rafactor: User resource permission read and edit
This commit is contained in:
zhangzhanwei
zhanweizhang7
parent
5c0735109a
commit
5061708c1f
@ -12,15 +12,29 @@ from rest_framework import serializers
|
|||||||
from django.utils.translation import gettext_lazy as _
|
from django.utils.translation import gettext_lazy as _
|
||||||
|
|
||||||
from common.mixins.api_mixin import APIMixin
|
from common.mixins.api_mixin import APIMixin
|
||||||
from common.result import ResultSerializer, ResultPageSerializer
|
from common.result import ResultSerializer, ResultPageSerializer, PageDataResponse
|
||||||
from system_manage.serializers.user_resource_permission import UserResourcePermissionResponse, \
|
from system_manage.serializers.user_resource_permission import ResourceUserPermissionEditRequest, UpdateTeamMemberItemPermissionSerializer
|
||||||
UpdateUserResourcePermissionRequest, ResourceUserPermissionEditRequest
|
|
||||||
|
|
||||||
|
|
||||||
class APIUserResourcePermissionResponse(ResultSerializer):
|
class UserResourcePermissionResponse0(serializers.Serializer):
|
||||||
|
id = serializers.UUIDField(required=True, label="主键id")
|
||||||
|
name = serializers.CharField(required=True, label="资源名称")
|
||||||
|
auth_target_type = serializers.CharField(required=True, label="授权资源")
|
||||||
|
user_id = serializers.UUIDField(required=True, label="用户id")
|
||||||
|
icon = serializers.CharField(required=True, label="资源图标")
|
||||||
|
auth_type = serializers.CharField(required=True, label="授权类型")
|
||||||
|
permission = serializers.ChoiceField(required=False, allow_null=True, allow_blank=True,
|
||||||
|
choices=['NOT_AUTH', 'MANAGE', 'VIEW', 'ROLE'],
|
||||||
|
label=_('permission'))
|
||||||
|
|
||||||
|
class NewAPIUserResourcePermissionResponse(ResultSerializer):
|
||||||
def get_data(self):
|
def get_data(self):
|
||||||
return UserResourcePermissionResponse(many=True)
|
return UserResourcePermissionResponse0(many=True)
|
||||||
|
|
||||||
|
class NewAPIUserResourcePermissionPageResponse(ResultPageSerializer):
|
||||||
|
|
||||||
|
def get_data(self):
|
||||||
|
return UserResourcePermissionResponse0(many=True)
|
||||||
|
|
||||||
class UserResourcePermissionAPI(APIMixin):
|
class UserResourcePermissionAPI(APIMixin):
|
||||||
@staticmethod
|
@staticmethod
|
||||||
@ -40,17 +54,61 @@ class UserResourcePermissionAPI(APIMixin):
|
|||||||
location='path',
|
location='path',
|
||||||
required=True,
|
required=True,
|
||||||
),
|
),
|
||||||
|
OpenApiParameter(
|
||||||
|
name="name",
|
||||||
|
description="名称",
|
||||||
|
type=OpenApiTypes.STR,
|
||||||
|
location='query',
|
||||||
|
required=False
|
||||||
|
),
|
||||||
|
OpenApiParameter(
|
||||||
|
name="permission",
|
||||||
|
description="权限",
|
||||||
|
type=OpenApiTypes.STR,
|
||||||
|
location='query',
|
||||||
|
required=False
|
||||||
|
),
|
||||||
]
|
]
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def get_response():
|
def get_response():
|
||||||
return APIUserResourcePermissionResponse
|
return NewAPIUserResourcePermissionResponse
|
||||||
|
|
||||||
|
|
||||||
class EditUserResourcePermissionAPI(APIMixin):
|
class EditUserResourcePermissionAPI(APIMixin):
|
||||||
|
@staticmethod
|
||||||
|
def get_parameters():
|
||||||
|
return [
|
||||||
|
OpenApiParameter(
|
||||||
|
name="workspace_id",
|
||||||
|
description="工作空间id",
|
||||||
|
type=OpenApiTypes.STR,
|
||||||
|
location='path',
|
||||||
|
required=True,
|
||||||
|
),
|
||||||
|
OpenApiParameter(
|
||||||
|
name="user_id",
|
||||||
|
description="用户id",
|
||||||
|
type=OpenApiTypes.STR,
|
||||||
|
location='path',
|
||||||
|
required=True,
|
||||||
|
),
|
||||||
|
OpenApiParameter(
|
||||||
|
name="resource",
|
||||||
|
description="资源类型",
|
||||||
|
type=OpenApiTypes.STR,
|
||||||
|
location='path',
|
||||||
|
required=True
|
||||||
|
),
|
||||||
|
]
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def get_request():
|
def get_request():
|
||||||
return UpdateUserResourcePermissionRequest()
|
return UpdateTeamMemberItemPermissionSerializer(many=True)
|
||||||
|
|
||||||
|
@staticmethod
|
||||||
|
def get_response():
|
||||||
|
return NewAPIUserResourcePermissionResponse
|
||||||
|
|
||||||
|
|
||||||
class ResourceUserPermissionResponse(serializers.Serializer):
|
class ResourceUserPermissionResponse(serializers.Serializer):
|
||||||
@ -117,10 +175,69 @@ class ResourceUserPermissionAPI(APIMixin):
|
|||||||
def get_response():
|
def get_response():
|
||||||
return APIResourceUserPermissionResponse
|
return APIResourceUserPermissionResponse
