2025-05-06 10:35:11 +00:00
|
|
|
|
# coding=utf-8
|
|
|
|
|
|
"""
|
|
|
|
|
|
@project: MaxKB
|
|
|
|
|
|
@Author:虎虎
|
|
|
|
|
|
@file: workspace_user_resource_permission.py
|
|
|
|
|
|
@date:2025/4/28 17:17
|
|
|
|
|
|
@desc:
|
|
|
|
|
|
"""
|
|
|
|
|
|
import json
|
|
|
|
|
|
import os
|
|
|
|
|
|
|
|
|
|
|
|
from django.core.cache import cache
|
2025-08-11 07:51:34 +00:00
|
|
|
|
from django.db import models
|
2025-10-21 02:16:18 +00:00
|
|
|
|
from django.db.models import QuerySet, Q, TextField
|
|
|
|
|
|
from django.db.models.functions import Cast
|
2025-05-06 10:35:11 +00:00
|
|
|
|
from django.utils.translation import gettext_lazy as _
|
|
|
|
|
|
from rest_framework import serializers
|
|
|
|
|
|
|
2025-06-04 05:05:39 +00:00
|
|
|
|
from application.models import Application
|
2025-05-06 10:35:11 +00:00
|
|
|
|
from common.constants.cache_version import Cache_Version
|
|
|
|
|
|
from common.constants.permission_constants import get_default_workspace_user_role_mapping_list, RoleConstants, \
|
2025-06-27 14:22:52 +00:00
|
|
|
|
ResourcePermission, ResourcePermissionRole, ResourceAuthType
|
2025-05-06 10:35:11 +00:00
|
|
|
|
from common.database_model_manage.database_model_manage import DatabaseModelManage
|
2025-08-11 07:51:34 +00:00
|
|
|
|
from common.db.search import native_search, native_page_search, get_dynamics_model
|
2025-05-06 10:35:11 +00:00
|
|
|
|
from common.db.sql_execute import select_list
|
|
|
|
|
|
from common.exception.app_exception import AppApiException
|
|
|
|
|
|
from common.utils.common import get_file_content
|
|
|
|
|
|
from knowledge.models import Knowledge
|
|
|
|
|
|
from maxkb.conf import PROJECT_DIR
|
2025-07-08 02:56:24 +00:00
|
|
|
|
from maxkb.settings import edition
|
2025-06-26 06:20:57 +00:00
|
|
|
|
from models_provider.models import Model
|
2025-08-14 08:08:36 +00:00
|
|
|
|
from system_manage.models import WorkspaceUserResourcePermission
|
2025-06-26 06:20:57 +00:00
|
|
|
|
from tools.models import Tool
|
2025-07-03 06:46:55 +00:00
|
|
|
|
from users.serializers.user import is_workspace_manage
|
2025-05-06 10:35:11 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class PermissionSerializer(serializers.Serializer):
|
|
|
|
|
|
VIEW = serializers.BooleanField(required=True, label="可读")
|
|
|
|
|
|
MANAGE = serializers.BooleanField(required=True, label="管理")
|
|
|
|
|
|
ROLE = serializers.BooleanField(required=True, label="跟随角色")
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class UserResourcePermissionItemResponse(serializers.Serializer):
|
|
|
|
|
|
id = serializers.UUIDField(required=True, label="主键id")
|
|
|
|
|
|
name = serializers.CharField(required=True, label="资源名称")
|
2025-08-13 02:09:42 +00:00
|
|
|
|
auth_target_type = serializers.CharField(required=True, label="授权资源")
|
2025-05-06 10:35:11 +00:00
|
|
|
|
user_id = serializers.UUIDField(required=True, label="用户id")
|
2025-08-13 02:09:42 +00:00
|
|
|
|
icon = serializers.CharField(required=True, label="资源图标")
|
|
|
|
|
|
auth_type = serializers.CharField(required=True, label="授权类型")
|
|
|
|
|
|
permission = serializers.ChoiceField(required=False, allow_null=True, allow_blank=True,
|
|
|
|
|
|
choices=['NOT_AUTH', 'MANAGE', 'VIEW', 'ROLE'],
|
|
|
|
|
|
label=_('permission'))
|
2025-05-06 10:35:11 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class UserResourcePermissionResponse(serializers.Serializer):
|
|
|
|
|
|
KNOWLEDGE = UserResourcePermissionItemResponse(many=True)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class UpdateTeamMemberItemPermissionSerializer(serializers.Serializer):
|
|
|
|
|
|
target_id = serializers.CharField(required=True, label=_('target id'))
|
2025-08-13 02:09:42 +00:00
|
|
|
|
