diff --git a/apps/common/constants/permission_constants.py b/apps/common/constants/permission_constants.py index 564c7b3b8..2fe17a182 100644 --- a/apps/common/constants/permission_constants.py +++ b/apps/common/constants/permission_constants.py @@ -182,7 +182,7 @@ class Operate(Enum): TAG = "READ+TAG" # 标签设置 REPLACE = "READ+REPLACE" # 标签设置 UPDATE = "READ+UPDATE" # 更新license - + RELATE_VIEW = "READ+RELATE_VIEW" class RoleGroup(Enum): # 系统用户 @@ -360,6 +360,7 @@ Permission_Label = { Operate.AUTH.value: _('resource authorization'), Operate.TAG.value: _('Tag Setting'), Operate.REPLACE.value: _('Replace Original Document'), + Operate.RELATE_VIEW.value: _('View related resources'), Group.APPLICATION_OVERVIEW.value: _('Overview'), Group.APPLICATION_ACCESS.value: _('Application Access'), @@ -518,6 +519,11 @@ class PermissionConstants(Enum): parent_group=[WorkspaceGroup.MODEL, UserGroup.MODEL], resource_permission_group_list=[ResourcePermissionConst.MODEL_MANGE] ) + MODEL_RELATE_RESOURCE_VIEW = Permission( + group=Group.MODEL, operate=Operate.RELATE_VIEW, role_list=[RoleConstants.ADMIN, RoleConstants.USER], + parent_group=[WorkspaceGroup.MODEL, UserGroup.MODEL], + resource_permission_group_list=[ResourcePermissionConst.MODEL_MANGE] + ) TOOL_READ = Permission( group=Group.TOOL, operate=Operate.READ, role_list=[RoleConstants.ADMIN, RoleConstants.USER], parent_group=[WorkspaceGroup.TOOL, UserGroup.TOOL], @@ -556,6 +562,11 @@ class PermissionConstants(Enum): parent_group=[WorkspaceGroup.TOOL, UserGroup.TOOL], resource_permission_group_list=[ResourcePermissionConst.TOOL_MANGE] ) + TOOL_RELATE_RESOURCE_VIEW = Permission( + group=Group.TOOL, operate=Operate.RELATE_VIEW, role_list=[RoleConstants.ADMIN, RoleConstants.USER], + parent_group=[WorkspaceGroup.TOOL, UserGroup.TOOL], + resource_permission_group_list=[ResourcePermissionConst.TOOL_MANGE] + ) TOOL_FOLDER_READ = Permission( group=Group.TOOL_FOLDER, operate=Operate.READ, role_list=[RoleConstants.ADMIN, RoleConstants.USER], parent_group=[UserGroup.TOOL], @@ -626,6 +637,11 @@ class PermissionConstants(Enum): resource_permission_group_list=[ResourcePermissionConst.KNOWLEDGE_MANGE], parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE] ) + KNOWLEDGE_RELATE_RESOURCE_VIEW = Permission( + group=Group.KNOWLEDGE, operate=Operate.RELATE_VIEW, role_list=[RoleConstants.ADMIN, RoleConstants.USER], + parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE], + resource_permission_group_list=[ResourcePermissionConst.KNOWLEDGE_MANGE] + ) KNOWLEDGE_FOLDER_READ = Permission( group=Group.KNOWLEDGE_FOLDER, operate=Operate.READ, role_list=[RoleConstants.ADMIN, RoleConstants.USER], resource_permission_group_list=[ResourcePermissionConst.KNOWLEDGE_VIEW], diff --git a/apps/locales/en_US/LC_MESSAGES/django.po b/apps/locales/en_US/LC_MESSAGES/django.po index 87ccbf363..1b1472cf2 100644 --- a/apps/locales/en_US/LC_MESSAGES/django.po +++ b/apps/locales/en_US/LC_MESSAGES/django.po @@ -8892,4 +8892,7 @@ msgid "Authorized pagination list for obtaining resources" msgstr "" msgid "Resources mapping" +msgstr "" + +msgid "View related resources" msgstr "" \ No newline at end of file diff --git a/apps/locales/zh_CN/LC_MESSAGES/django.po