From 9ea37a479900180cac7ff7c77f7a8828edc6bcd8 Mon Sep 17 00:00:00 2001 From: zhangzhanwei Date: Thu, 14 Aug 2025 16:08:36 +0800 Subject: [PATCH 1/2] feat:Multiple permission filtering function --- .../api/user_resource_permission.py | 4 + .../serializers/user_resource_permission.py | 73 ++++++++++++------- ...t_application_user_resource_permission.sql | 2 +- ...get_knowledge_user_resource_permission.sql | 2 +- .../get_model_user_resource_permission.sql | 2 +- .../get_resource_user_permission_detail.sql | 2 +- .../sql/get_tool_user_resource_permission.sql | 2 +- .../views/user_resource_permission.py | 8 +- 8 files changed, 60 insertions(+), 35 deletions(-) diff --git a/apps/system_manage/api/user_resource_permission.py b/apps/system_manage/api/user_resource_permission.py index c67b897bb..52a1784bd 100644 --- a/apps/system_manage/api/user_resource_permission.py +++ b/apps/system_manage/api/user_resource_permission.py @@ -66,6 +66,7 @@ class UserResourcePermissionAPI(APIMixin): description="权限", type=OpenApiTypes.STR, location='query', + many=True, required=False ), ] @@ -167,6 +168,7 @@ class ResourceUserPermissionAPI(APIMixin): description="权限", type=OpenApiTypes.STR, location='query', + many=True, required=False ), ] @@ -226,6 +228,7 @@ class UserResourcePermissionPageAPI(APIMixin): description="权限", type=OpenApiTypes.STR, location='query', + many=True, required=False ), ] @@ -298,6 +301,7 @@ class ResourceUserPermissionPageAPI(APIMixin): description="权限", type=OpenApiTypes.STR, location='query', + many=True, required=False ), ] diff --git a/apps/system_manage/serializers/user_resource_permission.py b/apps/system_manage/serializers/user_resource_permission.py index 3b9b1d396..9bedc433a 100644 --- a/apps/system_manage/serializers/user_resource_permission.py +++ b/apps/system_manage/serializers/user_resource_permission.py @@ -11,7 +11,7 @@ import os from django.core.cache import cache from django.db import models -from django.db.models import QuerySet +from django.db.models import QuerySet, Q from django.utils.translation import gettext_lazy as _ from rest_framework import serializers @@ -24,14 +24,12 @@ from common.db.search import native_search, native_page_search, get_dynamics_mod from common.db.sql_execute import select_list from common.exception.app_exception import AppApiException from common.utils.common import get_file_content -from common.utils.split_model import group_by from knowledge.models import Knowledge from maxkb.conf import PROJECT_DIR from maxkb.settings import edition from models_provider.models import Model -from system_manage.models import WorkspaceUserResourcePermission, AuthTargetType +from system_manage.models import WorkspaceUserResourcePermission from tools.models import Tool -from users.models import User from users.serializers.user import is_workspace_manage @@ -94,11 +92,14 @@ sql_map = { 'APPLICATION': 'get_application_user_resource_permission.sql' } + class UserResourcePermissionUserListRequest(serializers.Serializer): name = serializers.CharField(required=False, allow_null=True, allow_blank=True, label=_('resource name')) - permission = serializers.ChoiceField(required=False, allow_null=True, allow_blank=True,choices=['NOT_AUTH', 'MANAGE', 'VIEW', 'ROLE'], + permission = serializers.MultipleChoiceField(required=False, allow_null=True, allow_blank=True, + choices=['NOT_AUTH', 'MANAGE', 'VIEW', 'ROLE'], label=_('permission')) + class UserResourcePermissionSerializer(serializers.Serializer): workspace_id = serializers.CharField(required=True, label=_('workspace id')) user_id = serializers.CharField(required=True, label=_('user id')) @@ -112,13 +113,20 @@ class UserResourcePermissionSerializer(serializers.Serializer): })) name = instance.get('name') permission = instance.get('permission') + query_p_list = [None if p == "NOT_AUTH" else p for p in permission] if name: resource_query_set = resource_query_set.filter(name__contains=name) if permission: - resource_query_set = resource_query_set.filter( - permission=None if instance.get('permission') == 'NOT_AUTH' else instance.get('permission')) - + if all([p is None for p in query_p_list]): + resource_query_set = resource_query_set.filter(permission=None) + else: + if any([p is None for p in query_p_list]): + resource_query_set = resource_query_set.filter( + Q(permission__in=query_p_list) | Q(permission=None)) + else: + resource_query_set = resource_query_set.filter( + permission__in=query_p_list) return { 'query_set': QuerySet(m_map.get(self.data.get('auth_target_type'))).filter( workspace_id=self.data.get('workspace_id')), @@ -218,35 +226,37 @@ class UserResourcePermissionSerializer(serializers.Serializer): os.path.join(PROJECT_DIR, "apps", "system_manage", 'sql', sql_map.get(self.data.get('auth_target_type'))))) return [{**user_resource_permission} - for user_resource_permission in user_resource_permission_list] + for user_resource_permission in user_resource_permission_list] - - def page(self, instance, current_page: int, page_size: int,user, with_valid=True): + def page(self, instance, current_page: int, page_size: int, user, with_valid=True): if with_valid: self.is_valid(raise_exception=True) UserResourcePermissionUserListRequest(data=instance).is_valid(raise_exception=True) workspace_id = self.data.get("workspace_id") user_id = self.data.get("user_id") # 用户对应的资源权限分页列表 - user_resource_permission_page_list = native_page_search(current_page,page_size,self.get_queryset(instance),get_file_content( - os.path.join(PROJECT_DIR, "apps", "system_manage", 'sql', sql_map.get(self.data.get('auth_target_type'))) - )) + user_resource_permission_page_list = native_page_search(current_page, page_size, self.get_queryset(instance), + get_file_content( + os.path.join(PROJECT_DIR, "apps", "system_manage", + 'sql', sql_map.get( + self.data.get('auth_target_type'))) + )) return user_resource_permission_page_list - def edit(self, instance, user, with_valid=True): if with_valid: self.is_valid(raise_exception=True) - UpdateUserResourcePermissionRequest(data={'user_resource_permission_list':instance}).is_valid(raise_exception=True, - auth_target_type=self.data.get( - 'auth_target_type'), - workspace_id=self.data.get('workspace_id')) + UpdateUserResourcePermissionRequest(data={'user_resource_permission_list': instance}).is_valid( + raise_exception=True, + auth_target_type=self.data.get( + 'auth_target_type'), + workspace_id=self.data.get('workspace_id')) workspace_id = self.data.get("workspace_id") user_id = self.data.get("user_id") update_list = [] save_list = [] - targets = [ item['target_id'] for item in instance ] + targets = [item['target_id'] for item in instance] QuerySet(WorkspaceUserResourcePermission).filter( workspace_id=workspace_id, user_id=user_id, @@ -286,14 +296,15 @@ class UserResourcePermissionSerializer(serializers.Serializer): class ResourceUserPermissionUserListRequest(serializers.Serializer): nick_name = serializers.CharField(required=False, allow_null=True, allow_blank=True, label=_('workspace id')) username = serializers.CharField(required=False, allow_null=True, allow_blank=True, label=_('workspace id')) - permission = serializers.ChoiceField(required=False, allow_null=True, allow_blank=True, choices=['NOT_AUTH', 'MANAGE', 'VIEW', 'ROLE'], - label=_('permission')) + permission = serializers.MultipleChoiceField(required=False, allow_null=True, allow_blank=True, + choices=['NOT_AUTH', 'MANAGE', 'VIEW', 'ROLE'], + label=_('permission')) class