permission = serializers.ChoiceField(required=False, allow_null=True, allow_blank=True,
|
|
|
|
|
|
choices=['NOT_AUTH', 'MANAGE', 'VIEW', 'ROLE'],
|
|
|
|
|
|
label=_('permission'))
|
2025-05-06 10:35:11 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class UpdateUserResourcePermissionRequest(serializers.Serializer):
|
|
|
|
|
|
user_resource_permission_list = UpdateTeamMemberItemPermissionSerializer(required=True, many=True)
|
|
|
|
|
|
|
2025-06-27 14:22:52 +00:00
|
|
|
|
def is_valid(self, *, auth_target_type=None, workspace_id=None, raise_exception=False):
|
2025-05-06 10:35:11 +00:00
|
|
|
|
super().is_valid(raise_exception=True)
|
2025-06-27 14:22:52 +00:00
|
|
|
|
user_resource_permission_list = [{'target_id': urp.get('target_id'), 'auth_target_type': auth_target_type} for
|
|
|
|
|
|
urp in
|
|
|
|
|
|
self.data.get("user_resource_permission_list")]
|
2025-05-06 10:35:11 +00:00
|
|
|
|
illegal_target_id_list = select_list(
|
|
|
|
|
|
get_file_content(
|
|
|
|
|
|
os.path.join(PROJECT_DIR, "apps", "system_manage", 'sql', 'check_member_permission_target_exists.sql')),
|
2025-10-15 02:44:26 +00:00
|
|
|
|
[json.dumps(user_resource_permission_list), workspace_id, workspace_id, workspace_id, workspace_id,
|
|
|
|
|
|
workspace_id, workspace_id, workspace_id])
|
2025-05-06 10:35:11 +00:00
|
|
|
|
if illegal_target_id_list is not None and len(illegal_target_id_list) > 0:
|
|
|
|
|
|
raise AppApiException(500,
|
2025-10-27 09:45:52 +00:00
|
|
|
|
_('Non-existent id')+'[' + str(illegal_target_id_list) + ']')
|
2025-06-27 14:22:52 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
m_map = {
|
|
|
|
|
|
"KNOWLEDGE": Knowledge,
|
|
|
|
|
|
'TOOL': Tool,
|
|
|
|
|
|
'MODEL': Model,
|
|
|
|
|
|
'APPLICATION': Application,
|
|
|
|
|
|
}
|
2025-10-14 08:31:30 +00:00
|
|
|
|
|
2025-06-27 14:22:52 +00:00
|
|
|
|
sql_map = {
|
|
|
|
|
|
"KNOWLEDGE": 'get_knowledge_user_resource_permission.sql',
|
|
|
|
|
|
'TOOL': 'get_tool_user_resource_permission.sql',
|
|
|
|
|
|
'MODEL': 'get_model_user_resource_permission.sql',
|
|
|
|
|
|
'APPLICATION': 'get_application_user_resource_permission.sql'
|
|
|
|
|
|
}
|
2025-05-06 10:35:11 +00:00
|
|
|
|
|
2025-08-14 08:08:36 +00:00
|
|
|
|
|
2025-08-13 02:09:42 +00:00
|
|
|
|
class UserResourcePermissionUserListRequest(serializers.Serializer):
|
|
|
|
|
|
name = serializers.CharField(required=False, allow_null=True, allow_blank=True, label=_('resource name'))
|
2025-08-14 08:08:36 +00:00
|
|
|
|
permission = serializers.MultipleChoiceField(required=False, allow_null=True, allow_blank=True,
|
2025-08-21 06:09:45 +00:00
|
|
|
|
choices=['NOT_AUTH', 'MANAGE', 'VIEW', 'ROLE'],
|
|
|
|
|
|
label=_('permission'))
|
2025-05-06 10:35:11 +00:00
|
|
|
|
|
2025-08-14 08:08:36 +00:00
|
|
|
|
|
2025-05-06 10:35:11 +00:00
|
|
|
|
class UserResourcePermissionSerializer(serializers.Serializer):
|
|
|
|
|
|
workspace_id = serializers.CharField(required=True, label=_('workspace id'))
|
2025-06-04 05:05:39 +00:00
|
|
|
|
user_id = serializers.CharField(required=True, label=_('user id'))
|
2025-06-27 14:22:52 +00:00
|
|
|
|
auth_target_type = serializers.CharField(required=True, label=_('resource'))
|
2025-05-06 10:35:11 +00:00
|
|
|
|
|
2025-08-13 02:09:42 +00:00
|
|
|
|
def get_queryset(self, instance):
|
|
|
|
|
|
resource_query_set = QuerySet(
|
|
|
|
|
|
model=get_dynamics_model({
|
|
|
|
|
|
'name': models.CharField(),
|
|
|
|
|
|
"permission": models.CharField(),
|
|
|
|
|
|
}))
|
|
|
|
|
|
name = instance.get('name')
|
|
|
|
|
|
permission = instance.get('permission')
|
2025-08-14 08:08:36 +00:00
|
|
|
|
query_p_list = [None if p == "NOT_AUTH" else p for p in permission]
|
2025-08-13 02:09:42 +00:00
|
|
|
|
|
|
|
