feat: user resource permission (#3422)
This commit is contained in:
shaohuzhang1
GitHub
parent
873a9a953f
commit
c5bdada6dc
@ -20,7 +20,7 @@ from common.constants.cache_version import Cache_Version
|
|||||||
from common.constants.permission_constants import Auth, PermissionConstants, ResourcePermissionGroup, \
|
from common.constants.permission_constants import Auth, PermissionConstants, ResourcePermissionGroup, \
|
||||||
get_permission_list_by_resource_group, ResourceAuthType, \
|
get_permission_list_by_resource_group, ResourceAuthType, \
|
||||||
ResourcePermissionRole, get_default_role_permission_mapping_list, get_default_workspace_user_role_mapping_list, \
|
ResourcePermissionRole, get_default_role_permission_mapping_list, get_default_workspace_user_role_mapping_list, \
|
||||||
RoleConstants
|
RoleConstants, ResourcePermission, Resource
|
||||||
from common.database_model_manage.database_model_manage import DatabaseModelManage
|
from common.database_model_manage.database_model_manage import DatabaseModelManage
|
||||||
from common.exception.app_exception import AppAuthenticationFailed
|
from common.exception.app_exception import AppAuthenticationFailed
|
||||||
from common.utils.common import group_by
|
from common.utils.common import group_by
|
||||||
@ -132,9 +132,11 @@ def get_workspace_resource_permission_list_by_workspace_user_permission(
|
|||||||
resource_permission_list = [
|
resource_permission_list = [
|
||||||
[
|
[
|
||||||
f"{permission}:/WORKSPACE/{workspace_user_resource_permission.workspace_id}/{workspace_user_resource_permission.auth_target_type}/{workspace_user_resource_permission.target}"
|
f"{permission}:/WORKSPACE/{workspace_user_resource_permission.workspace_id}/{workspace_user_resource_permission.auth_target_type}/{workspace_user_resource_permission.target}"
|
||||||
for permission in get_permission_list_by_resource_group(ResourcePermissionGroup[resource_permission])]
|
for permission in get_permission_list_by_resource_group(
|
||||||
|
ResourcePermissionGroup(Resource(workspace_user_resource_permission.auth_target_type),
|
||||||
|
ResourcePermission(resource_permission)))]
|
||||||
for resource_permission in workspace_user_resource_permission.permission_list if
|
for resource_permission in workspace_user_resource_permission.permission_list if
|
||||||
ResourcePermissionGroup.values.__contains__(resource_permission)]
|
ResourcePermission.values.__contains__(resource_permission)]
|
||||||
# 将二维数组扁平为一维
|
# 将二维数组扁平为一维
|
||||||
return reduce(lambda x, y: [*x, *y], resource_permission_list, [])
|
return reduce(lambda x, y: [*x, *y], resource_permission_list, [])
|
||||||
return []
|
return []
|
||||||
|
|||||||
@ -53,6 +53,11 @@ class Group(Enum):
|
|||||||
|
|
||||||
WORKSPACE_USER_RESOURCE_PERMISSION = "WORKSPACE_USER_RESOURCE_PERMISSION"
|
WORKSPACE_USER_RESOURCE_PERMISSION = "WORKSPACE_USER_RESOURCE_PERMISSION"
|
||||||
|
|
||||||
|
APPLICATION_WORKSPACE_USER_RESOURCE_PERMISSION = "APPLICATION_WORKSPACE_USER_RESOURCE_PERMISSION"
|
||||||
|
KNOWLEDGE_WORKSPACE_USER_RESOURCE_PERMISSION = "KNOWLEDGE_WORKSPACE_USER_RESOURCE_PERMISSION"
|
||||||
|
TOOL_WORKSPACE_USER_RESOURCE_PERMISSION = "TOOL_WORKSPACE_USER_RESOURCE_PERMISSION"
|
||||||
|
MODEL_WORKSPACE_USER_RESOURCE_PERMISSION = "MODEL_WORKSPACE_USER_RESOURCE_PERMISSION"
|
||||||
|
|
||||||
EMAIL_SETTING = "EMAIL_SETTING"
|
EMAIL_SETTING = "EMAIL_SETTING"
|
||||||
ROLE = "ROLE"
|
ROLE = "ROLE"
|
||||||
WORKSPACE_ROLE = "WORKSPACE_ROLE"
|
WORKSPACE_ROLE = "WORKSPACE_ROLE"
|
||||||
@ -169,7 +174,7 @@ class ResourcePermissionRole(models.TextChoices):
|
|||||||
return str(self) == str(other)
|
return str(self) == str(other)
|
||||||
|
|
||||||
|
|
||||||
class ResourcePermissionGroup(models.TextChoices):
|
class ResourcePermission(models.TextChoices):
|
||||||
"""
|
"""
|
||||||
资源权限组
|
资源权限组
|
||||||
"""
|
"""
|
||||||
@ -182,6 +187,36 @@ class ResourcePermissionGroup(models.TextChoices):
|
|||||||
return str(self) == str(other)
|
return str(self) == str(other)
|
||||||
|
|
||||||
|
|
||||||
|
class Resource(models.TextChoices):
|
||||||
|
KNOWLEDGE = Group.KNOWLEDGE.value
|
||||||
|
APPLICATION = Group.APPLICATION.value
|
||||||
|
TOOL = Group.TOOL.value
|
||||||
|
MODEL = Group.MODEL.value
|
||||||
|
|
||||||
|
def __eq__(self, other):
|
||||||
|
return str(self) == str(other)
|
||||||
|
|
||||||
|
|
||||||
|
class ResourcePermissionGroup:
|
||||||
|
def __init__(self, resource: Resource, permission: ResourcePermission):
|
||||||
|
self.permission = permission
|
||||||
|
self.resource = resource
|
||||||
|
|
||||||
|
def __eq__(self, other):
|
||||||
|
return str(self.permission) == str(other.permission) and str(self.resource) == str(other.resource)
|
||||||
|
|
||||||
|
|
||||||
|
class ResourcePermissionConst:
|
||||||
|
KNOWLEDGE_MANGE = ResourcePermissionGroup(Resource.KNOWLEDGE, ResourcePermission.MANAGE)
|
||||||
|
KNOWLEDGE_VIEW = ResourcePermissionGroup(Resource.KNOWLEDGE, ResourcePermission.VIEW)
|
||||||
|
APPLICATION_MANGE = ResourcePermissionGroup(Resource.APPLICATION, ResourcePermission.MANAGE)
|
||||||
|
APPLICATION_VIEW = ResourcePermissionGroup(Resource.APPLICATION, ResourcePermission.VIEW)
|
||||||
|
TOOL_MANGE = ResourcePermissionGroup(Resource.TOOL, ResourcePermission.MANAGE)
|
||||||
|
TOOL_VIEW = ResourcePermissionGroup(Resource.TOOL, ResourcePermission.VIEW)
|
||||||
|
MODEL_MANGE = ResourcePermissionGroup(Resource.MODEL, ResourcePermission.MANAGE)
|
||||||
|
MODEL_VIEW = ResourcePermissionGroup(Resource.MODEL, ResourcePermission.VIEW)
|
||||||
|
|
||||||
|
|
||||||
class ResourceAuthType(models.TextChoices):
|
class ResourceAuthType(models.TextChoices):
|
||||||
"""
|
"""
|
||||||
资源授权类型
|
资源授权类型
|
||||||
@ -376,188 +411,224 @@ class PermissionConstants(Enum):
|
|||||||
|
|
||||||
MODEL_CREATE = Permission(
|
MODEL_CREATE = Permission(
|
||||||
group=Group.MODEL, operate=Operate.CREATE, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
group=Group.MODEL, operate=Operate.CREATE, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||||
parent_group=[WorkspaceGroup.MODEL, UserGroup.MODEL]
|
parent_group=[WorkspaceGroup.MODEL, UserGroup.MODEL],
|
||||||
|
resource_permission_group_list=[ResourcePermissionConst.MODEL_MANGE]
|
||||||
)
|
)
|
||||||
|
|
||||||
MODEL_READ = Permission(
|
MODEL_READ = Permission(
|
||||||
group=Group.MODEL, operate=Operate.READ, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
group=Group.MODEL, operate=Operate.READ, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||||
parent_group=[WorkspaceGroup.MODEL, UserGroup.MODEL]
|
parent_group=[WorkspaceGroup.MODEL, UserGroup.MODEL],
|
||||||
|
resource_permission_group_list=[ResourcePermissionConst.MODEL_VIEW]
|
||||||
)
|
)
|
||||||
|
|
||||||
MODEL_EDIT = Permission(
|
MODEL_EDIT = Permission(
|
||||||
group=Group.MODEL, operate=Operate.EDIT, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
group=Group.MODEL, operate=Operate.EDIT, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||||
parent_group=[WorkspaceGroup.MODEL, UserGroup.MODEL]
|
parent_group=[WorkspaceGroup.MODEL, UserGroup.MODEL],
|
||||||
|
resource_permission_group_list=[ResourcePermissionConst.MODEL_MANGE]
|
||||||
)
|
)
|
||||||
MODEL_DELETE = Permission(
|
MODEL_DELETE = Permission(
|
||||||
group=Group.MODEL, operate=Operate.DELETE, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
group=Group.MODEL, operate=Operate.DELETE, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||||
parent_group=[WorkspaceGroup.MODEL, UserGroup.MODEL]
|
parent_group=[WorkspaceGroup.MODEL, UserGroup.MODEL],
|
||||||
|
resource_permission_group_list=[ResourcePermissionConst.MODEL_MANGE]
|
||||||
)
|
)
|
||||||
TOOL_CREATE = Permission(
|
TOOL_CREATE = Permission(
|
||||||
group=Group.TOOL, operate=Operate.CREATE, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
group=Group.TOOL, operate=Operate.CREATE, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||||
parent_group=[WorkspaceGroup.TOOL, UserGroup.TOOL]
|
parent_group=[WorkspaceGroup.TOOL, UserGroup.TOOL],
|
||||||
|
resource_permission_group_list=[ResourcePermissionConst.TOOL_MANGE]
|
||||||
)
|
)
|
||||||
|
|
||||||
TOOL_EDIT = Permission(
|
TOOL_EDIT = Permission(
|
||||||
group=Group.TOOL, operate=Operate.EDIT, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
group=Group.TOOL, operate=Operate.EDIT, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||||
parent_group=[WorkspaceGroup.TOOL, UserGroup.TOOL]
|
parent_group=[WorkspaceGroup.TOOL, UserGroup.TOOL],
|
||||||
|
