zhuchaowe/maxkb
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add extends role (#3428)

Browse Source
This commit is contained in:
shaohuzhang1 2025-06-30 11:50:59 +08:00 committed by GitHub
parent 4cb694fa65
commit 91e2dd7ea6
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 35 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
apps/common/auth/handle/impl/user_token.py
View File

@ -219,10 +219,26 @@ def get_permission_list(user,
return permission_list return permission_list
def reset_workspace_role(role, workspace_id): system_role_list = [RoleConstants.ADMIN.value.name, RoleConstants.WORKSPACE_MANAGE.value.name,
if role == RoleConstants.ADMIN.value.__str__() or workspace_id is None: RoleConstants.USER.value.name]
return role
return f"{role}:/WORKSPACE/{workspace_id}" system_role = RoleConstants.ADMIN.value.name
def reset_workspace_role(role_id, workspace_id, role_dict):
if system_role_list.__contains__(role_id):
if system_role == role_id:
return role_id
else:
return f"{role_id}:/WORKSPACE/{workspace_id}"
else:
r = role_dict.get(role_id)
if r is not None:
return ''
role_type = role_dict.get(role_id).type
if system_role == role_type:
return RoleConstants.EXTENDS_ADMIN.value.name
return f"EXTENDS_{role_type}:/WORKSPACE/{workspace_id}"
def get_role_list(user, def get_role_list(user,
@ -242,11 +258,14 @@ def get_role_list(user,
if is_query_model: if is_query_model:
# 获取工作空间 用户 角色映射数据 # 获取工作空间 用户 角色映射数据
workspace_user_role_mapping_list = QuerySet(workspace_user_role_mapping_model).filter(user_id=user.id) workspace_user_role_mapping_list = QuerySet(workspace_user_role_mapping_model).filter(user_id=user.id)
role_list = [reset_workspace_role(workspace_user_role_mapping.role_id, role_list = QuerySet(role_model).filter(id__in=[wurm.role_id for wurm in workspace_user_role_mapping_list])
workspace_user_role_mapping.workspace_id) role_dict = {r.id: r for r in role_list}
for role_list = list(set([reset_workspace_role(workspace_user_role_mapping.role_id,
workspace_user_role_mapping in workspace_user_role_mapping.workspace_id,
workspace_user_role_mapping_list] role_dict)
for
workspace_user_role_mapping in
workspace_user_role_mapping_list]))
cache.set(key, workspace_list, version=version) cache.set(key, workspace_list, version=version)
return role_list return role_list
else: else:

4
apps/common/constants/permission_constants.py
View File

@ -255,6 +255,10 @@ class RoleConstants(Enum):
CHAT_ANONYMOUS_USER = Role("CHAT_ANONYMOUS_USER", "对话匿名用户", RoleGroup.CHAT_USER) CHAT_ANONYMOUS_USER = Role("CHAT_ANONYMOUS_USER", "对话匿名用户", RoleGroup.CHAT_USER)
CHAT_USER = Role("CHAT_USER", "对话用户", RoleGroup.CHAT_USER) CHAT_USER = Role("CHAT_USER", "对话用户", RoleGroup.CHAT_USER)
EXTENDS_ADMIN = Role("EXTENDS_ADMIN", '继承超级管理员', RoleGroup.SYSTEM_USER)
EXTENDS_WORKSPACE_MANAGE = Role("EXTENDS_WORKSPACE_MANAGE", "继承工作空间管理员", RoleGroup.CHAT_USER)
EXTENDS_USER = Role("EXTENDS_USER", "继承普通用户", RoleGroup.CHAT_USER)
def get_workspace_role(self): def get_workspace_role(self):
return lambda r, kwargs: Role(name=self.value.name, return lambda r, kwargs: Role(name=self.value.name,
decs=self.value.decs, decs=self.value.decs,

3
ui/src/utils/permission/data.ts
View File

@ -253,6 +253,9 @@ const RoleConst = {
ADMIN: new Role('ADMIN'), ADMIN: new Role('ADMIN'),
WORKSPACE_MANAGE: new Role('WORKSPACE_MANAGE'), WORKSPACE_MANAGE: new Role('WORKSPACE_MANAGE'),
USER: new Role('USER'), USER: new Role('USER'),
EXTENDS_ADMIN: new Role('EXTENDS_ADMIN'),
EXTENDS_WORKSPACE_MANAGE: new Role('EXTENDS_WORKSPACE_MANAGE'),
EXTENDS_USER: new Role('EXTENDS_USER'),
} }
const EditionConst = { const EditionConst = {
IS_PE: new Edition('X-PACK-PE'), IS_PE: new Edition('X-PACK-PE'),