zhuchaowe/maxkb
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Resource authorization permission

Browse Source
This commit is contained in:
zhangzhanwei 2025-08-18 14:22:28 +08:00 committed by zhanweizhang7
parent f1c7f0f3af
commit 2714a941f9
6 changed files with 66 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
apps/common/constants/permission_constants.py
View File

@ -170,6 +170,7 @@ class Operate(Enum):
TO_CHAT = "READ+TO_CHAT" # 去对话 TO_CHAT = "READ+TO_CHAT" # 去对话
SETTING = "READ+SETTING" # 管理 SETTING = "READ+SETTING" # 管理
DOWNLOAD = "READ+DOWNLOAD" # 下载 DOWNLOAD = "READ+DOWNLOAD" # 下载
AUTH = "READ+AUTH"
class RoleGroup(Enum): class RoleGroup(Enum):
@ -335,6 +336,7 @@ Permission_Label = {
Operate.DD.value: _('Dingding'), Operate.DD.value: _('Dingding'),
Operate.WEIXIN_PUBLIC_ACCOUNT.value: _('Weixin Public Account'), Operate.WEIXIN_PUBLIC_ACCOUNT.value: _('Weixin Public Account'),
Operate.ADD_KNOWLEDGE.value: _('Add to Knowledge Base'), Operate.ADD_KNOWLEDGE.value: _('Add to Knowledge Base'),
Operate.AUTH.value:_('resource authorization'),
Group.APPLICATION_OVERVIEW.value: _('Overview'), Group.APPLICATION_OVERVIEW.value: _('Overview'),
Group.APPLICATION_ACCESS.value: _('Application Access'), Group.APPLICATION_ACCESS.value: _('Application Access'),
Group.APPLICATION_CHAT_USER.value: _('Dialogue users'), Group.APPLICATION_CHAT_USER.value: _('Dialogue users'),
@ -481,6 +483,11 @@ class PermissionConstants(Enum):
parent_group=[WorkspaceGroup.MODEL, UserGroup.MODEL], parent_group=[WorkspaceGroup.MODEL, UserGroup.MODEL],
resource_permission_group_list=[ResourcePermissionConst.MODEL_MANGE] resource_permission_group_list=[ResourcePermissionConst.MODEL_MANGE]
) )
MODEL_RESOURCE_AUTHORIZATION = Permission(
group=Group.MODEL, operate=Operate.AUTH, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
parent_group=[WorkspaceGroup.MODEL, UserGroup.MODEL],
resource_permission_group_list=[ResourcePermissionConst.MODEL_MANGE]
)
TOOL_READ = Permission( TOOL_READ = Permission(
group=Group.TOOL, operate=Operate.READ, role_list=[RoleConstants.ADMIN, RoleConstants.USER], group=Group.TOOL, operate=Operate.READ, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
parent_group=[WorkspaceGroup.TOOL, UserGroup.TOOL], parent_group=[WorkspaceGroup.TOOL, UserGroup.TOOL],
@ -520,6 +527,11 @@ class PermissionConstants(Enum):
parent_group=[WorkspaceGroup.TOOL, UserGroup.TOOL], parent_group=[WorkspaceGroup.TOOL, UserGroup.TOOL],
resource_permission_group_list=[ResourcePermissionConst.TOOL_MANGE] resource_permission_group_list=[ResourcePermissionConst.TOOL_MANGE]
) )
TOOL_RESOURCE_AUTHORIZATION = Permission(
group=Group.TOOL, operate=Operate.AUTH, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
parent_group=[WorkspaceGroup.TOOL, UserGroup.TOOL],
resource_permission_group_list=[ResourcePermissionConst.TOOL_MANGE]
)
KNOWLEDGE_READ = Permission( KNOWLEDGE_READ = Permission(
group=Group.KNOWLEDGE, operate=Operate.READ, role_list=[RoleConstants.ADMIN, RoleConstants.USER], group=Group.KNOWLEDGE, operate=Operate.READ, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
resource_permission_group_list=[ResourcePermissionConst.KNOWLEDGE_VIEW], resource_permission_group_list=[ResourcePermissionConst.KNOWLEDGE_VIEW],
@ -560,6 +572,11 @@ class PermissionConstants(Enum):
resource_permission_group_list=[ResourcePermissionConst.KNOWLEDGE_MANGE], resource_permission_group_list=[ResourcePermissionConst.KNOWLEDGE_MANGE],
parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE] parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE]
) )
KNOWLEDGE_RESOURCE_AUTHORIZATION = Permission(
group=Group.KNOWLEDGE, operate=Operate.AUTH, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
resource_permission_group_list=[ResourcePermissionConst.KNOWLEDGE_MANGE],
parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE]
)
KNOWLEDGE_DOCUMENT_READ = Permission( KNOWLEDGE_DOCUMENT_READ = Permission(
group=Group.KNOWLEDGE_DOCUMENT, operate=Operate.READ, group=Group.KNOWLEDGE_DOCUMENT, operate=Operate.READ,
role_list=[RoleConstants.ADMIN, RoleConstants.USER], role_list=[RoleConstants.ADMIN, RoleConstants.USER],
@ -819,7 +836,11 @@ class PermissionConstants(Enum):
parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION], parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
resource_permission_group_list=[ResourcePermissionConst.APPLICATION_MANGE], resource_permission_group_list=[ResourcePermissionConst.APPLICATION_MANGE],
) )
APPLICATION_RESOURCE_AUTHORIZATION = Permission(group=Group.APPLICATION, operate=Operate.AUTH,
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
resource_permission_group_list=[ResourcePermissionConst.APPLICATION_MANGE],
)
APPLICATION_OVERVIEW_READ = Permission(group=Group.APPLICATION_OVERVIEW, operate=Operate.READ, APPLICATION_OVERVIEW_READ = Permission(group=Group.APPLICATION_OVERVIEW, operate=Operate.READ,
role_list=[RoleConstants.ADMIN, RoleConstants.USER], role_list=[RoleConstants.ADMIN, RoleConstants.USER],
parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION], parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],

