From b71a854d7cd7ffd93968c964fc284ea84c00b797 Mon Sep 17 00:00:00 2001 From: zhanweizhang7 Date: Wed, 2 Jul 2025 11:35:14 +0800 Subject: [PATCH] feat: Shared knowledge access permission (#3450) --- apps/common/constants/permission_constants.py | 6 -- ui/src/api/application/application-key.ts | 8 +- ui/src/router/modules/document.ts | 94 ++++++++++++++----- ui/src/utils/permission/data.ts | 3 + ui/src/views/application/index.vue | 4 +- 5 files changed, 78 insertions(+), 37 deletions(-) diff --git a/apps/common/constants/permission_constants.py b/apps/common/constants/permission_constants.py index 9558cfc59..278b17a8b 100644 --- a/apps/common/constants/permission_constants.py +++ b/apps/common/constants/permission_constants.py @@ -754,12 +754,6 @@ class PermissionConstants(Enum): parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION], resource_permission_group_list=[ResourcePermissionConst.APPLICATION_VIEW], ) - APPLICATION_TO_CHAT = Permission(group=Group.APPLICATION, operate=Operate.TO_CHAT, - role_list=[RoleConstants.ADMIN, RoleConstants.USER], - parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION], - resource_permission_group_list=[ResourcePermissionConst.APPLICATION_MANGE], - label=_('Chat') - ) APPLICATION_DEBUG = Permission(group=Group.APPLICATION, operate=Operate.DEBUG, role_list=[RoleConstants.ADMIN, RoleConstants.USER], parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION], diff --git a/ui/src/api/application/application-key.ts b/ui/src/api/application/application-key.ts index a0cd5d1e8..74cffbe93 100644 --- a/ui/src/api/application/application-key.ts +++ b/ui/src/api/application/application-key.ts @@ -18,7 +18,7 @@ const getAPIKey: (application_id: string, loading?: Ref) => Promise { - return get(`${prefix.value}/${application_id}/application`, undefined, loading) + return get(`${prefix.value}/${application_id}/application_key`, undefined, loading) } /** @@ -29,7 +29,7 @@ const postAPIKey: (application_id: string, loading?: Ref) => Promise { - return post(`${prefix.value}/${application_id}/application`, {}, undefined, loading) + return post(`${prefix.value}/${application_id}/application_key`, {}, undefined, loading) } /** @@ -42,7 +42,7 @@ const delAPIKey: ( loading?: Ref, ) => Promise> = (application_id, api_key_id, loading) => { return del( - `${prefix.value}/${application_id}/application/${api_key_id}`, + `${prefix.value}/${application_id}/application_key/${api_key_id}`, undefined, undefined, loading, @@ -63,7 +63,7 @@ const putAPIKey: ( loading?: Ref, ) => Promise> = (application_id, api_key_id, data, loading) => { return put( - `${prefix.value}/${application_id}/application/${api_key_id}`, + `${prefix.value}/${application_id}/application_key/${api_key_id}`, data, undefined, loading, diff --git a/ui/src/router/modules/document.ts b/ui/src/router/modules/document.ts index 0ccb096ae..28a7be9eb 100644 --- a/ui/src/router/modules/document.ts +++ b/ui/src/router/modules/document.ts @@ -1,6 +1,7 @@ import { SourceTypeEnum } from '@/enums/common' import { get_next_route } from '@/utils/permission' -import { PermissionConst, RoleConst } from '@/utils/permission/data' +import { EditionConst, PermissionConst, RoleConst } from '@/utils/permission/data' +import { ComplexPermission } from '@/utils/permission/type' const DocumentRouter = { path: '/knowledge/:id/:folderId', name: 'KnowledgeDetail', @@ -21,14 +22,30 @@ const DocumentRouter = { group: 'KnowledgeDetail', permission: [ RoleConst.ADMIN, - RoleConst.WORKSPACE_MANAGE.getWorkspaceRole, () => { const to: any = get_next_route() - return PermissionConst.KNOWLEDGE_DOCUMENT_READ.getKnowledgeWorkspaceResourcePermission( - to ? to.params.id : '', - ) + if (to.params.folder_id == 'shared') { + return RoleConst.ADMIN + }else { + return RoleConst.WORKSPACE_MANAGE.getWorkspaceRole + } }, - PermissionConst.KNOWLEDGE_READ.getWorkspacePermissionWorkspaceManageRole, + () => { + const to: any = get_next_route() + + if (to.params.folderId == 'shared') { + + return PermissionConst.SHARED_KNOWLEDGE_DOCUMENT_READ } else { + return PermissionConst.KNOWLEDGE_DOCUMENT_READ.getKnowledgeWorkspaceResourcePermission( + to ? to.params.id : '', + )} + }, + () => { + const to: any = get_next_route() + if (to.params.folderId == 'shared'){ return RoleConst.ADMIN } else { + return PermissionConst.KNOWLEDGE_DOCUMENT_READ.getWorkspacePermissionWorkspaceManageRole + } + } ], }, component: () => import('@/views/document/index.vue'), @@ -46,14 +63,20 @@ const DocumentRouter = { group: 'KnowledgeDetail', permission: [ RoleConst.ADMIN, - RoleConst.WORKSPACE_MANAGE.getWorkspaceRole, () => { const to: any = get_next_route() - return PermissionConst.KNOWLEDGE_PROBLEM_READ.getKnowledgeWorkspaceResourcePermission( - to ? to.params.id : '', - ) + if (to.params.folderId == 'shared') { return RoleConst.ADMIN } else { return RoleConst.WORKSPACE_MANAGE.getWorkspaceRole } + }, + () => { + const to: any = get_next_route() + if (to.params.folderId == 'shared') { return PermissionConst.SHARED_KNOWLEDGE_PROBLEM_READ } else { return PermissionConst.KNOWLEDGE_PROBLEM_READ.getKnowledgeWorkspaceResourcePermission( + to ? to.params.id : '', + ) } + }, + () => { + const to: any = get_next_route() + if (to.params.folderId == 'shared') { return RoleConst.ADMIN } else { return PermissionConst.KNOWLEDGE_PROBLEM_READ.getWorkspacePermissionWorkspaceManageRole } }, - PermissionConst.KNOWLEDGE_PROBLEM_READ.getWorkspacePermissionWorkspaceManageRole, ], }, component: () => import('@/views/problem/index.vue'), @@ -68,6 +91,23 @@ const DocumentRouter = { parentPath: '/knowledge/:id/:folderId', parentName: 'KnowledgeDetail', group: 'KnowledgeDetail', + permission: [ + RoleConst.ADMIN, + () => { + const to: any = get_next_route() + if (to.params.folderId == 'shared') { return RoleConst.ADMIN } else { return RoleConst.WORKSPACE_MANAGE.getWorkspaceRole } + }, + () => { + const to: any = get_next_route() + if (to.params.folderId == 'shared') { return PermissionConst.SHARED_KNOWLEDGE_HIT_TEST_READ } else { return PermissionConst.KNOWLEDGE_HIT_TEST_READ.getKnowledgeWorkspaceResourcePermission( + to ? to.params.id : '', + ) } + }, + () => { + const to: any = get_next_route() + if (to.params.folderId == 'shared') { return RoleConst.ADMIN } else { return PermissionConst.KNOWLEDGE_HIT_TEST_READ.getWorkspacePermissionWorkspaceManageRole } + }, + ], }, component: () => import('@/views/hit-test/index.vue'), }, @@ -83,16 +123,15 @@ const DocumentRouter = { parentName: 'KnowledgeDetail', resourceType: SourceTypeEnum.KNOWLEDGE, group: 'KnowledgeDetail', - permission: [ - RoleConst.ADMIN, + permission: new ComplexPermission([ RoleConst.ADMIN, () => { const to: any = get_next_route() if (to.params.folderId == 'shared') { return RoleConst.ADMIN } else { - return RoleConst.WORKSPACE_MANAGE.getWorkspaceRole + return RoleConst.WORKSPACE_MANAGE.getWorkspaceRole() } - }, + },],[ () => { const to: any = get_next_route() if (to.params.folderId == 'shared') { @@ -106,13 +145,10 @@ const DocumentRouter = { () => { const to: any = get_next_route() if (to.params.folder_id == 'shared') { - return RoleConst.ADMIN - } else { - return PermissionConst.KNOWLEDGE_CHAT_USER_READ - .getWorkspacePermissionWorkspaceManageRole - } + return PermissionConst.SHARED_KNOWLEDGE_CHAT_USER_READ + } else { return PermissionConst.KNOWLEDGE_CHAT_USER_READ.getWorkspacePermissionWorkspaceManageRole() } }, - ], + ],[EditionConst.IS_EE,EditionConst.IS_PE],'OR'), }, component: () => import('@/views/chat-user/index.vue'), }, @@ -129,14 +165,20 @@ const DocumentRouter = { group: 'KnowledgeDetail', permission: [ RoleConst.ADMIN, - RoleConst.WORKSPACE_MANAGE.getWorkspaceRole, () => { const to: any = get_next_route() - return PermissionConst.KNOWLEDGE_EDIT.getKnowledgeWorkspaceResourcePermission( - to ? to.params.id : '', - ) + if (to.params.folderId == 'shared') { return RoleConst.ADMIN } else { return RoleConst.WORKSPACE_MANAGE.getWorkspaceRole } + }, + () => { + const to: any = get_next_route() + if (to.params.folderId == 'shared') { return PermissionConst.SHARED_KNOWLEDGE_EDIT } else { return PermissionConst.KNOWLEDGE_EDIT.getKnowledgeWorkspaceResourcePermission( + to ? to.params.id : '', + ) } + }, + () => { + const to: any = get_next_route() + if (to.params.folderId == 'shared') { return RoleConst.ADMIN } else { return PermissionConst.KNOWLEDGE_EDIT.getWorkspacePermissionWorkspaceManageRole } }, - PermissionConst.KNOWLEDGE_EDIT.getWorkspacePermissionWorkspaceManageRole, ], }, component: () => import('@/views/knowledge/KnowledgeSetting.vue'), diff --git a/ui/src/utils/permission/data.ts b/ui/src/utils/permission/data.ts index 2a8c9c1c6..b0f8b9a40 100644 --- a/ui/src/utils/permission/data.ts +++ b/ui/src/utils/permission/data.ts @@ -190,6 +190,9 @@ const PermissionConst = { SHARED_KNOWLEDGE_PROBLEM_EDIT: new Permission('SYSTEM_KNOWLEDGE_PROBLEM:READ+EDIT'), SHARED_KNOWLEDGE_PROBLEM_DELETE: new Permission('SYSTEM_KNOWLEDGE_PROBLEM:READ+DELETE'), + SHARED_KNOWLEDGE_HIT_TEST_READ: new Permission('SYSTEM_KNOWLEDGE_HIT_TEST:READ'), + KNOWLEDGE_HIT_TEST_READ: new Permission('KNOWLEDGE_HIT_TEST:READ'), + SHARED_KNOWLEDGE_CHAT_USER_READ: new Permission('SYSTEM_KNOWLEDGE_CHAT_USER:READ'), SHARED_KNOWLEDGE_CHAT_USER_EDIT: new Permission('SYSTEM_KNOWLEDGE_CHAT_USER:READ+EDIT'), diff --git a/ui/src/views/application/index.vue b/ui/src/views/application/index.vue index e5cb33986..d1644ba9a 100644 --- a/ui/src/views/application/index.vue +++ b/ui/src/views/application/index.vue @@ -222,7 +222,9 @@