feat: tool model resource permission (#3395)
This commit is contained in:
shaohuzhang1
GitHub
parent
ac7e39fb18
commit
ce5850b6d4
@ -20,6 +20,8 @@ class AuthTargetType(models.TextChoices):
|
|||||||
"""授权目标"""
|
"""授权目标"""
|
||||||
KNOWLEDGE = Group.KNOWLEDGE.value, '知识库'
|
KNOWLEDGE = Group.KNOWLEDGE.value, '知识库'
|
||||||
APPLICATION = Group.APPLICATION.value, '应用'
|
APPLICATION = Group.APPLICATION.value, '应用'
|
||||||
|
TOOL = Group.TOOL.value, '工具'
|
||||||
|
MODEL = Group.MODEL.value, '模型'
|
||||||
|
|
||||||
|
|
||||||
class WorkspaceUserResourcePermission(models.Model):
|
class WorkspaceUserResourcePermission(models.Model):
|
||||||
|
|||||||
@ -26,7 +26,9 @@ from common.utils.common import get_file_content
|
|||||||
from common.utils.split_model import group_by
|
from common.utils.split_model import group_by
|
||||||
from knowledge.models import Knowledge
|
from knowledge.models import Knowledge
|
||||||
from maxkb.conf import PROJECT_DIR
|
from maxkb.conf import PROJECT_DIR
|
||||||
|
from models_provider.models import Model
|
||||||
from system_manage.models import WorkspaceUserResourcePermission, AuthTargetType
|
from system_manage.models import WorkspaceUserResourcePermission, AuthTargetType
|
||||||
|
from tools.models import Tool
|
||||||
|
|
||||||
|
|
||||||
class PermissionSerializer(serializers.Serializer):
|
class PermissionSerializer(serializers.Serializer):
|
||||||
@ -64,7 +66,7 @@ class UpdateUserResourcePermissionRequest(serializers.Serializer):
|
|||||||
illegal_target_id_list = select_list(
|
illegal_target_id_list = select_list(
|
||||||
get_file_content(
|
get_file_content(
|
||||||
os.path.join(PROJECT_DIR, "apps", "system_manage", 'sql', 'check_member_permission_target_exists.sql')),
|
os.path.join(PROJECT_DIR, "apps", "system_manage", 'sql', 'check_member_permission_target_exists.sql')),
|
||||||
[json.dumps(user_resource_permission_list), workspace_id, workspace_id])
|
[json.dumps(user_resource_permission_list), workspace_id, workspace_id, workspace_id, workspace_id])
|
||||||
if illegal_target_id_list is not None and len(illegal_target_id_list) > 0:
|
if illegal_target_id_list is not None and len(illegal_target_id_list) > 0:
|
||||||
raise AppApiException(500,
|
raise AppApiException(500,
|
||||||
_('Non-existent application|knowledge base id[') + str(illegal_target_id_list) + ']')
|
_('Non-existent application|knowledge base id[') + str(illegal_target_id_list) + ']')
|
||||||
@ -78,6 +80,10 @@ class UserResourcePermissionSerializer(serializers.Serializer):
|
|||||||
return {
|
return {
|
||||||
"knowledge_query_set": QuerySet(Knowledge)
|
"knowledge_query_set": QuerySet(Knowledge)
|
||||||
.filter(workspace_id=self.data.get('workspace_id')),
|
.filter(workspace_id=self.data.get('workspace_id')),
|
||||||
|
'tool_query_set': QuerySet(Tool)
|
||||||
|
.filter(workspace_id=self.data.get('workspace_id')),
|
||||||
|
'model_query_set': QuerySet(Model)
|
||||||
|
.filter(workspace_id=self.data.get('workspace_id')),
|
||||||
'application_query_set': QuerySet(Application)
|
'application_query_set': QuerySet(Application)
|
||||||
.filter(workspace_id=self.data.get('workspace_id')),
|
.filter(workspace_id=self.data.get('workspace_id')),
|
||||||
'workspace_user_resource_permission_query_set': QuerySet(WorkspaceUserResourcePermission).filter(
|
'workspace_user_resource_permission_query_set': QuerySet(WorkspaceUserResourcePermission).filter(
|
||||||
|
|||||||
@ -17,6 +17,20 @@ FROM
|
|||||||
'APPLICATION' AS "auth_target_type"
|
'APPLICATION' AS "auth_target_type"
|
||||||
FROM
|
FROM
|
||||||
application
|
application
|
||||||
|
WHERE workspace_id= %s
|
||||||
|
UNION
|
||||||
|
SELECT
|
||||||
|
"id",
|
||||||
|
'MODEL' AS "auth_target_type"
|
||||||
|
FROM
|
||||||
|
model
|
||||||
|
WHERE workspace_id= %s
|
||||||
|
UNION
|
||||||
|
SELECT
|
||||||
|
"id",
|
||||||
|
'TOOL' AS "auth_target_type"
|
||||||
|
FROM
|
||||||
|
tool
|
||||||
WHERE workspace_id= %s
|
WHERE workspace_id= %s
|
||||||
) "app_and_knowledge_temp"
|
) "app_and_knowledge_temp"
|
||||||
ON "app_and_knowledge_temp"."id" = static_temp."target_id" and app_and_knowledge_temp."auth_target_type"=static_temp."auth_target_type"
|
ON "app_and_knowledge_temp"."id" = static_temp."target_id" and app_and_knowledge_temp."auth_target_type"=static_temp."auth_target_type"
|
||||||
|
|||||||
@ -20,6 +20,26 @@ FROM (SELECT "id",
|
|||||||
folder_id
|
folder_id
|
||||||
FROM application
|
FROM application
|
||||||
${application_query_set}
|
${application_query_set}
|
||||||
|
UNION
|
||||||
|
SELECT "id",
|
||||||
|
"name",
|
||||||
|
'TOOL' AS "auth_target_type",
|
||||||
|
user_id,
|
||||||
|
workspace_id,
|
||||||
|
icon,
|
||||||
|
folder_id
|
||||||
|
FROM tool
|
||||||
|
${tool_query_set}
|
||||||
|
UNION
|
||||||
|
SELECT "id",
|
||||||
|
"name",
|
||||||
|
'MODEL' AS "auth_target_type",
|
||||||
|
user_id,
|
||||||
|
workspace_id,
|
||||||
|
provider as icon,
|
||||||
|
'default' as folder_id
|
||||||
|
FROM model
|
||||||
|
${model_query_set}
|
||||||
) app_or_knowledge
|
) app_or_knowledge
|
||||||
LEFT JOIN (SELECT *
|
LEFT JOIN (SELECT *
|
||||||
FROM workspace_user_resource_permission
|
FROM workspace_user_resource_permission
|
||||||
|
|||||||
@ -1,3 +1,4 @@
|
|||||||
|
import { Permission } from '@/utils/permission/type'
|
||||||
import { Result } from '@/request/Result'
|
import { Result } from '@/request/Result'
|
||||||
import { get, put, post, del } from '@/request/index'
|
import { get, put, post, del } from '@/request/index'
|
||||||
import type { pageRequest } from '@/api/type/common'
|
import type { pageRequest } from '@/api/type/common'
|
||||||
@ -82,6 +83,19 @@ const getSystemFolder: (
|
|||||||
data?: any,
|
data?: any,
|
||||||
loading?: Ref<boolean>,
|
loading?: Ref<boolean>,
|
||||||
) => Promise<Result<Array<any>>> = (workspace_id, source, data, loading) => {
|
) => Promise<Result<Array<any>>> = (workspace_id, source, data, loading) => {
|
||||||
|
if (source == 'MODEL') {
|
||||||
|
return Promise.resolve(
|
||||||
|
Result.success([
|
||||||
|
{
|
||||||
|
id: 'default',
|
||||||
|
name: '根目录',
|
||||||
|
desc: null,
|
||||||
|
parent_id: null,
|
||||||
|
children: [],
|
||||||
|
},
|
||||||
|
]),
|
||||||
|
)
|
||||||
|
}
|
||||||
return get(`${prefix}/${workspace_id}/${source}/folder`, data, loading)
|
return get(`${prefix}/${workspace_id}/${source}/folder`, data, loading)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -4,10 +4,12 @@ export enum AuthorizationEnum {
|
|||||||
ROLE = 'ROLE',
|
ROLE = 'ROLE',
|
||||||
KNOWLEDGE = 'KNOWLEDGE',
|
KNOWLEDGE = 'KNOWLEDGE',
|
||||||
APPLICATION = 'APPLICATION',
|
APPLICATION = 'APPLICATION',
|
||||||
|
MODEL = 'MODEL',
|
||||||
|
TOOL = 'TOOL',
|
||||||
}
|
}
|
||||||
|
|
||||||
export enum RoleTypeEnum {
|
export enum RoleTypeEnum {
|
||||||
ADMIN = 'ADMIN',
|
ADMIN = 'ADMIN',
|
||||||
USER = 'USER',
|
USER = 'USER',
|
||||||
WORKSPACE_MANAGE = 'WORKSPACE_MANAGE',
|
WORKSPACE_MANAGE = 'WORKSPACE_MANAGE',
|
||||||
}
|
}
|
||||||
|
|||||||
@ -110,7 +110,6 @@ const filterText = ref('')
|
|||||||
const activeName = ref(AuthorizationEnum.KNOWLEDGE)
|
const activeName = ref(AuthorizationEnum.KNOWLEDGE)
|
||||||
const tableHeight = ref(0)
|
const tableHeight = ref(0)
|
||||||
|
|
||||||
|
|
||||||
const settingTags = reactive([
|
const settingTags = reactive([
|
||||||
{
|
{
|
||||||
label: t('views.knowledge.title'),
|
label: t('views.knowledge.title'),
|
||||||
@ -124,6 +123,18 @@ const settingTags = reactive([
|
|||||||
data: [] as any,
|
data: [] as any,
|
||||||
isRole: false,
|
isRole: false,
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
label: t('views.tool.title'),
|
||||||
|
value: AuthorizationEnum.TOOL,
|
||||||
|
data: [] as any,
|
||||||
|
isRole: false,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
label: t('views.model.title'),
|
||||||
|
value: AuthorizationEnum.MODEL,
|
||||||
|
data: [] as any,
|
||||||
|
isRole: false,
|
||||||
|
},
|
||||||
])
|
])
|
||||||
|
|
||||||
watch(filterText, (val: any) => {
|
watch(filterText, (val: any) => {
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user