2025-05-06 10:35:11 +00:00
|
|
|
|
# coding=utf-8
|
|
|
|
|
|
"""
|
|
|
|
|
|
@project: MaxKB
|
|
|
|
|
|
@Author:虎虎
|
|
|
|
|
|
@file: workspace_user_resource_permission.py
|
|
|
|
|
|
@date:2025/4/28 16:38
|
|
|
|
|
|
@desc:
|
|
|
|
|
|
"""
|
2025-06-05 06:08:24 +00:00
|
|
|
|
from django.db.models import QuerySet
|
2025-05-06 10:35:11 +00:00
|
|
|
|
from django.utils.translation import gettext_lazy as _
|
|
|
|
|
|
from drf_spectacular.utils import extend_schema
|
|
|
|
|
|
from rest_framework.request import Request
|
|
|
|
|
|
from rest_framework.views import APIView
|
|
|
|
|
|
|
|
|
|
|
|
from common import result
|
|
|
|
|
|
from common.auth import TokenAuth
|
|
|
|
|
|
from common.auth.authentication import has_permissions
|
2025-08-18 08:34:36 +00:00
|
|
|
|
from common.constants.permission_constants import RoleConstants, Permission, Group, Operate, ViewPermission, \
|
|
|
|
|
|
CompareConstants
|
2025-06-05 06:08:24 +00:00
|
|
|
|
from common.log.log import log
|
2025-08-11 07:51:34 +00:00
|
|
|
|
from system_manage.api.user_resource_permission import UserResourcePermissionAPI, EditUserResourcePermissionAPI, \
|
2025-08-13 02:09:42 +00:00
|
|
|
|
ResourceUserPermissionAPI, ResourceUserPermissionPageAPI, ResourceUserPermissionEditAPI, \
|
|
|
|
|
|
UserResourcePermissionPageAPI
|
2025-08-11 07:51:34 +00:00
|
|
|
|
from system_manage.serializers.user_resource_permission import UserResourcePermissionSerializer, \
|
|
|
|
|
|
ResourceUserPermissionSerializer
|
2025-06-05 06:08:24 +00:00
|
|
|
|
from users.models import User
|
|
|
|
|
|
|
2025-05-06 10:35:11 +00:00
|
|
|
|
|
2025-06-05 06:08:24 +00:00
|
|
|
|
def get_user_operation_object(user_id):
|
|
|
|
|
|
user_model = QuerySet(model=User).filter(id=user_id).first()
|
|
|
|
|
|
if user_model is not None:
|
|
|
|
|
|
return {
|
|
|
|
|
|
"name": user_model.username
|
|
|
|
|
|
}
|
|
|
|
|
|
return {}
|
2025-05-06 10:35:11 +00:00
|
|
|
|
|
2025-06-18 09:07:38 +00:00
|
|
|
|
|
2025-05-06 10:35:11 +00:00
|
|
|
|
class WorkSpaceUserResourcePermissionView(APIView):
|
|
|
|
|
|
authentication_classes = [TokenAuth]
|
|
|
|
|
|
|
|
|
|
|
|
@extend_schema(
|
|
|
|
|
|
methods=['GET'],
|
|
|
|
|
|
description=_('Obtain resource authorization list'),
|
2025-05-09 03:29:05 +00:00
|
|
|
|
operation_id=_('Obtain resource authorization list'), # type: ignore
|
2025-05-06 10:35:11 +00:00
|
|
|
|
parameters=UserResourcePermissionAPI.get_parameters(),
|
|
|
|
|
|
responses=UserResourcePermissionAPI.get_response(),
|
2025-05-09 03:29:05 +00:00
|
|
|
|
tags=[_('Resources authorization')] # type: ignore
|
2025-05-06 10:35:11 +00:00
|
|
|
|
)
|
2025-06-27 14:22:52 +00:00
|
|
|
|
@has_permissions(
|
|
|
|
|
|
lambda r, kwargs: Permission(group=Group(kwargs.get('resource') + '_WORKSPACE_USER_RESOURCE_PERMISSION'),
|
|
|
|
|
|
operate=Operate.READ),
|
|
|
|
|
|
RoleConstants.ADMIN, RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
|
|
|
|
|
|
def get(self, request: Request, workspace_id: str, user_id: str, resource: str):
|
2025-05-06 10:35:11 +00:00
|
|
|
|
return result.success(UserResourcePermissionSerializer(
|
2025-06-27 14:22:52 +00:00
|
|
|
|
data={'workspace_id': workspace_id, 'user_id': user_id, 'auth_target_type': resource}