3
apps/locales/en_US/LC_MESSAGES/django.po
View File

@ -8658,3 +8658,6 @@ msgstr ""
msgid "The Qwen Omni series model supports inputting multiple modalities of data, including video, audio, images, and text, and outputting audio and text." msgid "The Qwen Omni series model supports inputting multiple modalities of data, including video, audio, images, and text, and outputting audio and text."
msgstr "" msgstr ""
msgid "Resource authorization"
msgstr ""

3
apps/locales/zh_CN/LC_MESSAGES/django.po
View File

@ -8784,3 +8784,6 @@ msgstr "如果未传递,默认值为 这段音频在说什么,只回答音
msgid "The Qwen Omni series model supports inputting multiple modalities of data, including video, audio, images, and text, and outputting audio and text." msgid "The Qwen Omni series model supports inputting multiple modalities of data, including video, audio, images, and text, and outputting audio and text."
msgstr "Qwen-Omni 系列模型支持输入多种模态的数据,包括视频、音频、图片、文本,并输出音频与文本" msgstr "Qwen-Omni 系列模型支持输入多种模态的数据,包括视频、音频、图片、文本,并输出音频与文本"
msgid "Resource authorization"
msgstr "资源授权"

3
apps/locales/zh_Hant/LC_MESSAGES/django.po
View File

@ -8784,3 +8784,6 @@ msgstr "如果未傳遞,預設值為這段音訊在說什麼,只回答音訊
msgid "The Qwen Omni series model supports inputting multiple modalities of data, including video, audio, images, and text, and outputting audio and text." msgid "The Qwen Omni series model supports inputting multiple modalities of data, including video, audio, images, and text, and outputting audio and text."
msgstr "Qwen-Omni系列模型支持輸入多種模態的數據包括視頻、音訊、圖片、文字並輸出音訊與文字" msgstr "Qwen-Omni系列模型支持輸入多種模態的數據包括視頻、音訊、圖片、文字並輸出音訊與文字"
msgid "Resource authorization"
msgstr "資源授權"

