From c0ae78411e243f8a9f79b51a69a451af2da478f9 Mon Sep 17 00:00:00 2001 From: zhangzhanwei Date: Wed, 22 Oct 2025 10:16:36 +0800 Subject: [PATCH] feat: Tag permission interface --- apps/common/constants/permission_constants.py | 22 +++++++++++-- apps/knowledge/views/document.py | 16 +++++----- apps/knowledge/views/tag.py | 32 ++++++++++++------- apps/locales/en_US/LC_MESSAGES/django.po | 6 ++++ apps/locales/zh_CN/LC_MESSAGES/django.po | 8 ++++- apps/locales/zh_Hant/LC_MESSAGES/django.po | 8 ++++- 6 files changed, 69 insertions(+), 23 deletions(-) diff --git a/apps/common/constants/permission_constants.py b/apps/common/constants/permission_constants.py index b8b16f205..335cdf0d4 100644 --- a/apps/common/constants/permission_constants.py +++ b/apps/common/constants/permission_constants.py @@ -175,7 +175,8 @@ class Operate(Enum): TO_CHAT = "READ+TO_CHAT" # 去对话 SETTING = "READ+SETTING" # 管理 DOWNLOAD = "READ+DOWNLOAD" # 下载 - AUTH = "READ+AUTH" + AUTH = "READ+AUTH" # 资源授权 + TAG = "READ+TAG" # 标签设置 class RoleGroup(Enum): @@ -325,6 +326,7 @@ Permission_Label = { Group.APPLICATION.value: _("Application"), Group.KNOWLEDGE.value: _("Knowledge"), Group.KNOWLEDGE_DOCUMENT.value: _("Document"), + Group.KNOWLEDGE_TAG.value: _("Tag"), Group.KNOWLEDGE_PROBLEM.value: _("Problem"), Group.KNOWLEDGE_HIT_TEST.value: _("Hit-Test"), Operate.IMPORT.value: _("Import"), @@ -350,6 +352,7 @@ Permission_Label = { Operate.WEIXIN_PUBLIC_ACCOUNT.value: _('Weixin Public Account'), Operate.ADD_KNOWLEDGE.value: _('Add to Knowledge Base'), Operate.AUTH.value: _('resource authorization'), + Operate.TAG.value: _('Tag Setting'), Group.APPLICATION_OVERVIEW.value: _('Overview'), Group.APPLICATION_ACCESS.value: _('Application Access'), Group.APPLICATION_CHAT_USER.value: _('Dialogue users'), @@ -368,6 +371,7 @@ Permission_Label = { Group.SYSTEM_MODEL.value: _("Model"), Group.SYSTEM_KNOWLEDGE.value: _("Knowledge"), Group.SYSTEM_KNOWLEDGE_DOCUMENT.value: _("Document"), + Group.SYSTEM_KNOWLEDGE_TAG.value: _("Tag"), Group.SYSTEM_KNOWLEDGE_PROBLEM.value: _("Problem"), Group.SYSTEM_KNOWLEDGE_HIT_TEST.value: _("Hit-Test"), Group.SYSTEM_KNOWLEDGE_CHAT_USER.value: _("Dialogue users"), @@ -375,6 +379,7 @@ Permission_Label = { Group.SYSTEM_RES_MODEL.value: _("Model"), Group.SYSTEM_RES_KNOWLEDGE.value: _("Knowledge"), Group.SYSTEM_RES_KNOWLEDGE_DOCUMENT.value: _("Document"), + Group.SYSTEM_RES_KNOWLEDGE_TAG.value: _("Tag"), Group.SYSTEM_RES_KNOWLEDGE_PROBLEM.value: _("Problem"), Group.SYSTEM_RES_KNOWLEDGE_HIT_TEST.value: _("Hit-Test"), Group.SYSTEM_RES_KNOWLEDGE_CHAT_USER.value: _("Dialogue users"), @@ -394,7 +399,6 @@ Permission_Label = { # SystemGroup.RESOURCE.value: _("Resource"), } - class Permission: """ 权限信息 @@ -665,6 +669,12 @@ class PermissionConstants(Enum): resource_permission_group_list=[ResourcePermissionConst.KNOWLEDGE_MANGE], parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE] ) + KNOWLEDGE_DOCUMENT_TAG = Permission( + group=Group.KNOWLEDGE_DOCUMENT, operate=Operate.TAG, + role_list=[RoleConstants.ADMIN, RoleConstants.USER], + resource_permission_group_list=[ResourcePermissionConst.KNOWLEDGE_MANGE], + parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE] + ) KNOWLEDGE_HIT_TEST = Permission( group=Group.KNOWLEDGE_HIT_TEST, operate=Operate.READ, role_list=[RoleConstants.ADMIN, RoleConstants.USER], @@ -1224,6 +1234,10 @@ class PermissionConstants(Enum): group=Group.SYSTEM_KNOWLEDGE_DOCUMENT, operate=Operate.MIGRATE, role_list=[RoleConstants.ADMIN], parent_group=[SystemGroup.SHARED_KNOWLEDGE], is_ee=settings.edition == "EE" ) + SHARED_KNOWLEDGE_DOCUMENT_TAG = Permission( + group=Group.SYSTEM_KNOWLEDGE_DOCUMENT, operate=Operate.TAG, role_list=[RoleConstants.ADMIN], + parent_group=[SystemGroup.SHARED_KNOWLEDGE], is_ee=settings.edition == "EE" + ) SHARED_KNOWLEDGE_TAG_READ = Permission( group=Group.SYSTEM_KNOWLEDGE_TAG, operate=Operate.READ, role_list=[RoleConstants.ADMIN], parent_group=[SystemGroup.SHARED_KNOWLEDGE], is_ee=settings.edition == "EE" @@ -1444,6 +1458,10 @@ class PermissionConstants(Enum): group=Group.SYSTEM_RES_KNOWLEDGE_DOCUMENT, operate=Operate.MIGRATE, role_list=[RoleConstants.ADMIN], parent_group=[SystemGroup.RESOURCE_KNOWLEDGE], is_ee=settings.edition == "EE" ) + RESOURCE_KNOWLEDGE_DOCUMENT_TAG = Permission( + group=Group.SYSTEM_RES_KNOWLEDGE_DOCUMENT, operate=Operate.TAG, role_list=[RoleConstants.ADMIN], + parent_group=[SystemGroup.RESOURCE_KNOWLEDGE], is_ee=settings.edition == "EE" + ) RESOURCE_KNOWLEDGE_HIT_TEST = Permission( group=Group.SYSTEM_RES_KNOWLEDGE_HIT_TEST, operate=Operate.READ, role_list=[RoleConstants.ADMIN], parent_group=[SystemGroup.RESOURCE_KNOWLEDGE], is_ee=settings.edition == "EE" diff --git a/apps/knowledge/views/document.py b/apps/knowledge/views/document.py index 09b43c072..17472f387 100644 --- a/apps/knowledge/views/document.py +++ b/apps/knowledge/views/document.py @@ -519,8 +519,8 @@ class DocumentView(APIView): tags=[_('Knowledge Base/Documentation')] # type: ignore ) @has_permissions( - PermissionConstants.KNOWLEDGE_DOCUMENT_EDIT.get_workspace_knowledge_permission(), - PermissionConstants.KNOWLEDGE_DOCUMENT_EDIT.get_workspace_permission_workspace_manage_role(), + PermissionConstants.KNOWLEDGE_DOCUMENT_TAG.get_workspace_knowledge_permission(), + PermissionConstants.KNOWLEDGE_DOCUMENT_TAG.get_workspace_permission_workspace_manage_role(), RoleConstants.WORKSPACE_MANAGE.get_workspace_role(), ViewPermission([RoleConstants.USER.get_workspace_role()], [PermissionConstants.KNOWLEDGE.get_workspace_knowledge_permission()], CompareConstants.AND), @@ -724,8 +724,8 @@ class DocumentView(APIView): tags=[_('Knowledge Base/Documentation')] # type: ignore ) @has_permissions( - PermissionConstants.KNOWLEDGE_TAG_READ.get_workspace_knowledge_permission(), - PermissionConstants.KNOWLEDGE_TAG_READ.get_workspace_permission_workspace_manage_role(), + PermissionConstants.KNOWLEDGE_DOCUMENT_TAG.get_workspace_knowledge_permission(), + PermissionConstants.KNOWLEDGE_DOCUMENT_TAG.get_workspace_permission_workspace_manage_role(), RoleConstants.WORKSPACE_MANAGE.get_workspace_role(), ViewPermission([RoleConstants.USER.get_workspace_role()], [PermissionConstants.KNOWLEDGE.get_workspace_knowledge_permission()], CompareConstants.AND), @@ -745,8 +745,8 @@ class DocumentView(APIView): tags=[_('Knowledge Base/Documentation')] # type: ignore ) @has_permissions( - PermissionConstants.KNOWLEDGE_TAG_READ.get_workspace_knowledge_permission(), - PermissionConstants.KNOWLEDGE_TAG_READ.get_workspace_permission_workspace_manage_role(), + PermissionConstants.KNOWLEDGE_DOCUMENT_TAG.get_workspace_knowledge_permission(), + PermissionConstants.KNOWLEDGE_DOCUMENT_TAG.get_workspace_permission_workspace_manage_role(), RoleConstants.WORKSPACE_MANAGE.get_workspace_role(), ViewPermission([RoleConstants.USER.get_workspace_role()], [PermissionConstants.KNOWLEDGE.get_workspace_knowledge_permission()], CompareConstants.AND), @@ -770,8 +770,8 @@ class DocumentView(APIView): tags=[_('Knowledge Base/Documentation')] # type: ignore ) @has_permissions( - PermissionConstants.KNOWLEDGE_TAG_READ.get_workspace_knowledge_permission(), - PermissionConstants.KNOWLEDGE_TAG_READ.get_workspace_permission_workspace_manage_role(), + PermissionConstants.KNOWLEDGE_DOCUMENT_TAG.get_workspace_knowledge_permission(), + PermissionConstants.KNOWLEDGE_DOCUMENT_TAG.get_workspace_permission_workspace_manage_role(), RoleConstants.WORKSPACE_MANAGE.get_workspace_role(), ViewPermission([RoleConstants.USER.get_workspace_role()], [PermissionConstants.KNOWLEDGE.get_workspace_knowledge_permission()], diff --git a/apps/knowledge/views/tag.py b/apps/knowledge/views/tag.py index 96e53f92a..99bde4297 100644 --- a/apps/knowledge/views/tag.py +++ b/apps/knowledge/views/tag.py @@ -5,7 +5,7 @@ from rest_framework.views import APIView from common.auth import TokenAuth from common.auth.authentication import has_permissions -from common.constants.permission_constants import PermissionConstants, RoleConstants +from common.constants.permission_constants import PermissionConstants, RoleConstants, ViewPermission, CompareConstants from common.log.log import log from common.result import result from knowledge.api.tag import TagCreateAPI, TagDeleteAPI, TagEditAPI @@ -25,9 +25,11 @@ class KnowledgeTagView(APIView): tags=[_('Knowledge Base/Tag')] # type: ignore ) @has_permissions( - PermissionConstants.KNOWLEDGE_TAG_CREATE.get_workspace_permission(), + PermissionConstants.KNOWLEDGE_TAG_CREATE.get_workspace_knowledge_permission(), + PermissionConstants.KNOWLEDGE_TAG_CREATE.get_workspace_permission_workspace_manage_role(), RoleConstants.WORKSPACE_MANAGE.get_workspace_role(), - RoleConstants.USER.get_workspace_role() + ViewPermission([RoleConstants.USER.get_workspace_role()], + [PermissionConstants.KNOWLEDGE.get_workspace_knowledge_permission()], CompareConstants.AND), ) @log( menu='tag', operate="Create a knowledge tag", @@ -47,9 +49,11 @@ class KnowledgeTagView(APIView): tags=[_('Knowledge Base/Tag')] # type: ignore ) @has_permissions( - PermissionConstants.KNOWLEDGE_TAG_READ.get_workspace_permission(), + PermissionConstants.KNOWLEDGE_TAG_READ.get_workspace_knowledge_permission(), + PermissionConstants.KNOWLEDGE_TAG_READ.get_workspace_permission_workspace_manage_role(), RoleConstants.WORKSPACE_MANAGE.get_workspace_role(), - RoleConstants.USER.get_workspace_role() + ViewPermission([RoleConstants.USER.get_workspace_role()], + [PermissionConstants.KNOWLEDGE.get_workspace_knowledge_permission()], CompareConstants.AND), ) @log( menu='tag', operate="Create a knowledge tag", @@ -74,9 +78,11 @@ class KnowledgeTagView(APIView): tags=[_('Knowledge Base/Tag')] # type: ignore ) @has_permissions( - PermissionConstants.KNOWLEDGE_TAG_EDIT.get_workspace_permission(), + PermissionConstants.KNOWLEDGE_TAG_EDIT.get_workspace_knowledge_permission(), + PermissionConstants.KNOWLEDGE_TAG_EDIT.get_workspace_permission_workspace_manage_role(), RoleConstants.WORKSPACE_MANAGE.get_workspace_role(), - RoleConstants.USER.get_workspace_role() + ViewPermission([RoleConstants.USER.get_workspace_role()], + [PermissionConstants.KNOWLEDGE.get_workspace_knowledge_permission()], CompareConstants.AND), ) @log( menu='tag', operate="Update a knowledge tag", @@ -99,9 +105,11 @@ class KnowledgeTagView(APIView): tags=[_('Knowledge Base/Tag')] # type: ignore ) @has_permissions( - PermissionConstants.KNOWLEDGE_TAG_DELETE.get_workspace_permission(), + PermissionConstants.KNOWLEDGE_TAG_DELETE.get_workspace_knowledge_permission(), + PermissionConstants.KNOWLEDGE_TAG_DELETE.get_workspace_permission_workspace_manage_role(), RoleConstants.WORKSPACE_MANAGE.get_workspace_role(), - RoleConstants.USER.get_workspace_role() + ViewPermission([RoleConstants.USER.get_workspace_role()], + [PermissionConstants.KNOWLEDGE.get_workspace_knowledge_permission()], CompareConstants.AND), ) @log( menu='tag', operate="Delete a knowledge tag", @@ -124,9 +132,11 @@ class KnowledgeTagView(APIView): tags=[_('Knowledge Base/Tag')] # type: ignore ) @has_permissions( - PermissionConstants.KNOWLEDGE_TAG_DELETE.get_workspace_permission(), + PermissionConstants.KNOWLEDGE_TAG_DELETE.get_workspace_knowledge_permission(), + PermissionConstants.KNOWLEDGE_TAG_DELETE.get_workspace_permission_workspace_manage_role(), RoleConstants.WORKSPACE_MANAGE.get_workspace_role(), - RoleConstants.USER.get_workspace_role() + ViewPermission([RoleConstants.USER.get_workspace_role()], + [PermissionConstants.KNOWLEDGE.get_workspace_knowledge_permission()], CompareConstants.AND), ) @log( menu='tag', operate="Batch Delete knowledge tag", diff --git a/apps/locales/en_US/LC_MESSAGES/django.po b/apps/locales/en_US/LC_MESSAGES/django.po index 6dc5f4e21..77f0ce5ce 100644 --- a/apps/locales/en_US/LC_MESSAGES/django.po +++ b/apps/locales/en_US/LC_MESSAGES/django.po @@ -8730,4 +8730,10 @@ msgid "Sample Rate" msgstr "" msgid "Captcha is required" +msgstr "" + +msgid "Tag" +msgstr "" + +msgid "Tag Setting" msgstr "" \ No newline at end of file diff --git a/apps/locales/zh_CN/LC_MESSAGES/django.po b/apps/locales/zh_CN/LC_MESSAGES/django.po index 19b637b6b..6a27336ab 100644 --- a/apps/locales/zh_CN/LC_MESSAGES/django.po +++ b/apps/locales/zh_CN/LC_MESSAGES/django.po @@ -8856,4 +8856,10 @@ msgid "Sample Rate" msgstr "采样率" msgid "Captcha is required" -msgstr "验证码是必填项" \ No newline at end of file +msgstr "验证码是必填项" + +msgid "Tag" +msgstr "标签管理" + +msgid "Tag Setting" +msgstr "标签设置" diff --git a/apps/locales/zh_Hant/LC_MESSAGES/django.po b/apps/locales/zh_Hant/LC_MESSAGES/django.po index 183659099..05c06bae8 100644 --- a/apps/locales/zh_Hant/LC_MESSAGES/django.po +++ b/apps/locales/zh_Hant/LC_MESSAGES/django.po @@ -8856,4 +8856,10 @@ msgid "Sample Rate" msgstr "採樣率" msgid "Captcha is required" -msgstr "驗證碼是必填項" \ No newline at end of file +msgstr "驗證碼是必填項" + +msgid "Tag" +msgstr "標籤管理" + +msgid "Tag Setting" +msgstr "標籤設定"