|
||||||
|
|
||||||
|
class UserResourcePermissionPageAPI(APIMixin):
|
||||||
|
@staticmethod
|
||||||
|
def get_parameters():
|
||||||
|
return [
|
||||||
|
OpenApiParameter(
|
||||||
|
name="workspace_id",
|
||||||
|
description="工作空间id",
|
||||||
|
type=OpenApiTypes.STR,
|
||||||
|
location='path',
|
||||||
|
required=True
|
||||||
|
),
|
||||||
|
OpenApiParameter(
|
||||||
|
name="user_id",
|
||||||
|
description="用户id",
|
||||||
|
type=OpenApiTypes.STR,
|
||||||
|
location='path',
|
||||||
|
required=True
|
||||||
|
),
|
||||||
|
OpenApiParameter(
|
||||||
|
name="resource",
|
||||||
|
description="资源类型",
|
||||||
|
type=OpenApiTypes.STR,
|
||||||
|
location='path',
|
||||||
|
required=True
|
||||||
|
),
|
||||||
|
OpenApiParameter(
|
||||||
|
name="current_page",
|
||||||
|
description=_("Current page"),
|
||||||
|
type=OpenApiTypes.INT,
|
||||||
|
location='path',
|
||||||
|
required=True,
|
||||||
|
),
|
||||||
|
OpenApiParameter(
|
||||||
|
name="page_size",
|
||||||
|
description=_("Page size"),
|
||||||
|
type=OpenApiTypes.INT,
|
||||||
|
location='path',
|
||||||
|
required=True,
|
||||||
|
),
|
||||||
|
OpenApiParameter(
|
||||||
|
name="name",
|
||||||
|
description="资源名称",
|
||||||
|
type=OpenApiTypes.STR,
|
||||||
|
location='query',
|
||||||
|
required=False
|
||||||
|
),
|
||||||
|
OpenApiParameter(
|
||||||
|
name="permission",
|
||||||
|
description="权限",
|
||||||
|
type=OpenApiTypes.STR,
|
||||||
|
location='query',
|
||||||
|
required=False
|
||||||
|
),
|
||||||
|
]
|
||||||
|
|
||||||
|
@staticmethod
|
||||||
|
def get_response():
|
||||||
|
return NewAPIUserResourcePermissionPageResponse
|
||||||
|
|
||||||
|
|
||||||
class APIResourceUserPermissionPageResponse(ResultPageSerializer):
|
class APIResourceUserPermissionPageResponse(ResultPageSerializer):
|
||||||
def get_data(self):
|
def get_data(self):
|
||||||
return ResourceUserPermissionResponse(many=True)
|
return PageDataResponse(ResourceUserPermissionResponse(many=True))
|
||||||
|
|
||||||
|
|
||||||
class ResourceUserPermissionPageAPI(APIMixin):
|
class ResourceUserPermissionPageAPI(APIMixin):
|
||||||
|
|||||||
@ -44,10 +44,13 @@ class PermissionSerializer(serializers.Serializer):
|
|||||||
class UserResourcePermissionItemResponse(serializers.Serializer):
|
class UserResourcePermissionItemResponse(serializers.Serializer):
|
||||||
id = serializers.UUIDField(required=True, label="主键id")
|
id = serializers.UUIDField(required=True, label="主键id")
|
||||||
name = serializers.CharField(required=True, label="资源名称")
|
name = serializers.CharField(required=True, label="资源名称")
|
||||||
auth_target_type = serializers.ChoiceField(required=True, choices=AuthTargetType.choices, label="授权资源")
|
auth_target_type = serializers.CharField(required=True, label="授权资源")
|
||||||
user_id = serializers.UUIDField(required=True, label="用户id")
|
user_id = serializers.UUIDField(required=True, label="用户id")
|
||||||
auth_type = serializers.ChoiceField(required=True, choices=ResourceAuthType.choices, label="授权类型")
|
icon = serializers.CharField(required=True, label="资源图标")
|
||||||
permission = PermissionSerializer()
|
auth_type = serializers.CharField(required=True, label="授权类型")
|
||||||
|
permission = serializers.ChoiceField(required=False, allow_null=True, allow_blank=True,
|
||||||
|
choices=['NOT_AUTH', 'MANAGE', 'VIEW', 'ROLE'],
|
||||||
|
label=_('permission'))
|
||||||
|
|
||||||
|
|
||||||
class UserResourcePermissionResponse(serializers.Serializer):
|
class UserResourcePermissionResponse(serializers.Serializer):
|
||||||
@ -56,8 +59,9 @@ class UserResourcePermissionResponse(serializers.Serializer):
|
|||||||
|
|
||||||
class UpdateTeamMemberItemPermissionSerializer(serializers.Serializer):
|
class UpdateTeamMemberItemPermissionSerializer(serializers.Serializer):
|
||||||
target_id = serializers.CharField(required=True, label=_('target id'))
|
target_id = serializers.CharField(required=True, label=_('target id'))
|
||||||
auth_type = serializers.ChoiceField(required=True, choices=ResourceAuthType.choices, label="授权类型")
|
permission = serializers.ChoiceField(required=False, allow_null=True, allow_blank=True,
|
||||||
permission = PermissionSerializer(required=True, many=False)
|
choices=['NOT_AUTH', 'MANAGE', 'VIEW', 'ROLE'],
|
||||||
|
label=_('permission'))
|
||||||
|
|
||||||
|
|
||||||
class UpdateUserResourcePermissionRequest(serializers.Serializer):
|
class UpdateUserResourcePermissionRequest(serializers.Serializer):
|
||||||
@ -90,19 +94,38 @@ sql_map = {
|
