feat: Resource authorization permission
This commit is contained in:
zhangzhanwei
zhanweizhang7
parent
f1c7f0f3af
commit
2714a941f9
@ -170,6 +170,7 @@ class Operate(Enum):
|
|||||||
TO_CHAT = "READ+TO_CHAT" # 去对话
|
TO_CHAT = "READ+TO_CHAT" # 去对话
|
||||||
SETTING = "READ+SETTING" # 管理
|
SETTING = "READ+SETTING" # 管理
|
||||||
DOWNLOAD = "READ+DOWNLOAD" # 下载
|
DOWNLOAD = "READ+DOWNLOAD" # 下载
|
||||||
|
AUTH = "READ+AUTH"
|
||||||
|
|
||||||
|
|
||||||
class RoleGroup(Enum):
|
class RoleGroup(Enum):
|
||||||
@ -335,6 +336,7 @@ Permission_Label = {
|
|||||||
Operate.DD.value: _('Dingding'),
|
Operate.DD.value: _('Dingding'),
|
||||||
Operate.WEIXIN_PUBLIC_ACCOUNT.value: _('Weixin Public Account'),
|
Operate.WEIXIN_PUBLIC_ACCOUNT.value: _('Weixin Public Account'),
|
||||||
Operate.ADD_KNOWLEDGE.value: _('Add to Knowledge Base'),
|
Operate.ADD_KNOWLEDGE.value: _('Add to Knowledge Base'),
|
||||||
|
Operate.AUTH.value:_('resource authorization'),
|
||||||
Group.APPLICATION_OVERVIEW.value: _('Overview'),
|
Group.APPLICATION_OVERVIEW.value: _('Overview'),
|
||||||
Group.APPLICATION_ACCESS.value: _('Application Access'),
|
Group.APPLICATION_ACCESS.value: _('Application Access'),
|
||||||
Group.APPLICATION_CHAT_USER.value: _('Dialogue users'),
|
Group.APPLICATION_CHAT_USER.value: _('Dialogue users'),
|
||||||
@ -481,6 +483,11 @@ class PermissionConstants(Enum):
|
|||||||
parent_group=[WorkspaceGroup.MODEL, UserGroup.MODEL],
|
parent_group=[WorkspaceGroup.MODEL, UserGroup.MODEL],
|
||||||
resource_permission_group_list=[ResourcePermissionConst.MODEL_MANGE]
|
resource_permission_group_list=[ResourcePermissionConst.MODEL_MANGE]
|
||||||
)
|
)
|
||||||
|
MODEL_RESOURCE_AUTHORIZATION = Permission(
|
||||||
|
group=Group.MODEL, operate=Operate.AUTH, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||||
|
parent_group=[WorkspaceGroup.MODEL, UserGroup.MODEL],
|
||||||
|
resource_permission_group_list=[ResourcePermissionConst.MODEL_MANGE]
|
||||||
|
)
|
||||||
TOOL_READ = Permission(
|
TOOL_READ = Permission(
|
||||||
group=Group.TOOL, operate=Operate.READ, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
group=Group.TOOL, operate=Operate.READ, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||||
parent_group=[WorkspaceGroup.TOOL, UserGroup.TOOL],
|
parent_group=[WorkspaceGroup.TOOL, UserGroup.TOOL],
|
||||||
@ -520,6 +527,11 @@ class PermissionConstants(Enum):
|
|||||||
parent_group=[WorkspaceGroup.TOOL, UserGroup.TOOL],
|
parent_group=[WorkspaceGroup.TOOL, UserGroup.TOOL],
|
||||||
resource_permission_group_list=[ResourcePermissionConst.TOOL_MANGE]
|
resource_permission_group_list=[ResourcePermissionConst.TOOL_MANGE]
|
||||||
)
|
)
|
||||||
|
TOOL_RESOURCE_AUTHORIZATION = Permission(
|
||||||
|
group=Group.TOOL, operate=Operate.AUTH, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||||
|
parent_group=[WorkspaceGroup.TOOL, UserGroup.TOOL],
|
||||||
|
resource_permission_group_list=[ResourcePermissionConst.TOOL_MANGE]
|
||||||
|
)
|
||||||
KNOWLEDGE_READ = Permission(
|
KNOWLEDGE_READ = Permission(
|
||||||
group=Group.KNOWLEDGE, operate=Operate.READ, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
group=Group.KNOWLEDGE, operate=Operate.READ, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||||
resource_permission_group_list=[ResourcePermissionConst.KNOWLEDGE_VIEW],
