MaxKB/apps/system_manage/models/workspace_user_permission.py

# coding=utf-8
"""
    @project: MaxKB
    @Author：虎虎
    @file： workspace_permission.py
    @date：2025/4/16 18:25
    @desc:
"""

import uuid_utils.compat as uuid
from django.contrib.postgres.fields import ArrayField
from django.db import models

from common.constants.permission_constants import Group, ResourcePermissionGroup, ResourceAuthType, \
    ResourcePermissionRole, ResourcePermission
from users.models import User


class AuthTargetType(models.TextChoices):
    """授权目标"""
    KNOWLEDGE = Group.KNOWLEDGE.value, '知识库'
    APPLICATION = Group.APPLICATION.value, '应用'
    TOOL = Group.TOOL.value, '工具'
    MODEL = Group.MODEL.value, '模型'


class WorkspaceUserResourcePermission(models.Model):
    """
    工作空间用户资源权限表
    用于管理当前工作空间是否有权限操作 某一个应用或者知识库
    """
    id = models.UUIDField(primary_key=True, max_length=128, default=uuid.uuid7, editable=False, verbose_name="主键id")

    workspace_id = models.CharField(max_length=128, verbose_name="工作空间id", default="default", db_index=True)

    user = models.ForeignKey(User, on_delete=models.CASCADE, verbose_name="工作空间下的用户")

    auth_target_type = models.CharField(verbose_name='授权目标', max_length=128, choices=AuthTargetType.choices,
                                        default=AuthTargetType.KNOWLEDGE, db_index=True)
    # 授权的知识库或者应用的id
    target = models.CharField(max_length=128, verbose_name="知识库/应用id", db_index=True)

    # 授权类型 如果是Role那么就是角色的权限  如果是PERMISSION
    auth_type = models.CharField(default=False, verbose_name="授权类型", choices=ResourceAuthType.choices,
                                 db_default=ResourceAuthType.ROLE, db_index=True)
    # 资源权限列表
    permission_list = ArrayField(verbose_name="权限列表",
                                 default=list,
                                 base_field=models.CharField(max_length=256,
                                                             blank=True,
                                                             choices=ResourcePermission.choices + ResourcePermissionRole.choices,
                                                             default=ResourcePermission.VIEW))

    create_time = models.DateTimeField(verbose_name="创建时间", auto_now_add=True, db_index=True)

    update_time = models.DateTimeField(verbose_name="修改时间", auto_now=True, db_index=True)

    class Meta:
        db_table = "workspace_user_resource_permission"
        unique_together = ('workspace_id', 'user', 'auth_target_type', 'target')