|
|
|
if name:
|
|
|
|
|
|
resource_query_set = resource_query_set.filter(name__contains=name)
|
|
|
|
|
|
if permission:
|
2025-08-14 08:08:36 +00:00
|
|
|
|
if all([p is None for p in query_p_list]):
|
|
|
|
|
|
resource_query_set = resource_query_set.filter(permission=None)
|
|
|
|
|
|
else:
|
|
|
|
|
|
if any([p is None for p in query_p_list]):
|
|
|
|
|
|
resource_query_set = resource_query_set.filter(
|
|
|
|
|
|
Q(permission__in=query_p_list) | Q(permission=None))
|
|
|
|
|
|
else:
|
|
|
|
|
|
resource_query_set = resource_query_set.filter(
|
|
|
|
|
|
permission__in=query_p_list)
|
2025-05-06 10:35:11 +00:00
|
|
|
|
return {
|
2025-06-27 14:22:52 +00:00
|
|
|
|
'query_set': QuerySet(m_map.get(self.data.get('auth_target_type'))).filter(
|
|
|
|
|
|
workspace_id=self.data.get('workspace_id')),
|
2025-10-14 08:31:30 +00:00
|
|
|
|
'folder_query_set': QuerySet(m_map.get(self.data.get('auth_target_type'))).filter(
|
|
|
|
|
|
workspace_id=self.data.get('workspace_id')),
|
2025-05-06 10:35:11 +00:00
|
|
|
|
'workspace_user_resource_permission_query_set': QuerySet(WorkspaceUserResourcePermission).filter(
|
2025-06-27 14:22:52 +00:00
|
|
|
|
workspace_id=self.data.get('workspace_id'), user=self.data.get('user_id'),
|
2025-08-13 02:09:42 +00:00
|
|
|
|
auth_target_type=self.data.get('auth_target_type')),
|
|
|
|
|
|
'resource_query_set': resource_query_set
|
2025-05-06 10:35:11 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
2025-07-08 12:14:33 +00:00
|
|
|
|
def is_auth(self, resource_id: str):
|
|
|
|
|
|
self.is_valid(raise_exception=True)
|
|
|
|
|
|
auth_target_type = self.data.get('auth_target_type')
|
|
|
|
|
|
workspace_id = self.data.get('workspace_id')
|
|
|
|
|
|
user_id = self.data.get('user_id')
|
|
|
|
|
|
workspace_manage = is_workspace_manage(user_id, workspace_id)
|
|
|
|
|
|
if workspace_manage:
|
|
|
|
|
|
return True
|
|
|
|
|
|
wurp = QuerySet(WorkspaceUserResourcePermission).filter(auth_target_type=auth_target_type,
|
|
|
|
|
|
workspace_id=workspace_id, user=user_id,
|
|
|
|
|
|
target=resource_id).first()
|
|
|
|
|
|
if wurp is None:
|
|
|
|
|
|
return False
|
|
|
|
|
|
workspace_user_role_mapping_model = DatabaseModelManage.get_model("workspace_user_role_mapping")
|
|
|
|
|
|
role_permission_mapping_model = DatabaseModelManage.get_model("role_permission_mapping_model")
|
|
|
|
|
|
|
|
|
|
|
|
if wurp.auth_type == ResourceAuthType.ROLE.value:
|
|
|
|
|
|
if workspace_user_role_mapping_model and role_permission_mapping_model:
|
|
|
|
|
|
inner = QuerySet(workspace_user_role_mapping_model).filter(workspace_id=workspace_id, user_id=user_id)
|
|
|
|
|
|
return QuerySet(role_permission_mapping_model).filter(role_id__in=inner,
|
|
|
|
|
|
permission_id=(
|
|
|
|
|
|
auth_target_type + ':READ')).exists()
|
|
|
|
|
|
else:
|
|
|
|
|
|
return False
|
|
|
|
|
|
else:
|
|
|
|
|
|
return wurp.permission_list.__contains__(ResourcePermission.VIEW.value)
|
|
|
|
|
|
|
2025-07-11 13:45:08 +00:00
|
|
|
|
def auth_resource_batch(self, resource_id_list: list):
|
|
|
|
|
|
self.is_valid(raise_exception=True)
|
|
|
|
|
|
auth_target_type = self.data.get('auth_target_type')
|
|
|
|
|
|
workspace_id = self.data.get('workspace_id')
|
|
|
|
|
|
user_id = self.data.get('user_id')
|
|
|
|
|
|
wurp = QuerySet(WorkspaceUserResourcePermission).filter(auth_target_type=auth_target_type,
|
|
|
|
|
|
workspace_id=workspace_id, user_id=user_id).first()
|
|
|
|
|
|
auth_type = wurp.auth_type if wurp else (
|
|
|
|
|
|
ResourceAuthType.RESOURCE_PERMISSION_GROUP if edition == 'CE' else ResourceAuthType.ROLE)
|
|
|
|
|
|
workspace_user_resource_permission = [WorkspaceUserResourcePermission(
|
|
|
|
|
|
target=resource_id,
|
|
|
|
|
|
