zhuchaowe/maxkb
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: Automatic authorization for resource creation (#3464)

Browse Source
This commit is contained in:
shaohuzhang1 2025-07-03 14:46:55 +08:00 committed by GitHub
parent 0b27836ccb
commit df49c5ba5c
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
6 changed files with 77 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
apps/application/serializers/application.py
View File

@ -40,7 +40,8 @@ from knowledge.serializers.knowledge import KnowledgeSerializer, KnowledgeModelS
from maxkb.conf import PROJECT_DIR from maxkb.conf import PROJECT_DIR
from models_provider.models import Model from models_provider.models import Model
from models_provider.tools import get_model_instance_by_model_workspace_id from models_provider.tools import get_model_instance_by_model_workspace_id
from system_manage.models import WorkspaceUserResourcePermission from system_manage.models import WorkspaceUserResourcePermission, AuthTargetType
from system_manage.serializers.user_resource_permission import UserResourcePermissionSerializer
from tools.models import Tool, ToolScope from tools.models import Tool, ToolScope
from tools.serializers.tool import ToolModelSerializer from tools.serializers.tool import ToolModelSerializer
from users.models import User from users.models import User
@ -430,9 +431,15 @@ class ApplicationSerializer(serializers.Serializer):
def insert(self, instance: Dict): def insert(self, instance: Dict):
application_type = instance.get('type') application_type = instance.get('type')
if 'WORK_FLOW' == application_type: if 'WORK_FLOW' == application_type:
return self.insert_workflow(instance) r = self.insert_workflow(instance)
else: else:
return self.insert_simple(instance) r = self.insert_simple(instance)
UserResourcePermissionSerializer(data={
'workspace_id': self.data.get('workspace_id'),
'user_id': self.data.get('user_id'),
'auth_target_type': AuthTargetType.APPLICATION.value
}).auth_resource(str(r.get('id')))
return r
def insert_workflow(self, instance: Dict): def insert_workflow(self, instance: Dict):
self.is_valid(raise_exception=True) self.is_valid(raise_exception=True)

24
apps/knowledge/serializers/knowledge.py
View File

@ -21,7 +21,7 @@ from rest_framework import serializers
from application.models import ApplicationKnowledgeMapping from application.models import ApplicationKnowledgeMapping
from common.config.embedding_config import VectorStore from common.config.embedding_config import VectorStore
from common.constants.cache_version import Cache_Version from common.constants.cache_version import Cache_Version
from common.constants.permission_constants import ResourceAuthType, ResourcePermission from common.constants.permission_constants import ResourceAuthType, ResourcePermission, ResourcePermissionRole
from common.database_model_manage.database_model_manage import DatabaseModelManage from common.database_model_manage.database_model_manage import DatabaseModelManage
from common.db.search import native_search, get_dynamics_model, native_page_search from common.db.search import native_search, get_dynamics_model, native_page_search
from common.db.sql_execute import select_list from common.db.sql_execute import select_list
@ -42,6 +42,7 @@ from knowledge.task.sync import sync_web_knowledge, sync_replace_web_knowledge
from maxkb.conf import PROJECT_DIR from maxkb.conf import PROJECT_DIR
from models_provider.models import Model from models_provider.models import Model
from system_manage.models import WorkspaceUserResourcePermission, AuthTargetType from system_manage.models import WorkspaceUserResourcePermission, AuthTargetType
from system_manage.serializers.user_resource_permission import UserResourcePermissionSerializer
from users.serializers.user import is_workspace_manage from users.serializers.user import is_workspace_manage
@ -553,21 +554,12 @@ class KnowledgeSerializer(serializers.Serializer):
QuerySet(ProblemParagraphMapping).bulk_create( QuerySet(ProblemParagraphMapping).bulk_create(
problem_paragraph_mapping_list problem_paragraph_mapping_list
) if len(problem_paragraph_mapping_list) > 0 else None ) if len(problem_paragraph_mapping_list) > 0 else None
# 自动资源给授权当前用户
# 自动授权给创建者 UserResourcePermissionSerializer(data={
WorkspaceUserResourcePermission( 'workspace_id': self.data.get('workspace_id'),
target=knowledge_id, 'user_id': self.data.get('user_id'),
auth_target_type=AuthTargetType.KNOWLEDGE, 'auth_target_type': AuthTargetType.KNOWLEDGE.value
permission_list=[ResourcePermission.VIEW, ResourcePermission.MANAGE], }).auth_resource(str(knowledge_id))
workspace_id=self.data.get('workspace_id'),
user_id=self.data.get('user_id'),
auth_type=ResourceAuthType.RESOURCE_PERMISSION_GROUP
).save()
# 刷新缓存
version = Cache_Version.PERMISSION_LIST.get_version()
key = Cache_Version.PERMISSION_LIST.get_key(user_id=self.data.get('user_id'))
cache.delete(key, version=version)
return { return {
**KnowledgeModelSerializer(knowledge).data, **KnowledgeModelSerializer(knowledge).data,
'user_id': self.data.get('user_id'), 'user_id': self.data.get('user_id'),

