zhuchaowe/maxkb
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Backend permissions for resource authorization

Browse Source
This commit is contained in:
zhangzhanwei 2025-08-18 16:34:36 +08:00 committed by zhanweizhang7
parent ed424428ac
commit 795db14c75
4 changed files with 41 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apps/locales/en_US/LC_MESSAGES/django.po
View File

@ -8659,5 +8659,5 @@ msgstr ""
msgid "The Qwen Omni series model supports inputting multiple modalities of data, including video, audio, images, and text, and outputting audio and text." msgid "The Qwen Omni series model supports inputting multiple modalities of data, including video, audio, images, and text, and outputting audio and text."
msgstr "" msgstr ""
msgid "Resource authorization" msgid "resource authorization"
msgstr "" msgstr ""

2
apps/locales/zh_CN/LC_MESSAGES/django.po
View File

@ -8785,5 +8785,5 @@ msgstr "如果未传递,默认值为 这段音频在说什么,只回答音
msgid "The Qwen Omni series model supports inputting multiple modalities of data, including video, audio, images, and text, and outputting audio and text." msgid "The Qwen Omni series model supports inputting multiple modalities of data, including video, audio, images, and text, and outputting audio and text."
msgstr "Qwen-Omni 系列模型支持输入多种模态的数据,包括视频、音频、图片、文本,并输出音频与文本" msgstr "Qwen-Omni 系列模型支持输入多种模态的数据,包括视频、音频、图片、文本,并输出音频与文本"
msgid "Resource authorization" msgid "resource authorization"
msgstr "资源授权" msgstr "资源授权"

2
apps/locales/zh_Hant/LC_MESSAGES/django.po
View File

@ -8785,5 +8785,5 @@ msgstr "如果未傳遞,預設值為這段音訊在說什麼,只回答音訊
msgid "The Qwen Omni series model supports inputting multiple modalities of data, including video, audio, images, and text, and outputting audio and text." msgid "The Qwen Omni series model supports inputting multiple modalities of data, including video, audio, images, and text, and outputting audio and text."
msgstr "Qwen-Omni系列模型支持輸入多種模態的數據包括視頻、音訊、圖片、文字並輸出音訊與文字" msgstr "Qwen-Omni系列模型支持輸入多種模態的數據包括視頻、音訊、圖片、文字並輸出音訊與文字"
msgid "Resource authorization" msgid "resource authorization"
msgstr "資源授權" msgstr "資源授權"