auth_target_type=auth_target_type,
|
|
|
|
|
|
permission_list=[ResourcePermission.VIEW,
|
|
|
|
|
|
ResourcePermission.MANAGE] if auth_type == ResourceAuthType.RESOURCE_PERMISSION_GROUP else [
|
|
|
|
|
|
ResourcePermissionRole.ROLE],
|
|
|
|
|
|
workspace_id=workspace_id,
|
|
|
|
|
|
user_id=user_id,
|
|
|
|
|
|
auth_type=auth_type
|
|
|
|
|
|
) for resource_id in resource_id_list]
|
|
|
|
|
|
QuerySet(WorkspaceUserResourcePermission).bulk_create(workspace_user_resource_permission)
|
|
|
|
|
|
# 刷新缓存
|
|
|
|
|
|
version = Cache_Version.PERMISSION_LIST.get_version()
|
|
|
|
|
|
key = Cache_Version.PERMISSION_LIST.get_key(user_id=user_id)
|
|
|
|
|
|
cache.delete(key, version=version)
|
|
|
|
|
|
return True
|
|
|
|
|
|
|
2025-10-15 02:44:26 +00:00
|
|
|
|
def auth_resource(self, resource_id: str, is_folder=False):
|
2025-07-03 06:46:55 +00:00
|
|
|
|
self.is_valid(raise_exception=True)
|
2025-07-05 10:06:00 +00:00
|
|
|
|
auth_target_type = self.data.get('auth_target_type')
|
|
|
|
|
|
workspace_id = self.data.get('workspace_id')
|
|
|
|
|
|
user_id = self.data.get('user_id')
|
|
|
|
|
|
wurp = QuerySet(WorkspaceUserResourcePermission).filter(auth_target_type=auth_target_type,
|
2025-07-09 03:03:19 +00:00
|
|
|
|
workspace_id=workspace_id, user_id=user_id).first()
|
2025-07-08 02:56:24 +00:00
|
|
|
|
auth_type = wurp.auth_type if wurp else (
|
|
|
|
|
|
ResourceAuthType.RESOURCE_PERMISSION_GROUP if edition == 'CE' else ResourceAuthType.ROLE)
|
2025-07-05 10:06:00 +00:00
|
|
|
|
# 自动授权给创建者
|
|
|
|
|
|
WorkspaceUserResourcePermission(
|
|
|
|
|
|
target=resource_id,
|
|
|
|
|
|
auth_target_type=auth_target_type,
|
|
|
|
|
|
permission_list=[ResourcePermission.VIEW,
|
2025-10-15 02:44:26 +00:00
|
|
|
|
ResourcePermission.MANAGE] if (
|
2025-10-21 02:16:18 +00:00
|
|
|
|
auth_type == ResourceAuthType.RESOURCE_PERMISSION_GROUP or is_folder) else [
|
2025-07-05 10:06:00 +00:00
|
|
|
|
ResourcePermissionRole.ROLE],
|
|
|
|
|
|
workspace_id=workspace_id,
|
|
|
|
|
|
user_id=user_id,
|
2025-10-15 02:44:26 +00:00
|
|
|
|
auth_type=ResourceAuthType.RESOURCE_PERMISSION_GROUP if is_folder else auth_type
|
2025-07-05 10:06:00 +00:00
|
|
|
|
).save()
|
|
|
|
|
|
# 刷新缓存
|
|
|
|
|
|
version = Cache_Version.PERMISSION_LIST.get_version()
|
|
|
|
|
|
key = Cache_Version.PERMISSION_LIST.get_key(user_id=user_id)
|
|
|
|
|
|
cache.delete(key, version=version)
|
2025-07-03 06:46:55 +00:00
|
|
|
|
return True
|
|
|
|
|
|
|
2025-08-13 02:09:42 +00:00
|
|
|
|
def list(self, instance, user, with_valid=True):
|
2025-05-06 10:35:11 +00:00
|
|
|
|
if with_valid:
|
|
|
|
|
|
self.is_valid(raise_exception=True)
|
2025-08-13 02:09:42 +00:00
|
|
|
|
UserResourcePermissionUserListRequest(data=instance).is_valid(raise_exception=True)
|
2025-05-06 10:35:11 +00:00
|
|
|
|
workspace_id = self.data.get("workspace_id")
|
2025-06-04 05:05:39 +00:00
|
|
|
|
user_id = self.data.get("user_id")
|
2025-05-06 10:35:11 +00:00
|
|
|
|
# 用户权限列表
|
2025-08-13 02:09:42 +00:00
|
|
|
|
user_resource_permission_list = native_search(self.get_queryset(instance), get_file_content(
|
2025-06-27 14:22:52 +00:00
|
|
|
|
os.path.join(PROJECT_DIR, "apps", "system_manage", 'sql', sql_map.get(self.data.get('auth_target_type')))))
|
2025-08-13 02:09:42 +00:00
|
|
|
|
|
|
|
|
|
|
return [{**user_resource_permission}
|
2025-08-14 08:08:36 +00:00
|
|
|
|
for user_resource_permission in user_resource_permission_list]
|
2025-08-13 02:09:42 +00:00
|
|
|
|
|
2025-08-14 08:08:36 +00:00
|
|
|
|
def page(self, instance, current_page: int, page_size: int, user, with_valid=True):
|
2025-08-13 02:09:42 +00:00
|
|
|
|
if with_valid:
|
|
|
|
|
|
self.is_valid(raise_exception=True)
|
|
|
|
|
|