|||||||
'APPLICATION': 'get_application_user_resource_permission.sql'
|
'APPLICATION': 'get_application_user_resource_permission.sql'
|
||||||
}
|
}
|
||||||
|
|
||||||
|
class UserResourcePermissionUserListRequest(serializers.Serializer):
|
||||||
|
name = serializers.CharField(required=False, allow_null=True, allow_blank=True, label=_('resource name'))
|
||||||
|
permission = serializers.ChoiceField(required=False, allow_null=True, allow_blank=True,choices=['NOT_AUTH', 'MANAGE', 'VIEW', 'ROLE'],
|
||||||
|
label=_('permission'))
|
||||||
|
|
||||||
class UserResourcePermissionSerializer(serializers.Serializer):
|
class UserResourcePermissionSerializer(serializers.Serializer):
|
||||||
workspace_id = serializers.CharField(required=True, label=_('workspace id'))
|
workspace_id = serializers.CharField(required=True, label=_('workspace id'))
|
||||||
user_id = serializers.CharField(required=True, label=_('user id'))
|
user_id = serializers.CharField(required=True, label=_('user id'))
|
||||||
auth_target_type = serializers.CharField(required=True, label=_('resource'))
|
auth_target_type = serializers.CharField(required=True, label=_('resource'))
|
||||||
|
|
||||||
def get_queryset(self):
|
def get_queryset(self, instance):
|
||||||
|
resource_query_set = QuerySet(
|
||||||
|
model=get_dynamics_model({
|
||||||
|
'name': models.CharField(),
|
||||||
|
"permission": models.CharField(),
|
||||||
|
}))
|
||||||
|
name = instance.get('name')
|
||||||
|
permission = instance.get('permission')
|
||||||
|
|
||||||
|
if name:
|
||||||
|
resource_query_set = resource_query_set.filter(name__contains=name)
|
||||||
|
if permission:
|
||||||
|
resource_query_set = resource_query_set.filter(
|
||||||
|
permission=None if instance.get('permission') == 'NOT_AUTH' else instance.get('permission'))
|
||||||
|
|
||||||
return {
|
return {
|
||||||
'query_set': QuerySet(m_map.get(self.data.get('auth_target_type'))).filter(
|
'query_set': QuerySet(m_map.get(self.data.get('auth_target_type'))).filter(
|
||||||
workspace_id=self.data.get('workspace_id')),
|
workspace_id=self.data.get('workspace_id')),
|
||||||
'workspace_user_resource_permission_query_set': QuerySet(WorkspaceUserResourcePermission).filter(
|
'workspace_user_resource_permission_query_set': QuerySet(WorkspaceUserResourcePermission).filter(
|
||||||
workspace_id=self.data.get('workspace_id'), user=self.data.get('user_id'),
|
workspace_id=self.data.get('workspace_id'), user=self.data.get('user_id'),
|
||||||
auth_target_type=self.data.get('auth_target_type'))
|
auth_target_type=self.data.get('auth_target_type')),
|
||||||
|
'resource_query_set': resource_query_set
|
||||||
}
|
}
|
||||||
|
|
||||||
def is_auth(self, resource_id: str):
|
def is_auth(self, resource_id: str):
|
||||||
@ -184,44 +207,38 @@ class UserResourcePermissionSerializer(serializers.Serializer):
|
|||||||
cache.delete(key, version=version)
|
cache.delete(key, version=version)
|
||||||
return True
|
return True
|
||||||
|
|
||||||
def list(self, user, with_valid=True):
|
def list(self, instance, user, with_valid=True):
|
||||||
if with_valid:
|
if with_valid:
|
||||||
self.is_valid(raise_exception=True)
|
self.is_valid(raise_exception=True)
|
||||||
|
UserResourcePermissionUserListRequest(data=instance).is_valid(raise_exception=True)
|
||||||
workspace_id = self.data.get("workspace_id")
|
workspace_id = self.data.get("workspace_id")
|
||||||
user_id = self.data.get("user_id")
|
user_id = self.data.get("user_id")
|
||||||
# 用户权限列表
|
# 用户权限列表
|
||||||
user_resource_permission_list = native_search(self.get_queryset(), get_file_content(
|
user_resource_permission_list = native_search(self.get_queryset(instance), get_file_content(
|
||||||
os.path.join(PROJECT_DIR, "apps", "system_manage", 'sql', sql_map.get(self.data.get('auth_target_type')))))
|
os.path.join(PROJECT_DIR, "apps", "system_manage", 'sql', sql_map.get(self.data.get('auth_target_type')))))
|
||||||
workspace_user_role_mapping_model = DatabaseModelManage.get_model("workspace_user_role_mapping")
|
|
||||||
workspace_model = DatabaseModelManage.get_model("workspace_model")
|
return [{**user_resource_permission}
|
||||||
if workspace_user_role_mapping_model and workspace_model:
|
for user_resource_permission in user_resource_permission_list]
|
||||||
workspace_user_role_mapping_list = QuerySet(workspace_user_role_mapping_model).filter(user_id=user_id,
|
|
||||||
workspace_id=workspace_id)
|
|
||||||
else:
|
def page(self, instance, current_page: int, page_size: int,user, with_valid=True):
