mirror of
https://github.com/1Panel-dev/MaxKB.git
synced 2025-12-26 01:33:05 +00:00
feat: user resource permission (#3422)
This commit is contained in:
shaohuzhang1
GitHub
parent
873a9a953f
commit
c5bdada6dc
|
|
@ -20,7 +20,7 @@ from common.constants.cache_version import Cache_Version
|
|||
from common.constants.permission_constants import Auth, PermissionConstants, ResourcePermissionGroup, \
|
||||
get_permission_list_by_resource_group, ResourceAuthType, \
|
||||
ResourcePermissionRole, get_default_role_permission_mapping_list, get_default_workspace_user_role_mapping_list, \
|
||||
RoleConstants
|
||||
RoleConstants, ResourcePermission, Resource
|
||||
from common.database_model_manage.database_model_manage import DatabaseModelManage
|
||||
from common.exception.app_exception import AppAuthenticationFailed
|
||||
from common.utils.common import group_by
|
||||
|
|
@ -132,9 +132,11 @@ def get_workspace_resource_permission_list_by_workspace_user_permission(
|
|||
resource_permission_list = [
|
||||
[
|
||||
f"{permission}:/WORKSPACE/{workspace_user_resource_permission.workspace_id}/{workspace_user_resource_permission.auth_target_type}/{workspace_user_resource_permission.target}"
|
||||
for permission in get_permission_list_by_resource_group(ResourcePermissionGroup[resource_permission])]
|
||||
for permission in get_permission_list_by_resource_group(
|
||||
ResourcePermissionGroup(Resource(workspace_user_resource_permission.auth_target_type),
|
||||
ResourcePermission(resource_permission)))]
|
||||
for resource_permission in workspace_user_resource_permission.permission_list if
|
||||
ResourcePermissionGroup.values.__contains__(resource_permission)]
|
||||
ResourcePermission.values.__contains__(resource_permission)]
|
||||
# 将二维数组扁平为一维
|
||||
return reduce(lambda x, y: [*x, *y], resource_permission_list, [])
|
||||
return []
|
||||
|
|
|
|||
|
|
@ -53,6 +53,11 @@ class Group(Enum):
|
|||
|
||||
WORKSPACE_USER_RESOURCE_PERMISSION = "WORKSPACE_USER_RESOURCE_PERMISSION"
|
||||
|
||||
APPLICATION_WORKSPACE_USER_RESOURCE_PERMISSION = "APPLICATION_WORKSPACE_USER_RESOURCE_PERMISSION"
|
||||
KNOWLEDGE_WORKSPACE_USER_RESOURCE_PERMISSION = "KNOWLEDGE_WORKSPACE_USER_RESOURCE_PERMISSION"
|
||||
TOOL_WORKSPACE_USER_RESOURCE_PERMISSION = "TOOL_WORKSPACE_USER_RESOURCE_PERMISSION"
|
||||
MODEL_WORKSPACE_USER_RESOURCE_PERMISSION = "MODEL_WORKSPACE_USER_RESOURCE_PERMISSION"
|
||||
|
||||
EMAIL_SETTING = "EMAIL_SETTING"
|
||||
ROLE = "ROLE"
|
||||
WORKSPACE_ROLE = "WORKSPACE_ROLE"
|
||||
|
|
@ -169,7 +174,7 @@ class ResourcePermissionRole(models.TextChoices):
|
|||
return str(self) == str(other)
|
||||
|
||||
|
||||
class ResourcePermissionGroup(models.TextChoices):
|
||||
class ResourcePermission(models.TextChoices):
|
||||
"""
|
||||
资源权限组
|
||||
"""
|
||||
|
|
@ -182,6 +187,36 @@ class ResourcePermissionGroup(models.TextChoices):
|
|||
return str(self) == str(other)
|
||||
|
||||
|
||||
class Resource(models.TextChoices):
|
||||
KNOWLEDGE = Group.KNOWLEDGE.value
|
||||
APPLICATION = Group.APPLICATION.value
|
||||
TOOL = Group.TOOL.value
|
||||
MODEL = Group.MODEL.value
|
||||
|
||||
def __eq__(self, other):
|
||||
return str(self) == str(other)
|
||||
|
||||
|
||||
class ResourcePermissionGroup:
|
||||
def __init__(self, resource: Resource, permission: ResourcePermission):
|
||||
self.permission = permission
|
||||
self.resource = resource
|
||||
|
||||
def __eq__(self, other):
|
||||
return str(self.permission) == str(other.permission) and str(self.resource) == str(other.resource)
|
||||
|
||||
|
||||
class ResourcePermissionConst:
|
||||
KNOWLEDGE_MANGE = ResourcePermissionGroup(Resource.KNOWLEDGE, ResourcePermission.MANAGE)
|
||||
KNOWLEDGE_VIEW = ResourcePermissionGroup(Resource.KNOWLEDGE, ResourcePermission.VIEW)
|
||||
APPLICATION_MANGE = ResourcePermissionGroup(Resource.APPLICATION, ResourcePermission.MANAGE)
|
||||
APPLICATION_VIEW = ResourcePermissionGroup(Resource.APPLICATION, ResourcePermission.VIEW)
|
||||
TOOL_MANGE = ResourcePermissionGroup(Resource.TOOL, ResourcePermission.MANAGE)
|
||||
TOOL_VIEW = ResourcePermissionGroup(Resource.TOOL, ResourcePermission.VIEW)
|
||||
MODEL_MANGE = ResourcePermissionGroup(Resource.MODEL, ResourcePermission.MANAGE)
|
||||
MODEL_VIEW = ResourcePermissionGroup(Resource.MODEL, ResourcePermission.VIEW)
|
||||
|
||||
|
||||
class ResourceAuthType(models.TextChoices):
|
||||
"""
|
||||
资源授权类型
|
||||
|
|
@ -376,188 +411,224 @@ class PermissionConstants(Enum):
|
|||
|
||||
MODEL_CREATE = Permission(
|
||||
group=Group.MODEL, operate=Operate.CREATE, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||
parent_group=[WorkspaceGroup.MODEL, UserGroup.MODEL]
|
||||
parent_group=[WorkspaceGroup.MODEL, UserGroup.MODEL],
|
||||
resource_permission_group_list=[ResourcePermissionConst.MODEL_MANGE]
|
||||
)
|
||||
|
||||
MODEL_READ = Permission(
|
||||
group=Group.MODEL, operate=Operate.READ, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||
parent_group=[WorkspaceGroup.MODEL, UserGroup.MODEL]
|
||||
parent_group=[WorkspaceGroup.MODEL, UserGroup.MODEL],
|
||||
resource_permission_group_list=[ResourcePermissionConst.MODEL_VIEW]
|
||||
)
|
||||
|
||||
MODEL_EDIT = Permission(
|
||||
group=Group.MODEL, operate=Operate.EDIT, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||
parent_group=[WorkspaceGroup.MODEL, UserGroup.MODEL]
|
||||
parent_group=[WorkspaceGroup.MODEL, UserGroup.MODEL],
|
||||
resource_permission_group_list=[ResourcePermissionConst.MODEL_MANGE]
|
||||
)
|
||||
MODEL_DELETE = Permission(
|
||||
group=Group.MODEL, operate=Operate.DELETE, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||
parent_group=[WorkspaceGroup.MODEL, UserGroup.MODEL]
|
||||
parent_group=[WorkspaceGroup.MODEL, UserGroup.MODEL],
|
||||
resource_permission_group_list=[ResourcePermissionConst.MODEL_MANGE]
|
||||
)
|
||||
TOOL_CREATE = Permission(
|
||||
group=Group.TOOL, operate=Operate.CREATE, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||
parent_group=[WorkspaceGroup.TOOL, UserGroup.TOOL]
|
||||
parent_group=[WorkspaceGroup.TOOL, UserGroup.TOOL],
|
||||