19
apps/models_provider/serializers/model_serializer.py
View File

@ -26,6 +26,7 @@ from models_provider.constants.model_provider_constants import ModelProvideConst
from models_provider.models import Model, Status from models_provider.models import Model, Status
from models_provider.tools import get_model_credential from models_provider.tools import get_model_credential
from system_manage.models import WorkspaceUserResourcePermission, AuthTargetType from system_manage.models import WorkspaceUserResourcePermission, AuthTargetType
from system_manage.serializers.user_resource_permission import UserResourcePermissionSerializer
from users.serializers.user import is_workspace_manage from users.serializers.user import is_workspace_manage
@ -326,19 +327,11 @@ class ModelSerializer(serializers.Serializer):
model = Model(**model_data) model = Model(**model_data)
try: try:
model.save() model.save()
# 自动授权给创建者 UserResourcePermissionSerializer(data={
WorkspaceUserResourcePermission( 'workspace_id': self.data.get('workspace_id'),
target=model.id, 'user_id': self.data.get('user_id'),
auth_target_type=AuthTargetType.MODEL, 'auth_target_type': AuthTargetType.MODEL.value
permission_list=[ResourcePermission.VIEW, ResourcePermission.MANAGE], }).auth_resource(str(model.id))
workspace_id=workspace_id,
user_id=self.data.get('user_id'),
auth_type=ResourceAuthType.RESOURCE_PERMISSION_GROUP
).save()
# 刷新缓存
version = Cache_Version.PERMISSION_LIST.get_version()
key = Cache_Version.PERMISSION_LIST.get_key(user_id=self.data.get('user_id'))
cache.delete(key, version=version)
except Exception as save_error: except Exception as save_error:
# 可添加日志记录 # 可添加日志记录
raise AppApiException(500, _("Model saving failed")) from save_error raise AppApiException(500, _("Model saving failed")) from save_error

28
apps/system_manage/serializers/user_resource_permission.py
View File

@ -29,6 +29,7 @@ from maxkb.conf import PROJECT_DIR
from models_provider.models import Model from models_provider.models import Model
from system_manage.models import WorkspaceUserResourcePermission, AuthTargetType from system_manage.models import WorkspaceUserResourcePermission, AuthTargetType
from tools.models import Tool from tools.models import Tool
from users.serializers.user import is_workspace_manage
class PermissionSerializer(serializers.Serializer): class PermissionSerializer(serializers.Serializer):
@ -101,6 +102,33 @@ class UserResourcePermissionSerializer(serializers.Serializer):
auth_target_type=self.data.get('auth_target_type')) auth_target_type=self.data.get('auth_target_type'))
} }
def auth_resource(self, resource_id: str):
self.is_valid(raise_exception=True)
workspace_manage = is_workspace_manage(self.data.get('user_id'), self.data.get('workspace_id'))
if not workspace_manage:
auth_target_type = self.data.get('auth_target_type')
workspace_id = self.data.get('workspace_id')
user_id = self.data.get('user_id')
wurp = QuerySet(WorkspaceUserResourcePermission).filter(auth_target_type=auth_target_type,
workspace_id=workspace_id).first()
auth_type = wurp.auth_type if wurp else ResourceAuthType.RESOURCE_PERMISSION_GROUP
# 自动授权给创建者
WorkspaceUserResourcePermission(
target=resource_id,
auth_target_type=auth_target_type,
permission_list=[ResourcePermission.VIEW,
ResourcePermission.MANAGE] if auth_type == ResourceAuthType.RESOURCE_PERMISSION_GROUP else [
ResourcePermissionRole.ROLE],
workspace_id=workspace_id,
user_id=user_id,
auth_type=auth_type
).save()
# 刷新缓存
version = Cache_Version.PERMISSION_LIST.get_version()
key = Cache_Version.PERMISSION_LIST.get_key(user_id=user_id)
cache.delete(key, version=version)
return True
def list(self, user, with_valid=True): def list(self, user, with_valid=True):
if with_valid: if with_valid:
self.is_valid(raise_exception=True) self.is_valid(raise_exception=True)