|
2025-08-13 02:09:42 +00:00
|
|
|
|
).list({'name': request.query_params.get('name'),
|
2025-08-14 08:08:36 +00:00
|
|
|
|
'permission': request.query_params.getlist('permission')}, request.user))
|
2025-05-06 10:35:11 +00:00
|
|
|
|
|
|
|
|
|
|
@extend_schema(
|
|
|
|
|
|
methods=['PUT'],
|
|
|
|
|
|
description=_('Modify the resource authorization list'),
|
2025-05-09 03:29:05 +00:00
|
|
|
|
operation_id=_('Modify the resource authorization list'), # type: ignore
|
2025-08-13 02:09:42 +00:00
|
|
|
|
parameters=EditUserResourcePermissionAPI.get_parameters(),
|
2025-05-06 10:35:11 +00:00
|
|
|
|
request=EditUserResourcePermissionAPI.get_request(),
|
2025-08-13 02:09:42 +00:00
|
|
|
|
responses=EditUserResourcePermissionAPI.get_response(),
|
2025-05-09 03:29:05 +00:00
|
|
|
|
tags=[_('Resources authorization')] # type: ignore
|
2025-05-06 10:35:11 +00:00
|
|
|
|
)
|
2025-06-05 06:08:24 +00:00
|
|
|
|
@log(menu='System', operate='Modify the resource authorization list',
|
|
|
|
|
|
get_operation_object=lambda r, k: get_user_operation_object(k.get('user_id'))
|
|
|
|
|
|
)
|
2025-06-27 14:22:52 +00:00
|
|
|
|
@has_permissions(
|
|
|
|
|
|
lambda r, kwargs: Permission(group=Group(kwargs.get('resource') + '_WORKSPACE_USER_RESOURCE_PERMISSION'),
|
|
|
|
|
|
operate=Operate.EDIT),
|
|
|
|
|
|
RoleConstants.ADMIN, RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
|
|
|
|
|
|
def put(self, request: Request, workspace_id: str, user_id: str, resource: str):
|
2025-05-06 10:35:11 +00:00
|
|
|
|
return result.success(UserResourcePermissionSerializer(
|
2025-06-27 14:22:52 +00:00
|
|
|
|
data={'workspace_id': workspace_id, 'user_id': user_id, 'auth_target_type': resource}
|
2025-05-06 10:35:11 +00:00
|
|
|
|
).edit(request.data, request.user))
|
2025-08-11 07:51:34 +00:00
|
|
|
|
|
2025-08-13 02:09:42 +00:00
|
|
|
|
class Page(APIView):
|
|
|
|
|
|
authentication_classes = [TokenAuth]
|
|
|
|
|
|
|
|
|
|
|
|
@extend_schema(
|
|
|
|
|
|
methods=['GET'],
|
|
|
|
|
|
description=_('Obtain resource authorization list by page'),
|
|
|
|
|
|
summary=_('Obtain resource authorization list by page'),
|
|
|
|
|
|
operation_id=_('Obtain resource authorization list by page'), # type: ignore
|
|
|
|
|
|
request=None,
|
|
|
|
|
|
parameters=UserResourcePermissionPageAPI.get_parameters(),
|
|
|
|
|
|
responses=UserResourcePermissionPageAPI.get_response(),
|
|
|
|
|
|
tags=[_('Resources authorization')] # type: ignore
|
|
|
|
|
|
)
|
2025-08-18 06:22:28 +00:00
|
|
|
|
@has_permissions(
|
|
|
|
|
|
lambda r, kwargs: Permission(group=Group(kwargs.get('resource') + '_WORKSPACE_USER_RESOURCE_PERMISSION'),
|
|
|
|
|
|
operate=Operate.READ),
|
|
|
|
|
|
RoleConstants.ADMIN, RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
|
2025-08-13 02:09:42 +00:00
|
|
|
|
def get(self, request: Request, workspace_id: str, user_id: str, resource: str, current_page: str,
|
|
|
|
|
|
page_size: str):
|
|
|
|
|
|
return result.success(UserResourcePermissionSerializer(
|
|
|
|
|
|
data={'workspace_id': workspace_id, 'user_id': user_id, 'auth_target_type': resource}
|
|
|
|
|
|
).page({'name': request.query_params.get('name'),
|
2025-08-14 08:08:36 +00:00
|
|
|
|
