fix: System common user permission by role

2025-07-03 18:19:26 +08:00 · 2025-07-03 18:19:26 +08:00 · 97269d5445
commit 97269d5445
parent d93b47d6f5
3 changed files with 16 additions and 7 deletions
--- a/apps/common/auth/authentication.py
+++ b/apps/common/auth/authentication.py
@ -48,7 +48,11 @@ def exist_permissions_by_view_permission(user_role: List[RoleConstants],
    :param permission:       所属权限
    :return:                 是否存在 True False
    """
-    role_ok = any(list(map(lambda ur: permission.roleList.__contains__(ur), user_role)))
+
    role_list =  [user_r(request, kwargs) if callable(user_r) else user_r for user_r in
     permission.roleList]
    role_ok = any(list(map(lambda up: role_list.__contains__(up),
                                 role_list)))
    permission_list = [user_p(request, kwargs) if callable(user_p) else user_p for user_p in
                       permission.permissionList
                       ]
--- a/apps/common/constants/permission_constants.py
+++ b/apps/common/constants/permission_constants.py
@ -396,7 +396,9 @@ class Permission:
        return Permission(group, operate)
    def __str__(self):
-        return self.group.value + ":" + self.operate.value + (
+
        return self.group.value + (
            (":" + self.operate.value) if self.operate.value else '') + (
            (":" + self.resource_path) if self.resource_path is not None else '')
    def __eq__(self, other):
@ -1326,12 +1328,12 @@ class PermissionConstants(Enum):
    def get_workspace_model_permission(self):
        return lambda r, kwargs: Permission(group=self.value.group, operate=self.value.operate,
                                            resource_path=
-                                            f"/WORKSPACE/{kwargs.get('workspace_id')}/MODEL/{kwargs.get('knowledge_id')}")
+                                            f"/WORKSPACE/{kwargs.get('workspace_id')}/MODEL/{kwargs.get('model_id')}")
    def get_workspace_tool_permission(self):
        return lambda r, kwargs: Permission(group=self.value.group, operate=self.value.operate,
                                            resource_path=
-                                            f"/WORKSPACE/{kwargs.get('workspace_id')}/TOOL/{kwargs.get('knowledge_id')}")
+                                            f"/WORKSPACE/{kwargs.get('workspace_id')}/TOOL/{kwargs.get('tool_id')}")
    def get_workspace_permission(self):
        return lambda r, kwargs: Permission(group=self.value.group, operate=self.value.operate,
--- a/apps/tools/views/tool.py
+++ b/apps/tools/views/tool.py
@ -104,8 +104,10 @@ class ToolView(APIView):
            tags=[_('Tool')]  # type: ignore
        )
        @has_permissions(
-            PermissionConstants.TOOL_EDIT.get_workspace_permission(),PermissionConstants.TOOL_EDIT.get_workspace_permission_workspace_manage_role(),
+            PermissionConstants.TOOL_EDIT.get_workspace_permission(),
-            RoleConstants.WORKSPACE_MANAGE.get_workspace_role(), ViewPermission([RoleConstants.USER.get_workspace_role()],
+            PermissionConstants.TOOL_EDIT.get_workspace_permission_workspace_manage_role(),
            RoleConstants.WORKSPACE_MANAGE.get_workspace_role(),
            ViewPermission([RoleConstants.USER.get_workspace_role()],
                                        [PermissionConstants.TOOL.get_workspace_tool_permission()],
                                        CompareConstants.AND),
        )
@ -261,7 +263,8 @@ class ToolView(APIView):
        @has_permissions(
            PermissionConstants.TOOL_CREATE.get_workspace_permission(),
            PermissionConstants.TOOL_EDIT.get_workspace_permission(),
-            RoleConstants.WORKSPACE_MANAGE.get_workspace_role(), RoleConstants.USER.get_workspace_role()
+            RoleConstants.WORKSPACE_MANAGE.get_workspace_role(),
            RoleConstants.USER.get_workspace_role()
        )
        def post(self, request: Request, workspace_id: str):
            return result.success(ToolSerializer.Pylint(