b/apps/locales/zh_CN/LC_MESSAGES/django.po index 8dff225c8..a37b3478a 100644 --- a/apps/locales/zh_CN/LC_MESSAGES/django.po +++ b/apps/locales/zh_CN/LC_MESSAGES/django.po @@ -9018,4 +9018,7 @@ msgid "Authorized pagination list for obtaining resources" msgstr "获取资源的关系分页列表" msgid "Resources mapping" -msgstr "资源映射" \ No newline at end of file +msgstr "资源映射" + +msgid "View related resources" +msgstr "查看关联资源" diff --git a/apps/locales/zh_Hant/LC_MESSAGES/django.po b/apps/locales/zh_Hant/LC_MESSAGES/django.po index 4df8df837..15c1e1cfc 100644 --- a/apps/locales/zh_Hant/LC_MESSAGES/django.po +++ b/apps/locales/zh_Hant/LC_MESSAGES/django.po @@ -9018,4 +9018,7 @@ msgid "Authorized pagination list for obtaining resources" msgstr "獲取資源的關係分頁清單" msgid "Resources mapping" -msgstr "資源映射" \ No newline at end of file +msgstr "資源映射" + +msgid "View related resources" +msgstr "查看關聯資源" diff --git a/apps/system_manage/views/resource_mapping.py b/apps/system_manage/views/resource_mapping.py index 08a8e60b0..13ebc9e9a 100644 --- a/apps/system_manage/views/resource_mapping.py +++ b/apps/system_manage/views/resource_mapping.py @@ -14,6 +14,9 @@ from rest_framework.views import APIView from common import result from common.auth import TokenAuth +from common.auth.authentication import has_permissions +from common.constants.permission_constants import Permission, Group, Operate, RoleConstants, ViewPermission, \ + CompareConstants from system_manage.api.resource_mapping import ResourceMappingAPI from system_manage.serializers.resource_mapping_serializers import ResourceMappingSerializer @@ -29,6 +32,19 @@ class ResourceMappingView(APIView): parameters=ResourceMappingAPI.get_parameters(), tags=[_('Resources mapping')] # type: ignore ) + @has_permissions( + lambda r, kwargs: Permission(group=Group(kwargs.get('resource')), + operate=Operate.RELATE_VIEW, + resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}:ROLE/WORKSPACE_MANAGE"), + lambda r, kwargs: Permission(group=Group(kwargs.get('resource')), + operate=Operate.RELATE_VIEW, + resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}/{kwargs.get('resource')}/{kwargs.get('resource_id')}"), + ViewPermission([RoleConstants.USER.get_workspace_role()], + [lambda r, kwargs: Permission(group=Group(kwargs.get('resource')), + operate=Operate.SELF, + resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}/{kwargs.get('resource')}/{kwargs.get('resource_id')}")], + CompareConstants.AND), + RoleConstants.WORKSPACE_MANAGE.get_workspace_role()) def get(self, request: Request, workspace_id: str, resource: str, resource_id: str, current_page, page_size): return result.success(ResourceMappingSerializer({ 'resource': resource, diff --git a/ui/src/permission/knowledge/system-manage.ts b/ui/src/permission/knowledge/system-manage.ts index e5a613f58..52a88778b 100644 --- a/ui/src/permission/knowledge/system-manage.ts +++ b/ui/src/permission/knowledge/system-manage.ts @@ -212,6 +212,12 @@ const systemManage = { PermissionConst.RESOURCE_KNOWLEDGE_AUTH ],'OR' ), + relate_map: () => + hasPermission([ + RoleConst.ADMIN, + PermissionConst.RESOURCE_KNOWLEDGE_RELATE_RESOURCE_VIEW + ],'OR' + ), folderRead: () => false, folderManage: () => false, folderCreate: () => false, diff --git a/ui/src/permission/knowledge/system-share.ts b/ui/src/permission/knowledge/system-share.ts index bea38416d..c13038301 100644 --- a/ui/src/permission/knowledge/system-share.ts +++ b/ui/src/permission/knowledge/system-share.ts @@ -65,6 +65,7 @@ const share = { chat_user_edit: () => false, auth: () => false, + relate_map: () => hasPermission([RoleConst.ADMIN, PermissionConst.SHARED_KNOWLEDGE_RELATE_RESOURCE_VIEW], 'OR'), folderRead: () => false, folderManage: () => false, folderCreate: () => false, diff --git a/ui/src/permission/knowledge/workspace-share.ts b/ui/src/permission/knowledge/workspace-share.ts index ebb33ff81..5b773999e 100644 --- a/ui/src/permission/knowledge/workspace-share.ts +++ b/ui/src/permission/knowledge/workspace-share.ts @@ -11,7 +11,8 @@ const workspaceShare = { export: () => false, delete: () => false, auth: () => false, - + relate_map: () => false, + doc_read: () => false, doc_create: () => false, doc_vector: () => false, diff --git a/ui/src/permission/knowledge/workspace.ts b/ui/src/permission/knowledge/workspace.ts index a47b744f6..977841bc7 100644 --- a/ui/src/permission/knowledge/workspace.ts +++ b/ui/src/permission/knowledge/workspace.ts @@ -178,6 +178,23 @@ const workspace = { ], 'OR', ), + relate_map: (source_id: string) => + hasPermission( + [ + new ComplexPermission( + [RoleConst.USER], + [PermissionConst.KNOWLEDGE.getKnowledgeWorkspaceResourcePermission(source_id)], + [], + 'AND', + ), + RoleConst.WORKSPACE_MANAGE.getWorkspaceRole, + PermissionConst.KNOWLEDGE_RELATE_RESOURCE_VIEW.getKnowledgeWorkspaceResourcePermission( + source_id, + ), + PermissionConst.KNOWLEDGE_RELATE_RESOURCE_VIEW.getWorkspacePermissionWorkspaceManageRole, + ], + 'OR', + ), export: (source_id: string) => hasPermission( [ diff --git a/ui/src/permission/model/system-manage.ts b/ui/src/permission/model/system-manage.ts index 9b247599f..e55e38c7d 100644 --- a/ui/src/permission/model/system-manage.ts +++ b/ui/src/permission/model/system-manage.ts @@ -22,6 +22,12 @@ const systemManage = { auth: () => hasPermission([RoleConst.ADMIN, PermissionConst.RESOURCE_MODEL_AUTH], 'OR'), + relate_map: () => + hasPermission([ + RoleConst.ADMIN, + PermissionConst.RESOURCE_MODEL_RELATE_RESOURCE_VIEW + ],'OR' + ), folderRead: () => false, folderManage: () => false, diff --git a/ui/src/permission/model/system-share.ts b/ui/src/permission/model/system-share.ts index b152b26d8..8e13e8ca4 100644 --- a/ui/src/permission/model/system-share.ts +++ b/ui/src/permission/model/system-share.ts @@ -36,6 +36,7 @@ const share = { 'OR', ), auth: () => false, + relate_map: () => false, folderRead: () => false, folderManage: () => false, folderCreate: () => false, diff --git a/ui/src/permission/model/workspace.ts b/ui/src/permission/model/workspace.ts index 0634154d6..c4fb6561f 100644 --- a/ui/src/permission/model/workspace.ts +++ b/ui/src/permission/model/workspace.ts @@ -53,6 +53,16 @@ const workspace = { ], 'OR' ), + relate_map: (source_id:string) => + hasPermission( + [ + new ComplexPermission([RoleConst.USER],[PermissionConst.MODEL.getModelWorkspaceResourcePermission(source_id)],[],'AND'), + RoleConst.WORKSPACE_MANAGE.getWorkspaceRole, + PermissionConst.MODEL_RELATE_RESOURCE_VIEW.getModelWorkspaceResourcePermission(source_id), + PermissionConst.MODEL_RELATE_RESOURCE_VIEW.getWorkspacePermissionWorkspaceManageRole + ], + 'OR' + ), folderEdit: () => hasPermission( [ diff --git a/ui/src/permission/tool/system-manage.ts b/ui/src/permission/tool/system-manage.ts index 9c07d106e..cf16dcb04 100644 --- a/ui/src/permission/tool/system-manage.ts +++ b/ui/src/permission/tool/system-manage.ts @@ -73,6 +73,14 @@ const systemManage = { ], 'OR', ), + relate_map: () => + hasPermission( + [ + RoleConst.ADMIN, + PermissionConst.RESOURCE_TOOL_RELATE_RESOURCE_VIEW + ], + 'OR' + ), folderRead: () => false, folderManage: () => false, diff --git a/ui/src/permission/tool/system-share.ts b/ui/src/permission/tool/system-share.ts index db9787961..040e1e729 100644 --- a/ui/src/permission/tool/system-share.ts +++ b/ui/src/permission/tool/system-share.ts @@ -77,6 +77,7 @@ const share = { ), auth: () => false, + relate_map: () => false, folderRead: () => false, folderManage: () => false, diff --git a/ui/src/permission/tool/workspace.ts b/ui/src/permission/tool/workspace.ts index b3b3bc28b..9bea9cc39 100644 --- a/ui/src/permission/tool/workspace.ts +++ b/ui/src/permission/tool/workspace.ts @@ -151,6 +151,16 @@ const workspace = { ], 'OR' ), + relate_map: (source_id:string) => + hasPermission( + [ + new ComplexPermission([RoleConst.USER],[PermissionConst.TOOL.getToolWorkspaceResourcePermission(source_id)],[],'AND'), + RoleConst.WORKSPACE_MANAGE.getWorkspaceRole, + PermissionConst.TOOL_RELATE_RESOURCE_VIEW.getToolWorkspaceResourcePermission(source_id), + PermissionConst.TOOL_RELATE_RESOURCE_VIEW.getWorkspacePermissionWorkspaceManageRole + ], + 'OR' + ), debug: () => hasPermission( [ diff --git a/ui/src/utils/permission/data.ts b/ui/src/utils/permission/data.ts index b461db5df..2584d3923 100644 --- a/ui/src/utils/permission/data.ts +++ b/ui/src/utils/permission/data.ts @@ -120,6 +120,7 @@ const PermissionConst = { KNOWLEDGE_EXPORT: new Permission('KNOWLEDGE:READ+EXPORT'), KNOWLEDGE_DELETE: new Permission('KNOWLEDGE:READ+DELETE'), KNOWLEDGE_GENERATE: new Permission('KNOWLEDGE:READ+GENERATE'), + KNOWLEDGE_RELATE_RESOURCE_VIEW: new Permission('KNOWLEDGE:READ+RELATE_VIEW'), KNOWLEDGE_WORKFLOW_READ: new Permission('KNOWLEDGE_WORKFLOW:READ'), KNOWLEDGE_WORKFLOW_EDIT: new Permission('KNOWLEDGE_WORKFLOW:READ+EDIT'), @@ -153,6 +154,7 @@ const PermissionConst = { MODEL_CREATE: new Permission('MODEL:READ+CREATE'), MODEL_EDIT: new Permission('MODEL:READ+EDIT'), MODEL_DELETE: new Permission('MODEL:READ+DELETE'), + MODEL_RELATE_RESOURCE_VIEW: new Permission('MODEL:READ+RELATE_VIEW'), APPLICATION_READ: new Permission('APPLICATION:READ'), APPLICATION_EXPORT: new Permission('APPLICATION:READ+EXPORT'), @@ -205,6 +207,7 @@ const PermissionConst = { SHARED_KNOWLEDGE_EXPORT: new Permission('SYSTEM_KNOWLEDGE:READ+EXPORT'), SHARED_KNOWLEDGE_GENERATE: new Permission('SYSTEM_KNOWLEDGE:READ+GENERATE'), SHARED_KNOWLEDGE_DELETE: new Permission('SYSTEM_KNOWLEDGE:READ+DELETE'), + SHARED_KNOWLEDGE_RELATE_RESOURCE_VIEW: new Permission('SYSTEM_KNOWLEDGE:READ+RELATE_VIEW'), SHARED_KNOWLEDGE_WORKFLOW_READ: new Permission('SYSTEM_KNOWLEDGE_WORKFLOW:READ'), SHARED_KNOWLEDGE_WORKFLOW_EDIT: new Permission('SYSTEM_KNOWLEDGE_WORKFLOW:READ+EDIT'), @@ -246,6 +249,7 @@ const PermissionConst = { TOOL_DELETE: new Permission('TOOL:READ+DELETE'), TOOL_IMPORT: new Permission('TOOL:READ+IMPORT'), TOOL_EXPORT: new Permission('TOOL:READ+EXPORT'), + TOOL_RELATE_RESOURCE_VIEW: new Permission('TOOL:READ+RELATE_VIEW'), RESOURCE_TOOL_CREATE: new Permission('SYSTEM_RESOURCE_TOOL:READ+CREATE'), RESOURCE_TOOL_EDIT: new Permission('SYSTEM_RESOURCE_TOOL:READ+EDIT'), @@ -327,6 +331,9 @@ const PermissionConst = { RESOURCE_MODEL_AUTH: new Permission('SYSTEM_RESOURCE_MODEL:READ+AUTH'), RESOURCE_APPLICATION_AUTH: new Permission('SYSTEM_RESOURCE_APPLICATION:READ+AUTH'), RESOURCE_KNOWLEDGE_AUTH: new Permission('SYSTEM_RESOURCE_KNOWLEDGE:READ+AUTH'), + RESOURCE_KNOWLEDGE_RELATE_RESOURCE_VIEW: new Permission('SYSTEM_RESOURCE_KNOWLEDGE:READ+RELATE_VIEW'), + RESOURCE_MODEL_RELATE_RESOURCE_VIEW: new Permission('SYSTEM_RESOURCE_MODEL:READ+RELATE_VIEW'), + RESOURCE_TOOL_RELATE_RESOURCE_VIEW: new Permission('SYSTEM_RESOURCE_TOOL:READ+RELATE_VIEW'), RESOURCE_TOOL_AUTH: new Permission('SYSTEM_RESOURCE_TOOL:READ+AUTH'), APPEARANCE_SETTINGS_READ: new Permission('APPEARANCE_SETTINGS:READ'), diff --git a/ui/src/views/knowledge/component/KnowledgeListContainer.vue b/ui/src/views/knowledge/component/KnowledgeListContainer.vue index 81783077b..ac9a8df1d 100644 --- a/ui/src/views/knowledge/component/KnowledgeListContainer.vue +++ b/ui/src/views/knowledge/component/KnowledgeListContainer.vue @@ -239,7 +239,11 @@ > {{ $t('views.system.resourceAuthorization.title') }} - + >() const openResourceMappingDrawer = (knowledge: any) => { resourceMappingDrawerRef.value?.open('KNOWLEDGE', knowledge.id) } ->>>>>>> Stashed changes const router = useRouter() const route = useRoute() const { folder, user, knowledge } = useStore() @@ -395,6 +396,7 @@ const MoreFilledPermission = (item: any) => { permissionPrecise.value.export(item.id) || permissionPrecise.value.auth(item.id) || permissionPrecise.value.delete(item.id) || + permissionPrecise.value.relate_map(item.id) || isSystemShare.value ) } diff --git a/ui/src/views/model/component/ModelCard.vue b/ui/src/views/model/component/ModelCard.vue index a9399bf57..c27a3eb66 100644 --- a/ui/src/views/model/component/ModelCard.vue +++ b/ui/src/views/model/component/ModelCard.vue @@ -111,7 +111,11 @@ {{ $t('views.system.resourceAuthorization.title') }} - + {{ $t('views.system.resourceMapping.title', '查看关联资源') }} @@ -186,6 +190,7 @@ const MoreFilledPermission = (id: any) => { permissionPrecise.value.modify(id) || permissionPrecise.value.delete(id) || permissionPrecise.value.auth(id) || + permissionPrecise.value.relate_map(id) || isSystemShare.value ) } diff --git a/ui/src/views/tool/component/ToolListContainer.vue b/ui/src/views/tool/component/ToolListContainer.vue index 3baa4d584..450cb70e5 100644 --- a/ui/src/views/tool/component/ToolListContainer.vue +++ b/ui/src/views/tool/component/ToolListContainer.vue @@ -291,7 +291,11 @@ > {{ $t('views.system.resourceAuthorization.title') }} - + { permissionPrecise.value.export(id) || permissionPrecise.value.delete(id) || permissionPrecise.value.auth(id) || + permissionPrecise.value.relate_map(id) || isSystemShare.value ) }