ResourceUserPermissionEditRequest(serializers.Serializer): user_id = serializers.CharField(required=True, label=_('workspace id')) permission = serializers.ChoiceField(required=True, choices=['NOT_AUTH', 'MANAGE', 'VIEW', 'ROLE'], - label=_('permission')) + label=_('permission')) permission_map = { @@ -315,11 +326,13 @@ class ResourceUserPermissionSerializer(serializers.Serializer): user_query_set = QuerySet(model=get_dynamics_model({ 'nick_name': models.CharField(), 'username': models.CharField(), - "permission": models.CharField(), + "permission": models.CharField() })) nick_name = instance.get('nick_name') username = instance.get('username') permission = instance.get('permission') + query_p_list = [None if p == "NOT_AUTH" else p for p in permission] + workspace_user_resource_permission_query_set = QuerySet(WorkspaceUserResourcePermission).filter( workspace_id=self.data.get('workspace_id'), auth_target_type=self.data.get('auth_target_type'), @@ -329,8 +342,16 @@ class ResourceUserPermissionSerializer(serializers.Serializer): if username: user_query_set = user_query_set.filter(username__contains=username) if permission: - user_query_set = user_query_set.filter( - permission=None if instance.get('permission') == 'NOT_AUTH' else instance.get('permission')) + if all([p is None for p in query_p_list]): + user_query_set = user_query_set.filter( + permission=None) + else: + if any([p is None for p in query_p_list]): + user_query_set = user_query_set.filter( + Q(permission__in=query_p_list) | Q(permission=None)) + else: + user_query_set = user_query_set.filter( + permission__in=query_p_list) return { 'workspace_user_resource_permission_query_set': workspace_user_resource_permission_query_set, diff --git a/apps/system_manage/sql/get_application_user_resource_permission.sql b/apps/system_manage/sql/get_application_user_resource_permission.sql index d9e165157..688b1b1ab 100644 --- a/apps/system_manage/sql/get_application_user_resource_permission.sql +++ b/apps/system_manage/sql/get_application_user_resource_permission.sql @@ -28,7 +28,7 @@ LEFT JOIN ( AND 'MANAGE' = ANY(permission_list) THEN 'MANAGE' WHEN auth_type = 'RESOURCE_PERMISSION_GROUP' AND 'VIEW' = ANY(permission_list) THEN 'VIEW' - ELSE 'NOT_AUTH' + ELSE null END AS permission FROM workspace_user_resource_permission diff --git a/apps/system_manage/sql/get_knowledge_user_resource_permission.sql b/apps/system_manage/sql/get_knowledge_user_resource_permission.sql index a562f6d62..3a637aa5b 100644 --- a/apps/system_manage/sql/get_knowledge_user_resource_permission.sql +++ b/apps/system_manage/sql/get_knowledge_user_resource_permission.sql @@ -28,7 +28,7 @@ LEFT JOIN ( AND 'MANAGE' = ANY(permission_list) THEN 'MANAGE' WHEN auth_type = 'RESOURCE_PERMISSION_GROUP' AND 'VIEW' = ANY(permission_list) THEN 'VIEW' - ELSE 'NOT_AUTH' + ELSE null END AS permission FROM workspace_user_resource_permission diff --git a/apps/system_manage/sql/get_model_user_resource_permission.sql b/apps/system_manage/sql/get_model_user_resource_permission.sql index dda9030fa..772e688d9 100644 --- a/apps/system_manage/sql/get_model_user_resource_permission.sql +++ b/apps/system_manage/sql/get_model_user_resource_permission.sql @@ -28,7 +28,7 @@ LEFT JOIN ( AND 'MANAGE' = ANY(permission_list) THEN 'MANAGE' WHEN auth_type = 'RESOURCE_PERMISSION_GROUP' AND 'VIEW' = ANY(permission_list) THEN 'VIEW' - ELSE 'NOT_AUTH' + ELSE null END AS permission FROM workspace_user_resource_permission diff --git a/apps/system_manage/sql/get_resource_user_permission_detail.sql b/apps/system_manage/sql/get_resource_user_permission_detail.sql index e07cee520..ce36dbbb2 100644 --- a/apps/system_manage/sql/get_resource_user_permission_detail.sql +++ b/apps/system_manage/sql/get_resource_user_permission_detail.sql @@ -19,7 +19,7 @@ LEFT JOIN ( and 'MANAGE'= any(permission_list) then 'MANAGE' when auth_type = 'RESOURCE_PERMISSION_GROUP' and 'VIEW' = any( permission_list) then 'VIEW' - else 'NOT_AUTH' + else null end) as "permission" FROM workspace_user_resource_permission diff --git a/apps/system_manage/sql/get_tool_user_resource_permission.sql b/apps/system_manage/sql/get_tool_user_resource_permission.sql index 6900840b9..cf2f04798 100644 --- a/apps/system_manage/sql/get_tool_user_resource_permission.sql +++ b/apps/system_manage/sql/get_tool_user_resource_permission.sql @@ -28,7 +28,7 @@ LEFT JOIN ( AND 'MANAGE' = ANY(permission_list) THEN 'MANAGE' WHEN auth_type = 'RESOURCE_PERMISSION_GROUP' AND 'VIEW' = ANY(permission_list) THEN 'VIEW' - ELSE 'NOT_AUTH' + ELSE null END AS permission FROM workspace_user_resource_permission diff --git a/apps/system_manage/views/user_resource_permission.py b/apps/system_manage/views/user_resource_permission.py index 898fb7bde..a1af437d3 100644 --- a/apps/system_manage/views/user_resource_permission.py +++ b/apps/system_manage/views/user_resource_permission.py @@ -53,7 +53,7 @@ class WorkSpaceUserResourcePermissionView(APIView): return result.success(UserResourcePermissionSerializer( data={'workspace_id': workspace_id, 'user_id': user_id, 'auth_target_type': resource} ).list({'name': request.query_params.get('name'), - 'permission': request.query_params.get('permission')}, request.user)) + 'permission': request.query_params.getlist('permission')}, request.user)) @extend_schema( methods=['PUT'], @@ -94,7 +94,7 @@ class WorkSpaceUserResourcePermissionView(APIView): return result.success(UserResourcePermissionSerializer( data={'workspace_id': workspace_id, 'user_id': user_id, 'auth_target_type': resource} ).page({'name': request.query_params.get('name'), - 'permission': request.query_params.get('permission')}, current_page, page_size, request.user)) + 'permission': request.query_params.getlist('permission')}, current_page, page_size, request.user)) class WorkspaceResourceUserPermissionView(APIView): @@ -114,7 +114,7 @@ class WorkspaceResourceUserPermissionView(APIView): data={'workspace_id': workspace_id, "target": target, 'auth_target_type': resource, }).list( {'username': request.query_params.get("username"), 'nick_name': request.query_params.get("nick_name"), - 'permission': request.query_params.get("permission") + 'permission': request.query_params.getlist("permission") })) @extend_schema( @@ -150,5 +150,5 @@ class WorkspaceResourceUserPermissionView(APIView): data={'workspace_id': workspace_id, "target": target, 'auth_target_type': resource, } ).page({'username': request.query_params.get("username"), 'nick_name': request.query_params.get("nick_name"), - 'permission': request.query_params.get("permission")}, current_page, page_size, + 'permission': request.query_params.getlist("permission")}, current_page, page_size, )) From e76b0a7d71f64f66e9151fba53fb9784c99688ce Mon Sep 17 00:00:00 2001 From: CaptainB Date: Thu, 14 Aug 2025 16:15:32 +0800 Subject: [PATCH 2/2] fix: update torch dependency to support platform-specific installation --- pyproject.toml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index c07bd3c2e..40e23404a 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -37,7 +37,10 @@ langchain-mcp-adapters = "0.1.9" langchain-huggingface = "0.3.0" langchain-ollama = "0.3.4" langgraph = "0.5.3" -torch = {version = "2.8.0+cpu", source = "pytorch"} +torch = [ + { version = "2.8.0+cpu", markers = "sys_platform == 'linux'", source = "pytorch" }, + { url = "https://download.pytorch.org/whl/cpu/torch-2.8.0-cp311-none-macosx_11_0_arm64.whl", markers = "sys_platform == 'darwin'" } +] sentence-transformers = "5.0.0" # 云服务SDK