diff --git a/apps/system_manage/api/user_resource_permission.py b/apps/system_manage/api/user_resource_permission.py index c902dd8ee..c67b897bb 100644 --- a/apps/system_manage/api/user_resource_permission.py +++ b/apps/system_manage/api/user_resource_permission.py @@ -12,15 +12,29 @@ from rest_framework import serializers from django.utils.translation import gettext_lazy as _ from common.mixins.api_mixin import APIMixin -from common.result import ResultSerializer, ResultPageSerializer -from system_manage.serializers.user_resource_permission import UserResourcePermissionResponse, \ - UpdateUserResourcePermissionRequest, ResourceUserPermissionEditRequest +from common.result import ResultSerializer, ResultPageSerializer, PageDataResponse +from system_manage.serializers.user_resource_permission import ResourceUserPermissionEditRequest, UpdateTeamMemberItemPermissionSerializer -class APIUserResourcePermissionResponse(ResultSerializer): +class UserResourcePermissionResponse0(serializers.Serializer): + id = serializers.UUIDField(required=True, label="主键id") + name = serializers.CharField(required=True, label="资源名称") + auth_target_type = serializers.CharField(required=True, label="授权资源") + user_id = serializers.UUIDField(required=True, label="用户id") + icon = serializers.CharField(required=True, label="资源图标") + auth_type = serializers.CharField(required=True, label="授权类型") + permission = serializers.ChoiceField(required=False, allow_null=True, allow_blank=True, + choices=['NOT_AUTH', 'MANAGE', 'VIEW', 'ROLE'], + label=_('permission')) + +class NewAPIUserResourcePermissionResponse(ResultSerializer): def get_data(self): - return UserResourcePermissionResponse(many=True) + return UserResourcePermissionResponse0(many=True) +class NewAPIUserResourcePermissionPageResponse(ResultPageSerializer): + + def get_data(self): + return UserResourcePermissionResponse0(many=True) class UserResourcePermissionAPI(APIMixin): @staticmethod @@ -40,17 +54,61 @@ class UserResourcePermissionAPI(APIMixin): location='path', required=True, ), + OpenApiParameter( + name="name", + description="名称", + type=OpenApiTypes.STR, + location='query', + required=False + ), + OpenApiParameter( + name="permission", + description="权限", + type=OpenApiTypes.STR, + location='query', + required=False + ), ] @staticmethod def get_response(): - return APIUserResourcePermissionResponse + return NewAPIUserResourcePermissionResponse class EditUserResourcePermissionAPI(APIMixin): + @staticmethod + def get_parameters(): + return [ + OpenApiParameter( + name="workspace_id", + description="工作空间id", + type=OpenApiTypes.STR, + location='path', + required=True, + ), + OpenApiParameter( + name="user_id", + description="用户id", + type=OpenApiTypes.STR, + location='path', + required=True, + ), + OpenApiParameter( + name="resource", + description="资源类型", + type=OpenApiTypes.STR, + location='path', + required=True + ), + ] + @staticmethod def get_request(): - return UpdateUserResourcePermissionRequest() + return UpdateTeamMemberItemPermissionSerializer(many=True) + + @staticmethod + def get_response(): + return NewAPIUserResourcePermissionResponse class ResourceUserPermissionResponse(serializers.Serializer): @@ -117,10 +175,69 @@ class ResourceUserPermissionAPI(APIMixin): def get_response(): return APIResourceUserPermissionResponse +class UserResourcePermissionPageAPI(APIMixin): + @staticmethod + def get_parameters(): + return [ + OpenApiParameter( + name="workspace_id", + description="工作空间id", + type=OpenApiTypes.STR, + location='path', + required=True + ), + OpenApiParameter( + name="user_id", + description="用户id", + type=OpenApiTypes.STR, + location='path', + required=True + ), + OpenApiParameter( + name="resource", + description="资源类型", + type=OpenApiTypes.STR, + location='path', + required=True + ), + OpenApiParameter( + name="current_page", + description=_("Current