UserResourcePermissionUserListRequest(data=instance).is_valid(raise_exception=True)
|
|
|
|
|
|
workspace_id = self.data.get("workspace_id")
|
|
|
|
|
|
user_id = self.data.get("user_id")
|
|
|
|
|
|
# 用户对应的资源权限分页列表
|
2025-08-14 08:08:36 +00:00
|
|
|
|
user_resource_permission_page_list = native_page_search(current_page, page_size, self.get_queryset(instance),
|
|
|
|
|
|
get_file_content(
|
|
|
|
|
|
os.path.join(PROJECT_DIR, "apps", "system_manage",
|
|
|
|
|
|
'sql', sql_map.get(
|
|
|
|
|
|
self.data.get('auth_target_type')))
|
|
|
|
|
|
))
|
2025-08-13 02:09:42 +00:00
|
|
|
|
|
|
|
|
|
|
return user_resource_permission_page_list
|
|
|
|
|
|
|
2025-05-06 10:35:11 +00:00
|
|
|
|
def edit(self, instance, user, with_valid=True):
|
|
|
|
|
|
if with_valid:
|
|
|
|
|
|
self.is_valid(raise_exception=True)
|
2025-08-14 08:08:36 +00:00
|
|
|
|
UpdateUserResourcePermissionRequest(data={'user_resource_permission_list': instance}).is_valid(
|
|
|
|
|
|
raise_exception=True,
|
|
|
|
|
|
auth_target_type=self.data.get(
|
|
|
|
|
|
'auth_target_type'),
|
|
|
|
|
|
workspace_id=self.data.get('workspace_id'))
|
2025-05-06 10:35:11 +00:00
|
|
|
|
workspace_id = self.data.get("workspace_id")
|
2025-06-04 05:05:39 +00:00
|
|
|
|
user_id = self.data.get("user_id")
|
2025-05-06 10:35:11 +00:00
|
|
|
|
update_list = []
|
|
|
|
|
|
save_list = []
|
2025-08-14 08:08:36 +00:00
|
|
|
|
targets = [item['target_id'] for item in instance]
|
2025-07-14 10:24:46 +00:00
|
|
|
|
QuerySet(WorkspaceUserResourcePermission).filter(
|
2025-08-13 02:09:42 +00:00
|
|
|
|
workspace_id=workspace_id,
|
|
|
|
|
|
user_id=user_id,
|
|
|
|
|
|
auth_target_type=self.data.get('auth_target_type'),
|
|
|
|
|
|
target__in=targets
|
|
|
|
|
|
).delete()
|
2025-07-14 10:24:46 +00:00
|
|
|
|
workspace_user_resource_permission_exist_list = []
|
2025-08-13 02:09:42 +00:00
|
|
|
|
for user_resource_permission in instance:
|
|
|
|
|
|
permission = user_resource_permission['permission']
|
|
|
|
|
|
auth_type, permission_list = permission_map[permission]
|
2025-05-06 10:35:11 +00:00
|
|
|
|
exist_list = [user_resource_permission_exist for user_resource_permission_exist in
|
|
|
|
|
|
workspace_user_resource_permission_exist_list if
|
|
|
|
|
|
user_resource_permission.get('target_id') == str(user_resource_permission_exist.target)]
|
|
|
|
|
|
if len(exist_list) > 0:
|
|
|
|
|
|
exist_list[0].permission_list = [key for key in user_resource_permission.get('permission').keys() if
|
|
|
|
|
|
user_resource_permission.get('permission').get(key)]
|
2025-06-24 06:09:57 +00:00
|
|
|
|
exist_list[0].auth_type = user_resource_permission.get('auth_type')
|
2025-05-06 10:35:11 +00:00
|
|
|
|
update_list.append(exist_list[0])
|
|
|
|
|
|
else:
|
|
|
|
|
|
save_list.append(WorkspaceUserResourcePermission(target=user_resource_permission.get('target_id'),
|
2025-06-27 14:22:52 +00:00
|
|
|
|
auth_target_type=self.data.get('auth_target_type'),
|
2025-08-13 02:09:42 +00:00
|
|
|
|
permission_list=permission_list,
|
2025-05-06 10:35:11 +00:00
|
|
|
|
workspace_id=workspace_id,
|
2025-06-04 05:05:39 +00:00
|
|
|
|
user_id=user_id,
|
2025-08-13 02:09:42 +00:00
|
|
|
|
auth_type=auth_type))
|
2025-05-06 10:35:11 +00:00
|
|
|
|
# 批量更新
|
2025-06-24 06:09:57 +00:00
|
|
|
|
QuerySet(WorkspaceUserResourcePermission).bulk_update(update_list, ['permission_list', 'auth_type']) if len(
|
2025-05-06 10:35:11 +00:00
|
|
|
|
update_list) > 0 else None
|
|
|
|
|
|
# 批量插入
|
|
|
|
|
|
QuerySet(WorkspaceUserResourcePermission).bulk_create(save_list) if len(save_list) > 0 else None
|
|
|
|
|
|
version = Cache_Version.PERMISSION_LIST.get_version()
|
2025-06-04 05:05:39 +00:00
|
|
|
|
key = Cache_Version.PERMISSION_LIST.get_key(user_id=user_id)
|