resource_permission_group_list=[ResourcePermissionConst.TOOL_MANGE]
|
||||||
)
|
)
|
||||||
|
|
||||||
TOOL_READ = Permission(
|
TOOL_READ = Permission(
|
||||||
group=Group.TOOL, operate=Operate.READ, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
group=Group.TOOL, operate=Operate.READ, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||||
parent_group=[WorkspaceGroup.TOOL, UserGroup.TOOL]
|
parent_group=[WorkspaceGroup.TOOL, UserGroup.TOOL],
|
||||||
|
resource_permission_group_list=[ResourcePermissionConst.TOOL_VIEW]
|
||||||
)
|
)
|
||||||
|
|
||||||
TOOL_DELETE = Permission(
|
TOOL_DELETE = Permission(
|
||||||
group=Group.TOOL, operate=Operate.DELETE, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
group=Group.TOOL, operate=Operate.DELETE, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||||
parent_group=[WorkspaceGroup.TOOL, UserGroup.TOOL]
|
parent_group=[WorkspaceGroup.TOOL, UserGroup.TOOL],
|
||||||
|
resource_permission_group_list=[ResourcePermissionConst.TOOL_MANGE]
|
||||||
)
|
)
|
||||||
|
|
||||||
TOOL_DEBUG = Permission(
|
TOOL_DEBUG = Permission(
|
||||||
group=Group.TOOL, operate=Operate.DEBUG, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
group=Group.TOOL, operate=Operate.DEBUG, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||||
parent_group=[WorkspaceGroup.TOOL, UserGroup.TOOL]
|
parent_group=[WorkspaceGroup.TOOL, UserGroup.TOOL],
|
||||||
|
resource_permission_group_list=[ResourcePermissionConst.TOOL_MANGE]
|
||||||
)
|
)
|
||||||
TOOL_IMPORT = Permission(
|
TOOL_IMPORT = Permission(
|
||||||
group=Group.TOOL, operate=Operate.IMPORT, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
group=Group.TOOL, operate=Operate.IMPORT, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||||
parent_group=[WorkspaceGroup.TOOL, UserGroup.TOOL]
|
parent_group=[WorkspaceGroup.TOOL, UserGroup.TOOL],
|
||||||
|
resource_permission_group_list=[ResourcePermissionConst.TOOL_MANGE]
|
||||||
)
|
)
|
||||||
TOOL_EXPORT = Permission(
|
TOOL_EXPORT = Permission(
|
||||||
group=Group.TOOL, operate=Operate.EXPORT, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
group=Group.TOOL, operate=Operate.EXPORT, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||||
parent_group=[WorkspaceGroup.TOOL, UserGroup.TOOL]
|
parent_group=[WorkspaceGroup.TOOL, UserGroup.TOOL],
|
||||||
|
resource_permission_group_list=[ResourcePermissionConst.TOOL_MANGE]
|
||||||
)
|
)
|
||||||
KNOWLEDGE_READ = Permission(
|
KNOWLEDGE_READ = Permission(
|
||||||
group=Group.KNOWLEDGE, operate=Operate.READ, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
group=Group.KNOWLEDGE, operate=Operate.READ, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||||
resource_permission_group_list=[ResourcePermissionGroup.VIEW],
|
resource_permission_group_list=[ResourcePermissionConst.KNOWLEDGE_VIEW],
|
||||||
parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE]
|
parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE]
|
||||||
)
|
)
|
||||||
KNOWLEDGE_CREATE = Permission(
|
KNOWLEDGE_CREATE = Permission(
|
||||||
group=Group.KNOWLEDGE, operate=Operate.CREATE, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
group=Group.KNOWLEDGE, operate=Operate.CREATE, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||||
resource_permission_group_list=[ResourcePermissionGroup.VIEW],
|
resource_permission_group_list=[ResourcePermissionConst.KNOWLEDGE_VIEW],
|
||||||
parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE]
|
parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE]
|
||||||
)
|
)
|
||||||
KNOWLEDGE_EDIT = Permission(
|
KNOWLEDGE_EDIT = Permission(
|
||||||
group=Group.KNOWLEDGE, operate=Operate.EDIT, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
group=Group.KNOWLEDGE, operate=Operate.EDIT, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||||
resource_permission_group_list=[ResourcePermissionGroup.MANAGE],
|
resource_permission_group_list=[ResourcePermissionConst.KNOWLEDGE_MANGE],
|
||||||
parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE]
|
parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE]
|
||||||
)
|
)
|
||||||
KNOWLEDGE_DELETE = Permission(
|
KNOWLEDGE_DELETE = Permission(
|
||||||
group=Group.KNOWLEDGE, operate=Operate.DELETE, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
group=Group.KNOWLEDGE, operate=Operate.DELETE, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||||
resource_permission_group_list=[ResourcePermissionGroup.MANAGE],
|
resource_permission_group_list=[ResourcePermissionConst.KNOWLEDGE_MANGE],
|
||||||
parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE]
|
parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE]
|
||||||
)
|
)
|
||||||
KNOWLEDGE_SYNC = Permission(
|
KNOWLEDGE_SYNC = Permission(
|
||||||
group=Group.KNOWLEDGE, operate=Operate.SYNC, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
group=Group.KNOWLEDGE, operate=Operate.SYNC, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||||
resource_permission_group_list=[ResourcePermissionGroup.MANAGE],
|
resource_permission_group_list=[ResourcePermissionConst.KNOWLEDGE_MANGE],
|
||||||
parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE]
|
parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE]
|
||||||
)
|
)
|
||||||
KNOWLEDGE_EXPORT = Permission(
|
KNOWLEDGE_EXPORT = Permission(
|
||||||
group=Group.KNOWLEDGE, operate=Operate.EXPORT, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
group=Group.KNOWLEDGE, operate=Operate.EXPORT, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||||
resource_permission_group_list=[ResourcePermissionGroup.MANAGE],
|
resource_permission_group_list=[ResourcePermissionConst.KNOWLEDGE_MANGE],
|
||||||
parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE]
|
parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE]
|
||||||
)
|
)
|
||||||
KNOWLEDGE_VECTOR = Permission(
|
KNOWLEDGE_VECTOR = Permission(
|
||||||
group=Group.KNOWLEDGE, operate=Operate.VECTOR, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
group=Group.KNOWLEDGE, operate=Operate.VECTOR, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||||
resource_permission_group_list=[ResourcePermissionGroup.MANAGE],
|
resource_permission_group_list=[ResourcePermissionConst.KNOWLEDGE_MANGE],
|
||||||
parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE]
|
parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE]
|
||||||
)
|
)
|
||||||
KNOWLEDGE_GENERATE = Permission(
|
KNOWLEDGE_GENERATE = Permission(
|
||||||
group=Group.KNOWLEDGE, operate=Operate.GENERATE, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
group=Group.KNOWLEDGE, operate=Operate.GENERATE, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||||
resource_permission_group_list=[ResourcePermissionGroup.MANAGE],
|
resource_permission_group_list=[ResourcePermissionConst.KNOWLEDGE_MANGE],
|
||||||
parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE]
|
parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE]
|
||||||
)
|
)
|
||||||
KNOWLEDGE_DOCUMENT_READ = Permission(
|
KNOWLEDGE_DOCUMENT_READ = Permission(
|
||||||
group=Group.KNOWLEDGE_DOCUMENT, operate=Operate.READ,
|
group=Group.KNOWLEDGE_DOCUMENT, operate=Operate.READ,
|
||||||
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||||
resource_permission_group_list=[ResourcePermissionGroup.VIEW],
|
resource_permission_group_list=[ResourcePermissionConst.KNOWLEDGE_VIEW],
|
||||||
parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE]
|
parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE]
|
||||||
)
|
)
|
||||||
KNOWLEDGE_DOCUMENT_CREATE = Permission(
|
KNOWLEDGE_DOCUMENT_CREATE = Permission(
|
||||||
group=Group.KNOWLEDGE_DOCUMENT, operate=Operate.CREATE,
|
group=Group.KNOWLEDGE_DOCUMENT, operate=Operate.CREATE,
|
||||||
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||||
resource_permission_group_list=[ResourcePermissionGroup.MANAGE],
|
resource_permission_group_list=[ResourcePermissionConst.KNOWLEDGE_MANGE],
|
||||||
parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE]
|
parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE]
|
||||||
)
|
)
|
||||||
KNOWLEDGE_DOCUMENT_EDIT = Permission(
|
KNOWLEDGE_DOCUMENT_EDIT = Permission(
|
||||||
group=Group.KNOWLEDGE_DOCUMENT, operate=Operate.EDIT, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
group=Group.KNOWLEDGE_DOCUMENT, operate=Operate.EDIT, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||||
resource_permission_group_list=[ResourcePermissionGroup.MANAGE],
|
resource_permission_group_list=[ResourcePermissionConst.KNOWLEDGE_MANGE],
|
||||||
parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE]
