UnisKB/apps/common/constants/permission_constants.py

395 lines
14 KiB
Python
Raw Normal View History

2025-04-14 12:11:23 +00:00
"""
@project: qabot
@Author虎虎
@file permission_constants.py
@date2023/9/13 18:23
@desc: 权限,角色 常量
"""
from enum import Enum
from functools import reduce
2025-04-14 12:11:23 +00:00
from typing import List
from django.db import models
2025-04-14 12:11:23 +00:00
class Group(Enum):
"""
权限组 一个组一般对应前端一个菜单
"""
USER = "USER"
2025-04-16 12:09:00 +00:00
APPLICATION = "APPLICATION"
KNOWLEDGE = "KNOWLEDGE"
KNOWLEDGE_DOCUMENT = "KNOWLEDGE_DOCUMENT"
KNOWLEDGE_PARAGRAPH = "KNOWLEDGE_PARAGRAPH"
KNOWLEDGE_PROBLEM = "KNOWLEDGE_PROBLEM"
2025-04-17 10:05:31 +00:00
MODEL = "MODEL"
TOOL = "TOOL"
2025-05-06 10:35:11 +00:00
WORKSPACE_USER_RESOURCE_PERMISSION = "WORKSPACE_USER_RESOURCE_PERMISSION"
2025-04-14 12:11:23 +00:00
class Operate(Enum):
"""
一个权限组的操作权限
"""
READ = 'READ'
EDIT = "EDIT"
CREATE = "CREATE"
DELETE = "DELETE"
2025-04-15 12:37:38 +00:00
"""
使用权限
"""
USE = "USE"
2025-04-14 12:11:23 +00:00
class RoleGroup(Enum):
# 系统用户
SYSTEM_USER = "SYSTEM_USER"
# 对话用户
CHAT_USER = "CHAT_USER"
class ResourcePermissionRole(models.TextChoices):
"""
资源权限根据角色
"""
ROLE = "ROLE"
def __eq__(self, other):
return str(self) == str(other)
class ResourcePermissionGroup(models.TextChoices):
"""
资源权限组
"""
# 查看
VIEW = "VIEW"
# 管理
MANAGE = "MANAGE"
def __eq__(self, other):
return str(self) == str(other)
class ResourceAuthType(models.TextChoices):
"""
资源授权类型
"""
"当授权类型是Role时候"
ROLE = "ROLE"
"""资源权限组"""
RESOURCE_PERMISSION_GROUP = "RESOURCE_PERMISSION_GROUP"
2025-04-14 12:11:23 +00:00
class Role:
2025-04-16 12:09:00 +00:00
def __init__(self, name: str, decs: str, group: RoleGroup, resource_path=None):
2025-04-14 12:11:23 +00:00
self.name = name
self.decs = decs
self.group = group
2025-04-16 12:09:00 +00:00
self.resource_path = resource_path
def __str__(self):
return self.name + (
(":" + self.resource_path) if self.resource_path is not None else '')
def __eq__(self, other):
return str(self) == str(other)
2025-04-14 12:11:23 +00:00
class RoleConstants(Enum):
2025-04-15 12:37:38 +00:00
ADMIN = Role("ADMIN", '超级管理员', RoleGroup.SYSTEM_USER)
WORKSPACE_MANAGE = Role("WORKSPACE_MANAGE", '工作空间管理员', RoleGroup.SYSTEM_USER)
USER = Role("USER", '普通用户', RoleGroup.SYSTEM_USER)
2025-04-14 12:11:23 +00:00
2025-04-16 12:09:00 +00:00
def get_workspace_role(self):
return lambda r, kwargs: Role(name=self.value.name,
decs=self.value.decs,
group=self.value.group,
resource_path=
f"/WORKSPACE/{kwargs.get('workspace_id')}")
2025-04-14 12:11:23 +00:00
class Permission:
"""
权限信息
"""
def __init__(self, group: Group, operate: Operate, resource_path=None, role_list=None,
resource_permission_group_list=None):
2025-04-15 12:37:38 +00:00
if role_list is None:
role_list = []
if resource_permission_group_list is None:
resource_permission_group_list = []
2025-04-14 12:11:23 +00:00
self.group = group
self.operate = operate
2025-04-16 12:09:00 +00:00
self.resource_path = resource_path
2025-04-15 12:37:38 +00:00
# 用于获取角色与权限的关系,只适用于没有权限管理的
self.role_list = role_list
# 用于资源权限权限分组
self.resource_permission_group_list = resource_permission_group_list