'permission': request.query_params.getlist('permission')}, current_page, page_size, request.user))
|
2025-08-13 02:09:42 +00:00
|
|
|
|
|
2025-08-11 07:51:34 +00:00
|
|
|
|
|
|
|
|
|
|
class WorkspaceResourceUserPermissionView(APIView):
|
|
|
|
|
|
authentication_classes = [TokenAuth]
|
|
|
|
|
|
|
|
|
|
|
|
@extend_schema(
|
|
|
|
|
|
methods=['GET'],
|
|
|
|
|
|
description=_('Get user authorization status of resource'),
|
|
|
|
|
|
summary=_('Get user authorization status of resource'),
|
|
|
|
|
|
operation_id=_('Get user authorization status of resource'), # type: ignore
|
|
|
|
|
|
parameters=ResourceUserPermissionAPI.get_parameters(),
|
|
|
|
|
|
responses=ResourceUserPermissionAPI.get_response(),
|
|
|
|
|
|
tags=[_('Resources authorization')] # type: ignore
|
|
|
|
|
|
)
|
2025-08-18 06:22:28 +00:00
|
|
|
|
@has_permissions(
|
2025-08-18 08:34:36 +00:00
|
|
|
|
lambda r, kwargs: Permission(group=Group(kwargs.get('resource')),
|
|
|
|
|
|
operate=Operate.AUTH,
|
|
|
|
|
|
resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}/ROLE/WORKSPACE_MANAGE"),
|
|
|
|
|
|
lambda r, kwargs: Permission(group=Group(kwargs.get('resource')),
|
|
|
|
|
|
operate=Operate.AUTH,
|
|
|
|
|
|
resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}/{kwargs.get('resource')}/{kwargs.get('target')}"),
|
|
|
|
|
|
ViewPermission([RoleConstants.USER.get_workspace_role()],
|
|
|
|
|
|
[lambda r, kwargs: Permission(group=Group(kwargs.get('resource')),
|
|
|
|
|
|
operate=Operate.SELF,
|
|
|
|
|
|
resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}/{kwargs.get('resource')}/{kwargs.get('target')}")],
|
|
|
|
|
|
CompareConstants.AND),
|
|
|
|
|
|
RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
|
2025-08-11 07:51:34 +00:00
|
|
|
|
def get(self, request: Request, workspace_id: str, target: str, resource: str):
|
|
|
|
|
|
return result.success(ResourceUserPermissionSerializer(
|
|
|
|
|
|
data={'workspace_id': workspace_id, "target": target, 'auth_target_type': resource,
|
|
|
|
|
|
}).list(
|
|
|
|
|
|
{'username': request.query_params.get("username"), 'nick_name': request.query_params.get("nick_name"),
|
2025-08-14 08:08:36 +00:00
|
|
|
|
'permission': request.query_params.getlist("permission")
|
2025-08-11 07:51:34 +00:00
|
|
|
|
}))
|
|
|
|
|
|
|
|
|
|
|
|
@extend_schema(
|
|
|
|
|
|
methods=['PUT'],
|
|
|
|
|
|
description=_('Edit user authorization status of resource'),
|
|
|
|
|
|
summary=_('Edit user authorization status of resource'),
|
|
|
|
|
|
operation_id=_('Edit user authorization status of resource'), # type: ignore
|
|
|
|
|
|
parameters=ResourceUserPermissionEditAPI.get_parameters(),
|
|
|
|
|
|
request=ResourceUserPermissionEditAPI.get_request(),
|
|
|
|
|
|
responses=ResourceUserPermissionEditAPI.get_response(),
|
|
|
|
|
|
tags=[_('Resources authorization')] # type: ignore
|
|
|
|
|
|
)
|
2025-08-18 06:22:28 +00:00
|
|
|
|
@log(menu='System', operate='Edit user authorization status of resource',
|
|
|
|
|
|
get_operation_object=lambda r, k: get_user_operation_object(k.get('user_id'))
|
|
|
|
|
|
)
|
|
|
|
|
|
@has_permissions(
|
2025-08-18 08:34:36 +00:00
|
|
|
|
lambda r, kwargs: Permission(group=Group(kwargs.get('resource')),
|
|
|
|
|
|
operate=Operate.AUTH,
|
|
|
|
|
|
resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}/ROLE/WORKSPACE_MANAGE"),
|
|
|
|
|
|
lambda r, kwargs: Permission(group=Group(kwargs.get('resource')),
|
|
|
|
|
|
operate=Operate.AUTH,
|
|
|
|
|
|
resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}/{kwargs.get('resource')}/{kwargs.get('target')}"),
|
|
|
|
|
|
ViewPermission([RoleConstants.USER.get_workspace_role()],
|
|
|
|
|
|
[lambda r, kwargs: Permission(group=Group(kwargs.get('resource')),
|
|
|
|
|
|
operate=Operate.SELF,
|
|
|
|
|
|
resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}/{kwargs.get('resource')}/{kwargs.get('target')}")],
|
|
|
|
|
|
CompareConstants.AND),
|
|
|
|
|
|
RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
|
2025-08-11 07:51:34 +00:00
|
|
|
|
def put(self, request: Request, workspace_id: str, target: str, resource: str):
|
|
|
|
|
|
return result.success(ResourceUserPermissionSerializer(
|
|
|
|
|
|
data={'workspace_id': workspace_id, "target": target, 'auth_target_type': resource, })
|
|
|
|
|
|
.edit(instance=request.data))
|
|
|
|
|
|
|
|
|
|
|
|
class Page(APIView):
|
|
|
|
|
|
authentication_classes = [TokenAuth]
|
|
|
|
|
|
|
|
|
|
|
|
@extend_schema(
|
|
|
|
|
|
methods=['GET'],
|
|
|
|
|
|
description=_('Get user authorization status of resource by page'),
|
|
|
|
|
|
summary=_('Get user authorization status of resource by page'),
|
|
|
|
|
|
operation_id=_('Get user authorization status of resource by page'), # type: ignore
|
|
|
|
|
|
parameters=ResourceUserPermissionPageAPI.get_parameters(),
|
|
|
|
|
|
responses=ResourceUserPermissionPageAPI.get_response(),
|
|
|
|
|
|
tags=[_('Resources authorization')] # type: ignore
|
|
|
|
|
|
)
|
2025-08-18 06:22:28 +00:00
|
|
|
|
@has_permissions(
|
2025-08-18 08:34:36 +00:00
|
|
|
|
lambda r, kwargs: Permission(group=Group(kwargs.get('resource')),
|
|
|
|
|
|
operate=Operate.AUTH,
|
|
|
|
|
|
resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}/ROLE/WORKSPACE_MANAGE"),
|
|
|
|
|
|
lambda r, kwargs: Permission(group=Group(kwargs.get('resource')),
|
|
|
|
|
|
operate=Operate.AUTH,
|
|
|
|
|
|
resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}/{kwargs.get('resource')}/{kwargs.get('target')}"),
|
|
|
|
|
|
ViewPermission([RoleConstants.USER.get_workspace_role()],
|
|
|
|
|
|
[lambda r, kwargs: Permission(group=Group(kwargs.get('resource')),
|
|
|
|
|
|
operate=Operate.SELF,
|
|
|
|
|
|
resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}/{kwargs.get('resource')}/{kwargs.get('target')}")],
|
|
|
|
|
|
CompareConstants.AND),
|
|
|
|
|
|
RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
|
2025-08-11 07:51:34 +00:00
|
|
|
|
def get(self, request: Request, workspace_id: str, target: str, resource: str, current_page: int,
|
|
|
|
|
|
page_size: int):
|
|
|
|
|
|
return result.success(ResourceUserPermissionSerializer(
|
|
|
|
|
|
data={'workspace_id': workspace_id, "target": target, 'auth_target_type': resource, }
|
|
|
|
|
|
).page({'username': request.query_params.get("username"),
|
2025-08-13 02:09:42 +00:00
|
|
|
|
'nick_name': request.query_params.get("nick_name"),
|
2025-08-14 08:08:36 +00:00
|
|
|
|
'permission': request.query_params.getlist("permission")}, current_page, page_size,
|
2025-08-11 07:51:34 +00:00
|
|
|
|
))
|