|
parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE]
|
||||||
)
|
)
|
||||||
KNOWLEDGE_DOCUMENT_DELETE = Permission(
|
KNOWLEDGE_DOCUMENT_DELETE = Permission(
|
||||||
group=Group.KNOWLEDGE_DOCUMENT, operate=Operate.DELETE, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
group=Group.KNOWLEDGE_DOCUMENT, operate=Operate.DELETE, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||||
resource_permission_group_list=[ResourcePermissionGroup.MANAGE],
|
resource_permission_group_list=[ResourcePermissionConst.KNOWLEDGE_MANGE],
|
||||||
parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE]
|
parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE]
|
||||||
)
|
)
|
||||||
KNOWLEDGE_DOCUMENT_SYNC = Permission(
|
KNOWLEDGE_DOCUMENT_SYNC = Permission(
|
||||||
group=Group.KNOWLEDGE_DOCUMENT, operate=Operate.SYNC, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
group=Group.KNOWLEDGE_DOCUMENT, operate=Operate.SYNC, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||||
resource_permission_group_list=[ResourcePermissionGroup.MANAGE],
|
resource_permission_group_list=[ResourcePermissionConst.KNOWLEDGE_MANGE],
|
||||||
parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE]
|
parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE]
|
||||||
)
|
)
|
||||||
KNOWLEDGE_DOCUMENT_EXPORT = Permission(
|
KNOWLEDGE_DOCUMENT_EXPORT = Permission(
|
||||||
group=Group.KNOWLEDGE_DOCUMENT, operate=Operate.EXPORT,
|
group=Group.KNOWLEDGE_DOCUMENT, operate=Operate.EXPORT,
|
||||||
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||||
resource_permission_group_list=[ResourcePermissionGroup.MANAGE],
|
resource_permission_group_list=[ResourcePermissionConst.KNOWLEDGE_MANGE],
|
||||||
parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE]
|
parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE]
|
||||||
)
|
)
|
||||||
KNOWLEDGE_DOCUMENT_DOWNLOAD_SOURCE_FILE = Permission(
|
KNOWLEDGE_DOCUMENT_DOWNLOAD_SOURCE_FILE = Permission(
|
||||||
group=Group.KNOWLEDGE_DOCUMENT, operate=Operate.DOWNLOAD,
|
group=Group.KNOWLEDGE_DOCUMENT, operate=Operate.DOWNLOAD,
|
||||||
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||||
resource_permission_group_list=[ResourcePermissionGroup.MANAGE],
|
resource_permission_group_list=[ResourcePermissionConst.KNOWLEDGE_MANGE],
|
||||||
parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE]
|
parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE]
|
||||||
)
|
)
|
||||||
KNOWLEDGE_DOCUMENT_GENERATE = Permission(
|
KNOWLEDGE_DOCUMENT_GENERATE = Permission(
|
||||||
group=Group.KNOWLEDGE_DOCUMENT, operate=Operate.GENERATE,
|
group=Group.KNOWLEDGE_DOCUMENT, operate=Operate.GENERATE,
|
||||||
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||||
resource_permission_group_list=[ResourcePermissionGroup.MANAGE],
|
resource_permission_group_list=[ResourcePermissionConst.KNOWLEDGE_MANGE],
|
||||||
parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE]
|
parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE]
|
||||||
)
|
)
|
||||||
KNOWLEDGE_DOCUMENT_VECTOR = Permission(
|
KNOWLEDGE_DOCUMENT_VECTOR = Permission(
|
||||||
group=Group.KNOWLEDGE_DOCUMENT, operate=Operate.VECTOR,
|
group=Group.KNOWLEDGE_DOCUMENT, operate=Operate.VECTOR,
|
||||||
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||||
resource_permission_group_list=[ResourcePermissionGroup.MANAGE],
|
resource_permission_group_list=[ResourcePermissionConst.KNOWLEDGE_MANGE],
|
||||||
parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE]
|
parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE]
|
||||||
)
|
)
|
||||||
KNOWLEDGE_DOCUMENT_MIGRATE = Permission(
|
KNOWLEDGE_DOCUMENT_MIGRATE = Permission(
|
||||||
group=Group.KNOWLEDGE_DOCUMENT, operate=Operate.MIGRATE,
|
group=Group.KNOWLEDGE_DOCUMENT, operate=Operate.MIGRATE,
|
||||||
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||||
resource_permission_group_list=[ResourcePermissionGroup.MANAGE],
|
resource_permission_group_list=[ResourcePermissionConst.KNOWLEDGE_MANGE],
|
||||||
parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE]
|
parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE]
|
||||||
)
|
)
|
||||||
|
|
||||||
KNOWLEDGE_PROBLEM_READ = Permission(
|
KNOWLEDGE_PROBLEM_READ = Permission(
|
||||||
group=Group.KNOWLEDGE_PROBLEM, operate=Operate.READ,
|
group=Group.KNOWLEDGE_PROBLEM, operate=Operate.READ,
|
||||||
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||||
resource_permission_group_list=[ResourcePermissionGroup.VIEW],
|
resource_permission_group_list=[ResourcePermissionConst.KNOWLEDGE_VIEW],
|
||||||
parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE]
|
parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE]
|
||||||
)
|
)
|
||||||
KNOWLEDGE_PROBLEM_CREATE = Permission(
|
KNOWLEDGE_PROBLEM_CREATE = Permission(
|
||||||
group=Group.KNOWLEDGE_PROBLEM, operate=Operate.CREATE,
|
group=Group.KNOWLEDGE_PROBLEM, operate=Operate.CREATE,
|
||||||
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||||
resource_permission_group_list=[ResourcePermissionGroup.MANAGE],
|
resource_permission_group_list=[ResourcePermissionConst.KNOWLEDGE_MANGE],
|
||||||
parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE]
|
parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE]
|
||||||
)
|
)
|
||||||
KNOWLEDGE_PROBLEM_EDIT = Permission(
|
KNOWLEDGE_PROBLEM_EDIT = Permission(
|
||||||
group=Group.KNOWLEDGE_PROBLEM, operate=Operate.EDIT, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
group=Group.KNOWLEDGE_PROBLEM, operate=Operate.EDIT, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||||
resource_permission_group_list=[ResourcePermissionGroup.MANAGE],
|
resource_permission_group_list=[ResourcePermissionConst.KNOWLEDGE_MANGE],
|
||||||
parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE]
|
parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE]
|
||||||
)
|
)
|
||||||
KNOWLEDGE_PROBLEM_DELETE = Permission(
|
KNOWLEDGE_PROBLEM_DELETE = Permission(
|
||||||
group=Group.KNOWLEDGE_PROBLEM, operate=Operate.DELETE, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
group=Group.KNOWLEDGE_PROBLEM, operate=Operate.DELETE, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||||
resource_permission_group_list=[ResourcePermissionGroup.MANAGE],
|
resource_permission_group_list=[ResourcePermissionConst.KNOWLEDGE_MANGE],
|
||||||
parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE]
|
parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE]
|
||||||
)
|
)
|
||||||
KNOWLEDGE_PROBLEM_RELATE = Permission(
|
KNOWLEDGE_PROBLEM_RELATE = Permission(
|
||||||
group=Group.KNOWLEDGE_PROBLEM, operate=Operate.RELATE,
|
group=Group.KNOWLEDGE_PROBLEM, operate=Operate.RELATE,
|
||||||
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||||
resource_permission_group_list=[ResourcePermissionGroup.MANAGE],
|
resource_permission_group_list=[ResourcePermissionConst.KNOWLEDGE_MANGE],
|
||||||
parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE]
|
parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE]
|
||||||
)
|
)
|
||||||
WORKSPACE_USER_RESOURCE_PERMISSION_READ = Permission(
|
APPLICATION_WORKSPACE_USER_RESOURCE_PERMISSION_READ = Permission(
|
||||||
group=Group.WORKSPACE_USER_RESOURCE_PERMISSION, operate=Operate.READ,
|
group=Group.APPLICATION_WORKSPACE_USER_RESOURCE_PERMISSION, operate=Operate.READ,
|
||||||
role_list=[RoleConstants.ADMIN, RoleConstants.WORKSPACE_MANAGE]
|
role_list=[RoleConstants.ADMIN, RoleConstants.WORKSPACE_MANAGE]
|
||||||
)
|
)
|
||||||
WORKSPACE_USER_RESOURCE_PERMISSION_EDIT = Permission(
|
APPLICATION_WORKSPACE_USER_RESOURCE_PERMISSION_EDIT = Permission(
|
||||||
group=Group.WORKSPACE_USER_RESOURCE_PERMISSION, operate=Operate.EDIT,
|
group=Group.APPLICATION_WORKSPACE_USER_RESOURCE_PERMISSION, operate=Operate.EDIT,
|
||||||
role_list=[RoleConstants.ADMIN, RoleConstants.WORKSPACE_MANAGE]
|
role_list=[RoleConstants.ADMIN, RoleConstants.WORKSPACE_MANAGE]
|
||||||
)
|
)
|
||||||
|
KNOWLEDGE_WORKSPACE_USER_RESOURCE_PERMISSION_READ = Permission(
|
||||||
|
group=Group.KNOWLEDGE_WORKSPACE_USER_RESOURCE_PERMISSION, operate=Operate.READ,
|
||||||
|
role_list=[RoleConstants.ADMIN, RoleConstants.WORKSPACE_MANAGE]
|
||||||
|
)
|
||||||
|
KNOWLEDGE_WORKSPACE_USER_RESOURCE_PERMISSION_EDIT = Permission(
|
||||||
|
group=Group.KNOWLEDGE_WORKSPACE_USER_RESOURCE_PERMISSION, operate=Operate.EDIT,
|
||||||
|
role_list=[RoleConstants.ADMIN, RoleConstants.WORKSPACE_MANAGE]
|
||||||
|
)
|
||||||
|
TOOL_WORKSPACE_USER_RESOURCE_PERMISSION_READ = Permission(
|
||||||
|