resource_permission_group_list=[ResourcePermissionConst.TOOL_MANGE]
|
||||
)
|
||||
|
||||
TOOL_EDIT = Permission(
|
||||
group=Group.TOOL, operate=Operate.EDIT, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||
parent_group=[WorkspaceGroup.TOOL, UserGroup.TOOL]
|
||||
parent_group=[WorkspaceGroup.TOOL, UserGroup.TOOL],
|
||||
resource_permission_group_list=[ResourcePermissionConst.TOOL_MANGE]
|
||||
)
|
||||
|
||||
TOOL_READ = Permission(
|
||||
group=Group.TOOL, operate=Operate.READ, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||
parent_group=[WorkspaceGroup.TOOL, UserGroup.TOOL]
|
||||
parent_group=[WorkspaceGroup.TOOL, UserGroup.TOOL],
|
||||
resource_permission_group_list=[ResourcePermissionConst.TOOL_VIEW]
|
||||
)
|
||||
|
||||
TOOL_DELETE = Permission(
|
||||
group=Group.TOOL, operate=Operate.DELETE, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||
parent_group=[WorkspaceGroup.TOOL, UserGroup.TOOL]
|
||||
parent_group=[WorkspaceGroup.TOOL, UserGroup.TOOL],
|
||||
resource_permission_group_list=[ResourcePermissionConst.TOOL_MANGE]
|
||||
)
|
||||
|
||||
TOOL_DEBUG = Permission(
|
||||
group=Group.TOOL, operate=Operate.DEBUG, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||
parent_group=[WorkspaceGroup.TOOL, UserGroup.TOOL]
|
||||
parent_group=[WorkspaceGroup.TOOL, UserGroup.TOOL],
|
||||
resource_permission_group_list=[ResourcePermissionConst.TOOL_MANGE]
|
||||
)
|
||||
TOOL_IMPORT = Permission(
|
||||
group=Group.TOOL, operate=Operate.IMPORT, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||
parent_group=[WorkspaceGroup.TOOL, UserGroup.TOOL]
|
||||
parent_group=[WorkspaceGroup.TOOL, UserGroup.TOOL],
|
||||
resource_permission_group_list=[ResourcePermissionConst.TOOL_MANGE]
|
||||
)
|
||||
TOOL_EXPORT = Permission(
|
||||
group=Group.TOOL, operate=Operate.EXPORT, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||
parent_group=[WorkspaceGroup.TOOL, UserGroup.TOOL]
|
||||
parent_group=[WorkspaceGroup.TOOL, UserGroup.TOOL],
|
||||
resource_permission_group_list=[ResourcePermissionConst.TOOL_MANGE]
|
||||
)
|
||||
KNOWLEDGE_READ = Permission(
|
||||
group=Group.KNOWLEDGE, operate=Operate.READ, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||
resource_permission_group_list=[ResourcePermissionGroup.VIEW],
|
||||
resource_permission_group_list=[ResourcePermissionConst.KNOWLEDGE_VIEW],
|
||||
parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE]
|
||||
)
|
||||
KNOWLEDGE_CREATE = Permission(
|
||||
group=Group.KNOWLEDGE, operate=Operate.CREATE, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||
resource_permission_group_list=[ResourcePermissionGroup.VIEW],
|
||||
resource_permission_group_list=[ResourcePermissionConst.KNOWLEDGE_VIEW],
|
||||
parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE]
|
||||
)
|
||||
KNOWLEDGE_EDIT = Permission(
|
||||
group=Group.KNOWLEDGE, operate=Operate.EDIT, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||
resource_permission_group_list=[ResourcePermissionGroup.MANAGE],
|
||||
resource_permission_group_list=[ResourcePermissionConst.KNOWLEDGE_MANGE],
|
||||
parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE]
|
||||
)
|
||||
KNOWLEDGE_DELETE = Permission(
|
||||
group=Group.KNOWLEDGE, operate=Operate.DELETE, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||
resource_permission_group_list=[ResourcePermissionGroup.MANAGE],
|
||||
resource_permission_group_list=[ResourcePermissionConst.KNOWLEDGE_MANGE],
|
||||
parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE]
|
||||
)
|
||||
KNOWLEDGE_SYNC = Permission(
|
||||
group=Group.KNOWLEDGE, operate=Operate.SYNC, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||
resource_permission_group_list=[ResourcePermissionGroup.MANAGE],
|
||||
resource_permission_group_list=[ResourcePermissionConst.KNOWLEDGE_MANGE],
|
||||
parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE]
|
||||
)
|
||||
KNOWLEDGE_EXPORT = Permission(
|
||||
group=Group.KNOWLEDGE, operate=Operate.EXPORT, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||
resource_permission_group_list=[ResourcePermissionGroup.MANAGE],
|
||||
resource_permission_group_list=[ResourcePermissionConst.KNOWLEDGE_MANGE],
|
||||
parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE]
|
||||
)
|
||||
KNOWLEDGE_VECTOR = Permission(
|
||||
group=Group.KNOWLEDGE, operate=Operate.VECTOR, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||
resource_permission_group_list=[ResourcePermissionGroup.MANAGE],
|
||||
resource_permission_group_list=[ResourcePermissionConst.KNOWLEDGE_MANGE],
|
||||
parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE]
|
||||
)
|
||||
KNOWLEDGE_GENERATE = Permission(
|
||||
group=Group.KNOWLEDGE, operate=Operate.GENERATE, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||
resource_permission_group_list=[ResourcePermissionGroup.MANAGE],
|
||||
resource_permission_group_list=[ResourcePermissionConst.KNOWLEDGE_MANGE],
|
||||
parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE]
|
||||
)
|
||||
KNOWLEDGE_DOCUMENT_READ = Permission(
|
||||
group=Group.KNOWLEDGE_DOCUMENT, operate=Operate.READ,
|
||||
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||
resource_permission_group_list=[ResourcePermissionGroup.VIEW],
|
||||
resource_permission_group_list=[ResourcePermissionConst.KNOWLEDGE_VIEW],
|
||||
parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE]
|
||||
)
|
||||
KNOWLEDGE_DOCUMENT_CREATE = Permission(
|
||||
group=Group.KNOWLEDGE_DOCUMENT, operate=Operate.CREATE,
|
||||
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||
resource_permission_group_list=[ResourcePermissionGroup.MANAGE],
|
||||
resource_permission_group_list=[ResourcePermissionConst.KNOWLEDGE_MANGE],
|
||||
parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE]
|
||||
)
|
||||
KNOWLEDGE_DOCUMENT_EDIT = Permission(
|
||||
group=Group.KNOWLEDGE_DOCUMENT, operate=Operate.EDIT, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||
resource_permission_group_list=[ResourcePermissionGroup.MANAGE],
|
||||
resource_permission_group_list=[ResourcePermissionConst.KNOWLEDGE_MANGE],
|
||||
parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE]
