mirror of
https://github.com/1Panel-dev/MaxKB.git
synced 2025-12-28 14:52:58 +00:00
fix: Automatic authorization for resource creation (#3464)
This commit is contained in:
shaohuzhang1
GitHub
parent
0b27836ccb
commit
df49c5ba5c
|
|
@ -40,7 +40,8 @@ from knowledge.serializers.knowledge import KnowledgeSerializer, KnowledgeModelS
|
|||
from maxkb.conf import PROJECT_DIR
|
||||
from models_provider.models import Model
|
||||
from models_provider.tools import get_model_instance_by_model_workspace_id
|
||||
from system_manage.models import WorkspaceUserResourcePermission
|
||||
from system_manage.models import WorkspaceUserResourcePermission, AuthTargetType
|
||||
from system_manage.serializers.user_resource_permission import UserResourcePermissionSerializer
|
||||
from tools.models import Tool, ToolScope
|
||||
from tools.serializers.tool import ToolModelSerializer
|
||||
from users.models import User
|
||||
|
|
@ -430,9 +431,15 @@ class ApplicationSerializer(serializers.Serializer):
|
|||
def insert(self, instance: Dict):
|
||||
application_type = instance.get('type')
|
||||
if 'WORK_FLOW' == application_type:
|
||||
return self.insert_workflow(instance)
|
||||
r = self.insert_workflow(instance)
|
||||
else:
|
||||
return self.insert_simple(instance)
|
||||
r = self.insert_simple(instance)
|
||||
UserResourcePermissionSerializer(data={
|
||||
'workspace_id': self.data.get('workspace_id'),
|
||||
'user_id': self.data.get('user_id'),
|
||||
'auth_target_type': AuthTargetType.APPLICATION.value
|
||||
}).auth_resource(str(r.get('id')))
|
||||
return r
|
||||
|
||||
def insert_workflow(self, instance: Dict):
|
||||
self.is_valid(raise_exception=True)
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@ from rest_framework import serializers
|
|||
from application.models import ApplicationKnowledgeMapping
|
||||
from common.config.embedding_config import VectorStore
|
||||
from common.constants.cache_version import Cache_Version
|
||||
from common.constants.permission_constants import ResourceAuthType, ResourcePermission
|
||||
from common.constants.permission_constants import ResourceAuthType, ResourcePermission, ResourcePermissionRole
|
||||
from common.database_model_manage.database_model_manage import DatabaseModelManage
|
||||
from common.db.search import native_search, get_dynamics_model, native_page_search
|
||||
from common.db.sql_execute import select_list
|
||||
|
|
@ -42,6 +42,7 @@ from knowledge.task.sync import sync_web_knowledge, sync_replace_web_knowledge
|
|||
from maxkb.conf import PROJECT_DIR
|
||||
from models_provider.models import Model
|
||||
from system_manage.models import WorkspaceUserResourcePermission, AuthTargetType
|
||||
from system_manage.serializers.user_resource_permission import UserResourcePermissionSerializer
|
||||
from users.serializers.user import is_workspace_manage
|
||||
|
||||
|
||||
|
|
@ -553,21 +554,12 @@ class KnowledgeSerializer(serializers.Serializer):
|
|||
QuerySet(ProblemParagraphMapping).bulk_create(
|
||||
problem_paragraph_mapping_list
|
||||
) if len(problem_paragraph_mapping_list) > 0 else None
|
||||
|
||||
# 自动授权给创建者
|
||||
WorkspaceUserResourcePermission(
|
||||
target=knowledge_id,
|
||||
auth_target_type=AuthTargetType.KNOWLEDGE,
|
||||
permission_list=[ResourcePermission.VIEW, ResourcePermission.MANAGE],
|
||||
workspace_id=self.data.get('workspace_id'),
|
||||
user_id=self.data.get('user_id'),
|
||||
auth_type=ResourceAuthType.RESOURCE_PERMISSION_GROUP
|
||||
).save()
|
||||
# 刷新缓存
|
||||
version = Cache_Version.PERMISSION_LIST.get_version()
|
||||
key = Cache_Version.PERMISSION_LIST.get_key(user_id=self.data.get('user_id'))
|
||||
cache.delete(key, version=version)
|
||||
|
||||
# 自动资源给授权当前用户
|
||||
UserResourcePermissionSerializer(data={
|
||||
'workspace_id': self.data.get('workspace_id'),
|
||||
'user_id': self.data.get('user_id'),
|
||||
'auth_target_type': AuthTargetType.KNOWLEDGE.value
