From 7998133e35d08fc0e8b3bc4d064e3a32f4450407 Mon Sep 17 00:00:00 2001 From: CaptainB Date: Thu, 5 Jun 2025 10:31:29 +0800 Subject: [PATCH] feat: update permission constants for knowledge documents and problems to include resource permission groups --- apps/common/constants/permission_constants.py | 17 ++++++++++++++++- apps/knowledge/views/document.py | 2 +- 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/apps/common/constants/permission_constants.py b/apps/common/constants/permission_constants.py index 4974cddfa..fdb227481 100644 --- a/apps/common/constants/permission_constants.py +++ b/apps/common/constants/permission_constants.py @@ -369,72 +369,87 @@ class PermissionConstants(Enum): KNOWLEDGE_DOCUMENT_READ = Permission( group=Group.KNOWLEDGE_DOCUMENT, operate=Operate.READ, role_list=[RoleConstants.ADMIN, RoleConstants.USER], + resource_permission_group_list=[ResourcePermissionGroup.VIEW], parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE] ) KNOWLEDGE_DOCUMENT_CREATE = Permission( group=Group.KNOWLEDGE_DOCUMENT, operate=Operate.CREATE, role_list=[RoleConstants.ADMIN, RoleConstants.USER], + resource_permission_group_list=[ResourcePermissionGroup.VIEW, ResourcePermissionGroup.MANAGE], parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE] ) KNOWLEDGE_DOCUMENT_EDIT = Permission( group=Group.KNOWLEDGE_DOCUMENT, operate=Operate.EDIT, role_list=[RoleConstants.ADMIN, RoleConstants.USER], + resource_permission_group_list=[ResourcePermissionGroup.VIEW, ResourcePermissionGroup.MANAGE], parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE] ) KNOWLEDGE_DOCUMENT_DELETE = Permission( group=Group.KNOWLEDGE_DOCUMENT, operate=Operate.DELETE, role_list=[RoleConstants.ADMIN, RoleConstants.USER], + resource_permission_group_list=[ResourcePermissionGroup.VIEW, ResourcePermissionGroup.MANAGE], parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE] ) KNOWLEDGE_DOCUMENT_SYNC = Permission( group=Group.KNOWLEDGE_DOCUMENT, operate=Operate.SYNC, role_list=[RoleConstants.ADMIN, RoleConstants.USER], + resource_permission_group_list=[ResourcePermissionGroup.VIEW, ResourcePermissionGroup.MANAGE], parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE] ) KNOWLEDGE_DOCUMENT_EXPORT = Permission( group=Group.KNOWLEDGE_DOCUMENT, operate=Operate.EXPORT, role_list=[RoleConstants.ADMIN, RoleConstants.USER], + resource_permission_group_list=[ResourcePermissionGroup.VIEW, ResourcePermissionGroup.MANAGE], parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE] ) - KNOWLEDGE_DOCUMENT_DOWNLOAD_RAW = Permission( + KNOWLEDGE_DOCUMENT_DOWNLOAD_SOURCE_FILE = Permission( group=Group.KNOWLEDGE_DOCUMENT, operate=Operate.EXPORT, role_list=[RoleConstants.ADMIN, RoleConstants.USER], + resource_permission_group_list=[ResourcePermissionGroup.VIEW, ResourcePermissionGroup.MANAGE], parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE] ) KNOWLEDGE_DOCUMENT_GENERATE = Permission( group=Group.KNOWLEDGE_DOCUMENT, operate=Operate.GENERATE, role_list=[RoleConstants.ADMIN, RoleConstants.USER], + resource_permission_group_list=[ResourcePermissionGroup.VIEW, ResourcePermissionGroup.MANAGE], parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE] ) KNOWLEDGE_DOCUMENT_VECTOR = Permission( group=Group.KNOWLEDGE_DOCUMENT, operate=Operate.VECTOR, role_list=[RoleConstants.ADMIN, RoleConstants.USER], + resource_permission_group_list=[ResourcePermissionGroup.VIEW, ResourcePermissionGroup.MANAGE], parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE] ) KNOWLEDGE_DOCUMENT_MIGRATE = Permission( group=Group.KNOWLEDGE_DOCUMENT, operate=Operate.MIGRATE, role_list=[RoleConstants.ADMIN, RoleConstants.USER], + resource_permission_group_list=[ResourcePermissionGroup.VIEW, ResourcePermissionGroup.MANAGE], parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE] ) KNOWLEDGE_PROBLEM_READ = Permission( group=Group.KNOWLEDGE_PROBLEM, operate=Operate.READ, role_list=[RoleConstants.ADMIN, RoleConstants.USER], + resource_permission_group_list=[ResourcePermissionGroup.VIEW], parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE] ) KNOWLEDGE_PROBLEM_CREATE = Permission( group=Group.KNOWLEDGE_PROBLEM, operate=Operate.CREATE, role_list=[RoleConstants.ADMIN, RoleConstants.USER], + resource_permission_group_list=[ResourcePermissionGroup.VIEW, ResourcePermissionGroup.MANAGE], parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE] ) KNOWLEDGE_PROBLEM_EDIT = Permission( group=Group.KNOWLEDGE_PROBLEM, operate=Operate.EDIT, role_list=[RoleConstants.ADMIN, RoleConstants.USER], + resource_permission_group_list=[ResourcePermissionGroup.VIEW, ResourcePermissionGroup.MANAGE], parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE] ) KNOWLEDGE_PROBLEM_DELETE = Permission( group=Group.KNOWLEDGE_PROBLEM, operate=Operate.DELETE, role_list=[RoleConstants.ADMIN, RoleConstants.USER], + resource_permission_group_list=[ResourcePermissionGroup.VIEW, ResourcePermissionGroup.MANAGE], parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE] ) KNOWLEDGE_PROBLEM_RELATE = Permission( group=Group.KNOWLEDGE_PROBLEM, operate=Operate.RELATE, role_list=[RoleConstants.ADMIN, RoleConstants.USER], + resource_permission_group_list=[ResourcePermissionGroup.VIEW, ResourcePermissionGroup.MANAGE], parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE] ) WORKSPACE_USER_RESOURCE_PERMISSION_READ = Permission( diff --git a/apps/knowledge/views/document.py b/apps/knowledge/views/document.py index 275250759..6a85bfd8b 100644 --- a/apps/knowledge/views/document.py +++ b/apps/knowledge/views/document.py @@ -427,7 +427,7 @@ class DocumentView(APIView): responses=DocumentDownloadSourceAPI.get_response(), tags=[_('Knowledge Base/Documentation')] # type: ignore ) - @has_permissions(PermissionConstants.KNOWLEDGE_DOCUMENT_DOWNLOAD_RAW.get_workspace_knowledge_permission()) + @has_permissions(PermissionConstants.KNOWLEDGE_DOCUMENT_DOWNLOAD_SOURCE_FILE.get_workspace_knowledge_permission()) def get(self, request: Request, workspace_id: str, knowledge_id: str, document_id: str): return DocumentSerializers.Operate(data={ 'workspace_id': workspace_id, 'document_id': document_id, 'knowledge_id': knowledge_id