feat: Resource mapping permission

apps/common/constants/permission_constants.py

@@ -182,7 +182,7 @@ class Operate(Enum):
     TAG = "READ+TAG"  # 标签设置
     REPLACE = "READ+REPLACE"  # 标签设置
     UPDATE = "READ+UPDATE"  # 更新license
-
+    RELATE_VIEW = "READ+RELATE_VIEW"
 
 class RoleGroup(Enum):
     # 系统用户
@@ -360,6 +360,7 @@ Permission_Label = {
     Operate.AUTH.value: _('resource authorization'),
     Operate.TAG.value: _('Tag Setting'),
     Operate.REPLACE.value: _('Replace Original Document'),
+    Operate.RELATE_VIEW.value: _('View related resources'),
 
     Group.APPLICATION_OVERVIEW.value: _('Overview'),
     Group.APPLICATION_ACCESS.value: _('Application Access'),
@@ -518,6 +519,11 @@ class PermissionConstants(Enum):
         parent_group=[WorkspaceGroup.MODEL, UserGroup.MODEL],
         resource_permission_group_list=[ResourcePermissionConst.MODEL_MANGE]
     )
+    MODEL_RELATE_RESOURCE_VIEW = Permission(
+        group=Group.MODEL, operate=Operate.RELATE_VIEW, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
+        parent_group=[WorkspaceGroup.MODEL, UserGroup.MODEL],
+        resource_permission_group_list=[ResourcePermissionConst.MODEL_MANGE]
+    )
     TOOL_READ = Permission(
         group=Group.TOOL, operate=Operate.READ, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
         parent_group=[WorkspaceGroup.TOOL, UserGroup.TOOL],
@@ -556,6 +562,11 @@ class PermissionConstants(Enum):
         parent_group=[WorkspaceGroup.TOOL, UserGroup.TOOL],
         resource_permission_group_list=[ResourcePermissionConst.TOOL_MANGE]
     )
+    TOOL_RELATE_RESOURCE_VIEW = Permission(
+        group=Group.TOOL, operate=Operate.RELATE_VIEW, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
+        parent_group=[WorkspaceGroup.TOOL, UserGroup.TOOL],
+        resource_permission_group_list=[ResourcePermissionConst.TOOL_MANGE]
+    )
     TOOL_FOLDER_READ = Permission(
         group=Group.TOOL_FOLDER, operate=Operate.READ, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
         parent_group=[UserGroup.TOOL],
@@ -626,6 +637,11 @@ class PermissionConstants(Enum):
         resource_permission_group_list=[ResourcePermissionConst.KNOWLEDGE_MANGE],
         parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE]
     )
+    KNOWLEDGE_RELATE_RESOURCE_VIEW = Permission(
+        group=Group.KNOWLEDGE, operate=Operate.RELATE_VIEW, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
+        parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE],
+        resource_permission_group_list=[ResourcePermissionConst.KNOWLEDGE_MANGE]
+    )
     KNOWLEDGE_FOLDER_READ = Permission(
         group=Group.KNOWLEDGE_FOLDER, operate=Operate.READ, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
         resource_permission_group_list=[ResourcePermissionConst.KNOWLEDGE_VIEW],

apps/locales/en_US/LC_MESSAGES/django.po

@@ -8892,4 +8892,7 @@ msgid "Authorized pagination list for obtaining resources"
 msgstr ""
 
 msgid "Resources mapping"
+msgstr ""
+
+msgid "View related resources"
 msgstr ""

apps/locales/zh_CN/LC_MESSAGES/django.po

@@ -9018,4 +9018,7 @@ msgid "Authorized pagination list for obtaining resources"
 msgstr "获取资源的关系分页列表"
 
 msgid "Resources mapping"
-msgstr "资源映射"
+msgstr "资源映射"
+
+msgid "View related resources"
+msgstr "查看关联资源"

apps/locales/zh_Hant/LC_MESSAGES/django.po

@@ -9018,4 +9018,7 @@ msgid "Authorized pagination list for obtaining resources"
 msgstr "獲取資源的關係分頁清單"
 
 msgid "Resources mapping"
-msgstr "資源映射"
+msgstr "資源映射"
+
+msgid "View related resources"
+msgstr "查看關聯資源"

apps/system_manage/views/resource_mapping.py

@@ -14,6 +14,9 @@ from rest_framework.views import APIView
 
 from common import result
 from common.auth import TokenAuth
+from common.auth.authentication import has_permissions
+from common.constants.permission_constants import Permission, Group, Operate, RoleConstants, ViewPermission, \
+    CompareConstants
 from system_manage.api.resource_mapping import ResourceMappingAPI
 from system_manage.serializers.resource_mapping_serializers import ResourceMappingSerializer
 
@@ -29,6 +32,19 @@ class ResourceMappingView(APIView):
         parameters=ResourceMappingAPI.get_parameters(),
         tags=[_('Resources mapping')]  # type: ignore
     )
+    @has_permissions(
+        lambda r, kwargs: Permission(group=Group(kwargs.get('resource')),
+                                     operate=Operate.RELATE_VIEW,
+                                     resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}:ROLE/WORKSPACE_MANAGE"),
+        lambda r, kwargs: Permission(group=Group(kwargs.get('resource')),
+                                     operate=Operate.RELATE_VIEW,
+                                     resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}/{kwargs.get('resource')}/{kwargs.get('resource_id')}"),
+        ViewPermission([RoleConstants.USER.get_workspace_role()],
+                       [lambda r, kwargs: Permission(group=Group(kwargs.get('resource')),
+                                                     operate=Operate.SELF,
+                                                     resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}/{kwargs.get('resource')}/{kwargs.get('resource_id')}")],
+                       CompareConstants.AND),
+        RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
     def get(self, request: Request, workspace_id: str, resource: str, resource_id: str, current_page, page_size):
         return result.success(ResourceMappingSerializer({
             'resource': resource,

ui/src/permission/knowledge/system-manage.ts

@@ -212,6 +212,12 @@ const systemManage = {
       PermissionConst.RESOURCE_KNOWLEDGE_AUTH
     ],'OR'
     ),
+  relate_map: () => 
+    hasPermission([
+      RoleConst.ADMIN,
+      PermissionConst.RESOURCE_KNOWLEDGE_RELATE_RESOURCE_VIEW
+    ],'OR'
+    ),
   folderRead: () => false,
   folderManage: () => false,
   folderCreate: () => false,

ui/src/permission/knowledge/system-share.ts

@@ -65,6 +65,7 @@ const share = {
   chat_user_edit: () => false,
 
   auth: () => false,
+  relate_map: () => hasPermission([RoleConst.ADMIN, PermissionConst.SHARED_KNOWLEDGE_RELATE_RESOURCE_VIEW], 'OR'),
   folderRead: () => false,
   folderManage: () => false,
   folderCreate: () => false,

ui/src/permission/knowledge/workspace-share.ts

@@ -11,7 +11,8 @@ const workspaceShare = {
   export: () => false,
   delete: () => false,
   auth: () => false,
-
+  relate_map: () => false,
+  
   doc_read: () => false,
   doc_create: () => false,
   doc_vector: () => false,

ui/src/permission/knowledge/workspace.ts

@@ -178,6 +178,23 @@ const workspace = {
       ],
       'OR',
     ),
+    relate_map: (source_id: string) =>
+    hasPermission(
+      [
+        new ComplexPermission(
+          [RoleConst.USER],
+          [PermissionConst.KNOWLEDGE.getKnowledgeWorkspaceResourcePermission(source_id)],
+          [],
+          'AND',
+        ),
+        RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
+        PermissionConst.KNOWLEDGE_RELATE_RESOURCE_VIEW.getKnowledgeWorkspaceResourcePermission(
+          source_id,
+        ),
+        PermissionConst.KNOWLEDGE_RELATE_RESOURCE_VIEW.getWorkspacePermissionWorkspaceManageRole,
+      ],
+      'OR',
+    ),
   export: (source_id: string) =>
     hasPermission(
       [

ui/src/permission/model/system-manage.ts

@@ -22,6 +22,12 @@ const systemManage = {
 
   auth: () => 
     hasPermission([RoleConst.ADMIN, PermissionConst.RESOURCE_MODEL_AUTH], 'OR'),
+  relate_map: () => 
+    hasPermission([
+      RoleConst.ADMIN,
+      PermissionConst.RESOURCE_MODEL_RELATE_RESOURCE_VIEW
+    ],'OR'
+    ),
   
   folderRead: () => false,
   folderManage: () => false,

ui/src/permission/model/system-share.ts

@@ -36,6 +36,7 @@ const share = {
       'OR',
     ),
   auth: () => false,
+  relate_map: () => false,
   folderRead: () => false,
   folderManage: () => false,
   folderCreate: () => false,

ui/src/permission/model/workspace.ts

@@ -53,6 +53,16 @@ const workspace = {
       ],
       'OR'
     ),
+  relate_map: (source_id:string) =>
+    hasPermission(
+      [
+        new ComplexPermission([RoleConst.USER],[PermissionConst.MODEL.getModelWorkspaceResourcePermission(source_id)],[],'AND'),
+        RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
+        PermissionConst.MODEL_RELATE_RESOURCE_VIEW.getModelWorkspaceResourcePermission(source_id),
+        PermissionConst.MODEL_RELATE_RESOURCE_VIEW.getWorkspacePermissionWorkspaceManageRole
+      ],
+      'OR'
+    ),
   folderEdit: () =>
     hasPermission(
       [

