zhuchaowe/maxkb
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
680475cb97
maxkb/apps/common/constants/permission_constants.py

395 lines
14 KiB
Python
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

"""
@project: qabot
@Author虎虎
@file permission_constants.py
@date2023/9/13 18:23
@desc: 权限,角色 常量
"""
from enum import Enum
from functools import reduce
from typing import List
from django.db import models
class Group(Enum):
"""
权限组 一个组一般对应前端一个菜单
"""
USER = "USER"
APPLICATION = "APPLICATION"
KNOWLEDGE = "KNOWLEDGE"
KNOWLEDGE_DOCUMENT = "KNOWLEDGE_DOCUMENT"
KNOWLEDGE_PARAGRAPH = "KNOWLEDGE_PARAGRAPH"
KNOWLEDGE_PROBLEM = "KNOWLEDGE_PROBLEM"
MODEL = "MODEL"
TOOL = "TOOL"
WORKSPACE_USER_RESOURCE_PERMISSION = "WORKSPACE_USER_RESOURCE_PERMISSION"
class Operate(Enum):
"""
一个权限组的操作权限
"""
READ = 'READ'
EDIT = "EDIT"
CREATE = "CREATE"
DELETE = "DELETE"
"""
使用权限
"""
USE = "USE"
class RoleGroup(Enum):
# 系统用户
SYSTEM_USER = "SYSTEM_USER"
# 对话用户
CHAT_USER = "CHAT_USER"
class ResourcePermissionRole(models.TextChoices):
"""
资源权限根据角色
"""
ROLE = "ROLE"
def __eq__(self, other):
return str(self) == str(other)
class ResourcePermissionGroup(models.TextChoices):
"""
资源权限组
"""
# 查看
VIEW = "VIEW"
# 管理
MANAGE = "MANAGE"
def __eq__(self, other):
return str(self) == str(other)
class ResourceAuthType(models.TextChoices):
"""
资源授权类型
"""
"当授权类型是Role时候"
ROLE = "ROLE"
"""资源权限组"""
RESOURCE_PERMISSION_GROUP = "RESOURCE_PERMISSION_GROUP"
class Role:
def __init__(self, name: str, decs: str, group: RoleGroup, resource_path=None):
self.name = name
self.decs = decs
self.group = group
self.resource_path = resource_path
def __str__(self):
return self.name + (
(":" + self.resource_path) if self.resource_path is not None else '')
def __eq__(self, other):
return str(self) == str(other)
class RoleConstants(Enum):
ADMIN = Role("ADMIN", '超级管理员', RoleGroup.SYSTEM_USER)
WORKSPACE_MANAGE = Role("WORKSPACE_MANAGE", '工作空间管理员', RoleGroup.SYSTEM_USER)
USER = Role("USER", '普通用户', RoleGroup.SYSTEM_USER)
def get_workspace_role(self):
return lambda r, kwargs: Role(name=self.value.name,
decs=self.value.decs,
group=self.value.group,
resource_path=
f"/WORKSPACE/{kwargs.get('workspace_id')}")
class Permission:
"""
权限信息
"""
def __init__(self, group: Group, operate: Operate, resource_path=None, role_list=None,
resource_permission_group_list=None):
if role_list is None:
role_list = []
if resource_permission_group_list is None:
resource_permission_group_list = []
self.group = group
self.operate = operate
self.resource_path = resource_path
# 用于获取角色与权限的关系,只适用于没有权限管理的
self.role_list = role_list
# 用于资源权限权限分组
self.resource_permission_group_list = resource_permission_group_list
@staticmethod
def new_instance(permission_str: str):
permission_split = permission_str.split(":")
group = Group[permission_split[0]]
operate = Operate[permission_split[2]]
if len(permission_split) > 2:
dynamic_tag = ":".join(permission_split[2:])
return Permission(group, operate, dynamic_tag)
return Permission(group, operate)
def __str__(self):
return self.group.value + ":" + self.operate.value + (
(":" + self.resource_path) if self.resource_path is not None else '')
def __eq__(self, other):
return str(self) == str(other)
class PermissionConstants(Enum):
"""
权限枚举
"""
USER_READ = Permission(
group=Group.USER, operate=Operate.READ, role_list=[RoleConstants.ADMIN, RoleConstants.USER]
)
USER_CREATE = Permission(
group=Group.USER, operate=Operate.CREATE, role_list=[RoleConstants.ADMIN]
)
USER_EDIT = Permission(
group=Group.USER, operate=Operate.EDIT, role_list=[RoleConstants.ADMIN]
)
USER_DELETE = Permission(
group=Group.USER, operate=Operate.DELETE, role_list=[RoleConstants.ADMIN]
)
MODEL_CREATE = Permission(
group=Group.MODEL, operate=Operate.CREATE, role_list=[RoleConstants.ADMIN, RoleConstants.USER]
)
MODEL_READ = Permission(
group=Group.MODEL, operate=Operate.READ, role_list=[RoleConstants.ADMIN, RoleConstants.USER]
)
MODEL_EDIT = Permission(