|
||||||
workspace_user_role_mapping_list = get_default_workspace_user_role_mapping_list([user.role])
|
if with_valid:
|
||||||
is_workspace_manage = any(
|
self.is_valid(raise_exception=True)
|
||||||
[workspace_user_role_mapping for workspace_user_role_mapping in workspace_user_role_mapping_list if
|
UserResourcePermissionUserListRequest(data=instance).is_valid(raise_exception=True)
|
||||||
workspace_user_role_mapping.role_id == RoleConstants.WORKSPACE_MANAGE.value])
|
workspace_id = self.data.get("workspace_id")
|
||||||
# 如果当前用户是当前工作空间管理员那么就拥有所有权限
|
user_id = self.data.get("user_id")
|
||||||
if is_workspace_manage:
|
# 用户对应的资源权限分页列表
|
||||||
user_resource_permission_list = list(
|
user_resource_permission_page_list = native_page_search(current_page,page_size,self.get_queryset(instance),get_file_content(
|
||||||
map(lambda row: {**row,
|
os.path.join(PROJECT_DIR, "apps", "system_manage", 'sql', sql_map.get(self.data.get('auth_target_type')))
|
||||||
'permission': {ResourcePermission.VIEW.value: True,
|
))
|
||||||
ResourcePermission.MANAGE.value: True,
|
|
||||||
ResourcePermissionRole.ROLE.value: True}},
|
return user_resource_permission_page_list
|
||||||
user_resource_permission_list))
|
|
||||||
return group_by([{**user_resource_permission, 'permission': {
|
|
||||||
permission: True if user_resource_permission.get('permission_list').__contains__(permission) else False for
|
|
||||||
permission in
|
|
||||||
[ResourcePermission.VIEW.value, ResourcePermission.MANAGE.value,
|
|
||||||
ResourcePermissionRole.ROLE.value]}}
|
|
||||||
for user_resource_permission in user_resource_permission_list],
|
|
||||||
key=lambda item: item.get('auth_target_type'))
|
|
||||||
|
|
||||||
def edit(self, instance, user, with_valid=True):
|
def edit(self, instance, user, with_valid=True):
|
||||||
if with_valid:
|
if with_valid:
|
||||||
self.is_valid(raise_exception=True)
|
self.is_valid(raise_exception=True)
|
||||||
UpdateUserResourcePermissionRequest(data=instance).is_valid(raise_exception=True,
|
UpdateUserResourcePermissionRequest(data={'user_resource_permission_list':instance}).is_valid(raise_exception=True,
|
||||||
auth_target_type=self.data.get(
|
auth_target_type=self.data.get(
|
||||||
'auth_target_type'),
|
'auth_target_type'),
|
||||||
workspace_id=self.data.get('workspace_id'))
|
workspace_id=self.data.get('workspace_id'))
|
||||||
@ -229,11 +246,17 @@ class UserResourcePermissionSerializer(serializers.Serializer):
|
|||||||
user_id = self.data.get("user_id")
|
user_id = self.data.get("user_id")
|
||||||
update_list = []
|
update_list = []
|
||||||
save_list = []
|
save_list = []
|
||||||
user_resource_permission_list = instance.get('user_resource_permission_list')
|
targets = [ item['target_id'] for item in instance ]
|
||||||
QuerySet(WorkspaceUserResourcePermission).filter(
|
QuerySet(WorkspaceUserResourcePermission).filter(
|
||||||
workspace_id=workspace_id, user_id=user_id, auth_target_type=self.data.get('auth_target_type')).delete()
|
workspace_id=workspace_id,
|
||||||
|
user_id=user_id,
|
||||||
|
auth_target_type=self.data.get('auth_target_type'),
|
||||||
|
target__in=targets
|
||||||
|
).delete()
|
||||||
workspace_user_resource_permission_exist_list = []
|
workspace_user_resource_permission_exist_list = []
|
||||||
for user_resource_permission in user_resource_permission_list:
|
for user_resource_permission in instance:
|
||||||
|
permission = user_resource_permission['permission']
|
||||||
|
auth_type, permission_list = permission_map[permission]
|
||||||
exist_list = [user_resource_permission_exist for user_resource_permission_exist in
|
exist_list = [user_resource_permission_exist for user_resource_permission_exist in
|
||||||
workspace_user_resource_permission_exist_list if
|
workspace_user_resource_permission_exist_list if
|
||||||
user_resource_permission.get('target_id') == str(user_resource_permission_exist.target)]
|
user_resource_permission.get('target_id') == str(user_resource_permission_exist.target)]
|
||||||
@ -245,14 +268,10 @@ class UserResourcePermissionSerializer(serializers.Serializer):
|
|||||||
else:
|
else:
|
||||||
save_list.append(WorkspaceUserResourcePermission(target=user_resource_permission.get('target_id'),
|
save_list.append(WorkspaceUserResourcePermission(target=user_resource_permission.get('target_id'),
|
||||||
auth_target_type=self.data.get('auth_target_type'),
|
auth_target_type=self.data.get('auth_target_type'),
|
||||||
permission_list=[key for key in
|
permission_list=permission_list,
