refactor: permission

2025-12-30 01:32:49 +00:00 · 2025-05-23 18:08:25 +08:00 · 2025-05-23 18:08:25 +08:00 · c0b676ed16
parent 2da3eac1b5
commit c0b676ed16
1 changed files with 51 additions and 0 deletions
--- a/apps/common/constants/permission_constants.py
+++ b/apps/common/constants/permission_constants.py
@ -35,6 +35,7 @@ class Group(Enum):

    EMAIL_SETTING = "EMAIL_SETTING"
    ROLE = "ROLE"
+    WORKSPACE = "WORKSPACE"


 class SystemGroup(Enum):
@ -452,6 +453,56 @@ class PermissionConstants(Enum):
        parent_group=[SystemGroup.ROLE]
    )

+    WORKSPACE_ROLE_ADD_MEMBER = Permission(
+        group=Group.ROLE, operate=Operate.ADD_MEMBER, role_list=[RoleConstants.ADMIN],
+        parent_group=[WorkspaceGroup.SYSTEM_MANAGEMENT]
+    )
+    WORKSPACE_ROLE_REMOVE_MEMBER = Permission(
+        group=Group.ROLE, operate=Operate.REMOVE_MEMBER, role_list=[RoleConstants.ADMIN],
+        parent_group=[WorkspaceGroup.SYSTEM_MANAGEMENT]
+    )
+    WORKSPACE_ROLE_READ = Permission(
+        group=Group.ROLE, operate=Operate.READ, role_list=[RoleConstants.ADMIN],
+        parent_group=[WorkspaceGroup.SYSTEM_MANAGEMENT]
+    )
+
+    WORKSPACE_READ = Permission(
+        group=Group.WORKSPACE, operate=Operate.READ, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
+        parent_group=[SystemGroup.WORKSPACE]
+    )
+    WORKSPACE_CREATE = Permission(
+        group=Group.WORKSPACE, operate=Operate.CREATE, role_list=[RoleConstants.ADMIN],
+        parent_group=[SystemGroup.WORKSPACE]
+    )
+    WORKSPACE_EDIT = Permission(
+        group=Group.WORKSPACE, operate=Operate.EDIT, role_list=[RoleConstants.ADMIN],
+        parent_group=[SystemGroup.WORKSPACE]
+    )
+    WORKSPACE_DELETE = Permission(
+        group=Group.WORKSPACE, operate=Operate.DELETE, role_list=[RoleConstants.ADMIN],
+        parent_group=[SystemGroup.WORKSPACE]
+    )
+    WORKSPACE_ADD_MEMBER = Permission(
+        group=Group.WORKSPACE, operate=Operate.ADD_MEMBER, role_list=[RoleConstants.ADMIN],
+        parent_group=[SystemGroup.WORKSPACE]
+    )
+    WORKSPACE_REMOVE_MEMBER = Permission(
+        group=Group.WORKSPACE, operate=Operate.REMOVE_MEMBER, role_list=[RoleConstants.ADMIN],
+        parent_group=[SystemGroup.WORKSPACE]
+    )
+    WORKSPACE_WORKSPACE_READ = Permission(
+        group=Group.WORKSPACE, operate=Operate.READ, role_list=[RoleConstants.ADMIN],
+        parent_group=[WorkspaceGroup.SYSTEM_MANAGEMENT]
+    )
+    WORKSPACE_WORKSPACE_ADD_MEMBER = Permission(
+        group=Group.WORKSPACE, operate=Operate.ADD_MEMBER, role_list=[RoleConstants.ADMIN],
+        parent_group=[WorkspaceGroup.SYSTEM_MANAGEMENT]
+    )
+    WORKSPACE_WORKSPACE_REMOVE_MEMBER = Permission(
+        group=Group.WORKSPACE, operate=Operate.REMOVE_MEMBER, role_list=[RoleConstants.ADMIN],
+        parent_group=[WorkspaceGroup.SYSTEM_MANAGEMENT]
+    )
+
    def get_workspace_application_permission(self):
        return lambda r, kwargs: Permission(group=self.value.group, operate=self.value.operate,
                                            resource_path=