fix: System common user permission by role

zhanweizhang7 · zhanweizhang7 · commit 97269d5445de · 2025-07-03T18:21:57.000+08:00
diff --git a/apps/common/auth/authentication.py b/apps/common/auth/authentication.py
@@ -48,7 +48,11 @@ def exist_permissions_by_view_permission(user_role: List[RoleConstants],
     :param permission:       所属权限
     :return:                 是否存在 True False
     """
-    role_ok = any(list(map(lambda ur: permission.roleList.__contains__(ur), user_role)))
+
+    role_list =  [user_r(request, kwargs) if callable(user_r) else user_r for user_r in
+     permission.roleList]
+    role_ok = any(list(map(lambda up: role_list.__contains__(up),
+                                 role_list)))
     permission_list = [user_p(request, kwargs) if callable(user_p) else user_p for user_p in
                        permission.permissionList
                        ]
diff --git a/apps/common/constants/permission_constants.py b/apps/common/constants/permission_constants.py
@@ -396,7 +396,9 @@ def new_instance(permission_str: str):
         return Permission(group, operate)
 
     def __str__(self):
-        return self.group.value + ":" + self.operate.value + (
+
+        return self.group.value + (
+            (":" + self.operate.value) if self.operate.value else '') + (
             (":" + self.resource_path) if self.resource_path is not None else '')
 
     def __eq__(self, other):
@@ -1326,12 +1328,12 @@ def get_workspace_knowledge_permission(self):
     def get_workspace_model_permission(self):
         return lambda r, kwargs: Permission(group=self.value.group, operate=self.value.operate,
                                             resource_path=
-                                            f"/WORKSPACE/{kwargs.get('workspace_id')}/MODEL/{kwargs.get('knowledge_id')}")
+                                            f"/WORKSPACE/{kwargs.get('workspace_id')}/MODEL/{kwargs.get('model_id')}")
 
     def get_workspace_tool_permission(self):
         return lambda r, kwargs: Permission(group=self.value.group, operate=self.value.operate,
                                             resource_path=
-                                            f"/WORKSPACE/{kwargs.get('workspace_id')}/TOOL/{kwargs.get('knowledge_id')}")
+                                            f"/WORKSPACE/{kwargs.get('workspace_id')}/TOOL/{kwargs.get('tool_id')}")
 
     def get_workspace_permission(self):
         return lambda r, kwargs: Permission(group=self.value.group, operate=self.value.operate,
diff --git a/apps/tools/views/tool.py b/apps/tools/views/tool.py
@@ -104,8 +104,10 @@ class Operate(APIView):
             tags=[_('Tool')]  # type: ignore
         )
         @has_permissions(
-            PermissionConstants.TOOL_EDIT.get_workspace_permission(),PermissionConstants.TOOL_EDIT.get_workspace_permission_workspace_manage_role(),
-            RoleConstants.WORKSPACE_MANAGE.get_workspace_role(), ViewPermission([RoleConstants.USER.get_workspace_role()],
+            PermissionConstants.TOOL_EDIT.get_workspace_permission(),
+            PermissionConstants.TOOL_EDIT.get_workspace_permission_workspace_manage_role(),
+            RoleConstants.WORKSPACE_MANAGE.get_workspace_role(),
+            ViewPermission([RoleConstants.USER.get_workspace_role()],
                                         [PermissionConstants.TOOL.get_workspace_tool_permission()],
                                         CompareConstants.AND),
         )
@@ -261,7 +263,8 @@ class Pylint(APIView):
         @has_permissions(
             PermissionConstants.TOOL_CREATE.get_workspace_permission(),
             PermissionConstants.TOOL_EDIT.get_workspace_permission(),
-            RoleConstants.WORKSPACE_MANAGE.get_workspace_role(), RoleConstants.USER.get_workspace_role()
+            RoleConstants.WORKSPACE_MANAGE.get_workspace_role(),
+            RoleConstants.USER.get_workspace_role()
         )
         def post(self, request: Request, workspace_id: str):
             return result.success(ToolSerializer.Pylint(