19
apps/system_manage/views/user_resource_permission.py
View File

@ -89,6 +89,10 @@ class WorkSpaceUserResourcePermissionView(APIView):
responses=UserResourcePermissionPageAPI.get_response(), responses=UserResourcePermissionPageAPI.get_response(),
tags=[_('Resources authorization')] # type: ignore tags=[_('Resources authorization')] # type: ignore
) )
@has_permissions(
lambda r, kwargs: Permission(group=Group(kwargs.get('resource') + '_WORKSPACE_USER_RESOURCE_PERMISSION'),
operate=Operate.READ),
RoleConstants.ADMIN, RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
def get(self, request: Request, workspace_id: str, user_id: str, resource: str, current_page: str, def get(self, request: Request, workspace_id: str, user_id: str, resource: str, current_page: str,
page_size: str): page_size: str):
return result.success(UserResourcePermissionSerializer( return result.success(UserResourcePermissionSerializer(
@ -109,6 +113,10 @@ class WorkspaceResourceUserPermissionView(APIView):
responses=ResourceUserPermissionAPI.get_response(), responses=ResourceUserPermissionAPI.get_response(),
tags=[_('Resources authorization')] # type: ignore tags=[_('Resources authorization')] # type: ignore
) )
@has_permissions(
lambda r, kwargs: Permission(group=Group(kwargs.get('resource') + '_RESOURCE_AUTHORIZATION'),
operate=Operate.AUTH),
RoleConstants.ADMIN, RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
def get(self, request: Request, workspace_id: str, target: str, resource: str): def get(self, request: Request, workspace_id: str, target: str, resource: str):
return result.success(ResourceUserPermissionSerializer( return result.success(ResourceUserPermissionSerializer(
data={'workspace_id': workspace_id, "target": target, 'auth_target_type': resource, data={'workspace_id': workspace_id, "target": target, 'auth_target_type': resource,
@ -127,6 +135,13 @@ class WorkspaceResourceUserPermissionView(APIView):
responses=ResourceUserPermissionEditAPI.get_response(), responses=ResourceUserPermissionEditAPI.get_response(),
tags=[_('Resources authorization')] # type: ignore tags=[_('Resources authorization')] # type: ignore
) )
@log(menu='System', operate='Edit user authorization status of resource',
get_operation_object=lambda r, k: get_user_operation_object(k.get('user_id'))
)
@has_permissions(
lambda r, kwargs: Permission(group=Group(kwargs.get('resource') + '_RESOURCE_AUTHORIZATION'),
operate=Operate.AUTH),
RoleConstants.ADMIN, RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
def put(self, request: Request, workspace_id: str, target: str, resource: str): def put(self, request: Request, workspace_id: str, target: str, resource: str):
return result.success(ResourceUserPermissionSerializer( return result.success(ResourceUserPermissionSerializer(
data={'workspace_id': workspace_id, "target": target, 'auth_target_type': resource, }) data={'workspace_id': workspace_id, "target": target, 'auth_target_type': resource, })
@ -144,6 +159,10 @@ class WorkspaceResourceUserPermissionView(APIView):
responses=ResourceUserPermissionPageAPI.get_response(), responses=ResourceUserPermissionPageAPI.get_response(),
tags=[_('Resources authorization')] # type: ignore tags=[_('Resources authorization')] # type: ignore
) )
@has_permissions(
lambda r, kwargs: Permission(group=Group(kwargs.get('resource') + '_RESOURCE_AUTHORIZATION'),
operate=Operate.AUTH),
RoleConstants.ADMIN, RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
def get(self, request: Request, workspace_id: str, target: str, resource: str, current_page: int, def get(self, request: Request, workspace_id: str, target: str, resource: str, current_page: int,
page_size: int): page_size: int):
return result.success(ResourceUserPermissionSerializer( return result.success(ResourceUserPermissionSerializer(

17
ui/src/views/system/resource-authorization/constant.ts
View File

@ -1,7 +1,11 @@
import { AuthorizationEnum } from '@/enums/system' import { AuthorizationEnum } from '@/enums/system'
import { t } from '@/locales' import { t } from '@/locales'
import { hasPermission } from '@/utils/permission'
import { EditionConst } from '@/utils/permission/data'
export const permissionOptions = [ const notCommunity = hasPermission([EditionConst.IS_EE,EditionConst.IS_PE],'OR')
const permissionOptions = [
{ {
label: t('views.system.resourceAuthorization.setting.notAuthorized'), label: t('views.system.resourceAuthorization.setting.notAuthorized'),
value: AuthorizationEnum.NOT_AUTH, value: AuthorizationEnum.NOT_AUTH,
@ -17,9 +21,16 @@ export const permissionOptions = [
value: AuthorizationEnum.MANAGE, value: AuthorizationEnum.MANAGE,
desc: t('views.system.resourceAuthorization.setting.managementDesc'), desc: t('views.system.resourceAuthorization.setting.managementDesc'),
}, },
{ ]
if (notCommunity) {
permissionOptions.push(
{
label: t('views.system.resourceAuthorization.setting.role'), label: t('views.system.resourceAuthorization.setting.role'),
value: AuthorizationEnum.ROLE, value: AuthorizationEnum.ROLE,
desc: t('views.system.resourceAuthorization.setting.roleDesc'), desc: t('views.system.resourceAuthorization.setting.roleDesc'),
}, },
] )
}
export {permissionOptions}