|
||||
)
|
||||
KNOWLEDGE_DOCUMENT_DELETE = Permission(
|
||||
group=Group.KNOWLEDGE_DOCUMENT, operate=Operate.DELETE, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||
resource_permission_group_list=[ResourcePermissionGroup.MANAGE],
|
||||
resource_permission_group_list=[ResourcePermissionConst.KNOWLEDGE_MANGE],
|
||||
parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE]
|
||||
)
|
||||
KNOWLEDGE_DOCUMENT_SYNC = Permission(
|
||||
group=Group.KNOWLEDGE_DOCUMENT, operate=Operate.SYNC, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||
resource_permission_group_list=[ResourcePermissionGroup.MANAGE],
|
||||
resource_permission_group_list=[ResourcePermissionConst.KNOWLEDGE_MANGE],
|
||||
parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE]
|
||||
)
|
||||
KNOWLEDGE_DOCUMENT_EXPORT = Permission(
|
||||
group=Group.KNOWLEDGE_DOCUMENT, operate=Operate.EXPORT,
|
||||
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||
resource_permission_group_list=[ResourcePermissionGroup.MANAGE],
|
||||
resource_permission_group_list=[ResourcePermissionConst.KNOWLEDGE_MANGE],
|
||||
parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE]
|
||||
)
|
||||
KNOWLEDGE_DOCUMENT_DOWNLOAD_SOURCE_FILE = Permission(
|
||||
group=Group.KNOWLEDGE_DOCUMENT, operate=Operate.DOWNLOAD,
|
||||
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||
resource_permission_group_list=[ResourcePermissionGroup.MANAGE],
|
||||
resource_permission_group_list=[ResourcePermissionConst.KNOWLEDGE_MANGE],
|
||||
parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE]
|
||||
)
|
||||
KNOWLEDGE_DOCUMENT_GENERATE = Permission(
|
||||
group=Group.KNOWLEDGE_DOCUMENT, operate=Operate.GENERATE,
|
||||
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||
resource_permission_group_list=[ResourcePermissionGroup.MANAGE],
|
||||
resource_permission_group_list=[ResourcePermissionConst.KNOWLEDGE_MANGE],
|
||||
parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE]
|
||||
)
|
||||
KNOWLEDGE_DOCUMENT_VECTOR = Permission(
|
||||
group=Group.KNOWLEDGE_DOCUMENT, operate=Operate.VECTOR,
|
||||
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||
resource_permission_group_list=[ResourcePermissionGroup.MANAGE],
|
||||
resource_permission_group_list=[ResourcePermissionConst.KNOWLEDGE_MANGE],
|
||||
parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE]
|
||||
)
|
||||
KNOWLEDGE_DOCUMENT_MIGRATE = Permission(
|
||||
group=Group.KNOWLEDGE_DOCUMENT, operate=Operate.MIGRATE,
|
||||
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||
resource_permission_group_list=[ResourcePermissionGroup.MANAGE],
|
||||
resource_permission_group_list=[ResourcePermissionConst.KNOWLEDGE_MANGE],
|
||||
parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE]
|
||||
)
|
||||
|
||||
KNOWLEDGE_PROBLEM_READ = Permission(
|
||||
group=Group.KNOWLEDGE_PROBLEM, operate=Operate.READ,
|
||||
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||
resource_permission_group_list=[ResourcePermissionGroup.VIEW],
|
||||
resource_permission_group_list=[ResourcePermissionConst.KNOWLEDGE_VIEW],
|
||||
parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE]
|
||||
)
|
||||
KNOWLEDGE_PROBLEM_CREATE = Permission(
|
||||
group=Group.KNOWLEDGE_PROBLEM, operate=Operate.CREATE,
|
||||
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||
resource_permission_group_list=[ResourcePermissionGroup.MANAGE],
|
||||
resource_permission_group_list=[ResourcePermissionConst.KNOWLEDGE_MANGE],
|
||||
parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE]
|
||||
)
|
||||
KNOWLEDGE_PROBLEM_EDIT = Permission(
|
||||
group=Group.KNOWLEDGE_PROBLEM, operate=Operate.EDIT, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||
resource_permission_group_list=[ResourcePermissionGroup.MANAGE],
|
||||
resource_permission_group_list=[ResourcePermissionConst.KNOWLEDGE_MANGE],
|
||||
parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE]
|
||||
)
|
||||
KNOWLEDGE_PROBLEM_DELETE = Permission(
|
||||
group=Group.KNOWLEDGE_PROBLEM, operate=Operate.DELETE, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||
resource_permission_group_list=[ResourcePermissionGroup.MANAGE],
|
||||
resource_permission_group_list=[ResourcePermissionConst.KNOWLEDGE_MANGE],
|
||||
parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE]
|
||||
)
|
||||
KNOWLEDGE_PROBLEM_RELATE = Permission(
|
||||
group=Group.KNOWLEDGE_PROBLEM, operate=Operate.RELATE,
|
||||
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||
resource_permission_group_list=[ResourcePermissionGroup.MANAGE],
|
||||
resource_permission_group_list=[ResourcePermissionConst.KNOWLEDGE_MANGE],
|
||||
parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE]
|
||||
)
|
||||
WORKSPACE_USER_RESOURCE_PERMISSION_READ = Permission(
|
||||
group=Group.WORKSPACE_USER_RESOURCE_PERMISSION, operate=Operate.READ,
|
||||
APPLICATION_WORKSPACE_USER_RESOURCE_PERMISSION_READ = Permission(
|
||||
group=Group.APPLICATION_WORKSPACE_USER_RESOURCE_PERMISSION, operate=Operate.READ,
|
||||
role_list=[RoleConstants.ADMIN, RoleConstants.WORKSPACE_MANAGE]
|
||||
)
|
||||
WORKSPACE_USER_RESOURCE_PERMISSION_EDIT = Permission(
|
||||
group=Group.WORKSPACE_USER_RESOURCE_PERMISSION, operate=Operate.EDIT,
|
||||
APPLICATION_WORKSPACE_USER_RESOURCE_PERMISSION_EDIT = Permission(
|
||||
group=Group.APPLICATION_WORKSPACE_USER_RESOURCE_PERMISSION, operate=Operate.EDIT,
|
||||
role_list=[RoleConstants.ADMIN, RoleConstants.WORKSPACE_MANAGE]
|
||||
)
|
||||
KNOWLEDGE_WORKSPACE_USER_RESOURCE_PERMISSION_READ = Permission(
|
||||
group=Group.KNOWLEDGE_WORKSPACE_USER_RESOURCE_PERMISSION, operate=Operate.READ,
|
||||
role_list=[RoleConstants.ADMIN, RoleConstants.WORKSPACE_MANAGE]
|
||||
)
|
||||
KNOWLEDGE_WORKSPACE_USER_RESOURCE_PERMISSION_EDIT = Permission(
|
||||
group=Group.KNOWLEDGE_WORKSPACE_USER_RESOURCE_PERMISSION, operate=Operate.EDIT,
|
||||
role_list=[RoleConstants.ADMIN, RoleConstants.WORKSPACE_MANAGE]
|
||||
)
|
||||
TOOL_WORKSPACE_USER_RESOURCE_PERMISSION_READ = Permission(
|
||||
group=Group.TOOL_WORKSPACE_USER_RESOURCE_PERMISSION, operate=Operate.READ,