48
apps/system_manage/views/user_resource_permission.py
View File

@ -15,7 +15,8 @@ from rest_framework.views import APIView
from common import result from common import result
from common.auth import TokenAuth from common.auth import TokenAuth
from common.auth.authentication import has_permissions from common.auth.authentication import has_permissions
from common.constants.permission_constants import PermissionConstants, RoleConstants, Permission, Group, Operate from common.constants.permission_constants import RoleConstants, Permission, Group, Operate, ViewPermission, \
CompareConstants
from common.log.log import log from common.log.log import log
from system_manage.api.user_resource_permission import UserResourcePermissionAPI, EditUserResourcePermissionAPI, \ from system_manage.api.user_resource_permission import UserResourcePermissionAPI, EditUserResourcePermissionAPI, \
ResourceUserPermissionAPI, ResourceUserPermissionPageAPI, ResourceUserPermissionEditAPI, \ ResourceUserPermissionAPI, ResourceUserPermissionPageAPI, ResourceUserPermissionEditAPI, \
@ -114,9 +115,18 @@ class WorkspaceResourceUserPermissionView(APIView):
tags=[_('Resources authorization')] # type: ignore tags=[_('Resources authorization')] # type: ignore
) )
@has_permissions( @has_permissions(
lambda r, kwargs: Permission(group=Group(kwargs.get('resource') + '_RESOURCE_AUTHORIZATION'), lambda r, kwargs: Permission(group=Group(kwargs.get('resource')),
operate=Operate.AUTH), operate=Operate.AUTH,
RoleConstants.ADMIN, RoleConstants.WORKSPACE_MANAGE.get_workspace_role()) resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}/ROLE/WORKSPACE_MANAGE"),
lambda r, kwargs: Permission(group=Group(kwargs.get('resource')),
operate=Operate.AUTH,
resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}/{kwargs.get('resource')}/{kwargs.get('target')}"),
ViewPermission([RoleConstants.USER.get_workspace_role()],
[lambda r, kwargs: Permission(group=Group(kwargs.get('resource')),
operate=Operate.SELF,
resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}/{kwargs.get('resource')}/{kwargs.get('target')}")],
CompareConstants.AND),
RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
def get(self, request: Request, workspace_id: str, target: str, resource: str): def get(self, request: Request, workspace_id: str, target: str, resource: str):
return result.success(ResourceUserPermissionSerializer( return result.success(ResourceUserPermissionSerializer(
data={'workspace_id': workspace_id, "target": target, 'auth_target_type': resource, data={'workspace_id': workspace_id, "target": target, 'auth_target_type': resource,
@ -139,9 +149,18 @@ class WorkspaceResourceUserPermissionView(APIView):
get_operation_object=lambda r, k: get_user_operation_object(k.get('user_id')) get_operation_object=lambda r, k: get_user_operation_object(k.get('user_id'))
) )
@has_permissions( @has_permissions(
lambda r, kwargs: Permission(group=Group(kwargs.get('resource') + '_RESOURCE_AUTHORIZATION'), lambda r, kwargs: Permission(group=Group(kwargs.get('resource')),
operate=Operate.AUTH), operate=Operate.AUTH,
RoleConstants.ADMIN, RoleConstants.WORKSPACE_MANAGE.get_workspace_role()) resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}/ROLE/WORKSPACE_MANAGE"),
lambda r, kwargs: Permission(group=Group(kwargs.get('resource')),
operate=Operate.AUTH,
resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}/{kwargs.get('resource')}/{kwargs.get('target')}"),
ViewPermission([RoleConstants.USER.get_workspace_role()],
[lambda r, kwargs: Permission(group=Group(kwargs.get('resource')),
operate=Operate.SELF,
resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}/{kwargs.get('resource')}/{kwargs.get('target')}")],
CompareConstants.AND),
RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
def put(self, request: Request, workspace_id: str, target: str, resource: str): def put(self, request: Request, workspace_id: str, target: str, resource: str):
return result.success(ResourceUserPermissionSerializer( return result.success(ResourceUserPermissionSerializer(
data={'workspace_id': workspace_id, "target": target, 'auth_target_type': resource, }) data={'workspace_id': workspace_id, "target": target, 'auth_target_type': resource, })
@ -160,9 +179,18 @@ class WorkspaceResourceUserPermissionView(APIView):
tags=[_('Resources authorization')] # type: ignore tags=[_('Resources authorization')] # type: ignore
) )
@has_permissions( @has_permissions(
lambda r, kwargs: Permission(group=Group(kwargs.get('resource') + '_RESOURCE_AUTHORIZATION'), lambda r, kwargs: Permission(group=Group(kwargs.get('resource')),
operate=Operate.AUTH), operate=Operate.AUTH,
RoleConstants.ADMIN, RoleConstants.WORKSPACE_MANAGE.get_workspace_role()) resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}/ROLE/WORKSPACE_MANAGE"),
lambda r, kwargs: Permission(group=Group(kwargs.get('resource')),
operate=Operate.AUTH,
resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}/{kwargs.get('resource')}/{kwargs.get('target')}"),
ViewPermission([RoleConstants.USER.get_workspace_role()],
[lambda r, kwargs: Permission(group=Group(kwargs.get('resource')),
operate=Operate.SELF,
resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}/{kwargs.get('resource')}/{kwargs.get('target')}")],
CompareConstants.AND),
RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
def get(self, request: Request, workspace_id: str, target: str, resource: str, current_page: int, def get(self, request: Request, workspace_id: str, target: str, resource: str, current_page: int,
page_size: int): page_size: int):
return result.success(ResourceUserPermissionSerializer( return result.success(ResourceUserPermissionSerializer(