|
resource_permission_group_list=[ResourcePermissionConst.KNOWLEDGE_VIEW],
|
||||||
@ -560,6 +572,11 @@ class PermissionConstants(Enum):
|
|||||||
resource_permission_group_list=[ResourcePermissionConst.KNOWLEDGE_MANGE],
|
resource_permission_group_list=[ResourcePermissionConst.KNOWLEDGE_MANGE],
|
||||||
parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE]
|
parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE]
|
||||||
)
|
)
|
||||||
|
KNOWLEDGE_RESOURCE_AUTHORIZATION = Permission(
|
||||||
|
group=Group.KNOWLEDGE, operate=Operate.AUTH, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||||
|
resource_permission_group_list=[ResourcePermissionConst.KNOWLEDGE_MANGE],
|
||||||
|
parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE]
|
||||||
|
)
|
||||||
KNOWLEDGE_DOCUMENT_READ = Permission(
|
KNOWLEDGE_DOCUMENT_READ = Permission(
|
||||||
group=Group.KNOWLEDGE_DOCUMENT, operate=Operate.READ,
|
group=Group.KNOWLEDGE_DOCUMENT, operate=Operate.READ,
|
||||||
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||||
@ -819,7 +836,11 @@ class PermissionConstants(Enum):
|
|||||||
parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
|
parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
|
||||||
resource_permission_group_list=[ResourcePermissionConst.APPLICATION_MANGE],
|
resource_permission_group_list=[ResourcePermissionConst.APPLICATION_MANGE],
|
||||||
)
|
)
|
||||||
|
APPLICATION_RESOURCE_AUTHORIZATION = Permission(group=Group.APPLICATION, operate=Operate.AUTH,
|
||||||
|
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||||
|
parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
|
||||||
|
resource_permission_group_list=[ResourcePermissionConst.APPLICATION_MANGE],
|
||||||
|
)
|
||||||
APPLICATION_OVERVIEW_READ = Permission(group=Group.APPLICATION_OVERVIEW, operate=Operate.READ,
|
APPLICATION_OVERVIEW_READ = Permission(group=Group.APPLICATION_OVERVIEW, operate=Operate.READ,
|
||||||
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||||
parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
|
parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
|
||||||
|
|||||||
@ -8657,4 +8657,7 @@ msgid "If not passed, the default value is What is this audio saying? Only answe
|
|||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
msgid "The Qwen Omni series model supports inputting multiple modalities of data, including video, audio, images, and text, and outputting audio and text."
|
msgid "The Qwen Omni series model supports inputting multiple modalities of data, including video, audio, images, and text, and outputting audio and text."
|
||||||
|
msgstr ""
|
||||||
|
|
||||||
|
msgid "Resource authorization"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
@ -8783,4 +8783,7 @@ msgid "If not passed, the default value is What is this audio saying? Only answe
|
|||||||
msgstr "如果未传递,默认值为 这段音频在说什么,只回答音频的内容"
|
msgstr "如果未传递,默认值为 这段音频在说什么,只回答音频的内容"
|
||||||
|
|
||||||
msgid "The Qwen Omni series model supports inputting multiple modalities of data, including video, audio, images, and text, and outputting audio and text."
|
msgid "The Qwen Omni series model supports inputting multiple modalities of data, including video, audio, images, and text, and outputting audio and text."