page"), + type=OpenApiTypes.INT, + location='path', + required=True, + ), + OpenApiParameter( + name="page_size", + description=_("Page size"), + type=OpenApiTypes.INT, + location='path', + required=True, + ), + OpenApiParameter( + name="name", + description="资源名称", + type=OpenApiTypes.STR, + location='query', + required=False + ), + OpenApiParameter( + name="permission", + description="权限", + type=OpenApiTypes.STR, + location='query', + required=False + ), + ] + + @staticmethod + def get_response(): + return NewAPIUserResourcePermissionPageResponse + class APIResourceUserPermissionPageResponse(ResultPageSerializer): def get_data(self): - return ResourceUserPermissionResponse(many=True) + return PageDataResponse(ResourceUserPermissionResponse(many=True)) class ResourceUserPermissionPageAPI(APIMixin): diff --git a/apps/system_manage/serializers/user_resource_permission.py b/apps/system_manage/serializers/user_resource_permission.py index a584c5738..3b9b1d396 100644 --- a/apps/system_manage/serializers/user_resource_permission.py +++ b/apps/system_manage/serializers/user_resource_permission.py @@ -44,10 +44,13 @@ class PermissionSerializer(serializers.Serializer): class UserResourcePermissionItemResponse(serializers.Serializer): id = serializers.UUIDField(required=True, label="主键id") name = serializers.CharField(required=True, label="资源名称") - auth_target_type = serializers.ChoiceField(required=True, choices=AuthTargetType.choices, label="授权资源") + auth_target_type = serializers.CharField(required=True, label="授权资源") user_id = serializers.UUIDField(required=True, label="用户id") - auth_type = serializers.ChoiceField(required=True, choices=ResourceAuthType.choices, label="授权类型") - permission = PermissionSerializer() + icon = serializers.CharField(required=True, label="资源图标") + auth_type = serializers.CharField(required=True, label="授权类型") + permission = serializers.ChoiceField(required=False, allow_null=True, allow_blank=True, + choices=['NOT_AUTH', 'MANAGE', 'VIEW', 'ROLE'], + label=_('permission')) class UserResourcePermissionResponse(serializers.Serializer): @@ -56,8 +59,9 @@ class UserResourcePermissionResponse(serializers.Serializer): class UpdateTeamMemberItemPermissionSerializer(serializers.Serializer): target_id = serializers.CharField(required=True, label=_('target id')) - auth_type = serializers.ChoiceField(required=True, choices=ResourceAuthType.choices, label="授权类型") - permission = PermissionSerializer(required=True, many=False) + permission = serializers.ChoiceField(required=False, allow_null=True, allow_blank=True, + choices=['NOT_AUTH', 'MANAGE', 'VIEW', 'ROLE'], + label=_('permission')) class UpdateUserResourcePermissionRequest(serializers.Serializer): @@ -90,19 +94,38 @@ sql_map = { 'APPLICATION': 'get_application_user_resource_permission.sql' } +class UserResourcePermissionUserListRequest(serializers.Serializer): + name = serializers.CharField(required=False, allow_null=True, allow_blank=True, label=_('resource name')) + permission = serializers.ChoiceField(required=False, allow_null=True, allow_blank=True,choices=['NOT_AUTH', 'MANAGE', 'VIEW', 'ROLE'], + label=_('permission')) class UserResourcePermissionSerializer(serializers.Serializer): workspace_id = serializers.CharField(required=True, label=_('workspace id')) user_id = serializers.CharField(required=True, label=_('user id')) auth_target_type = serializers.CharField(required=True, label=_('resource')) - def get_queryset(self): + def get_queryset(self, instance): + resource_query_set = QuerySet( + model=get_dynamics_model({ + 'name': models.CharField(), + "permission": models.CharField(), + })) + name = instance.get('name') + permission = instance.get('permission') + + if name: + resource_query_set = resource_query_set.filter(name__contains=name) + if permission: + resource_query_set = resource_query_set.filter( + permission=None