_id].append(relation.role.role_name) + user_role_mapping[user_id].add(relation.role.role_name) user_role_setting_mapping[user_id][role_id].append(workspace_id) + user_role_workspace_mapping[user_id][relation.role.role_name].append( + workspace_mapping.get(workspace_id, workspace_id)) + + # 将 set 转换为 list 以符合返回格式 + user_role_mapping = {uid: list(roles) for uid, roles in user_role_mapping.items()} # 转换为所需的结构 result_user_role_setting_mapping = { @@ -255,18 +264,24 @@ class UserManageSerializer(serializers.Serializer): for role_id, workspace_ids in roles.items()] for user_id, roles in user_role_setting_mapping.items() } + result_user_role_workspace_mapping = { + user_id: {role_name: workspace_names + for role_name, workspace_names in roles.items()} + for user_id, roles in user_role_workspace_mapping.items() + } - return user_role_mapping, result_user_role_setting_mapping + return user_role_mapping, result_user_role_setting_mapping, result_user_role_workspace_mapping if role_model and user_role_relation_model: user_ids = [user['id'] for user in result['records']] - user_role_mapping, user_role_setting_mapping = _get_user_roles(user_ids) + user_role_mapping, user_role_setting_mapping, user_role_workspace_mapping = _get_user_roles(user_ids) # 将角色信息添加回用户数据中 for user in result['records']: user_id = str(user['id']) user['role_name'] = user_role_mapping.get(user_id, []) user['role_setting'] = user_role_setting_mapping.get(user_id, []) + user['role_workspace'] = user_role_workspace_mapping.get(user_id, []) return result @transaction.atomic