feat: hit test permission

2025-12-26 09:43:10 +00:00 · 2025-07-01 18:05:57 +08:00 · 2025-07-01 18:05:57 +08:00 · a4143eed23
parent 8c0361bbc2
commit a4143eed23
6 changed files with 55 additions and 22 deletions
--- a/apps/common/constants/permission_constants.py
+++ b/apps/common/constants/permission_constants.py
@ -19,6 +19,7 @@ class Group(Enum):
    """
    权限组 一个组一般对应前端一个菜单
    """
+
    USER = "USER_MANAGEMENT"
    # 应用
    APPLICATION = "APPLICATION"
@ -36,7 +37,7 @@ class Group(Enum):
    KNOWLEDGE = "KNOWLEDGE"
    SYSTEM_KNOWLEDGE = "SYSTEM_KNOWLEDGE"
    SYSTEM_RES_KNOWLEDGE = "SYSTEM_RESOURCE_KNOWLEDGE"
-
+    KNOWLEDGE_HIT_TEST = "KNOWLEDGE_HIT_TEST"
    KNOWLEDGE_DOCUMENT = "KNOWLEDGE_DOCUMENT"
    SYSTEM_KNOWLEDGE_DOCUMENT = "SYSTEM_KNOWLEDGE_DOCUMENT"
    SYSTEM_RES_KNOWLEDGE_DOCUMENT = "SYSTEM_RESOURCE_KNOWLEDGE_DOCUMENT"
@ -44,6 +45,8 @@ class Group(Enum):
    KNOWLEDGE_PROBLEM = "KNOWLEDGE_PROBLEM"
    SYSTEM_KNOWLEDGE_PROBLEM = "SYSTEM_KNOWLEDGE_PROBLEM"
    SYSTEM_RES_KNOWLEDGE_PROBLEM = "SYSTEM_RESOURCE_KNOWLEDGE_PROBLEM"
+
+    SYSTEM_KNOWLEDGE_HIT_TEST = "SYSTEM_KNOWLEDGE_HIT_TEST"
    SYSTEM_KNOWLEDGE_CHAT_USER = "SYSTEM_KNOWLEDGE_CHAT_USER"

    MODEL = "MODEL"
@ -158,7 +161,6 @@ class Operate(Enum):
    SETTING = "READ+SETTING"  # 管理
    DOWNLOAD = "READ+DOWNLOAD"  # 下载