2025-05-06 10:35:11 +00:00
|
|
|
|
cache.delete(key, version=version)
|
2025-08-13 02:09:42 +00:00
|
|
|
|
return instance
|
2025-08-11 07:51:34 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class ResourceUserPermissionUserListRequest(serializers.Serializer):
|
|
|
|
|
|
nick_name = serializers.CharField(required=False, allow_null=True, allow_blank=True, label=_('workspace id'))
|
|
|
|
|
|
username = serializers.CharField(required=False, allow_null=True, allow_blank=True, label=_('workspace id'))
|
2025-08-14 08:08:36 +00:00
|
|
|
|
permission = serializers.MultipleChoiceField(required=False, allow_null=True, allow_blank=True,
|
|
|
|
|
|
choices=['NOT_AUTH', 'MANAGE', 'VIEW', 'ROLE'],
|
|
|
|
|
|
label=_('permission'))
|
2025-08-11 07:51:34 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class ResourceUserPermissionEditRequest(serializers.Serializer):
|
|
|
|
|
|
user_id = serializers.CharField(required=True, label=_('workspace id'))
|
|
|
|
|
|
permission = serializers.ChoiceField(required=True, choices=['NOT_AUTH', 'MANAGE', 'VIEW', 'ROLE'],
|
2025-08-21 06:09:45 +00:00
|
|
|
|
label=_('permission'))
|
2025-08-11 07:51:34 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
permission_map = {
|
|
|
|
|
|
"ROLE": ("ROLE", ["ROLE"]),
|
|
|
|
|
|
"MANAGE": ("RESOURCE_PERMISSION_GROUP", ["MANAGE", "VIEW"]),
|
|
|
|
|
|
"VIEW": ("RESOURCE_PERMISSION_GROUP", ["VIEW"]),
|
|
|
|
|
|
"NOT_AUTH": ("RESOURCE_PERMISSION_GROUP", []),
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class ResourceUserPermissionSerializer(serializers.Serializer):
|
|
|
|
|
|
workspace_id = serializers.CharField(required=True, label=_('workspace id'))
|
|
|
|
|
|
target = serializers.CharField(required=True, label=_('resource id'))
|
|
|
|
|
|
auth_target_type = serializers.CharField(required=True, label=_('resource'))
|
|
|
|
|
|
users_permission = ResourceUserPermissionEditRequest(required=False, many=True, label=_('users_permission'))
|
|
|
|
|
|
|
2025-10-21 02:16:18 +00:00
|
|
|
|
RESOURCE_MODEL_MAP = {
|
|
|
|
|
|
'APPLICATION': Application,
|
|
|
|
|
|
'KNOWLEDGE': Knowledge,
|
|
|
|
|
|
'TOOL': Tool
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2025-10-27 08:35:47 +00:00
|
|
|
|
def get_queryset(self, instance, is_x_pack_ee: bool):
|
2025-08-11 07:51:34 +00:00
|
|
|
|
|
|
|
|
|
|
user_query_set = QuerySet(model=get_dynamics_model({
|
|
|
|
|
|
'nick_name': models.CharField(),
|
|
|
|
|
|
'username': models.CharField(),
|
2025-08-21 06:09:45 +00:00
|
|
|
|
"permission": models.CharField(),
|
2025-10-27 08:35:47 +00:00
|
|
|
|
"u.id": models.UUIDField(),
|
|
|
|
|
|
"role": models.CharField(),
|
|
|
|
|
|
"role_setting.type": models.CharField(),
|
|
|
|
|
|
"user_role_relation.workspace_id": models.CharField(),
|
|
|
|
|
|
|
2025-08-11 07:51:34 +00:00
|
|
|
|
}))
|
|
|
|
|
|
nick_name = instance.get('nick_name')
|
|
|
|
|
|
username = instance.get('username')
|
|
|
|
|
|
permission = instance.get('permission')
|
2025-08-14 08:08:36 +00:00
|
|
|
|
query_p_list = [None if p == "NOT_AUTH" else p for p in permission]
|
|
|
|
|
|
|
2025-08-11 07:51:34 +00:00
|
|
|
|
workspace_user_resource_permission_query_set = QuerySet(WorkspaceUserResourcePermission).filter(
|
|
|
|
|
|
workspace_id=self.data.get('workspace_id'),
|
|
|
|
|
|
auth_target_type=self.data.get('auth_target_type'),
|
|
|
|
|
|
target=self.data.get('target'))
|
|
|
|
|
|
if nick_name:
|
|
|
|
|
|
user_query_set = user_query_set.filter(nick_name__contains=nick_name)
|
|
|
|
|
|
if username:
|
|
|
|
|
|
user_query_set = user_query_set.filter(username__contains=username)
|
|
|
|
|
|
if permission:
|
2025-08-14 08:08:36 +00:00
|
|
|
|
if all([p is None for p in query_p_list]):
|
|
|
|
|
