Merge branch 'v2' of https://github.com/maxkb-dev/maxkb into v2

Author: liqiang-fit2cloud

apps/system_manage/api/user_resource_permission.py

@@ -66,6 +66,7 @@ def get_parameters():
                 description="权限",
                 type=OpenApiTypes.STR,
                 location='query',
+                many=True,
                 required=False
             ),
         ]
@@ -167,6 +168,7 @@ def get_parameters():
                 description="权限",
                 type=OpenApiTypes.STR,
                 location='query',
+                many=True,
                 required=False
             ),
         ]
@@ -226,6 +228,7 @@ def get_parameters():
                 description="权限",
                 type=OpenApiTypes.STR,
                 location='query',
+                many=True,
                 required=False
             ),
         ]
@@ -298,6 +301,7 @@ def get_parameters():
                 description="权限",
                 type=OpenApiTypes.STR,
                 location='query',
+                many=True,
                 required=False
             ),
         ]

apps/system_manage/serializers/user_resource_permission.py

@@ -11,7 +11,7 @@
 
 from django.core.cache import cache
 from django.db import models
-from django.db.models import QuerySet
+from django.db.models import QuerySet, Q
 from django.utils.translation import gettext_lazy as _
 from rest_framework import serializers
 
@@ -24,14 +24,12 @@
 from common.db.sql_execute import select_list
 from common.exception.app_exception import AppApiException
 from common.utils.common import get_file_content
-from common.utils.split_model import group_by
 from knowledge.models import Knowledge
 from maxkb.conf import PROJECT_DIR
 from maxkb.settings import edition
 from models_provider.models import Model
-from system_manage.models import WorkspaceUserResourcePermission, AuthTargetType
+from system_manage.models import WorkspaceUserResourcePermission
 from tools.models import Tool
-from users.models import User
 from users.serializers.user import is_workspace_manage
 
 
@@ -94,11 +92,14 @@ def is_valid(self, *, auth_target_type=None, workspace_id=None, raise_exception=
     'APPLICATION': 'get_application_user_resource_permission.sql'
 }
 
+
 class UserResourcePermissionUserListRequest(serializers.Serializer):
     name = serializers.CharField(required=False, allow_null=True, allow_blank=True, label=_('resource name'))
-    permission = serializers.ChoiceField(required=False, allow_null=True, allow_blank=True,choices=['NOT_AUTH', 'MANAGE', 'VIEW', 'ROLE'],
+    permission = serializers.MultipleChoiceField(required=False, allow_null=True, allow_blank=True,
+                                         choices=['NOT_AUTH', 'MANAGE', 'VIEW', 'ROLE'],
                                          label=_('permission'))
 
+
 class UserResourcePermissionSerializer(serializers.Serializer):
     workspace_id = serializers.CharField(required=True, label=_('workspace id'))
     user_id = serializers.CharField(required=True, label=_('user id'))
@@ -112,13 +113,20 @@ def get_queryset(self, instance):
             }))
         name = instance.get('name')
         permission = instance.get('permission')
+        query_p_list = [None if p == "NOT_AUTH" else p for p in permission]
 
         if name:
             resource_query_set = resource_query_set.filter(name__contains=name)
         if permission:
-            resource_query_set = resource_query_set.filter(
-                permission=None if instance.get('permission') == 'NOT_AUTH' else instance.get('permission'))
-
+            if all([p is None for p in query_p_list]):
+                resource_query_set = resource_query_set.filter(permission=None)
+            else:
+                if any([p is None for p in query_p_list]):
+                    resource_query_set = resource_query_set.filter(
+                        Q(permission__in=query_p_list) | Q(permission=None))
+                else:
+                    resource_query_set = resource_query_set.filter(
+                        permission__in=query_p_list)
         return {
             'query_set': QuerySet(m_map.get(self.data.get('auth_target_type'))).filter(
                 workspace_id=self.data.get('workspace_id')),
@@ -218,35 +226,37 @@ def list(self, instance, user, with_valid=True):
             os.path.join(PROJECT_DIR, "apps", "system_manage", 'sql', sql_map.get(self.data.get('auth_target_type')))))
 
         return [{**user_resource_permission}
-            for user_resource_permission in user_resource_permission_list]
-
+                for user_resource_permission in user_resource_permission_list]
 