|
||||
}).auth_resource(str(knowledge_id))
|
||||
return {
|
||||
**KnowledgeModelSerializer(knowledge).data,
|
||||
'user_id': self.data.get('user_id'),
|
||||
|
|
|
|||
|
|
@ -26,6 +26,7 @@ from models_provider.constants.model_provider_constants import ModelProvideConst
|
|||
from models_provider.models import Model, Status
|
||||
from models_provider.tools import get_model_credential
|
||||
from system_manage.models import WorkspaceUserResourcePermission, AuthTargetType
|
||||
from system_manage.serializers.user_resource_permission import UserResourcePermissionSerializer
|
||||
from users.serializers.user import is_workspace_manage
|
||||
|
||||
|
||||
|
|
@ -326,19 +327,11 @@ class ModelSerializer(serializers.Serializer):
|
|||
model = Model(**model_data)
|
||||
try:
|
||||
model.save()
|
||||
# 自动授权给创建者
|
||||
WorkspaceUserResourcePermission(
|
||||
target=model.id,
|
||||
auth_target_type=AuthTargetType.MODEL,
|
||||
permission_list=[ResourcePermission.VIEW, ResourcePermission.MANAGE],
|
||||
workspace_id=workspace_id,
|
||||
user_id=self.data.get('user_id'),
|
||||
auth_type=ResourceAuthType.RESOURCE_PERMISSION_GROUP
|
||||
).save()
|
||||
# 刷新缓存
|
||||
version = Cache_Version.PERMISSION_LIST.get_version()
|
||||
key = Cache_Version.PERMISSION_LIST.get_key(user_id=self.data.get('user_id'))
|
||||
cache.delete(key, version=version)
|
||||
UserResourcePermissionSerializer(data={
|
||||
'workspace_id': self.data.get('workspace_id'),
|
||||
'user_id': self.data.get('user_id'),
|
||||
'auth_target_type': AuthTargetType.MODEL.value
|
||||
}).auth_resource(str(model.id))
|
||||
except Exception as save_error:
|
||||
# 可添加日志记录
|
||||
raise AppApiException(500, _("Model saving failed")) from save_error
|
||||
|
|
|
|||
|
|
@ -29,6 +29,7 @@ from maxkb.conf import PROJECT_DIR
|
|||
from models_provider.models import Model
|
||||
from system_manage.models import WorkspaceUserResourcePermission, AuthTargetType
|
||||
from tools.models import Tool
|
||||
from users.serializers.user import is_workspace_manage
|
||||
|
||||
|
||||
class PermissionSerializer(serializers.Serializer):
|
||||
|
|
@ -101,6 +102,33 @@ class UserResourcePermissionSerializer(serializers.Serializer):
|
|||
auth_target_type=self.data.get('auth_target_type'))
|
||||
}
|
||||
|
||||
def auth_resource(self, resource_id: str):
|
||||
self.is_valid(raise_exception=True)
|
||||
workspace_manage = is_workspace_manage(self.data.get('user_id'), self.data.get('workspace_id'))
|
||||
if not workspace_manage:
|
||||
auth_target_type = self.data.get('auth_target_type')
|
||||
workspace_id = self.data.get('workspace_id')
|
||||
user_id = self.data.get('user_id')
|
||||
wurp = QuerySet(WorkspaceUserResourcePermission).filter(auth_target_type=auth_target_type,
|
||||
workspace_id=workspace_id).first()
|
||||
auth_type = wurp.auth_type if wurp else ResourceAuthType.RESOURCE_PERMISSION_GROUP
|
||||
# 自动授权给创建者
|
||||
WorkspaceUserResourcePermission(
|
||||
target=resource_id,
|
||||
auth_target_type=auth_target_type,
|
||||
permission_list=[ResourcePermission.VIEW,
|
||||
ResourcePermission.MANAGE] if auth_type == ResourceAuthType.RESOURCE_PERMISSION_GROUP else [
|
||||
ResourcePermissionRole.ROLE],
|
||||
workspace_id=workspace_id,
|
||||
user_id=user_id,
|
||||
auth_type=auth_type
|
||||
).save()
|
||||
# 刷新缓存
|
||||
version = Cache_Version.PERMISSION_LIST.get_version()
|
||||
key = Cache_Version.PERMISSION_LIST.get_key(user_id=user_id)
|
||||
cache.delete(key, version=version)
|
||||
return True
|
||||
|
||||
def list(self, user, with_valid=True):
|
||||
if with_valid:
|
||||
self.is_valid(raise_exception=True)
|
||||
|
|
|
|||
|
|
@ -29,6 +29,7 @@ from common.utils.tool_code import ToolExecutor
|
|||
from knowledge.models import File, FileSourceType
|
||||
from maxkb.const import CONFIG, PROJECT_DIR
|
||||
from system_manage.models import AuthTargetType, WorkspaceUserResourcePermission
