feat: permission split (#3347)

2025-12-26 10:12:51 +00:00 · 2025-06-23 15:52:03 +08:00 · 2025-06-23 15:52:03 +08:00 · f84aa3ec6c
parent c0979e2363
commit f84aa3ec6c
14 changed files with 211 additions and 28 deletions
--- a/ui/src/permission/index.ts
+++ b/ui/src/permission/index.ts
@ -0,0 +1,9 @@
+import tool from '@/permission/tool'
+import model from '@/permission/model'
+import knowledge from '@/permission/knowledge'
+const permission = {
+  tool,
+  model,
+  knowledge,
+}
+export default permission
--- a/ui/src/permission/knowledge/index.ts
+++ b/ui/src/permission/knowledge/index.ts
@ -0,0 +1,9 @@
+import systemShare from './system-share'
+import workspace from './workspace'
+import systemManage from './system-manage'
+const permission = {
+  systemShare,
+  workspace,
+  systemManage,
+}
+export default permission
--- a/ui/src/permission/knowledge/system-manage.ts
+++ b/ui/src/permission/knowledge/system-manage.ts
@ -0,0 +1,26 @@
+import { hasPermission } from '@/utils/permission/index'
+import { ComplexPermission } from '@/utils/permission/type'
+import { EditionConst, PermissionConst, RoleConst } from '@/utils/permission/data'
+const workspace = {
+  is_share: () =>
+    hasPermission(
+      new ComplexPermission(
+        [RoleConst.ADMIN],
+        [PermissionConst.SHARED_TOOL_READ],
+        [EditionConst.IS_EE],
+        'OR',
+      ),
+      'OR',
+    ),
+  delete: () =>
+    hasPermission(
+      [
+        RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
+        RoleConst.USER.getWorkspaceRole,
+        PermissionConst.TOOL_DELETE.getWorkspacePermission,
+      ],
+      'OR',
+    ),
+}
+
+export default workspace
--- a/ui/src/permission/knowledge/system-share.ts
+++ b/ui/src/permission/knowledge/system-share.ts
@ -0,0 +1,7 @@
+import { hasPermission } from '@/utils/permission/index'
+import { ComplexPermission } from '@/utils/permission/type'
+import { EditionConst, PermissionConst, RoleConst } from '@/utils/permission/data'
+const share = {
+  is_share: () => false,
+}
+export default share
--- a/ui/src/permission/knowledge/workspace.ts
+++ b/ui/src/permission/knowledge/workspace.ts
@ -0,0 +1,17 @@
+import { hasPermission } from '@/utils/permission/index'
+import { ComplexPermission } from '@/utils/permission/type'
+import { EditionConst, PermissionConst, RoleConst } from '@/utils/permission/data'
+const workspace = {
+  is_share: () =>
+    hasPermission(
+      new ComplexPermission(
+        [RoleConst.ADMIN],
+        [PermissionConst.SHARED_TOOL_READ],
+        [EditionConst.IS_EE],
+        'OR',
+      ),
+      'OR',
+    ),
+}
+
+export default workspace
--- a/ui/src/permission/model/index.ts
+++ b/ui/src/permission/model/index.ts
@ -0,0 +1,9 @@
+import systemShare from './system-share'
+import workspace from './workspace'
+import systemManage from './system-manage'
+const permission = {
+  systemShare,
+  workspace,
+  systemManage,
+}
+export default permission
--- a/ui/src/permission/model/system-manage.ts
+++ b/ui/src/permission/model/system-manage.ts
@ -0,0 +1,26 @@
+import { hasPermission } from '@/utils/permission/index'
+import { ComplexPermission } from '@/utils/permission/type'
+import { EditionConst, PermissionConst, RoleConst } from '@/utils/permission/data'
+const workspace = {
+  is_share: () =>
+    hasPermission(
+      new ComplexPermission(
+        [RoleConst.ADMIN],
+        [PermissionConst.SHARED_TOOL_READ],
+        [EditionConst.IS_EE],
+        'OR',
+      ),
+      'OR',
+    ),
+  delete: () =>
+    hasPermission(
+      [
+        RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
+        RoleConst.USER.getWorkspaceRole,
+        PermissionConst.TOOL_DELETE.getWorkspacePermission,
+      ],
+      'OR',
+    ),
+}
+
+export default workspace
--- a/ui/src/permission/model/system-share.ts
+++ b/ui/src/permission/model/system-share.ts
@ -0,0 +1,7 @@
+import { hasPermission } from '@/utils/permission/index'
+import { ComplexPermission } from '@/utils/permission/type'
+import { EditionConst, PermissionConst, RoleConst } from '@/utils/permission/data'
+const share = {
+  is_share: () => false,
+}
+export default share
--- a/ui/src/permission/model/workspace.ts
+++ b/ui/src/permission/model/workspace.ts
@ -0,0 +1,17 @@
+import { hasPermission } from '@/utils/permission/index'
+import { ComplexPermission } from '@/utils/permission/type'
+import { EditionConst, PermissionConst, RoleConst } from '@/utils/permission/data'
+const workspace = {
+  is_share: () =>
+    hasPermission(
+      new ComplexPermission(
+        [RoleConst.ADMIN],
+        [PermissionConst.SHARED_TOOL_READ],
+        [EditionConst.IS_EE],
+        'OR',
+      ),
+      'OR',
+    ),
+}
+
+export default workspace
--- a/ui/src/permission/tool/index.ts
+++ b/ui/src/permission/tool/index.ts
@ -0,0 +1,9 @@
+import systemShare from './system-share'
+import workspace from './workspace'
+import systemManage from './system-manage'
+const permission = {
+  systemShare,
+  workspace,
+  systemManage,
+}
+export default permission
--- a/ui/src/permission/tool/system-manage.ts
+++ b/ui/src/permission/tool/system-manage.ts
@ -0,0 +1,18 @@
