zhuchaowe/maxkb
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: role user permission (#3452)

Browse Source
This commit is contained in:
shaohuzhang1 2025-07-02 14:26:57 +08:00 committed by GitHub
parent 8b40762218
commit e8418f6f5c
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 26 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
apps/common/auth/handle/impl/user_token.py
View File

@ -127,7 +127,8 @@ def get_workspace_resource_permission_list_by_workspace_user_permission(
ResourcePermissionRole.ROLE)): ResourcePermissionRole.ROLE)):
return [ return [
f"{role_permission_mapping.permission_id}:/WORKSPACE/{workspace_user_resource_permission.workspace_id}/{workspace_user_resource_permission.auth_target_type}/{workspace_user_resource_permission.target}" f"{role_permission_mapping.permission_id}:/WORKSPACE/{workspace_user_resource_permission.workspace_id}/{workspace_user_resource_permission.auth_target_type}/{workspace_user_resource_permission.target}"
for role_permission_mapping in role_permission_mapping_list] for role_permission_mapping in role_permission_mapping_list] + [
f"{workspace_user_resource_permission.auth_target_type}:/WORKSPACE/{workspace_user_resource_permission.workspace_id}/{workspace_user_resource_permission.auth_target_type}/{workspace_user_resource_permission.target}"]
elif workspace_user_resource_permission.auth_type == ResourceAuthType.RESOURCE_PERMISSION_GROUP: elif workspace_user_resource_permission.auth_type == ResourceAuthType.RESOURCE_PERMISSION_GROUP:
resource_permission_list = [ resource_permission_list = [
@ -230,7 +231,7 @@ def reset_workspace_role(role_id, workspace_id, role_dict):
if system_role == role_id: if system_role == role_id:
return role_id return role_id
else: else:
return f"{role_id}:/WORKSPACE/{workspace_id}" return [f"{role_id}:/WORKSPACE/{workspace_id}", role_id]
else: else:
r = role_dict.get(role_id) r = role_dict.get(role_id)
if r is None: if r is None:
@ -238,7 +239,7 @@ def reset_workspace_role(role_id, workspace_id, role_dict):
role_type = role_dict.get(role_id).type role_type = role_dict.get(role_id).type
if system_role == role_type: if system_role == role_type:
return RoleConstants.EXTENDS_ADMIN.value.name return RoleConstants.EXTENDS_ADMIN.value.name
return f"EXTENDS_{role_type}:/WORKSPACE/{workspace_id}" return [f"EXTENDS_{role_type}:/WORKSPACE/{workspace_id}", f"EXTENDS_{role_type}"]
def get_role_list(user, def get_role_list(user,
@ -260,12 +261,13 @@ def get_role_list(user,
workspace_user_role_mapping_list = QuerySet(workspace_user_role_mapping_model).filter(user_id=user.id) workspace_user_role_mapping_list = QuerySet(workspace_user_role_mapping_model).filter(user_id=user.id)
role_list = QuerySet(role_model).filter(id__in=[wurm.role_id for wurm in workspace_user_role_mapping_list]) role_list = QuerySet(role_model).filter(id__in=[wurm.role_id for wurm in workspace_user_role_mapping_list])
role_dict = {r.id: r for r in role_list} role_dict = {r.id: r for r in role_list}
role_list = list(set([reset_workspace_role(workspace_user_role_mapping.role_id, role_list = list(
workspace_user_role_mapping.workspace_id, set(reduce(lambda x, y: [*x, *y], [reset_workspace_role(workspace_user_role_mapping.role_id,
role_dict) workspace_user_role_mapping.workspace_id,
for role_dict)
workspace_user_role_mapping in for
workspace_user_role_mapping_list])) workspace_user_role_mapping in
workspace_user_role_mapping_list], [])))
cache.set(key, workspace_list, version=version) cache.set(key, workspace_list, version=version)
return role_list return role_list
else: else:

15
apps/common/constants/permission_constants.py
View File

@ -125,6 +125,7 @@ class Operate(Enum):
""" """
一个权限组的操作权限 一个权限组的操作权限
""" """
SELF = ""
READ = 'READ' READ = 'READ'
EDIT = "READ+EDIT" EDIT = "READ+EDIT"
CREATE = "READ+CREATE" CREATE = "READ+CREATE"
@ -161,6 +162,7 @@ class Operate(Enum):
SETTING = "READ+SETTING" # 管理 SETTING = "READ+SETTING" # 管理
DOWNLOAD = "READ+DOWNLOAD" # 下载 DOWNLOAD = "READ+DOWNLOAD" # 下载
class RoleGroup(Enum): class RoleGroup(Enum):
# 系统用户 # 系统用户
SYSTEM_USER = "SYSTEM_USER" SYSTEM_USER = "SYSTEM_USER"
@ -405,6 +407,19 @@ class PermissionConstants(Enum):
""" """
权限枚举 权限枚举
""" """
KNOWLEDGE = Permission(
group=Group.KNOWLEDGE, operate=Operate.SELF, role_list=[RoleConstants.ADMIN, RoleConstants.USER]
)
APPLICATION = Permission(
group=Group.APPLICATION, operate=Operate.SELF, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
)
MODEL = Permission(
group=Group.MODEL, operate=Operate.SELF, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
)
TOOL = Permission(
group=Group.TOOL, operate=Operate.SELF, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
)
USER_READ = Permission( USER_READ = Permission(
group=Group.USER, operate=Operate.READ, role_list=[RoleConstants.ADMIN, RoleConstants.USER], group=Group.USER, operate=Operate.READ, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
parent_group=[SystemGroup.USER_MANAGEMENT] parent_group=[SystemGroup.USER_MANAGEMENT]