|
||||
role_list=[RoleConstants.ADMIN, RoleConstants.WORKSPACE_MANAGE]
|
||||
)
|
||||
TOOL_WORKSPACE_USER_RESOURCE_PERMISSION_EDIT = Permission(
|
||||
group=Group.TOOL_WORKSPACE_USER_RESOURCE_PERMISSION, operate=Operate.EDIT,
|
||||
role_list=[RoleConstants.ADMIN, RoleConstants.WORKSPACE_MANAGE]
|
||||
)
|
||||
MODEL_WORKSPACE_USER_RESOURCE_PERMISSION_READ = Permission(
|
||||
group=Group.MODEL_WORKSPACE_USER_RESOURCE_PERMISSION, operate=Operate.READ,
|
||||
role_list=[RoleConstants.ADMIN, RoleConstants.WORKSPACE_MANAGE]
|
||||
)
|
||||
MODEL_WORKSPACE_USER_RESOURCE_PERMISSION_EDIT = Permission(
|
||||
group=Group.MODEL_WORKSPACE_USER_RESOURCE_PERMISSION, operate=Operate.EDIT,
|
||||
role_list=[RoleConstants.ADMIN, RoleConstants.WORKSPACE_MANAGE]
|
||||
)
|
||||
|
||||
EMAIL_SETTING_READ = Permission(
|
||||
group=Group.EMAIL_SETTING, operate=Operate.READ, role_list=[RoleConstants.ADMIN],
|
||||
parent_group=[SystemGroup.SYSTEM_SETTING]
|
||||
|
|
@ -651,141 +722,146 @@ class PermissionConstants(Enum):
|
|||
APPLICATION_READ = Permission(group=Group.APPLICATION, operate=Operate.READ,
|
||||
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||
parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
|
||||
resource_permission_group_list=[ResourcePermissionGroup.VIEW],
|
||||
resource_permission_group_list=[ResourcePermissionConst.APPLICATION_VIEW],
|
||||
)
|
||||
APPLICATION_TO_CHAT = Permission(group=Group.APPLICATION, operate=Operate.TO_CHAT,
|
||||
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||
parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
|
||||
resource_permission_group_list=[ResourcePermissionGroup.MANAGE],
|
||||
resource_permission_group_list=[ResourcePermissionConst.APPLICATION_MANGE],
|
||||
label=_('Chat')
|
||||
)
|
||||
APPLICATION_DEBUG = Permission(group=Group.APPLICATION, operate=Operate.DEBUG,
|
||||
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||
parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
|
||||
resource_permission_group_list=[ResourcePermissionGroup.MANAGE],
|
||||
resource_permission_group_list=[ResourcePermissionConst.APPLICATION_MANGE],
|
||||
)
|
||||
|
||||
APPLICATION_SETTING = Permission(group=Group.APPLICATION, operate=Operate.SETTING,
|
||||
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||
parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
|
||||
resource_permission_group_list=[ResourcePermissionGroup.MANAGE],
|
||||
resource_permission_group_list=[ResourcePermissionConst.APPLICATION_MANGE],
|
||||
label=_('Setting')
|
||||
)
|
||||
|
||||
APPLICATION_CREATE = Permission(group=Group.APPLICATION, operate=Operate.CREATE,
|
||||
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||
parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
|
||||
resource_permission_group_list=[ResourcePermissionGroup.MANAGE],
|
||||
resource_permission_group_list=[ResourcePermissionConst.APPLICATION_MANGE],
|
||||
)
|
||||
APPLICATION_IMPORT = Permission(group=Group.APPLICATION, operate=Operate.IMPORT,
|
||||
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||
parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
|
||||
resource_permission_group_list=[ResourcePermissionGroup.MANAGE]
|
||||
resource_permission_group_list=[ResourcePermissionConst.APPLICATION_MANGE]
|
||||
)
|
||||
APPLICATION_EXPORT = Permission(group=Group.APPLICATION, operate=Operate.EXPORT,
|
||||
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||
resource_permission_group_list=[ResourcePermissionGroup.MANAGE],
|
||||
resource_permission_group_list=[ResourcePermissionConst.APPLICATION_MANGE],
|
||||
parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
|
||||
)
|
||||
|
||||
APPLICATION_DELETE = Permission(group=Group.APPLICATION, operate=Operate.DELETE,
|
||||
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||
parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
|
||||
resource_permission_group_list=[ResourcePermissionGroup.MANAGE],
|
||||
resource_permission_group_list=[ResourcePermissionConst.APPLICATION_MANGE],
|
||||
)
|
||||
APPLICATION_EDIT = Permission(group=Group.APPLICATION, operate=Operate.EDIT,
|
||||
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||
parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
|
||||
resource_permission_group_list=[ResourcePermissionGroup.MANAGE],
|
||||
resource_permission_group_list=[ResourcePermissionConst.APPLICATION_MANGE],
|
||||
)
|
||||
|
||||
APPLICATION_OVERVIEW_READ = Permission(group=Group.APPLICATION_OVERVIEW, operate=Operate.READ,
|
||||
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||
parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
|
||||
resource_permission_group_list=[ResourcePermissionGroup.VIEW],
|
||||
resource_permission_group_list=[ResourcePermissionConst.APPLICATION_VIEW],
|
||||
)
|
||||
|
||||
APPLICATION_OVERVIEW_EMBED = Permission(group=Group.APPLICATION_OVERVIEW, operate=Operate.EMBED,
|
||||
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||
parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
|
||||
resource_permission_group_list=[ResourcePermissionGroup.MANAGE],
|
||||
resource_permission_group_list=[ResourcePermissionConst.APPLICATION_MANGE],
|
||||
|
||||
)
|
||||
|
||||
APPLICATION_OVERVIEW_ACCESS = Permission(group=Group.APPLICATION_OVERVIEW, operate=Operate.ACCESS,
|
||||
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||
parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
|
||||
resource_permission_group_list=[ResourcePermissionGroup.MANAGE],
|
||||
resource_permission_group_list=[ResourcePermissionConst.APPLICATION_MANGE],
|
||||
|
||||
)
|
||||
APPLICATION_OVERVIEW_DISPLAY = Permission(group=Group.APPLICATION_OVERVIEW, operate=Operate.DISPLAY,
|
||||
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||
parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
|
||||
resource_permission_group_list=[ResourcePermissionGroup.MANAGE],
|
||||
resource_permission_group_list=[
|
||||
ResourcePermissionConst.APPLICATION_MANGE],
|
||||
|
||||
)
|
||||
APPLICATION_OVERVIEW_API_KEY = Permission(group=Group.APPLICATION_OVERVIEW, operate=Operate.API_KET,