+import { hasPermission } from '@/utils/permission/index'
+import { ComplexPermission } from '@/utils/permission/type'
+import { EditionConst, PermissionConst, RoleConst } from '@/utils/permission/data'
+const workspace = {
+  is_share: () =>
+    hasPermission(
+      new ComplexPermission(
+        [RoleConst.ADMIN],
+        [PermissionConst.SHARED_TOOL_READ],
+        [EditionConst.IS_EE],
+        'OR',
+      ),
+      'OR',
+    ),
+  delete: () => false,
+}
+
+export default workspace
--- a/ui/src/permission/tool/system-share.ts
+++ b/ui/src/permission/tool/system-share.ts
@ -0,0 +1,8 @@
+import { hasPermission } from '@/utils/permission/index'
+import { ComplexPermission } from '@/utils/permission/type'
+import { EditionConst, PermissionConst, RoleConst } from '@/utils/permission/data'
+const share = {
+  is_share: () => false,
+  delete: () => false,
+}
+export default share
--- a/ui/src/permission/tool/workspace.ts
+++ b/ui/src/permission/tool/workspace.ts
@ -0,0 +1,26 @@
+import { hasPermission } from '@/utils/permission/index'
+import { ComplexPermission } from '@/utils/permission/type'
+import { EditionConst, PermissionConst, RoleConst } from '@/utils/permission/data'
+const workspace = {
+  is_share: () =>
+    hasPermission(
+      new ComplexPermission(
+        [RoleConst.ADMIN],
+        [PermissionConst.SHARED_TOOL_READ],
+        [EditionConst.IS_EE],
+        'OR',
+      ),
+      'OR',
+    ),
+  delete: () =>
+    hasPermission(
+      [
+        RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
+        RoleConst.USER.getWorkspaceRole,
+        PermissionConst.TOOL_DELETE.getWorkspacePermission,
+      ],
+      'OR',
+    ),
+}
+
+export default workspace
--- a/ui/src/views/tool/index.vue
+++ b/ui/src/views/tool/index.vue
@ -8,20 +8,8 @@
        :currentNodeKey="currentFolder?.id"
        @handleNodeClick="folderClickHandel"
        @refreshTree="refreshFolder"
-        :shareTitle="
-          hasPermission(
-            new ComplexPermission(
-              [RoleConst.ADMIN],
-              [PermissionConst.SHARED_TOOL_READ],
-              [EditionConst.IS_EE],
-              'OR',
-            ),
-            'OR',
-          )
-            ? 'views.system.share_tool'
-            : null
-        "
-        showShared
+        :shareTitle="$t('views.system.share_tool')"
+        :showShared="permissionPrecise['is_share']()"
        class="p-8"
      />
    </template>
@ -248,7 +236,8 @@
                                  [
                                    RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
                                    RoleConst.USER.getWorkspaceRole,
-                                    PermissionConst.TOOL_EDIT.getWorkspacePermissionWorkspaceManageRole,
+                                    PermissionConst.TOOL_EDIT
+                                      .getWorkspacePermissionWorkspaceManageRole,
                                    PermissionConst.TOOL_EDIT.getWorkspacePermission,
                                  ],
                                  'OR',
@ -303,16 +292,7 @@
                              {{ $t('common.export') }}
                            </el-dropdown-item>
                            <el-dropdown-item
-                              v-if="
-                                hasPermission(
-                                  [
-                                    RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
-                                    RoleConst.USER.getWorkspaceRole,
-                                    PermissionConst.TOOL_DELETE.getWorkspacePermission,
-                                  ],
-                                  'OR',
-                                )
-                              "
+                              v-if="permissionPrecise.delete()"
                              divided
                              @click.stop="deleteTool(item)"
                            >
@ -356,9 +336,24 @@ import { FolderSource } from '@/enums/common'
 import { ComplexPermission } from '@/utils/permission/type'
 import ToolStoreDialog from './component/ToolStoreDialog.vue'
 import { loadSharedApi } from '@/utils/dynamics-api/shared-api'
-
+import permissionMap from '@/permission'
+import { useRoute } from 'vue-router'
+const route = useRoute()
 const { folder, user } = useStore()

+const type = computed(() => {
+  if (route.path.includes('shared')) {
+    return 'systemShare'
+  } else if (route.path.includes('resource-management')) {
+    return 'systemManage'
+  } else {
+    return 'workspace'
+  }
+})
+const permissionPrecise = computed(() => {
+  return permissionMap['tool'][type.value]
+})
+
 const InitParamDrawerRef = ref()
 const search_type = ref('name')
 const search_form = ref<{
@ -400,8 +395,8 @@ function openCreateDialog(data?: any) {
  ToolDrawertitle.value = data ? t('views.tool.editTool') : t('views.tool.createTool')
  if (data) {
    ToolApi.getToolById(data?.id, changeStateloading).then((res) => {
-        ToolFormDrawerRef.value.open(res.data)
-      })
+      ToolFormDrawerRef.value.open(res.data)
+    })
  } else {
    ToolFormDrawerRef.value.open(data)
  }