2025-04-15 12:37:38 +00:00
@staticmethod
def new_instance(permission_str: str):
permission_split = permission_str.split(":")
group = Group[permission_split[0]]
operate = Operate[permission_split[2]]
if len(permission_split) > 2:
dynamic_tag = ":".join(permission_split[2:])
return Permission(group, operate, dynamic_tag)
return Permission(group, operate)
2025-04-14 12:11:23 +00:00
def __str__(self):
return self.group.value + ":" + self.operate.value + (
2025-04-16 12:09:00 +00:00
(":" + self.resource_path) if self.resource_path is not None else '')
2025-04-14 12:11:23 +00:00
def __eq__(self, other):
return str(self) == str(other)
class PermissionConstants(Enum):
"""
权限枚举
"""
USER_READ = Permission(
group=Group.USER, operate=Operate.READ, role_list=[RoleConstants.ADMIN, RoleConstants.USER]
)
USER_CREATE = Permission(
group=Group.USER, operate=Operate.CREATE, role_list=[RoleConstants.ADMIN]
)
USER_EDIT = Permission(
group=Group.USER, operate=Operate.EDIT, role_list=[RoleConstants.ADMIN]
)
USER_DELETE = Permission(
group=Group.USER, operate=Operate.DELETE, role_list=[RoleConstants.ADMIN]
)
MODEL_CREATE = Permission(
group=Group.MODEL, operate=Operate.CREATE, role_list=[RoleConstants.ADMIN, RoleConstants.USER]
)
MODEL_READ = Permission(
group=Group.MODEL, operate=Operate.READ, role_list=[RoleConstants.ADMIN, RoleConstants.USER]
)
MODEL_EDIT = Permission(
group=Group.MODEL, operate=Operate.EDIT, role_list=[RoleConstants.ADMIN, RoleConstants.USER]
)
MODEL_DELETE = Permission(
group=Group.MODEL, operate=Operate.DELETE, role_list=[RoleConstants.ADMIN, RoleConstants.USER]
)
TOOL_FOLDER_CREATE = Permission(
group=Group.TOOL, operate=Operate.CREATE, role_list=[RoleConstants.ADMIN, RoleConstants.USER]
)
TOOL_FOLDER_READ = Permission(
group=Group.TOOL, operate=Operate.READ, role_list=[RoleConstants.ADMIN, RoleConstants.USER]
)
TOOL_FOLDER_EDIT = Permission(
group=Group.TOOL, operate=Operate.EDIT, role_list=[RoleConstants.ADMIN, RoleConstants.USER]
)
TOOL_FOLDER_DELETE = Permission(
group=Group.TOOL, operate=Operate.DELETE, role_list=[RoleConstants.ADMIN, RoleConstants.USER]
)
TOOL_CREATE = Permission(
group=Group.TOOL, operate=Operate.CREATE, role_list=[RoleConstants.ADMIN, RoleConstants.USER]
)
TOOL_EDIT = Permission(
group=Group.TOOL, operate=Operate.EDIT, role_list=[RoleConstants.ADMIN, RoleConstants.USER]
)
TOOL_READ = Permission(
group=Group.TOOL, operate=Operate.READ, role_list=[RoleConstants.ADMIN, RoleConstants.USER]
)
TOOL_DELETE = Permission(
group=Group.TOOL, operate=Operate.DELETE, role_list=[RoleConstants.ADMIN, RoleConstants.USER]
)
TOOL_DEBUG = Permission(
group=Group.TOOL, operate=Operate.USE, role_list=[RoleConstants.ADMIN, RoleConstants.USER]
)
TOOL_IMPORT = Permission(
group=Group.TOOL, operate=Operate.USE, role_list=[RoleConstants.ADMIN, RoleConstants.USER]
)
TOOL_EXPORT = Permission(
group=Group.TOOL, operate=Operate.USE, role_list=[RoleConstants.ADMIN, RoleConstants.USER]
)
KNOWLEDGE_FOLDER_CREATE = Permission(
group=Group.KNOWLEDGE, operate=Operate.CREATE, role_list=[RoleConstants.ADMIN, RoleConstants.USER]
)
KNOWLEDGE_FOLDER_READ = Permission(
group=Group.KNOWLEDGE, operate=Operate.READ, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