-
 class RoleGroup(Enum):
    # 系统用户
    SYSTEM_USER = "SYSTEM_USER"
@ -298,6 +300,7 @@ Permission_Label = {
    Group.KNOWLEDGE.value: _("Knowledge"),
    Group.KNOWLEDGE_DOCUMENT.value: _("Document"),
    Group.KNOWLEDGE_PROBLEM.value: _("Problem"),
+    Group.KNOWLEDGE_HIT_TEST.value: _("Hit-Test"),
    Operate.IMPORT.value: _("Import"),
    Operate.EXPORT.value: _("Export"),
    Operate.DEBUG.value: _("Debug"),
@ -340,6 +343,7 @@ Permission_Label = {
    Group.SYSTEM_KNOWLEDGE.value: _("Knowledge"),
    Group.SYSTEM_KNOWLEDGE_DOCUMENT.value: _("Document"),
    Group.SYSTEM_KNOWLEDGE_PROBLEM.value: _("Problem"),
+    Group.SYSTEM_KNOWLEDGE_HIT_TEST.value: _("Hit-test"),
    Group.SYSTEM_KNOWLEDGE_CHAT_USER.value: _("Dialogue users"),
    Group.SYSTEM_RES_TOOL.value: _("Tool"),
    Group.SYSTEM_RES_MODEL.value: _("Model"),
@ -579,7 +583,12 @@ class PermissionConstants(Enum):
        resource_permission_group_list=[ResourcePermissionConst.KNOWLEDGE_MANGE],
        parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE]
    )
-
+    KNOWLEDGE_HIT_TEST = Permission(
+        group=Group.KNOWLEDGE_HIT_TEST, operate=Operate.READ,
+        role_list=[RoleConstants.ADMIN, RoleConstants.USER],
+        resource_permission_group_list=[ResourcePermissionConst.KNOWLEDGE_VIEW],
+        parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE]
+    )
    KNOWLEDGE_PROBLEM_READ = Permission(
        group=Group.KNOWLEDGE_PROBLEM, operate=Operate.READ,
        role_list=[RoleConstants.ADMIN, RoleConstants.USER],
@ -1146,6 +1155,10 @@ class PermissionConstants(Enum):
        group=Group.SYSTEM_KNOWLEDGE_PROBLEM, operate=Operate.DELETE, role_list=[RoleConstants.ADMIN],
        parent_group=[SystemGroup.SHARED_KNOWLEDGE]
    )
+    SHARED_KNOWLEDGE_HIT_TEST = Permission(
+        group=Group.SYSTEM_KNOWLEDGE_HIT_TEST, operate=Operate.READ, role_list=[RoleConstants.ADMIN],
+        parent_group=[SystemGroup.SHARED_KNOWLEDGE]
+    )
    SHARED_KNOWLEDGE_CHAT_USER_READ = Permission(
        group=Group.SYSTEM_KNOWLEDGE_CHAT_USER, operate=Operate.READ, role_list=[RoleConstants.ADMIN],
        parent_group=[SystemGroup.SHARED_KNOWLEDGE]
--- a/apps/knowledge/views/knowledge.py
+++ b/apps/knowledge/views/knowledge.py
@ -196,8 +196,8 @@ class KnowledgeView(APIView):
            tags=[_('Knowledge Base')]  # type: ignore
        )
        @has_permissions(
-            PermissionConstants.KNOWLEDGE_EDIT.get_workspace_knowledge_permission(),
-            PermissionConstants.KNOWLEDGE_EDIT.get_workspace_permission_workspace_manage_role(),
+            PermissionConstants.KNOWLEDGE_HIT_TEST.get_workspace_knowledge_permission(),
+            PermissionConstants.KNOWLEDGE_HIT_TEST.get_workspace_permission_workspace_manage_role(),
            RoleConstants.WORKSPACE_MANAGE.get_workspace_role(),
            RoleConstants.USER.get_workspace_role()
        )
--- a/ui/src/router/modules/document.ts
+++ b/ui/src/router/modules/document.ts
@ -85,14 +85,28 @@ const DocumentRouter = {
        group: 'KnowledgeDetail',
        permission: [
          RoleConst.ADMIN,
-          RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
          () => {
            const to: any = get_next_route()
-            return PermissionConst.KNOWLEDGE_CHAT_USER_READ.getKnowledgeWorkspaceResourcePermission(
-              to ? to.params.id : '',
-            )
+            if (to.params.folderId == 'shared') {
+              return RoleConst.ADMIN
+            } else {
+              return RoleConst.WORKSPACE_MANAGE.getWorkspaceRole
+            }
+          },
+          () => {
+            const to: any = get_next_route()
+            if (to.params.folderId == 'shared') {
+              return PermissionConst.SHARED_KNOWLEDGE_CHAT_USER_READ
+            } else {
+              return PermissionConst.KNOWLEDGE_CHAT_USER_READ.getKnowledgeWorkspaceResourcePermission(to ? to.params.id : '',)
+            }
+          },
+          () => {
+            const to: any = get_next_route()
+            if (to.params.folder_id == 'shared') {
+              return RoleConst.ADMIN
+            } else { return PermissionConst.KNOWLEDGE_CHAT_USER_READ.getWorkspacePermissionWorkspaceManageRole }
          },
-          PermissionConst.KNOWLEDGE_CHAT_USER_READ.getWorkspacePermissionWorkspaceManageRole,
        ],
      },
      component: () => import('@/views/chat-user/index.vue'),
--- a/ui/src/router/modules/system.ts
+++ b/ui/src/router/modules/system.ts
@ -60,7 +60,7 @@ const systemRouter = {
          new ComplexPermission(
            [RoleConst.WORKSPACE_MANAGE, RoleConst.ADMIN],
            [PermissionConst.WORKSPACE_WORKSPACE_READ, PermissionConst.WORKSPACE_READ],
-            [EditionConst.IS_EE, EditionConst.IS_PE],
+            [EditionConst.IS_EE],
            'OR',
          ),
        ],
--- a/ui/src/views/chat-user/index.vue
+++ b/ui/src/views/chat-user/index.vue
@ -42,7 +42,7 @@
              </span>
            </div>
            <el-button type="primary" :disabled="current?.is_auth" @click="handleSave"
-              v-if="hasPermission(permissionObj[(route.meta?.resourceType as string)],'OR')"
+              v-if="hasPermission(permissionObj[route.path.includes('shared')?'SHAREDKNOWLEDGE':(route.meta?.resourceType as string)],'OR')"
            >
              {{ t('common.save') }}
            </el-button>
@ -57,7 +57,7 @@
                :placeholder="$t('common.inputPlaceholder')" style="width: 220px" clearable />
            </div>
            <div class="flex align-center"
-              v-if="hasPermission(permissionObj[(route.meta?.resourceType as string)],'OR')"
+              v-if="hasPermission(permissionObj[route.path.includes('shared')?'SHAREDKNOWLEDGE':(route.meta?.resourceType as string)],'OR')"
            >
              <div class="color-secondary mr-8">{{ $t('views.chatUser.autoAuthorization') }}</div>
              <el-switch size="small" :model-value="current?.is_auth" @click="changeAuth"
@ -108,6 +108,7 @@
 <script lang="ts" setup>
 import { onMounted, ref, watch, reactive, computed } from 'vue'
 import ChatUserApi from '@/api/chat-user/chat-user'
+import SharedChatUserApi from "@/api/system-shared/knowledge-chat-user"
 import { t } from '@/locales'
 import type { ChatUserGroupItem, ChatUserGroupUserItem } from '@/api/type/workspaceChatUser'
 import { useRoute } from 'vue-router'
@ -132,7 +133,7 @@ const permissionPrecise = computed(() => {
 const {
  params: { id },
 } = route as any
-
+ 
 const permissionObj=ref<any>({
  "APPLICATION": new ComplexPermission([RoleConst.ADMIN, RoleConst.WORKSPACE_MANAGE.getWorkspaceRole],
                [PermissionConst.APPLICATION_CHAT_USER_EDIT, 
@ -140,6 +141,7 @@ const permissionObj=ref<any>({
  "KNOWLEDGE": new ComplexPermission([RoleConst.ADMIN, RoleConst.WORKSPACE_MANAGE.getWorkspaceRole],
                [PermissionConst.KNOWLEDGE_CHAT_USER_EDIT, 
                PermissionConst.KNOWLEDGE_CHAT_USER_EDIT.getKnowledgeWorkspaceResourcePermission(id)],[],'OR'),
+  "SHAREDKNOWLEDGE": new ComplexPermission([RoleConst.ADMIN],[PermissionConst.SHARED_KNOWLEDGE_CHAT_USER_EDIT],[],'OR')
 })