if instance.get('permission') == 'NOT_AUTH' else instance.get('permission')) + return { 'query_set': QuerySet(m_map.get(self.data.get('auth_target_type'))).filter( workspace_id=self.data.get('workspace_id')), 'workspace_user_resource_permission_query_set': QuerySet(WorkspaceUserResourcePermission).filter( workspace_id=self.data.get('workspace_id'), user=self.data.get('user_id'), - auth_target_type=self.data.get('auth_target_type')) + auth_target_type=self.data.get('auth_target_type')), + 'resource_query_set': resource_query_set } def is_auth(self, resource_id: str): @@ -184,44 +207,38 @@ class UserResourcePermissionSerializer(serializers.Serializer): cache.delete(key, version=version) return True - def list(self, user, with_valid=True): + def list(self, instance, user, with_valid=True): if with_valid: self.is_valid(raise_exception=True) + UserResourcePermissionUserListRequest(data=instance).is_valid(raise_exception=True) workspace_id = self.data.get("workspace_id") user_id = self.data.get("user_id") # 用户权限列表 - user_resource_permission_list = native_search(self.get_queryset(), get_file_content( + user_resource_permission_list = native_search(self.get_queryset(instance), get_file_content( os.path.join(PROJECT_DIR, "apps", "system_manage", 'sql', sql_map.get(self.data.get('auth_target_type'))))) - workspace_user_role_mapping_model = DatabaseModelManage.get_model("workspace_user_role_mapping") - workspace_model = DatabaseModelManage.get_model("workspace_model") - if workspace_user_role_mapping_model and workspace_model: - workspace_user_role_mapping_list = QuerySet(workspace_user_role_mapping_model).filter(user_id=user_id, - workspace_id=workspace_id) - else: - workspace_user_role_mapping_list = get_default_workspace_user_role_mapping_list([user.role]) - is_workspace_manage = any( - [workspace_user_role_mapping for workspace_user_role_mapping in workspace_user_role_mapping_list if - workspace_user_role_mapping.role_id == RoleConstants.WORKSPACE_MANAGE.value]) - # 如果当前用户是当前工作空间管理员那么就拥有所有权限 - if is_workspace_manage: - user_resource_permission_list = list( - map(lambda row: {**row, - 'permission': {ResourcePermission.VIEW.value: True, - ResourcePermission.MANAGE.value: True, - ResourcePermissionRole.ROLE.value: True}}, - user_resource_permission_list)) - return group_by([{**user_resource_permission, 'permission': { - permission: True if user_resource_permission.get('permission_list').__contains__(permission) else False for - permission in - [ResourcePermission.VIEW.value, ResourcePermission.MANAGE.value, - ResourcePermissionRole.ROLE.value]}} - for user_resource_permission in user_resource_permission_list], - key=lambda item: item.get('auth_target_type')) + + return [{**user_resource_permission} + for user_resource_permission in user_resource_permission_list] + + + def page(self, instance, current_page: int, page_size: int,user, with_valid=True): + if with_valid: + self.is_valid(raise_exception=True) + UserResourcePermissionUserListRequest(data=instance).is_valid(raise_exception=True) + workspace_id = self.data.get("workspace_id") + user_id = self.data.get("user_id") + # 用户对应的资源权限分页列表 + user_resource_permission_page_list = native_page_search(current_page,page_size,self.get_queryset(instance),get_file_content( + os.path.join(PROJECT_DIR, "apps", "system_manage", 'sql', sql_map.get(self.data.get('auth_target_type'))) + )) + + return user_resource_permission_page_list + def edit(self, instance, user, with_valid=True): if with_valid: self.is_valid(raise_exception=True) - UpdateUserResourcePermissionRequest(data=instance).is_valid(raise_exception=True, + UpdateUserResourcePermissionRequest(data={'user_resource_permission_list':instance}).is_valid(raise_exception=True, auth_target_type=self.data.get( 'auth_target_type'), workspace_id=self.data.get('workspace_id')) @@ -229,11 +246,17 @@ class UserResourcePermissionSerializer(serializers.Serializer): user_id = self.data.get("user_id") update_list = [] save_list = [] - user_resource_permission_list = instance.get('user_resource_permission_list') + targets = [ item['target_id'] for item in instance ] QuerySet(WorkspaceUserResourcePermission).filter( - workspace_id=workspace_id, user_id=user_id, auth_target_type=self.data.get('auth_target_type')).delete() + workspace_id=workspace_id, + user_id=user_id, + auth_target_type=self.data.get('auth_target_type'), + target__in=targets + ).delete() workspace_user_resource_permission_exist_list = [] - for user_resource_permission in user_resource_permission_list: + for user_resource_permission in instance: + permission = user_resource_permission['permission'] + auth_type, permission_list = permission_map[permission] exist_list = [user_resource_permission_exist for user_resource_permission_exist in workspace_user_resource_permission_exist_list if user_resource_permission.get('target_id') == str(user_resource_permission_exist.target)] @@ -245,14 +268,10 @@ class UserResourcePermissionSerializer(serializers.Serializer): else: save_list.append(WorkspaceUserResourcePermission(target=user_resource_permission.get('target_id'), auth_target_type=self.data.get('auth_target_type'), - permission_list=[key for key in - user_resource_permission.get( - 'permission').keys() if - user_resource_permission.get( - 'permission').get(key)], + permission_list=permission_list, workspace_id=workspace_id, user_id=user_id, - auth_type=user_resource_permission.get('auth_type'))) + auth_type=auth_type)) # 批量更新 QuerySet(WorkspaceUserResourcePermission).bulk_update(update_list, ['permission_list', 'auth_type']) if len( update_list) > 0 else None @@ -261,13 +280,13 @@ class UserResourcePermissionSerializer(serializers.Serializer): version = Cache_Version.PERMISSION_LIST.get_version() key = Cache_Version.PERMISSION_LIST.get_key(user_id=user_id) cache.delete(key, version=version) - return True + return instance class ResourceUserPermissionUserListRequest(serializers.Serializer): nick_name = serializers.CharField(required=False, allow_null=True, allow_blank=True, label=_('workspace id')) username = serializers.CharField(required=False, allow_null=True, allow_blank=True, label=_('workspace id')) - permission = serializers.ChoiceField(required=True, choices=['NOT_AUTH', 'MANAGE', 'VIEW', 'ROLE'], + permission = serializers.ChoiceField(required=False, allow_null=True, allow_blank=True, choices=['NOT_AUTH', 'MANAGE', 'VIEW', 'ROLE'], label=_('permission')) @@ -381,4 +400,4 @@ class ResourceUserPermissionSerializer(serializers.Serializer): for user_id in users_id: key = Cache_Version.PERMISSION_LIST.get_key(user_id=user_id) cache.delete(key, version=version) - return True + return instance diff --git a/apps/system_manage/sql/get_application_user_resource_permission.sql b/apps/system_manage/sql/get_application_user_resource_permission.sql index 64195e240..d9e165157 100644 --- a/apps/system_manage/sql/get_application_user_resource_permission.sql +++ b/apps/system_manage/sql/get_application_user_resource_permission.sql @@ -1,17 +1,38 @@ -SELECT app_or_knowledge.*, - COALESCE(workspace_user_resource_permission.permission_list,'{}')::varchar[] as permission_list, - COALESCE(workspace_user_resource_permission.auth_type,'ROLE') as auth_type -FROM (SELECT "id", - "name", - 'APPLICATION' AS "auth_target_type", - user_id, - workspace_id, - icon, - folder_id - FROM application - ${query_set} - ) app_or_knowledge - LEFT JOIN (SELECT * - FROM workspace_user_resource_permission - ${workspace_user_resource_permission_query_set}) workspace_user_resource_permission - ON workspace_user_resource_permission.target = app_or_knowledge."id"; +SELECT + app_or_knowledge.