feat: Permission update

2025-06-18 15:07:59 +08:00 · 2025-06-18 15:07:59 +08:00 · 4eb594598c
commit 4eb594598c
parent c056cd85ac
3 changed files with 13 additions and 14 deletions
--- a/apps/application/views/application.py
+++ b/apps/application/views/application.py
@ -187,7 +187,7 @@ class ApplicationAPI(APIView):
            tags=[_('Application')]  # type: ignore
        )
        @has_permissions(PermissionConstants.WORKSPACE_READ.get_workspace_application_permission(),
-                         RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
+                         RoleConstants.WORKSPACE_MANAGE.get_workspace_role(), RoleConstants.ADMIN)
        def get(self, request: Request, workspace_id: str, application_id: str):
            return result.success(ApplicationOperateSerializer(
                data={'application_id': application_id, 'user_id': request.user.id}).one())
--- a/apps/system_manage/views/email_setting.py
+++ b/apps/system_manage/views/email_setting.py
@ -7,13 +7,12 @@
    @desc:
 """
 from drf_spectacular.utils import extend_schema
-from networkx.algorithms.traversal import dfs_successors
 from rest_framework.request import Request
 from rest_framework.views import APIView

 from common.auth import TokenAuth
 from common.auth.authentication import has_permissions
-from common.constants.permission_constants import PermissionConstants
+from common.constants.permission_constants import PermissionConstants, RoleConstants

 from django.utils.translation import gettext_lazy as _

@ -56,7 +55,7 @@ class SystemSetting(APIView):
                       tags=[_('Email Settings')])  # type: ignore
        @log(menu='Email settings', operate='Create or update email settings',
             get_details=get_email_details)
-        @has_permissions(PermissionConstants.EMAIL_SETTING_EDIT)
+        @has_permissions(PermissionConstants.EMAIL_SETTING_EDIT, RoleConstants.ADMIN)
        def put(self, request: Request):
            return result.success(
                EmailSettingSerializer.Create(
@ -70,7 +69,7 @@ class SystemSetting(APIView):
            responses=DefaultModelResponse.get_response(),
            tags=[_('Email Settings')]  # type: ignore
        )
-        @has_permissions(PermissionConstants.EMAIL_SETTING_EDIT)
+        @has_permissions(PermissionConstants.EMAIL_SETTING_EDIT, RoleConstants.ADMIN)
        @log(menu='Email settings', operate='Test email settings',
             get_details=get_email_details
             )
@ -85,7 +84,7 @@ class SystemSetting(APIView):
                       operation_id=_('Get email settings'),  # type: ignore
                       responses=DefaultModelResponse.get_response(),
                       tags=[_('Email Settings')])  # type: ignore
-        @has_permissions(PermissionConstants.EMAIL_SETTING_READ)
+        @has_permissions(PermissionConstants.EMAIL_SETTING_READ, RoleConstants.ADMIN)
        def get(self, request: Request):
            return result.success(
                EmailSettingSerializer.one())
--- a/apps/users/views/user.py
+++ b/apps/users/views/user.py
@ -76,7 +76,7 @@ class TestPermissionsUserView(APIView):
                   operation_id="测试",
                   tags=[_("User Management")],  # type: ignore
                   responses=UserProfileAPI.get_response())
-    @has_permissions(PermissionConstants.USER_EDIT)
+    @has_permissions(PermissionConstants.USER_EDIT, RoleConstants.ADMIN)
    def get(self, request: Request):
        return result.success(UserProfileSerializer().profile(request.user, request.auth))

@ -108,7 +108,7 @@ class TestWorkspacePermissionUserView(APIView):
                   tags=[_("User Management")],  # type: ignore
                   responses=UserProfileAPI.get_response(),
                   parameters=TestWorkspacePermissionUserApi.get_parameters())
-    @has_permissions(PermissionConstants.USER_EDIT.get_workspace_permission())
+    @has_permissions(PermissionConstants.USER_EDIT.get_workspace_permission(), RoleConstants.ADMIN)
    def get(self, request: Request, workspace_id):
        return result.success(UserProfileSerializer().profile(request.user, request.auth))

@ -179,7 +179,7 @@ class UserManage(APIView):
                       operation_id=_("Get default password"),  # type: ignore
                       tags=[_("User Management")],  # type: ignore
                       responses=UserPasswordResponse.get_response())
-        @has_permissions(PermissionConstants.USER_CREATE)
+        @has_permissions(PermissionConstants.USER_CREATE, RoleConstants.ADMIN)
        def get(self, request: Request):
            return result.success(data={'password': default_password})

@ -193,7 +193,7 @@ class UserManage(APIView):
                       tags=[_("User Management")],  # type: ignore
                       parameters=DeleteUserApi.get_parameters(),
                       responses=DefaultModelResponse.get_response())
-        @has_permissions(PermissionConstants.USER_DELETE)
+        @has_permissions(PermissionConstants.USER_DELETE, RoleConstants.ADMIN)
        @log(menu='User management', operate='Delete user',
             get_operation_object=lambda r, k: get_user_operation_object(k.get('user_id')))
        def delete(self, request: Request, user_id):
@ -206,7 +206,7 @@ class UserManage(APIView):
                       tags=[_("User Management")],  # type: ignore
                       request=DeleteUserApi.get_parameters(),
                       responses=UserProfileAPI.get_response())
-        @has_permissions(PermissionConstants.USER_READ)
+        @has_permissions(PermissionConstants.USER_READ,RoleConstants.ADMIN)
        def get(self, request: Request, user_id):
            return result.success(UserManageSerializer.Operate(data={'id': user_id}).one(with_valid=True))

@ -218,7 +218,7 @@ class UserManage(APIView):
                       parameters=DeleteUserApi.get_parameters(),
                       request=EditUserApi.get_request(),
                       responses=UserProfileAPI.get_response())
-        @has_permissions(PermissionConstants.USER_EDIT)
+        @has_permissions(PermissionConstants.USER_EDIT, RoleConstants.ADMIN)
        @log(menu='User management', operate='Update user information',
             get_operation_object=lambda r, k: get_user_operation_object(k.get('user_id')))
        def put(self, request: Request, user_id):
@ -235,7 +235,7 @@ class UserManage(APIView):
                       tags=[_("User Management")],  # type: ignore
                       request=DeleteUserApi.get_request(),
                       responses=DefaultModelResponse.get_response())
-        @has_permissions(PermissionConstants.USER_DELETE)
+        @has_permissions(PermissionConstants.USER_DELETE, RoleConstants.ADMIN)
        @log(menu='User management', operate='Batch delete user',
             get_operation_object=lambda r, k: get_user_operation_object(k.get('user_id')))
        def post(self, request: Request):
@ -269,7 +269,7 @@ class UserManage(APIView):
                       tags=[_("User Management")],  # type: ignore
                       parameters=UserPageApi.get_parameters(),
                       responses=UserPageApi.get_response())
-        @has_permissions(PermissionConstants.USER_READ)
+        @has_permissions(PermissionConstants.USER_READ,RoleConstants.ADMIN)
        def get(self, request: Request, current_page, page_size):
            d = UserManageSerializer.Query(
                data={'email_or_username': request.query_params.get('email_or_username', None),