resource_permission_group_list=[ResourcePermissionGroup.VIEW]
)
KNOWLEDGE_FOLDER_EDIT = Permission(
group=Group.KNOWLEDGE, operate=Operate.EDIT, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
resource_permission_group_list=[ResourcePermissionGroup.MANAGE]
)
KNOWLEDGE_FOLDER_DELETE = Permission(
group=Group.KNOWLEDGE, operate=Operate.DELETE, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
resource_permission_group_list=[ResourcePermissionGroup.MANAGE]
)
KNOWLEDGE_READ = Permission(
group=Group.KNOWLEDGE, operate=Operate.READ, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
resource_permission_group_list=[ResourcePermissionGroup.VIEW]
)
KNOWLEDGE_CREATE = Permission(
group=Group.KNOWLEDGE, operate=Operate.CREATE, role_list=[RoleConstants.ADMIN, RoleConstants.USER]
)
KNOWLEDGE_EDIT = Permission(
group=Group.KNOWLEDGE, operate=Operate.EDIT, role_list=[RoleConstants.ADMIN, RoleConstants.USER]
)
KNOWLEDGE_DELETE = Permission(
group=Group.KNOWLEDGE, operate=Operate.DELETE, role_list=[RoleConstants.ADMIN, RoleConstants.USER]
)
KNOWLEDGE_DOCUMENT_READ = Permission(
group=Group.KNOWLEDGE_DOCUMENT, operate=Operate.READ,
role_list=[RoleConstants.ADMIN, RoleConstants.USER]
)
KNOWLEDGE_DOCUMENT_CREATE = Permission(
group=Group.KNOWLEDGE_DOCUMENT, operate=Operate.CREATE,
role_list=[RoleConstants.ADMIN, RoleConstants.USER]
)
KNOWLEDGE_DOCUMENT_EDIT = Permission(
group=Group.KNOWLEDGE_DOCUMENT, operate=Operate.EDIT, role_list=[RoleConstants.ADMIN, RoleConstants.USER]
)
KNOWLEDGE_DOCUMENT_DELETE = Permission(
group=Group.KNOWLEDGE_DOCUMENT, operate=Operate.DELETE, role_list=[RoleConstants.ADMIN, RoleConstants.USER]
)
KNOWLEDGE_PARAGRAPH_READ = Permission(
group=Group.KNOWLEDGE_PARAGRAPH, operate=Operate.READ,
role_list=[RoleConstants.ADMIN, RoleConstants.USER]
)
KNOWLEDGE_PARAGRAPH_CREATE = Permission(
group=Group.KNOWLEDGE_PARAGRAPH, operate=Operate.CREATE,
role_list=[RoleConstants.ADMIN, RoleConstants.USER]
)
KNOWLEDGE_PARAGRAPH_EDIT = Permission(
group=Group.KNOWLEDGE_PARAGRAPH, operate=Operate.EDIT, role_list=[RoleConstants.ADMIN, RoleConstants.USER]
)
KNOWLEDGE_PARAGRAPH_DELETE = Permission(
group=Group.KNOWLEDGE_PARAGRAPH, operate=Operate.DELETE, role_list=[RoleConstants.ADMIN, RoleConstants.USER]
)
KNOWLEDGE_PROBLEM_READ = Permission(
group=Group.KNOWLEDGE_PROBLEM, operate=Operate.READ,
role_list=[RoleConstants.ADMIN, RoleConstants.USER]
)
KNOWLEDGE_PROBLEM_CREATE = Permission(
group=Group.KNOWLEDGE_PROBLEM, operate=Operate.CREATE,
role_list=[RoleConstants.ADMIN, RoleConstants.USER]
)
KNOWLEDGE_PROBLEM_EDIT = Permission(
group=Group.KNOWLEDGE_PROBLEM, operate=Operate.EDIT, role_list=[RoleConstants.ADMIN, RoleConstants.USER]
)
KNOWLEDGE_PROBLEM_DELETE = Permission(
group=Group.KNOWLEDGE_PROBLEM, operate=Operate.DELETE, role_list=[RoleConstants.ADMIN, RoleConstants.USER]
)
WORKSPACE_USER_RESOURCE_PERMISSION_READ = Permission(
group=Group.WORKSPACE_USER_RESOURCE_PERMISSION, operate=Operate.READ,
role_list=[RoleConstants.ADMIN, RoleConstants.WORKSPACE_MANAGE]
)
EMAIL_SETTING_READ = Permission(
group=Group.USER, operate=Operate.READ, role_list=[RoleConstants.ADMIN]