 const resource = reactive({ resource_id: route.params.id as string, resource_type: route.meta.resourceType as string })
@ -149,10 +151,17 @@ const loading = ref(false)
 const list = ref<ChatUserGroupItem[]>([])
 const filterList = ref<ChatUserGroupItem[]>([]) // 搜索过滤后列表
 const current = ref<ChatUserGroupItem>()
+const chatUserAuthAPI=computed(()=>{
+  if(route.path.includes('shared')){
+    return SharedChatUserApi
+  }else{
+    return ChatUserApi
+  }
+})

 async function getUserGroupList() {
  try {
-    const res = await ChatUserApi.getUserGroupList(resource, loading)
+    const res = await chatUserAuthAPI.value.getUserGroupList(resource, loading)
    list.value = res.data
    filterList.value = filter(list.value, filterText.value)
  } catch (error) {
@ -185,7 +194,7 @@ function clickUserGroup(item: ChatUserGroupItem) {
 async function changeAuth() {
  const params = [{ user_group_id: current.value?.id as string, is_auth: !current.value?.is_auth }]
  try {
-    await ChatUserApi.editUserGroupList(resource, params, loading)
+    await chatUserAuthAPI.value.editUserGroupList(resource, params, loading)
    await getUserGroupList()
    current.value = { name: current.value?.name as string, id: current.value?.id as string, is_auth: !current.value?.is_auth }
    getList()
@ -211,7 +220,7 @@ const tableData = ref<ChatUserGroupUserItem[]>([])
 async function getList() {
  if (!current.value?.id) return
  try {
-    const res = await ChatUserApi.getUserGroupUserList(resource, current.value?.id, paginationConfig, searchForm.value.name, rightLoading)
+    const res = await chatUserAuthAPI.value.getUserGroupUserList(resource, current.value?.id, paginationConfig, searchForm.value.name, rightLoading)
    tableData.value = res.data.records
    paginationConfig.total = res.data.total
  } catch (error) {
@ -249,7 +258,7 @@ const handleRowChange = (value: boolean, row: ChatUserGroupUserItem) => {
 async function handleSave() {
  try {
    const params = tableData.value.map(item => ({ chat_user_id: item.id, is_auth: item.is_auth }))
-    await ChatUserApi.putUserGroupUser(resource, current.value?.id as string, params, rightLoading)
+    await chatUserAuthAPI.value.putUserGroupUser(resource, current.value?.id as string, params, rightLoading)
    MsgSuccess(t('common.saveSuccess'))
  } catch (error) {
    console.error(error)
--- a/ui/src/views/tool/ToolFormDrawer.vue
+++ b/ui/src/views/tool/ToolFormDrawer.vue
@ -231,7 +231,7 @@
    <template #footer>
      <div>
        <el-button :loading="loading" @click="visible = false">{{ $t('common.cancel') }}</el-button>
-        <el-button :loading="loading" @click="openDebug" v-if="permissionPrecise.debug(id)">{{
+        <el-button :loading="loading" @click="openDebug" v-if="permissionPrecise.debug(form?.id||'or')">{{
          $t('common.debug')
        }}</el-button>
        <el-button type="primary" @click="submit(FormRef)" :loading="loading">
@ -265,9 +265,6 @@ import permissionMap from '@/permission'
 import { loadSharedApi } from '@/utils/dynamics-api/shared-api'

 const route = useRoute()
-const {
-  params: { id, folderId }, // id为knowledgeID
-} = route as any

 const props = defineProps({
  title: String,