*, + CASE + WHEN + wurp."permission" is null then 'NOT_AUTH' + ELSE wurp."permission" + END +FROM ( + SELECT + "id", + "name", + 'APPLICATION' AS "auth_target_type", + user_id, + workspace_id, + icon, + folder_id + FROM + application + ${query_set} +) app_or_knowledge +LEFT JOIN ( + SELECT + target, + CASE + WHEN auth_type = 'ROLE' + AND 'ROLE' = ANY(permission_list) THEN 'ROLE' + WHEN auth_type = 'RESOURCE_PERMISSION_GROUP' + AND 'MANAGE' = ANY(permission_list) THEN 'MANAGE' + WHEN auth_type = 'RESOURCE_PERMISSION_GROUP' + AND 'VIEW' = ANY(permission_list) THEN 'VIEW' + ELSE 'NOT_AUTH' + END AS permission + FROM + workspace_user_resource_permission + ${workspace_user_resource_permission_query_set} +) wurp +ON wurp.target = app_or_knowledge."id" +${resource_query_set} \ No newline at end of file diff --git a/apps/system_manage/sql/get_knowledge_user_resource_permission.sql b/apps/system_manage/sql/get_knowledge_user_resource_permission.sql index bf1653281..a562f6d62 100644 --- a/apps/system_manage/sql/get_knowledge_user_resource_permission.sql +++ b/apps/system_manage/sql/get_knowledge_user_resource_permission.sql @@ -1,17 +1,38 @@ -SELECT app_or_knowledge.*, - COALESCE(workspace_user_resource_permission.permission_list,'{}')::varchar[] as permission_list, - COALESCE(workspace_user_resource_permission.auth_type,'ROLE') as auth_type -FROM (SELECT "id", - "name", - 'KNOWLEDGE' AS "auth_target_type", - user_id, - workspace_id, - "type"::varchar AS "icon", - folder_id - FROM knowledge - ${query_set} - ) app_or_knowledge - LEFT JOIN (SELECT * - FROM workspace_user_resource_permission - ${workspace_user_resource_permission_query_set}) workspace_user_resource_permission - ON workspace_user_resource_permission.target = app_or_knowledge."id"; +SELECT + app_or_knowledge.*, + CASE + WHEN + wurp."permission" is null then 'NOT_AUTH' + ELSE wurp."permission" + END +FROM ( + SELECT + "id", + "name", + 'KNOWLEDGE' AS "auth_target_type", + user_id, + workspace_id, + "type"::varchar AS "icon", + folder_id + FROM + knowledge + ${query_set} +) app_or_knowledge +LEFT JOIN ( + SELECT + target, + CASE + WHEN auth_type = 'ROLE' + AND 'ROLE' = ANY(permission_list) THEN 'ROLE' + WHEN auth_type = 'RESOURCE_PERMISSION_GROUP' + AND 'MANAGE' = ANY(permission_list) THEN 'MANAGE' + WHEN auth_type = 'RESOURCE_PERMISSION_GROUP' + AND 'VIEW' = ANY(permission_list) THEN 'VIEW' + ELSE 'NOT_AUTH' + END AS permission + FROM + workspace_user_resource_permission + ${workspace_user_resource_permission_query_set} +) wurp +ON wurp.target = app_or_knowledge."id" +${resource_query_set} \ No newline at end of file diff --git a/apps/system_manage/sql/get_model_user_resource_permission.sql b/apps/system_manage/sql/get_model_user_resource_permission.sql index 40a201bae..dda9030fa 100644 --- a/apps/system_manage/sql/get_model_user_resource_permission.sql +++ b/apps/system_manage/sql/get_model_user_resource_permission.sql @@ -1,17 +1,38 @@ -SELECT app_or_knowledge.*, - COALESCE(workspace_user_resource_permission.permission_list,'{}')::varchar[] as permission_list, - COALESCE(workspace_user_resource_permission.auth_type,'ROLE') as auth_type -FROM (SELECT "id", - "name", - 'MODEL' AS "auth_target_type", - user_id, - workspace_id, - provider as icon, - 'default' as folder_id - FROM model - ${query_set} - ) app_or_knowledge - LEFT JOIN (SELECT * - FROM workspace_user_resource_permission - ${workspace_user_resource_permission_query_set}) workspace_user_resource_permission - ON workspace_user_resource_permission.target = app_or_knowledge."id"; +SELECT + app_or_knowledge.