feat: The folder creator manages permissions and the root directory displays all resources

Author: zhanweizhang7

apps/application/serializers/application.py

@@ -333,7 +333,7 @@ def get_query_set(self, instance: Dict, workspace_manage: bool, is_x_pack_ee: bo
             folder_query_set = folder_query_set.filter(workspace_id=workspace_id)
             application_query_set = application_query_set.filter(workspace_id=workspace_id)
         folder_id = instance.get('folder_id')
-        if folder_id is not None:
+        if folder_id is not None and folder_id != workspace_id:
             folder_query_set = folder_query_set.filter(parent=folder_id)
             application_query_set = application_query_set.filter(folder_id=folder_id)
         if name is not None:

apps/folders/serializers/folder.py

@@ -16,6 +16,7 @@
 from knowledge.serializers.knowledge import KnowledgeSerializer
 from knowledge.serializers.knowledge_folder import KnowledgeFolderTreeSerializer
 from system_manage.models import WorkspaceUserResourcePermission
+from system_manage.serializers.user_resource_permission import UserResourcePermissionSerializer
 from tools.models import ToolFolder, Tool
 from tools.serializers.tool import ToolSerializer
 from tools.serializers.tool_folder import ToolFolderTreeSerializer
@@ -139,6 +140,13 @@ def insert(self, instance, with_valid=True):
                 parent_id=parent_id
             )
             folder.save()
+
+            UserResourcePermissionSerializer(data={
+                'workspace_id': self.data.get('workspace_id'),
+                'user_id': self.data.get('user_id'),
+                'auth_target_type': self.data.get('source')
+            }).auth_resource(str(folder.id), is_folder=True)
+
             return FolderSerializer(folder).data
 
     class Operate(serializers.Serializer):

apps/knowledge/serializers/knowledge.py

@@ -148,7 +148,7 @@ def get_query_set(self, workspace_manage, is_x_pack_ee):
             if "workspace_id" in self.data and self.data.get('workspace_id') is not None:
                 query_set = query_set.filter(**{'temp.workspace_id': self.data.get("workspace_id")})
                 folder_query_set = folder_query_set.filter(**{'workspace_id': self.data.get("workspace_id")})
-            if "folder_id" in self.data and self.data.get('folder_id') is not None:
+            if "folder_id" in self.data and self.data.get('folder_id') is not None and self.data.get('workspace_id') != self.data.get('folder_id'):
                 query_set = query_set.filter(**{'temp.folder_id': self.data.get("folder_id")})
                 folder_query_set = folder_query_set.filter(**{'parent_id': self.data.get("folder_id")})
             if "scope" in self.data and self.data.get('scope') is not None:

apps/system_manage/serializers/user_resource_permission.py

@@ -73,7 +73,8 @@ def is_valid(self, *, auth_target_type=None, workspace_id=None, raise_exception=
         illegal_target_id_list = select_list(
             get_file_content(
                 os.path.join(PROJECT_DIR, "apps", "system_manage", 'sql', 'check_member_permission_target_exists.sql')),
-            [json.dumps(user_resource_permission_list), workspace_id, workspace_id, workspace_id, workspace_id,workspace_id,workspace_id,workspace_id])
+            [json.dumps(user_resource_permission_list), workspace_id, workspace_id, workspace_id, workspace_id,
+             workspace_id, workspace_id, workspace_id])
         if illegal_target_id_list is not None and len(illegal_target_id_list) > 0:
             raise AppApiException(500,
                                   _('Non-existent id[') + str(illegal_target_id_list) + ']')
@@ -192,7 +193,7 @@ def auth_resource_batch(self, resource_id_list: list):
         cache.delete(key, version=version)
         return True
 
-    def auth_resource(self, resource_id: str):
+    def auth_resource(self, resource_id: str, is_folder=False):
         self.is_valid(raise_exception=True)
         auth_target_type = self.data.get('auth_target_type')
         workspace_id = self.data.get('workspace_id')
@@ -206,11 +207,12 @@ def auth_resource(self, resource_id: str):
             target=resource_id,
             auth_target_type=auth_target_type,
             permission_list=[ResourcePermission.VIEW,
-                             ResourcePermission.MANAGE] if auth_type == ResourceAuthType.RESOURCE_PERMISSION_GROUP else [
+                             ResourcePermission.MANAGE] if (
+                        auth_type == ResourceAuthType.RESOURCE_PERMISSION_GROUP or is_folder) else [
                 ResourcePermissionRole.ROLE],
             workspace_id=workspace_id,
             user_id=user_id,
-            auth_type=auth_type
+            auth_type=ResourceAuthType.RESOURCE_PERMISSION_GROUP if is_folder else auth_type
         ).save()
         # 刷新缓存
         version = Cache_Version.PERMISSION_LIST.get_version()
@@ -358,7 +360,7 @@ def get_queryset(self, instance):
                         permission__in=query_p_list)
         workspace_user_role_mapping_model = DatabaseModelManage.get_model("workspace_user_role_mapping")
         if workspace_user_role_mapping_model:
-            user_query_set=user_query_set.filter(
+            user_query_set = user_query_set.filter(
                 id__in=QuerySet(workspace_user_role_mapping_model).filter(
                     workspace_id=self.data.get('workspace_id')).values("user_id"))
 

apps/tools/serializers/tool.py

@@ -921,7 +921,7 @@ def get_query_set(self, workspace_manage, is_x_pack_ee):
             if workspace_id is not None:
                 folder_query_set = folder_query_set.filter(workspace_id=workspace_id)
                 default_query_set = default_query_set.filter(workspace_id=workspace_id)
-            if folder_id is not None:
+            if folder_id is not None and folder_id != workspace_id:
                 folder_query_set = folder_query_set.filter(parent=folder_id)
                 default_query_set = default_query_set.filter(folder_id=folder_id)
             if name is not None: