15308555518/ MaxKB
1
0
Fork 0
mirror of https://github.com/1Panel-dev/MaxKB.git synced 2025-12-29 07:52:50 +00:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity

fix: role user permission (#3452)

This commit is contained in:
shaohuzhang1 2025-07-02 14:26:57 +08:00 committed by GitHub
parent 8b40762218
commit e8418f6f5c
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 26 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
apps/common/auth/handle/impl/user_token.py
View File

@ -127,7 +127,8 @@ def get_workspace_resource_permission_list_by_workspace_user_permission(
ResourcePermissionRole.ROLE)):
return [
f"{role_permission_mapping.permission_id}:/WORKSPACE/{workspace_user_resource_permission.workspace_id}/{workspace_user_resource_permission.auth_target_type}/{workspace_user_resource_permission.target}"
for role_permission_mapping in role_permission_mapping_list]
for role_permission_mapping in role_permission_mapping_list] + [
f"{workspace_user_resource_permission.auth_target_type}:/WORKSPACE/{workspace_user_resource_permission.workspace_id}/{workspace_user_resource_permission.auth_target_type}/{workspace_user_resource_permission.target}"]
elif workspace_user_resource_permission.auth_type == ResourceAuthType.RESOURCE_PERMISSION_GROUP:
resource_permission_list = [
@ -230,7 +231,7 @@ def reset_workspace_role(role_id, workspace_id, role_dict):
if system_role == role_id:
return role_id
else:
return f"{role_id}:/WORKSPACE/{workspace_id}"
return [f"{role_id}:/WORKSPACE/{workspace_id}", role_id]
else:
r = role_dict.get(role_id)
if r is None:
@ -238,7 +239,7 @@ def reset_workspace_role(role_id, workspace_id, role_dict):
role_type = role_dict.get(role_id).type
if system_role == role_type:
return RoleConstants.EXTENDS_ADMIN.value.name
return f"EXTENDS_{role_type}:/WORKSPACE/{workspace_id}"
return [f"EXTENDS_{role_type}:/WORKSPACE/{workspace_id}", f"EXTENDS_{role_type}"]
def get_role_list(user,
@ -260,12 +261,13 @@ def get_role_list(user,
workspace_user_role_mapping_list = QuerySet(workspace_user_role_mapping_model).filter(user_id=user.id)
role_list = QuerySet(role_model).filter(id__in=[wurm.role_id for wurm in workspace_user_role_mapping_list])
role_dict = {r.id: r for r in role_list}
role_list = list(set([reset_workspace_role(workspace_user_role_mapping.role_id,
workspace_user_role_mapping.workspace_id,
role_dict)
for
workspace_user_role_mapping in
workspace_user_role_mapping_list]))
role_list = list(
set(reduce(lambda x, y: [*x, *y], [reset_workspace_role(workspace_user_role_mapping.role_id,
workspace_user_role_mapping.workspace_id,
role_dict)
for
workspace_user_role_mapping in
workspace_user_role_mapping_list], [])))
cache.set(key, workspace_list, version=version)
return role_list
else:

15
apps/common/constants/permission_constants.py
View File

@ -125,6 +125,7 @@ class Operate(Enum):
"""
一个权限组的操作权限
"""
SELF = ""
READ = 'READ'
EDIT = "READ+EDIT"
CREATE = "READ+CREATE"
@ -161,6 +162,7 @@ class Operate(Enum):
SETTING = "READ+SETTING" # 管理
DOWNLOAD = "READ+DOWNLOAD" # 下载
class RoleGroup(Enum):
# 系统用户
SYSTEM_USER = "SYSTEM_USER"
@ -405,6 +407,19 @@ class PermissionConstants(Enum):
"""
权限枚举
"""
KNOWLEDGE = Permission(
group=Group.KNOWLEDGE, operate=Operate.SELF, role_list=[RoleConstants.ADMIN, RoleConstants.USER]
)
APPLICATION = Permission(
group=Group.APPLICATION, operate=Operate.SELF, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
)
MODEL = Permission(
group=Group.MODEL, operate=Operate.SELF, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
)
TOOL = Permission(
group=Group.TOOL, operate=Operate.SELF, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
)
USER_READ = Permission(
group=Group.USER, operate=Operate.READ, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
parent_group=[SystemGroup.USER_MANAGEMENT]