*, + CASE + WHEN + wurp."permission" is null then 'NOT_AUTH' + ELSE wurp."permission" + END +FROM ( + SELECT + "id", + "name", + 'MODEL' AS "auth_target_type", + user_id, + workspace_id, + provider as icon, + 'default' as folder_id + FROM + model + ${query_set} +) app_or_knowledge +LEFT JOIN ( + SELECT + target, + CASE + WHEN auth_type = 'ROLE' + AND 'ROLE' = ANY(permission_list) THEN 'ROLE' + WHEN auth_type = 'RESOURCE_PERMISSION_GROUP' + AND 'MANAGE' = ANY(permission_list) THEN 'MANAGE' + WHEN auth_type = 'RESOURCE_PERMISSION_GROUP' + AND 'VIEW' = ANY(permission_list) THEN 'VIEW' + ELSE 'NOT_AUTH' + END AS permission + FROM + workspace_user_resource_permission + ${workspace_user_resource_permission_query_set} +) wurp +ON wurp.target = app_or_knowledge."id" +${resource_query_set} \ No newline at end of file diff --git a/apps/system_manage/sql/get_resource_user_permission_detail.sql b/apps/system_manage/sql/get_resource_user_permission_detail.sql index 6298930e8..e07cee520 100644 --- a/apps/system_manage/sql/get_resource_user_permission_detail.sql +++ b/apps/system_manage/sql/get_resource_user_permission_detail.sql @@ -19,7 +19,7 @@ LEFT JOIN ( and 'MANAGE'= any(permission_list) then 'MANAGE' when auth_type = 'RESOURCE_PERMISSION_GROUP' and 'VIEW' = any( permission_list) then 'VIEW' - else 'NO_AUTH' + else 'NOT_AUTH' end) as "permission" FROM workspace_user_resource_permission diff --git a/apps/system_manage/sql/get_tool_user_resource_permission.sql b/apps/system_manage/sql/get_tool_user_resource_permission.sql index 15e1e8e52..6900840b9 100644 --- a/apps/system_manage/sql/get_tool_user_resource_permission.sql +++ b/apps/system_manage/sql/get_tool_user_resource_permission.sql @@ -1,17 +1,39 @@ -SELECT app_or_knowledge.*, - COALESCE(workspace_user_resource_permission.permission_list,'{}')::varchar[] as permission_list, - COALESCE(workspace_user_resource_permission.auth_type,'ROLE') as auth_type -FROM (SELECT "id", - "name", - 'TOOL' AS "auth_target_type", - user_id, - workspace_id, - icon, - folder_id - FROM tool - ${query_set} - ) app_or_knowledge - LEFT JOIN (SELECT * - FROM workspace_user_resource_permission - ${workspace_user_resource_permission_query_set}) workspace_user_resource_permission - ON workspace_user_resource_permission.target = app_or_knowledge."id"; +SELECT + app_or_knowledge.*, + CASE + WHEN + wurp."permission" is null then 'NOT_AUTH' + ELSE wurp."permission" + END +FROM ( + SELECT + "id", + "name", + 'TOOL' AS "auth_target_type", + user_id, + workspace_id, + icon, + folder_id + FROM + tool + ${query_set} +) app_or_knowledge +LEFT JOIN ( + SELECT + target, + CASE + WHEN auth_type = 'ROLE' + AND 'ROLE' = ANY(permission_list) THEN 'ROLE' + WHEN auth_type = 'RESOURCE_PERMISSION_GROUP' + AND 'MANAGE' = ANY(permission_list) THEN 'MANAGE' + WHEN auth_type = 'RESOURCE_PERMISSION_GROUP' + AND 'VIEW' = ANY(permission_list) THEN 'VIEW' + ELSE 'NOT_AUTH' + END AS permission + FROM + workspace_user_resource_permission + ${workspace_user_resource_permission_query_set} +) wurp +ON wurp.target = app_or_knowledge."id" +${resource_query_set} + diff --git a/apps/system_manage/urls.py b/apps/system_manage/urls.py index 6a746fbdd..dfe873342 100644 --- a/apps/system_manage/urls.py +++ b/apps/system_manage/urls.py @@ -6,6 +6,7 @@ app_name = "system_manage" # @formatter:off urlpatterns = [ path('workspace//user_resource_permission/user//resource/', views.WorkSpaceUserResourcePermissionView.as_view()), + path('workspace//user_resource_permission/user//resource///', views.WorkSpaceUserResourcePermissionView.Page.as_view()), path('workspace//resource_user_permission/resource//resource/', views.WorkspaceResourceUserPermissionView.as_view()), path('workspace//resource_user_permission/resource//resource///', views.WorkspaceResourceUserPermissionView.Page.as_view()), path('email_setting', views.SystemSetting.Email.as_view()), diff --git a/apps/system_manage/views/user_resource_permission.py b/apps/system_manage/views/user_resource_permission.py index f8c7167af..898fb7bde 100644 --- a/apps/system_manage/views/user_resource_permission.py +++ b/apps/system_manage/views/user_resource_permission.py @@ -17,9 +17,9 @@ from common.auth import TokenAuth