|
||||||
user_resource_permission.get(
|
|
||||||
'permission').keys() if
|
|
||||||
user_resource_permission.get(
|
|
||||||
'permission').get(key)],
|
|
||||||
workspace_id=workspace_id,
|
workspace_id=workspace_id,
|
||||||
user_id=user_id,
|
user_id=user_id,
|
||||||
auth_type=user_resource_permission.get('auth_type')))
|
auth_type=auth_type))
|
||||||
# 批量更新
|
# 批量更新
|
||||||
QuerySet(WorkspaceUserResourcePermission).bulk_update(update_list, ['permission_list', 'auth_type']) if len(
|
QuerySet(WorkspaceUserResourcePermission).bulk_update(update_list, ['permission_list', 'auth_type']) if len(
|
||||||
update_list) > 0 else None
|
update_list) > 0 else None
|
||||||
@ -261,13 +280,13 @@ class UserResourcePermissionSerializer(serializers.Serializer):
|
|||||||
version = Cache_Version.PERMISSION_LIST.get_version()
|
version = Cache_Version.PERMISSION_LIST.get_version()
|
||||||
key = Cache_Version.PERMISSION_LIST.get_key(user_id=user_id)
|
key = Cache_Version.PERMISSION_LIST.get_key(user_id=user_id)
|
||||||
cache.delete(key, version=version)
|
cache.delete(key, version=version)
|
||||||
return True
|
return instance
|
||||||
|
|
||||||
|
|
||||||
class ResourceUserPermissionUserListRequest(serializers.Serializer):
|
class ResourceUserPermissionUserListRequest(serializers.Serializer):
|
||||||
nick_name = serializers.CharField(required=False, allow_null=True, allow_blank=True, label=_('workspace id'))
|
nick_name = serializers.CharField(required=False, allow_null=True, allow_blank=True, label=_('workspace id'))
|
||||||
username = serializers.CharField(required=False, allow_null=True, allow_blank=True, label=_('workspace id'))
|
username = serializers.CharField(required=False, allow_null=True, allow_blank=True, label=_('workspace id'))
|
||||||
permission = serializers.ChoiceField(required=True, choices=['NOT_AUTH', 'MANAGE', 'VIEW', 'ROLE'],
|
permission = serializers.ChoiceField(required=False, allow_null=True, allow_blank=True, choices=['NOT_AUTH', 'MANAGE', 'VIEW', 'ROLE'],
|
||||||
label=_('permission'))
|
label=_('permission'))
|
||||||
|
|
||||||
|
|
||||||
@ -381,4 +400,4 @@ class ResourceUserPermissionSerializer(serializers.Serializer):
|
|||||||
for user_id in users_id:
|
for user_id in users_id:
|
||||||
key = Cache_Version.PERMISSION_LIST.get_key(user_id=user_id)
|
key = Cache_Version.PERMISSION_LIST.get_key(user_id=user_id)
|
||||||
cache.delete(key, version=version)
|
cache.delete(key, version=version)
|
||||||
return True
|
return instance
|
||||||
|
|||||||
@ -1,17 +1,38 @@
|
|||||||
SELECT app_or_knowledge.*,
|
SELECT
|
||||||
COALESCE(workspace_user_resource_permission.permission_list,'{}')::varchar[] as permission_list,
|
app_or_knowledge.*,
|
||||||
COALESCE(workspace_user_resource_permission.auth_type,'ROLE') as auth_type
|
CASE
|
||||||
FROM (SELECT "id",
|
WHEN
|
||||||
"name",
|
wurp."permission" is null then 'NOT_AUTH'
|
||||||
'APPLICATION' AS "auth_target_type",
|
ELSE wurp."permission"
|
||||||
user_id,
|
END
|
||||||
workspace_id,
|
FROM (
|
||||||
icon,
|
SELECT
|
||||||
folder_id
|
"id",
|
||||||
FROM application
|
"name",
|
||||||
${query_set}
|
'APPLICATION' AS "auth_target_type",
|
||||||
) app_or_knowledge
|
user_id,
|
||||||
LEFT JOIN (SELECT *
|
workspace_id,
|
||||||
FROM workspace_user_resource_permission
|
icon,
|
||||||
${workspace_user_resource_permission_query_set}) workspace_user_resource_permission
|
folder_id
|
||||||
ON workspace_user_resource_permission.target = app_or_knowledge."id";
|
FROM
|
||||||
|
application
|
||||||
|
${query_set}
|
||||||
|
) app_or_knowledge
|
||||||
|
LEFT JOIN (
|
||||||
|
SELECT
|
||||||
|
target,
|
||||||
|
CASE
|
||||||
|
WHEN auth_type = 'ROLE'
|
||||||
|
AND 'ROLE' = ANY(permission_list) THEN 'ROLE'
|
||||||
|
WHEN auth_type = 'RESOURCE_PERMISSION_GROUP'
|
||||||
|
AND 'MANAGE' = ANY(permission_list) THEN 'MANAGE'
|
||||||
|
WHEN auth_type = 'RESOURCE_PERMISSION_GROUP'
|
||||||
|
AND 'VIEW' = ANY(permission_list) THEN 'VIEW'
|
||||||
|
ELSE 'NOT_AUTH'
|
||||||
|
END AS permission
|
||||||
|
FROM
|
||||||
|
workspace_user_resource_permission
|
||||||
|
${workspace_user_resource_permission_query_set}
|
||||||
|
) wurp
|
||||||
|
ON wurp.target = app_or_knowledge."id"
|
||||||
|
${resource_query_set}
|
||||||
@ -1,17 +1,38 @@
|
|||||||
SELECT app_or_knowledge.*,
|
SELECT
|
||||||
COALESCE(workspace_user_resource_permission.permission_list,'{}')::varchar[] as permission_list,
|
app_or_knowledge.*,
|
||||||
COALESCE(workspace_user_resource_permission.auth_type,'ROLE') as auth_type