ui/src/permission/tool/system-manage.ts

@@ -73,6 +73,14 @@ const systemManage = {
       ],
       'OR',
     ),
+  relate_map: () =>
+    hasPermission(
+      [
+        RoleConst.ADMIN,
+        PermissionConst.RESOURCE_TOOL_RELATE_RESOURCE_VIEW
+      ],
+      'OR'
+    ),
   
   folderRead: () => false,
   folderManage: () => false,

ui/src/permission/tool/system-share.ts

@@ -77,6 +77,7 @@ const share = {
     ),
 
   auth: () => false,
+  relate_map: () => false,
 
   folderRead: () => false,
   folderManage: () => false,

ui/src/permission/tool/workspace.ts

@@ -151,6 +151,16 @@ const workspace = {
       ],
       'OR'
     ),
+  relate_map: (source_id:string) =>
+    hasPermission(
+      [
+        new ComplexPermission([RoleConst.USER],[PermissionConst.TOOL.getToolWorkspaceResourcePermission(source_id)],[],'AND'),
+        RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
+        PermissionConst.TOOL_RELATE_RESOURCE_VIEW.getToolWorkspaceResourcePermission(source_id),
+        PermissionConst.TOOL_RELATE_RESOURCE_VIEW.getWorkspacePermissionWorkspaceManageRole
+      ],
+      'OR'
+    ),
   debug: () =>
     hasPermission(
       [

ui/src/utils/permission/data.ts

@@ -120,6 +120,7 @@ const PermissionConst = {
   KNOWLEDGE_EXPORT: new Permission('KNOWLEDGE:READ+EXPORT'),
   KNOWLEDGE_DELETE: new Permission('KNOWLEDGE:READ+DELETE'),
   KNOWLEDGE_GENERATE: new Permission('KNOWLEDGE:READ+GENERATE'),
+  KNOWLEDGE_RELATE_RESOURCE_VIEW: new Permission('KNOWLEDGE:READ+RELATE_VIEW'),
   
   KNOWLEDGE_WORKFLOW_READ: new Permission('KNOWLEDGE_WORKFLOW:READ'),
   KNOWLEDGE_WORKFLOW_EDIT: new Permission('KNOWLEDGE_WORKFLOW:READ+EDIT'),
@@ -153,6 +154,7 @@ const PermissionConst = {
   MODEL_CREATE: new Permission('MODEL:READ+CREATE'),
   MODEL_EDIT: new Permission('MODEL:READ+EDIT'),
   MODEL_DELETE: new Permission('MODEL:READ+DELETE'),
+  MODEL_RELATE_RESOURCE_VIEW: new Permission('MODEL:READ+RELATE_VIEW'),
 
   APPLICATION_READ: new Permission('APPLICATION:READ'),
   APPLICATION_EXPORT: new Permission('APPLICATION:READ+EXPORT'),
@@ -205,6 +207,7 @@ const PermissionConst = {
   SHARED_KNOWLEDGE_EXPORT: new Permission('SYSTEM_KNOWLEDGE:READ+EXPORT'),
   SHARED_KNOWLEDGE_GENERATE: new Permission('SYSTEM_KNOWLEDGE:READ+GENERATE'),
   SHARED_KNOWLEDGE_DELETE: new Permission('SYSTEM_KNOWLEDGE:READ+DELETE'),
+  SHARED_KNOWLEDGE_RELATE_RESOURCE_VIEW: new Permission('SYSTEM_KNOWLEDGE:READ+RELATE_VIEW'),
   
   SHARED_KNOWLEDGE_WORKFLOW_READ: new Permission('SYSTEM_KNOWLEDGE_WORKFLOW:READ'),
   SHARED_KNOWLEDGE_WORKFLOW_EDIT: new Permission('SYSTEM_KNOWLEDGE_WORKFLOW:READ+EDIT'),
@@ -246,6 +249,7 @@ const PermissionConst = {
   TOOL_DELETE: new Permission('TOOL:READ+DELETE'),
   TOOL_IMPORT: new Permission('TOOL:READ+IMPORT'),
   TOOL_EXPORT: new Permission('TOOL:READ+EXPORT'),
+  TOOL_RELATE_RESOURCE_VIEW: new Permission('TOOL:READ+RELATE_VIEW'),
 