|
||||
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||
parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
|
||||
resource_permission_group_list=[ResourcePermissionGroup.MANAGE],
|
||||
resource_permission_group_list=[
|
||||
ResourcePermissionConst.APPLICATION_MANGE],
|
||||
|
||||
)
|
||||
APPLICATION_OVERVIEW_PUBLIC = Permission(group=Group.APPLICATION_OVERVIEW, operate=Operate.PUBLIC_ACCESS,
|
||||
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||
parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
|
||||
resource_permission_group_list=[ResourcePermissionGroup.MANAGE],
|
||||
resource_permission_group_list=[ResourcePermissionConst.APPLICATION_MANGE],
|
||||
|
||||
)
|
||||
# 应用接入
|
||||
APPLICATION_ACCESS_READ = Permission(group=Group.APPLICATION_ACCESS, operate=Operate.READ,
|
||||
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||
parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
|
||||
resource_permission_group_list=[ResourcePermissionGroup.VIEW],
|
||||
resource_permission_group_list=[ResourcePermissionConst.APPLICATION_VIEW],
|
||||
|
||||
)
|
||||
APPLICATION_ACCESS_EDIT = Permission(group=Group.APPLICATION_ACCESS, operate=Operate.EDIT,
|
||||
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||
parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
|
||||
resource_permission_group_list=[ResourcePermissionGroup.MANAGE])
|
||||
resource_permission_group_list=[ResourcePermissionConst.APPLICATION_MANGE])
|
||||
|
||||
APPLICATION_CHAT_USER_READ = Permission(group=Group.APPLICATION_CHAT_USER, operate=Operate.READ,
|
||||
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||
parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
|
||||
resource_permission_group_list=[ResourcePermissionGroup.MANAGE],
|
||||
resource_permission_group_list=[ResourcePermissionConst.APPLICATION_MANGE],
|
||||
)
|
||||
APPLICATION_CHAT_USER_EDIT = Permission(group=Group.APPLICATION_CHAT_USER, operate=Operate.EDIT,
|
||||
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||
parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
|
||||
resource_permission_group_list=[ResourcePermissionGroup.MANAGE],
|
||||
resource_permission_group_list=[ResourcePermissionConst.APPLICATION_MANGE],
|
||||
)
|
||||
|
||||
APPLICATION_CHAT_LOG_READ = Permission(group=Group.APPLICATION_CHAT_LOG, operate=Operate.READ,
|
||||
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||
parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
|
||||
resource_permission_group_list=[ResourcePermissionGroup.MANAGE],
|
||||
resource_permission_group_list=[ResourcePermissionConst.APPLICATION_MANGE],
|
||||
)
|
||||
|
||||
APPLICATION_CHAT_LOG_ANNOTATION = Permission(group=Group.APPLICATION_CHAT_LOG, operate=Operate.ANNOTATION,
|
||||
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||
parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
|
||||
resource_permission_group_list=[ResourcePermissionGroup.MANAGE],
|
||||
resource_permission_group_list=[
|
||||
ResourcePermissionConst.APPLICATION_MANGE],
|
||||
)
|
||||
|
||||
APPLICATION_CHAT_LOG_EXPORT = Permission(group=Group.APPLICATION_CHAT_LOG, operate=Operate.EXPORT,
|
||||
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||
parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
|
||||
resource_permission_group_list=[ResourcePermissionGroup.MANAGE],
|
||||
resource_permission_group_list=[ResourcePermissionConst.APPLICATION_MANGE],
|
||||
)
|
||||
|
||||
APPLICATION_CHAT_LOG_CLEAR_POLICY = Permission(group=Group.APPLICATION_CHAT_LOG, operate=Operate.CLEAR_POLICY,
|
||||
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||
parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
|
||||
resource_permission_group_list=[ResourcePermissionGroup.MANAGE],
|
||||
resource_permission_group_list=[
|
||||
ResourcePermissionConst.APPLICATION_MANGE],
|
||||
)
|
||||
APPLICATION_CHAT_LOG_ADD_KNOWLEDGE = Permission(group=Group.APPLICATION_CHAT_LOG, operate=Operate.ADD_KNOWLEDGE,
|
||||
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||
parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
|
||||
resource_permission_group_list=[ResourcePermissionGroup.MANAGE],
|
||||
resource_permission_group_list=[
|
||||
ResourcePermissionConst.APPLICATION_MANGE],
|
||||
)
|
||||
|
||||
ABOUT_READ = Permission(group=Group.OTHER, operate=Operate.READ,
|
||||
|
|
@ -1183,6 +1259,7 @@ class PermissionConstants(Enum):
|
|||
group=Group.OPERATION_LOG, operate=Operate.EXPORT, role_list=[RoleConstants.ADMIN],
|
||||
parent_group=[SystemGroup.OPERATION_LOG]
|
||||
)
|
||||
|
||||
def get_workspace_application_permission(self):
|
||||
return lambda r, kwargs: Permission(group=self.value.group, operate=self.value.operate,
|
||||
resource_path=
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@ from django.contrib.postgres.fields import ArrayField
|
|||
from django.db import models
|
||||
|
||||
from common.constants.permission_constants import Group, ResourcePermissionGroup, ResourceAuthType, \
|
||||
ResourcePermissionRole
|
||||
ResourcePermissionRole, ResourcePermission
|
||||
from users.models import User
|
||||
|
||||
|
||||
|
|
@ -48,8 +48,8 @@ class WorkspaceUserResourcePermission(models.Model):
|
|||
default=list,
|
||||
base_field=models.CharField(max_length=256,
|
||||
blank=True,
|
||||
choices=ResourcePermissionGroup.choices + ResourcePermissionRole.choices,
|
||||
default=ResourcePermissionGroup.VIEW))
|
||||
choices=ResourcePermission.choices + ResourcePermissionRole.choices,
|
||||
default=ResourcePermission.VIEW))
|
||||
|
||||
create_time = models.DateTimeField(verbose_name="创建时间", auto_now_add=True)
|
||||
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ from rest_framework import serializers
|
|||
from application.models import Application
|
||||
from common.constants.cache_version import Cache_Version
|
||||
from common.constants.permission_constants import get_default_workspace_user_role_mapping_list, RoleConstants, \
|
||||
ResourcePermissionGroup, ResourcePermissionRole, ResourceAuthType
|
||||