-    def page(self, instance, current_page: int, page_size: int,user, with_valid=True):
+    def page(self, instance, current_page: int, page_size: int, user, with_valid=True):
         if with_valid:
             self.is_valid(raise_exception=True)
             UserResourcePermissionUserListRequest(data=instance).is_valid(raise_exception=True)
         workspace_id = self.data.get("workspace_id")
         user_id = self.data.get("user_id")
         # 用户对应的资源权限分页列表
-        user_resource_permission_page_list = native_page_search(current_page,page_size,self.get_queryset(instance),get_file_content(
-            os.path.join(PROJECT_DIR, "apps", "system_manage", 'sql', sql_map.get(self.data.get('auth_target_type')))
-        ))
+        user_resource_permission_page_list = native_page_search(current_page, page_size, self.get_queryset(instance),
+                                                                get_file_content(
+                                                                    os.path.join(PROJECT_DIR, "apps", "system_manage",
+                                                                                 'sql', sql_map.get(
+                                                                            self.data.get('auth_target_type')))
+                                                                ))
 
         return user_resource_permission_page_list
 
-
     def edit(self, instance, user, with_valid=True):
         if with_valid:
             self.is_valid(raise_exception=True)
-            UpdateUserResourcePermissionRequest(data={'user_resource_permission_list':instance}).is_valid(raise_exception=True,
-                                                                        auth_target_type=self.data.get(
-                                                                            'auth_target_type'),
-                                                                        workspace_id=self.data.get('workspace_id'))
+            UpdateUserResourcePermissionRequest(data={'user_resource_permission_list': instance}).is_valid(
+                raise_exception=True,
+                auth_target_type=self.data.get(
+                    'auth_target_type'),
+                workspace_id=self.data.get('workspace_id'))
         workspace_id = self.data.get("workspace_id")
         user_id = self.data.get("user_id")
         update_list = []
         save_list = []
-        targets = [ item['target_id'] for item in instance ]
+        targets = [item['target_id'] for item in instance]
         QuerySet(WorkspaceUserResourcePermission).filter(
             workspace_id=workspace_id,
             user_id=user_id,
@@ -286,14 +296,15 @@ def edit(self, instance, user, with_valid=True):
 class ResourceUserPermissionUserListRequest(serializers.Serializer):
     nick_name = serializers.CharField(required=False, allow_null=True, allow_blank=True, label=_('workspace id'))
     username = serializers.CharField(required=False, allow_null=True, allow_blank=True, label=_('workspace id'))
-    permission = serializers.ChoiceField(required=False, allow_null=True, allow_blank=True, choices=['NOT_AUTH', 'MANAGE', 'VIEW', 'ROLE'],
-                                         label=_('permission'))
+    permission = serializers.MultipleChoiceField(required=False, allow_null=True, allow_blank=True,
+                                                 choices=['NOT_AUTH', 'MANAGE', 'VIEW', 'ROLE'],
+                                                 label=_('permission'))
 
 
 class ResourceUserPermissionEditRequest(serializers.Serializer):
     user_id = serializers.CharField(required=True, label=_('workspace id'))
     permission = serializers.ChoiceField(required=True, choices=['NOT_AUTH', 'MANAGE', 'VIEW', 'ROLE'],
-                                         label=_('permission'))
+                                                 label=_('permission'))
 
 
 permission_map = {
@@ -315,11 +326,13 @@ def get_queryset(self, instance):
         user_query_set = QuerySet(model=get_dynamics_model({
             'nick_name': models.CharField(),
             'username': models.CharField(),
-            "permission": models.CharField(),
+            "permission": models.CharField()
         }))
         nick_name = instance.get('nick_name')
         username = instance.get('username')
         permission = instance.get('permission')
+        query_p_list = [None if p == "NOT_AUTH" else p for p in permission]
+
         workspace_user_resource_permission_query_set = QuerySet(WorkspaceUserResourcePermission).filter(
             workspace_id=self.data.get('workspace_id'),
             auth_target_type=self.data.get('auth_target_type'),
@@ -329,8 +342,16 @@ def get_queryset(self, instance):
         if username:
             user_query_set = user_query_set.filter(username__contains=username)
         if permission:
-            user_query_set = user_query_set.filter(
-                permission=None if instance.get('permission') == 'NOT_AUTH' else instance.get('permission'))
+            if all([p is None for p in query_p_list]):
+                user_query_set = user_query_set.filter(
+                    permission=None)
+            else:
+                if any([p is None for p in query_p_list]):
+                    user_query_set = user_query_set.filter(
+                        Q(permission__in=query_p_list) | Q(permission=None))
+                else:
+                    user_query_set = user_query_set.filter(
+                        permission__in=query_p_list)
 
         return {
             'workspace_user_resource_permission_query_set': workspace_user_resource_permission_query_set,

apps/system_manage/sql/get_application_user_resource_permission.sql

@@ -28,7 +28,7 @@ LEFT JOIN (
                 AND 'MANAGE' = ANY(permission_list) THEN 'MANAGE'
             WHEN auth_type = 'RESOURCE_PERMISSION_GROUP'
                 AND 'VIEW' = ANY(permission_list) THEN 'VIEW'
-            ELSE 'NOT_AUTH'
+            ELSE null
         END AS permission
     FROM
         workspace_user_resource_permission

