From c0b676ed160dfac6e71b17b0fb6e0a599a78befe Mon Sep 17 00:00:00 2001
From: wxg0103 <727495428@qq.com>
Date: Fri, 23 May 2025 18:08:25 +0800
Subject: [PATCH] refactor: permission

---
 apps/common/constants/permission_constants.py | 51 +++++++++++++++++++
 1 file changed, 51 insertions(+)

diff --git a/apps/common/constants/permission_constants.py b/apps/common/constants/permission_constants.py
index cbd1c8a47..94299ab5c 100644
--- a/apps/common/constants/permission_constants.py
+++ b/apps/common/constants/permission_constants.py
@@ -35,6 +35,7 @@ class Group(Enum):
 
     EMAIL_SETTING = "EMAIL_SETTING"
     ROLE = "ROLE"
+    WORKSPACE = "WORKSPACE"
 
 
 class SystemGroup(Enum):
@@ -452,6 +453,56 @@ class PermissionConstants(Enum):
         parent_group=[SystemGroup.ROLE]
     )
 
+    WORKSPACE_ROLE_ADD_MEMBER = Permission(
+        group=Group.ROLE, operate=Operate.ADD_MEMBER, role_list=[RoleConstants.ADMIN],
+        parent_group=[WorkspaceGroup.SYSTEM_MANAGEMENT]
+    )
+    WORKSPACE_ROLE_REMOVE_MEMBER = Permission(
+        group=Group.ROLE, operate=Operate.REMOVE_MEMBER, role_list=[RoleConstants.ADMIN],
+        parent_group=[WorkspaceGroup.SYSTEM_MANAGEMENT]
+    )
+    WORKSPACE_ROLE_READ = Permission(
+        group=Group.ROLE, operate=Operate.READ, role_list=[RoleConstants.ADMIN],
+        parent_group=[WorkspaceGroup.SYSTEM_MANAGEMENT]
+    )
+
+    WORKSPACE_READ = Permission(
+        group=Group.WORKSPACE, operate=Operate.READ, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
+        parent_group=[SystemGroup.WORKSPACE]
+    )
+    WORKSPACE_CREATE = Permission(
+        group=Group.WORKSPACE, operate=Operate.CREATE, role_list=[RoleConstants.ADMIN],
+        parent_group=[SystemGroup.WORKSPACE]
+    )
+    WORKSPACE_EDIT = Permission(
+        group=Group.WORKSPACE, operate=Operate.EDIT, role_list=[RoleConstants.ADMIN],
+        parent_group=[SystemGroup.WORKSPACE]
+    )
+    WORKSPACE_DELETE = Permission(
+        group=Group.WORKSPACE, operate=Operate.DELETE, role_list=[RoleConstants.ADMIN],
+        parent_group=[SystemGroup.WORKSPACE]
+    )
+    WORKSPACE_ADD_MEMBER = Permission(
+        group=Group.WORKSPACE, operate=Operate.ADD_MEMBER, role_list=[RoleConstants.ADMIN],
+        parent_group=[SystemGroup.WORKSPACE]
+    )
+    WORKSPACE_REMOVE_MEMBER = Permission(
+        group=Group.WORKSPACE, operate=Operate.REMOVE_MEMBER, role_list=[RoleConstants.ADMIN],
+        parent_group=[SystemGroup.WORKSPACE]
+    )
+    WORKSPACE_WORKSPACE_READ = Permission(
+        group=Group.WORKSPACE, operate=Operate.READ, role_list=[RoleConstants.ADMIN],
+        parent_group=[WorkspaceGroup.SYSTEM_MANAGEMENT]
+    )
+    WORKSPACE_WORKSPACE_ADD_MEMBER = Permission(
+        group=Group.WORKSPACE, operate=Operate.ADD_MEMBER, role_list=[RoleConstants.ADMIN],
+        parent_group=[WorkspaceGroup.SYSTEM_MANAGEMENT]
+    )
+    WORKSPACE_WORKSPACE_REMOVE_MEMBER = Permission(
+        group=Group.WORKSPACE, operate=Operate.REMOVE_MEMBER, role_list=[RoleConstants.ADMIN],
+        parent_group=[WorkspaceGroup.SYSTEM_MANAGEMENT]
+    )
+
     def get_workspace_application_permission(self):
         return lambda r, kwargs: Permission(group=self.value.group, operate=self.value.operate,
                                             resource_path=