|
CASE
|
||||||
FROM (SELECT "id",
|
WHEN
|
||||||
"name",
|
wurp."permission" is null then 'NOT_AUTH'
|
||||||
'KNOWLEDGE' AS "auth_target_type",
|
ELSE wurp."permission"
|
||||||
user_id,
|
END
|
||||||
workspace_id,
|
FROM (
|
||||||
"type"::varchar AS "icon",
|
SELECT
|
||||||
folder_id
|
"id",
|
||||||
FROM knowledge
|
"name",
|
||||||
${query_set}
|
'KNOWLEDGE' AS "auth_target_type",
|
||||||
) app_or_knowledge
|
user_id,
|
||||||
LEFT JOIN (SELECT *
|
workspace_id,
|
||||||
FROM workspace_user_resource_permission
|
"type"::varchar AS "icon",
|
||||||
${workspace_user_resource_permission_query_set}) workspace_user_resource_permission
|
folder_id
|
||||||
ON workspace_user_resource_permission.target = app_or_knowledge."id";
|
FROM
|
||||||
|
knowledge
|
||||||
|
${query_set}
|
||||||
|
) app_or_knowledge
|
||||||
|
LEFT JOIN (
|
||||||
|
SELECT
|
||||||
|
target,
|
||||||
|
CASE
|
||||||
|
WHEN auth_type = 'ROLE'
|
||||||
|
AND 'ROLE' = ANY(permission_list) THEN 'ROLE'
|
||||||
|
WHEN auth_type = 'RESOURCE_PERMISSION_GROUP'
|
||||||
|
AND 'MANAGE' = ANY(permission_list) THEN 'MANAGE'
|
||||||
|
WHEN auth_type = 'RESOURCE_PERMISSION_GROUP'
|
||||||
|
AND 'VIEW' = ANY(permission_list) THEN 'VIEW'
|
||||||
|
ELSE 'NOT_AUTH'
|
||||||
|
END AS permission
|
||||||
|
FROM
|
||||||
|
workspace_user_resource_permission
|
||||||
|
${workspace_user_resource_permission_query_set}
|
||||||
|
) wurp
|
||||||
|
ON wurp.target = app_or_knowledge."id"
|
||||||
|
${resource_query_set}
|
||||||
@ -1,17 +1,38 @@
|
|||||||
SELECT app_or_knowledge.*,
|
SELECT
|
||||||
COALESCE(workspace_user_resource_permission.permission_list,'{}')::varchar[] as permission_list,
|
app_or_knowledge.*,
|
||||||
COALESCE(workspace_user_resource_permission.auth_type,'ROLE') as auth_type
|
CASE
|
||||||
FROM (SELECT "id",
|
WHEN
|
||||||
"name",
|
wurp."permission" is null then 'NOT_AUTH'
|
||||||
'MODEL' AS "auth_target_type",
|
ELSE wurp."permission"
|
||||||
user_id,
|
END
|
||||||
workspace_id,
|
FROM (
|
||||||
provider as icon,
|
SELECT
|
||||||
'default' as folder_id
|
"id",
|
||||||
FROM model
|
"name",
|
||||||
${query_set}
|
'MODEL' AS "auth_target_type",
|
||||||
) app_or_knowledge
|
user_id,
|
||||||
LEFT JOIN (SELECT *
|
workspace_id,
|
||||||
FROM workspace_user_resource_permission
|
provider as icon,
|
||||||
${workspace_user_resource_permission_query_set}) workspace_user_resource_permission
|
'default' as folder_id
|
||||||
ON workspace_user_resource_permission.target = app_or_knowledge."id";
|
FROM
|
||||||
|
model
|
||||||
|
${query_set}
|
||||||
|
) app_or_knowledge
|
||||||
|
LEFT JOIN (
|
||||||
|
SELECT
|
||||||
|
target,
|
||||||
|
CASE
|
||||||
|
WHEN auth_type = 'ROLE'
|
||||||
|
AND 'ROLE' = ANY(permission_list) THEN 'ROLE'
|
||||||
|
WHEN auth_type = 'RESOURCE_PERMISSION_GROUP'
|
||||||
|
AND 'MANAGE' = ANY(permission_list) THEN 'MANAGE'
|
||||||
|
WHEN auth_type = 'RESOURCE_PERMISSION_GROUP'
|
||||||
|
AND 'VIEW' = ANY(permission_list) THEN 'VIEW'
|
||||||
|
ELSE 'NOT_AUTH'
|
||||||
|
END AS permission
|
||||||
|
FROM
|
||||||
|
workspace_user_resource_permission
|
||||||
|
${workspace_user_resource_permission_query_set}
|
||||||
|
) wurp
|
||||||
|
ON wurp.target = app_or_knowledge."id"
|
||||||
|
${resource_query_set}
|
||||||
@ -19,7 +19,7 @@ LEFT JOIN (
|
|||||||
and 'MANAGE'= any(permission_list) then 'MANAGE'
|
and 'MANAGE'= any(permission_list) then 'MANAGE'
|
||||||
when auth_type = 'RESOURCE_PERMISSION_GROUP'
|
when auth_type = 'RESOURCE_PERMISSION_GROUP'
|
||||||
and 'VIEW' = any( permission_list) then 'VIEW'
|
and 'VIEW' = any( permission_list) then 'VIEW'
|
||||||
else 'NO_AUTH'
|
else 'NOT_AUTH'
|
||||||
end) as "permission"
|
end) as "permission"
|
||||||
FROM
|
FROM
|
||||||
workspace_user_resource_permission
|
workspace_user_resource_permission
|
||||||
|
|||||||
@ -1,17 +1,39 @@
|
|||||||
SELECT app_or_knowledge.*,
|
SELECT
|
||||||
COALESCE(workspace_user_resource_permission.permission_list,'{}')::varchar[] as permission_list,
|
app_or_knowledge.*,
|
||||||
COALESCE(workspace_user_resource_permission.auth_type,'ROLE') as auth_type
|
CASE
|
||||||
FROM (SELECT "id",
|
WHEN
|
||||||
"name",
|
wurp."permission" is null then 'NOT_AUTH'
|
||||||
'TOOL' AS "auth_target_type",
|
ELSE wurp."permission"
|
||||||
user_id,
|
END
|
||||||
workspace_id,
|
FROM (
|
||||||
icon,
|
SELECT
|
||||||
folder_id
|
"id",
|
||||||
FROM tool
|
"name",
|
||||||
${query_set}
|
'TOOL' AS "auth_target_type",
|
||||||
) app_or_knowledge
|