group=Group.TOOL_WORKSPACE_USER_RESOURCE_PERMISSION, operate=Operate.READ,
|
||||||
|
role_list=[RoleConstants.ADMIN, RoleConstants.WORKSPACE_MANAGE]
|
||||||
|
)
|
||||||
|
TOOL_WORKSPACE_USER_RESOURCE_PERMISSION_EDIT = Permission(
|
||||||
|
group=Group.TOOL_WORKSPACE_USER_RESOURCE_PERMISSION, operate=Operate.EDIT,
|
||||||
|
role_list=[RoleConstants.ADMIN, RoleConstants.WORKSPACE_MANAGE]
|
||||||
|
)
|
||||||
|
MODEL_WORKSPACE_USER_RESOURCE_PERMISSION_READ = Permission(
|
||||||
|
group=Group.MODEL_WORKSPACE_USER_RESOURCE_PERMISSION, operate=Operate.READ,
|
||||||
|
role_list=[RoleConstants.ADMIN, RoleConstants.WORKSPACE_MANAGE]
|
||||||
|
)
|
||||||
|
MODEL_WORKSPACE_USER_RESOURCE_PERMISSION_EDIT = Permission(
|
||||||
|
group=Group.MODEL_WORKSPACE_USER_RESOURCE_PERMISSION, operate=Operate.EDIT,
|
||||||
|
role_list=[RoleConstants.ADMIN, RoleConstants.WORKSPACE_MANAGE]
|
||||||
|
)
|
||||||
|
|
||||||
EMAIL_SETTING_READ = Permission(
|
EMAIL_SETTING_READ = Permission(
|
||||||
group=Group.EMAIL_SETTING, operate=Operate.READ, role_list=[RoleConstants.ADMIN],
|
group=Group.EMAIL_SETTING, operate=Operate.READ, role_list=[RoleConstants.ADMIN],
|
||||||
parent_group=[SystemGroup.SYSTEM_SETTING]
|
parent_group=[SystemGroup.SYSTEM_SETTING]
|
||||||
@ -651,141 +722,146 @@ class PermissionConstants(Enum):
|
|||||||
APPLICATION_READ = Permission(group=Group.APPLICATION, operate=Operate.READ,
|
APPLICATION_READ = Permission(group=Group.APPLICATION, operate=Operate.READ,
|
||||||
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||||
parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
|
parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
|
||||||
resource_permission_group_list=[ResourcePermissionGroup.VIEW],
|
resource_permission_group_list=[ResourcePermissionConst.APPLICATION_VIEW],
|
||||||
)
|
)
|
||||||
APPLICATION_TO_CHAT = Permission(group=Group.APPLICATION, operate=Operate.TO_CHAT,
|
APPLICATION_TO_CHAT = Permission(group=Group.APPLICATION, operate=Operate.TO_CHAT,
|
||||||
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||||
parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
|
parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
|
||||||
resource_permission_group_list=[ResourcePermissionGroup.MANAGE],
|
resource_permission_group_list=[ResourcePermissionConst.APPLICATION_MANGE],
|
||||||
label=_('Chat')
|
label=_('Chat')
|
||||||
)
|
)
|
||||||
APPLICATION_DEBUG = Permission(group=Group.APPLICATION, operate=Operate.DEBUG,
|
APPLICATION_DEBUG = Permission(group=Group.APPLICATION, operate=Operate.DEBUG,
|
||||||
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||||
parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
|
parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
|
||||||
resource_permission_group_list=[ResourcePermissionGroup.MANAGE],
|
resource_permission_group_list=[ResourcePermissionConst.APPLICATION_MANGE],
|
||||||
)
|
)
|
||||||
|
|
||||||
APPLICATION_SETTING = Permission(group=Group.APPLICATION, operate=Operate.SETTING,
|
APPLICATION_SETTING = Permission(group=Group.APPLICATION, operate=Operate.SETTING,
|
||||||
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||||
parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
|
parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
|
||||||
resource_permission_group_list=[ResourcePermissionGroup.MANAGE],
|
resource_permission_group_list=[ResourcePermissionConst.APPLICATION_MANGE],
|
||||||
label=_('Setting')
|
label=_('Setting')
|
||||||
)
|
)
|
||||||
|
|
||||||
APPLICATION_CREATE = Permission(group=Group.APPLICATION, operate=Operate.CREATE,
|
APPLICATION_CREATE = Permission(group=Group.APPLICATION, operate=Operate.CREATE,
|
||||||
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||||
parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
|
parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
|
||||||
resource_permission_group_list=[ResourcePermissionGroup.MANAGE],
|
resource_permission_group_list=[ResourcePermissionConst.APPLICATION_MANGE],
|
||||||
)
|
)
|
||||||
APPLICATION_IMPORT = Permission(group=Group.APPLICATION, operate=Operate.IMPORT,
|
APPLICATION_IMPORT = Permission(group=Group.APPLICATION, operate=Operate.IMPORT,
|
||||||
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||||
parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
|
parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
|
||||||
resource_permission_group_list=[ResourcePermissionGroup.MANAGE]
|
resource_permission_group_list=[ResourcePermissionConst.APPLICATION_MANGE]
|
||||||
)
|
)
|
||||||
APPLICATION_EXPORT = Permission(group=Group.APPLICATION, operate=Operate.EXPORT,
|
APPLICATION_EXPORT = Permission(group=Group.APPLICATION, operate=Operate.EXPORT,
|
||||||
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||||
resource_permission_group_list=[ResourcePermissionGroup.MANAGE],
|
resource_permission_group_list=[ResourcePermissionConst.APPLICATION_MANGE],
|
||||||
parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
|
parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
|
||||||
)
|
)
|
||||||
|
|
||||||
APPLICATION_DELETE = Permission(group=Group.APPLICATION, operate=Operate.DELETE,
|
APPLICATION_DELETE = Permission(group=Group.APPLICATION, operate=Operate.DELETE,
|
||||||
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||||
parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
|
parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
|
||||||
resource_permission_group_list=[ResourcePermissionGroup.MANAGE],
|
resource_permission_group_list=[ResourcePermissionConst.APPLICATION_MANGE],
|
||||||
)
|
)
|
||||||
APPLICATION_EDIT = Permission(group=Group.APPLICATION, operate=Operate.EDIT,
|
APPLICATION_EDIT = Permission(group=Group.APPLICATION, operate=Operate.EDIT,
|
||||||
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||||
parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
|
parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
|
||||||
resource_permission_group_list=[ResourcePermissionGroup.MANAGE],
|
resource_permission_group_list=[ResourcePermissionConst.APPLICATION_MANGE],
|
||||||
)
|
)
|
||||||
|
|
||||||
APPLICATION_OVERVIEW_READ = Permission(group=Group.APPLICATION_OVERVIEW, operate=Operate.READ,
|
APPLICATION_OVERVIEW_READ = Permission(group=Group.APPLICATION_OVERVIEW, operate=Operate.READ,
|
||||||
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||||
parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
|
parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
|
||||||
resource_permission_group_list=[ResourcePermissionGroup.VIEW],
|
resource_permission_group_list=[ResourcePermissionConst.APPLICATION_VIEW],
|
||||||
)
|
)
|
||||||
|
|
||||||
APPLICATION_OVERVIEW_EMBED = Permission(group=Group.APPLICATION_OVERVIEW, operate=Operate.EMBED,
|
APPLICATION_OVERVIEW_EMBED = Permission(group=Group.APPLICATION_OVERVIEW, operate=Operate.EMBED,
|
||||||
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||||
parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
|
parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
|
||||||
resource_permission_group_list=[ResourcePermissionGroup.MANAGE],
|
resource_permission_group_list=[ResourcePermissionConst.APPLICATION_MANGE],
|
||||||
|
|
||||||
)
|
)
|
||||||
|
|
||||||
APPLICATION_OVERVIEW_ACCESS = Permission(group=Group.APPLICATION_OVERVIEW, operate=Operate.ACCESS,
|
APPLICATION_OVERVIEW_ACCESS = Permission(group=Group.APPLICATION_OVERVIEW, operate=Operate.ACCESS,
|
||||||
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||||
parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
|
parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
|
||||||
resource_permission_group_list=[ResourcePermissionGroup.MANAGE],
|
resource_permission_group_list=[ResourcePermissionConst.APPLICATION_MANGE],
|
||||||
|
|
||||||
)
|
)
|
||||||
APPLICATION_OVERVIEW_DISPLAY = Permission(group=Group.APPLICATION_OVERVIEW, operate=Operate.DISPLAY,
|
APPLICATION_OVERVIEW_DISPLAY = Permission(group=Group.APPLICATION_OVERVIEW, operate=Operate.DISPLAY,
|
||||||
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||||
parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
|
parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
|
||||||
resource_permission_group_list=[ResourcePermissionGroup.MANAGE],
|
resource_permission_group_list=[
|
||||||
|
ResourcePermissionConst.APPLICATION_MANGE],
|
||||||
|
|
||||||
)
|
)
|
||||||
APPLICATION_OVERVIEW_API_KEY = Permission(group=Group.APPLICATION_OVERVIEW, operate=Operate.API_KET,
|
