From 91e2dd7ea64ae12db0815f1d320f4d1fc25d14a8 Mon Sep 17 00:00:00 2001 From: shaohuzhang1 <80892890+shaohuzhang1@users.noreply.github.com> Date: Mon, 30 Jun 2025 11:50:59 +0800 Subject: [PATCH] feat: add extends role (#3428) --- apps/common/auth/handle/impl/user_token.py | 37 ++++++++++++++----- apps/common/constants/permission_constants.py | 4 ++ ui/src/utils/permission/data.ts | 3 ++ 3 files changed, 35 insertions(+), 9 deletions(-) diff --git a/apps/common/auth/handle/impl/user_token.py b/apps/common/auth/handle/impl/user_token.py index e232e3838..3eb934301 100644 --- a/apps/common/auth/handle/impl/user_token.py +++ b/apps/common/auth/handle/impl/user_token.py @@ -219,10 +219,26 @@ def get_permission_list(user, return permission_list -def reset_workspace_role(role, workspace_id): - if role == RoleConstants.ADMIN.value.__str__() or workspace_id is None: - return role - return f"{role}:/WORKSPACE/{workspace_id}" +system_role_list = [RoleConstants.ADMIN.value.name, RoleConstants.WORKSPACE_MANAGE.value.name, + RoleConstants.USER.value.name] + +system_role = RoleConstants.ADMIN.value.name + + +def reset_workspace_role(role_id, workspace_id, role_dict): + if system_role_list.__contains__(role_id): + if system_role == role_id: + return role_id + else: + return f"{role_id}:/WORKSPACE/{workspace_id}" + else: + r = role_dict.get(role_id) + if r is not None: + return '' + role_type = role_dict.get(role_id).type + if system_role == role_type: + return RoleConstants.EXTENDS_ADMIN.value.name + return f"EXTENDS_{role_type}:/WORKSPACE/{workspace_id}" def get_role_list(user, @@ -242,11 +258,14 @@ def get_role_list(user, if is_query_model: # 获取工作空间 用户 角色映射数据 workspace_user_role_mapping_list = QuerySet(workspace_user_role_mapping_model).filter(user_id=user.id) - role_list = [reset_workspace_role(workspace_user_role_mapping.role_id, - workspace_user_role_mapping.workspace_id) - for - workspace_user_role_mapping in - workspace_user_role_mapping_list] + role_list = QuerySet(role_model).filter(id__in=[wurm.role_id for wurm in workspace_user_role_mapping_list]) + role_dict = {r.id: r for r in role_list} + role_list = list(set([reset_workspace_role(workspace_user_role_mapping.role_id, + workspace_user_role_mapping.workspace_id, + role_dict) + for + workspace_user_role_mapping in + workspace_user_role_mapping_list])) cache.set(key, workspace_list, version=version) return role_list else: diff --git a/apps/common/constants/permission_constants.py b/apps/common/constants/permission_constants.py index 5def4cb7b..262fd0b9a 100644 --- a/apps/common/constants/permission_constants.py +++ b/apps/common/constants/permission_constants.py @@ -255,6 +255,10 @@ class RoleConstants(Enum): CHAT_ANONYMOUS_USER = Role("CHAT_ANONYMOUS_USER", "对话匿名用户", RoleGroup.CHAT_USER) CHAT_USER = Role("CHAT_USER", "对话用户", RoleGroup.CHAT_USER) + EXTENDS_ADMIN = Role("EXTENDS_ADMIN", '继承超级管理员', RoleGroup.SYSTEM_USER) + EXTENDS_WORKSPACE_MANAGE = Role("EXTENDS_WORKSPACE_MANAGE", "继承工作空间管理员", RoleGroup.CHAT_USER) + EXTENDS_USER = Role("EXTENDS_USER", "继承普通用户", RoleGroup.CHAT_USER) + def get_workspace_role(self): return lambda r, kwargs: Role(name=self.value.name, decs=self.value.decs, diff --git a/ui/src/utils/permission/data.ts b/ui/src/utils/permission/data.ts index b14e540d7..51ea33837 100644 --- a/ui/src/utils/permission/data.ts +++ b/ui/src/utils/permission/data.ts @@ -253,6 +253,9 @@ const RoleConst = { ADMIN: new Role('ADMIN'), WORKSPACE_MANAGE: new Role('WORKSPACE_MANAGE'), USER: new Role('USER'), + EXTENDS_ADMIN: new Role('EXTENDS_ADMIN'), + EXTENDS_WORKSPACE_MANAGE: new Role('EXTENDS_WORKSPACE_MANAGE'), + EXTENDS_USER: new Role('EXTENDS_USER'), } const EditionConst = { IS_PE: new Edition('X-PACK-PE'),