feat: add extends role (#3428)

2025-12-26 10:12:51 +00:00 · 2025-06-30 11:50:59 +08:00 · 2025-06-30 11:50:59 +08:00 · 91e2dd7ea6
parent 4cb694fa65
commit 91e2dd7ea6
3 changed files with 35 additions and 9 deletions
--- a/apps/common/auth/handle/impl/user_token.py
+++ b/apps/common/auth/handle/impl/user_token.py
@ -219,10 +219,26 @@ def get_permission_list(user,
    return permission_list


-def reset_workspace_role(role, workspace_id):
-    if role == RoleConstants.ADMIN.value.__str__() or workspace_id is None:
-        return role
-    return f"{role}:/WORKSPACE/{workspace_id}"
+system_role_list = [RoleConstants.ADMIN.value.name, RoleConstants.WORKSPACE_MANAGE.value.name,
+                    RoleConstants.USER.value.name]
+
+system_role = RoleConstants.ADMIN.value.name
+
+
+def reset_workspace_role(role_id, workspace_id, role_dict):
+    if system_role_list.__contains__(role_id):
+        if system_role == role_id:
+            return role_id
+        else:
+            return f"{role_id}:/WORKSPACE/{workspace_id}"
+    else:
+        r = role_dict.get(role_id)
+        if r is not None:
+            return ''
+        role_type = role_dict.get(role_id).type
+        if system_role == role_type:
+            return RoleConstants.EXTENDS_ADMIN.value.name
+        return f"EXTENDS_{role_type}:/WORKSPACE/{workspace_id}"


 def get_role_list(user,
@ -242,11 +258,14 @@ def get_role_list(user,
        if is_query_model:
            # 获取工作空间 用户 角色映射数据
            workspace_user_role_mapping_list = QuerySet(workspace_user_role_mapping_model).filter(user_id=user.id)
-            role_list = [reset_workspace_role(workspace_user_role_mapping.role_id,
-                                              workspace_user_role_mapping.workspace_id)
-                         for
-                         workspace_user_role_mapping in
-                         workspace_user_role_mapping_list]
+            role_list = QuerySet(role_model).filter(id__in=[wurm.role_id for wurm in workspace_user_role_mapping_list])
+            role_dict = {r.id: r for r in role_list}
+            role_list = list(set([reset_workspace_role(workspace_user_role_mapping.role_id,
+                                                       workspace_user_role_mapping.workspace_id,
+                                                       role_dict)
+                                  for
+                                  workspace_user_role_mapping in
+                                  workspace_user_role_mapping_list]))
            cache.set(key, workspace_list, version=version)
            return role_list
        else:
--- a/apps/common/constants/permission_constants.py
+++ b/apps/common/constants/permission_constants.py
@ -255,6 +255,10 @@ class RoleConstants(Enum):
    CHAT_ANONYMOUS_USER = Role("CHAT_ANONYMOUS_USER", "对话匿名用户", RoleGroup.CHAT_USER)
    CHAT_USER = Role("CHAT_USER", "对话用户", RoleGroup.CHAT_USER)

+    EXTENDS_ADMIN = Role("EXTENDS_ADMIN", '继承超级管理员', RoleGroup.SYSTEM_USER)
+    EXTENDS_WORKSPACE_MANAGE = Role("EXTENDS_WORKSPACE_MANAGE", "继承工作空间管理员", RoleGroup.CHAT_USER)
+    EXTENDS_USER = Role("EXTENDS_USER", "继承普通用户", RoleGroup.CHAT_USER)
+
    def get_workspace_role(self):
        return lambda r, kwargs: Role(name=self.value.name,
                                      decs=self.value.decs,
--- a/ui/src/utils/permission/data.ts
+++ b/ui/src/utils/permission/data.ts
@ -253,6 +253,9 @@ const RoleConst = {
  ADMIN: new Role('ADMIN'),
  WORKSPACE_MANAGE: new Role('WORKSPACE_MANAGE'),
  USER: new Role('USER'),
+  EXTENDS_ADMIN: new Role('EXTENDS_ADMIN'),
+  EXTENDS_WORKSPACE_MANAGE: new Role('EXTENDS_WORKSPACE_MANAGE'),
+  EXTENDS_USER: new Role('EXTENDS_USER'),
 }
 const EditionConst = {
  IS_PE: new Edition('X-PACK-PE'),