APPLICATION_OVERVIEW_API_KEY = Permission(group=Group.APPLICATION_OVERVIEW, operate=Operate.API_KET,
|
||||||
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||||
parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
|
parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
|
||||||
resource_permission_group_list=[ResourcePermissionGroup.MANAGE],
|
resource_permission_group_list=[
|
||||||
|
ResourcePermissionConst.APPLICATION_MANGE],
|
||||||
|
|
||||||
)
|
)
|
||||||
APPLICATION_OVERVIEW_PUBLIC = Permission(group=Group.APPLICATION_OVERVIEW, operate=Operate.PUBLIC_ACCESS,
|
APPLICATION_OVERVIEW_PUBLIC = Permission(group=Group.APPLICATION_OVERVIEW, operate=Operate.PUBLIC_ACCESS,
|
||||||
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||||
parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
|
parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
|
||||||
resource_permission_group_list=[ResourcePermissionGroup.MANAGE],
|
resource_permission_group_list=[ResourcePermissionConst.APPLICATION_MANGE],
|
||||||
|
|
||||||
)
|
)
|
||||||
# 应用接入
|
# 应用接入
|
||||||
APPLICATION_ACCESS_READ = Permission(group=Group.APPLICATION_ACCESS, operate=Operate.READ,
|
APPLICATION_ACCESS_READ = Permission(group=Group.APPLICATION_ACCESS, operate=Operate.READ,
|
||||||
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||||
parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
|
parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
|
||||||
resource_permission_group_list=[ResourcePermissionGroup.VIEW],
|
resource_permission_group_list=[ResourcePermissionConst.APPLICATION_VIEW],
|
||||||
|
|
||||||
)
|
)
|
||||||
APPLICATION_ACCESS_EDIT = Permission(group=Group.APPLICATION_ACCESS, operate=Operate.EDIT,
|
APPLICATION_ACCESS_EDIT = Permission(group=Group.APPLICATION_ACCESS, operate=Operate.EDIT,
|
||||||
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||||
parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
|
parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
|
||||||
resource_permission_group_list=[ResourcePermissionGroup.MANAGE])
|
resource_permission_group_list=[ResourcePermissionConst.APPLICATION_MANGE])
|
||||||
|
|
||||||
APPLICATION_CHAT_USER_READ = Permission(group=Group.APPLICATION_CHAT_USER, operate=Operate.READ,
|
APPLICATION_CHAT_USER_READ = Permission(group=Group.APPLICATION_CHAT_USER, operate=Operate.READ,
|
||||||
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||||
parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
|
parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
|
||||||
resource_permission_group_list=[ResourcePermissionGroup.MANAGE],
|
resource_permission_group_list=[ResourcePermissionConst.APPLICATION_MANGE],
|
||||||
)
|
)
|
||||||
APPLICATION_CHAT_USER_EDIT = Permission(group=Group.APPLICATION_CHAT_USER, operate=Operate.EDIT,
|
APPLICATION_CHAT_USER_EDIT = Permission(group=Group.APPLICATION_CHAT_USER, operate=Operate.EDIT,
|
||||||
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||||
parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
|
parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
|
||||||
resource_permission_group_list=[ResourcePermissionGroup.MANAGE],
|
resource_permission_group_list=[ResourcePermissionConst.APPLICATION_MANGE],
|
||||||
)
|
)
|
||||||
|
|
||||||
APPLICATION_CHAT_LOG_READ = Permission(group=Group.APPLICATION_CHAT_LOG, operate=Operate.READ,
|
APPLICATION_CHAT_LOG_READ = Permission(group=Group.APPLICATION_CHAT_LOG, operate=Operate.READ,
|
||||||
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||||
parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
|
parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
|
||||||
resource_permission_group_list=[ResourcePermissionGroup.MANAGE],
|
resource_permission_group_list=[ResourcePermissionConst.APPLICATION_MANGE],
|
||||||
)
|
)
|
||||||
|
|
||||||
APPLICATION_CHAT_LOG_ANNOTATION = Permission(group=Group.APPLICATION_CHAT_LOG, operate=Operate.ANNOTATION,
|
APPLICATION_CHAT_LOG_ANNOTATION = Permission(group=Group.APPLICATION_CHAT_LOG, operate=Operate.ANNOTATION,
|
||||||
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||||
parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
|
parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
|
||||||
resource_permission_group_list=[ResourcePermissionGroup.MANAGE],
|
resource_permission_group_list=[
|
||||||
|
ResourcePermissionConst.APPLICATION_MANGE],
|
||||||
)
|
)
|
||||||
|
|
||||||
APPLICATION_CHAT_LOG_EXPORT = Permission(group=Group.APPLICATION_CHAT_LOG, operate=Operate.EXPORT,
|
APPLICATION_CHAT_LOG_EXPORT = Permission(group=Group.APPLICATION_CHAT_LOG, operate=Operate.EXPORT,
|
||||||
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||||
parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
|
parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
|
||||||
resource_permission_group_list=[ResourcePermissionGroup.MANAGE],
|
resource_permission_group_list=[ResourcePermissionConst.APPLICATION_MANGE],
|
||||||
)
|
)
|
||||||
|
|
||||||
APPLICATION_CHAT_LOG_CLEAR_POLICY = Permission(group=Group.APPLICATION_CHAT_LOG, operate=Operate.CLEAR_POLICY,
|
APPLICATION_CHAT_LOG_CLEAR_POLICY = Permission(group=Group.APPLICATION_CHAT_LOG, operate=Operate.CLEAR_POLICY,
|
||||||
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||||
parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
|
parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
|
||||||
resource_permission_group_list=[ResourcePermissionGroup.MANAGE],
|
resource_permission_group_list=[
|
||||||
|
ResourcePermissionConst.APPLICATION_MANGE],
|
||||||
)
|
)
|
||||||
APPLICATION_CHAT_LOG_ADD_KNOWLEDGE = Permission(group=Group.APPLICATION_CHAT_LOG, operate=Operate.ADD_KNOWLEDGE,
|
APPLICATION_CHAT_LOG_ADD_KNOWLEDGE = Permission(group=Group.APPLICATION_CHAT_LOG, operate=Operate.ADD_KNOWLEDGE,
|
||||||
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
|
||||||
parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
|
parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
|
||||||
resource_permission_group_list=[ResourcePermissionGroup.MANAGE],
|
resource_permission_group_list=[
|
||||||
|
ResourcePermissionConst.APPLICATION_MANGE],
|
||||||
)
|
)
|
||||||
|
|
||||||
ABOUT_READ = Permission(group=Group.OTHER, operate=Operate.READ,
|
ABOUT_READ = Permission(group=Group.OTHER, operate=Operate.READ,
|
||||||
@ -1183,6 +1259,7 @@ class PermissionConstants(Enum):
|
|||||||
group=Group.OPERATION_LOG, operate=Operate.EXPORT, role_list=[RoleConstants.ADMIN],
|
group=Group.OPERATION_LOG, operate=Operate.EXPORT, role_list=[RoleConstants.ADMIN],
|
||||||
parent_group=[SystemGroup.OPERATION_LOG]
|
parent_group=[SystemGroup.OPERATION_LOG]
|
||||||
)
|
)
|
||||||
|
|
||||||
def get_workspace_application_permission(self):
|
def get_workspace_application_permission(self):
|
||||||
return lambda r, kwargs: Permission(group=self.value.group, operate=self.value.operate,
|
return lambda r, kwargs: Permission(group=self.value.group, operate=self.value.operate,
|
||||||
resource_path=
|
resource_path=
|
||||||
|
|||||||
@ -12,7 +12,7 @@ from django.contrib.postgres.fields import ArrayField
|
|||||||
from django.db import models
|
from django.db import models
|
||||||
|
|
||||||
from common.constants.permission_constants import Group, ResourcePermissionGroup, ResourceAuthType, \
|
from common.constants.permission_constants import Group, ResourcePermissionGroup, ResourceAuthType, \
|
||||||
ResourcePermissionRole
|
ResourcePermissionRole, ResourcePermission
|
||||||
from users.models import User
|
from users.models import User
|
||||||
|
|
||||||
|
|
||||||
@ -48,8 +48,8 @@ class WorkspaceUserResourcePermission(models.Model):
|
|||||||
default=list,
|
default=list,
|
||||||
base_field=models.CharField(max_length=256,
|
base_field=models.CharField(max_length=256,
|
||||||
blank=True,
|
blank=True,
|
||||||
choices=ResourcePermissionGroup.choices + ResourcePermissionRole.choices,
|
choices=ResourcePermission.choices + ResourcePermissionRole.choices,
|
||||||
default=ResourcePermissionGroup.VIEW))
|
default=ResourcePermission.VIEW))
|
||||||
|
|
||||||
create_time = models.DateTimeField(verbose_name="创建时间", auto_now_add=True)
|
create_time = models.DateTimeField(verbose_name="创建时间", auto_now_add=True)
|
||||||
|
|
||||||
|
|||||||
@ -17,7 +17,7 @@ from rest_framework import serializers
|
|||||||
from application.models import Application
|
from application.models import Application
|
||||||
from common.constants.cache_version import Cache_Version
|
from common.constants.cache_version import Cache_Version