ResourcePermission, ResourcePermissionRole, ResourceAuthType
|
||||
from common.database_model_manage.database_model_manage import DatabaseModelManage
|
||||
from common.db.search import native_search
|
||||
from common.db.sql_execute import select_list
|
||||
|
|
@ -51,7 +51,6 @@ class UserResourcePermissionResponse(serializers.Serializer):
|
|||
|
||||
|
||||
class UpdateTeamMemberItemPermissionSerializer(serializers.Serializer):
|
||||
auth_target_type = serializers.ChoiceField(required=True, choices=AuthTargetType.choices, label="授权资源")
|
||||
target_id = serializers.CharField(required=True, label=_('target id'))
|
||||
auth_type = serializers.ChoiceField(required=True, choices=ResourceAuthType.choices, label="授权类型")
|
||||
permission = PermissionSerializer(required=True, many=False)
|
||||
|
|
@ -60,34 +59,46 @@ class UpdateTeamMemberItemPermissionSerializer(serializers.Serializer):
|
|||
class UpdateUserResourcePermissionRequest(serializers.Serializer):
|
||||
user_resource_permission_list = UpdateTeamMemberItemPermissionSerializer(required=True, many=True)
|
||||
|
||||
def is_valid(self, *, workspace_id=None, raise_exception=False):
|
||||
def is_valid(self, *, auth_target_type=None, workspace_id=None, raise_exception=False):
|
||||
super().is_valid(raise_exception=True)
|
||||
user_resource_permission_list = self.data.get("user_resource_permission_list")
|
||||
user_resource_permission_list = [{'target_id': urp.get('target_id'), 'auth_target_type': auth_target_type} for
|
||||
urp in
|
||||
self.data.get("user_resource_permission_list")]
|
||||
illegal_target_id_list = select_list(
|
||||
get_file_content(
|
||||
os.path.join(PROJECT_DIR, "apps", "system_manage", 'sql', 'check_member_permission_target_exists.sql')),
|
||||
[json.dumps(user_resource_permission_list), workspace_id, workspace_id, workspace_id, workspace_id])
|
||||
if illegal_target_id_list is not None and len(illegal_target_id_list) > 0:
|
||||
raise AppApiException(500,
|
||||
_('Non-existent application|knowledge base id[') + str(illegal_target_id_list) + ']')
|
||||
_('Non-existent id[') + str(illegal_target_id_list) + ']')
|
||||
|
||||
|
||||
m_map = {
|
||||
"KNOWLEDGE": Knowledge,
|
||||
'TOOL': Tool,
|
||||
'MODEL': Model,
|
||||
'APPLICATION': Application,
|
||||
}
|
||||
sql_map = {
|
||||
"KNOWLEDGE": 'get_knowledge_user_resource_permission.sql',
|
||||
'TOOL': 'get_tool_user_resource_permission.sql',
|
||||
'MODEL': 'get_model_user_resource_permission.sql',
|
||||
'APPLICATION': 'get_application_user_resource_permission.sql'
|
||||
}
|
||||
|
||||
|
||||
class UserResourcePermissionSerializer(serializers.Serializer):
|
||||
workspace_id = serializers.CharField(required=True, label=_('workspace id'))
|
||||
user_id = serializers.CharField(required=True, label=_('user id'))
|
||||
auth_target_type = serializers.CharField(required=True, label=_('resource'))
|
||||
|
||||
def get_queryset(self):
|
||||
return {
|
||||
"knowledge_query_set": QuerySet(Knowledge)
|
||||
.filter(workspace_id=self.data.get('workspace_id')),
|
||||
'tool_query_set': QuerySet(Tool)
|
||||
.filter(workspace_id=self.data.get('workspace_id')),
|
||||
'model_query_set': QuerySet(Model)
|
||||
.filter(workspace_id=self.data.get('workspace_id')),
|
||||
'application_query_set': QuerySet(Application)
|
||||
.filter(workspace_id=self.data.get('workspace_id')),
|
||||
'query_set': QuerySet(m_map.get(self.data.get('auth_target_type'))).filter(
|
||||
workspace_id=self.data.get('workspace_id')),
|
||||
'workspace_user_resource_permission_query_set': QuerySet(WorkspaceUserResourcePermission).filter(
|
||||
workspace_id=self.data.get('workspace_id'), user=self.data.get('user_id'))
|
||||
workspace_id=self.data.get('workspace_id'), user=self.data.get('user_id'),
|
||||
auth_target_type=self.data.get('auth_target_type'))
|
||||
}
|
||||
|
||||
def list(self, user, with_valid=True):
|
||||
|
|
@ -97,7 +108,7 @@ class UserResourcePermissionSerializer(serializers.Serializer):
|
|||
user_id = self.data.get("user_id")
|
||||
# 用户权限列表
|
||||
user_resource_permission_list = native_search(self.get_queryset(), get_file_content(
|
||||
os.path.join(PROJECT_DIR, "apps", "system_manage", 'sql', 'get_user_resource_permission.sql')))
|
||||
os.path.join(PROJECT_DIR, "apps", "system_manage", 'sql', sql_map.get(self.data.get('auth_target_type')))))
|
||||
workspace_user_role_mapping_model = DatabaseModelManage.get_model("workspace_user_role_mapping")
|
||||
workspace_model = DatabaseModelManage.get_model("workspace_model")
|
||||
if workspace_user_role_mapping_model and workspace_model:
|
||||
|
|
@ -112,14 +123,14 @@ class UserResourcePermissionSerializer(serializers.Serializer):
|
|||
if is_workspace_manage:
|
||||
user_resource_permission_list = list(
|
||||
map(lambda row: {**row,
|
||||
'permission': {ResourcePermissionGroup.VIEW.value: True,
|
||||
ResourcePermissionGroup.MANAGE.value: True,
|
||||
'permission': {ResourcePermission.VIEW.value: True,
|
||||
ResourcePermission.MANAGE.value: True,
|
||||
ResourcePermissionRole.ROLE.value: True}},
|
||||
user_resource_permission_list))
|
||||
return group_by([{**user_resource_permission, 'permission': {
|
||||
permission: True if user_resource_permission.get('permission_list').__contains__(permission) else False for
|
||||
permission in
|
||||
[ResourcePermissionGroup.VIEW.value, ResourcePermissionGroup.MANAGE.value,
|
||||
[ResourcePermission.VIEW.value, ResourcePermission.MANAGE.value,
|
||||
ResourcePermissionRole.ROLE.value]}}
|
||||
for user_resource_permission in user_resource_permission_list],
|
||||
key=lambda item: item.get('auth_target_type'))
|
||||
|
|
@ -128,6 +139,8 @@ class UserResourcePermissionSerializer(serializers.Serializer):
|
|||
if with_valid:
|
||||
self.is_valid(raise_exception=True)
|
||||
UpdateUserResourcePermissionRequest(data=instance).is_valid(raise_exception=True,
|
||||
auth_target_type=self.data.get(
|
||||
'auth_target_type'),
|
||||
workspace_id=self.data.get('workspace_id'))
|
||||
workspace_id = self.data.get("workspace_id")
|
||||
user_id = self.data.get("user_id")
|
||||
|
|