|
||||
from system_manage.serializers.user_resource_permission import UserResourcePermissionSerializer
|
||||
from tools.models import Tool, ToolScope, ToolFolder, ToolType
|
||||
from tools.serializers.tool_folder import ToolFolderFlatSerializer
|
||||
from users.serializers.user import is_workspace_manage
|
||||
|
|
@ -219,20 +220,11 @@ class ToolSerializer(serializers.Serializer):
|
|||
).save()
|
||||
|
||||
# 自动授权给创建者
|
||||
WorkspaceUserResourcePermission(
|
||||
target=tool_id,
|
||||
auth_target_type=AuthTargetType.TOOL,
|
||||
permission_list=[ResourcePermission.VIEW, ResourcePermission.MANAGE],
|
||||
workspace_id=self.data.get('workspace_id'),
|
||||
user_id=self.data.get('user_id'),
|
||||
auth_type=ResourceAuthType.RESOURCE_PERMISSION_GROUP
|
||||
).save()
|
||||
|
||||
# 刷新缓存
|
||||
version = Cache_Version.PERMISSION_LIST.get_version()
|
||||
key = Cache_Version.PERMISSION_LIST.get_key(user_id=self.data.get('user_id'))
|
||||
cache.delete(key, version=version)
|
||||
|
||||
UserResourcePermissionSerializer(data={
|
||||
'workspace_id': self.data.get('workspace_id'),
|
||||
'user_id': self.data.get('user_id'),
|
||||
'auth_target_type': AuthTargetType.TOOL.value
|
||||
}).auth_resource(str(tool_id))
|
||||
return ToolSerializer.Operate(data={
|
||||
'id': tool_id, 'workspace_id': self.data.get('workspace_id')
|
||||
}).one()
|
||||
|
|
|
|||
|
|
@ -82,16 +82,17 @@
|
|||
</el-dialog>
|
||||
</template>
|
||||
<script setup lang="ts">
|
||||
import {ref, watch, reactive} from 'vue'
|
||||
import {useRouter, useRoute} from 'vue-router'
|
||||
import type {ApplicationFormType} from '@/api/type/application'
|
||||
import type {FormInstance, FormRules} from 'element-plus'
|
||||
import { ref, watch, reactive } from 'vue'
|
||||
import { useRouter, useRoute } from 'vue-router'
|
||||
import type { ApplicationFormType } from '@/api/type/application'
|
||||
import type { FormInstance, FormRules } from 'element-plus'
|
||||
import applicationApi from '@/api/application/application'
|
||||
import {MsgSuccess, MsgAlert} from '@/utils/message'
|
||||
import {isWorkFlow} from '@/utils/application'
|
||||
import {baseNodes} from '@/workflow/common/data'
|
||||
import {t} from '@/locales'
|
||||
|
||||
import { MsgSuccess, MsgAlert } from '@/utils/message'
|
||||
import { isWorkFlow } from '@/utils/application'
|
||||
import { baseNodes } from '@/workflow/common/data'
|
||||
import { t } from '@/locales'
|
||||
import useStore from '@/stores'
|
||||
const { user } = useStore()
|
||||
const router = useRouter()
|
||||
const emit = defineEmits(['refresh'])
|
||||
|
||||
|
|
@ -227,17 +228,19 @@ const submitHandle = async (formEl: FormInstance | undefined) => {
|
|||
}
|
||||
console.log(applicationForm.value.type)
|
||||
applicationApi
|
||||
.postApplication(
|
||||
{...applicationForm.value, folder_id: currentFolder.value},
|
||||
loading,
|
||||
)
|
||||
.postApplication({ ...applicationForm.value, folder_id: currentFolder.value }, loading)
|
||||
.then((res) => {
|
||||
return user.profile().then(() => {
|
||||
return res
|
||||
})
|
||||
})
|
||||
.then((res) => {
|
||||
MsgSuccess(t('common.createSuccess'))
|
||||
emit('refresh')
|
||||
if (isWorkFlow(applicationForm.value.type)) {
|
||||
router.push({path: `/application/${res.data.id}/workflow`})
|
||||
router.push({ path: `/application/${res.data.id}/workflow` })
|
||||
} else {
|
||||
router.push({path: `/application/${res.data.id}/${res.data.type}/setting`})
|
||||
router.push({ path: `/application/${res.data.id}/${res.data.type}/setting` })
|
||||
}
|
||||
dialogVisible.value = false
|
||||
})
|
||||
|
|
@ -249,7 +252,7 @@ function selectedType(type: string) {
|
|||
appTemplate.value = type
|
||||
}
|
||||
|
||||
defineExpose({open})
|
||||
defineExpose({ open })
|
||||
</script>
|
||||
<style lang="scss" scoped>
|
||||
.radio-card {
|
||||
|
|
|
|||
Loading…
Reference in New Issue