group=Group.MODEL, operate=Operate.EDIT, role_list=[RoleConstants.ADMIN, RoleConstants.USER]
)
MODEL_DELETE = Permission(
group=Group.MODEL, operate=Operate.DELETE, role_list=[RoleConstants.ADMIN, RoleConstants.USER]
)
TOOL_FOLDER_CREATE = Permission(
group=Group.TOOL, operate=Operate.CREATE, role_list=[RoleConstants.ADMIN, RoleConstants.USER]
)
TOOL_FOLDER_READ = Permission(
group=Group.TOOL, operate=Operate.READ, role_list=[RoleConstants.ADMIN, RoleConstants.USER]
)
TOOL_FOLDER_EDIT = Permission(
group=Group.TOOL, operate=Operate.EDIT, role_list=[RoleConstants.ADMIN, RoleConstants.USER]
)
TOOL_FOLDER_DELETE = Permission(
group=Group.TOOL, operate=Operate.DELETE, role_list=[RoleConstants.ADMIN, RoleConstants.USER]
)
TOOL_CREATE = Permission(
group=Group.TOOL, operate=Operate.CREATE, role_list=[RoleConstants.ADMIN, RoleConstants.USER]
)
TOOL_EDIT = Permission(
group=Group.TOOL, operate=Operate.EDIT, role_list=[RoleConstants.ADMIN, RoleConstants.USER]
)
TOOL_READ = Permission(
group=Group.TOOL, operate=Operate.READ, role_list=[RoleConstants.ADMIN, RoleConstants.USER]
)
TOOL_DELETE = Permission(
group=Group.TOOL, operate=Operate.DELETE, role_list=[RoleConstants.ADMIN, RoleConstants.USER]
)
TOOL_DEBUG = Permission(
group=Group.TOOL, operate=Operate.USE, role_list=[RoleConstants.ADMIN, RoleConstants.USER]
)
TOOL_IMPORT = Permission(
group=Group.TOOL, operate=Operate.USE, role_list=[RoleConstants.ADMIN, RoleConstants.USER]
)
TOOL_EXPORT = Permission(
group=Group.TOOL, operate=Operate.USE, role_list=[RoleConstants.ADMIN, RoleConstants.USER]
)
KNOWLEDGE_FOLDER_CREATE = Permission(
group=Group.KNOWLEDGE, operate=Operate.CREATE, role_list=[RoleConstants.ADMIN, RoleConstants.USER]
)
KNOWLEDGE_FOLDER_READ = Permission(
group=Group.KNOWLEDGE, operate=Operate.READ, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
resource_permission_group_list=[ResourcePermissionGroup.VIEW]
)
KNOWLEDGE_FOLDER_EDIT = Permission(
group=Group.KNOWLEDGE, operate=Operate.EDIT, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
resource_permission_group_list=[ResourcePermissionGroup.MANAGE]
)
KNOWLEDGE_FOLDER_DELETE = Permission(
group=Group.KNOWLEDGE, operate=Operate.DELETE, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
resource_permission_group_list=[ResourcePermissionGroup.MANAGE]
)
KNOWLEDGE_READ = Permission(
group=Group.KNOWLEDGE, operate=Operate.READ, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
resource_permission_group_list=[ResourcePermissionGroup.VIEW]
)
KNOWLEDGE_CREATE = Permission(
group=Group.KNOWLEDGE, operate=Operate.CREATE, role_list=[RoleConstants.ADMIN, RoleConstants.USER]
)
KNOWLEDGE_EDIT = Permission(
group=Group.KNOWLEDGE, operate=Operate.EDIT, role_list=[RoleConstants.ADMIN, RoleConstants.USER]
)
KNOWLEDGE_DELETE = Permission(
group=Group.KNOWLEDGE, operate=Operate.DELETE, role_list=[RoleConstants.ADMIN, RoleConstants.USER]
)
KNOWLEDGE_DOCUMENT_READ = Permission(
group=Group.KNOWLEDGE_DOCUMENT, operate=Operate.READ,
role_list=[RoleConstants.ADMIN, RoleConstants.USER]
)
KNOWLEDGE_DOCUMENT_CREATE = Permission(
group=Group.KNOWLEDGE_DOCUMENT, operate=Operate.CREATE,
role_list=[RoleConstants.ADMIN, RoleConstants.USER]
)
KNOWLEDGE_DOCUMENT_EDIT = Permission(
group=Group.KNOWLEDGE_DOCUMENT, operate=Operate.EDIT, role_list=[RoleConstants.ADMIN, RoleConstants.USER]
)
KNOWLEDGE_DOCUMENT_DELETE = Permission(
group=Group.KNOWLEDGE_DOCUMENT, operate=Operate.DELETE, role_list=[RoleConstants.ADMIN, RoleConstants.USER]
)
KNOWLEDGE_PARAGRAPH_READ = Permission(
group=Group.KNOWLEDGE_PARAGRAPH, operate=Operate.READ,
role_list=[RoleConstants.ADMIN, RoleConstants.USER]
)
KNOWLEDGE_PARAGRAPH_CREATE = Permission(
group=Group.KNOWLEDGE_PARAGRAPH, operate=Operate.CREATE,
role_list=[RoleConstants.ADMIN, RoleConstants.USER]
)
KNOWLEDGE_PARAGRAPH_EDIT = Permission(
group=Group.KNOWLEDGE_PARAGRAPH, operate=Operate.EDIT, role_list=[RoleConstants.ADMIN, RoleConstants.USER]