@ -135,7 +148,7 @@ class UserResourcePermissionSerializer(serializers.Serializer):
|
|||
save_list = []
|
||||
user_resource_permission_list = instance.get('user_resource_permission_list')
|
||||
workspace_user_resource_permission_exist_list = QuerySet(WorkspaceUserResourcePermission).filter(
|
||||
workspace_id=workspace_id, user_id=user_id)
|
||||
workspace_id=workspace_id, user_id=user_id, auth_target_type=self.data.get('auth_target_type'))
|
||||
for user_resource_permission in user_resource_permission_list:
|
||||
exist_list = [user_resource_permission_exist for user_resource_permission_exist in
|
||||
workspace_user_resource_permission_exist_list if
|
||||
|
|
@ -147,8 +160,7 @@ class UserResourcePermissionSerializer(serializers.Serializer):
|
|||
update_list.append(exist_list[0])
|
||||
else:
|
||||
save_list.append(WorkspaceUserResourcePermission(target=user_resource_permission.get('target_id'),
|
||||
auth_target_type=user_resource_permission.get(
|
||||
'auth_target_type'),
|
||||
auth_target_type=self.data.get('auth_target_type'),
|
||||
permission_list=[key for key in
|
||||
user_resource_permission.get(
|
||||
'permission').keys() if
|
||||
|
|
|
|||
|
|
@ -0,0 +1,17 @@
|
|||
SELECT app_or_knowledge.*,
|
||||
COALESCE(workspace_user_resource_permission.permission_list,'{}')::varchar[] as permission_list,
|
||||
COALESCE(workspace_user_resource_permission.auth_type,'ROLE') as auth_type
|
||||
FROM (SELECT "id",
|
||||
"name",
|
||||
'APPLICATION' AS "auth_target_type",
|
||||
user_id,
|
||||
workspace_id,
|
||||
icon,
|
||||
folder_id
|
||||
FROM application
|
||||
${query_set}
|
||||
) app_or_knowledge
|
||||
LEFT JOIN (SELECT *
|
||||
FROM workspace_user_resource_permission
|
||||
${workspace_user_resource_permission_query_set}) workspace_user_resource_permission
|
||||
ON workspace_user_resource_permission.target = app_or_knowledge."id";
|
||||
|
|
@ -0,0 +1,17 @@
|
|||
SELECT app_or_knowledge.*,
|
||||
COALESCE(workspace_user_resource_permission.permission_list,'{}')::varchar[] as permission_list,
|
||||
COALESCE(workspace_user_resource_permission.auth_type,'ROLE') as auth_type
|
||||
FROM (SELECT "id",
|
||||
"name",
|
||||
'KNOWLEDGE' AS "auth_target_type",
|
||||
user_id,
|
||||
workspace_id,
|
||||
"type"::varchar AS "icon",
|
||||
folder_id
|
||||
FROM knowledge
|
||||
${query_set}
|
||||
) app_or_knowledge
|
||||
LEFT JOIN (SELECT *
|
||||
FROM workspace_user_resource_permission
|
||||
${workspace_user_resource_permission_query_set}) workspace_user_resource_permission
|
||||
ON workspace_user_resource_permission.target = app_or_knowledge."id";
|
||||
|
|
@ -0,0 +1,17 @@
|
|||
SELECT app_or_knowledge.*,
|
||||
COALESCE(workspace_user_resource_permission.permission_list,'{}')::varchar[] as permission_list,
|
||||
COALESCE(workspace_user_resource_permission.auth_type,'ROLE') as auth_type
|
||||
FROM (SELECT "id",
|
||||
"name",
|
||||
'MODEL' AS "auth_target_type",
|
||||
user_id,
|
||||
workspace_id,
|
||||
provider as icon,
|
||||
'default' as folder_id
|
||||
FROM model
|
||||
${query_set}
|
||||
) app_or_knowledge
|
||||
LEFT JOIN (SELECT *
|
||||
FROM workspace_user_resource_permission
|
||||
${workspace_user_resource_permission_query_set}) workspace_user_resource_permission
|
||||
ON workspace_user_resource_permission.target = app_or_knowledge."id";
|
||||
|
|
@ -0,0 +1,17 @@
|
|||
SELECT app_or_knowledge.*,
|
||||
COALESCE(workspace_user_resource_permission.permission_list,'{}')::varchar[] as permission_list,
|
||||
COALESCE(workspace_user_resource_permission.auth_type,'ROLE') as auth_type
|
||||
FROM (SELECT "id",
|
||||
"name",
|
||||
'TOOL' AS "auth_target_type",
|
||||
user_id,
|
||||
workspace_id,
|
||||
icon,
|
||||
folder_id
|
||||
FROM tool
|
||||
${query_set}
|
||||
) app_or_knowledge
|
||||
LEFT JOIN (SELECT *
|
||||
FROM workspace_user_resource_permission
|
||||
${workspace_user_resource_permission_query_set}) workspace_user_resource_permission
|
||||
ON workspace_user_resource_permission.target = app_or_knowledge."id";
|
||||
|
|
@ -5,7 +5,7 @@ from . import views
|
|||
app_name = "system_manage"
|
||||
# @formatter:off
|
||||
urlpatterns = [
|
||||
path('workspace/<str:workspace_id>/user_resource_permission/user/<str:user_id>', views.WorkSpaceUserResourcePermissionView.as_view()),
|
||||
path('workspace/<str:workspace_id>/user_resource_permission/user/<str:user_id>/resource/<str:resource>', views.WorkSpaceUserResourcePermissionView.as_view()),
|
||||
path('email_setting', views.SystemSetting.Email.as_view()),
|
||||
path('profile', views.SystemProfile.as_view()),
|
||||
path('valid/<str:valid_type>/<int:valid_count>', views.Valid.as_view())
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@ from rest_framework.views import APIView
|
|||
from common import result
|
||||
from common.auth import TokenAuth
|
||||
from common.auth.authentication import has_permissions
|
||||
from common.constants.permission_constants import PermissionConstants, RoleConstants
|
||||
from common.constants.permission_constants import PermissionConstants, RoleConstants, Permission, Group, Operate
|
||||
from common.log.log import log
|
||||
from common.result import DefaultResultSerializer
|
||||
from system_manage.api.user_resource_permission import UserResourcePermissionAPI, EditUserResourcePermissionAPI
|
||||
|
|
@ -43,11 +43,13 @@ class WorkSpaceUserResourcePermissionView(APIView):
|
|||
responses=UserResourcePermissionAPI.get_response(),
|
||||
tags=[_('Resources authorization')] # type: ignore
|
||||
)
|
||||
@has_permissions(PermissionConstants.WORKSPACE_USER_RESOURCE_PERMISSION_READ.get_workspace_permission(),
|
||||
RoleConstants.ADMIN, RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
|
||||
def get(self, request: Request, workspace_id: str, user_id: str):
|
||||
@has_permissions(
|
||||
lambda r, kwargs: Permission(group=Group(kwargs.get('resource') + '_WORKSPACE_USER_RESOURCE_PERMISSION'),
|
||||
operate=Operate.READ),
|
||||
RoleConstants.ADMIN, RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
|
||||
def get(self, request: Request, workspace_id: str, user_id: str, resource: str):