   RESOURCE_TOOL_CREATE: new Permission('SYSTEM_RESOURCE_TOOL:READ+CREATE'),
   RESOURCE_TOOL_EDIT: new Permission('SYSTEM_RESOURCE_TOOL:READ+EDIT'),
@@ -327,6 +331,9 @@ const PermissionConst = {
   RESOURCE_MODEL_AUTH: new Permission('SYSTEM_RESOURCE_MODEL:READ+AUTH'),
   RESOURCE_APPLICATION_AUTH: new Permission('SYSTEM_RESOURCE_APPLICATION:READ+AUTH'),
   RESOURCE_KNOWLEDGE_AUTH: new Permission('SYSTEM_RESOURCE_KNOWLEDGE:READ+AUTH'),
+  RESOURCE_KNOWLEDGE_RELATE_RESOURCE_VIEW: new Permission('SYSTEM_RESOURCE_KNOWLEDGE:READ+RELATE_VIEW'),
+  RESOURCE_MODEL_RELATE_RESOURCE_VIEW: new Permission('SYSTEM_RESOURCE_MODEL:READ+RELATE_VIEW'),
+  RESOURCE_TOOL_RELATE_RESOURCE_VIEW: new Permission('SYSTEM_RESOURCE_TOOL:READ+RELATE_VIEW'),
   RESOURCE_TOOL_AUTH: new Permission('SYSTEM_RESOURCE_TOOL:READ+AUTH'),
 
   APPEARANCE_SETTINGS_READ: new Permission('APPEARANCE_SETTINGS:READ'),

ui/src/views/knowledge/component/KnowledgeListContainer.vue

@@ -239,7 +239,11 @@
                             ></AppIcon>
                             {{ $t('views.system.resourceAuthorization.title') }}
                           </el-dropdown-item>
-                          <el-dropdown-item text @click.stop="openResourceMappingDrawer(item)">
+                          <el-dropdown-item
+                            text
+                            @click.stop="openResourceMappingDrawer(item)"
+                            v-if="permissionPrecise.relate_map(item.id)"
+                          >
                             <AppIcon
                               iconName="app-resource-mapping"
                               class="color-secondary"
@@ -347,15 +351,12 @@ import { SourceTypeEnum } from '@/enums/common'
 import { loadSharedApi } from '@/utils/dynamics-api/shared-api'
 import permissionMap from '@/permission'
 import TemplateStoreDialog from '@/views/knowledge/template-store/TemplateStoreDialog.vue'
-<<<<<<< Updated upstream
-=======
 import ResourceMappingDrawer from '@/components/resource_mapping/index.vue'
 const resourceMappingDrawerRef = ref<InstanceType<typeof ResourceMappingDrawer>>()
 
 const openResourceMappingDrawer = (knowledge: any) => {
   resourceMappingDrawerRef.value?.open('KNOWLEDGE', knowledge.id)
 }
->>>>>>> Stashed changes
 const router = useRouter()
 const route = useRoute()
 const { folder, user, knowledge } = useStore()
@@ -395,6 +396,7 @@ const MoreFilledPermission = (item: any) => {
     permissionPrecise.value.export(item.id) ||
     permissionPrecise.value.auth(item.id) ||
     permissionPrecise.value.delete(item.id) ||
+    permissionPrecise.value.relate_map(item.id) ||
     isSystemShare.value
   )
 }

ui/src/views/model/component/ModelCard.vue

@@ -111,7 +111,11 @@
               <AppIcon iconName="app-resource-authorization" class="color-secondary"></AppIcon>
               {{ $t('views.system.resourceAuthorization.title') }}
             </el-dropdown-item>
-            <el-dropdown-item text @click.stop="openResourceMappingDrawer(model)">
+            <el-dropdown-item
+              text
+              @click.stop="openResourceMappingDrawer(model)"
+              v-if="permissionPrecise.relate_map(model.id)"
+            >
               <AppIcon iconName="app-resource-mapping" class="color-secondary"></AppIcon>
               {{ $t('views.system.resourceMapping.title', '查看关联资源') }}
             </el-dropdown-item>
@@ -186,6 +190,7 @@ const MoreFilledPermission = (id: any) => {
     permissionPrecise.value.modify(id) ||
     permissionPrecise.value.delete(id) ||
     permissionPrecise.value.auth(id) ||
+    permissionPrecise.value.relate_map(id) ||
     isSystemShare.value
   )
 }

ui/src/views/tool/component/ToolListContainer.vue

@@ -291,7 +291,11 @@
                             ></AppIcon>
                             {{ $t('views.system.resourceAuthorization.title') }}
                           </el-dropdown-item>
-                          <el-dropdown-item text @click.stop="openResourceMappingDrawer(item)">
+                          <el-dropdown-item
+                            text
+                            @click.stop="openResourceMappingDrawer(item)"
+                            v-if="permissionPrecise.relate_map(item.id)"
+                          >
                             <AppIcon
                               iconName="app-resource-mapping"
                               class="color-secondary"
@@ -437,6 +441,7 @@ const MoreFieldPermission = (id: any) => {
     permissionPrecise.value.export(id) ||
     permissionPrecise.value.delete(id) ||
     permissionPrecise.value.auth(id) ||
+    permissionPrecise.value.relate_map(id) ||
     isSystemShare.value
   )
 }