|
||||||
from common.constants.permission_constants import get_default_workspace_user_role_mapping_list, RoleConstants, \
|
from common.constants.permission_constants import get_default_workspace_user_role_mapping_list, RoleConstants, \
|
||||||
ResourcePermissionGroup, ResourcePermissionRole, ResourceAuthType
|
ResourcePermission, ResourcePermissionRole, ResourceAuthType
|
||||||
from common.database_model_manage.database_model_manage import DatabaseModelManage
|
from common.database_model_manage.database_model_manage import DatabaseModelManage
|
||||||
from common.db.search import native_search
|
from common.db.search import native_search
|
||||||
from common.db.sql_execute import select_list
|
from common.db.sql_execute import select_list
|
||||||
@ -51,7 +51,6 @@ class UserResourcePermissionResponse(serializers.Serializer):
|
|||||||
|
|
||||||
|
|
||||||
class UpdateTeamMemberItemPermissionSerializer(serializers.Serializer):
|
class UpdateTeamMemberItemPermissionSerializer(serializers.Serializer):
|
||||||
auth_target_type = serializers.ChoiceField(required=True, choices=AuthTargetType.choices, label="授权资源")
|
|
||||||
target_id = serializers.CharField(required=True, label=_('target id'))
|
target_id = serializers.CharField(required=True, label=_('target id'))
|
||||||
auth_type = serializers.ChoiceField(required=True, choices=ResourceAuthType.choices, label="授权类型")
|
auth_type = serializers.ChoiceField(required=True, choices=ResourceAuthType.choices, label="授权类型")
|
||||||
permission = PermissionSerializer(required=True, many=False)
|
permission = PermissionSerializer(required=True, many=False)
|
||||||
@ -60,34 +59,46 @@ class UpdateTeamMemberItemPermissionSerializer(serializers.Serializer):
|
|||||||
class UpdateUserResourcePermissionRequest(serializers.Serializer):
|
class UpdateUserResourcePermissionRequest(serializers.Serializer):
|
||||||
user_resource_permission_list = UpdateTeamMemberItemPermissionSerializer(required=True, many=True)
|
user_resource_permission_list = UpdateTeamMemberItemPermissionSerializer(required=True, many=True)
|
||||||
|
|
||||||
def is_valid(self, *, workspace_id=None, raise_exception=False):
|
def is_valid(self, *, auth_target_type=None, workspace_id=None, raise_exception=False):
|
||||||
super().is_valid(raise_exception=True)
|
super().is_valid(raise_exception=True)
|
||||||
user_resource_permission_list = self.data.get("user_resource_permission_list")
|
user_resource_permission_list = [{'target_id': urp.get('target_id'), 'auth_target_type': auth_target_type} for
|
||||||
|
urp in
|
||||||
|
self.data.get("user_resource_permission_list")]
|
||||||
illegal_target_id_list = select_list(
|
illegal_target_id_list = select_list(
|
||||||
get_file_content(
|
get_file_content(
|
||||||
os.path.join(PROJECT_DIR, "apps", "system_manage", 'sql', 'check_member_permission_target_exists.sql')),
|
os.path.join(PROJECT_DIR, "apps", "system_manage", 'sql', 'check_member_permission_target_exists.sql')),
|
||||||
[json.dumps(user_resource_permission_list), workspace_id, workspace_id, workspace_id, workspace_id])
|
[json.dumps(user_resource_permission_list), workspace_id, workspace_id, workspace_id, workspace_id])
|
||||||
if illegal_target_id_list is not None and len(illegal_target_id_list) > 0:
|
if illegal_target_id_list is not None and len(illegal_target_id_list) > 0:
|
||||||
raise AppApiException(500,
|
raise AppApiException(500,
|
||||||
_('Non-existent application|knowledge base id[') + str(illegal_target_id_list) + ']')
|
_('Non-existent id[') + str(illegal_target_id_list) + ']')
|
||||||
|
|
||||||
|
|
||||||
|
m_map = {
|
||||||
|
"KNOWLEDGE": Knowledge,
|
||||||
|
'TOOL': Tool,
|
||||||
|
'MODEL': Model,
|
||||||
|
'APPLICATION': Application,
|
||||||
|
}
|
||||||
|
sql_map = {
|
||||||
|
"KNOWLEDGE": 'get_knowledge_user_resource_permission.sql',
|
||||||
|
'TOOL': 'get_tool_user_resource_permission.sql',
|
||||||
|
'MODEL': 'get_model_user_resource_permission.sql',
|
||||||
|
'APPLICATION': 'get_application_user_resource_permission.sql'
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
class UserResourcePermissionSerializer(serializers.Serializer):
|
class UserResourcePermissionSerializer(serializers.Serializer):
|
||||||
workspace_id = serializers.CharField(required=True, label=_('workspace id'))
|
workspace_id = serializers.CharField(required=True, label=_('workspace id'))
|
||||||
user_id = serializers.CharField(required=True, label=_('user id'))
|
user_id = serializers.CharField(required=True, label=_('user id'))
|
||||||
|
auth_target_type = serializers.CharField(required=True, label=_('resource'))
|
||||||
|
|
||||||
def get_queryset(self):
|
def get_queryset(self):
|
||||||
return {
|
return {
|
||||||
"knowledge_query_set": QuerySet(Knowledge)
|
'query_set': QuerySet(m_map.get(self.data.get('auth_target_type'))).filter(
|
||||||
.filter(workspace_id=self.data.get('workspace_id')),
|
workspace_id=self.data.get('workspace_id')),
|
||||||
'tool_query_set': QuerySet(Tool)
|
|
||||||
.filter(workspace_id=self.data.get('workspace_id')),
|
|
||||||
'model_query_set': QuerySet(Model)
|
|
||||||
.filter(workspace_id=self.data.get('workspace_id')),
|
|
||||||
'application_query_set': QuerySet(Application)
|
|
||||||
.filter(workspace_id=self.data.get('workspace_id')),
|
|
||||||
'workspace_user_resource_permission_query_set': QuerySet(WorkspaceUserResourcePermission).filter(
|
'workspace_user_resource_permission_query_set': QuerySet(WorkspaceUserResourcePermission).filter(
|
||||||
workspace_id=self.data.get('workspace_id'), user=self.data.get('user_id'))
|
workspace_id=self.data.get('workspace_id'), user=self.data.get('user_id'),
|
||||||
|
auth_target_type=self.data.get('auth_target_type'))
|
||||||
}
|
}
|
||||||
|
|
||||||
def list(self, user, with_valid=True):
|
def list(self, user, with_valid=True):
|
||||||
@ -97,7 +108,7 @@ class UserResourcePermissionSerializer(serializers.Serializer):
|
|||||||
user_id = self.data.get("user_id")
|
user_id = self.data.get("user_id")
|
||||||
# 用户权限列表
|
# 用户权限列表
|
||||||
user_resource_permission_list = native_search(self.get_queryset(), get_file_content(
|
user_resource_permission_list = native_search(self.get_queryset(), get_file_content(
|
||||||
os.path.join(PROJECT_DIR, "apps", "system_manage", 'sql', 'get_user_resource_permission.sql')))
|
os.path.join(PROJECT_DIR, "apps", "system_manage", 'sql', sql_map.get(self.data.get('auth_target_type')))))
|
||||||
workspace_user_role_mapping_model = DatabaseModelManage.get_model("workspace_user_role_mapping")
|
workspace_user_role_mapping_model = DatabaseModelManage.get_model("workspace_user_role_mapping")
|
||||||
workspace_model = DatabaseModelManage.get_model("workspace_model")
|
workspace_model = DatabaseModelManage.get_model("workspace_model")
|
||||||
if workspace_user_role_mapping_model and workspace_model:
|
if workspace_user_role_mapping_model and workspace_model:
|
||||||
@ -112,14 +123,14 @@ class UserResourcePermissionSerializer(serializers.Serializer):
|
|||||||
if is_workspace_manage:
|
if is_workspace_manage:
|
||||||
user_resource_permission_list = list(
|
user_resource_permission_list = list(
|
||||||
map(lambda row: {**row,
|
map(lambda row: {**row,
|
||||||
'permission': {ResourcePermissionGroup.VIEW.value: True,
|
'permission': {ResourcePermission.VIEW.value: True,
|
||||||
ResourcePermissionGroup.MANAGE.value: True,
|
ResourcePermission.MANAGE.value: True,
|
||||||
ResourcePermissionRole.ROLE.value: True}},
|
ResourcePermissionRole.ROLE.value: True}},
|
||||||
user_resource_permission_list))
|
user_resource_permission_list))
|
||||||
return group_by([{**user_resource_permission, 'permission': {
|
return group_by([{**user_resource_permission, 'permission': {
|
||||||
permission: True if user_resource_permission.get('permission_list').__contains__(permission) else False for
|
permission: True if user_resource_permission.get('permission_list').__contains__(permission) else False for
|
||||||
permission in
|
permission in
|
||||||
[ResourcePermissionGroup.VIEW.value, ResourcePermissionGroup.MANAGE.value,
|
[ResourcePermission.VIEW.value, ResourcePermission.MANAGE.value,
|
||||||
ResourcePermissionRole.ROLE.value]}}
|
ResourcePermissionRole.ROLE.value]}}
|
||||||
for user_resource_permission in user_resource_permission_list],
|
for user_resource_permission in user_resource_permission_list],
|
||||||
key=lambda item: item.get('auth_target_type'))
|
key=lambda item: item.get('auth_target_type'))
|
||||||
@ -128,6 +139,8 @@ class UserResourcePermissionSerializer(serializers.Serializer):