)
KNOWLEDGE_PARAGRAPH_DELETE = Permission(
group=Group.KNOWLEDGE_PARAGRAPH, operate=Operate.DELETE, role_list=[RoleConstants.ADMIN, RoleConstants.USER]
)
KNOWLEDGE_PROBLEM_READ = Permission(
group=Group.KNOWLEDGE_PROBLEM, operate=Operate.READ,
role_list=[RoleConstants.ADMIN, RoleConstants.USER]
)
KNOWLEDGE_PROBLEM_CREATE = Permission(
group=Group.KNOWLEDGE_PROBLEM, operate=Operate.CREATE,
role_list=[RoleConstants.ADMIN, RoleConstants.USER]
)
KNOWLEDGE_PROBLEM_EDIT = Permission(
group=Group.KNOWLEDGE_PROBLEM, operate=Operate.EDIT, role_list=[RoleConstants.ADMIN, RoleConstants.USER]
)
KNOWLEDGE_PROBLEM_DELETE = Permission(
group=Group.KNOWLEDGE_PROBLEM, operate=Operate.DELETE, role_list=[RoleConstants.ADMIN, RoleConstants.USER]
)
WORKSPACE_USER_RESOURCE_PERMISSION_READ = Permission(
group=Group.WORKSPACE_USER_RESOURCE_PERMISSION, operate=Operate.READ,
role_list=[RoleConstants.ADMIN, RoleConstants.WORKSPACE_MANAGE]
)
EMAIL_SETTING_READ = Permission(
group=Group.USER, operate=Operate.READ, role_list=[RoleConstants.ADMIN]
)
EMAIL_SETTING_EDIT = Permission(
group=Group.USER, operate=Operate.EDIT, role_list=[RoleConstants.ADMIN]
)
def get_workspace_application_permission(self):
return lambda r, kwargs: Permission(group=self.value.group, operate=self.value.operate,
resource_path=
f"/WORKSPACE/{kwargs.get('workspace_id')}/APPLICATION/{kwargs.get('application_id')}")
def get_workspace_knowledge_permission(self):
return lambda r, kwargs: Permission(group=self.value.group, operate=self.value.operate,
resource_path=
f"/WORKSPACE/{kwargs.get('workspace_id')}/KNOWLEDGE/{kwargs.get('knowledge_id')}")
def get_workspace_permission(self):
return lambda r, kwargs: Permission(group=self.value.group, operate=self.value.operate,
resource_path=
f"/WORKSPACE/{kwargs.get('workspace_id')}")
def __eq__(self, other):
if isinstance(other, PermissionConstants):
return other == self
else:
return self.value == other
def get_default_permission_list_by_role(role: RoleConstants):
"""
根据角色 获取角色对应的权限
:param role: 角色
:return: 权限
"""
return list(map(lambda k: PermissionConstants[k],
list(filter(lambda k: PermissionConstants[k].value.role_list.__contains__(role),
PermissionConstants.__members__))))
class RolePermissionMapping:
def __init__(self, role_id, permission_id):
self.role_id = role_id
self.permission_id = permission_id
class WorkspaceUserRoleMapping:
def __init__(self, workspace_id, role_id, user_id):
self.workspace_id = workspace_id
self.role_id = role_id
self.user_id = user_id
def get_default_role_permission_mapping_list():
role_permission_mapping_list = [
[RolePermissionMapping(role.value.name, PermissionConstants[k].value.__str__()) for role in
PermissionConstants[k].value.role_list] for k in PermissionConstants.__members__]
return reduce(lambda x, y: [*x, *y], role_permission_mapping_list, [])
def get_default_workspace_user_role_mapping_list(user_role_list: list):
return [WorkspaceUserRoleMapping('default', role.value.name, 'default') for role in RoleConstants if
user_role_list.__contains__(role.value.name)]
def get_permission_list_by_resource_group(resource_group: ResourcePermissionGroup):
"""
根据资源组获取权限
"""
return [PermissionConstants[k] for k in PermissionConstants.__members__ if
PermissionConstants[k].value.resource_permission_group_list.__contains__(resource_group)]
class Auth:
"""
用于存储当前用户的角色和权限
"""
def __init__(self,
current_role_list: List[Role],
permission_list: List[PermissionConstants | Permission],
**keywords):
# 权限列表
self.permission_list = permission_list
# 角色列表
self.role_list = current_role_list
self.keywords = keywords
class CompareConstants(Enum):
# 或者
OR = "OR"
# 并且
AND = "AND"
class ViewPermission:
def __init__(self, roleList: List[RoleConstants], permissionList: List[PermissionConstants | object],
compare=CompareConstants.OR):
self.roleList = roleList
self.permissionList = permissionList
self.compare = compare
Reference in New Issue View Git Blame Copy Permalink