apps/system_manage/sql/get_knowledge_user_resource_permission.sql

@@ -28,7 +28,7 @@ LEFT JOIN (
                 AND 'MANAGE' = ANY(permission_list) THEN 'MANAGE'
             WHEN auth_type = 'RESOURCE_PERMISSION_GROUP'
                 AND 'VIEW' = ANY(permission_list) THEN 'VIEW'
-            ELSE 'NOT_AUTH'
+            ELSE null
         END AS permission
     FROM
         workspace_user_resource_permission

apps/system_manage/sql/get_model_user_resource_permission.sql

@@ -28,7 +28,7 @@ LEFT JOIN (
                 AND 'MANAGE' = ANY(permission_list) THEN 'MANAGE'
             WHEN auth_type = 'RESOURCE_PERMISSION_GROUP'
                 AND 'VIEW' = ANY(permission_list) THEN 'VIEW'
-            ELSE 'NOT_AUTH'
+            ELSE null
         END AS permission
     FROM
         workspace_user_resource_permission

apps/system_manage/sql/get_resource_user_permission_detail.sql

@@ -19,7 +19,7 @@ LEFT JOIN (
 			and 'MANAGE'= any(permission_list)   then 'MANAGE'
 			  when  auth_type = 'RESOURCE_PERMISSION_GROUP'
 			and 'VIEW' = any( permission_list) then 'VIEW'
-			else 'NOT_AUTH'
+			else null
 		end) as "permission"
     FROM
         workspace_user_resource_permission

apps/system_manage/sql/get_tool_user_resource_permission.sql

@@ -28,7 +28,7 @@ LEFT JOIN (
                 AND 'MANAGE' = ANY(permission_list) THEN 'MANAGE'
             WHEN auth_type = 'RESOURCE_PERMISSION_GROUP'
                 AND 'VIEW' = ANY(permission_list) THEN 'VIEW'
-            ELSE 'NOT_AUTH'
+            ELSE null
         END AS permission
     FROM
         workspace_user_resource_permission

apps/system_manage/views/user_resource_permission.py

@@ -53,7 +53,7 @@ def get(self, request: Request, workspace_id: str, user_id: str, resource: str):
         return result.success(UserResourcePermissionSerializer(
             data={'workspace_id': workspace_id, 'user_id': user_id, 'auth_target_type': resource}
         ).list({'name': request.query_params.get('name'),
-                'permission': request.query_params.get('permission')}, request.user))
+                'permission': request.query_params.getlist('permission')}, request.user))
 
     @extend_schema(
         methods=['PUT'],
@@ -94,7 +94,7 @@ def get(self, request: Request, workspace_id: str, user_id: str, resource: str,
             return result.success(UserResourcePermissionSerializer(
                 data={'workspace_id': workspace_id, 'user_id': user_id, 'auth_target_type': resource}
                 ).page({'name': request.query_params.get('name'),
-                        'permission': request.query_params.get('permission')}, current_page, page_size, request.user))
+                        'permission': request.query_params.getlist('permission')}, current_page, page_size, request.user))
 
 
 class WorkspaceResourceUserPermissionView(APIView):
@@ -114,7 +114,7 @@ def get(self, request: Request, workspace_id: str, target: str, resource: str):
             data={'workspace_id': workspace_id, "target": target, 'auth_target_type': resource,
                   }).list(
             {'username': request.query_params.get("username"), 'nick_name': request.query_params.get("nick_name"),
-             'permission': request.query_params.get("permission")
+             'permission': request.query_params.getlist("permission")
              }))
 
     @extend_schema(
@@ -150,5 +150,5 @@ def get(self, request: Request, workspace_id: str, target: str, resource: str, c
                 data={'workspace_id': workspace_id, "target": target, 'auth_target_type': resource, }
             ).page({'username': request.query_params.get("username"),
                     'nick_name': request.query_params.get("nick_name"),
-                    'permission': request.query_params.get("permission")}, current_page, page_size,
+                    'permission': request.query_params.getlist("permission")}, current_page, page_size,
                    ))

pyproject.toml

@@ -37,7 +37,10 @@ langchain-mcp-adapters = "0.1.9"
 langchain-huggingface = "0.3.0"
 langchain-ollama = "0.3.4"
 langgraph = "0.5.3"
-torch = {version = "2.8.0+cpu", source = "pytorch"}
+torch = [
+    { version = "2.8.0+cpu", markers = "sys_platform == 'linux'", source = "pytorch" },
+    { url = "https://download.pytorch.org/whl/cpu/torch-2.8.0-cp311-none-macosx_11_0_arm64.whl", markers = "sys_platform == 'darwin'" }
+]
 sentence-transformers = "5.0.0"
 
 # 云服务SDK