|
|||||||
if with_valid:
|
if with_valid:
|
||||||
self.is_valid(raise_exception=True)
|
self.is_valid(raise_exception=True)
|
||||||
UpdateUserResourcePermissionRequest(data=instance).is_valid(raise_exception=True,
|
UpdateUserResourcePermissionRequest(data=instance).is_valid(raise_exception=True,
|
||||||
|
auth_target_type=self.data.get(
|
||||||
|
'auth_target_type'),
|
||||||
workspace_id=self.data.get('workspace_id'))
|
workspace_id=self.data.get('workspace_id'))
|
||||||
workspace_id = self.data.get("workspace_id")
|
workspace_id = self.data.get("workspace_id")
|
||||||
user_id = self.data.get("user_id")
|
user_id = self.data.get("user_id")
|
||||||
@ -135,7 +148,7 @@ class UserResourcePermissionSerializer(serializers.Serializer):
|
|||||||
save_list = []
|
save_list = []
|
||||||
user_resource_permission_list = instance.get('user_resource_permission_list')
|
user_resource_permission_list = instance.get('user_resource_permission_list')
|
||||||
workspace_user_resource_permission_exist_list = QuerySet(WorkspaceUserResourcePermission).filter(
|
workspace_user_resource_permission_exist_list = QuerySet(WorkspaceUserResourcePermission).filter(
|
||||||
workspace_id=workspace_id, user_id=user_id)
|
workspace_id=workspace_id, user_id=user_id, auth_target_type=self.data.get('auth_target_type'))
|
||||||
for user_resource_permission in user_resource_permission_list:
|
for user_resource_permission in user_resource_permission_list:
|
||||||
exist_list = [user_resource_permission_exist for user_resource_permission_exist in
|
exist_list = [user_resource_permission_exist for user_resource_permission_exist in
|
||||||
workspace_user_resource_permission_exist_list if
|
workspace_user_resource_permission_exist_list if
|
||||||
@ -147,8 +160,7 @@ class UserResourcePermissionSerializer(serializers.Serializer):
|
|||||||
update_list.append(exist_list[0])
|
update_list.append(exist_list[0])
|
||||||
else:
|
else:
|
||||||
save_list.append(WorkspaceUserResourcePermission(target=user_resource_permission.get('target_id'),
|
save_list.append(WorkspaceUserResourcePermission(target=user_resource_permission.get('target_id'),
|
||||||
auth_target_type=user_resource_permission.get(
|
auth_target_type=self.data.get('auth_target_type'),
|
||||||
'auth_target_type'),
|
|
||||||
permission_list=[key for key in
|
permission_list=[key for key in
|
||||||
user_resource_permission.get(
|
user_resource_permission.get(
|
||||||
'permission').keys() if
|
'permission').keys() if
|
||||||
|
|||||||
@ -0,0 +1,17 @@
|
|||||||
|
SELECT app_or_knowledge.*,
|
||||||
|
COALESCE(workspace_user_resource_permission.permission_list,'{}')::varchar[] as permission_list,
|
||||||
|
COALESCE(workspace_user_resource_permission.auth_type,'ROLE') as auth_type
|
||||||
|
FROM (SELECT "id",
|
||||||
|
"name",
|
||||||
|
'APPLICATION' AS "auth_target_type",
|
||||||
|
user_id,
|
||||||
|
workspace_id,
|
||||||
|
icon,
|
||||||
|
folder_id
|
||||||
|
FROM application
|
||||||
|
${query_set}
|
||||||
|
) app_or_knowledge
|
||||||
|
LEFT JOIN (SELECT *
|
||||||
|
FROM workspace_user_resource_permission
|
||||||
|
${workspace_user_resource_permission_query_set}) workspace_user_resource_permission
|
||||||
|
ON workspace_user_resource_permission.target = app_or_knowledge."id";
|
||||||
@ -0,0 +1,17 @@
|
|||||||
|
SELECT app_or_knowledge.*,
|
||||||
|
COALESCE(workspace_user_resource_permission.permission_list,'{}')::varchar[] as permission_list,
|
||||||
|
COALESCE(workspace_user_resource_permission.auth_type,'ROLE') as auth_type
|
||||||
|
FROM (SELECT "id",
|
||||||
|
"name",
|
||||||
|
'KNOWLEDGE' AS "auth_target_type",
|
||||||
|
user_id,
|
||||||
|
workspace_id,
|
||||||
|
"type"::varchar AS "icon",
|
||||||
|
folder_id
|
||||||
|
FROM knowledge
|
||||||
|
${query_set}
|
||||||
|
) app_or_knowledge
|
||||||
|
LEFT JOIN (SELECT *
|
||||||
|
FROM workspace_user_resource_permission
|
||||||
|
${workspace_user_resource_permission_query_set}) workspace_user_resource_permission
|
||||||
|
ON workspace_user_resource_permission.target = app_or_knowledge."id";
|
||||||
@ -0,0 +1,17 @@
|
|||||||
|
SELECT app_or_knowledge.*,
|
||||||
|
COALESCE(workspace_user_resource_permission.permission_list,'{}')::varchar[] as permission_list,
|
||||||
|
COALESCE(workspace_user_resource_permission.auth_type,'ROLE') as auth_type
|
||||||
|
FROM (SELECT "id",
|
||||||
|
"name",
|
||||||
|
'MODEL' AS "auth_target_type",
|
||||||
|
user_id,
|
||||||
|
workspace_id,
|
||||||
|
provider as icon,
|
||||||
|
'default' as folder_id
|
||||||
|
FROM model
|
||||||
|
${query_set}
|
||||||
|
) app_or_knowledge
|
||||||
|
LEFT JOIN (SELECT *
|
||||||
|
FROM workspace_user_resource_permission
|
||||||
|
${workspace_user_resource_permission_query_set}) workspace_user_resource_permission
|
||||||
|
ON workspace_user_resource_permission.target = app_or_knowledge."id";
|
||||||
17
apps/system_manage/sql/get_tool_user_resource_permission.sql
Normal file
17
apps/system_manage/sql/get_tool_user_resource_permission.sql
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
SELECT app_or_knowledge.*,
|
||||||
|
COALESCE(workspace_user_resource_permission.permission_list,'{}')::varchar[] as permission_list,
|
||||||
|
COALESCE(workspace_user_resource_permission.auth_type,'ROLE') as auth_type
|
||||||
|
FROM (SELECT "id",
|
||||||
|
"name",
|
||||||
|
'TOOL' AS "auth_target_type",
|
||||||
|
user_id,
|
||||||
|
workspace_id,
|
||||||
|
icon,
|
||||||
|
folder_id
|
||||||
|
FROM tool
|
||||||
|
${query_set}
|
||||||
|
) app_or_knowledge
|
||||||
|
LEFT JOIN (SELECT *
|
||||||
|
FROM workspace_user_resource_permission
|
||||||
|
${workspace_user_resource_permission_query_set}) workspace_user_resource_permission
|
||||||
|
ON workspace_user_resource_permission.target = app_or_knowledge."id";
|
||||||
@ -5,7 +5,7 @@ from . import views
|
|||||||
app_name = "system_manage"
|
app_name = "system_manage"
|
||||||
# @formatter:off
|
# @formatter:off
|
||||||
urlpatterns = [
|
urlpatterns = [
|
||||||
path('workspace/<str:workspace_id>/user_resource_permission/user/<str:user_id>', views.WorkSpaceUserResourcePermissionView.as_view()),
|
path('workspace/<str:workspace_id>/user_resource_permission/user/<str:user_id>/resource/<str:resource>', views.WorkSpaceUserResourcePermissionView.as_view()),
|
||||||
path('email_setting', views.SystemSetting.Email.as_view()),
|
path('email_setting', views.SystemSetting.Email.as_view()),
|
||||||
path('profile', views.SystemProfile.as_view()),
|
path('profile', views.SystemProfile.as_view()),
|
||||||
path('valid/<str:valid_type>/<int:valid_count>', views.Valid.as_view())
|
path('valid/<str:valid_type>/<int:valid_count>', views.Valid.as_view())
|
||||||
|
|||||||
@ -15,7 +15,7 @@ from rest_framework.views import APIView
|
|||||||
from common import result
|
from common import result
|
||||||
from common.auth import TokenAuth
|
from common.auth import TokenAuth
|
||||||
from common.auth.authentication import has_permissions
|
from common.auth.authentication import has_permissions
|
||||||
from common.constants.permission_constants import PermissionConstants, RoleConstants
|
from common.constants.permission_constants import PermissionConstants, RoleConstants, Permission, Group, Operate
|
||||||
from common.log.log import log
|
from common.log.log import log
|
||||||
from common.result import DefaultResultSerializer
|
from common.result import DefaultResultSerializer
|
||||||
from system_manage.api.user_resource_permission import UserResourcePermissionAPI, EditUserResourcePermissionAPI
|
from system_manage.api.user_resource_permission import UserResourcePermissionAPI, EditUserResourcePermissionAPI
|
||||||
@ -43,11 +43,13 @@ class WorkSpaceUserResourcePermissionView(APIView):
|
|||||||
responses=UserResourcePermissionAPI.get_response(),
|
responses=UserResourcePermissionAPI.get_response(),
|
||||||
tags=[_('Resources authorization')] # type: ignore
|
tags=[_('Resources authorization')] # type: ignore
|
||||||
)
|
)
|
||||||
@has_permissions(PermissionConstants.WORKSPACE_USER_RESOURCE_PERMISSION_READ.get_workspace_permission(),
|
@has_permissions(
|
||||||
RoleConstants.ADMIN, RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
|
lambda r, kwargs: Permission(group=Group(kwargs.get('resource') + '_WORKSPACE_USER_RESOURCE_PERMISSION'),
|
||||||
def get(self, request: Request, workspace_id: str, user_id: str):
|
operate=Operate.READ),
|
||||||
|
RoleConstants.ADMIN, RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
|
||||||
|