|
user_query_set = user_query_set.filter(
|
|
|
|
|
|
permission=None)
|
|
|
|
|
|
else:
|
|
|
|
|
|
if any([p is None for p in query_p_list]):
|
|
|
|
|
|
user_query_set = user_query_set.filter(
|
|
|
|
|
|
Q(permission__in=query_p_list) | Q(permission=None))
|
|
|
|
|
|
else:
|
|
|
|
|
|
user_query_set = user_query_set.filter(
|
|
|
|
|
|
permission__in=query_p_list)
|
2025-08-21 06:09:45 +00:00
|
|
|
|
workspace_user_role_mapping_model = DatabaseModelManage.get_model("workspace_user_role_mapping")
|
|
|
|
|
|
if workspace_user_role_mapping_model:
|
2025-10-15 02:44:26 +00:00
|
|
|
|
user_query_set = user_query_set.filter(
|
2025-10-27 08:35:47 +00:00
|
|
|
|
**{"u.id__in": QuerySet(workspace_user_role_mapping_model).filter(
|
|
|
|
|
|
workspace_id=self.data.get('workspace_id')).values("user_id")})
|
|
|
|
|
|
if is_x_pack_ee:
|
|
|
|
|
|
user_query_set = user_query_set.filter(
|
|
|
|
|
|
**{'role_setting.type': "USER", 'user_role_relation.workspace_id': self.data.get('workspace_id')})
|
|
|
|
|
|
else:
|
|
|
|
|
|
user_query_set = user_query_set.filter(
|
|
|
|
|
|
**{'role': "USER"})
|
2025-08-11 07:51:34 +00:00
|
|
|
|
return {
|
|
|
|
|
|
'workspace_user_resource_permission_query_set': workspace_user_resource_permission_query_set,
|
|
|
|
|
|
'user_query_set': user_query_set
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
def list(self, instance, with_valid=True):
|
|
|
|
|
|
if with_valid:
|
|
|
|
|
|
self.is_valid(raise_exception=True)
|
|
|
|
|
|
ResourceUserPermissionUserListRequest(data=instance).is_valid(raise_exception=True)
|
2025-10-27 08:35:47 +00:00
|
|
|
|
is_x_pack_ee = self.is_x_pack_ee()
|
2025-08-11 07:51:34 +00:00
|
|
|
|
# 资源的用户授权列表
|
2025-10-27 08:35:47 +00:00
|
|
|
|
resource_user_permission_list = native_search(self.get_queryset(instance, is_x_pack_ee), get_file_content(
|
|
|
|
|
|
os.path.join(PROJECT_DIR, "apps", "system_manage",
|
|
|
|
|
|
'sql',
|
|
|
|
|
|
('get_resource_user_permission_detail_ee.sql' if is_x_pack_ee else
|
|
|
|
|
|
'get_resource_user_permission_detail.sql')
|
|
|
|
|
|
)
|
2025-08-11 07:51:34 +00:00
|
|
|
|
))
|
|
|
|
|
|
return resource_user_permission_list
|
|
|
|
|
|
|
2025-10-27 08:35:47 +00:00
|
|
|
|
@staticmethod
|
|
|
|
|
|
def is_x_pack_ee():
|
|
|
|
|
|
workspace_user_role_mapping_model = DatabaseModelManage.get_model("workspace_user_role_mapping")
|
|
|
|
|
|
role_permission_mapping_model = DatabaseModelManage.get_model("role_permission_mapping_model")
|
|
|
|
|
|
return workspace_user_role_mapping_model is not None and role_permission_mapping_model is not None
|
|
|
|
|
|
|
2025-08-11 07:51:34 +00:00
|
|
|
|
def page(self, instance, current_page: int, page_size: int, with_valid=True):
|
|
|
|
|
|
if with_valid:
|
|
|
|
|
|
self.is_valid(raise_exception=True)
|
|
|
|
|
|
ResourceUserPermissionUserListRequest(data=instance).is_valid(raise_exception=True)
|
|
|
|
|
|
# 分页列表
|
2025-10-27 08:35:47 +00:00
|
|
|
|
is_x_pack_ee = self.is_x_pack_ee()
|
|
|
|
|
|
resource_user_permission_page_list = native_page_search(current_page, page_size,
|
|
|
|
|
|
self.get_queryset(instance, is_x_pack_ee),
|
2025-08-11 07:51:34 +00:00
|
|
|
|
get_file_content(
|
|
|
|
|
|
os.path.join(PROJECT_DIR, "apps", "system_manage",
|
|
|
|
|
|
'sql',
|
2025-10-27 08:35:47 +00:00
|
|
|
|
(
|
|
|
|
|
|
'get_resource_user_permission_detail_ee.sql' if is_x_pack_ee else
|
|
|
|
|
|
'get_resource_user_permission_detail.sql')
|
|
|
|
|
|
)
|
2025-08-11 07:51:34 +00:00
|
|
|
|
))
|
|
|
|
|
|
return resource_user_permission_page_list
|
|
|
|
|
|
|
2025-10-21 02:16:18 +00:00
|
|
|
|
def get_has_manage_permission_resource_under_folders(self, current_user_id, folder_ids):
|
|
|
|
|
|
|
|
|
|
|
|