user_id,
|
||||||
LEFT JOIN (SELECT *
|
workspace_id,
|
||||||
FROM workspace_user_resource_permission
|
icon,
|
||||||
${workspace_user_resource_permission_query_set}) workspace_user_resource_permission
|
folder_id
|
||||||
ON workspace_user_resource_permission.target = app_or_knowledge."id";
|
FROM
|
||||||
|
tool
|
||||||
|
${query_set}
|
||||||
|
) app_or_knowledge
|
||||||
|
LEFT JOIN (
|
||||||
|
SELECT
|
||||||
|
target,
|
||||||
|
CASE
|
||||||
|
WHEN auth_type = 'ROLE'
|
||||||
|
AND 'ROLE' = ANY(permission_list) THEN 'ROLE'
|
||||||
|
WHEN auth_type = 'RESOURCE_PERMISSION_GROUP'
|
||||||
|
AND 'MANAGE' = ANY(permission_list) THEN 'MANAGE'
|
||||||
|
WHEN auth_type = 'RESOURCE_PERMISSION_GROUP'
|
||||||
|
AND 'VIEW' = ANY(permission_list) THEN 'VIEW'
|
||||||
|
ELSE 'NOT_AUTH'
|
||||||
|
END AS permission
|
||||||
|
FROM
|
||||||
|
workspace_user_resource_permission
|
||||||
|
${workspace_user_resource_permission_query_set}
|
||||||
|
) wurp
|
||||||
|
ON wurp.target = app_or_knowledge."id"
|
||||||
|
${resource_query_set}
|
||||||
|
|
||||||
|
|||||||
@ -6,6 +6,7 @@ app_name = "system_manage"
|
|||||||
# @formatter:off
|
# @formatter:off
|
||||||
urlpatterns = [
|
urlpatterns = [
|
||||||
path('workspace/<str:workspace_id>/user_resource_permission/user/<str:user_id>/resource/<str:resource>', views.WorkSpaceUserResourcePermissionView.as_view()),
|
path('workspace/<str:workspace_id>/user_resource_permission/user/<str:user_id>/resource/<str:resource>', views.WorkSpaceUserResourcePermissionView.as_view()),
|
||||||
|
path('workspace/<str:workspace_id>/user_resource_permission/user/<str:user_id>/resource/<str:resource>/<int:current_page>/<int:page_size>', views.WorkSpaceUserResourcePermissionView.Page.as_view()),
|
||||||
path('workspace/<str:workspace_id>/resource_user_permission/resource/<str:target>/resource/<str:resource>', views.WorkspaceResourceUserPermissionView.as_view()),
|
path('workspace/<str:workspace_id>/resource_user_permission/resource/<str:target>/resource/<str:resource>', views.WorkspaceResourceUserPermissionView.as_view()),
|
||||||
path('workspace/<str:workspace_id>/resource_user_permission/resource/<str:target>/resource/<str:resource>/<int:current_page>/<int:page_size>', views.WorkspaceResourceUserPermissionView.Page.as_view()),
|
path('workspace/<str:workspace_id>/resource_user_permission/resource/<str:target>/resource/<str:resource>/<int:current_page>/<int:page_size>', views.WorkspaceResourceUserPermissionView.Page.as_view()),
|
||||||
path('email_setting', views.SystemSetting.Email.as_view()),
|
path('email_setting', views.SystemSetting.Email.as_view()),
|
||||||
|
|||||||
@ -17,9 +17,9 @@ from common.auth import TokenAuth
|
|||||||
from common.auth.authentication import has_permissions
|
from common.auth.authentication import has_permissions
|
||||||
from common.constants.permission_constants import PermissionConstants, RoleConstants, Permission, Group, Operate
|
from common.constants.permission_constants import PermissionConstants, RoleConstants, Permission, Group, Operate
|
||||||
from common.log.log import log
|
from common.log.log import log
|
||||||
from common.result import DefaultResultSerializer
|
|
||||||
from system_manage.api.user_resource_permission import UserResourcePermissionAPI, EditUserResourcePermissionAPI, \
|
from system_manage.api.user_resource_permission import UserResourcePermissionAPI, EditUserResourcePermissionAPI, \
|
||||||
ResourceUserPermissionAPI, ResourceUserPermissionPageAPI, ResourceUserPermissionEditAPI
|
ResourceUserPermissionAPI, ResourceUserPermissionPageAPI, ResourceUserPermissionEditAPI, \
|
||||||
|
UserResourcePermissionPageAPI
|
||||||
from system_manage.serializers.user_resource_permission import UserResourcePermissionSerializer, \
|
from system_manage.serializers.user_resource_permission import UserResourcePermissionSerializer, \
|
||||||
ResourceUserPermissionSerializer
|
ResourceUserPermissionSerializer
|
||||||
from users.models import User
|
from users.models import User
|
||||||
@ -52,15 +52,16 @@ class WorkSpaceUserResourcePermissionView(APIView):
|
|||||||
def get(self, request: Request, workspace_id: str, user_id: str, resource: str):
|
def get(self, request: Request, workspace_id: str, user_id: str, resource: str):
|
||||||
return result.success(UserResourcePermissionSerializer(
|
return result.success(UserResourcePermissionSerializer(
|
||||||
data={'workspace_id': workspace_id, 'user_id': user_id, 'auth_target_type': resource}
|