def get(self, request: Request, workspace_id: str, user_id: str, resource: str):
|
||||||
return result.success(UserResourcePermissionSerializer(
|
return result.success(UserResourcePermissionSerializer(
|
||||||
data={'workspace_id': workspace_id, 'user_id': user_id}
|
data={'workspace_id': workspace_id, 'user_id': user_id, 'auth_target_type': resource}
|
||||||
).list(request.user))
|
).list(request.user))
|
||||||
|
|
||||||
@extend_schema(
|
@extend_schema(
|
||||||
@ -62,9 +64,11 @@ class WorkSpaceUserResourcePermissionView(APIView):
|
|||||||
@log(menu='System', operate='Modify the resource authorization list',
|
@log(menu='System', operate='Modify the resource authorization list',
|
||||||
get_operation_object=lambda r, k: get_user_operation_object(k.get('user_id'))
|
get_operation_object=lambda r, k: get_user_operation_object(k.get('user_id'))
|
||||||
)
|
)
|
||||||
@has_permissions(PermissionConstants.WORKSPACE_USER_RESOURCE_PERMISSION_EDIT.get_workspace_permission(),
|
@has_permissions(
|
||||||
RoleConstants.ADMIN, RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
|
lambda r, kwargs: Permission(group=Group(kwargs.get('resource') + '_WORKSPACE_USER_RESOURCE_PERMISSION'),
|
||||||
def put(self, request: Request, workspace_id: str, user_id: str):
|
operate=Operate.EDIT),
|
||||||
|
RoleConstants.ADMIN, RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
|
||||||
|
def put(self, request: Request, workspace_id: str, user_id: str, resource: str):
|
||||||
return result.success(UserResourcePermissionSerializer(
|
return result.success(UserResourcePermissionSerializer(
|
||||||
data={'workspace_id': workspace_id, 'user_id': user_id}
|
data={'workspace_id': workspace_id, 'user_id': user_id, 'auth_target_type': resource}
|
||||||
).edit(request.data, request.user))
|
).edit(request.data, request.user))
|
||||||
|
|||||||
@ -12,10 +12,11 @@ const prefix = '/workspace'
|
|||||||
const getResourceAuthorization: (
|
const getResourceAuthorization: (
|
||||||
workspace_id: string,
|
workspace_id: string,
|
||||||
user_id: string,
|
user_id: string,
|
||||||
|
resource: string,
|
||||||
loading?: Ref<boolean>,
|
loading?: Ref<boolean>,
|
||||||
) => Promise<Result<any>> = (workspace_id, user_id, loading) => {
|
) => Promise<Result<any>> = (workspace_id, user_id, resource, loading) => {
|
||||||
return get(
|
return get(
|
||||||
`${prefix}/${workspace_id}/user_resource_permission/user/${user_id}`,
|
`${prefix}/${workspace_id}/user_resource_permission/user/${user_id}/resource/${resource}`,
|
||||||
undefined,
|
undefined,
|
||||||
loading,
|
loading,
|
||||||
)
|
)
|
||||||
@ -42,11 +43,12 @@ const getResourceAuthorization: (
|
|||||||
const putResourceAuthorization: (
|
const putResourceAuthorization: (
|
||||||
workspace_id: string,
|
workspace_id: string,
|
||||||
user_id: string,
|
user_id: string,
|
||||||
|
resource: string,
|
||||||
body: any,
|
body: any,
|
||||||
loading?: Ref<boolean>,
|
loading?: Ref<boolean>,
|
||||||
) => Promise<Result<any>> = (workspace_id, user_id, body, loading) => {
|
) => Promise<Result<any>> = (workspace_id, user_id, resource, body, loading) => {
|
||||||
return put(
|
return put(
|
||||||
`${prefix}/${workspace_id}/user_resource_permission/user/${user_id}`,
|
`${prefix}/${workspace_id}/user_resource_permission/user/${user_id}/resource/${resource}`,
|
||||||
body,
|
body,
|
||||||
{},
|
{},
|
||||||
loading,
|
loading,
|
||||||
|
|||||||
@ -184,6 +184,7 @@ const systemRouter = {
|
|||||||
activeMenu: '/system',
|
activeMenu: '/system',
|
||||||
parentPath: '/system',
|
parentPath: '/system',
|
||||||
parentName: 'system',
|
parentName: 'system',
|
||||||
|
resource: 'APPLICATION',
|
||||||
},
|
},
|
||||||
component: () => import('@/views/system/resource-authorization/index.vue'),
|
component: () => import('@/views/system/resource-authorization/index.vue'),
|
||||||
},
|
},
|
||||||
@ -195,6 +196,7 @@ const systemRouter = {
|
|||||||
activeMenu: '/system',
|
activeMenu: '/system',
|
||||||
parentPath: '/system',
|
parentPath: '/system',
|
||||||
parentName: 'system',
|
parentName: 'system',
|
||||||
|
resource: 'KNOWLEDGE',
|
||||||
},
|
},
|
||||||
component: () => import('@/views/system/resource-authorization/index.vue'),
|
component: () => import('@/views/system/resource-authorization/index.vue'),
|
||||||
},
|
},
|
||||||
@ -206,6 +208,7 @@ const systemRouter = {
|
|||||||
activeMenu: '/system',
|
activeMenu: '/system',
|
||||||
parentPath: '/system',
|
parentPath: '/system',
|
||||||
parentName: 'system',
|
parentName: 'system',
|
||||||
|
resource: 'TOOL',
|
||||||
},
|
},
|
||||||
component: () => import('@/views/system/resource-authorization/index.vue'),
|
component: () => import('@/views/system/resource-authorization/index.vue'),
|
||||||
},
|
},
|
||||||
@ -217,6 +220,7 @@ const systemRouter = {
|
|||||||
activeMenu: '/system',
|
activeMenu: '/system',
|
||||||
parentPath: '/system',
|
parentPath: '/system',
|
||||||
parentName: 'system',
|
parentName: 'system',
|
||||||
|
resource: 'MODEL',
|
||||||
},
|
},
|
||||||
component: () => import('@/views/system/resource-authorization/index.vue'),
|
component: () => import('@/views/system/resource-authorization/index.vue'),
|
||||||
},
|
},
|
||||||
@ -477,11 +481,14 @@ const systemRouter = {
|
|||||||
parentName: 'system',
|
parentName: 'system',
|
||||||
sameRoute: 'operate',
|
sameRoute: 'operate',
|
||||||
permission: [
|
permission: [
|
||||||
new ComplexPermission(
|
new ComplexPermission(
|
||||||
[RoleConst.ADMIN],
|
[RoleConst.ADMIN],
|
||||||
[PermissionConst.OPERATION_LOG_READ],
|
[PermissionConst.OPERATION_LOG_READ],
|
||||||
[EditionConst.IS_EE, EditionConst.IS_PE],
|
[EditionConst.IS_EE, EditionConst.IS_PE],
|
||||||
'OR',),],
|
'OR',
|
||||||
|
),
|
||||||
|
],
|
||||||
|
|
||||||
},
|
},
|
||||||
component: () => import('@/views/system/operate-log/index.vue'),
|
component: () => import('@/views/system/operate-log/index.vue'),
|
||||||
},
|
},
|
||||||
|
|||||||
@ -8,7 +8,11 @@
|
|||||||
</el-breadcrumb-item>
|
</el-breadcrumb-item>
|
||||||
</el-breadcrumb>
|
</el-breadcrumb>
|
||||||
<!-- 企业版: 工作空间下拉框-->
|
<!-- 企业版: 工作空间下拉框-->
|
||||||
<el-divider class="ml-24" direction="vertical" v-if="hasPermission(EditionConst.IS_EE, 'OR')" />
|
<el-divider
|
||||||
|
class="ml-24"
|
||||||
|
direction="vertical"
|
||||||
|
v-if="hasPermission(EditionConst.IS_EE, 'OR')"
|
||||||
|
/>
|
||||||
<WorkspaceDropdown
|
<WorkspaceDropdown
|
||||||
v-if="hasPermission(EditionConst.IS_EE, 'OR')"
|
v-if="hasPermission(EditionConst.IS_EE, 'OR')"
|
||||||
:data="workspaceList"
|
:data="workspaceList"
|
||||||
@ -189,6 +193,7 @@ function submitPermissions() {
|
|||||||
AuthorizationApi.putResourceAuthorization(
|
AuthorizationApi.putResourceAuthorization(
|
||||||
currentWorkspaceId.value || 'default',
|
currentWorkspaceId.value || 'default',
|
||||||
currentUser.value,
|
currentUser.value,
|
||||||
|
(route.meta?.resource as string) || 'APPLICATION',
|
||||||
{ user_resource_permission_list: user_resource_permission_list },
|
{ user_resource_permission_list: user_resource_permission_list },
|
||||||
rLoading,
|
rLoading,
|
||||||
).then(() => {
|
).then(() => {
|
||||||
@ -290,10 +295,6 @@ const dfsFolder = (arr: any[] = [], folderIdMap: any) => {
|
|||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
const handleTabChange = () => {
|
|
||||||
getWholeTree(currentUser.value)
|
|
||||||
}
|
|
||||||
|
|
||||||
function getFolder() {
|
function getFolder() {
|
||||||
return AuthorizationApi.getSystemFolder(
|
return AuthorizationApi.getSystemFolder(
|
||||||
currentWorkspaceId.value || 'default',
|
currentWorkspaceId.value || 'default',
|
||||||
@ -306,6 +307,7 @@ function getResourcePermissions(user_id: string) {
|
|||||||
return AuthorizationApi.getResourceAuthorization(
|
return AuthorizationApi.getResourceAuthorization(
|
||||||
currentWorkspaceId.value || 'default',
|
currentWorkspaceId.value || 'default',
|
||||||
user_id,
|
user_id,
|
||||||
|
(route.meta?.resource as string) || 'APPLICATION',
|
||||||
rLoading,
|
rLoading,
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
@ -378,7 +380,6 @@ function changeWorkspace(item: WorkspaceItem) {
|
|||||||
currentWorkspaceId.value = item.id
|
currentWorkspaceId.value = item.id
|
||||||
getMember()
|
getMember()
|
||||||
}
|
}
|
||||||
function refresh(data?: string[]) {}
|
|
||||||
|
|
||||||
onMounted(() => {
|
onMounted(() => {
|
||||||
tableHeight.value = window.innerHeight - 330
|
tableHeight.value = window.innerHeight - 330
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user