zhuchaowe/maxkb
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: user resource permission (#3424)

Browse Source
This commit is contained in:
shaohuzhang1 2025-06-30 10:47:28 +08:00 committed by GitHub
parent 74b76d9914
commit f5ee7b5c25
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 32 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
apps/common/constants/permission_constants.py
View File

@ -104,6 +104,7 @@ class WorkspaceGroup(Enum):
MODEL = "MODEL" MODEL = "MODEL"
TOOL = "TOOL" TOOL = "TOOL"
OTHER = "OTHER" OTHER = "OTHER"
RESOURCE_PERMISSION = "RESOURCE_PERMISSION"
class UserGroup(Enum): class UserGroup(Enum):
@ -340,6 +341,10 @@ Permission_Label = {
Group.WORKSPACE_CHAT_USER.value: _("Chat User"), Group.WORKSPACE_CHAT_USER.value: _("Chat User"),
Group.WORKSPACE_WORKSPACE.value: _("Workspace"), Group.WORKSPACE_WORKSPACE.value: _("Workspace"),
Group.WORKSPACE_ROLE.value: _("Role"), Group.WORKSPACE_ROLE.value: _("Role"),
Group.APPLICATION_WORKSPACE_USER_RESOURCE_PERMISSION.value: _("Application"),
Group.KNOWLEDGE_WORKSPACE_USER_RESOURCE_PERMISSION.value: _("Knowledge"),
Group.MODEL_WORKSPACE_USER_RESOURCE_PERMISSION.value: _("Model"),
Group.TOOL_WORKSPACE_USER_RESOURCE_PERMISSION.value: _("Tool"),
} }
@ -596,35 +601,44 @@ class PermissionConstants(Enum):
) )
APPLICATION_WORKSPACE_USER_RESOURCE_PERMISSION_READ = Permission( APPLICATION_WORKSPACE_USER_RESOURCE_PERMISSION_READ = Permission(
group=Group.APPLICATION_WORKSPACE_USER_RESOURCE_PERMISSION, operate=Operate.READ, group=Group.APPLICATION_WORKSPACE_USER_RESOURCE_PERMISSION, operate=Operate.READ,
role_list=[RoleConstants.ADMIN, RoleConstants.WORKSPACE_MANAGE] role_list=[RoleConstants.ADMIN, RoleConstants.WORKSPACE_MANAGE],
parent_group=[SystemGroup.RESOURCE_PERMISSION, WorkspaceGroup.RESOURCE_PERMISSION]
) )
APPLICATION_WORKSPACE_USER_RESOURCE_PERMISSION_EDIT = Permission( APPLICATION_WORKSPACE_USER_RESOURCE_PERMISSION_EDIT = Permission(
group=Group.APPLICATION_WORKSPACE_USER_RESOURCE_PERMISSION, operate=Operate.EDIT, group=Group.APPLICATION_WORKSPACE_USER_RESOURCE_PERMISSION, operate=Operate.EDIT,
role_list=[RoleConstants.ADMIN, RoleConstants.WORKSPACE_MANAGE] role_list=[RoleConstants.ADMIN, RoleConstants.WORKSPACE_MANAGE],
parent_group=[SystemGroup.RESOURCE_PERMISSION, WorkspaceGroup.RESOURCE_PERMISSION]
) )
KNOWLEDGE_WORKSPACE_USER_RESOURCE_PERMISSION_READ = Permission( KNOWLEDGE_WORKSPACE_USER_RESOURCE_PERMISSION_READ = Permission(
group=Group.KNOWLEDGE_WORKSPACE_USER_RESOURCE_PERMISSION, operate=Operate.READ, group=Group.KNOWLEDGE_WORKSPACE_USER_RESOURCE_PERMISSION, operate=Operate.READ,
role_list=[RoleConstants.ADMIN, RoleConstants.WORKSPACE_MANAGE] role_list=[RoleConstants.ADMIN, RoleConstants.WORKSPACE_MANAGE],
parent_group=[SystemGroup.RESOURCE_PERMISSION, WorkspaceGroup.RESOURCE_PERMISSION]
) )
KNOWLEDGE_WORKSPACE_USER_RESOURCE_PERMISSION_EDIT = Permission( KNOWLEDGE_WORKSPACE_USER_RESOURCE_PERMISSION_EDIT = Permission(
group=Group.KNOWLEDGE_WORKSPACE_USER_RESOURCE_PERMISSION, operate=Operate.EDIT, group=Group.KNOWLEDGE_WORKSPACE_USER_RESOURCE_PERMISSION, operate=Operate.EDIT,