workspace_id = self.data.get("workspace_id")
|
|
|
|
|
|
auth_target_type = self.data.get("auth_target_type")
|
|
|
|
|
|
workspace_manage = is_workspace_manage(current_user_id, workspace_id)
|
|
|
|
|
|
resource_model = self.RESOURCE_MODEL_MAP[auth_target_type]
|
|
|
|
|
|
|
|
|
|
|
|
if workspace_manage:
|
2025-10-27 08:35:47 +00:00
|
|
|
|
current_user_managed_resources_ids = QuerySet(resource_model).filter(workspace_id=workspace_id,
|
|
|
|
|
|
folder__in=folder_ids).annotate(
|
|
|
|
|
|
id_str=Cast('id', TextField())
|
|
|
|
|
|
).values_list("id_str", flat=True)
|
2025-10-21 02:16:18 +00:00
|
|
|
|
else:
|
|
|
|
|
|
current_user_managed_resources_ids = QuerySet(WorkspaceUserResourcePermission).filter(
|
|
|
|
|
|
workspace_id=workspace_id, user_id=current_user_id, auth_target_type=auth_target_type,
|
|
|
|
|
|
target__in=QuerySet(resource_model).filter(workspace_id=workspace_id, folder__in=folder_ids).annotate(
|
|
|
|
|
|
id_str=Cast('id', TextField())
|
2025-10-27 06:34:35 +00:00
|
|
|
|
).values_list("id_str", flat=True),
|
2025-10-21 02:16:18 +00:00
|
|
|
|
permission_list__contains=['MANAGE']).values_list('target', flat=True)
|
|
|
|
|
|
|
|
|
|
|
|
return current_user_managed_resources_ids
|
|
|
|
|
|
|
|
|
|
|
|
def edit(self, instance, with_valid=True, current_user_id=None):
|
2025-08-11 07:51:34 +00:00
|
|
|
|
if with_valid:
|
|
|
|
|
|
self.is_valid(raise_exception=True)
|
|
|
|
|
|
ResourceUserPermissionEditRequest(data=instance, many=True).is_valid(
|
|
|
|
|
|
raise_exception=True)
|
|
|
|
|
|
|
|
|
|
|
|
workspace_id = self.data.get("workspace_id")
|
|
|
|
|
|
target = self.data.get("target")
|
|
|
|
|
|
auth_target_type = self.data.get("auth_target_type")
|
|
|
|
|
|
users_permission = instance
|
|
|
|
|
|
|
|
|
|
|
|
users_id = [item["user_id"] for item in users_permission]
|
2025-10-21 02:16:18 +00:00
|
|
|
|
include_children = users_permission[0].get('include_children')
|
|
|
|
|
|
folder_ids = users_permission[0].get('folder_ids')
|
2025-08-11 07:51:34 +00:00
|
|
|
|
# 删除已存在的对应的用户在该资源下的权限
|
2025-10-21 02:16:18 +00:00
|
|
|
|
|
|
|
|
|
|
if include_children:
|
|
|
|
|
|
managed_resource_ids = list(
|
|
|
|
|
|
self.get_has_manage_permission_resource_under_folders(current_user_id, folder_ids)) + folder_ids
|
|
|
|
|
|
|
|
|
|
|
|
else:
|
|
|
|
|
|
managed_resource_ids = [target]
|
2025-08-11 07:51:34 +00:00
|
|
|
|
QuerySet(WorkspaceUserResourcePermission).filter(
|
|
|
|
|
|
workspace_id=workspace_id,
|
2025-10-21 02:16:18 +00:00
|
|
|
|
target__in=managed_resource_ids,
|
2025-08-11 07:51:34 +00:00
|
|
|
|
auth_target_type=auth_target_type,
|
|
|
|
|
|
user_id__in=users_id
|
|
|
|
|
|
).delete()
|
|
|
|
|
|
|
2025-10-21 02:16:18 +00:00
|
|
|
|
save_list = [
|
|
|
|
|
|
WorkspaceUserResourcePermission(
|
|
|
|
|
|
target=resource_id,
|
2025-08-11 07:51:34 +00:00
|
|
|
|
auth_target_type=auth_target_type,
|
|
|
|
|
|
workspace_id=workspace_id,
|
2025-10-21 02:16:18 +00:00
|
|
|
|
auth_type=permission_map[item['permission']][0],
|
2025-08-11 07:51:34 +00:00
|
|
|
|
user_id=item["user_id"],
|
2025-10-21 02:16:18 +00:00
|
|
|
|
permission_list=permission_map[item['permission']][1]
|
|
|
|
|
|
)
|
|
|
|
|
|
for resource_id in managed_resource_ids
|
|
|
|
|
|
for item in users_permission
|
|
|
|
|
|
]
|
|
|
|
|
|
|
2025-08-11 07:51:34 +00:00
|
|
|
|
if save_list:
|
|
|
|
|
|
QuerySet(WorkspaceUserResourcePermission).bulk_create(save_list)
|
|
|
|
|
|
|
|
|
|
|
|
version = Cache_Version.PERMISSION_LIST.get_version()
|
|
|
|
|
|
for user_id in users_id:
|
|
|
|
|
|
key = Cache_Version.PERMISSION_LIST.get_key(user_id=user_id)
|
|
|
|
|
|
cache.delete(key, version=version)
|
2025-08-13 02:09:42 +00:00
|
|
|
|
return instance
|