from common.auth.authentication import has_permissions from common.constants.permission_constants import PermissionConstants, RoleConstants, Permission, Group, Operate from common.log.log import log -from common.result import DefaultResultSerializer from system_manage.api.user_resource_permission import UserResourcePermissionAPI, EditUserResourcePermissionAPI, \ - ResourceUserPermissionAPI, ResourceUserPermissionPageAPI, ResourceUserPermissionEditAPI + ResourceUserPermissionAPI, ResourceUserPermissionPageAPI, ResourceUserPermissionEditAPI, \ + UserResourcePermissionPageAPI from system_manage.serializers.user_resource_permission import UserResourcePermissionSerializer, \ ResourceUserPermissionSerializer from users.models import User @@ -52,15 +52,16 @@ class WorkSpaceUserResourcePermissionView(APIView): def get(self, request: Request, workspace_id: str, user_id: str, resource: str): return result.success(UserResourcePermissionSerializer( data={'workspace_id': workspace_id, 'user_id': user_id, 'auth_target_type': resource} - ).list(request.user)) + ).list({'name': request.query_params.get('name'), + 'permission': request.query_params.get('permission')}, request.user)) @extend_schema( methods=['PUT'], description=_('Modify the resource authorization list'), operation_id=_('Modify the resource authorization list'), # type: ignore - parameters=UserResourcePermissionAPI.get_parameters(), + parameters=EditUserResourcePermissionAPI.get_parameters(), request=EditUserResourcePermissionAPI.get_request(), - responses=DefaultResultSerializer(), + responses=EditUserResourcePermissionAPI.get_response(), tags=[_('Resources authorization')] # type: ignore ) @log(menu='System', operate='Modify the resource authorization list', @@ -75,6 +76,26 @@ class WorkSpaceUserResourcePermissionView(APIView): data={'workspace_id': workspace_id, 'user_id': user_id, 'auth_target_type': resource} ).edit(request.data, request.user)) + class Page(APIView): + authentication_classes = [TokenAuth] + + @extend_schema( + methods=['GET'], + description=_('Obtain resource authorization list by page'), + summary=_('Obtain resource authorization list by page'), + operation_id=_('Obtain resource authorization list by page'), # type: ignore + request=None, + parameters=UserResourcePermissionPageAPI.get_parameters(), + responses=UserResourcePermissionPageAPI.get_response(), + tags=[_('Resources authorization')] # type: ignore + ) + def get(self, request: Request, workspace_id: str, user_id: str, resource: str, current_page: str, + page_size: str): + return result.success(UserResourcePermissionSerializer( + data={'workspace_id': workspace_id, 'user_id': user_id, 'auth_target_type': resource} + ).page({'name': request.query_params.get('name'), + 'permission': request.query_params.get('permission')}, current_page, page_size, request.user)) + class WorkspaceResourceUserPermissionView(APIView): authentication_classes = [TokenAuth] @@ -107,7 +128,6 @@ class WorkspaceResourceUserPermissionView(APIView): tags=[_('Resources authorization')] # type: ignore ) def put(self, request: Request, workspace_id: str, target: str, resource: str): - return result.success(ResourceUserPermissionSerializer( data={'workspace_id': workspace_id, "target": target, 'auth_target_type': resource, }) .edit(instance=request.data)) @@ -129,5 +149,6 @@ class WorkspaceResourceUserPermissionView(APIView): return result.success(ResourceUserPermissionSerializer( data={'workspace_id': workspace_id, "target": target, 'auth_target_type': resource, } ).page({'username': request.query_params.get("username"), - 'nick_name': request.query_params.get("nick_name"), 'permission': request.query_params.get("permission")}, current_page, page_size, + 'nick_name': request.query_params.get("nick_name"), + 'permission': request.query_params.get("permission")}, current_page, page_size, ))