role_list=[RoleConstants.ADMIN, RoleConstants.WORKSPACE_MANAGE] role_list=[RoleConstants.ADMIN, RoleConstants.WORKSPACE_MANAGE],
parent_group=[SystemGroup.RESOURCE_PERMISSION, WorkspaceGroup.RESOURCE_PERMISSION]
) )
TOOL_WORKSPACE_USER_RESOURCE_PERMISSION_READ = Permission( TOOL_WORKSPACE_USER_RESOURCE_PERMISSION_READ = Permission(
group=Group.TOOL_WORKSPACE_USER_RESOURCE_PERMISSION, operate=Operate.READ, group=Group.TOOL_WORKSPACE_USER_RESOURCE_PERMISSION, operate=Operate.READ,
role_list=[RoleConstants.ADMIN, RoleConstants.WORKSPACE_MANAGE] role_list=[RoleConstants.ADMIN, RoleConstants.WORKSPACE_MANAGE],
parent_group=[SystemGroup.RESOURCE_PERMISSION, WorkspaceGroup.RESOURCE_PERMISSION]
) )
TOOL_WORKSPACE_USER_RESOURCE_PERMISSION_EDIT = Permission( TOOL_WORKSPACE_USER_RESOURCE_PERMISSION_EDIT = Permission(
group=Group.TOOL_WORKSPACE_USER_RESOURCE_PERMISSION, operate=Operate.EDIT, group=Group.TOOL_WORKSPACE_USER_RESOURCE_PERMISSION, operate=Operate.EDIT,
role_list=[RoleConstants.ADMIN, RoleConstants.WORKSPACE_MANAGE] role_list=[RoleConstants.ADMIN, RoleConstants.WORKSPACE_MANAGE],
parent_group=[SystemGroup.RESOURCE_PERMISSION, WorkspaceGroup.RESOURCE_PERMISSION]
) )
MODEL_WORKSPACE_USER_RESOURCE_PERMISSION_READ = Permission( MODEL_WORKSPACE_USER_RESOURCE_PERMISSION_READ = Permission(
group=Group.MODEL_WORKSPACE_USER_RESOURCE_PERMISSION, operate=Operate.READ, group=Group.MODEL_WORKSPACE_USER_RESOURCE_PERMISSION, operate=Operate.READ,
role_list=[RoleConstants.ADMIN, RoleConstants.WORKSPACE_MANAGE] role_list=[RoleConstants.ADMIN, RoleConstants.WORKSPACE_MANAGE],
parent_group=[SystemGroup.RESOURCE_PERMISSION, WorkspaceGroup.RESOURCE_PERMISSION]
) )
MODEL_WORKSPACE_USER_RESOURCE_PERMISSION_EDIT = Permission( MODEL_WORKSPACE_USER_RESOURCE_PERMISSION_EDIT = Permission(
group=Group.MODEL_WORKSPACE_USER_RESOURCE_PERMISSION, operate=Operate.EDIT, group=Group.MODEL_WORKSPACE_USER_RESOURCE_PERMISSION, operate=Operate.EDIT,
role_list=[RoleConstants.ADMIN, RoleConstants.WORKSPACE_MANAGE] role_list=[RoleConstants.ADMIN, RoleConstants.WORKSPACE_MANAGE],
parent_group=[SystemGroup.RESOURCE_PERMISSION, WorkspaceGroup.RESOURCE_PERMISSION]
) )
EMAIL_SETTING_READ = Permission( EMAIL_SETTING_READ = Permission(
@ -1268,6 +1282,16 @@ class PermissionConstants(Enum):
resource_path= resource_path=
f"/WORKSPACE/{kwargs.get('workspace_id')}/KNOWLEDGE/{kwargs.get('knowledge_id')}") f"/WORKSPACE/{kwargs.get('workspace_id')}/KNOWLEDGE/{kwargs.get('knowledge_id')}")
def get_workspace_model_permission(self):
return lambda r, kwargs: Permission(group=self.value.group, operate=self.value.operate,
resource_path=
f"/WORKSPACE/{kwargs.get('workspace_id')}/MODEL/{kwargs.get('knowledge_id')}")
def get_workspace_tool_permission(self):
return lambda r, kwargs: Permission(group=self.value.group, operate=self.value.operate,
resource_path=
f"/WORKSPACE/{kwargs.get('workspace_id')}/TOOL/{kwargs.get('knowledge_id')}")
def get_workspace_permission(self): def get_workspace_permission(self):
return lambda r, kwargs: Permission(group=self.value.group, operate=self.value.operate, return lambda r, kwargs: Permission(group=self.value.group, operate=self.value.operate,
resource_path= resource_path=