From b82e12ac2e00931ac0d0c4212b21bb30ef1fbbc4 Mon Sep 17 00:00:00 2001 From: zhangzhanwei Date: Tue, 11 Nov 2025 16:15:16 +0800 Subject: [PATCH] feat: Knowledge workflow permission --- apps/common/constants/permission_constants.py | 32 ++++++++ ui/src/router/modules/document.ts | 78 ++++++++++++++++++- ui/src/utils/permission/data.ts | 10 +++ 3 files changed, 118 insertions(+), 2 deletions(-) diff --git a/apps/common/constants/permission_constants.py b/apps/common/constants/permission_constants.py index 67cb272a1..58448a6a5 100644 --- a/apps/common/constants/permission_constants.py +++ b/apps/common/constants/permission_constants.py @@ -39,9 +39,12 @@ class Group(Enum): SYSTEM_RES_KNOWLEDGE = "SYSTEM_RESOURCE_KNOWLEDGE" KNOWLEDGE_HIT_TEST = "KNOWLEDGE_HIT_TEST" KNOWLEDGE_DOCUMENT = "KNOWLEDGE_DOCUMENT" + KNOWLEDGE_WORKFLOW = "KNOWLEDGE_WORKFLOW" KNOWLEDGE_TAG = "KNOWLEDGE_TAG" SYSTEM_KNOWLEDGE_DOCUMENT = "SYSTEM_KNOWLEDGE_DOCUMENT" + SYSTEM_KNOWLEDGE_WORKFLOW = "SYSTEM_KNOWLEDGE_WORKFLOW" SYSTEM_RES_KNOWLEDGE_DOCUMENT = "SYSTEM_RESOURCE_KNOWLEDGE_DOCUMENT" + SYSTEM_RES_KNOWLEDGE_WORKFLOW = "SYSTEM_RESOURCE_KNOWLEDGE_WORKFLOW" SYSTEM_RES_KNOWLEDGE_TAG = "SYSTEM_RES_KNOWLEDGE_TAG" SYSTEM_KNOWLEDGE_TAG = "SYSTEM_KNOWLEDGE_TAG" @@ -328,6 +331,7 @@ Permission_Label = { Group.APPLICATION.value: _("Application"), Group.KNOWLEDGE.value: _("Knowledge"), Group.KNOWLEDGE_DOCUMENT.value: _("Document"), + Group.KNOWLEDGE_WORKFLOW.value: _("Workflow"), Group.KNOWLEDGE_TAG.value: _("Tag"), Group.KNOWLEDGE_PROBLEM.value: _("Problem"), Group.KNOWLEDGE_HIT_TEST.value: _("Hit-Test"), @@ -375,6 +379,7 @@ Permission_Label = { Group.SYSTEM_MODEL.value: _("Model"), Group.SYSTEM_KNOWLEDGE.value: _("Knowledge"), Group.SYSTEM_KNOWLEDGE_DOCUMENT.value: _("Document"), + Group.SYSTEM_KNOWLEDGE_WORKFLOW.value: _("Workflow"), Group.SYSTEM_KNOWLEDGE_TAG.value: _("Tag"), Group.SYSTEM_KNOWLEDGE_PROBLEM.value: _("Problem"), Group.SYSTEM_KNOWLEDGE_HIT_TEST.value: _("Hit-Test"), @@ -383,6 +388,7 @@ Permission_Label = { Group.SYSTEM_RES_MODEL.value: _("Model"), Group.SYSTEM_RES_KNOWLEDGE.value: _("Knowledge"), Group.SYSTEM_RES_KNOWLEDGE_DOCUMENT.value: _("Document"), + Group.SYSTEM_RES_KNOWLEDGE_WORKFLOW.value: _("Workflow"), Group.SYSTEM_RES_KNOWLEDGE_TAG.value: _("Tag"), Group.SYSTEM_RES_KNOWLEDGE_PROBLEM.value: _("Problem"), Group.SYSTEM_RES_KNOWLEDGE_HIT_TEST.value: _("Hit-Test"), @@ -616,6 +622,16 @@ class PermissionConstants(Enum): resource_permission_group_list=[ResourcePermissionConst.KNOWLEDGE_MANGE], parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE] ) + KNOWLEDGE_WORKFLOW_READ = Permission( + group=Group.KNOWLEDGE_WORKFLOW, operate=Operate.READ, role_list=[RoleConstants.ADMIN, RoleConstants.USER], + resource_permission_group_list=[ResourcePermissionConst.KNOWLEDGE_VIEW], + parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE] + ) + KNOWLEDGE_WORKFLOW_EDIT = Permission( + group=Group.KNOWLEDGE_WORKFLOW, operate=Operate.EDIT, role_list=[RoleConstants.ADMIN, RoleConstants.USER], + resource_permission_group_list=[ResourcePermissionConst.KNOWLEDGE_MANGE], + parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE] + ) KNOWLEDGE_DOCUMENT_READ = Permission( group=Group.KNOWLEDGE_DOCUMENT, operate=Operate.READ, role_list=[RoleConstants.ADMIN, RoleConstants.USER], @@ -1209,6 +1225,14 @@ class PermissionConstants(Enum): group=Group.SYSTEM_KNOWLEDGE, operate=Operate.DELETE, role_list=[RoleConstants.ADMIN], parent_group=[SystemGroup.SHARED_KNOWLEDGE], is_ee=settings.edition == "EE" ) + SHARED_KNOWLEDGE_WORKFLOW_READ = Permission( + group=Group.SYSTEM_KNOWLEDGE_WORKFLOW, operate=Operate.READ, role_list=[RoleConstants.ADMIN], + parent_group=[SystemGroup.SHARED_KNOWLEDGE], is_ee=settings.edition == "EE" + ) + SHARED_KNOWLEDGE_WORKFLOW_EDIT = Permission( + group=Group.SYSTEM_KNOWLEDGE_WORKFLOW, operate=Operate.EDIT, role_list=[RoleConstants.ADMIN], + parent_group=[SystemGroup.SHARED_KNOWLEDGE], is_ee=settings.edition == "EE" + ) SHARED_KNOWLEDGE_DOCUMENT_READ = Permission( group=Group.SYSTEM_KNOWLEDGE_DOCUMENT, operate=Operate.READ, role_list=[RoleConstants.ADMIN], parent_group=[SystemGroup.SHARED_KNOWLEDGE], is_ee=settings.edition == "EE" @@ -1437,6 +1461,14 @@ class PermissionConstants(Enum): parent_group=[SystemGroup.RESOURCE_KNOWLEDGE], is_ee=settings.edition == "EE" ) # 文档 + RESOURCE_KNOWLEDGE_WORKFLOW_READ = Permission( + group=Group.SYSTEM_RES_KNOWLEDGE_WORKFLOW, operate=Operate.READ, role_list=[RoleConstants.ADMIN], + parent_group=[SystemGroup.RESOURCE_KNOWLEDGE], is_ee=settings.edition == "EE" + ) + RESOURCE_KNOWLEDGE_WORKFLOW_EDIT = Permission( + group=Group.SYSTEM_RES_KNOWLEDGE_WORKFLOW, operate=Operate.READ, role_list=[RoleConstants.ADMIN], + parent_group=[SystemGroup.RESOURCE_KNOWLEDGE], is_ee=settings.edition == "EE" + ) RESOURCE_KNOWLEDGE_DOCUMENT_READ = Permission( group=Group.SYSTEM_RES_KNOWLEDGE_DOCUMENT, operate=Operate.READ, role_list=[RoleConstants.ADMIN], parent_group=[SystemGroup.RESOURCE_KNOWLEDGE], is_ee=settings.edition == "EE" diff --git a/ui/src/router/modules/document.ts b/ui/src/router/modules/document.ts index 7778d9c5c..40d2a146b 100644 --- a/ui/src/router/modules/document.ts +++ b/ui/src/router/modules/document.ts @@ -112,11 +112,85 @@ const DocumentRouter = { permission: [ () => { const to: any = get_next_route() - if (to.params.type === '4') { + if (to.params.folderId == 'shared') { + return RoleConst.ADMIN + } else if (to.params.folderId == 'resource-management') { + } else { + return new ComplexPermission( + [RoleConst.USER], + [ + PermissionConst.KNOWLEDGE.getKnowledgeWorkspaceResourcePermission( + to ? to.params.id : '', + ), + ], + [], + 'AND', + ) + } + }, + () => { + const to: any = get_next_route() + if (to.params.folderId == 'shared') { + return RoleConst.ADMIN + } else if (to.params.folderId == 'resource-management') { + } else { + return RoleConst.WORKSPACE_MANAGE.getWorkspaceRole() + } + }, + () => { + const to: any = get_next_route() + if (to.params.folderId == 'shared') { + return PermissionConst.SHARED_KNOWLEDGE_WORKFLOW_READ + } else if (to.params.folderId == 'resource-management') { + } else { + return PermissionConst.KNOWLEDGE_WORKFLOW_READ.getKnowledgeWorkspaceResourcePermission( + to ? to.params.id : '', + ) + } + }, + () => { + const to: any = get_next_route() + if (to.params.folderId == 'shared') { + return RoleConst.ADMIN + } else if (to.params.folderId == 'resource-management') { + } else { + return PermissionConst.KNOWLEDGE_WORKFLOW_READ.getWorkspacePermissionWorkspaceManageRole() + } + }, + () => { + const to: any = get_next_route() + if (to.params.folderId == 'share') { + return new ComplexPermission( + [RoleConst.EXTENDS_USER.getWorkspaceRole()], + [PermissionConst.KNOWLEDGE_WORKFLOW_READ.getWorkspacePermission()], + [], + 'AND', + ) + } + }, + () => { + const to: any = get_next_route() + if (to.params.folderId == 'share') { + return RoleConst.USER.getWorkspaceRole() + } + }, + () => { + const to: any = get_next_route() + if (to.params.folderId == 'resource-management') { return RoleConst.ADMIN } }, - ], + () => { + const to: any = get_next_route() + if (to.params.folderId == 'resource-management') { + return PermissionConst.RESOURCE_KNOWLEDGE_WORKFLOW_READ + } + }, + ].map(p => () => { + const to: any = get_next_route() + if (to.params.type !== '4') {return false} + return p() + }), }, redirect: (menu: any) => { const from = 'workspace' diff --git a/ui/src/utils/permission/data.ts b/ui/src/utils/permission/data.ts index fa79a8494..3b2cd1af3 100644 --- a/ui/src/utils/permission/data.ts +++ b/ui/src/utils/permission/data.ts @@ -109,6 +109,9 @@ const PermissionConst = { KNOWLEDGE_EXPORT: new Permission('KNOWLEDGE:READ+EXPORT'), KNOWLEDGE_DELETE: new Permission('KNOWLEDGE:READ+DELETE'), KNOWLEDGE_GENERATE: new Permission('KNOWLEDGE:READ+GENERATE'), + + KNOWLEDGE_WORKFLOW_READ: new Permission('KNOWLEDGE_WORKFLOW:READ'), + KNOWLEDGE_WORKFLOW_EDIT: new Permission('KNOWLEDGE_WORKFLOW:READ+EDIT'), KNOWLEDGE_DOCUMENT_READ: new Permission('KNOWLEDGE_DOCUMENT:READ'), KNOWLEDGE_DOCUMENT_CREATE: new Permission('KNOWLEDGE_DOCUMENT:READ+CREATE'), @@ -190,6 +193,9 @@ const PermissionConst = { SHARED_KNOWLEDGE_EXPORT: new Permission('SYSTEM_KNOWLEDGE:READ+EXPORT'), SHARED_KNOWLEDGE_GENERATE: new Permission('SYSTEM_KNOWLEDGE:READ+GENERATE'), SHARED_KNOWLEDGE_DELETE: new Permission('SYSTEM_KNOWLEDGE:READ+DELETE'), + + SHARED_KNOWLEDGE_WORKFLOW_READ: new Permission('SYSTEM_KNOWLEDGE_WORKFLOW:READ'), + SHARED_KNOWLEDGE_WORKFLOW_EDIT: new Permission('SYSTEM_KNOWLEDGE_WORKFLOW:READ+EDIT'), SHARED_KNOWLEDGE_DOCUMENT_READ: new Permission('SYSTEM_KNOWLEDGE_DOCUMENT:READ'), SHARED_KNOWLEDGE_DOCUMENT_CREATE: new Permission('SYSTEM_KNOWLEDGE_DOCUMENT:READ+CREATE'), @@ -243,6 +249,9 @@ const PermissionConst = { RESOURCE_KNOWLEDGE_EXPORT: new Permission('SYSTEM_RESOURCE_KNOWLEDGE:READ+EXPORT'), RESOURCE_KNOWLEDGE_DELETE: new Permission('SYSTEM_RESOURCE_KNOWLEDGE:READ+DELETE'), RESOURCE_KNOWLEDGE_GENERATE: new Permission('SYSTEM_RESOURCE_KNOWLEDGE:READ+GENERATE'), + + RESOURCE_KNOWLEDGE_WORKFLOW_READ: new Permission('SYSTEM_RESOURCE_KNOWLEDGE_WORKFLOW:READ'), + RESOURCE_KNOWLEDGE_WORKFLOW_EDIT: new Permission('SYSTEM_RESOURCE_KNOWLEDGE_WORKFLOW:READ+EDIT'), RESOURCE_KNOWLEDGE_DOCUMENT_READ: new Permission('SYSTEM_RESOURCE_KNOWLEDGE_DOCUMENT:READ'), RESOURCE_KNOWLEDGE_DOCUMENT_CREATE: new Permission('SYSTEM_RESOURCE_KNOWLEDGE_DOCUMENT:READ+CREATE'), @@ -377,3 +386,4 @@ const EditionConst = { IS_CE: new Edition('X-PACK-CE'), } export {PermissionConst, RoleConst, EditionConst} +