|
||||||
msgstr "Qwen-Omni 系列模型支持输入多种模态的数据,包括视频、音频、图片、文本,并输出音频与文本"
|
msgstr "Qwen-Omni 系列模型支持输入多种模态的数据,包括视频、音频、图片、文本,并输出音频与文本"
|
||||||
|
|
||||||
|
msgid "Resource authorization"
|
||||||
|
msgstr "资源授权"
|
||||||
@ -8783,4 +8783,7 @@ msgid "If not passed, the default value is What is this audio saying? Only answe
|
|||||||
msgstr "如果未傳遞,預設值為這段音訊在說什麼,只回答音訊的內容"
|
msgstr "如果未傳遞,預設值為這段音訊在說什麼,只回答音訊的內容"
|
||||||
|
|
||||||
msgid "The Qwen Omni series model supports inputting multiple modalities of data, including video, audio, images, and text, and outputting audio and text."
|
msgid "The Qwen Omni series model supports inputting multiple modalities of data, including video, audio, images, and text, and outputting audio and text."
|
||||||
msgstr "Qwen-Omni系列模型支持輸入多種模態的數據,包括視頻、音訊、圖片、文字,並輸出音訊與文字"
|
msgstr "Qwen-Omni系列模型支持輸入多種模態的數據,包括視頻、音訊、圖片、文字,並輸出音訊與文字"
|
||||||
|
|
||||||
|
msgid "Resource authorization"
|
||||||
|
msgstr "資源授權"
|
||||||
@ -89,6 +89,10 @@ class WorkSpaceUserResourcePermissionView(APIView):
|
|||||||
responses=UserResourcePermissionPageAPI.get_response(),
|
responses=UserResourcePermissionPageAPI.get_response(),
|
||||||
tags=[_('Resources authorization')] # type: ignore
|
tags=[_('Resources authorization')] # type: ignore
|
||||||
)
|
)
|
||||||
|
@has_permissions(
|
||||||
|
lambda r, kwargs: Permission(group=Group(kwargs.get('resource') + '_WORKSPACE_USER_RESOURCE_PERMISSION'),
|
||||||
|
operate=Operate.READ),
|
||||||
|
RoleConstants.ADMIN, RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
|
||||||
def get(self, request: Request, workspace_id: str, user_id: str, resource: str, current_page: str,
|
def get(self, request: Request, workspace_id: str, user_id: str, resource: str, current_page: str,
|
||||||
page_size: str):
|
page_size: str):
|
||||||
return result.success(UserResourcePermissionSerializer(
|
return result.success(UserResourcePermissionSerializer(
|
||||||
@ -109,6 +113,10 @@ class WorkspaceResourceUserPermissionView(APIView):
|
|||||||
responses=ResourceUserPermissionAPI.get_response(),
|
responses=ResourceUserPermissionAPI.get_response(),
|
||||||
tags=[_('Resources authorization')] # type: ignore
|
tags=[_('Resources authorization')] # type: ignore
|
||||||
)
|
)
|
||||||
|
@has_permissions(
|
||||||
|
lambda r, kwargs: Permission(group=Group(kwargs.get('resource') + '_RESOURCE_AUTHORIZATION'),
|
||||||
|
operate=Operate.AUTH),
|
||||||
|
RoleConstants.ADMIN, RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
|
||||||
def get(self, request: Request, workspace_id: str, target: str, resource: str):
|
def get(self, request: Request, workspace_id: str, target: str, resource: str):
|
||||||
return result.success(ResourceUserPermissionSerializer(
|
return result.success(ResourceUserPermissionSerializer(
|
||||||
data={'workspace_id': workspace_id, "target": target, 'auth_target_type': resource,
|
data={'workspace_id': workspace_id, "target": target, 'auth_target_type': resource,
|
||||||
@ -127,6 +135,13 @@ class WorkspaceResourceUserPermissionView(APIView):
|
|||||||
responses=ResourceUserPermissionEditAPI.get_response(),
|
responses=ResourceUserPermissionEditAPI.get_response(),
|
||||||
tags=[_('Resources authorization')] # type: ignore
|
tags=[_('Resources authorization')] # type: ignore
|
||||||
)
|
)
|
||||||
|
@log(menu='System', operate='Edit user authorization status of resource',
|
||||||
|
get_operation_object=lambda r, k: get_user_operation_object(k.get('user_id'))