data={'workspace_id': workspace_id, 'user_id': user_id, 'auth_target_type': resource}
|
||||||
).list(request.user))
|
).list({'name': request.query_params.get('name'),
|
||||||
|
'permission': request.query_params.get('permission')}, request.user))
|
||||||
|
|
||||||
@extend_schema(
|
@extend_schema(
|
||||||
methods=['PUT'],
|
methods=['PUT'],
|
||||||
description=_('Modify the resource authorization list'),
|
description=_('Modify the resource authorization list'),
|
||||||
operation_id=_('Modify the resource authorization list'), # type: ignore
|
operation_id=_('Modify the resource authorization list'), # type: ignore
|
||||||
parameters=UserResourcePermissionAPI.get_parameters(),
|
parameters=EditUserResourcePermissionAPI.get_parameters(),
|
||||||
request=EditUserResourcePermissionAPI.get_request(),
|
request=EditUserResourcePermissionAPI.get_request(),
|
||||||
responses=DefaultResultSerializer(),
|
responses=EditUserResourcePermissionAPI.get_response(),
|
||||||
tags=[_('Resources authorization')] # type: ignore
|
tags=[_('Resources authorization')] # type: ignore
|
||||||
)
|
)
|
||||||
@log(menu='System', operate='Modify the resource authorization list',
|
@log(menu='System', operate='Modify the resource authorization list',
|
||||||
@ -75,6 +76,26 @@ class WorkSpaceUserResourcePermissionView(APIView):
|
|||||||
data={'workspace_id': workspace_id, 'user_id': user_id, 'auth_target_type': resource}
|
data={'workspace_id': workspace_id, 'user_id': user_id, 'auth_target_type': resource}
|
||||||
).edit(request.data, request.user))
|
).edit(request.data, request.user))
|
||||||
|
|
||||||
|
class Page(APIView):
|
||||||
|
authentication_classes = [TokenAuth]
|
||||||
|
|
||||||
|
@extend_schema(
|
||||||
|
methods=['GET'],
|
||||||
|
description=_('Obtain resource authorization list by page'),
|
||||||
|
summary=_('Obtain resource authorization list by page'),
|
||||||
|
operation_id=_('Obtain resource authorization list by page'), # type: ignore
|
||||||
|
request=None,
|
||||||
|
parameters=UserResourcePermissionPageAPI.get_parameters(),
|
||||||
|
responses=UserResourcePermissionPageAPI.get_response(),
|
||||||
|
tags=[_('Resources authorization')] # type: ignore
|
||||||
|
)
|
||||||
|
def get(self, request: Request, workspace_id: str, user_id: str, resource: str, current_page: str,
|
||||||
|
page_size: str):
|
||||||
|
return result.success(UserResourcePermissionSerializer(
|
||||||
|
data={'workspace_id': workspace_id, 'user_id': user_id, 'auth_target_type': resource}
|
||||||
|
).page({'name': request.query_params.get('name'),
|
||||||
|
'permission': request.query_params.get('permission')}, current_page, page_size, request.user))
|
||||||
|
|
||||||
|
|
||||||
class WorkspaceResourceUserPermissionView(APIView):
|
class WorkspaceResourceUserPermissionView(APIView):
|
||||||
authentication_classes = [TokenAuth]
|
authentication_classes = [TokenAuth]
|
||||||
@ -107,7 +128,6 @@ class WorkspaceResourceUserPermissionView(APIView):
|
|||||||
tags=[_('Resources authorization')] # type: ignore
|
tags=[_('Resources authorization')] # type: ignore
|
||||||
)
|
)
|
||||||
def put(self, request: Request, workspace_id: str, target: str, resource: str):
|
def put(self, request: Request, workspace_id: str, target: str, resource: str):
|
||||||
|
|
||||||
return result.success(ResourceUserPermissionSerializer(
|
return result.success(ResourceUserPermissionSerializer(
|
||||||
data={'workspace_id': workspace_id, "target": target, 'auth_target_type': resource, })
|
data={'workspace_id': workspace_id, "target": target, 'auth_target_type': resource, })
|
||||||
.edit(instance=request.data))
|
.edit(instance=request.data))
|
||||||
@ -129,5 +149,6 @@ class WorkspaceResourceUserPermissionView(APIView):
|
|||||||
return result.success(ResourceUserPermissionSerializer(
|
return result.success(ResourceUserPermissionSerializer(
|
||||||
data={'workspace_id': workspace_id, "target": target, 'auth_target_type': resource, }
|
data={'workspace_id': workspace_id, "target": target, 'auth_target_type': resource, }
|
||||||
).page({'username': request.query_params.get("username"),
|
).page({'username': request.query_params.get("username"),
|
||||||
'nick_name': request.query_params.get("nick_name"), 'permission': request.query_params.get("permission")}, current_page, page_size,
|
'nick_name': request.query_params.get("nick_name"),
|
||||||
|
'permission': request.query_params.get("permission")}, current_page, page_size,
|
||||||
))
|
))
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user