""" @project: qabot @Author:虎虎 @file: permission_constants.py @date:2023/9/13 18:23 @desc: 权限,角色 常量 """ from enum import Enum from functools import reduce from typing import List from django.db import models class Group(Enum): """ 权限组 一个组一般对应前端一个菜单 """ USER = "USER" APPLICATION = "APPLICATION" KNOWLEDGE = "KNOWLEDGE" KNOWLEDGE_DOCUMENT = "KNOWLEDGE_DOCUMENT" KNOWLEDGE_PARAGRAPH = "KNOWLEDGE_PARAGRAPH" KNOWLEDGE_PROBLEM = "KNOWLEDGE_PROBLEM" MODEL = "MODEL" TOOL = "TOOL" WORKSPACE_USER_RESOURCE_PERMISSION = "WORKSPACE_USER_RESOURCE_PERMISSION" class Operate(Enum): """ 一个权限组的操作权限 """ READ = 'READ' EDIT = "EDIT" CREATE = "CREATE" DELETE = "DELETE" """ 使用权限 """ USE = "USE" class RoleGroup(Enum): # 系统用户 SYSTEM_USER = "SYSTEM_USER" # 对话用户 CHAT_USER = "CHAT_USER" class ResourcePermissionRole(models.TextChoices): """ 资源权限根据角色 """ ROLE = "ROLE" def __eq__(self, other): return str(self) == str(other) class ResourcePermissionGroup(models.TextChoices): """ 资源权限组 """ # 查看 VIEW = "VIEW" # 管理 MANAGE = "MANAGE" def __eq__(self, other): return str(self) == str(other) class ResourceAuthType(models.TextChoices): """ 资源授权类型 """ "当授权类型是Role时候" ROLE = "ROLE" """资源权限组""" RESOURCE_PERMISSION_GROUP = "RESOURCE_PERMISSION_GROUP" class Role: def __init__(self, name: str, decs: str, group: RoleGroup, resource_path=None): self.name = name self.decs = decs self.group = group self.resource_path = resource_path def __str__(self): return self.name + ( (":" + self.resource_path) if self.resource_path is not None else '') def __eq__(self, other): return str(self) == str(other) class RoleConstants(Enum): ADMIN = Role("ADMIN", '超级管理员', RoleGroup.SYSTEM_USER) WORKSPACE_MANAGE = Role("WORKSPACE_MANAGE", '工作空间管理员', RoleGroup.SYSTEM_USER) USER = Role("USER", '普通用户', RoleGroup.SYSTEM_USER) def get_workspace_role(self): return lambda r, kwargs: Role(name=self.value.name, decs=self.value.decs, group=self.value.group, resource_path= f"/WORKSPACE/{kwargs.get('workspace_id')}") class Permission: """ 权限信息 """ def __init__(self, group: Group, operate: Operate, resource_path=None, role_list=None, resource_permission_group_list=None): if role_list is None: role_list = [] if resource_permission_group_list is None: resource_permission_group_list = [] self.group = group self.operate = operate self.resource_path = resource_path # 用于获取角色与权限的关系,只适用于没有权限管理的 self.role_list = role_list # 用于资源权限权限分组 self.resource_permission_group_list = resource_permission_group_list @staticmethod def new_instance(permission_str: str): permission_split = permission_str.split(":") group = Group[permission_split[0]] operate = Operate[permission_split[2]] if len(permission_split) > 2: dynamic_tag = ":".join(permission_split[2:]) return Permission(group, operate, dynamic_tag) return Permission(group, operate) def __str__(self): return self.group.value + ":" + self.operate.value + ( (":" + self.resource_path) if self.resource_path is not None else '') def __eq__(self, other): return str(self) == str(other) class PermissionConstants(Enum): """ 权限枚举 """ USER_READ = Permission( group=Group.USER, operate=Operate.READ, role_list=[RoleConstants.ADMIN, RoleConstants.USER] ) USER_CREATE = Permission( group=Group.USER, operate=Operate.CREATE, role_list=[RoleConstants.ADMIN] ) USER_EDIT = Permission( group=Group.USER, operate=Operate.EDIT, role_list=[RoleConstants.ADMIN] ) USER_DELETE = Permission( group=Group.USER, operate=Operate.DELETE, role_list=[RoleConstants.ADMIN] ) MODEL_CREATE = Permission( group=Group.MODEL, operate=Operate.CREATE, role_list=[RoleConstants.ADMIN, RoleConstants.USER] ) MODEL_READ = Permission( group=Group.MODEL, operate=Operate.READ, role_list=[RoleConstants.ADMIN, RoleConstants.USER] ) MODEL_EDIT = Permission( group=Group.MODEL, operate=Operate.EDIT, role_list=[RoleConstants.ADMIN, RoleConstants.USER] ) MODEL_DELETE = Permission( group=Group.MODEL, operate=Operate.DELETE, role_list=[RoleConstants.ADMIN, RoleConstants.USER] ) TOOL_FOLDER_CREATE = Permission( group=Group.TOOL, operate=Operate.CREATE, role_list=[RoleConstants.ADMIN, RoleConstants.USER] ) TOOL_FOLDER_READ = Permission( group=Group.TOOL, operate=Operate.READ, role_list=[RoleConstants.ADMIN, RoleConstants.USER] ) TOOL_FOLDER_EDIT = Permission( group=Group.TOOL, operate=Operate.EDIT, role_list=[RoleConstants.ADMIN, RoleConstants.USER] ) TOOL_FOLDER_DELETE = Permission( group=Group.TOOL, operate=Operate.DELETE, role_list=[RoleConstants.ADMIN, RoleConstants.USER] ) TOOL_CREATE = Permission( group=Group.TOOL, operate=Operate.CREATE, role_list=[RoleConstants.ADMIN, RoleConstants.USER] ) TOOL_EDIT = Permission( group=Group.TOOL, operate=Operate.EDIT, role_list=[RoleConstants.ADMIN, RoleConstants.USER] ) TOOL_READ = Permission( group=Group.TOOL, operate=Operate.READ, role_list=[RoleConstants.ADMIN, RoleConstants.USER] ) TOOL_DELETE = Permission( group=Group.TOOL, operate=Operate.DELETE, role_list=[RoleConstants.ADMIN, RoleConstants.USER] ) TOOL_DEBUG = Permission( group=Group.TOOL, operate=Operate.USE, role_list=[RoleConstants.ADMIN, RoleConstants.USER] ) TOOL_IMPORT = Permission( group=Group.TOOL, operate=Operate.USE, role_list=[RoleConstants.ADMIN, RoleConstants.USER] ) TOOL_EXPORT = Permission( group=Group.TOOL, operate=Operate.USE, role_list=[RoleConstants.ADMIN, RoleConstants.USER] ) KNOWLEDGE_FOLDER_CREATE = Permission( group=Group.KNOWLEDGE, operate=Operate.CREATE, role_list=[RoleConstants.ADMIN, RoleConstants.USER] ) KNOWLEDGE_FOLDER_READ = Permission( group=Group.KNOWLEDGE, operate=Operate.READ, role_list=[RoleConstants.ADMIN, RoleConstants.USER], resource_permission_group_list=[ResourcePermissionGroup.VIEW] ) KNOWLEDGE_FOLDER_EDIT = Permission( group=Group.KNOWLEDGE, operate=Operate.EDIT, role_list=[RoleConstants.ADMIN, RoleConstants.USER], resource_permission_group_list=[ResourcePermissionGroup.MANAGE] ) KNOWLEDGE_FOLDER_DELETE = Permission( group=Group.KNOWLEDGE, operate=Operate.DELETE, role_list=[RoleConstants.ADMIN, RoleConstants.USER], resource_permission_group_list=[ResourcePermissionGroup.MANAGE] ) KNOWLEDGE_READ = Permission( group=Group.KNOWLEDGE, operate=Operate.READ, role_list=[RoleConstants.ADMIN, RoleConstants.USER], resource_permission_group_list=[ResourcePermissionGroup.VIEW] ) KNOWLEDGE_CREATE = Permission( group=Group.KNOWLEDGE, operate=Operate.CREATE, role_list=[RoleConstants.ADMIN, RoleConstants.USER] ) KNOWLEDGE_EDIT = Permission( group=Group.KNOWLEDGE, operate=Operate.EDIT, role_list=[RoleConstants.ADMIN, RoleConstants.USER] ) KNOWLEDGE_DELETE = Permission( group=Group.KNOWLEDGE, operate=Operate.DELETE, role_list=[RoleConstants.ADMIN, RoleConstants.USER] ) KNOWLEDGE_DOCUMENT_READ = Permission( group=Group.KNOWLEDGE_DOCUMENT, operate=Operate.READ, role_list=[RoleConstants.ADMIN, RoleConstants.USER] ) KNOWLEDGE_DOCUMENT_CREATE = Permission( group=Group.KNOWLEDGE_DOCUMENT, operate=Operate.CREATE, role_list=[RoleConstants.ADMIN, RoleConstants.USER] ) KNOWLEDGE_DOCUMENT_EDIT = Permission( group=Group.KNOWLEDGE_DOCUMENT, operate=Operate.EDIT, role_list=[RoleConstants.ADMIN, RoleConstants.USER] ) KNOWLEDGE_DOCUMENT_DELETE = Permission( group=Group.KNOWLEDGE_DOCUMENT, operate=Operate.DELETE, role_list=[RoleConstants.ADMIN, RoleConstants.USER] ) KNOWLEDGE_PARAGRAPH_READ = Permission( group=Group.KNOWLEDGE_PARAGRAPH, operate=Operate.READ, role_list=[RoleConstants.ADMIN, RoleConstants.USER] ) KNOWLEDGE_PARAGRAPH_CREATE = Permission( group=Group.KNOWLEDGE_PARAGRAPH, operate=Operate.CREATE, role_list=[RoleConstants.ADMIN, RoleConstants.USER] ) KNOWLEDGE_PARAGRAPH_EDIT = Permission( group=Group.KNOWLEDGE_PARAGRAPH, operate=Operate.EDIT, role_list=[RoleConstants.ADMIN, RoleConstants.USER] ) KNOWLEDGE_PARAGRAPH_DELETE = Permission( group=Group.KNOWLEDGE_PARAGRAPH, operate=Operate.DELETE, role_list=[RoleConstants.ADMIN, RoleConstants.USER] ) KNOWLEDGE_PROBLEM_READ = Permission( group=Group.KNOWLEDGE_PROBLEM, operate=Operate.READ, role_list=[RoleConstants.ADMIN, RoleConstants.USER] ) KNOWLEDGE_PROBLEM_CREATE = Permission( group=Group.KNOWLEDGE_PROBLEM, operate=Operate.CREATE, role_list=[RoleConstants.ADMIN, RoleConstants.USER] ) KNOWLEDGE_PROBLEM_EDIT = Permission( group=Group.KNOWLEDGE_PROBLEM, operate=Operate.EDIT, role_list=[RoleConstants.ADMIN, RoleConstants.USER] ) KNOWLEDGE_PROBLEM_DELETE = Permission( group=Group.KNOWLEDGE_PROBLEM, operate=Operate.DELETE, role_list=[RoleConstants.ADMIN, RoleConstants.USER] ) WORKSPACE_USER_RESOURCE_PERMISSION_READ = Permission( group=Group.WORKSPACE_USER_RESOURCE_PERMISSION, operate=Operate.READ, role_list=[RoleConstants.ADMIN, RoleConstants.WORKSPACE_MANAGE] ) EMAIL_SETTING_READ = Permission( group=Group.USER, operate=Operate.READ, role_list=[RoleConstants.ADMIN] ) EMAIL_SETTING_EDIT = Permission( group=Group.USER, operate=Operate.EDIT, role_list=[RoleConstants.ADMIN] ) def get_workspace_application_permission(self): return lambda r, kwargs: Permission(group=self.value.group, operate=self.value.operate, resource_path= f"/WORKSPACE/{kwargs.get('workspace_id')}/APPLICATION/{kwargs.get('application_id')}") def get_workspace_knowledge_permission(self): return lambda r, kwargs: Permission(group=self.value.group, operate=self.value.operate, resource_path= f"/WORKSPACE/{kwargs.get('workspace_id')}/KNOWLEDGE/{kwargs.get('knowledge_id')}") def get_workspace_permission(self): return lambda r, kwargs: Permission(group=self.value.group, operate=self.value.operate, resource_path= f"/WORKSPACE/{kwargs.get('workspace_id')}") def __eq__(self, other): if isinstance(other, PermissionConstants): return other == self else: return self.value == other def get_default_permission_list_by_role(role: RoleConstants): """ 根据角色 获取角色对应的权限 :param role: 角色 :return: 权限 """ return list(map(lambda k: PermissionConstants[k], list(filter(lambda k: PermissionConstants[k].value.role_list.__contains__(role), PermissionConstants.__members__)))) class RolePermissionMapping: def __init__(self, role_id, permission_id): self.role_id = role_id self.permission_id = permission_id class WorkspaceUserRoleMapping: def __init__(self, workspace_id, role_id, user_id): self.workspace_id = workspace_id self.role_id = role_id self.user_id = user_id def get_default_role_permission_mapping_list(): role_permission_mapping_list = [ [RolePermissionMapping(role.value.name, PermissionConstants[k].value.__str__()) for role in PermissionConstants[k].value.role_list] for k in PermissionConstants.__members__] return reduce(lambda x, y: [*x, *y], role_permission_mapping_list, []) def get_default_workspace_user_role_mapping_list(user_role_list: list): return [WorkspaceUserRoleMapping('default', role.value.name, 'default') for role in RoleConstants if user_role_list.__contains__(role.value.name)] def get_permission_list_by_resource_group(resource_group: ResourcePermissionGroup): """ 根据资源组获取权限 """ return [PermissionConstants[k] for k in PermissionConstants.__members__ if PermissionConstants[k].value.resource_permission_group_list.__contains__(resource_group)] class Auth: """ 用于存储当前用户的角色和权限 """ def __init__(self, current_role_list: List[Role], permission_list: List[PermissionConstants | Permission], **keywords): # 权限列表 self.permission_list = permission_list # 角色列表 self.role_list = current_role_list self.keywords = keywords class CompareConstants(Enum): # 或者 OR = "OR" # 并且 AND = "AND" class ViewPermission: def __init__(self, roleList: List[RoleConstants], permissionList: List[PermissionConstants | object], compare=CompareConstants.OR): self.roleList = roleList self.permissionList = permissionList self.compare = compare