|
||||
return result.success(UserResourcePermissionSerializer(
|
||||
data={'workspace_id': workspace_id, 'user_id': user_id}
|
||||
data={'workspace_id': workspace_id, 'user_id': user_id, 'auth_target_type': resource}
|
||||
).list(request.user))
|
||||
|
||||
@extend_schema(
|
||||
|
|
@ -62,9 +64,11 @@ class WorkSpaceUserResourcePermissionView(APIView):
|
|||
@log(menu='System', operate='Modify the resource authorization list',
|
||||
get_operation_object=lambda r, k: get_user_operation_object(k.get('user_id'))
|
||||
)
|
||||
@has_permissions(PermissionConstants.WORKSPACE_USER_RESOURCE_PERMISSION_EDIT.get_workspace_permission(),
|
||||
RoleConstants.ADMIN, RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
|
||||
def put(self, request: Request, workspace_id: str, user_id: str):
|
||||
@has_permissions(
|
||||
lambda r, kwargs: Permission(group=Group(kwargs.get('resource') + '_WORKSPACE_USER_RESOURCE_PERMISSION'),
|
||||
operate=Operate.EDIT),
|
||||
RoleConstants.ADMIN, RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
|
||||
def put(self, request: Request, workspace_id: str, user_id: str, resource: str):
|
||||
return result.success(UserResourcePermissionSerializer(
|
||||
data={'workspace_id': workspace_id, 'user_id': user_id}
|
||||
data={'workspace_id': workspace_id, 'user_id': user_id, 'auth_target_type': resource}
|
||||
).edit(request.data, request.user))
|
||||
|
|
|
|||
|
|
@ -12,10 +12,11 @@ const prefix = '/workspace'
|
|||
const getResourceAuthorization: (
|
||||
workspace_id: string,
|
||||
user_id: string,
|
||||
resource: string,
|
||||
loading?: Ref<boolean>,
|
||||
) => Promise<Result<any>> = (workspace_id, user_id, loading) => {
|
||||
) => Promise<Result<any>> = (workspace_id, user_id, resource, loading) => {
|
||||
return get(
|
||||
`${prefix}/${workspace_id}/user_resource_permission/user/${user_id}`,
|
||||
`${prefix}/${workspace_id}/user_resource_permission/user/${user_id}/resource/${resource}`,
|
||||
undefined,
|
||||
loading,
|
||||
)
|
||||
|
|
@ -42,11 +43,12 @@ const getResourceAuthorization: (
|
|||
const putResourceAuthorization: (
|
||||
workspace_id: string,
|
||||
user_id: string,
|
||||
resource: string,
|
||||
body: any,
|
||||
loading?: Ref<boolean>,
|
||||
) => Promise<Result<any>> = (workspace_id, user_id, body, loading) => {
|
||||
) => Promise<Result<any>> = (workspace_id, user_id, resource, body, loading) => {
|
||||
return put(
|
||||
`${prefix}/${workspace_id}/user_resource_permission/user/${user_id}`,
|
||||
`${prefix}/${workspace_id}/user_resource_permission/user/${user_id}/resource/${resource}`,
|
||||
body,
|
||||
{},
|
||||
loading,
|
||||
|
|
|
|||
|
|
@ -184,6 +184,7 @@ const systemRouter = {
|
|||
activeMenu: '/system',
|
||||
parentPath: '/system',
|
||||
parentName: 'system',
|
||||
resource: 'APPLICATION',
|
||||
},
|
||||
component: () => import('@/views/system/resource-authorization/index.vue'),
|
||||
},
|
||||
|
|
@ -195,6 +196,7 @@ const systemRouter = {
|
|||
activeMenu: '/system',
|
||||
parentPath: '/system',
|
||||
parentName: 'system',
|
||||
resource: 'KNOWLEDGE',
|
||||
},
|
||||
component: () => import('@/views/system/resource-authorization/index.vue'),
|
||||
},
|
||||
|
|
@ -206,6 +208,7 @@ const systemRouter = {
|
|||
activeMenu: '/system',
|
||||
parentPath: '/system',
|
||||
parentName: 'system',
|
||||
resource: 'TOOL',
|
||||
},
|
||||
component: () => import('@/views/system/resource-authorization/index.vue'),
|
||||
},
|
||||
|
|
@ -217,6 +220,7 @@ const systemRouter = {
|
|||
activeMenu: '/system',
|
||||
parentPath: '/system',
|
||||
parentName: 'system',
|
||||
resource: 'MODEL',
|
||||
},
|
||||
component: () => import('@/views/system/resource-authorization/index.vue'),
|
||||
},
|
||||
|
|
@ -477,11 +481,14 @@ const systemRouter = {
|
|||
parentName: 'system',
|
||||
sameRoute: 'operate',
|
||||
permission: [
|
||||
new ComplexPermission(
|
||||
[RoleConst.ADMIN],
|
||||
[PermissionConst.OPERATION_LOG_READ],
|
||||
[EditionConst.IS_EE, EditionConst.IS_PE],
|
||||
'OR',),],
|
||||
new ComplexPermission(
|
||||
[RoleConst.ADMIN],
|
||||
[PermissionConst.OPERATION_LOG_READ],
|
||||
[EditionConst.IS_EE, EditionConst.IS_PE],
|
||||
'OR',
|
||||
),
|
||||
],
|
||||
|
||||
},
|
||||
component: () => import('@/views/system/operate-log/index.vue'),
|
||||
},
|
||||
|
|
|
|||
|
|
@ -8,7 +8,11 @@
|
|||
</el-breadcrumb-item>
|
||||
</el-breadcrumb>
|
||||
<!-- 企业版: 工作空间下拉框-->
|
||||
<el-divider class="ml-24" direction="vertical" v-if="hasPermission(EditionConst.IS_EE, 'OR')" />
|
||||
<el-divider
|
||||
class="ml-24"
|
||||
direction="vertical"
|
||||
v-if="hasPermission(EditionConst.IS_EE, 'OR')"
|
||||
/>
|
||||
<WorkspaceDropdown
|
||||
v-if="hasPermission(EditionConst.IS_EE, 'OR')"
|
||||
:data="workspaceList"
|
||||
|
|
@ -189,6 +193,7 @@ function submitPermissions() {
|
|||
AuthorizationApi.putResourceAuthorization(
|
||||
currentWorkspaceId.value || 'default',
|
||||
currentUser.value,
|
||||
(route.meta?.resource as string) || 'APPLICATION',
|
||||
{ user_resource_permission_list: user_resource_permission_list },
|
||||
rLoading,
|
||||
).then(() => {
|
||||
|
|
@ -290,10 +295,6 @@ const dfsFolder = (arr: any[] = [], folderIdMap: any) => {
|
|||
})
|
||||
}
|
||||
|
||||
const handleTabChange = () => {
|
||||
getWholeTree(currentUser.value)
|
||||
}
|
||||
|
||||
function getFolder() {
|
||||
return AuthorizationApi.getSystemFolder(
|
||||
currentWorkspaceId.value || 'default',
|
||||
|
|
@ -306,6 +307,7 @@ function getResourcePermissions(user_id: string) {
|
|||
return AuthorizationApi.getResourceAuthorization(
|
||||
currentWorkspaceId.value || 'default',
|
||||
user_id,
|
||||
(route.meta?.resource as string) || 'APPLICATION',
|
||||
rLoading,
|
||||
)
|
||||
}
|
||||
|
|
@ -378,7 +380,6 @@ function changeWorkspace(item: WorkspaceItem) {
|
|||
currentWorkspaceId.value = item.id
|
||||
getMember()
|
||||
}
|
||||
function refresh(data?: string[]) {}
|
||||
|
||||
onMounted(() => {
|
||||
tableHeight.value = window.innerHeight - 330
|
||||
|
|
|
|||
Loading…
Reference in New Issue