)
EMAIL_SETTING_EDIT = Permission(
group=Group.USER, operate=Operate.EDIT, role_list=[RoleConstants.ADMIN]
)
2025-05-07 10:09:45 +00:00
2025-04-16 12:09:00 +00:00
def get_workspace_application_permission(self):
return lambda r, kwargs: Permission(group=self.value.group, operate=self.value.operate,
resource_path=
f"/WORKSPACE/{kwargs.get('workspace_id')}/APPLICATION/{kwargs.get('application_id')}")
def get_workspace_knowledge_permission(self):
return lambda r, kwargs: Permission(group=self.value.group, operate=self.value.operate,
resource_path=
f"/WORKSPACE/{kwargs.get('workspace_id')}/KNOWLEDGE/{kwargs.get('knowledge_id')}")
def get_workspace_permission(self):
return lambda r, kwargs: Permission(group=self.value.group, operate=self.value.operate,
resource_path=
f"/WORKSPACE/{kwargs.get('workspace_id')}")
def __eq__(self, other):
if isinstance(other, PermissionConstants):
return other == self
else:
return self.value == other
2025-04-14 12:11:23 +00:00
2025-04-15 12:37:38 +00:00
def get_default_permission_list_by_role(role: RoleConstants):
2025-04-14 12:11:23 +00:00
"""
根据角色 获取角色对应的权限
:param role: 角色
:return: 权限
"""
return list(map(lambda k: PermissionConstants[k],
2025-04-15 12:37:38 +00:00
list(filter(lambda k: PermissionConstants[k].value.role_list.__contains__(role),
2025-04-14 12:11:23 +00:00
PermissionConstants.__members__))))
class RolePermissionMapping:
def __init__(self, role_id, permission_id):
self.role_id = role_id
self.permission_id = permission_id
class WorkspaceUserRoleMapping:
def __init__(self, workspace_id, role_id, user_id):
self.workspace_id = workspace_id
self.role_id = role_id
self.user_id = user_id
def get_default_role_permission_mapping_list():
role_permission_mapping_list = [
[RolePermissionMapping(role.value.name, PermissionConstants[k].value.__str__()) for role in
PermissionConstants[k].value.role_list] for k in PermissionConstants.__members__]
return reduce(lambda x, y: [*x, *y], role_permission_mapping_list, [])
def get_default_workspace_user_role_mapping_list(user_role_list: list):
return [WorkspaceUserRoleMapping('default', role.value.name, 'default') for role in RoleConstants if
user_role_list.__contains__(role.value.name)]
def get_permission_list_by_resource_group(resource_group: ResourcePermissionGroup):
"""
根据资源组获取权限
"""
return [PermissionConstants[k] for k in PermissionConstants.__members__ if
PermissionConstants[k].value.resource_permission_group_list.__contains__(resource_group)]
2025-04-14 12:11:23 +00:00
class Auth:
"""
用于存储当前用户的角色和权限
"""
2025-04-15 12:37:38 +00:00
def __init__(self,
current_role_list: List[Role],
permission_list: List[PermissionConstants | Permission],
**keywords):
# 权限列表
2025-04-14 12:11:23 +00:00
self.permission_list = permission_list
# 角色列表
self.role_list = current_role_list
2025-04-14 12:11:23 +00:00
self.keywords = keywords
class CompareConstants(Enum):
# 或者
OR = "OR"
# 并且
AND = "AND"
class ViewPermission:
def __init__(self, roleList: List[RoleConstants], permissionList: List[PermissionConstants | object],
compare=CompareConstants.OR):
self.roleList = roleList
self.permissionList = permissionList
self.compare = compare