feat: Permission update

Author: zhanweizhang7

apps/application/views/application.py

@@ -187,7 +187,7 @@ def put(self, request: Request, workspace_id: str, application_id: str):
             tags=[_('Application')]  # type: ignore
         )
         @has_permissions(PermissionConstants.WORKSPACE_READ.get_workspace_application_permission(),
-                         RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
+                         RoleConstants.WORKSPACE_MANAGE.get_workspace_role(), RoleConstants.ADMIN)
         def get(self, request: Request, workspace_id: str, application_id: str):
             return result.success(ApplicationOperateSerializer(
                 data={'application_id': application_id, 'user_id': request.user.id}).one())

apps/system_manage/views/email_setting.py

@@ -7,13 +7,12 @@
     @desc:
 """
 from drf_spectacular.utils import extend_schema
-from networkx.algorithms.traversal import dfs_successors
 from rest_framework.request import Request
 from rest_framework.views import APIView
 
 from common.auth import TokenAuth
 from common.auth.authentication import has_permissions
-from common.constants.permission_constants import PermissionConstants
+from common.constants.permission_constants import PermissionConstants, RoleConstants
 
 from django.utils.translation import gettext_lazy as _
 
@@ -56,7 +55,7 @@ class Email(APIView):
                        tags=[_('Email Settings')])  # type: ignore
         @log(menu='Email settings', operate='Create or update email settings',
              get_details=get_email_details)
-        @has_permissions(PermissionConstants.EMAIL_SETTING_EDIT)
+        @has_permissions(PermissionConstants.EMAIL_SETTING_EDIT, RoleConstants.ADMIN)
         def put(self, request: Request):
             return result.success(
                 EmailSettingSerializer.Create(
@@ -70,7 +69,7 @@ def put(self, request: Request):
             responses=DefaultModelResponse.get_response(),
             tags=[_('Email Settings')]  # type: ignore
         )
-        @has_permissions(PermissionConstants.EMAIL_SETTING_EDIT)
+        @has_permissions(PermissionConstants.EMAIL_SETTING_EDIT, RoleConstants.ADMIN)
         @log(menu='Email settings', operate='Test email settings',
              get_details=get_email_details
              )
@@ -85,7 +84,7 @@ def post(self, request: Request):
                        operation_id=_('Get email settings'),  # type: ignore
                        responses=DefaultModelResponse.get_response(),
                        tags=[_('Email Settings')])  # type: ignore
-        @has_permissions(PermissionConstants.EMAIL_SETTING_READ)
+        @has_permissions(PermissionConstants.EMAIL_SETTING_READ, RoleConstants.ADMIN)
         def get(self, request: Request):
             return result.success(
                 EmailSettingSerializer.one())

apps/users/views/user.py

@@ -76,7 +76,7 @@ class TestPermissionsUserView(APIView):
                    operation_id="测试",
                    tags=[_("User Management")],  # type: ignore
                    responses=UserProfileAPI.get_response())
-    @has_permissions(PermissionConstants.USER_EDIT)
+    @has_permissions(PermissionConstants.USER_EDIT, RoleConstants.ADMIN)
     def get(self, request: Request):
         return result.success(UserProfileSerializer().profile(request.user, request.auth))
 
@@ -108,7 +108,7 @@ class TestWorkspacePermissionUserView(APIView):
                    tags=[_("User Management")],  # type: ignore
                    responses=UserProfileAPI.get_response(),
                    parameters=TestWorkspacePermissionUserApi.get_parameters())
-    @has_permissions(PermissionConstants.USER_EDIT.get_workspace_permission())
+    @has_permissions(PermissionConstants.USER_EDIT.get_workspace_permission(), RoleConstants.ADMIN)
     def get(self, request: Request, workspace_id):
         return result.success(UserProfileSerializer().profile(request.user, request.auth))
 
@@ -179,7 +179,7 @@ class Password(APIView):
                        operation_id=_("Get default password"),  # type: ignore
                        tags=[_("User Management")],  # type: ignore
                        responses=UserPasswordResponse.get_response())
-        @has_permissions(PermissionConstants.USER_CREATE)
+        @has_permissions(PermissionConstants.USER_CREATE, RoleConstants.ADMIN)
         def get(self, request: Request):
             return result.success(data={'password': default_password})
 
@@ -193,7 +193,7 @@ class Operate(APIView):
                        tags=[_("User Management")],  # type: ignore
                        parameters=DeleteUserApi.get_parameters(),
                        responses=DefaultModelResponse.get_response())
-        @has_permissions(PermissionConstants.USER_DELETE)
+        @has_permissions(PermissionConstants.USER_DELETE, RoleConstants.ADMIN)
         @log(menu='User management', operate='Delete user',
              get_operation_object=lambda r, k: get_user_operation_object(k.get('user_id')))
         def delete(self, request: Request, user_id):
@@ -206,7 +206,7 @@ def delete(self, request: Request, user_id):
                        tags=[_("User Management")],  # type: ignore
                        request=DeleteUserApi.get_parameters(),
                        responses=UserProfileAPI.get_response())
-        @has_permissions(PermissionConstants.USER_READ)
+        @has_permissions(PermissionConstants.USER_READ,RoleConstants.ADMIN)
         def get(self, request: Request, user_id):
             return result.success(UserManageSerializer.Operate(data={'id': user_id}).one(with_valid=True))
 
@@ -218,7 +218,7 @@ def get(self, request: Request, user_id):
                        parameters=DeleteUserApi.get_parameters(),
                        request=EditUserApi.get_request(),
                        responses=UserProfileAPI.get_response())
-        @has_permissions(PermissionConstants.USER_EDIT)
+        @has_permissions(PermissionConstants.USER_EDIT, RoleConstants.ADMIN)
         @log(menu='User management', operate='Update user information',
              get_operation_object=lambda r, k: get_user_operation_object(k.get('user_id')))
         def put(self, request: Request, user_id):
@@ -235,7 +235,7 @@ class BatchDelete(APIView):
                        tags=[_("User Management")],  # type: ignore
                        request=DeleteUserApi.get_request(),
                        responses=DefaultModelResponse.get_response())
-        @has_permissions(PermissionConstants.USER_DELETE)
+        @has_permissions(PermissionConstants.USER_DELETE, RoleConstants.ADMIN)
         @log(menu='User management', operate='Batch delete user',
              get_operation_object=lambda r, k: get_user_operation_object(k.get('user_id')))
         def post(self, request: Request):
@@ -269,7 +269,7 @@ class Page(APIView):
                        tags=[_("User Management")],  # type: ignore
                        parameters=UserPageApi.get_parameters(),
                        responses=UserPageApi.get_response())
-        @has_permissions(PermissionConstants.USER_READ)
+        @has_permissions(PermissionConstants.USER_READ,RoleConstants.ADMIN)
         def get(self, request: Request, current_page, page_size):
             d = UserManageSerializer.Query(
                 data={'email_or_username': request.query_params.get('email_or_username', None),