20
apps/tools/serializers/tool.py
View File

@ -29,6 +29,7 @@ from common.utils.tool_code import ToolExecutor
from knowledge.models import File, FileSourceType from knowledge.models import File, FileSourceType
from maxkb.const import CONFIG, PROJECT_DIR from maxkb.const import CONFIG, PROJECT_DIR
from system_manage.models import AuthTargetType, WorkspaceUserResourcePermission from system_manage.models import AuthTargetType, WorkspaceUserResourcePermission
from system_manage.serializers.user_resource_permission import UserResourcePermissionSerializer
from tools.models import Tool, ToolScope, ToolFolder, ToolType from tools.models import Tool, ToolScope, ToolFolder, ToolType
from tools.serializers.tool_folder import ToolFolderFlatSerializer from tools.serializers.tool_folder import ToolFolderFlatSerializer
from users.serializers.user import is_workspace_manage from users.serializers.user import is_workspace_manage
@ -219,20 +220,11 @@ class ToolSerializer(serializers.Serializer):
).save() ).save()
# 自动授权给创建者 # 自动授权给创建者
WorkspaceUserResourcePermission( UserResourcePermissionSerializer(data={
target=tool_id, 'workspace_id': self.data.get('workspace_id'),
auth_target_type=AuthTargetType.TOOL, 'user_id': self.data.get('user_id'),
permission_list=[ResourcePermission.VIEW, ResourcePermission.MANAGE], 'auth_target_type': AuthTargetType.TOOL.value
workspace_id=self.data.get('workspace_id'), }).auth_resource(str(tool_id))
user_id=self.data.get('user_id'),
auth_type=ResourceAuthType.RESOURCE_PERMISSION_GROUP
).save()
# 刷新缓存
version = Cache_Version.PERMISSION_LIST.get_version()
key = Cache_Version.PERMISSION_LIST.get_key(user_id=self.data.get('user_id'))
cache.delete(key, version=version)
return ToolSerializer.Operate(data={ return ToolSerializer.Operate(data={
'id': tool_id, 'workspace_id': self.data.get('workspace_id') 'id': tool_id, 'workspace_id': self.data.get('workspace_id')
}).one() }).one()

35
ui/src/views/application/component/CreateApplicationDialog.vue
View File

@ -82,16 +82,17 @@
</el-dialog> </el-dialog>
</template> </template>
<script setup lang="ts"> <script setup lang="ts">
import {ref, watch, reactive} from 'vue' import { ref, watch, reactive } from 'vue'
import {useRouter, useRoute} from 'vue-router' import { useRouter, useRoute } from 'vue-router'
import type {ApplicationFormType} from '@/api/type/application' import type { ApplicationFormType } from '@/api/type/application'
import type {FormInstance, FormRules} from 'element-plus' import type { FormInstance, FormRules } from 'element-plus'
import applicationApi from '@/api/application/application' import applicationApi from '@/api/application/application'
import {MsgSuccess, MsgAlert} from '@/utils/message' import { MsgSuccess, MsgAlert } from '@/utils/message'
import {isWorkFlow} from '@/utils/application' import { isWorkFlow } from '@/utils/application'
import {baseNodes} from '@/workflow/common/data' import { baseNodes } from '@/workflow/common/data'
import {t} from '@/locales' import { t } from '@/locales'
import useStore from '@/stores'
const { user } = useStore()
const router = useRouter() const router = useRouter()
const emit = defineEmits(['refresh']) const emit = defineEmits(['refresh'])
@ -227,17 +228,19 @@ const submitHandle = async (formEl: FormInstance | undefined) => {
} }
console.log(applicationForm.value.type) console.log(applicationForm.value.type)
applicationApi applicationApi
.postApplication( .postApplication({ ...applicationForm.value, folder_id: currentFolder.value }, loading)
{...applicationForm.value, folder_id: currentFolder.value}, .then((res) => {
loading, return user.profile().then(() => {
) return res
})
})
.then((res) => { .then((res) => {
MsgSuccess(t('common.createSuccess')) MsgSuccess(t('common.createSuccess'))
emit('refresh') emit('refresh')
if (isWorkFlow(applicationForm.value.type)) { if (isWorkFlow(applicationForm.value.type)) {
router.push({path: `/application/${res.data.id}/workflow`}) router.push({ path: `/application/${res.data.id}/workflow` })
} else { } else {
router.push({path: `/application/${res.data.id}/${res.data.type}/setting`}) router.push({ path: `/application/${res.data.id}/${res.data.type}/setting` })
} }
dialogVisible.value = false dialogVisible.value = false
}) })
@ -249,7 +252,7 @@ function selectedType(type: string) {
appTemplate.value = type appTemplate.value = type
} }
defineExpose({open}) defineExpose({ open })
</script> </script>
<style lang="scss" scoped> <style lang="scss" scoped>
.radio-card { .radio-card {