|
||||||
|
)
|
||||||
|
@has_permissions(
|
||||||
|
lambda r, kwargs: Permission(group=Group(kwargs.get('resource') + '_RESOURCE_AUTHORIZATION'),
|
||||||
|
operate=Operate.AUTH),
|
||||||
|
RoleConstants.ADMIN, RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
|
||||||
def put(self, request: Request, workspace_id: str, target: str, resource: str):
|
def put(self, request: Request, workspace_id: str, target: str, resource: str):
|
||||||
return result.success(ResourceUserPermissionSerializer(
|
return result.success(ResourceUserPermissionSerializer(
|
||||||
data={'workspace_id': workspace_id, "target": target, 'auth_target_type': resource, })
|
data={'workspace_id': workspace_id, "target": target, 'auth_target_type': resource, })
|
||||||
@ -144,6 +159,10 @@ class WorkspaceResourceUserPermissionView(APIView):
|
|||||||
responses=ResourceUserPermissionPageAPI.get_response(),
|
responses=ResourceUserPermissionPageAPI.get_response(),
|
||||||
tags=[_('Resources authorization')] # type: ignore
|
tags=[_('Resources authorization')] # type: ignore
|
||||||
)
|
)
|
||||||
|
@has_permissions(
|
||||||
|
lambda r, kwargs: Permission(group=Group(kwargs.get('resource') + '_RESOURCE_AUTHORIZATION'),
|
||||||
|
operate=Operate.AUTH),
|
||||||
|
RoleConstants.ADMIN, RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
|
||||||
def get(self, request: Request, workspace_id: str, target: str, resource: str, current_page: int,
|
def get(self, request: Request, workspace_id: str, target: str, resource: str, current_page: int,
|
||||||
page_size: int):
|
page_size: int):
|
||||||
return result.success(ResourceUserPermissionSerializer(
|
return result.success(ResourceUserPermissionSerializer(
|
||||||
|
|||||||
@ -1,7 +1,11 @@
|
|||||||
import { AuthorizationEnum } from '@/enums/system'
|
import { AuthorizationEnum } from '@/enums/system'
|
||||||
import { t } from '@/locales'
|
import { t } from '@/locales'
|
||||||
|
import { hasPermission } from '@/utils/permission'
|
||||||
|
import { EditionConst } from '@/utils/permission/data'
|
||||||
|
|
||||||
export const permissionOptions = [
|
const notCommunity = hasPermission([EditionConst.IS_EE,EditionConst.IS_PE],'OR')
|
||||||
|
|
||||||
|
const permissionOptions = [
|
||||||
{
|
{
|
||||||
label: t('views.system.resourceAuthorization.setting.notAuthorized'),
|
label: t('views.system.resourceAuthorization.setting.notAuthorized'),
|
||||||
value: AuthorizationEnum.NOT_AUTH,
|
value: AuthorizationEnum.NOT_AUTH,
|
||||||
@ -17,9 +21,16 @@ export const permissionOptions = [
|
|||||||
value: AuthorizationEnum.MANAGE,
|
value: AuthorizationEnum.MANAGE,
|
||||||
desc: t('views.system.resourceAuthorization.setting.managementDesc'),
|
desc: t('views.system.resourceAuthorization.setting.managementDesc'),
|
||||||
},
|
},
|
||||||
{
|
]
|
||||||
|
|
||||||
|
if (notCommunity) {
|
||||||
|
permissionOptions.push(
|
||||||
|
{
|
||||||
label: t('views.system.resourceAuthorization.setting.role'),
|
label: t('views.system.resourceAuthorization.setting.role'),
|
||||||
value: AuthorizationEnum.ROLE,
|
value: AuthorizationEnum.ROLE,
|
||||||
desc: t('views.system.resourceAuthorization.setting.roleDesc'),
|
desc: t('views.system.resourceAuthorization.setting.roleDesc'),
|
||||||
},
|
},
|
||||||
]
|
)
|
||||||
|
}
|
||||||
|
|
||||||
|
export {permissionOptions}
|
||||||
Loading…
Reference in New Issue
Block a user