diff --git a/apps/common/constants/permission_constants.py b/apps/common/constants/permission_constants.py index 4d513c34..3db6b7e0 100644 --- a/apps/common/constants/permission_constants.py +++ b/apps/common/constants/permission_constants.py @@ -170,6 +170,7 @@ class Operate(Enum): TO_CHAT = "READ+TO_CHAT" # 去对话 SETTING = "READ+SETTING" # 管理 DOWNLOAD = "READ+DOWNLOAD" # 下载 + AUTH = "READ+AUTH" class RoleGroup(Enum): @@ -335,6 +336,7 @@ Permission_Label = { Operate.DD.value: _('Dingding'), Operate.WEIXIN_PUBLIC_ACCOUNT.value: _('Weixin Public Account'), Operate.ADD_KNOWLEDGE.value: _('Add to Knowledge Base'), + Operate.AUTH.value:_('resource authorization'), Group.APPLICATION_OVERVIEW.value: _('Overview'), Group.APPLICATION_ACCESS.value: _('Application Access'), Group.APPLICATION_CHAT_USER.value: _('Dialogue users'), @@ -481,6 +483,11 @@ class PermissionConstants(Enum): parent_group=[WorkspaceGroup.MODEL, UserGroup.MODEL], resource_permission_group_list=[ResourcePermissionConst.MODEL_MANGE] ) + MODEL_RESOURCE_AUTHORIZATION = Permission( + group=Group.MODEL, operate=Operate.AUTH, role_list=[RoleConstants.ADMIN, RoleConstants.USER], + parent_group=[WorkspaceGroup.MODEL, UserGroup.MODEL], + resource_permission_group_list=[ResourcePermissionConst.MODEL_MANGE] + ) TOOL_READ = Permission( group=Group.TOOL, operate=Operate.READ, role_list=[RoleConstants.ADMIN, RoleConstants.USER], parent_group=[WorkspaceGroup.TOOL, UserGroup.TOOL], @@ -520,6 +527,11 @@ class PermissionConstants(Enum): parent_group=[WorkspaceGroup.TOOL, UserGroup.TOOL], resource_permission_group_list=[ResourcePermissionConst.TOOL_MANGE] ) + TOOL_RESOURCE_AUTHORIZATION = Permission( + group=Group.TOOL, operate=Operate.AUTH, role_list=[RoleConstants.ADMIN, RoleConstants.USER], + parent_group=[WorkspaceGroup.TOOL, UserGroup.TOOL], + resource_permission_group_list=[ResourcePermissionConst.TOOL_MANGE] + ) KNOWLEDGE_READ = Permission( group=Group.KNOWLEDGE, operate=Operate.READ, role_list=[RoleConstants.ADMIN, RoleConstants.USER], resource_permission_group_list=[ResourcePermissionConst.KNOWLEDGE_VIEW], @@ -560,6 +572,11 @@ class PermissionConstants(Enum): resource_permission_group_list=[ResourcePermissionConst.KNOWLEDGE_MANGE], parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE] ) + KNOWLEDGE_RESOURCE_AUTHORIZATION = Permission( + group=Group.KNOWLEDGE, operate=Operate.AUTH, role_list=[RoleConstants.ADMIN, RoleConstants.USER], + resource_permission_group_list=[ResourcePermissionConst.KNOWLEDGE_MANGE], + parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE] + ) KNOWLEDGE_DOCUMENT_READ = Permission( group=Group.KNOWLEDGE_DOCUMENT, operate=Operate.READ, role_list=[RoleConstants.ADMIN, RoleConstants.USER], @@ -819,7 +836,11 @@ class PermissionConstants(Enum): parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION], resource_permission_group_list=[ResourcePermissionConst.APPLICATION_MANGE], ) - + APPLICATION_RESOURCE_AUTHORIZATION = Permission(group=Group.APPLICATION, operate=Operate.AUTH, + role_list=[RoleConstants.ADMIN, RoleConstants.USER], + parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION], + resource_permission_group_list=[ResourcePermissionConst.APPLICATION_MANGE], + ) APPLICATION_OVERVIEW_READ = Permission(group=Group.APPLICATION_OVERVIEW, operate=Operate.READ, role_list=[RoleConstants.ADMIN, RoleConstants.USER], parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION], diff --git a/apps/locales/en_US/LC_MESSAGES/django.po b/apps/locales/en_US/LC_MESSAGES/django.po index b5e4c2e8..dfb96ee2 100644 --- a/apps/locales/en_US/LC_MESSAGES/django.po +++ b/apps/locales/en_US/LC_MESSAGES/django.po @@ -8657,4 +8657,7 @@ msgid "If not passed, the default value is What is this audio saying? Only answe msgstr "" msgid "The Qwen Omni series model supports inputting multiple modalities of data, including video, audio, images, and text, and outputting audio and text." +msgstr "" + +msgid "Resource authorization" msgstr "" \ No newline at end of file diff --git a/apps/locales/zh_CN/LC_MESSAGES/django.po b/apps/locales/zh_CN/LC_MESSAGES/django.po index 6afeb124..7a8503c5 100644 --- a/apps/locales/zh_CN/LC_MESSAGES/django.po +++ b/apps/locales/zh_CN/LC_MESSAGES/django.po @@ -8783,4 +8783,7 @@ msgid "If not passed, the default value is What is this audio saying? Only answe msgstr "如果未传递,默认值为 这段音频在说什么,只回答音频的内容" msgid "The Qwen Omni series model supports inputting multiple modalities of data, including video, audio, images, and text, and outputting audio and text." -msgstr "Qwen-Omni 系列模型支持输入多种模态的数据,包括视频、音频、图片、文本,并输出音频与文本" \ No newline at end of file +msgstr "Qwen-Omni 系列模型支持输入多种模态的数据,包括视频、音频、图片、文本,并输出音频与文本" + +msgid "Resource authorization" +msgstr "资源授权" \ No newline at end of file diff --git a/apps/locales/zh_Hant/LC_MESSAGES/django.po b/apps/locales/zh_Hant/LC_MESSAGES/django.po index 6a5e91b6..380d9a29 100644 --- a/apps/locales/zh_Hant/LC_MESSAGES/django.po +++ b/apps/locales/zh_Hant/LC_MESSAGES/django.po @@ -8783,4 +8783,7 @@ msgid "If not passed, the default value is What is this audio saying? Only answe msgstr "如果未傳遞,預設值為這段音訊在說什麼,只回答音訊的內容" msgid "The Qwen Omni series model supports inputting multiple modalities of data, including video, audio, images, and text, and outputting audio and text." -msgstr "Qwen-Omni系列模型支持輸入多種模態的數據,包括視頻、音訊、圖片、文字,並輸出音訊與文字" \ No newline at end of file +msgstr "Qwen-Omni系列模型支持輸入多種模態的數據,包括視頻、音訊、圖片、文字,並輸出音訊與文字" + +msgid "Resource authorization" +msgstr "資源授權" \ No newline at end of file diff --git a/apps/system_manage/views/user_resource_permission.py b/apps/system_manage/views/user_resource_permission.py index a1af437d..adb518cf 100644 --- a/apps/system_manage/views/user_resource_permission.py +++ b/apps/system_manage/views/user_resource_permission.py @@ -89,6 +89,10 @@ class WorkSpaceUserResourcePermissionView(APIView): responses=UserResourcePermissionPageAPI.get_response(), tags=[_('Resources authorization')] # type: ignore ) + @has_permissions( + lambda r, kwargs: Permission(group=Group(kwargs.get('resource') + '_WORKSPACE_USER_RESOURCE_PERMISSION'), + operate=Operate.READ), + RoleConstants.ADMIN, RoleConstants.WORKSPACE_MANAGE.get_workspace_role()) def get(self, request: Request, workspace_id: str, user_id: str, resource: str, current_page: str, page_size: str): return result.success(UserResourcePermissionSerializer( @@ -109,6 +113,10 @@ class WorkspaceResourceUserPermissionView(APIView): responses=ResourceUserPermissionAPI.get_response(), tags=[_('Resources authorization')] # type: ignore ) + @has_permissions( + lambda r, kwargs: Permission(group=Group(kwargs.get('resource') + '_RESOURCE_AUTHORIZATION'), + operate=Operate.AUTH), + RoleConstants.ADMIN, RoleConstants.WORKSPACE_MANAGE.get_workspace_role()) def get(self, request: Request, workspace_id: str, target: str, resource: str): return result.success(ResourceUserPermissionSerializer( data={'workspace_id': workspace_id, "target": target, 'auth_target_type': resource, @@ -127,6 +135,13 @@ class WorkspaceResourceUserPermissionView(APIView): responses=ResourceUserPermissionEditAPI.get_response(), tags=[_('Resources authorization')] # type: ignore ) + @log(menu='System', operate='Edit user authorization status of resource', + get_operation_object=lambda r, k: get_user_operation_object(k.get('user_id')) + ) + @has_permissions( + lambda r, kwargs: Permission(group=Group(kwargs.get('resource') + '_RESOURCE_AUTHORIZATION'), + operate=Operate.AUTH), + RoleConstants.ADMIN, RoleConstants.WORKSPACE_MANAGE.get_workspace_role()) def put(self, request: Request, workspace_id: str, target: str, resource: str): return result.success(ResourceUserPermissionSerializer( data={'workspace_id': workspace_id, "target": target, 'auth_target_type': resource, }) @@ -144,6 +159,10 @@ class WorkspaceResourceUserPermissionView(APIView): responses=ResourceUserPermissionPageAPI.get_response(), tags=[_('Resources authorization')] # type: ignore ) + @has_permissions( + lambda r, kwargs: Permission(group=Group(kwargs.get('resource') + '_RESOURCE_AUTHORIZATION'), + operate=Operate.AUTH), + RoleConstants.ADMIN, RoleConstants.WORKSPACE_MANAGE.get_workspace_role()) def get(self, request: Request, workspace_id: str, target: str, resource: str, current_page: int, page_size: int): return result.success(ResourceUserPermissionSerializer( diff --git a/ui/src/views/system/resource-authorization/constant.ts b/ui/src/views/system/resource-authorization/constant.ts index 49908d3c..f9d413bf 100644 --- a/ui/src/views/system/resource-authorization/constant.ts +++ b/ui/src/views/system/resource-authorization/constant.ts @@ -1,7 +1,11 @@ import { AuthorizationEnum } from '@/enums/system' import { t } from '@/locales' +import { hasPermission } from '@/utils/permission' +import { EditionConst } from '@/utils/permission/data' -export const permissionOptions = [ +const notCommunity = hasPermission([EditionConst.IS_EE,EditionConst.IS_PE],'OR') + +const permissionOptions = [ { label: t('views.system.resourceAuthorization.setting.notAuthorized'), value: AuthorizationEnum.NOT_AUTH, @@ -17,9 +21,16 @@ export const permissionOptions = [ value: AuthorizationEnum.MANAGE, desc: t('views.system.resourceAuthorization.setting.managementDesc'), }, - { +] + +if (notCommunity) { + permissionOptions.push( + { label: t('views.system.resourceAuthorization.setting.role'), value: AuthorizationEnum.ROLE, desc: t('views.system.resourceAuthorization.setting.roleDesc'), }, -] + ) +} + +export {permissionOptions} \ No newline at end of file